ccbe1774139894fd73d607ed26391352815075c2
[gigi.git] / tests / org / cacert / gigi / pages / wot / TestAssurance.java
1 package org.cacert.gigi.pages.wot;
2
3 import static org.hamcrest.CoreMatchers.*;
4 import static org.junit.Assert.*;
5
6 import java.io.IOException;
7 import java.io.UnsupportedEncodingException;
8 import java.net.HttpURLConnection;
9 import java.net.MalformedURLException;
10 import java.net.URL;
11 import java.net.URLConnection;
12 import java.net.URLEncoder;
13 import java.sql.SQLException;
14 import java.text.SimpleDateFormat;
15 import java.util.Date;
16 import java.util.regex.Pattern;
17
18 import org.cacert.gigi.pages.account.MyDetails;
19 import org.cacert.gigi.testUtils.IOUtils;
20 import org.cacert.gigi.testUtils.ManagedTest;
21 import org.junit.Before;
22 import org.junit.Test;
23
24 public class TestAssurance extends ManagedTest {
25
26     private String assurerM;
27
28     private String assureeM;
29
30     private int assurer;
31
32     private int assuree;
33
34     private String cookie;
35
36     @Before
37     public void setup() throws IOException {
38         assurerM = createUniqueName() + "@cacert-test.org";
39         assureeM = createUniqueName() + "@cacert-test.org";
40         assurer = createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
41         assuree = createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
42         cookie = login(assurerM, TEST_PASSWORD);
43
44     }
45
46     @Test
47     public void testAssureSearch() throws IOException {
48         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
49         assertTrue(loc, loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
50     }
51
52     @Test
53     public void testAssureSearchEmail() throws IOException {
54         String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
55         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
56     }
57
58     @Test
59     public void testAssureSearchDob() throws IOException {
60         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
61         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
62         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
63         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
64         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
65         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"CCAAgreed\""));
66     }
67
68     private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
69         URL u = new URL("https://" + getServerName() + AssurePage.PATH);
70         URLConnection uc = u.openConnection();
71         uc.setDoOutput(true);
72         uc.addRequestProperty("Cookie", cookie);
73         uc.getOutputStream().write(("search&" + query).getBytes());
74         uc.getOutputStream().flush();
75
76         return IOUtils.readURL(uc);
77     }
78
79     @Test
80     public void testAssureForm() throws IOException {
81         String error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
82         assertNull(error);
83     }
84
85     @Test
86     public void testAssureFormNoCSRF() throws IOException {
87         // override csrf
88         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
89         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10").getBytes());
90         uc.getOutputStream().flush();
91         assertEquals(500, uc.getResponseCode());
92     }
93
94     @Test
95     public void testAssureFormWrongCSRF() throws IOException {
96         // override csrf
97         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
98         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10&csrf=aragc").getBytes());
99         uc.getOutputStream().flush();
100         assertEquals(500, uc.getResponseCode());
101     }
102
103     @Test
104     public void testAssureFormRaceName() throws IOException, SQLException {
105         testAssureFormRace(true);
106     }
107
108     @Test
109     public void testAssureFormRaceDoB() throws IOException, SQLException {
110         testAssureFormRace(false);
111     }
112
113     public void testAssureFormRace(boolean name) throws IOException, SQLException {
114         URLConnection uc = buildupAssureFormConnection(true);
115
116         String assureeCookie = login(assureeM, TEST_PASSWORD);
117         String newName = "lname=" + (name ? "c" : "a") + "&fname=a&mname=&suffix=";
118         String newDob = "day=1&month=1&year=" + (name ? 1910 : 1911);
119
120         assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newName + "&" + newDob + "&processDetails", 0));
121
122         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10").getBytes());
123         uc.getOutputStream().flush();
124         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
125         assertTrue(error, !error.startsWith("</div>"));
126     }
127
128     @Test
129     public void testAssureFormFuture() throws IOException {
130         SimpleDateFormat sdf = new SimpleDateFormat("YYYY");
131         int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
132         String error = getError("date=" + year + "-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
133         assertTrue(error, !error.startsWith("</div>"));
134     }
135
136     @Test
137     public void testAssureFormNoLoc() throws IOException {
138         String error = getError("date=2000-01-01&location=a&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
139         assertTrue(error, !error.startsWith("</div>"));
140         error = getError("date=2000-01-01&location=&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
141         assertTrue(error, !error.startsWith("</div>"));
142     }
143
144     @Test
145     public void testAssureFormInvalDate() throws IOException {
146         String error = getError("date=20000101&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
147         assertTrue(error, !error.startsWith("</div>"));
148         error = getError("date=&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
149         assertTrue(error, !error.startsWith("</div>"));
150     }
151
152     @Test
153     public void testAssureFormBoxes() throws IOException {
154         String error = getError("date=2000-01-01&location=testcase&certify=0&rules=1&CCAAgreed=1&assertion=1&points=10");
155         assertTrue(error, !error.startsWith("</div>"));
156         error = getError("date=2000-01-01&location=testcase&certify=1&rules=&CCAAgreed=1&assertion=1&points=10");
157         assertTrue(error, !error.startsWith("</div>"));
158         error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=a&assertion=1&points=10");
159         assertTrue(error, !error.startsWith("</div>"));
160         error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=z&points=10");
161         assertTrue(error, !error.startsWith("</div>"));
162     }
163
164     @Test
165     public void testAssureListingValid() throws IOException {
166         String uniqueLoc = createUniqueName();
167         String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
168         assertNull(error);
169         String cookie = login(assureeM, TEST_PASSWORD);
170         URLConnection url = new URL("https://" + getServerName() + MyPoints.PATH).openConnection();
171         url.setRequestProperty("Cookie", cookie);
172         String resp = IOUtils.readURL(url);
173         resp = resp.split(Pattern.quote("</table>"))[0];
174         assertThat(resp, containsString(uniqueLoc));
175     }
176
177     @Test
178     public void testAssurerListingValid() throws IOException {
179         String uniqueLoc = createUniqueName();
180         String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
181         assertNull(error);
182         String cookie = login(assurerM, TEST_PASSWORD);
183         URLConnection url = new URL("https://" + getServerName() + MyPoints.PATH).openConnection();
184         url.setRequestProperty("Cookie", cookie);
185         String resp = IOUtils.readURL(url);
186         resp = resp.split(Pattern.quote("</table>"))[1];
187         assertThat(resp, containsString(uniqueLoc));
188     }
189
190     private String getError(String query) throws MalformedURLException, IOException {
191         URLConnection uc = buildupAssureFormConnection(true);
192         uc.getOutputStream().write((query).getBytes());
193         uc.getOutputStream().flush();
194         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
195         return error;
196     }
197
198     private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
199         URL u = new URL("https://" + getServerName() + AssurePage.PATH);
200         URLConnection uc = u.openConnection();
201         uc.addRequestProperty("Cookie", cookie);
202         uc.setDoOutput(true);
203         uc.getOutputStream().write(("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes());
204
205         String csrf = getCSRF(uc);
206         uc = u.openConnection();
207         uc.addRequestProperty("Cookie", cookie);
208         uc.setDoOutput(true);
209         if (doCSRF) {
210             uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes());
211         }
212         return uc;
213     }
214
215 }