+package org.cacert.gigi.pages.account;
+
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLConnection;
+import java.net.URLEncoder;
+
+import org.cacert.gigi.GigiApiException;
+import org.cacert.gigi.User;
+import org.cacert.gigi.testUtils.IOUtils;
+import org.cacert.gigi.testUtils.ManagedTest;
+import org.junit.Test;
+
+public class TestChangePassword extends ManagedTest {
+ User u = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "uni@example.org", TEST_PASSWORD));
+ String cookie;
+
+ public TestChangePassword() throws IOException {
+ cookie = login(u.getEmail(), TEST_PASSWORD);
+ assertTrue(isLoggedin(cookie));
+ }
+
+ @Test
+ public void testChangePasswordInternal() throws IOException, GigiApiException {
+ try {
+ u.changePassword(TEST_PASSWORD + "wrong", TEST_PASSWORD + "v2");
+ fail("Password change must not succeed if old password is wrong.");
+ } catch (GigiApiException e) {
+ // expected
+ }
+ ;
+ assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
+ u.changePassword(TEST_PASSWORD, TEST_PASSWORD + "v2");
+ assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
+ }
+
+ @Test
+ public void testChangePasswordWeb() throws IOException {
+ String error = executeChangePassword("oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
+ + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
+ + "&pword2=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
+ assertNull(error);
+ assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
+ assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
+
+ }
+
+ @Test
+ public void testChangePasswordWebOldWrong() throws IOException {
+ String error = executeChangePassword("oldpassword=a" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
+ + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
+ + "&pword2=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
+ assertNotNull(error);
+ assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
+ assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
+
+ }
+
+ @Test
+ public void testChangePasswordWebNewWrong() throws IOException {
+ String error = executeChangePassword("oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
+ + "&pword1=" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8")//
+ + "&pword2=a" + URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8"));
+ assertNotNull(error);
+ assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
+ assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
+
+ }
+
+ @Test
+ public void testChangePasswordWebNewEasy() throws IOException {
+ String error = executeChangePassword("oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
+ + "&pword1=a&pword2=a");
+ assertNotNull(error);
+ assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
+ assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
+
+ }
+
+ @Test
+ public void testChangePasswordWebMissingFields() throws IOException {
+ String np = URLEncoder.encode(TEST_PASSWORD + "v2", "UTF-8");
+ assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
+ String error = executeChangePassword("oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
+ + "&pword1=" + np);
+ assertNotNull(error);
+ assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
+ assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
+
+ error = executeChangePassword("oldpassword=" + URLEncoder.encode(TEST_PASSWORD, "UTF-8") //
+ + "&pword2=" + np);
+ assertNotNull(error);
+ assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
+ assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
+
+ error = executeChangePassword("pword1=" + np + "&pword2=" + np);
+ assertNotNull(error);
+ assertFalse(isLoggedin(login(u.getEmail(), TEST_PASSWORD + "v2")));
+ assertTrue(isLoggedin(login(u.getEmail(), TEST_PASSWORD)));
+
+ }
+
+ private String executeChangePassword(String query) throws IOException, MalformedURLException,
+ UnsupportedEncodingException {
+ URLConnection uc = new URL("https://" + getServerName() + ChangePasswordPage.PATH).openConnection();
+ uc.addRequestProperty("Cookie", cookie);
+ String csrf = getCSRF(uc);
+
+ uc = new URL("https://" + getServerName() + ChangePasswordPage.PATH).openConnection();
+ uc.addRequestProperty("Cookie", cookie);
+ uc.setDoOutput(true);
+ OutputStream os = uc.getOutputStream();
+ os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
+ + query//
+ ).getBytes());
+ os.flush();
+ String error = fetchStartErrorMessage(IOUtils.readURL(uc));
+ return error;
+ }
+
+}