main.rs 33.7 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
/*  medal                                                                                                            *\
 *  Copyright (C) 2020  Bundesweite Informatikwettbewerbe                                                            *
 *                                                                                                                   *
 *  This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero        *
 *  General Public License as published  by the Free Software Foundation, either version 3 of the License, or (at    *
 *  your option) any later version.                                                                                  *
 *                                                                                                                   *
 *  This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the       *
 *  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public      *
 *  License for more details.                                                                                        *
 *                                                                                                                   *
 *  You should have received a copy of the GNU Affero General Public License along with this program.  If not, see   *
\*  <http://www.gnu.org/licenses/>.                                                                                  */

15
16
#![cfg_attr(feature = "strict", deny(warnings))]

Robert Czechowski's avatar
Robert Czechowski committed
17
18
19
20
21
22
23
#[macro_use]
extern crate iron;
#[macro_use]
extern crate router;
#[macro_use]
extern crate serde_derive;

24
extern crate csv;
Robert Czechowski's avatar
Robert Czechowski committed
25
extern crate handlebars_iron;
Robert Czechowski's avatar
Robert Czechowski committed
26
27
extern crate iron_sessionstorage;
extern crate mount;
28
extern crate params;
Robert Czechowski's avatar
Robert Czechowski committed
29
30
extern crate persistent;
extern crate rand;
31
extern crate reqwest;
Robert Czechowski's avatar
Robert Czechowski committed
32
extern crate serde_json;
33
extern crate serde_yaml;
Robert Czechowski's avatar
Robert Czechowski committed
34
35
36
37
extern crate staticfile;
extern crate structopt;
extern crate time;
extern crate urlencoded;
38
39
40

#[cfg(feature = "postgres")]
extern crate postgres;
41
#[cfg(feature = "rusqlite")]
42
extern crate rusqlite;
43
#[cfg(feature = "webbrowser")]
44
extern crate webbrowser;
45

46
47
pub mod config;
pub mod contestreader_yaml;
48
pub mod core;
49
pub mod db_conn;
50
pub mod helpers;
51
52
53
pub mod oauth_provider;

mod db_apply_migrations;
54
mod db_conn_postgres;
55
mod db_conn_sqlite_new;
56
mod db_objects;
57
58
mod webfw_iron;

59
use db_conn::{MedalConnection, MedalObject};
60
use db_objects::*;
61
use helpers::SetPassword;
Robert Czechowski's avatar
Robert Czechowski committed
62
63
use webfw_iron::start_server;

64
use config::Config;
65
66
use structopt::StructOpt;

67
use std::path::{Path, PathBuf};
68

69
fn read_contest(p: &PathBuf) -> Option<Contest> {
70
71
    use std::fs::File;
    use std::io::Read;
72

73
74
75
    let mut file = File::open(p).unwrap();
    let mut contents = String::new();
    file.read_to_string(&mut contents).unwrap();
76

77
    contestreader_yaml::parse_yaml(&contents,
78
79
                                   p.file_name().to_owned()?.to_str()?,
                                   &format!("{}/", p.parent().unwrap().to_str()?))
Robert Czechowski's avatar
Robert Czechowski committed
80
81
82
}

fn get_all_contest_info(task_dir: &str) -> Vec<Contest> {
83
84
    fn walk_me_recursively(p: &PathBuf, contests: &mut Vec<Contest>) {
        if let Ok(paths) = std::fs::read_dir(p) {
85
            for path in paths {
Robert Czechowski's avatar
Robert Czechowski committed
86
87
                let p = path.unwrap().path();
                walk_me_recursively(&p, contests);
88
            }
Robert Czechowski's avatar
Robert Czechowski committed
89
        }
90

