Implement CSRF check on "Assure someone"

[gigi.git] / tests / org / cacert / gigi / testUtils / ManagedTest.java

diff --git a/tests/org/cacert/gigi/testUtils/ManagedTest.java b/tests/org/cacert/gigi/testUtils/ManagedTest.java
index 9b77f87c1e0ba64445394ce0267e67dd7fdc4252..2d164f580b11ea6beab2f0e7a01cf6c72d4d7600 100644 (file)
--- a/tests/org/cacert/gigi/testUtils/ManagedTest.java
+++ b/tests/org/cacert/gigi/testUtils/ManagedTest.java
@@ -13,6 +13,7 @@ import java.io.UnsupportedEncodingException;
 import java.net.HttpURLConnection;
 import java.net.InetSocketAddress;
 import java.net.URL;
+import java.net.URLConnection;
 import java.net.URLEncoder;
 import java.nio.file.Files;
 import java.nio.file.Paths;
@@ -20,6 +21,8 @@ import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.Properties;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import org.cacert.gigi.DevelLauncher;
 import org.cacert.gigi.database.DatabaseConnection;
@@ -139,12 +142,12 @@ public class ManagedTest {
        @AfterClass
        public static void tearDownServer() {
                String type = testProps.getProperty("type");
+               ter.destroy();
                if (type.equals("local")) {
                        return;
                }
                gigi.destroy();
        }
-
        @After
        public void removeMails() {
                ter.reset();
@@ -273,4 +276,14 @@ public class ManagedTest {
                headerField = headerField.substring(0, headerField.indexOf(';'));
                return headerField;
        }
+
+       public String getCSRF(URLConnection u) throws IOException {
+               String content = IOUtils.readURL(u);
+               Pattern p = Pattern.compile("<input type='csrf' value='([^']+)'>");
+               Matcher m = p.matcher(content);
+               if (!m.find()) {
+                       throw new Error("New CSRF Token");
+               }
+               return m.group(1);
+       }
 }