02831cc36842878dce7175d009addbcd4970f221
[gigi.git] / tests / org / cacert / gigi / pages / wot / TestAssurance.java
1 package org.cacert.gigi.pages.wot;
2
3 import static org.hamcrest.CoreMatchers.*;
4 import static org.junit.Assert.*;
5
6 import java.io.IOException;
7 import java.io.UnsupportedEncodingException;
8 import java.net.HttpURLConnection;
9 import java.net.MalformedURLException;
10 import java.net.URLConnection;
11 import java.net.URLEncoder;
12 import java.sql.SQLException;
13 import java.text.SimpleDateFormat;
14 import java.util.Calendar;
15 import java.util.Date;
16 import java.util.regex.Pattern;
17
18 import org.cacert.gigi.pages.account.MyDetails;
19 import org.cacert.gigi.testUtils.IOUtils;
20 import org.cacert.gigi.testUtils.ManagedTest;
21 import org.hamcrest.Matcher;
22 import org.junit.Before;
23 import org.junit.Test;
24
25 public class TestAssurance extends ManagedTest {
26
27     private String assurerM;
28
29     private String assureeM;
30
31     private String cookie;
32
33     @Before
34     public void setup() throws IOException {
35         clearCaches();
36         assurerM = createUniqueName() + "@cacert-test.org";
37         assureeM = createUniqueName() + "@cacert-test.org";
38
39         createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
40         createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
41
42         cookie = login(assurerM, TEST_PASSWORD);
43     }
44
45     private Matcher<String> isAssuranceForm() {
46         return containsString("type=\"checkbox\" name=\"tos_agree\"");
47     }
48
49     @Test
50     public void testAssureSearch() throws IOException {
51         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
52         assertThat(loc, isAssuranceForm());
53     }
54
55     @Test
56     public void testAssureSearchEmail() throws IOException {
57         String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
58         assertThat(loc, not(isAssuranceForm()));
59     }
60
61     @Test
62     public void testAssureSearchDobInvalid() throws IOException {
63         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=mal");
64         assertThat(loc, not(isAssuranceForm()));
65     }
66
67     @Test
68     public void testAssureSearchDob() throws IOException {
69         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
70         assertThat(loc, not(isAssuranceForm()));
71         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
72         assertThat(loc, not(isAssuranceForm()));
73         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
74         assertThat(loc, not(isAssuranceForm()));
75     }
76
77     private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
78         URLConnection uc = get(cookie, AssurePage.PATH);
79         uc.setDoOutput(true);
80         uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
81         uc.getOutputStream().flush();
82
83         return IOUtils.readURL(uc);
84     }
85
86     @Test
87     public void testAssureForm() throws IOException {
88         executeSuccess("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
89     }
90
91     @Test
92     public void testAssureFormContanisData() throws IOException {
93         URLConnection uc = buildupAssureFormConnection(true);
94         uc.getOutputStream().write(("date=2000-01-01&location=testcase&rules=1&tos_agree=1&assertion=1&points=10").getBytes("UTF-8"));
95         uc.getOutputStream().flush();
96         String data = IOUtils.readURL(uc);
97         assertThat(data, containsString("2000-01-01"));
98         assertThat(data, containsString("testcase"));
99     }
100
101     @Test
102     public void testAssureFormNoCSRF() throws IOException {
103         // override csrf
104         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
105         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10").getBytes("UTF-8"));
106         uc.getOutputStream().flush();
107         assertEquals(500, uc.getResponseCode());
108     }
109
110     @Test
111     public void testAssureFormWrongCSRF() throws IOException {
112         // override csrf
113         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
114         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
115         uc.getOutputStream().flush();
116         assertEquals(500, uc.getResponseCode());
117     }
118
119     @Test
120     public void testAssureFormRaceName() throws IOException, SQLException {
121         testAssureFormRace(true, false);
122     }
123
124     @Test
125     public void testAssureFormRaceDoB() throws IOException, SQLException {
126         testAssureFormRace(false, false);
127     }
128
129     @Test
130     public void testAssureFormRaceNameBlind() throws IOException, SQLException {
131         testAssureFormRace(true, true);
132     }
133
134     @Test
135     public void testAssureFormRaceDoBBlind() throws IOException, SQLException {
136         testAssureFormRace(false, true);
137     }
138
139     public void testAssureFormRace(boolean name, boolean succeed) throws IOException, SQLException {
140         URLConnection uc = buildupAssureFormConnection(true);
