]> WPIA git - gigi.git/blob - tests/org/cacert/gigi/pages/account/TestChangePassword.java
projects / gigi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Update notes about password security"
[gigi.git] / tests / org / cacert / gigi / pages / account / TestChangePassword.java
1 package org.cacert.gigi.pages.account;
2
3 import static org.junit.Assert.*;
4
5 import java.io.IOException;
6 import java.net.URLEncoder;
7
8 import org.cacert.gigi.GigiApiException;
9 import org.cacert.gigi.testUtils.ClientTest;
10 import org.junit.Test;
11
12 public class TestChangePassword extends ClientTest {
13
14     String path = ChangePasswordPage.PATH;
15
16     public TestChangePassword() throws IOException {
17         cookie = login(u.getEmail(), TEST_PASSWORD);
18         assertTrue(isLoggedin(cookie));
19     }
20
21     @Test
22     public void testChangePasswordInternal() throws IOException, GigiApiException {
23         try {
24             u.changePassword(TEST_PASSWORD + "wrong", TEST_PASSWORD + "v2");
25             fail("Password change must not succeed if old password is wrong.");
26         } catch (GigiApiException e) {
27             // expected
28         }
29         ;
30         assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
31         u.changePassword(TEST_PASSWORD, TEST_PASSWORD + "v2");
32         assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
33     }
34
35     @Test
36     public void testChangePasswordWeb() throws IOException {
37         String error = executeBasicWebInteraction(cookie, path,
38                 "oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
39                         + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
40                         + "&pword2=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
41         assertNull(error);
42         assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
43         assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
44
45     }
46
47     @Test
48     public void testChangePasswordWebOldWrong() throws IOException {
49         String error = executeBasicWebInteraction(cookie, path,
50                 "oldpassword=a" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
51                         + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
52                         + "&pword2=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
53         assertNotNull(error);
54         assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
55         assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
56
57     }
58
59     @Test
60     public void testChangePasswordWebNewWrong() throws IOException {
61         String error = executeBasicWebInteraction(cookie, path,
62                 "oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
63                         + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
64                         + "&pword2=a" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
65         assertNotNull(error);
66         assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
67         assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
68
69     }
70
71     @Test
72     public void testChangePasswordWebNewEasy() throws IOException {
73         String error = executeBasicWebInteraction(cookie, path, "oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
74                 + "&pword1=a&pword2=a");
75         assertNotNull(error);
76         assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
77         assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
78
79     }
80
81     @Test
82     public void testChangePasswordWebMissingFields() throws IOException {
83         String np = URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8");
84         assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
85         String error = executeBasicWebInteraction(cookie, path, "oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
86                 + "&pword1=" + np);
87         assertNotNull(error);
88         assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
89         assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
90
91         error = executeBasicWebInteraction(cookie, path, "oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
92                 + "&pword2=" + np);
93         assertNotNull(error);
94         assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
95         assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
96
97         error = executeBasicWebInteraction(cookie, path, "pword1=" + np + "&pword2=" + np);
98         assertNotNull(error);
99         assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
100         assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
101
102     }
103
104 }
WPIA Certificate Web Issuance Platform