tests/org/cacert/gigi/pages/wot/TestAssurance.java

   1 package org.cacert.gigi.pages.wot;
   2
   3 import static org.hamcrest.CoreMatchers.*;
   4 import static org.junit.Assert.*;
   5
   6 import java.io.IOException;
   7 import java.io.UnsupportedEncodingException;
   8 import java.net.HttpURLConnection;
   9 import java.net.MalformedURLException;
  10 import java.net.URLConnection;
  11 import java.net.URLEncoder;
  12 import java.sql.SQLException;
  13 import java.sql.Timestamp;
  14 import java.text.SimpleDateFormat;
  15 import java.util.Calendar;
  16 import java.util.Date;
  17 import java.util.regex.Pattern;
  18
  19 import org.cacert.gigi.GigiApiException;
  20 import org.cacert.gigi.database.GigiPreparedStatement;
  21 import org.cacert.gigi.dbObjects.Country;
  22 import org.cacert.gigi.dbObjects.User;
  23 import org.cacert.gigi.pages.account.MyDetails;
  24 import org.cacert.gigi.testUtils.IOUtils;
  25 import org.cacert.gigi.testUtils.ManagedTest;
  26 import org.cacert.gigi.util.DayDate;
  27 import org.cacert.gigi.util.Notary;
  28 import org.hamcrest.Matcher;
  29 import org.junit.Before;
  30 import org.junit.Test;
  31
  32 public class TestAssurance extends ManagedTest {
  33
  34     private String assurerM;
  35
  36     private String assureeM;
  37
  38     private int assureeName;
  39
  40     private String cookie;
  41
  42     @Before
  43     public void setup() throws IOException {
  44         clearCaches();
  45         assurerM = createUniqueName() + "@cacert-test.org";
  46         assureeM = createUniqueName() + "@cacert-test.org";
  47
  48         createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
  49         int assureeId = createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
  50         assureeName = User.getById(assureeId).getPreferredName().getId();
  51
  52         cookie = login(assurerM, TEST_PASSWORD);
  53     }
  54
  55     private Matcher<String> isAssuranceForm() {
  56         return containsString("<select name=\"assuranceType\">");
  57     }
  58
  59     @Test
  60     public void testAssureSearch() throws IOException {
  61         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  62         assertThat(loc, isAssuranceForm());
  63     }
  64
  65     @Test
  66     public void testAssureSearchEmail() throws IOException {
  67         String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  68         assertThat(loc, not(isAssuranceForm()));
  69     }
  70
  71     @Test
  72     public void testAssureSearchDobInvalid() throws IOException {
  73         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=mal");
  74         assertThat(loc, not(isAssuranceForm()));
  75     }
  76
  77     @Test
  78     public void testAssureSearchDob() throws IOException {
  79         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
  80         assertThat(loc, not(isAssuranceForm()));
  81         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
  82         assertThat(loc, not(isAssuranceForm()));
  83         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
  84         assertThat(loc, not(isAssuranceForm()));
  85     }
  86
  87     private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
  88         URLConnection uc = get(cookie, AssurePage.PATH);
  89         uc.setDoOutput(true);
  90         uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
  91         uc.getOutputStream().flush();
  92
  93         return IOUtils.readURL(uc);
  94     }
  95
  96     @Test
  97     public void testAssureForm() throws IOException {
  98         executeSuccess("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
  99     }
 100
 101     @Test
 102     public void testAssureFormEmpty() throws IOException {
 103         URLConnection uc = buildupAssureFormConnection(true);
 104         uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 105         uc.getOutputStream().flush();
 106         String data = IOUtils.readURL(uc);
 107         assertThat(data, hasError());
 108     }
 109
 110     @Test
 111     public void testAssureFormContanisData() throws IOException {
 112         URLConnection uc = buildupAssureFormConnection(true);
 113         uc.getOutputStream().write(("assuredName=" + assureeName + "&date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 114         uc.getOutputStream().flush();
 115         String data = IOUtils.readURL(uc);
 116         assertThat(data, containsString(validVerificationDateString()));
 117         assertThat(data, containsString("testcase"));
 118     }
 119
 120     @Test
