tests/org/cacert/gigi/pages/wot/TestAssurance.java

   1 package org.cacert.gigi.pages.wot;
   2
   3 import static org.hamcrest.CoreMatchers.*;
   4 import static org.junit.Assert.*;
   5
   6 import java.io.IOException;
   7 import java.io.UnsupportedEncodingException;
   8 import java.net.HttpURLConnection;
   9 import java.net.MalformedURLException;
  10 import java.net.URL;
  11 import java.net.URLConnection;
  12 import java.net.URLEncoder;
  13 import java.sql.SQLException;
  14 import java.text.SimpleDateFormat;
  15 import java.util.Calendar;
  16 import java.util.Date;
  17 import java.util.regex.Pattern;
  18
  19 import org.cacert.gigi.pages.account.MyDetails;
  20 import org.cacert.gigi.testUtils.IOUtils;
  21 import org.cacert.gigi.testUtils.ManagedTest;
  22 import org.junit.Before;
  23 import org.junit.Test;
  24
  25 public class TestAssurance extends ManagedTest {
  26
  27     private String assurerM;
  28
  29     private String assureeM;
  30
  31     private String cookie;
  32
  33     @Before
  34     public void setup() throws IOException {
  35         assurerM = createUniqueName() + "@cacert-test.org";
  36         assureeM = createUniqueName() + "@cacert-test.org";
  37
  38         createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
  39         createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
  40
  41         cookie = login(assurerM, TEST_PASSWORD);
  42     }
  43
  44     @Test
  45     public void testAssureSearch() throws IOException {
  46         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  47         assertTrue(loc, loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
  48     }
  49
  50     @Test
  51     public void testAssureSearchEmail() throws IOException {
  52         String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  53         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
  54     }
  55
  56     @Test
  57     public void testAssureSearchDob() throws IOException {
  58         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
  59         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
  60         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
  61         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
  62         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
  63         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
  64     }
  65
  66     private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
  67         URL u = new URL("https://" + getServerName() + AssurePage.PATH);
  68         URLConnection uc = u.openConnection();
  69         uc.setDoOutput(true);
  70         uc.addRequestProperty("Cookie", cookie);
  71         uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
  72         uc.getOutputStream().flush();
  73
  74         return IOUtils.readURL(uc);
  75     }
  76
  77     @Test
  78     public void testAssureForm() throws IOException {
  79         String error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
  80         assertNull(error);
  81     }
  82
  83     @Test
  84     public void testAssureFormContanisData() throws IOException {
  85         URLConnection uc = buildupAssureFormConnection(true);
  86         uc.getOutputStream().write(("date=2000-01-01&location=testcase&rules=1&CCAAgreed=1&assertion=1&points=10").getBytes("UTF-8"));
  87         uc.getOutputStream().flush();
  88         String data = IOUtils.readURL(uc);
  89         assertThat(data, containsString("2000-01-01"));
  90         assertThat(data, containsString("testcase"));
  91     }
  92
  93     @Test
  94     public void testAssureFormNoCSRF() throws IOException {
  95         // override csrf
  96         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
  97         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10").getBytes("UTF-8"));
  98         uc.getOutputStream().flush();
  99         assertEquals(500, uc.getResponseCode());
 100     }
 101
 102     @Test
 103     public void testAssureFormWrongCSRF() throws IOException {
 104         // override csrf
 105         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
 106         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
 107         uc.getOutputStream().flush();
 108         assertEquals(500, uc.getResponseCode());
 109     }
 110
 111     @Test
 112     public void testAssureFormRaceName() throws IOException, SQLException {
 113         testAssureFormRace(true);
 114     }
 115
 116     @Test
 117     public void testAssureFormRaceDoB() throws IOException, SQLException {
 118         testAssureFormRace(false);
 119     }
 120
 121     public void testAssureFormRace(boolean name) throws IOException, SQLException {
 122         URLConnection uc = buildupAssureFormConnection(true);
 123
 124         String assureeCookie = login(assureeM, TEST_PASSWORD);
 125         String newName = "lname=" + (name ? "c" : "a") + "&fname=a&mname=&suffix=";
 126         String newDob = "day=1&month=1&year=" + (name ? 1910 : 1911);
 127
 128         assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newName + "&" + newDob + "&processDetails", 0));