91
        if p.file_name().unwrap().to_string_lossy().to_string().ends_with(".yaml") {
92
            read_contest(p).map(|contest| contests.push(contest));
93
        };
Robert Czechowski's avatar
Robert Czechowski committed
94
95
96
    };

    let mut contests = Vec::new();
97
    match std::fs::read_dir(task_dir) {
Robert Czechowski's avatar
Robert Czechowski committed
98
        Err(why) => println!("Error opening tasks directory! {:?}", why.kind()),
Robert Czechowski's avatar
Robert Czechowski committed
99
100
101
102
103
        Ok(paths) => {
            for path in paths {
                walk_me_recursively(&path.unwrap().path(), &mut contests);
            }
        }
Robert Czechowski's avatar
Robert Czechowski committed
104
105
106
107
108
    };

    contests
}

109
110
111
112
fn refresh_all_contests<C>(conn: &mut C)
    where C: MedalConnection,
          db_objects::Contest: db_conn::MedalObject<C>
{
113
    conn.reset_all_contest_visibilities();
114
115
    conn.reset_all_taskgroup_visibilities();

Robert Czechowski's avatar
Robert Czechowski committed
116
117
118
119
120
121
122
    let v = get_all_contest_info("tasks/");

    for mut contest_info in v {
        contest_info.save(conn);
    }
}

123
124
fn add_admin_user<C>(conn: &mut C, resetpw: bool)
    where C: MedalConnection {
125
126
127
    let mut admin = match conn.get_user_by_id(1) {
        None => {
            print!("New Database. Creating new admin user with credentials 'admin':");
128
            conn.new_session("")
Robert Czechowski's avatar
Robert Czechowski committed
129
        }
130
131
        Some(user) => {
            if !resetpw {
Robert Czechowski's avatar
Robert Czechowski committed
132
                return;
133
            }
134
135
136
137
138
            print!("Request to reset admin password. Set credentials 'admin':");
            user
        }
    };

139
    let password = helpers::make_unambiguous_code(8);
140
141
    print!("'{}', ", &password);

142
    let logincode = helpers::make_unambiguous_code_prefix(8, "a");
143
    print!(" logincode:'{}' …", &logincode);
144
145

    admin.username = Some("admin".into());
146
    admin.logincode = Some(logincode);
147
    match admin.set_password(&password) {
148
        None => println!(" FAILED! (Password hashing error)"),
149
150
        _ => {
            conn.save_session(admin);
151
            println!(" Done");
152
        }
153
154
155
    }
}

156
157
158
159
160
161
162
fn prepare_and_start_server<C>(mut conn: C, config: Config, onlycontestscan: bool, resetadminpw: bool)
    where C: MedalConnection + std::marker::Send + 'static,
          db_objects::Contest: db_conn::MedalObject<C>
{
    db_apply_migrations::test(&mut conn);

    if onlycontestscan || config.no_contest_scan == Some(false) {
163
        print!("Scanning for contests …");
164
        refresh_all_contests(&mut conn);
165
        println!(" Done")
166
167
168
169
170
    }

    if !onlycontestscan {
        add_admin_user(&mut conn, resetadminpw);

171
        #[cfg(feature = "webbrowser")]
172
        let self_url = config.self_url.clone();
173
        #[cfg(feature = "webbrowser")]
174
175
        let open_browser = config.open_browser;

176
        match start_server(conn, config) {
177
178
            Ok(_) => {
                println!("Server started");
179

180
181
182
183
184
                #[cfg(feature = "webbrowser")]
                {
                    if let (Some(self_url), Some(true)) = (self_url, open_browser) {
                        open_browser_window(&self_url);
                    }
185
                }
186
            }
187
188
            Err(_) => println!("Error on server start …"),
        };
189

190
191
192
193
        println!("Could not run server. Is the port already in use?");
    }
}

194
#[cfg(feature = "webbrowser")]
195
196
197
fn open_browser_window(self_url: &str) {
    match webbrowser::open(&self_url) {
        Ok(_) => (),
198
        Err(e) => println!("Error while opening webbrowser: {:?}", e),
199
200
201
    }
}

Robert Czechowski's avatar
Robert Czechowski committed
202
fn main() {
203
    let opt = config::Opt::from_args();
204
205
206

    #[cfg(feature = "debug")]
    println!("Options: {:#?}", opt);
Daniel Brüning's avatar
Daniel Brüning committed
207

208
    let mut config = config::read_config_from_file(&opt.configfile);
209

210
211
212
213
214
215
    #[cfg(feature = "debug")]
    println!("Config: {:#?}", config);