 121     public void testAssureFormNoCSRF() throws IOException {
 122         // override csrf
 123         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
 124         uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 125         uc.getOutputStream().flush();
 126         assertEquals(500, uc.getResponseCode());
 127     }
 128
 129     @Test
 130     public void testAssureFormWrongCSRF() throws IOException {
 131         // override csrf
 132         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
 133         uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
 134         uc.getOutputStream().flush();
 135         assertEquals(500, uc.getResponseCode());
 136     }
 137
 138     @Test
 139     public void testAssureFormRaceDoB() throws IOException, SQLException {
 140         testAssureFormRace(false);
 141     }
 142
 143     @Test
 144     public void testAssureFormRaceDoBBlind() throws IOException, SQLException {
 145         testAssureFormRace(true);
 146     }
 147
 148     public void testAssureFormRace(boolean succeed) throws IOException, SQLException {
 149         URLConnection uc = buildupAssureFormConnection(true);
 150
 151         String assureeCookie = login(assureeM, TEST_PASSWORD);
 152         String newDob = "day=1&month=1&year=" + ( !succeed ? 1911 : 1910);
 153
 154         assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newDob + "&action=updateDoB", 0));
 155
 156         uc.getOutputStream().write(("assuredName=" + assureeName + "&date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 157         uc.getOutputStream().flush();
 158         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 159         if (succeed) {
 160             assertNull(error);
 161         } else {
 162             assertTrue(error, !error.startsWith("</div>"));
 163             assertThat(error, containsString("changed his personal details"));
 164         }
 165     }
 166
 167     @Test
 168     public void testAssureFormFuture() throws IOException {
 169         SimpleDateFormat sdf = new SimpleDateFormat("yyyy");
 170         int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
 171         executeFails("date=" + year + "-01-01&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 172     }
 173
 174     @Test
 175     public void testAssureFormFutureOK() throws IOException {
 176         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 177         Calendar c = Calendar.getInstance();
 178         c.setTimeInMillis(System.currentTimeMillis());
 179         c.add(Calendar.HOUR_OF_DAY, 12);
 180
 181         executeSuccess("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 182     }
 183
 184     @Test
 185     public void testAssureFormPastInRange() throws IOException {
 186         executeSuccess("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 187     }
 188
 189     @Test
 190     public void testAssureFormPastOnLimit() throws IOException {
 191         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 192         Calendar c = Calendar.getInstance();
 193         c.setTimeInMillis(System.currentTimeMillis());
 194         c.add(Calendar.MONTH, -Notary.LIMIT_MAX_MONTHS_VERIFICATION);
 195         c.add(Calendar.DAY_OF_MONTH, 1);
 196
 197         executeSuccess("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 198     }
 199
 200     @Test
 201     public void testAssureFormPastOutOfRange() throws IOException {
 202         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 203         Calendar c = Calendar.getInstance();
 204         c.setTimeInMillis(System.currentTimeMillis());
 205         c.add(Calendar.MONTH, -Notary.LIMIT_MAX_MONTHS_VERIFICATION);
 206
 207         executeFails("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 208     }
 209
 210     @Test
 211     public void testAssureFormNoLoc() throws IOException {
 212         executeFails("date=" + validVerificationDateString() + "&location=a&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 213         executeFails("date=" + validVerificationDateString() + "&location=&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 214     }
 215
 216     @Test
 217     public void testAssureFormInvalDate() throws IOException {
 218         executeFails("date=20000101&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 219         executeFails("date=&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 220     }
 221
 222     @Test
 223     public void testAssureFormBoxes() throws IOException {
 224         executeFails("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=0&rules=1&assertion=1&points=10");
