tests/org/cacert/gigi/pages/wot/TestAssurance.java

   1 package org.cacert.gigi.pages.wot;
   2
   3 import static org.hamcrest.CoreMatchers.*;
   4 import static org.junit.Assert.*;
   5
   6 import java.io.IOException;
   7 import java.io.UnsupportedEncodingException;
   8 import java.net.HttpURLConnection;
   9 import java.net.MalformedURLException;
  10 import java.net.URLConnection;
  11 import java.net.URLEncoder;
  12 import java.sql.SQLException;
  13 import java.text.SimpleDateFormat;
  14 import java.util.Calendar;
  15 import java.util.Date;
  16 import java.util.regex.Pattern;
  17
  18 import org.cacert.gigi.pages.account.MyDetails;
  19 import org.cacert.gigi.testUtils.IOUtils;
  20 import org.cacert.gigi.testUtils.ManagedTest;
  21 import org.hamcrest.Matcher;
  22 import org.junit.Before;
  23 import org.junit.Test;
  24
  25 public class TestAssurance extends ManagedTest {
  26
  27     private String assurerM;
  28
  29     private String assureeM;
  30
  31     private String cookie;
  32
  33     @Before
  34     public void setup() throws IOException {
  35         clearCaches();
  36         assurerM = createUniqueName() + "@cacert-test.org";
  37         assureeM = createUniqueName() + "@cacert-test.org";
  38
  39         createAssuranceUser("a", "b", assurerM, TEST_PASSWORD);
  40         createVerifiedUser("a", "c", assureeM, TEST_PASSWORD);
  41
  42         cookie = login(assurerM, TEST_PASSWORD);
  43     }
  44
  45     private Matcher<String> isAssuranceForm() {
  46         return containsString("<select name=\"assuranceType\">");
  47     }
  48
  49     @Test
  50     public void testAssureSearch() throws IOException {
  51         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  52         assertThat(loc, isAssuranceForm());
  53     }
  54
  55     @Test
  56     public void testAssureSearchEmail() throws IOException {
  57         String loc = search("email=1" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1910");
  58         assertThat(loc, not(isAssuranceForm()));
  59     }
  60
  61     @Test
  62     public void testAssureSearchDobInvalid() throws IOException {
  63         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=mal");
  64         assertThat(loc, not(isAssuranceForm()));
  65     }
  66
  67     @Test
  68     public void testAssureSearchDob() throws IOException {
  69         String loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=2&month=1&year=1910");
  70         assertThat(loc, not(isAssuranceForm()));
  71         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=2&year=1910");
  72         assertThat(loc, not(isAssuranceForm()));
  73         loc = search("email=" + URLEncoder.encode(assureeM, "UTF-8") + "&day=1&month=1&year=1911");
  74         assertThat(loc, not(isAssuranceForm()));
  75     }
  76
  77     private String search(String query) throws MalformedURLException, IOException, UnsupportedEncodingException {
  78         URLConnection uc = get(cookie, AssurePage.PATH);
  79         uc.setDoOutput(true);
  80         uc.getOutputStream().write(("search&" + query).getBytes("UTF-8"));
  81         uc.getOutputStream().flush();
  82
  83         return IOUtils.readURL(uc);
  84     }
  85
  86     @Test
  87     public void testAssureForm() throws IOException {
  88         executeSuccess("date=2000-01-01&location=testcase&certify=1&rules=1&assertion=1&points=10");
  89     }
  90
  91     @Test
  92     public void testAssureFormContanisData() throws IOException {
  93         URLConnection uc = buildupAssureFormConnection(true);
  94         uc.getOutputStream().write(("date=2000-01-01&location=testcase&rules=1&assertion=1&points=10").getBytes("UTF-8"));
  95         uc.getOutputStream().flush();
  96         String data = IOUtils.readURL(uc);
  97         assertThat(data, containsString("2000-01-01"));
  98         assertThat(data, containsString("testcase"));
  99     }
 100
 101     @Test
 102     public void testAssureFormNoCSRF() throws IOException {
 103         // override csrf
 104         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
 105         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 106         uc.getOutputStream().flush();
 107         assertEquals(500, uc.getResponseCode());
 108     }
 109
 110     @Test
 111     public void testAssureFormWrongCSRF() throws IOException {
 112         // override csrf
 113         HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
 114         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&assertion=1&points=10&csrf=aragc").getBytes("UTF-8"));
 115         uc.getOutputStream().flush();
 116         assertEquals(500, uc.getResponseCode());
 117     }
 118
 119     @Test
 120     public void testAssureFormRaceName() throws IOException, SQLException {
 121         testAssureFormRace(true, false);
 122     }
 123
 124     @Test
 125     public void testAssureFormRaceDoB() throws IOException, SQLException {
 126         testAssureFormRace(false, false);
 127     }
 128
 129     @Test
 130     public void testAssureFormRaceNameBlind() throws IOException, SQLException {
 131         testAssureFormRace(true, true);
 132     }
 133
 134     @Test
 135     public void testAssureFormRaceDoBBlind() throws IOException, SQLException {
 136         testAssureFormRace(false, true);
 137     }
 138
 139     public void testAssureFormRace(boolean name, boolean succeed) throws IOException, SQLException {
