tests/org/cacert/gigi/pages/wot/TestAssurance.java

   1 package org.cacert.gigi.pages.wot;
   2
   3 import static org.hamcrest.CoreMatchers.*;
   4 import static org.junit.Assert.*;
   5
   6 import java.io.IOException;
   7 import java.io.UnsupportedEncodingException;
   8 import java.net.HttpURLConnection;
   9 import java.net.MalformedURLException;
  10 import java.net.URLConnection;
  11 import java.net.URLEncoder;
  12 import java.sql.SQLException;
  13 import java.text.SimpleDateFormat;
  14 import java.util.Calendar;
  15 import java.util.Date;
  16 import java.util.regex.Pattern;
  17
  18 import org.cacert.gigi.pages.account.MyDetails;
  19 import org.cacert.gigi.testUtils.IOUtils;
  20 import org.cacert.gigi.testUtils.ManagedTest;
  21 import org.junit.Before;
  22 import org.junit.Test;
  23
  24 public class TestAssurance extends ManagedTest {
  25
  26     private String assurerM;
  27
  28     private String assureeM;
  29
  30     private String cookie;
  31
  32     @Before
  33     public void setup() throws IOException {
  34         clearCaches();
  35         assurerM = createUniqueName() + "@cacert-test.org";
  36         assureeM = createUniqueName() + "@cacert-test.org";
  37
  38         createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
  39         createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
  40
  41         cookie = login(assurerM, TEST_PASSWORD);
  42     }
  43
  44     @Test
  45     public void testAssureSearch() throws IOException {
  46         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  47         assertTrue(loc, loc.contains("type=\"checkbox\" name=\"tos_agree\""));
  48     }
  49
  50     @Test
  51     public void testAssureSearchEmail() throws IOException {
  52         String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  53         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"tos_agree\""));
  54     }
  55
  56     @Test
  57     public void testAssureSearchDobInvalid() throws IOException {
  58         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=mal");
  59         assertNotNull(fetchStartErrorMessage(loc));
  60     }
  61
  62     @Test
  63     public void testAssureSearchDob() throws IOException {
  64         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
  65         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"tos_agree\""));
  66         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
  67         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"tos_agree\""));
  68         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
  69         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"tos_agree\""));
  70     }
  71
  72     private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
  73         URLConnection uc = get(cookie, AssurePage.PATH);
  74         uc.setDoOutput(true);
  75         uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
  76         uc.getOutputStream().flush();
  77
  78         return IOUtils.readURL(uc);
  79     }
  80
  81     @Test
  82     public void testAssureForm() throws IOException {
  83         String error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
  84         assertNull(error);
  85     }
  86
  87     @Test
  88     public void testAssureFormContanisData() throws IOException {
  89         URLConnection uc = buildupAssureFormConnection(true);
  90         uc.getOutputStream().write(("date=2000-01-01&location=testcase&rules=1&tos_agree=1&assertion=1&points=10").getBytes("UTF-8"));
  91         uc.getOutputStream().flush();
  92         String data = IOUtils.readURL(uc);
  93         assertThat(data, containsString("2000-01-01"));
  94         assertThat(data, containsString("testcase"));
  95     }
  96
  97     @Test
  98     public void testAssureFormNoCSRF() throws IOException {
  99         // override csrf
 100         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
 101         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10").getBytes("UTF-8"));
 102         uc.getOutputStream().flush();
 103         assertEquals(500, uc.getResponseCode());
 104     }
 105
 106     @Test
 107     public void testAssureFormWrongCSRF() throws IOException {
 108         // override csrf
 109         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
 110         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
 111         uc.getOutputStream().flush();
 112         assertEquals(500, uc.getResponseCode());
 113     }
 114
 115     @Test
 116     public void testAssureFormRaceName() throws IOException, SQLException {
 117         testAssureFormRace(true, false);
 118     }
 119
 120     @Test
 121     public void testAssureFormRaceDoB() throws IOException, SQLException {
 122         testAssureFormRace(false, false);
 123     }
 124
 125     @Test
 126     public void testAssureFormRaceNameBlind() throws IOException, SQLException {
 127         testAssureFormRace(true, true);
 128     }
 129
 130     @Test
 131     public void testAssureFormRaceDoBBlind() throws IOException, SQLException {
 132         testAssureFormRace(false, true);
 133     }
 134
 135     public void testAssureFormRace(boolean name, boolean succeed) throws IOException, SQLException {
 136         URLConnection uc = buildupAssureFormConnection(true);
 137
 138         String assureeCookie = login(assureeM, TEST_PASSWORD);
 139         String newName = "lname=" + (name && !succeed ? "a" : "c") + "&fname=a&mname=&suffix=";