    // Let options override config values
    opt.databasefile.map(|x| config.database_file = Some(x));
    opt.databaseurl.map(|x| config.database_url = Some(x));
216
    opt.teacherpage.map(|x| config.teacher_page = Some(x));
217
218
219
    opt.port.map(|x| config.port = Some(x));
    config.no_contest_scan = if opt.nocontestscan { Some(true) } else { config.no_contest_scan };
    config.open_browser = if opt.openbrowser { Some(true) } else { config.open_browser };
220
    config.disable_results_page = if opt.disableresultspage { Some(true) } else { config.disable_results_page };
221
222
223
224
225
226

    // Use default database file if none set
    config.database_file.get_or_insert(Path::new("medal.db").to_owned());

    #[cfg(feature = "debug")]
    println!("Using config: {:#?}", config);
227

228
229
230
    #[cfg(feature = "postgres")]
    {
        if let Some(url) = config.database_url.clone() {
231
            #[cfg(feature = "debug")]
232
            print!("Using database {} … ", &url);
233
234
235
236
237
            #[cfg(not(feature = "debug"))]{
                let (begin_middle, end) = url.split_at(url.find('@').unwrap_or(0));
                let (begin, _middle) = begin_middle.split_at(begin_middle.rfind(':').unwrap_or(0));
                print!("Using database {}:***{} … ", begin, end);
            }
238
239
240
241
242
243
            let conn = postgres::Connection::connect(url, postgres::TlsMode::None).unwrap();
            println!("Connected");

            prepare_and_start_server(conn, config, opt.onlycontestscan, opt.resetadminpw);
            return;
        }
244
    }
245
246
247
248
249
250
251
252
253
254
255
256
257
258

    #[cfg(feature = "rusqlite")]
    {
        if let Some(path) = config.database_file.clone() {
            print!("Using database file {} … ", &path.to_str().unwrap_or("<unprintable filename>"));
            let conn = rusqlite::Connection::open(path).unwrap();
            println!("Connected");

            prepare_and_start_server(conn, config, opt.onlycontestscan, opt.resetadminpw);
            return;
        }
    }

    println!("No database configured. Try enableing the 'rusqlite' feature during compilation.\nLeaving now.");
259
}
260
261
262
263

#[cfg(test)]
mod tests {
    use super::*;
Robert Czechowski's avatar
Robert Czechowski committed
264
    use reqwest::StatusCode;
265

Robert Czechowski's avatar
Robert Czechowski committed
266
267
    fn start_server_and_fn<F>(port: u16, set_user: Option<(String, String, bool)>, f: F)
        where F: Fn() {
268
        use std::sync::mpsc::channel;
Robert Czechowski's avatar
Robert Czechowski committed
269
        use std::{thread, time};
270
271
272
273
        let (start_tx, start_rx) = channel();
        let (stop_tx, stop_rx) = channel();

        thread::spawn(move || {
274
            let mut conn = rusqlite::Connection::open_in_memory().unwrap();
275
276
            db_apply_migrations::test(&mut conn);

277
            if let Some(user) = set_user {
278
                let mut test_user = conn.new_session("");
279
                test_user.username = Some(user.0);
Robert Czechowski's avatar
Robert Czechowski committed
280
281
282
                test_user.is_teacher = user.2;
                test_user.set_password(&user.1).expect("Set Password did not work correctly.");
                conn.save_session(test_user);
283
284
            }

285
            // ID: 1, gets renamed
Robert Czechowski's avatar
Robert Czechowski committed
286
287
288
289
290
291
            let mut contest = Contest::new("directory".to_string(),
                                           "public.yaml".to_string(),
                                           "RenamedContestName".to_string(),
                                           1,
                                           true,
                                           None,
292
293
                                           None,
                                           None,
294
                                           None,
295
296
                                           None,
                                           None,
Robert Czechowski's avatar
Robert Czechowski committed
297
298
299
                                           None);
            contest.save(&conn);