 140         URLConnection uc = buildupAssureFormConnection(true);
 141
 142         String assureeCookie = login(assureeM, TEST_PASSWORD);
 143         String newName = "lname=" + (name && !succeed ? "a" : "c") + "&fname=a&mname=&suffix=";
 144         String newDob = "day=1&month=1&year=" + ( !name && !succeed ? 1911 : 1910);
 145
 146         assertNull(executeBasicWebInteraction(assureeCookie, MyDetails.PATH, newName + "&" + newDob + "&processDetails", 0));
 147
 148         uc.getOutputStream().write(("date=2000-01-01&location=testcase&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
 149         uc.getOutputStream().flush();
 150         String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 151         if (succeed) {
 152             assertNull(error);
 153         } else {
 154             assertTrue(error, !error.startsWith("</div>"));
 155             assertThat(error, containsString("changed his personal details"));
 156         }
 157     }
 158
 159     @Test
 160     public void testAssureFormFuture() throws IOException {
 161         SimpleDateFormat sdf = new SimpleDateFormat("yyyy");
 162         int year = Integer.parseInt(sdf.format(new Date(System.currentTimeMillis()))) + 2;
 163         executeFails("date=" + year + "-01-01&location=testcase&certify=1&rules=1&assertion=1&points=10");
 164     }
 165
 166     @Test
 167     public void testAssureFormFutureOK() throws IOException {
 168         SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
 169         Calendar c = Calendar.getInstance();
 170         c.setTimeInMillis(System.currentTimeMillis());
 171         c.add(Calendar.HOUR_OF_DAY, 12);
 172
 173         executeSuccess("date=" + sdf.format(new Date(c.getTimeInMillis())) + "&location=testcase&certify=1&rules=1&assertion=1&points=10");
 174     }
 175
 176     @Test
 177     public void testAssureFormNoLoc() throws IOException {
 178         executeFails("date=2000-01-01&location=a&certify=1&rules=1&assertion=1&points=10");
 179         executeFails("date=2000-01-01&location=&certify=1&rules=1&assertion=1&points=10");
 180     }
 181
 182     @Test
 183     public void testAssureFormInvalDate() throws IOException {
 184         executeFails("date=20000101&location=testcase&certify=1&rules=1&assertion=1&points=10");
 185         executeFails("date=&location=testcase&certify=1&rules=1&assertion=1&points=10");
 186     }
 187
 188     @Test
 189     public void testAssureFormBoxes() throws IOException {
 190         executeFails("date=2000-01-01&location=testcase&certify=0&rules=1&assertion=1&points=10");
 191         executeFails("date=2000-01-01&location=testcase&certify=1&rules=&assertion=1&points=10");
 192         executeFails("date=2000-01-01&location=testcase&certify=1&rules=1&assertion=z&points=10");
 193     }
 194
 195     @Test
 196     public void testAssureListingValid() throws IOException {
 197         String uniqueLoc = createUniqueName();
 198         execute("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&assertion=1&points=10");
 199
 200         String cookie = login(assureeM, TEST_PASSWORD);
 201         URLConnection url = get(cookie, MyPoints.PATH);
 202         String resp = IOUtils.readURL(url);
 203         resp = resp.split(Pattern.quote("</table>"))[0];
 204         assertThat(resp, containsString(uniqueLoc));
 205     }
 206
 207     @Test
 208     public void testAssurerListingValid() throws IOException {
 209         String uniqueLoc = createUniqueName();
 210         executeSuccess("date=2000-01-01&location=" + uniqueLoc + "&certify=1&rules=1&assertion=1&points=10");
 211         String cookie = login(assurerM, TEST_PASSWORD);
 212         URLConnection url = get(cookie, MyPoints.PATH);
 213         String resp = IOUtils.readURL(url);
 214         resp = resp.split(Pattern.quote("</table>"))[1];
 215         assertThat(resp, containsString(uniqueLoc));
 216     }
 217
 218     private void executeFails(String query) throws MalformedURLException, IOException {
 219         assertThat(execute(query), hasError());
 220
 221     }
 222
 223     private void executeSuccess(String query) throws MalformedURLException, IOException {
 224         assertThat(execute(query), hasNoError());
 225
 226     }
 227
 228     private String execute(String query) throws MalformedURLException, IOException {
 229         URLConnection uc = buildupAssureFormConnection(true);
 230         uc.getOutputStream().write((query).getBytes("UTF-8"));
 231         uc.getOutputStream().flush();
 232         return IOUtils.readURL(uc);
 233     }
 234
 235     private URLConnection buildupAssureFormConnection(boolean doCSRF) throws MalformedURLException, IOException {
 236         return buildupAssureFormConnection(cookie, assureeM, doCSRF);
 237     }
 238
 239     public static URLConnection buildupAssureFormConnection(String cookie, String email, boolean doCSRF) throws MalformedURLException, IOException {
 240         URLConnection uc = get(cookie, AssurePage.PATH);
 241         uc.setDoOutput(true);
 242         uc.getOutputStream().write(("email=" + URLEncoder.encode(email, "UTF-8") + "&day=1&month=1&year=1910&search").getBytes("UTF-8"));
 243
 244         String csrf = getCSRF(uc);
 245         uc = get(cookie, AssurePage.PATH);
 246         uc.setDoOutput(true);
 247         if (doCSRF) {
 248             uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes("UTF-8"));
 249         }
 250         return uc;
 251     }
 252
 253 }