tests/org/cacert/gigi/pages/wot/TestAssurance.java

   1 package org.cacert.gigi.pages.wot;
   2
   3 import static org.hamcrest.CoreMatchers.*;
   4 import static org.junit.Assert.*;
   5
   6 import java.io.IOException;
   7 import java.io.UnsupportedEncodingException;
   8 import java.net.HttpURLConnection;
   9 import java.net.MalformedURLException;
  10 import java.net.URL;
  11 import java.net.URLConnection;
  12 import java.net.URLEncoder;
  13 import java.sql.SQLException;
  14 import java.text.SimpleDateFormat;
  15 import java.util.Date;
  16 import java.util.regex.Pattern;
  17
  18 import org.cacert.gigi.pages.account.MyDetails;
  19 import org.cacert.gigi.testUtils.IOUtils;
  20 import org.cacert.gigi.testUtils.ManagedTest;
  21 import org.junit.Before;
  22 import org.junit.Test;
  23
  24 public class TestAssurance extends ManagedTest {
  25
  26     private String assurerM;
  27
  28     private String assureeM;
  29
  30     private String cookie;
  31
  32     @Before
  33     public void setup() throws IOException {
  34         assurerM = createUniqueName() + "@cacert-test.org";
  35         assureeM = createUniqueName() + "@cacert-test.org";
  36
  37         createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
  38         createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
  39
  40         cookie = login(assurerM, TEST_PASSWORD);
  41     }
  42
  43     @Test
  44     public void testAssureSearch() throws IOException {
  45         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  46         assertTrue(loc, loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
  47     }
  48
  49     @Test
  50     public void testAssureSearchEmail() throws IOException {
  51         String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  52         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
  53     }
  54
  55     @Test
  56     public void testAssureSearchDob() throws IOException {
  57         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
  58         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
  59         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
  60         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
  61         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
  62         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
  63     }
  64
  65     private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
  66         URL u = new URL("https://" + getServerName() + AssurePage.PATH);
  67         URLConnection uc = u.openConnection();
  68         uc.setDoOutput(true);
  69         uc.addRequestProperty("Cookie", cookie);
  70         uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
  71         uc.getOutputStream().flush();
  72
  73         return IOUtils.readURL(uc);
  74     }
  75
  76     @Test
  77     public void testAssureForm() throws IOException {
  78         String error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
  79         assertNull(error);
  80     }
  81
  82     @Test
  83     public void testAssureFormNoCSRF() throws IOException {
  84         // override csrf
  85         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
  86         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10").getBytes("UTF-8"));
  87         uc.getOutputStream().flush();
  88         assertEquals(500, uc.getResponseCode());
  89     }
  90
  91     @Test
  92     public void testAssureFormWrongCSRF() throws IOException {
  93         // override csrf
  94         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
  95         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
  96         uc.getOutputStream().flush();
  97         assertEquals(500, uc.getResponseCode());
  98     }
  99
 100     @Test
 101     public void testAssureFormRaceName() throws IOException, SQLException {
 102         testAssureFormRace(true);
 103     }
 104
 105     @Test
 106     public void testAssureFormRaceDoB() throws IOException, SQLException {
 107         testAssureFormRace(false);
 108     }
 109
 110     public void testAssureFormRace(boolean name) throws IOException, SQLException {
 111         URLConnection uc = buildupAssureFormConnection(true);
 112
 113         String assureeCookie = login(assureeM, TEST_PASSWORD);
 114         String newName = "lname=" + (name ? "c" : "a") + "&fname=a&mname=&suffix=";
 115         String newDob = "day=1&month=1&year=" + (name ? 1910 : 1911);
 116
 117         assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newName + "&" + newDob + "&processDetails", 0));
 118
 119         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10").getBytes("UTF-8"));
 120         uc.getOutputStream().flush();
 121         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 122         assertTrue(error, !error.startsWith("</div>"));
 123     }
 124
 125     @Test
 126     public void testAssureFormFuture() throws IOException {
 127         SimpleDateFormat sdf = new SimpleDateFormat("yyyy");
 128         int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
 129         String error = getError("date=" + year + "-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 130         assertTrue(error, !error.startsWith("</div>"));
 131     }
 132
 133     @Test
 134     public void testAssureFormNoLoc() throws IOException {
 135         String error = getError("date=2000-01-01&location=a&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 136         assertTrue(error, !error.startsWith("</div>"));
 137         error = getError("date=2000-01-01&location=&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 138         assertTrue(error, !error.startsWith("</div>"));
 139     }
 140
 141     @Test
 142     public void testAssureFormInvalDate() throws IOException {
 143         String error = getError("date=20000101&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 144         assertTrue(error, !error.startsWith("</div>"));
 145         error = getError("date=&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 146         assertTrue(error, !error.startsWith("</div>"));
 147     }
 148
 149     @Test
 150     public void testAssureFormBoxes() throws IOException {
 151         String error = getError("date=2000-01-01&location=testcase&certify=0&rules=1&CCAAgreed=1&assertion=1&points=10");
 152         assertTrue(error, !error.startsWith("</div>"));
 153         error = getError("date=2000-01-01&location=testcase&certify=1&rules=&CCAAgreed=1&assertion=1&points=10");
 154         assertTrue(error, !error.startsWith("</div>"));
 155         error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=a&assertion=1&points=10");
 156         assertTrue(error, !error.startsWith("</div>"));
 157         error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=z&points=10");
 158         assertTrue(error, !error.startsWith("</div>"));
 159     }
 160
 161     @Test
 162     public void testAssureListingValid() throws IOException {
 163         String uniqueLoc = createUniqueName();
 164         String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 165         assertNull(error);
 166         String cookie = login(assureeM, TEST_PASSWORD);
 167         URLConnection url = new URL("https://" + getServerName() + MyPoints.PATH).openConnection();
 168         url.setRequestProperty("Cookie", cookie);
 169         String resp = IOUtils.readURL(url);
 170         resp = resp.split(Pattern.quote("</table>"))[0];
 171         assertThat(resp, containsString(uniqueLoc));
 172     }
 173
 174     @Test
 175     public void testAssurerListingValid() throws IOException {
 176         String uniqueLoc = createUniqueName();
 177         String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 178         assertNull(error);
 179         String cookie = login(assurerM, TEST_PASSWORD);
 180         URLConnection url = new URL("https://" + getServerName() + MyPoints.PATH).openConnection();
 181         url.setRequestProperty("Cookie", cookie);
 182         String resp = IOUtils.readURL(url);
 183         resp = resp.split(Pattern.quote("</table>"))[1];
 184         assertThat(resp, containsString(uniqueLoc));
 185     }
 186
 187     private String getError(String query) throws MalformedURLException, IOException {
 188         URLConnection uc = buildupAssureFormConnection(true);
 189         uc.getOutputStream().write((query).getBytes("UTF-8"));
 190         uc.getOutputStream().flush();
 191         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 192         return error;
 193     }
 194
 195     private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
 196         URL u = new URL("https://" + getServerName() + AssurePage.PATH);
 197         URLConnection uc = u.openConnection();
 198         uc.addRequestProperty("Cookie", cookie);
 199         uc.setDoOutput(true);
 200         uc.getOutputStream().write(("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
 201
 202         String csrf = getCSRF(uc);
 203         uc = u.openConnection();
 204         uc.addRequestProperty("Cookie", cookie);
 205         uc.setDoOutput(true);
 206         if (doCSRF) {
 207             uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));
 208         }
 209         return uc;
 210     }
 211
 212 }