 140         String newDob = "day=1&month=1&year=" + ( !name && !succeed ? 1911 : 1910);
 141
 142         assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newName + "&" + newDob + "&processDetails", 0));
 143
 144         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10").getBytes("UTF-8"));
 145         uc.getOutputStream().flush();
 146         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 147         if (succeed) {
 148             assertNull(error);
 149         } else {
 150             assertTrue(error, !error.startsWith("</div>"));
 151             assertThat(error, containsString("changed his personal details"));
 152         }
 153     }
 154
 155     @Test
 156     public void testAssureFormFuture() throws IOException {
 157         SimpleDateFormat sdf = new SimpleDateFormat("yyyy");
 158         int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
 159         String error = getError("date=" + year + "-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 160         assertTrue(error, !error.startsWith("</div>"));
 161     }
 162
 163     @Test
 164     public void testAssureFormFutureOK() throws IOException {
 165         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 166         Calendar c = Calendar.getInstance();
 167         c.setTimeInMillis(System.currentTimeMillis());
 168         c.add(Calendar.HOUR_OF_DAY, 12);
 169
 170         String error = getError("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 171         assertNull(error);
 172     }
 173
 174     @Test
 175     public void testAssureFormNoLoc() throws IOException {
 176         String error = getError("date=2000-01-01&location=a&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 177         assertTrue(error, !error.startsWith("</div>"));
 178         error = getError("date=2000-01-01&location=&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 179         assertTrue(error, !error.startsWith("</div>"));
 180     }
 181
 182     @Test
 183     public void testAssureFormInvalDate() throws IOException {
 184         String error = getError("date=20000101&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 185         assertTrue(error, !error.startsWith("</div>"));
 186         error = getError("date=&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 187         assertTrue(error, !error.startsWith("</div>"));
 188     }
 189
 190     @Test
 191     public void testAssureFormBoxes() throws IOException {
 192         String error = getError("date=2000-01-01&location=testcase&certify=0&rules=1&tos_agree=1&assertion=1&points=10");
 193         assertTrue(error, !error.startsWith("</div>"));
 194         error = getError("date=2000-01-01&location=testcase&certify=1&rules=&tos_agree=1&assertion=1&points=10");
 195         assertTrue(error, !error.startsWith("</div>"));
 196         error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=a&assertion=1&points=10");
 197         assertTrue(error, !error.startsWith("</div>"));
 198         error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=z&points=10");
 199         assertTrue(error, !error.startsWith("</div>"));
 200     }
 201
 202     @Test
 203     public void testAssureListingValid() throws IOException {
 204         String uniqueLoc = createUniqueName();
 205         String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 206         assertNull(error);
 207         String cookie = login(assureeM, TEST_PASSWORD);
 208         URLConnection url = get(cookie, MyPoints.PATH);
 209         String resp = IOUtils.readURL(url);
 210         resp = resp.split(Pattern.quote("</table>"))[0];
 211         assertThat(resp, containsString(uniqueLoc));
 212     }
 213
 214     @Test
 215     public void testAssurerListingValid() throws IOException {
 216         String uniqueLoc = createUniqueName();
 217         String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 218         assertNull(error);
 219         String cookie = login(assurerM, TEST_PASSWORD);
 220         URLConnection url = get(cookie, MyPoints.PATH);
 221         String resp = IOUtils.readURL(url);
 222         resp = resp.split(Pattern.quote("</table>"))[1];
 223         assertThat(resp, containsString(uniqueLoc));
 224     }
 225
 226     private String getError(String query) throws MalformedURLException, IOException {
 227         URLConnection uc = buildupAssureFormConnection(true);
 228         uc.getOutputStream().write((query).getBytes("UTF-8"));
 229         uc.getOutputStream().flush();
 230         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 231         return error;
 232     }
 233
 234     private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
 235         return buildupAssureFormConnection(cookie, assureeM, doCSRF);
 236     }
 237
 238     public static URLConnection buildupAssureFormConnection(String cookie, String email, boolean doCSRF) throws MalformedURLException, IOException {
 239         URLConnection uc = get(cookie, AssurePage.PATH);
 240         uc.setDoOutput(true);
 241         uc.getOutputStream().write(("email=" + URLEncoder.encode(email, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
 242
 243         String csrf = getCSRF(uc);
 244         uc = get(cookie, AssurePage.PATH);
 245         uc.setDoOutput(true);
 246         if (doCSRF) {
 247             uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));
 248         }
 249         return uc;
 250     }
 251
 252 }