 225         executeFails("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=&assertion=1&points=10");
 226         executeFails("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=z&points=10");
 227     }
 228
 229     @Test
 230     public void testAssureListingValid() throws IOException, GigiApiException {
 231         String uniqueLoc = createUniqueName();
 232         execute("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 233
 234         String cookie = login(assureeM, TEST_PASSWORD);
 235         URLConnection url = get(cookie, Points.PATH);
 236         String resp = IOUtils.readURL(url);
 237         resp = resp.split(Pattern.quote("</table>"))[1];
 238         assertThat(resp, containsString(uniqueLoc));
 239         assertThat(resp, containsString(Country.getCountryByCode("DE", Country.CountryCodeType.CODE_2_CHARS).getName()));
 240     }
 241
 242     @Test
 243     public void testAssurerListingValid() throws IOException, GigiApiException {
 244         String uniqueLoc = createUniqueName();
 245         executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 246         String cookie = login(assurerM, TEST_PASSWORD);
 247         URLConnection url = get(cookie, Points.PATH);
 248         String resp = IOUtils.readURL(url);
 249         resp = resp.split(Pattern.quote("</table>"))[2];
 250         assertThat(resp, containsString(uniqueLoc));
 251         assertThat(resp, containsString(Country.getCountryByCode("DE", Country.CountryCodeType.CODE_2_CHARS).getName()));
 252     }
 253
 254     private void executeFails(String query) throws MalformedURLException, IOException {
 255         assertThat(execute(query), hasError());
 256
 257     }
 258
 259     private void executeSuccess(String query) throws MalformedURLException, IOException {
 260         assertThat(execute(query), hasNoError());
 261
 262     }
 263
 264     private String execute(String query) throws MalformedURLException, IOException {
 265         URLConnection uc = buildupAssureFormConnection(true);
 266         uc.getOutputStream().write(("assuredName=" + assureeName + "&" + query).getBytes("UTF-8"));
 267         uc.getOutputStream().flush();
 268         return IOUtils.readURL(uc);
 269     }
 270
 271     private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
 272         return buildupAssureFormConnection(cookie, assureeM, doCSRF);
 273     }
 274
 275     public static URLConnection buildupAssureFormConnection(String cookie, String email, boolean doCSRF) throws MalformedURLException, IOException {
 276         URLConnection uc = get(cookie, AssurePage.PATH);
 277         uc.setDoOutput(true);
 278         uc.getOutputStream().write(("email=" + URLEncoder.encode(email, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
 279
 280         String csrf = getCSRF(uc);
 281         uc = get(cookie, AssurePage.PATH);
 282         uc.setDoOutput(true);
 283         if (doCSRF) {
 284             uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));
 285         }
 286         return uc;
 287     }
 288
 289     @Test
 290     public void testMultipleAssurance() throws IOException {
 291
 292         User users[] = User.findByEmail(assurerM);
 293         int agentID = users[0].getId();
 294
 295         users = User.findByEmail(assureeM);
 296         int applicantID = users[0].getId();
 297
 298         // enter first entry 200 days in the past
 299         try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?, `when`=? ")) {
 300             ps.setInt(1, agentID);
 301             ps.setInt(2, applicantID);
 302             ps.setInt(3, 10);
 303             ps.setString(4, "test-location");
 304             ps.setString(5, "2010-01-01");
 305             ps.setTimestamp(6, new Timestamp(System.currentTimeMillis() - DayDate.MILLI_DAY * 200));
 306             ps.execute();
 307         }
 308
 309         // enter second entry
 310         String uniqueLoc = createUniqueName();
 311         executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 312
 313         // enter third entry on the same day
 314         URLConnection uc = get(cookie, AssurePage.PATH);
 315         uc.setDoOutput(true);
 316         uc.getOutputStream().write(("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
 317         assertThat(IOUtils.readURL(uc), hasError());
 318
 319     }
 320
 321     @Test
 322     public void testAssureFormNoCountry() throws IOException {
 323         executeFails("date=" + validVerificationDateString() + "&location=testcase&countryCode=&certify=1&rules=1&assertion=1&points=10");
 324     }
 325
 326 }