tests/org/cacert/gigi/pages/wot/TestAssurance.java

   1 package org.cacert.gigi.pages.wot;
   2
   3 import static org.hamcrest.CoreMatchers.*;
   4 import static org.junit.Assert.*;
   5
   6 import java.io.IOException;
   7 import java.io.UnsupportedEncodingException;
   8 import java.net.HttpURLConnection;
   9 import java.net.MalformedURLException;
  10 import java.net.URLConnection;
  11 import java.net.URLEncoder;
  12 import java.sql.SQLException;
  13 import java.sql.Timestamp;
  14 import java.text.SimpleDateFormat;
  15 import java.util.Calendar;
  16 import java.util.Date;
  17 import java.util.regex.Pattern;
  18
  19 import org.cacert.gigi.database.GigiPreparedStatement;
  20 import org.cacert.gigi.dbObjects.User;
  21 import org.cacert.gigi.pages.account.MyDetails;
  22 import org.cacert.gigi.testUtils.IOUtils;
  23 import org.cacert.gigi.testUtils.ManagedTest;
  24 import org.cacert.gigi.util.DayDate;
  25 import org.cacert.gigi.util.Notary;
  26 import org.hamcrest.Matcher;
  27 import org.junit.Before;
  28 import org.junit.Test;
  29
  30 public class TestAssurance extends ManagedTest {
  31
  32     private String assurerM;
  33
  34     private String assureeM;
  35
  36     private int assureeName;
  37
  38     private String cookie;
  39
  40     @Before
  41     public void setup() throws IOException {
  42         clearCaches();
  43         assurerM = createUniqueName() + "@cacert-test.org";
  44         assureeM = createUniqueName() + "@cacert-test.org";
  45
  46         createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
  47         int assureeId = createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
  48         assureeName = User.getById(assureeId).getPreferredName().getId();
  49
  50         cookie = login(assurerM, TEST_PASSWORD);
  51     }
  52
  53     private Matcher<String> isAssuranceForm() {
  54         return containsString("<select name=\"assuranceType\">");
  55     }
  56
  57     @Test
  58     public void testAssureSearch() throws IOException {
  59         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  60         assertThat(loc, isAssuranceForm());
  61     }
  62
  63     @Test
  64     public void testAssureSearchEmail() throws IOException {
  65         String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  66         assertThat(loc, not(isAssuranceForm()));
  67     }
  68
  69     @Test
  70     public void testAssureSearchDobInvalid() throws IOException {
  71         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=mal");
  72         assertThat(loc, not(isAssuranceForm()));
  73     }
  74
  75     @Test
  76     public void testAssureSearchDob() throws IOException {
  77         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
  78         assertThat(loc, not(isAssuranceForm()));
  79         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
  80         assertThat(loc, not(isAssuranceForm()));
  81         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
  82         assertThat(loc, not(isAssuranceForm()));
  83     }
  84
  85     private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
  86         URLConnection uc = get(cookie, AssurePage.PATH);
  87         uc.setDoOutput(true);
  88         uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
  89         uc.getOutputStream().flush();
  90
  91         return IOUtils.readURL(uc);
  92     }
  93
  94     @Test
  95     public void testAssureForm() throws IOException {
  96         executeSuccess("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
  97     }
  98
  99     @Test
 100     public void testAssureFormEmpty() throws IOException {
 101         URLConnection uc = buildupAssureFormConnection(true);
 102         uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 103         uc.getOutputStream().flush();
 104         String data = IOUtils.readURL(uc);
 105         assertThat(data, hasError());
 106     }
 107
 108     @Test
 109     public void testAssureFormContanisData() throws IOException {
 110         URLConnection uc = buildupAssureFormConnection(true);
 111         uc.getOutputStream().write(("assuredName=" + assureeName + "&date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 112         uc.getOutputStream().flush();
 113         String data = IOUtils.readURL(uc);
 114         assertThat(data, containsString(validVerificationDateString()));
 115         assertThat(data, containsString("testcase"));
 116     }
 117
 118     @Test
 119     public void testAssureFormNoCSRF() throws IOException {
 120         // override csrf
 121         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
 122         uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 123         uc.getOutputStream().flush();
 124         assertEquals(500, uc.getResponseCode());
 125     }
 126
 127     @Test
 128     public void testAssureFormWrongCSRF() throws IOException {
 129         // override csrf
 130         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
 131         uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
 132         uc.getOutputStream().flush();
 133         assertEquals(500, uc.getResponseCode());
 134     }
 135
 136     @Test
 137     public void testAssureFormRaceDoB() throws IOException, SQLException {
 138         testAssureFormRace(false);
 139     }
 140
 141     @Test
 142     public void testAssureFormRaceDoBBlind() throws IOException, SQLException {
 143         testAssureFormRace(true);
 144     }
 145
 146     public void testAssureFormRace(boolean succeed) throws IOException, SQLException {
 147         URLConnection uc = buildupAssureFormConnection(true);
 148
 149         String assureeCookie = login(assureeM, TEST_PASSWORD);
 150         String newDob = "day=1&month=1&year=" + ( !succeed ? 1911 : 1910);
 151
 152         assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newDob + "&action=updateDoB", 0));
 153
 154         uc.getOutputStream().write(("assuredName=" + assureeName + "&date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 155         uc.getOutputStream().flush();
 156         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 157         if (succeed) {
 158             assertNull(error);
 159         } else {
 160             assertTrue(error, !error.startsWith("</div>"));
 161             assertThat(error, containsString("changed his personal details"));
 162         }
 163     }
 164
 165     @Test
 166     public void testAssureFormFuture() throws IOException {
 167         SimpleDateFormat sdf = new SimpleDateFormat("yyyy");