141
142         String assureeCookie = login(assureeM, TEST_PASSWORD);
143         String newName = "lname=" + (name && !succeed ? "a" : "c") + "&fname=a&mname=&suffix=";
144         String newDob = "day=1&month=1&year=" + ( !name && !succeed ? 1911 : 1910);
145
146         assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newName + "&" + newDob + "&processDetails", 0));
147
148         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10").getBytes("UTF-8"));
149         uc.getOutputStream().flush();
150         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
151         if (succeed) {
152             assertNull(error);
153         } else {
154             assertTrue(error, !error.startsWith("</div>"));
155             assertThat(error, containsString("changed his personal details"));
156         }
157     }
158
159     @Test
160     public void testAssureFormFuture() throws IOException {
161         SimpleDateFormat sdf = new SimpleDateFormat("yyyy");
162         int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
163         executeFails("date=" + year + "-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
164     }
165
166     @Test
167     public void testAssureFormFutureOK() throws IOException {
168         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
169         Calendar c = Calendar.getInstance();
170         c.setTimeInMillis(System.currentTimeMillis());
171         c.add(Calendar.HOUR_OF_DAY, 12);
172
173         executeSuccess("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
174     }
175
176     @Test
177     public void testAssureFormNoLoc() throws IOException {
178         executeFails("date=2000-01-01&location=a&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
179         executeFails("date=2000-01-01&location=&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
180     }
181
182     @Test
183     public void testAssureFormInvalDate() throws IOException {
184         executeFails("date=20000101&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
185         executeFails("date=&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
186     }
187
188     @Test
189     public void testAssureFormBoxes() throws IOException {
190         executeFails("date=2000-01-01&location=testcase&certify=0&rules=1&tos_agree=1&assertion=1&points=10");
191         executeFails("date=2000-01-01&location=testcase&certify=1&rules=&tos_agree=1&assertion=1&points=10");
192         executeFails("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=a&assertion=1&points=10");
193         executeFails("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=z&points=10");
194     }
195
196     @Test
197     public void testAssureListingValid() throws IOException {
198         String uniqueLoc = createUniqueName();
199         execute("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
200
201         String cookie = login(assureeM, TEST_PASSWORD);
202         URLConnection url = get(cookie, MyPoints.PATH);
203         String resp = IOUtils.readURL(url);
204         resp = resp.split(Pattern.quote("</table>"))[0];
205         assertThat(resp, containsString(uniqueLoc));
206     }
207
208     @Test
209     public void testAssurerListingValid() throws IOException {
210         String uniqueLoc = createUniqueName();
211         executeSuccess("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
212         String cookie = login(assurerM, TEST_PASSWORD);
213         URLConnection url = get(cookie, MyPoints.PATH);
214         String resp = IOUtils.readURL(url);
215         resp = resp.split(Pattern.quote("</table>"))[1];
216         assertThat(resp, containsString(uniqueLoc));
217     }
218
219     private void executeFails(String query) throws MalformedURLException, IOException {
220         assertThat(execute(query), hasError());
221
222     }
223
224     private void executeSuccess(String query) throws MalformedURLException, IOException {
225         assertThat(execute(query), hasNoError());
226
227     }
228
229     private String execute(String query) throws MalformedURLException, IOException {
230         URLConnection uc = buildupAssureFormConnection(true);
231         uc.getOutputStream().write((query).getBytes("UTF-8"));
232         uc.getOutputStream().flush();
233         return IOUtils.readURL(uc);
234     }
235
236     private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
237         return buildupAssureFormConnection(cookie, assureeM, doCSRF);
238     }
239
240     public static URLConnection buildupAssureFormConnection(String cookie, String email, boolean doCSRF) throws MalformedURLException, IOException {
241         URLConnection uc = get(cookie, AssurePage.PATH);
242         uc.setDoOutput(true);
243         uc.getOutputStream().write(("email=" + URLEncoder.encode(email, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
244
245         String csrf = getCSRF(uc);
246         uc = get(cookie, AssurePage.PATH);
247         uc.setDoOutput(true);
248         if (doCSRF) {
249             uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));
250         }
251         return uc;
252     }
253
254 }