300
            // ID: 1
Robert Czechowski's avatar
Robert Czechowski committed
301
302
303
304
305
306
            let mut contest = Contest::new("directory".to_string(),
                                           "public.yaml".to_string(),
                                           "PublicContestName".to_string(),
                                           1,
                                           true,
                                           None,
307
308
                                           None,
                                           None,
309
                                           None,
310
311
                                           None,
                                           None,
Robert Czechowski's avatar
Robert Czechowski committed
312
                                           None);
313
            let mut taskgroup = Taskgroup::new("TaskgroupName".to_string(), None);
314
            let task = Task::new("taskdir1".to_string(), 3); // ID: 1
Robert Czechowski's avatar
Robert Czechowski committed
315
            taskgroup.tasks.push(task);
316
            let task = Task::new("taskdir2".to_string(), 4); // ID: 2
Robert Czechowski's avatar
Robert Czechowski committed
317
318
319
320
            taskgroup.tasks.push(task);
            contest.taskgroups.push(taskgroup);
            contest.save(&conn);

321
            // ID: 2
Robert Czechowski's avatar
Robert Czechowski committed
322
323
324
325
326
327
            let mut contest = Contest::new("directory".to_string(),
                                           "private.yaml".to_string(),
                                           "PrivateContestName".to_string(),
                                           1,
                                           false,
                                           None,
328
329
                                           None,
                                           None,
330
                                           None,
331
332
                                           None,
                                           None,
Robert Czechowski's avatar
Robert Czechowski committed
333
                                           None);
334
            let mut taskgroup = Taskgroup::new("TaskgroupName".to_string(), None);
335
            let task = Task::new("taskdir1".to_string(), 3); // ID: 3
Robert Czechowski's avatar
Robert Czechowski committed
336
            taskgroup.tasks.push(task);
337
            let task = Task::new("taskdir2".to_string(), 4); // ID: 4
Robert Czechowski's avatar
Robert Czechowski committed
338
339
340
341
            taskgroup.tasks.push(task);
            contest.taskgroups.push(taskgroup);
            contest.save(&conn);

342
            // ID: 3
Robert Czechowski's avatar
Robert Czechowski committed
343
344
345
346
347
348
            let mut contest = Contest::new("directory".to_string(),
                                           "infinte.yaml".to_string(),
                                           "InfiniteContestName".to_string(),
                                           0,
                                           true,
                                           None,
349
350
                                           None,
                                           None,
351
                                           None,
352
353
                                           None,
                                           None,
Robert Czechowski's avatar
Robert Czechowski committed
354
                                           None);
355
356
357
358
359
360
361
362
363
            let mut taskgroup = Taskgroup::new("TaskgroupRenameName".to_string(), None);
            let task = Task::new("taskdir1".to_string(), 3); // ID: 5
            taskgroup.tasks.push(task);
            let task = Task::new("taskdir2".to_string(), 4); // ID: 6
            taskgroup.tasks.push(task);
            contest.taskgroups.push(taskgroup);
            contest.save(&conn);

            let mut taskgroup = Taskgroup::new("TaskgroupNewName".to_string(), None);
364
            let task = Task::new("taskdir1".to_string(), 3); // ID: 5
Robert Czechowski's avatar
Robert Czechowski committed
365
            taskgroup.tasks.push(task);
366
            let task = Task::new("taskdir2".to_string(), 4); // ID: 6
Robert Czechowski's avatar
Robert Czechowski committed
367
368
369
370
            taskgroup.tasks.push(task);
            contest.taskgroups.push(taskgroup);
            contest.save(&conn);

371
            let mut config = config::read_config_from_file(Path::new("thisfileshoudnotexist"));
372
            config.port = Some(port);
373
            config.cookie_signing_secret = Some("testtesttesttesttesttesttesttest".to_string());
374
            let mut srvr = start_server(conn, config).expect(&format!("Could not start server on port {}", port));
375

376
            // Message server started
377
378
            start_tx.send(()).unwrap();

379
            // Wait for test to finish
380
381
            stop_rx.recv().unwrap();

382
            srvr.close().unwrap();
383
384
        });

385
        // Wait for server to start
386
387
        start_rx.recv().unwrap();
        thread::sleep(time::Duration::from_millis(100));
388
389

        // Run test code
390
        f();
391

392
        // Message test finished
393
394
395
        stop_tx.send(()).unwrap();
    }

396
    fn login(port: u16, client: &reqwest::Client, username: &str, password: &str) -> reqwest::Response {
397
        let params = [("username", username), ("password", password)];
Robert Czechowski's avatar
Robert Czechowski committed
398
        let resp = client.post(&format!("http://localhost:{}/login", port)).form(&params).send().unwrap();
399
        resp
400
    }
Robert Czechowski's avatar
Robert Czechowski committed
401

