tests/org/cacert/gigi/pages/wot/TestAssurance.java

   1 package org.cacert.gigi.pages.wot;
   2
   3 import static org.hamcrest.CoreMatchers.*;
   4 import static org.junit.Assert.*;
   5
   6 import java.io.IOException;
   7 import java.io.UnsupportedEncodingException;
   8 import java.net.HttpURLConnection;
   9 import java.net.MalformedURLException;
  10 import java.net.URLConnection;
  11 import java.net.URLEncoder;
  12 import java.sql.SQLException;
  13 import java.text.SimpleDateFormat;
  14 import java.util.Calendar;
  15 import java.util.Date;
  16 import java.util.regex.Pattern;
  17
  18 import org.cacert.gigi.pages.account.MyDetails;
  19 import org.cacert.gigi.testUtils.IOUtils;
  20 import org.cacert.gigi.testUtils.ManagedTest;
  21 import org.junit.Before;
  22 import org.junit.Test;
  23
  24 public class TestAssurance extends ManagedTest {
  25
  26     private String assurerM;
  27
  28     private String assureeM;
  29
  30     private String cookie;
  31
  32     @Before
  33     public void setup() throws IOException {
  34         clearCaches();
  35         assurerM = createUniqueName() + "@cacert-test.org";
  36         assureeM = createUniqueName() + "@cacert-test.org";
  37
  38         createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
  39         createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
  40
  41         cookie = login(assurerM, TEST_PASSWORD);
  42     }
  43
  44     @Test
  45     public void testAssureSearch() throws IOException {
  46         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  47         assertTrue(loc, loc.contains("type=\"checkbox\" name=\"tos_agree\""));
  48     }
  49
  50     @Test
  51     public void testAssureSearchEmail() throws IOException {
  52         String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  53         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"tos_agree\""));
  54     }
  55
  56     @Test
  57     public void testAssureSearchDob() throws IOException {
  58         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
  59         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"tos_agree\""));
  60         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
  61         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"tos_agree\""));
  62         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
  63         assertTrue(loc, !loc.contains("type=\"checkbox\" name=\"tos_agree\""));
  64     }
  65
  66     private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
  67         URLConnection uc = get(cookie, AssurePage.PATH);
  68         uc.setDoOutput(true);
  69         uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
  70         uc.getOutputStream().flush();
  71
  72         return IOUtils.readURL(uc);
  73     }
  74
  75     @Test
  76     public void testAssureForm() throws IOException {
  77         String error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
  78         assertNull(error);
  79     }
  80
  81     @Test
  82     public void testAssureFormContanisData() throws IOException {
  83         URLConnection uc = buildupAssureFormConnection(true);
  84         uc.getOutputStream().write(("date=2000-01-01&location=testcase&rules=1&tos_agree=1&assertion=1&points=10").getBytes("UTF-8"));
  85         uc.getOutputStream().flush();
  86         String data = IOUtils.readURL(uc);
  87         assertThat(data, containsString("2000-01-01"));
  88         assertThat(data, containsString("testcase"));
  89     }
  90
  91     @Test
  92     public void testAssureFormNoCSRF() throws IOException {
  93         // override csrf
  94         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
  95         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10").getBytes("UTF-8"));
  96         uc.getOutputStream().flush();
  97         assertEquals(500, uc.getResponseCode());
  98     }
  99
 100     @Test
 101     public void testAssureFormWrongCSRF() throws IOException {
 102         // override csrf
 103         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
 104         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
 105         uc.getOutputStream().flush();
 106         assertEquals(500, uc.getResponseCode());
 107     }
 108
 109     @Test
 110     public void testAssureFormRaceName() throws IOException, SQLException {
 111         testAssureFormRace(true, false);
 112     }
 113
 114     @Test
 115     public void testAssureFormRaceDoB() throws IOException, SQLException {
 116         testAssureFormRace(false, false);
 117     }
 118
 119     @Test
 120     public void testAssureFormRaceNameBlind() throws IOException, SQLException {
 121         testAssureFormRace(true, true);
 122     }
 123
 124     @Test
 125     public void testAssureFormRaceDoBBlind() throws IOException, SQLException {
 126         testAssureFormRace(false, true);
 127     }
 128
 129     public void testAssureFormRace(boolean name, boolean succeed) throws IOException, SQLException {
 130         URLConnection uc = buildupAssureFormConnection(true);
 131
 132         String assureeCookie = login(assureeM, TEST_PASSWORD);
 133         String newName = "lname=" + (name && !succeed ? "a" : "c") + "&fname=a&mname=&suffix=";
 134         String newDob = "day=1&month=1&year=" + ( !name && !succeed ? 1911 : 1910);
 135
