1 package org.cacert.gigi.pages.wot;
3 import static org.hamcrest.CoreMatchers.*;
4 import static org.junit.Assert.*;
6 import java.io.IOException;
7 import java.io.UnsupportedEncodingException;
8 import java.net.HttpURLConnection;
9 import java.net.MalformedURLException;
10 import java.net.URLConnection;
11 import java.net.URLEncoder;
12 import java.sql.SQLException;
13 import java.text.SimpleDateFormat;
14 import java.util.Calendar;
15 import java.util.Date;
16 import java.util.regex.Pattern;
18 import org.cacert.gigi.pages.account.MyDetails;
19 import org.cacert.gigi.testUtils.IOUtils;
20 import org.cacert.gigi.testUtils.ManagedTest;
21 import org.junit.Before;
22 import org.junit.Test;
24 public class TestAssurance extends ManagedTest {
26 private String assurerM;
28 private String assureeM;
30 private String cookie;
33 public void setup() throws IOException {
35 assurerM = createUniqueName() + "@cacert-test.org";
36 assureeM = createUniqueName() + "@cacert-test.org";
38 createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
39 createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
41 cookie = login(assurerM, TEST_PASSWORD);
45 public void testAssureSearch() throws IOException {
46 String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
47 assertTrue(loc, loc.contains("type=\"checkbox\" name=\"tos_agree\""));
51 public void testAssureSearchEmail() throws IOException {
52 String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
53 assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"tos_agree\""));
57 public void testAssureSearchDobInvalid() throws IOException {
58 String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=mal");
59 assertNotNull(fetchStartErrorMessage(loc));
63 public void testAssureSearchDob() throws IOException {
64 String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
65 assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"tos_agree\""));
66 loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
67 assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"tos_agree\""));
68 loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
69 assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"tos_agree\""));
72 private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
73 URLConnection uc = get(cookie, AssurePage.PATH);
75 uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
76 uc.getOutputStream().flush();
78 return IOUtils.readURL(uc);
82 public void testAssureForm() throws IOException {
83 String error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
88 public void testAssureFormContanisData() throws IOException {
89 URLConnection uc = buildupAssureFormConnection(true);
90 uc.getOutputStream().write(("date=2000-01-01&location=testcase&rules=1&tos_agree=1&assertion=1&points=10").getBytes("UTF-8"));
91 uc.getOutputStream().flush();
92 String data = IOUtils.readURL(uc);
93 assertThat(data, containsString("2000-01-01"));
94 assertThat(data, containsString("testcase"));
98 public void testAssureFormNoCSRF() throws IOException {
100 HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
101 uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10").getBytes("UTF-8"));
102 uc.getOutputStream().flush();
103 assertEquals(500, uc.getResponseCode());
107 public void testAssureFormWrongCSRF() throws IOException {
109 HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
110 uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
111 uc.getOutputStream().flush();
112 assertEquals(500, uc.getResponseCode());
116 public void testAssureFormRaceName() throws IOException, SQLException {
117 testAssureFormRace(true, false);
121 public void testAssureFormRaceDoB() throws IOException, SQLException {
122 testAssureFormRace(false, false);
126 public void testAssureFormRaceNameBlind() throws IOException, SQLException {
127 testAssureFormRace(true, true);
131 public void testAssureFormRaceDoBBlind() throws IOException, SQLException {
132 testAssureFormRace(false, true);
135 public void testAssureFormRace(boolean name, boolean succeed) throws IOException, SQLException {
136 URLConnection uc = buildupAssureFormConnection(true);
138 String assureeCookie = login(assureeM, TEST_PASSWORD);
139 String newName = "lname=" + (name && !succeed ? "a" : "c") + "&fname=a&mname=&suffix=";
140 String newDob = "day=1&month=1&year=" + ( !name && !succeed ? 1911 : 1910);
142 assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newName + "&" + newDob + "&processDetails", 0));
144 uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10").getBytes("UTF-8"));
145 uc.getOutputStream().flush();
146 String error = fetchStartErrorMessage(IOUtils.readURL(uc));
150 assertTrue(error, !error.startsWith("</div>"));
151 assertThat(error, containsString("changed his personal details"));
156 public void testAssureFormFuture() throws IOException {
157 SimpleDateFormat sdf = new SimpleDateFormat("yyyy");
158 int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
159 String error = getError("date=" + year + "-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
160 assertTrue(error, !error.startsWith("</div>"));
164 public void testAssureFormFutureOK() throws IOException {
165 SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
166 Calendar c = Calendar.getInstance();
167 c.setTimeInMillis(System.currentTimeMillis());
168 c.add(Calendar.HOUR_OF_DAY, 12);
170 String error = getError("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
175 public void testAssureFormNoLoc() throws IOException {
176 String error = getError("date=2000-01-01&location=a&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
177 assertTrue(error, !error.startsWith("</div>"));
178 error = getError("date=2000-01-01&location=&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
179 assertTrue(error, !error.startsWith("</div>"));
183 public void testAssureFormInvalDate() throws IOException {
184 String error = getError("date=20000101&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
185 assertTrue(error, !error.startsWith("</div>"));
186 error = getError("date=&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
187 assertTrue(error, !error.startsWith("</div>"));
191 public void testAssureFormBoxes() throws IOException {
192 String error = getError("date=2000-01-01&location=testcase&certify=0&rules=1&tos_agree=1&assertion=1&points=10");
193 assertTrue(error, !error.startsWith("</div>"));
194 error = getError("date=2000-01-01&location=testcase&certify=1&rules=&tos_agree=1&assertion=1&points=10");
195 assertTrue(error, !error.startsWith("</div>"));
196 error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=a&assertion=1&points=10");
197 assertTrue(error, !error.startsWith("</div>"));
198 error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=z&points=10");
199 assertTrue(error, !error.startsWith("</div>"));
203 public void testAssureListingValid() throws IOException {
204 String uniqueLoc = createUniqueName();
205 String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
207 String cookie = login(assureeM, TEST_PASSWORD);
208 URLConnection url = get(cookie, MyPoints.PATH);
209 String resp = IOUtils.readURL(url);
210 resp = resp.split(Pattern.quote("</table>"))[0];
211 assertThat(resp, containsString(uniqueLoc));
215 public void testAssurerListingValid() throws IOException {
216 String uniqueLoc = createUniqueName();
217 String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
219 String cookie = login(assurerM, TEST_PASSWORD);
220 URLConnection url = get(cookie, MyPoints.PATH);
221 String resp = IOUtils.readURL(url);
222 resp = resp.split(Pattern.quote("</table>"))[1];
223 assertThat(resp, containsString(uniqueLoc));
226 private String getError(String query) throws MalformedURLException, IOException {
227 URLConnection uc = buildupAssureFormConnection(true);
228 uc.getOutputStream().write((query).getBytes("UTF-8"));
229 uc.getOutputStream().flush();
230 String error = fetchStartErrorMessage(IOUtils.readURL(uc));
234 private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
235 return buildupAssureFormConnection(cookie, assureeM, doCSRF);
238 public static URLConnection buildupAssureFormConnection(String cookie, String email, boolean doCSRF) throws MalformedURLException, IOException {
239 URLConnection uc = get(cookie, AssurePage.PATH);
240 uc.setDoOutput(true);
241 uc.getOutputStream().write(("email=" + URLEncoder.encode(email, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
243 String csrf = getCSRF(uc);
244 uc = get(cookie, AssurePage.PATH);
245 uc.setDoOutput(true);
247 uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));