 129
 130         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10").getBytes("UTF-8"));
 131         uc.getOutputStream().flush();
 132         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 133         assertTrue(error, !error.startsWith("</div>"));
 134     }
 135
 136     @Test
 137     public void testAssureFormFuture() throws IOException {
 138         SimpleDateFormat sdf = new SimpleDateFormat("yyyy");
 139         int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
 140         String error = getError("date=" + year + "-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 141         assertTrue(error, !error.startsWith("</div>"));
 142     }
 143
 144     @Test
 145     public void testAssureFormFutureOK() throws IOException {
 146         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 147         Calendar c = Calendar.getInstance();
 148         c.setTimeInMillis(System.currentTimeMillis());
 149         c.add(Calendar.HOUR_OF_DAY, 12);
 150
 151         String error = getError("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 152         assertNull(error);
 153     }
 154
 155     @Test
 156     public void testAssureFormNoLoc() throws IOException {
 157         String error = getError("date=2000-01-01&location=a&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 158         assertTrue(error, !error.startsWith("</div>"));
 159         error = getError("date=2000-01-01&location=&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 160         assertTrue(error, !error.startsWith("</div>"));
 161     }
 162
 163     @Test
 164     public void testAssureFormInvalDate() throws IOException {
 165         String error = getError("date=20000101&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 166         assertTrue(error, !error.startsWith("</div>"));
 167         error = getError("date=&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 168         assertTrue(error, !error.startsWith("</div>"));
 169     }
 170
 171     @Test
 172     public void testAssureFormBoxes() throws IOException {
 173         String error = getError("date=2000-01-01&location=testcase&certify=0&rules=1&CCAAgreed=1&assertion=1&points=10");
 174         assertTrue(error, !error.startsWith("</div>"));
 175         error = getError("date=2000-01-01&location=testcase&certify=1&rules=&CCAAgreed=1&assertion=1&points=10");
 176         assertTrue(error, !error.startsWith("</div>"));
 177         error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=a&assertion=1&points=10");
 178         assertTrue(error, !error.startsWith("</div>"));
 179         error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=z&points=10");
 180         assertTrue(error, !error.startsWith("</div>"));
 181     }
 182
 183     @Test
 184     public void testAssureListingValid() throws IOException {
 185         String uniqueLoc = createUniqueName();
 186         String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 187         assertNull(error);
 188         String cookie = login(assureeM, TEST_PASSWORD);
 189         URLConnection url = new URL("https://" + getServerName() + MyPoints.PATH).openConnection();
 190         url.setRequestProperty("Cookie", cookie);
 191         String resp = IOUtils.readURL(url);
 192         resp = resp.split(Pattern.quote("</table>"))[0];
 193         assertThat(resp, containsString(uniqueLoc));
 194     }
 195
 196     @Test
 197     public void testAssurerListingValid() throws IOException {
 198         String uniqueLoc = createUniqueName();
 199         String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 200         assertNull(error);
 201         String cookie = login(assurerM, TEST_PASSWORD);
 202         URLConnection url = new URL("https://" + getServerName() + MyPoints.PATH).openConnection();
 203         url.setRequestProperty("Cookie", cookie);
 204         String resp = IOUtils.readURL(url);
 205         resp = resp.split(Pattern.quote("</table>"))[1];
 206         assertThat(resp, containsString(uniqueLoc));
 207     }
 208
 209     private String getError(String query) throws MalformedURLException, IOException {
 210         URLConnection uc = buildupAssureFormConnection(true);
 211         uc.getOutputStream().write((query).getBytes("UTF-8"));
 212         uc.getOutputStream().flush();
 213         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 214         return error;
 215     }
 216
 217     private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
 218         URL u = new URL("https://" + getServerName() + AssurePage.PATH);
 219         URLConnection uc = u.openConnection();
 220         uc.addRequestProperty("Cookie", cookie);
 221         uc.setDoOutput(true);
 222         uc.getOutputStream().write(("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
 223
 224         String csrf = getCSRF(uc);
 225         uc = u.openConnection();
 226         uc.addRequestProperty("Cookie", cookie);
 227         uc.setDoOutput(true);
 228         if (doCSRF) {
 229             uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));
 230         }
 231         return uc;
 232     }
 233
 234 }