402
403
404
405
406
    fn login_code(port: u16, client: &reqwest::Client, code: &str) -> reqwest::Response {
        let params = [("code", code)];
        let resp = client.post(&format!("http://localhost:{}/clogin", port)).form(&params).send().unwrap();
        resp
    }
407

408
    #[test]
Robert Czechowski's avatar
Robert Czechowski committed
409
    fn start_server_and_check_requests() {
Robert Czechowski's avatar
Robert Czechowski committed
410
        start_server_and_fn(8080, None, || {
411
            let mut resp = reqwest::get("http://localhost:8080").unwrap();
412
            assert_eq!(resp.status(), StatusCode::OK);
413
414

            let content = resp.text().unwrap();
415
            assert!(content.contains("Jugendwettbewerb Informatik</h1>"));
416
            assert!(!content.contains("Error"));
Robert Czechowski's avatar
Robert Czechowski committed
417
            assert!(!content.contains("Gruppenverwaltung"));
418
419

            let mut resp = reqwest::get("http://localhost:8080/contest").unwrap();
420
            assert_eq!(resp.status(), StatusCode::OK);
421
422

            let content = resp.text().unwrap();
423
424
            assert!(content.contains("<h1>Wettbewerbe</h1>"));
            assert!(!content.contains("Error"));
Robert Czechowski's avatar
Robert Czechowski committed
425
426

            let mut resp = reqwest::get("http://localhost:8080/group").unwrap();
427
            let content = resp.text().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
428
            assert!(content.contains("<h1>Login</h1>"));
429
430
        })
    }
Daniel Brüning's avatar
Daniel Brüning committed
431

432
433
    #[test]
    fn check_login_wrong_credentials() {
Robert Czechowski's avatar
Robert Czechowski committed
434
        start_server_and_fn(8081, None, || {
435
            let client = reqwest::Client::new();
Robert Czechowski's avatar
Robert Czechowski committed
436

437
            let mut resp = login(8081, &client, "nonexistingusername", "wrongpassword");
438
            assert_eq!(resp.status(), StatusCode::OK);
439
440

            let content = resp.text().unwrap();
441
442
            assert!(content.contains("<h1>Login</h1>"));
            assert!(content.contains("Login fehlgeschlagen."));
443
            assert!(!content.contains("Error"));
Robert Czechowski's avatar
Robert Czechowski committed
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459

            let mut resp = login_code(8081, &client, "g23AgaV");
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<h1>Login</h1>"));
            assert!(content.contains("Kein gültiger Code."));
            assert!(!content.contains("Error"));

            let mut resp = login_code(8081, &client, "u9XuAbH7p");
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<h1>Login</h1>"));
            assert!(content.contains("Kein gültiger Code."));
            assert!(!content.contains("Error"));
460
        })
461
    }
462
463

    #[test]
Robert Czechowski's avatar
Robert Czechowski committed
464
    fn check_login() {
Robert Czechowski's avatar
Robert Czechowski committed
465
        start_server_and_fn(8082, Some(("testusr".to_string(), "testpw".to_string(), false)), || {
466
467
468
469
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
470

471
            let mut resp = login(8082, &client, "testusr", "testpw");
472
            assert_eq!(resp.status(), StatusCode::FOUND);
473

474
            let content = resp.text().unwrap();
475
476
            assert!(!content.contains("Error"));

477
478
479
480
            let mut set_cookie = resp.headers().get_all("Set-Cookie").iter();
            assert!(set_cookie.next().is_some());
            assert!(set_cookie.next().is_none());

Robert Czechowski's avatar
Robert Czechowski committed
481
482
483
484
            let location = resp.headers().get(reqwest::header::LOCATION).unwrap().to_str().unwrap();
            assert_eq!(location, "http://localhost:8082/");

            let mut resp = client.get(location).send().unwrap();
485
486
            assert_eq!(resp.status(), StatusCode::OK);

487
            let content = resp.text().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
488
489
490
491
            assert!(!content.contains("Error"));
            assert!(!content.contains("Gruppenverwaltung"));
            assert!(content.contains("Eingeloggt als <em>testusr</em>"));
            assert!(content.contains("Jugendwettbewerb Informatik</h1>"));
492
493
494
        })
    }

