tests/org/cacert/gigi/pages/wot/TestAssurance.java

   1 package org.cacert.gigi.pages.wot;
   2
   3 import static org.hamcrest.CoreMatchers.*;
   4 import static org.junit.Assert.*;
   5
   6 import java.io.IOException;
   7 import java.io.UnsupportedEncodingException;
   8 import java.net.HttpURLConnection;
   9 import java.net.MalformedURLException;
  10 import java.net.URLConnection;
  11 import java.net.URLEncoder;
  12 import java.sql.SQLException;
  13 import java.sql.Timestamp;
  14 import java.text.SimpleDateFormat;
  15 import java.util.Calendar;
  16 import java.util.Date;
  17 import java.util.regex.Pattern;
  18
  19 import org.cacert.gigi.database.GigiPreparedStatement;
  20 import org.cacert.gigi.dbObjects.User;
  21 import org.cacert.gigi.pages.account.MyDetails;
  22 import org.cacert.gigi.testUtils.IOUtils;
  23 import org.cacert.gigi.testUtils.ManagedTest;
  24 import org.cacert.gigi.util.DayDate;
  25 import org.cacert.gigi.util.Notary;
  26 import org.hamcrest.Matcher;
  27 import org.junit.Before;
  28 import org.junit.Test;
  29
  30 public class TestAssurance extends ManagedTest {
  31
  32     private String assurerM;
  33
  34     private String assureeM;
  35
  36     private int assureeName;
  37
  38     private String cookie;
  39
  40     @Before
  41     public void setup() throws IOException {
  42         clearCaches();
  43         assurerM = createUniqueName() + "@cacert-test.org";
  44         assureeM = createUniqueName() + "@cacert-test.org";
  45
  46         createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
  47         int assureeId = createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
  48         assureeName = User.getById(assureeId).getPreferredName().getId();
  49
  50         cookie = login(assurerM, TEST_PASSWORD);
  51     }
  52
  53     private Matcher<String> isAssuranceForm() {
  54         return containsString("<select name=\"assuranceType\">");
  55     }
  56
  57     @Test
  58     public void testAssureSearch() throws IOException {
  59         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  60         assertThat(loc, isAssuranceForm());
  61     }
  62
  63     @Test
  64     public void testAssureSearchEmail() throws IOException {
  65         String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  66         assertThat(loc, not(isAssuranceForm()));
  67     }
  68
  69     @Test
  70     public void testAssureSearchDobInvalid() throws IOException {
  71         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=mal");
  72         assertThat(loc, not(isAssuranceForm()));
  73     }
  74
  75     @Test
  76     public void testAssureSearchDob() throws IOException {
  77         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
  78         assertThat(loc, not(isAssuranceForm()));
  79         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
  80         assertThat(loc, not(isAssuranceForm()));
  81         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
  82         assertThat(loc, not(isAssuranceForm()));
  83     }
  84
  85     private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
  86         URLConnection uc = get(cookie, AssurePage.PATH);
  87         uc.setDoOutput(true);
  88         uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
  89         uc.getOutputStream().flush();
  90
  91         return IOUtils.readURL(uc);
  92     }
  93
  94     @Test
  95     public void testAssureForm() throws IOException {
  96         executeSuccess("date=" + validVerificationDateString() + "&location=testcase&certify=1&rules=1&assertion=1&points=10");
  97     }
  98
  99     @Test
 100     public void testAssureFormContanisData() throws IOException {
 101         URLConnection uc = buildupAssureFormConnection(true);
 102         uc.getOutputStream().write(("assuredName=" + assureeName + "&date=" + validVerificationDateString() + "&location=testcase&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 103         uc.getOutputStream().flush();
 104         String data = IOUtils.readURL(uc);
 105         assertThat(data, containsString(validVerificationDateString()));
 106         assertThat(data, containsString("testcase"));
 107     }
 108
 109     @Test
 110     public void testAssureFormNoCSRF() throws IOException {
 111         // override csrf
 112         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
 113         uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 114         uc.getOutputStream().flush();
