X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=tests%2Forg%2Fcacert%2Fgigi%2Fpages%2Fwot%2FTestAssurance.java;h=cedbcde619f2a14d9b242745b3ce9ad318bcfc08;hp=350b0a2ce0adfaee9a6970171d55b24a0b5a1a91;hb=b576475249cd96b5672e4144cff0124cbaec1342;hpb=4cd4f730d6c7779e3b9a09fbcf83cc9bfbe67996

diff --git a/tests/org/cacert/gigi/pages/wot/TestAssurance.java b/tests/org/cacert/gigi/pages/wot/TestAssurance.java
index 350b0a2c..cedbcde6 100644
--- a/tests/org/cacert/gigi/pages/wot/TestAssurance.java
+++ b/tests/org/cacert/gigi/pages/wot/TestAssurance.java
@@ -2,14 +2,18 @@ package org.cacert.gigi.pages.wot;
 
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
+import java.net.HttpURLConnection;
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLConnection;
 import java.net.URLEncoder;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 
-import org.cacert.gigi.IOUtils;
+import org.cacert.gigi.database.DatabaseConnection;
+import org.cacert.gigi.testUtils.IOUtils;
 import org.cacert.gigi.testUtils.ManagedTest;
 import org.junit.Before;
 import org.junit.Test;
@@ -70,9 +74,44 @@ public class TestAssurance extends ManagedTest {
 	}
 	@Test
 	public void testAssureForm() throws IOException {
-		String error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1");
+		String error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 		assertTrue(error, error.startsWith("</div>"));
 	}
+
+	@Test
+	public void testAssureFormNoCSRF() throws IOException {
+		// override csrf
+		HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
+		uc.getOutputStream()
+				.write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10")
+						.getBytes());
+		uc.getOutputStream().flush();
+		assertEquals(500, uc.getResponseCode());
+	}
+	@Test
+	public void testAssureFormWrongCSRF() throws IOException {
+		// override csrf
+		HttpURLConnection uc = (HttpURLConnection) buildupAssureFormConnection(false);
+		uc.getOutputStream()
+				.write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10&csrf=aragc")
+						.getBytes());
+		uc.getOutputStream().flush();
+		assertEquals(500, uc.getResponseCode());
+	}
+	@Test
+	public void testAssureFormRace() throws IOException, SQLException {
+		URLConnection uc = buildupAssureFormConnection(true);
+		PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+				"UPDATE `users` SET email='changed' WHERE id=?");
+		ps.setInt(1, assuree);
+		ps.execute();
+		uc.getOutputStream()
+				.write(("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10")
+						.getBytes());
+		uc.getOutputStream().flush();
+		String error = fetchStartErrorMessage(IOUtils.readURL(uc));
+		assertTrue(error, !error.startsWith("</div>"));
+	}
 	@Test
 	public void testAssureFormFuture() throws IOException {
 		SimpleDateFormat sdf = new SimpleDateFormat("YYYY");
@@ -80,53 +119,56 @@ public class TestAssurance extends ManagedTest {
 				.currentTimeMillis()))) + 2;
 		String error = getError("date="
 				+ year
-				+ "-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1");
+				+ "-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 		assertTrue(error, !error.startsWith("</div>"));
 	}
 	@Test
 	public void testAssureFormNoLoc() throws IOException {
-		String error = getError("date=2000-01-01&location=a&certify=1&rules=1&CCAAgreed=1&assertion=1");
+		String error = getError("date=2000-01-01&location=a&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 		assertTrue(error, !error.startsWith("</div>"));
-		error = getError("date=2000-01-01&location=&certify=1&rules=1&CCAAgreed=1&assertion=1");
+		error = getError("date=2000-01-01&location=&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 		assertTrue(error, !error.startsWith("</div>"));
 	}
 
 	@Test
 	public void testAssureFormInvalDate() throws IOException {
-		String error = getError("date=20000101&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1");
+		String error = getError("date=20000101&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 		assertTrue(error, !error.startsWith("</div>"));
-		error = getError("date=&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1");
+		error = getError("date=&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=1&points=10");
 		assertTrue(error, !error.startsWith("</div>"));
 	}
 	@Test
 	public void testAssureFormBoxes() throws IOException {
-		String error = getError("date=2000-01-01&location=testcase&certify=0&rules=1&CCAAgreed=1&assertion=1");
+		String error = getError("date=2000-01-01&location=testcase&certify=0&rules=1&CCAAgreed=1&assertion=1&points=10");
 		assertTrue(error, !error.startsWith("</div>"));
-		error = getError("date=2000-01-01&location=testcase&certify=1&rules=&CCAAgreed=1&assertion=1");
+		error = getError("date=2000-01-01&location=testcase&certify=1&rules=&CCAAgreed=1&assertion=1&points=10");
 		assertTrue(error, !error.startsWith("</div>"));
-		error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=a&assertion=1");
+		error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=a&assertion=1&points=10");
 		assertTrue(error, !error.startsWith("</div>"));
-		error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=z");
+		error = getError("date=2000-01-01&location=testcase&certify=1&rules=1&CCAAgreed=1&assertion=z&points=10");
 		assertTrue(error, !error.startsWith("</div>"));
 	}
 	private String getError(String query) throws MalformedURLException,
 			IOException {
-		URLConnection uc = buildupAssureFormConnection();
+		URLConnection uc = buildupAssureFormConnection(true);
 		uc.getOutputStream().write((query).getBytes());
 		uc.getOutputStream().flush();
 		String error = fetchStartErrorMessage(IOUtils.readURL(uc));
 		return error;
 	}
-	private URLConnection buildupAssureFormConnection()
+	private URLConnection buildupAssureFormConnection(boolean doCSRF)
 			throws MalformedURLException, IOException {
 		URL u = new URL("https://" + getServerName() + AssurePage.PATH + "/"
 				+ assuree);
 		URLConnection uc = u.openConnection();
 		uc.addRequestProperty("Cookie", cookie);
-		uc.getInputStream();// request form
+		String csrf = getCSRF(uc);
 		uc = u.openConnection();
 		uc.addRequestProperty("Cookie", cookie);
 		uc.setDoOutput(true);
+		if (doCSRF) {
+			uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes());
+		}
 		return uc;
 	}