495
    #[test]
Robert Czechowski's avatar
Robert Czechowski committed
496
    fn check_logout() {
Robert Czechowski's avatar
Robert Czechowski committed
497
        start_server_and_fn(8083, Some(("testusr".to_string(), "testpw".to_string(), false)), || {
498
499
500
501
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
502

503
            let resp = login(8083, &client, "testusr", "testpw");
504
505
506
507
508
509
510
            assert_eq!(resp.status(), StatusCode::FOUND);

            let resp = client.get("http://localhost:8083/logout").send().unwrap();
            assert_eq!(resp.status(), StatusCode::FOUND);

            let mut resp = client.get("http://localhost:8083").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);
511
512

            let content = resp.text().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
513
514
515
516
            assert!(content.contains("Benutzername"));
            assert!(content.contains("Passwort"));
            assert!(content.contains("Gruppencode / Teilnahmecode"));
            assert!(content.contains("Jugendwettbewerb Informatik</h1>"));
517
518
519
        })
    }

520
521
    #[test]
    fn check_group_creation_and_group_code_login() {
Robert Czechowski's avatar
Robert Czechowski committed
522
        start_server_and_fn(8084, Some(("testusr".to_string(), "testpw".to_string(), true)), || {
523
524
525
526
527
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();

528
            let resp = login(8084, &client, "testusr", "testpw");
529
            assert_eq!(resp.status(), StatusCode::FOUND);
530

531
532
            let mut resp = client.get("http://localhost:8084").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);
533
534

            let content = resp.text().unwrap();
535
536
            assert!(content.contains("[Lehrer]"));
            assert!(content.contains("Gruppenverwaltung"));
537
538
539

            let mut resp = client.get("http://localhost:8084/group/").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);
540
541

            let content = resp.text().unwrap();
542
543
            assert!(content.contains("Gruppe anlegen"));

544
            let params = [("name", "WrongGroupname"), ("tag", "WrongMarker"), ("csrf_token", "76CfTPJaoz")];
545
546
            let resp = client.post("http://localhost:8084/group/").form(&params).send().unwrap();
            assert_eq!(resp.status(), StatusCode::FORBIDDEN);
547

548
549
550
            let pos = content.find("type=\"hidden\" name=\"csrf_token\" value=\"").expect("CSRF-Token not found");
            let csrf = &content[pos + 39..pos + 49];
            let params = [("name", "Groupname"), ("tag", "Marker"), ("csrf_token", csrf)];
551
552
            let resp = client.post("http://localhost:8084/group/").form(&params).send().unwrap();
            assert_eq!(resp.status(), StatusCode::FOUND);
553
554
555
556

            let mut resp = client.get("http://localhost:8084/group/").send().unwrap();
            let content = resp.text().unwrap();
            assert!(!content.contains("WrongGroupname"));
Robert Czechowski's avatar
Robert Czechowski committed
557

558
559
560
561
562
            let pos = content.find("<td><a href=\"/group/1\">Groupname</a></td>").expect("Group not found");
            let groupcode = &content[pos + 58..pos + 65];

            // New client to test group code login
            let client = reqwest::Client::builder().cookie_store(true)
Robert Czechowski's avatar
Robert Czechowski committed
563
564
565
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();
566
567
568
569

            let resp = login_code(8084, &client, groupcode);
            assert_eq!(resp.status(), StatusCode::FOUND);

Robert Czechowski's avatar
Robert Czechowski committed
570
571
572
573
574
            let mut set_cookie = resp.headers().get_all("Set-Cookie").iter();
            assert!(set_cookie.next().is_some());
            assert!(set_cookie.next().is_none());

            let location = resp.headers().get(reqwest::header::LOCATION).unwrap().to_str().unwrap();
575
            assert_eq!(location, "http://localhost:8084/profile?status=firstlogin");
Robert Czechowski's avatar
Robert Czechowski committed
576
577

            let mut resp = client.get(location).send().unwrap();
578
579
580
581
582
583
584
            let content = resp.text().unwrap();

            let pos = content.find("<p>Login-Code: ").expect("Logincode not found");
            let logincode = &content[pos + 15..pos + 24];