 115         assertEquals(500, uc.getResponseCode());
 116     }
 117
 118     @Test
 119     public void testAssureFormWrongCSRF() throws IOException {
 120         // override csrf
 121         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
 122         uc.getOutputStream().write(("date=" + validVerificationDateString() + "&location=testcase&certify=1&rules=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
 123         uc.getOutputStream().flush();
 124         assertEquals(500, uc.getResponseCode());
 125     }
 126
 127     @Test
 128     public void testAssureFormRaceDoB() throws IOException, SQLException {
 129         testAssureFormRace(false);
 130     }
 131
 132     @Test
 133     public void testAssureFormRaceDoBBlind() throws IOException, SQLException {
 134         testAssureFormRace(true);
 135     }
 136
 137     public void testAssureFormRace(boolean succeed) throws IOException, SQLException {
 138         URLConnection uc = buildupAssureFormConnection(true);
 139
 140         String assureeCookie = login(assureeM, TEST_PASSWORD);
 141         String newDob = "day=1&month=1&year=" + ( !succeed ? 1911 : 1910);
 142
 143         assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newDob + "&action=updateDoB", 0));
 144
 145         uc.getOutputStream().write(("assuredName=" + assureeName + "&date=" + validVerificationDateString() + "&location=testcase&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 146         uc.getOutputStream().flush();
 147         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 148         if (succeed) {
 149             assertNull(error);
 150         } else {
 151             assertTrue(error, !error.startsWith("</div>"));
 152             assertThat(error, containsString("changed his personal details"));
 153         }
 154     }
 155
 156     @Test
 157     public void testAssureFormFuture() throws IOException {
 158         SimpleDateFormat sdf = new SimpleDateFormat("yyyy");
 159         int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
 160         executeFails("date=" + year + "-01-01&location=testcase&certify=1&rules=1&assertion=1&points=10");
 161     }
 162
 163     @Test
 164     public void testAssureFormFutureOK() throws IOException {
 165         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 166         Calendar c = Calendar.getInstance();
 167         c.setTimeInMillis(System.currentTimeMillis());
 168         c.add(Calendar.HOUR_OF_DAY, 12);
 169
 170         executeSuccess("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&certify=1&rules=1&assertion=1&points=10");
 171     }
 172
 173     @Test
 174     public void testAssureFormPastInRange() throws IOException {
 175         executeSuccess("date=" + validVerificationDateString() + "&location=testcase&certify=1&rules=1&assertion=1&points=10");
 176     }
 177
 178     @Test
 179     public void testAssureFormPastOnLimit() throws IOException {
 180         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 181         Calendar c = Calendar.getInstance();
 182         c.setTimeInMillis(System.currentTimeMillis());
 183         c.add(Calendar.MONTH, -Notary.LIMIT_MAX_MONTHS_VERIFICATION);
 184         c.add(Calendar.DAY_OF_MONTH, 1);
 185
 186         executeSuccess("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&certify=1&rules=1&assertion=1&points=10");
 187     }
 188
 189     @Test
 190     public void testAssureFormPastOutOfRange() throws IOException {
 191         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 192         Calendar c = Calendar.getInstance();
 193         c.setTimeInMillis(System.currentTimeMillis());
 194         c.add(Calendar.MONTH, -Notary.LIMIT_MAX_MONTHS_VERIFICATION);
 195
 196         executeFails("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&certify=1&rules=1&assertion=1&points=10");
 197     }
 198
 199     @Test
 200     public void testAssureFormNoLoc() throws IOException {
 201         executeFails("date=" + validVerificationDateString() + "&location=a&certify=1&rules=1&assertion=1&points=10");
 202         executeFails("date=" + validVerificationDateString() + "&location=&certify=1&rules=1&assertion=1&points=10");
 203     }
 204
 205     @Test
 206     public void testAssureFormInvalDate() throws IOException {
 207         executeFails("date=20000101&location=testcase&certify=1&rules=1&assertion=1&points=10");
 208         executeFails("date=&location=testcase&certify=1&rules=1&assertion=1&points=10");
 209     }
 210