 168         int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
 169         executeFails("date=" + year + "-01-01&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 170     }
 171
 172     @Test
 173     public void testAssureFormFutureOK() throws IOException {
 174         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 175         Calendar c = Calendar.getInstance();
 176         c.setTimeInMillis(System.currentTimeMillis());
 177         c.add(Calendar.HOUR_OF_DAY, 12);
 178
 179         executeSuccess("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 180     }
 181
 182     @Test
 183     public void testAssureFormPastInRange() throws IOException {
 184         executeSuccess("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 185     }
 186
 187     @Test
 188     public void testAssureFormPastOnLimit() throws IOException {
 189         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 190         Calendar c = Calendar.getInstance();
 191         c.setTimeInMillis(System.currentTimeMillis());
 192         c.add(Calendar.MONTH, -Notary.LIMIT_MAX_MONTHS_VERIFICATION);
 193         c.add(Calendar.DAY_OF_MONTH, 1);
 194
 195         executeSuccess("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 196     }
 197
 198     @Test
 199     public void testAssureFormPastOutOfRange() throws IOException {
 200         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 201         Calendar c = Calendar.getInstance();
 202         c.setTimeInMillis(System.currentTimeMillis());
 203         c.add(Calendar.MONTH, -Notary.LIMIT_MAX_MONTHS_VERIFICATION);
 204
 205         executeFails("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 206     }
 207
 208     @Test
 209     public void testAssureFormNoLoc() throws IOException {
 210         executeFails("date=" + validVerificationDateString() + "&location=a&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 211         executeFails("date=" + validVerificationDateString() + "&location=&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 212     }
 213
 214     @Test
 215     public void testAssureFormInvalDate() throws IOException {
 216         executeFails("date=20000101&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 217         executeFails("date=&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 218     }
 219
 220     @Test
 221     public void testAssureFormBoxes() throws IOException {
 222         executeFails("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=0&rules=1&assertion=1&points=10");
 223         executeFails("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=&assertion=1&points=10");
 224         executeFails("date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=z&points=10");
 225     }
 226
 227     @Test
 228     public void testAssureListingValid() throws IOException {
 229         String uniqueLoc = createUniqueName();
 230         execute("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 231
 232         String cookie = login(assureeM, TEST_PASSWORD);
 233         URLConnection url = get(cookie, Points.PATH);
 234         String resp = IOUtils.readURL(url);
 235         resp = resp.split(Pattern.quote("</table>"))[1];
 236         assertThat(resp, containsString(uniqueLoc));
 237     }
 238
 239     @Test
 240     public void testAssurerListingValid() throws IOException {
 241         String uniqueLoc = createUniqueName();
 242         executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 243         String cookie = login(assurerM, TEST_PASSWORD);
 244         URLConnection url = get(cookie, Points.PATH);
 245         String resp = IOUtils.readURL(url);
 246         resp = resp.split(Pattern.quote("</table>"))[2];
 247         assertThat(resp, containsString(uniqueLoc));
 248     }
 249
 250     private void executeFails(String query) throws MalformedURLException, IOException {
 251         assertThat(execute(query), hasError());
 252
 253     }
 254
 255     private void executeSuccess(String query) throws MalformedURLException, IOException {
 256         assertThat(execute(query), hasNoError());
 257
 258     }
 259
 260     private String execute(String query) throws MalformedURLException, IOException {
 261         URLConnection uc = buildupAssureFormConnection(true);
 262         uc.getOutputStream().write(("assuredName=" + assureeName + "&" + query).getBytes("UTF-8"));
 263         uc.getOutputStream().flush();
 264         return IOUtils.readURL(uc);
 265     }
 266
 267     private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
 268         return buildupAssureFormConnection(cookie, assureeM, doCSRF);
 269     }
 270
 271     public static URLConnection buildupAssureFormConnection(String cookie, String email, boolean doCSRF) throws MalformedURLException, IOException {
 272         URLConnection uc = get(cookie, AssurePage.PATH);
 273         uc.setDoOutput(true);
 274         uc.getOutputStream().write(("email=" + URLEncoder.encode(email, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
 275
 276         String csrf = getCSRF(uc);
 277         uc = get(cookie, AssurePage.PATH);
 278         uc.setDoOutput(true);
 279         if (doCSRF) {
 280             uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));
 281         }
 282         return uc;
 283     }
 284
 285     @Test
 286     public void testMultipleAssurance() throws IOException {
 287
 288         User users[] = User.findByEmail(assurerM);
 289         int agentID = users[0].getId();
 290
 291         users = User.findByEmail(assureeM);
 292         int applicantID = users[0].getId();
 293
 294         // enter first entry 200 days in the past
 295         try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?, `when`=? ")) {
 296             ps.setInt(1, agentID);
 297             ps.setInt(2, applicantID);
 298             ps.setInt(3, 10);
 299             ps.setString(4, "test-location");
 300             ps.setString(5, "2010-01-01");
 301             ps.setTimestamp(6, new Timestamp(System.currentTimeMillis() - DayDate.MILLI_DAY * 200));
 302             ps.execute();
 303         }
 304
 305         // enter second entry
 306         String uniqueLoc = createUniqueName();
 307         executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
 308
 309         // enter third entry on the same day
 310         URLConnection uc = get(cookie, AssurePage.PATH);
 311         uc.setDoOutput(true);
 312         uc.getOutputStream().write(("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
 313         assertThat(IOUtils.readURL(uc), hasError());
 314
 315     }
 316 }