            // New client to test login code login
            let client = reqwest::Client::builder().cookie_store(true)
Robert Czechowski's avatar
Robert Czechowski committed
585
586
587
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();
588
589
590
591

            let resp = login_code(8084, &client, logincode);
            assert_eq!(resp.status(), StatusCode::FOUND);

Robert Czechowski's avatar
Robert Czechowski committed
592
593
594
595
            let location = resp.headers().get(reqwest::header::LOCATION).unwrap().to_str().unwrap();
            assert_eq!(location, "http://localhost:8084/");

            let mut resp = client.get(location).send().unwrap();
596
597
            let content = resp.text().unwrap();
            assert!(content.contains("Eingeloggt als <em></em>"));
598
599
        })
    }
Robert Czechowski's avatar
Robert Czechowski committed
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632

    #[test]
    fn check_contest_start() {
        start_server_and_fn(8085, Some(("testusr".to_string(), "testpw".to_string(), false)), || {
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();

            let resp = login(8085, &client, "testusr", "testpw");
            assert_eq!(resp.status(), StatusCode::FOUND);

            let mut resp = client.get("http://localhost:8085/contest/").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("PublicContestName"));
            assert!(content.contains("InfiniteContestName"));
            //assert!(content.contains("PrivateContestName"));
            assert!(!content.contains("WrongContestName"));
            assert!(!content.contains("RenamedContestName"));
            assert!(content.contains("<a href=\"/contest/1\">PublicContestName</a>"));

            let mut resp = client.get("http://localhost:8085/contest/1").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("PublicContestName"));
            assert!(!content.contains("InfiniteContestName"));
            assert!(!content.contains("PrivateContestName"));
            assert!(!content.contains("WrongContestName"));
            assert!(!content.contains("RenamedContestName"));

633
            let params = [("csrf_token", "76CfTPJaoz")];
Robert Czechowski's avatar
Robert Czechowski committed
634
635
636
            let resp = client.post("http://localhost:8085/contest/1").form(&params).send().unwrap();
            assert_eq!(resp.status(), StatusCode::FORBIDDEN);

637
638
639
            let pos = content.find("type=\"hidden\" name=\"csrf_token\" value=\"").expect("CSRF-Token not found");
            let csrf = &content[pos + 39..pos + 49];
            let params = [("csrf_token", csrf)];
Robert Czechowski's avatar
Robert Czechowski committed
640
641
            let resp = client.post("http://localhost:8085/contest/1").form(&params).send().unwrap();
            assert_eq!(resp.status(), StatusCode::FOUND);
Robert Czechowski's avatar
Robert Czechowski committed
642
643
644
645
646
647
648

            let mut resp = client.get("http://localhost:8085/contest/1").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<a href=\"/task/1\">☆☆☆</a></li>"));
            assert!(content.contains("<a href=\"/task/2\">☆☆☆☆</a></li>"));
649
650
651
652
653
        })
    }

    #[test]
    fn check_task_load_save() {
654
        start_server_and_fn(8086, None, || {
655
656
657
658
659
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();

660
            let resp = client.get("http://localhost:8086/contest/3").send().unwrap();
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
            assert_eq!(resp.status(), StatusCode::OK);

            let mut resp = client.get("http://localhost:8086/task/5").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            let pos = content.find("#taskid=5&csrftoken=").expect("CSRF-Token not found");
            let csrf = &content[pos + 20..pos + 30];

            let mut resp = client.get("http://localhost:8086/load/5").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert_eq!(content, "{}");

            let params = [("data", "WrongData"), ("grade", "1"), ("csrf_token", "FNQU4QsEMY")];
            let resp = client.post("http://localhost:8086/save/5").form(&params).send().unwrap();
            assert_eq!(resp.status(), StatusCode::FORBIDDEN);

            // Check that the illegitimate request did not actually change anything
            let mut resp = client.get("http://localhost:8086/load/5").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert_eq!(content, "{}");

            let mut resp = client.get("http://localhost:8086/contest/3").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<a href=\"/task/5\">☆☆☆</a></li>"));
            assert!(content.contains("<a href=\"/task/6\">☆☆☆☆</a></li>"));

            let params = [("data", "SomeData"), ("grade", "2"), ("csrf_token", csrf)];
            let mut resp = client.post("http://localhost:8086/save/5").form(&params).send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert_eq!(content, "{}");

            let mut resp = client.get("http://localhost:8086/load/5").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert_eq!(content, "SomeData");

            let mut resp = client.get("http://localhost:8086/contest/3").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<a href=\"/task/5\">★★☆</a></li>"));
            assert!(content.contains("<a href=\"/task/6\">☆☆☆☆</a></li>"));
        })
    }