 136         assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newName + "&" + newDob + "&processDetails", 0));
 137
 138         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10").getBytes("UTF-8"));
 139         uc.getOutputStream().flush();
 140         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 141         if (succeed) {
 142             assertNull(error);
 143         } else {
 144             assertTrue(error, !error.startsWith("</div>"));
 145             assertThat(error, containsString("changed his personal details"));
 146         }
 147     }
 148
 149     @Test
 150     public void testAssureFormFuture() throws IOException {
 151         SimpleDateFormat sdf = new SimpleDateFormat("yyyy");
 152         int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
 153         String error = getError("date=" + year + "-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 154         assertTrue(error, !error.startsWith("</div>"));
 155     }
 156
 157     @Test
 158     public void testAssureFormFutureOK() throws IOException {
 159         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 160         Calendar c = Calendar.getInstance();
 161         c.setTimeInMillis(System.currentTimeMillis());
 162         c.add(Calendar.HOUR_OF_DAY, 12);
 163
 164         String error = getError("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 165         assertNull(error);
 166     }
 167
 168     @Test
 169     public void testAssureFormNoLoc() throws IOException {
 170         String error = getError("date=2000-01-01&location=a&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 171         assertTrue(error, !error.startsWith("</div>"));
 172         error = getError("date=2000-01-01&location=&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 173         assertTrue(error, !error.startsWith("</div>"));
 174     }
 175
 176     @Test
 177     public void testAssureFormInvalDate() throws IOException {
 178         String error = getError("date=20000101&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 179         assertTrue(error, !error.startsWith("</div>"));
 180         error = getError("date=&location=testcase&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 181         assertTrue(error, !error.startsWith("</div>"));
 182     }
 183
 184     @Test
 185     public void testAssureFormBoxes() throws IOException {
 186         String error = getError("date=2000-01-01&location=testcase&certify=0&rules=1&tos_agree=1&assertion=1&points=10");
 187         assertTrue(error, !error.startsWith("</div>"));
 188         error = getError("date=2000-01-01&location=testcase&certify=1&rules=&tos_agree=1&assertion=1&points=10");
 189         assertTrue(error, !error.startsWith("</div>"));
 190         error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=a&assertion=1&points=10");
 191         assertTrue(error, !error.startsWith("</div>"));
 192         error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&tos_agree=1&assertion=z&points=10");
 193         assertTrue(error, !error.startsWith("</div>"));
 194     }
 195
 196     @Test
 197     public void testAssureListingValid() throws IOException {
 198         String uniqueLoc = createUniqueName();
 199         String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 200         assertNull(error);
 201         String cookie = login(assureeM, TEST_PASSWORD);
 202         URLConnection url = get(cookie, MyPoints.PATH);
 203         String resp = IOUtils.readURL(url);
 204         resp = resp.split(Pattern.quote("</table>"))[0];
 205         assertThat(resp, containsString(uniqueLoc));
 206     }
 207
 208     @Test
 209     public void testAssurerListingValid() throws IOException {
 210         String uniqueLoc = createUniqueName();
 211         String error = getError("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&tos_agree=1&assertion=1&points=10");
 212         assertNull(error);
 213         String cookie = login(assurerM, TEST_PASSWORD);
 214         URLConnection url = get(cookie, MyPoints.PATH);
 215         String resp = IOUtils.readURL(url);
 216         resp = resp.split(Pattern.quote("</table>"))[1];
 217         assertThat(resp, containsString(uniqueLoc));
 218     }
 219
 220     private String getError(String query) throws MalformedURLException, IOException {
 221         URLConnection uc = buildupAssureFormConnection(true);
 222         uc.getOutputStream().write((query).getBytes("UTF-8"));
 223         uc.getOutputStream().flush();
 224         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 225         return error;
 226     }
 227
 228     private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
 229         return buildupAssureFormConnection(cookie, assureeM, doCSRF);
 230     }
 231
 232     public static URLConnection buildupAssureFormConnection(String cookie, String email, boolean doCSRF) throws MalformedURLException, IOException {
 233         URLConnection uc = get(cookie, AssurePage.PATH);
 234         uc.setDoOutput(true);
 235         uc.getOutputStream().write(("email=" + URLEncoder.encode(email, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
 236
 237         String csrf = getCSRF(uc);
 238         uc = get(cookie, AssurePage.PATH);
 239         uc.setDoOutput(true);
 240         if (doCSRF) {
 241             uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));
 242         }
 243         return uc;
 244     }
 245
 246 }