 211     @Test
 212     public void testAssureFormBoxes() throws IOException {
 213         executeFails("date=" + validVerificationDateString() + "&location=testcase&certify=0&rules=1&assertion=1&points=10");
 214         executeFails("date=" + validVerificationDateString() + "&location=testcase&certify=1&rules=&assertion=1&points=10");
 215         executeFails("date=" + validVerificationDateString() + "&location=testcase&certify=1&rules=1&assertion=z&points=10");
 216     }
 217
 218     @Test
 219     public void testAssureListingValid() throws IOException {
 220         String uniqueLoc = createUniqueName();
 221         execute("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&certify=1&rules=1&assertion=1&points=10");
 222
 223         String cookie = login(assureeM, TEST_PASSWORD);
 224         URLConnection url = get(cookie, MyPoints.PATH);
 225         String resp = IOUtils.readURL(url);
 226         resp = resp.split(Pattern.quote("</table>"))[0];
 227         assertThat(resp, containsString(uniqueLoc));
 228     }
 229
 230     @Test
 231     public void testAssurerListingValid() throws IOException {
 232         String uniqueLoc = createUniqueName();
 233         executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&certify=1&rules=1&assertion=1&points=10");
 234         String cookie = login(assurerM, TEST_PASSWORD);
 235         URLConnection url = get(cookie, MyPoints.PATH);
 236         String resp = IOUtils.readURL(url);
 237         resp = resp.split(Pattern.quote("</table>"))[1];
 238         assertThat(resp, containsString(uniqueLoc));
 239     }
 240
 241     private void executeFails(String query) throws MalformedURLException, IOException {
 242         assertThat(execute(query), hasError());
 243
 244     }
 245
 246     private void executeSuccess(String query) throws MalformedURLException, IOException {
 247         assertThat(execute(query), hasNoError());
 248
 249     }
 250
 251     private String execute(String query) throws MalformedURLException, IOException {
 252         URLConnection uc = buildupAssureFormConnection(true);
 253         uc.getOutputStream().write(("assuredName=" + assureeName + "&" + query).getBytes("UTF-8"));
 254         uc.getOutputStream().flush();
 255         return IOUtils.readURL(uc);
 256     }
 257
 258     private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
 259         return buildupAssureFormConnection(cookie, assureeM, doCSRF);
 260     }
 261
 262     public static URLConnection buildupAssureFormConnection(String cookie, String email, boolean doCSRF) throws MalformedURLException, IOException {
 263         URLConnection uc = get(cookie, AssurePage.PATH);
 264         uc.setDoOutput(true);
 265         uc.getOutputStream().write(("email=" + URLEncoder.encode(email, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
 266
 267         String csrf = getCSRF(uc);
 268         uc = get(cookie, AssurePage.PATH);
 269         uc.setDoOutput(true);
 270         if (doCSRF) {
 271             uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));
 272         }
 273         return uc;
 274     }
 275
 276     @Test
 277     public void testMultipleAssurance() throws IOException {
 278
 279         User users[] = User.findByEmail(assurerM);
 280         int agentID = users[0].getId();
 281
 282         users = User.findByEmail(assureeM);
 283         int applicantID = users[0].getId();
 284
 285         // enter first entry 200 days in the past
 286         try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, `points`=?, `location`=?, `date`=?, `when`=? ")) {
 287             ps.setInt(1, agentID);
 288             ps.setInt(2, applicantID);
 289             ps.setInt(3, 10);
 290             ps.setString(4, "test-location");
 291             ps.setString(5, "2010-01-01");
 292             ps.setTimestamp(6, new Timestamp(System.currentTimeMillis() - DayDate.MILLI_DAY * 200));
 293             ps.execute();
 294         }
 295
 296         // enter second entry
 297         String uniqueLoc = createUniqueName();
 298         executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&certify=1&rules=1&assertion=1&points=10");
 299
 300         // enter third entry on the same day
 301         URLConnection uc = get(cookie, AssurePage.PATH);
 302         uc.setDoOutput(true);
 303         uc.getOutputStream().write(("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
 304         assertThat(IOUtils.readURL(uc), hasError());
 305
 306     }
 307 }