    #[test]
    fn check_task_load_save_logged_in() {
        start_server_and_fn(8087, Some(("testusr".to_string(), "testpw".to_string(), false)), || {
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();

            let resp = login(8087, &client, "testusr", "testpw");
725
            assert_eq!(resp.status(), StatusCode::FOUND);
Robert Czechowski's avatar
Robert Czechowski committed
726

727
            let mut resp = client.get("http://localhost:8087/contest/1").send().unwrap();
728
729
730
731
732
733
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            let pos = content.find("type=\"hidden\" name=\"csrf_token\" value=\"").expect("CSRF-Token not found");
            let csrf = &content[pos + 39..pos + 49];
            let params = [("csrf_token", csrf)];
734
            let resp = client.post("http://localhost:8087/contest/1").form(&params).send().unwrap();
735
736
            assert_eq!(resp.status(), StatusCode::FOUND);

737
            let mut resp = client.get("http://localhost:8087/task/1").send().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
738
739
740
741
742
743
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            let pos = content.find("#taskid=1&csrftoken=").expect("CSRF-Token not found");
            let csrf = &content[pos + 20..pos + 30];

744
            let mut resp = client.get("http://localhost:8087/load/1").send().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
745
            assert_eq!(resp.status(), StatusCode::OK);
746

Robert Czechowski's avatar
Robert Czechowski committed
747
748
749
            let content = resp.text().unwrap();
            assert_eq!(content, "{}");

750
            let params = [("data", "WrongData"), ("grade", "1"), ("csrf_token", "FNQU4QsEMY")];
751
            let resp = client.post("http://localhost:8087/save/1").form(&params).send().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
752
753
            assert_eq!(resp.status(), StatusCode::FORBIDDEN);

754
            // Check that the illigal request did not actually change anything
755
            let mut resp = client.get("http://localhost:8087/load/1").send().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
756
            assert_eq!(resp.status(), StatusCode::OK);
757

Robert Czechowski's avatar
Robert Czechowski committed
758
759
            let content = resp.text().unwrap();
            assert_eq!(content, "{}");
760

761
            let mut resp = client.get("http://localhost:8087/contest/1").send().unwrap();
762
763
764
765
766
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<a href=\"/task/1\">☆☆☆</a></li>"));
            assert!(content.contains("<a href=\"/task/2\">☆☆☆☆</a></li>"));
767
768

            let params = [("data", "SomeData"), ("grade", "2"), ("csrf_token", csrf)];
769
            let mut resp = client.post("http://localhost:8087/save/1").form(&params).send().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
770
771
772
773
774
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert_eq!(content, "{}");

775
            let mut resp = client.get("http://localhost:8087/load/1").send().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
776
            assert_eq!(resp.status(), StatusCode::OK);
777

Robert Czechowski's avatar
Robert Czechowski committed
778
779
            let content = resp.text().unwrap();
            assert_eq!(content, "SomeData");
780

781
            let mut resp = client.get("http://localhost:8087/contest/1").send().unwrap();
782
783
784
785
786
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<a href=\"/task/1\">★★☆</a></li>"));
            assert!(content.contains("<a href=\"/task/2\">☆☆☆☆</a></li>"));
Robert Czechowski's avatar
Robert Czechowski committed
787
788
        })
    }
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813

    #[test]
    fn check_taskgroup_rename() {
        start_server_and_fn(8088, None, || {
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();

            let mut resp = client.get("http://localhost:8088/contest/3").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            println!("{}", content);
            assert!(content.contains("TaskgroupNewName"));
            assert!(!content.contains("TaskgroupRenameName"));

            let mut resp = client.get("http://localhost:8088/task/5").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("TaskgroupNewName"));
            assert!(!content.contains("TaskgroupRenameName"));
        })
    }
814
}