main.rs 33.7 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
/*  medal                                                                                                            *\
 *  Copyright (C) 2020  Bundesweite Informatikwettbewerbe                                                            *
 *                                                                                                                   *
 *  This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero        *
 *  General Public License as published  by the Free Software Foundation, either version 3 of the License, or (at    *
 *  your option) any later version.                                                                                  *
 *                                                                                                                   *
 *  This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the       *
 *  implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public      *
 *  License for more details.                                                                                        *
 *                                                                                                                   *
 *  You should have received a copy of the GNU Affero General Public License along with this program.  If not, see   *
\*  <http://www.gnu.org/licenses/>.                                                                                  */

15
16
#![cfg_attr(feature = "strict", deny(warnings))]

Robert Czechowski's avatar
Robert Czechowski committed
17
18
19
20
21
22
23
#[macro_use]
extern crate iron;
#[macro_use]
extern crate router;
#[macro_use]
extern crate serde_derive;

24
extern crate csv;
Robert Czechowski's avatar
Robert Czechowski committed
25
extern crate handlebars_iron;
Robert Czechowski's avatar
Robert Czechowski committed
26
27
extern crate iron_sessionstorage;
extern crate mount;
28
extern crate params;
Robert Czechowski's avatar
Robert Czechowski committed
29
30
extern crate persistent;
extern crate rand;
31
extern crate reqwest;
Robert Czechowski's avatar
Robert Czechowski committed
32
extern crate serde_json;
33
extern crate serde_yaml;
Robert Czechowski's avatar
Robert Czechowski committed
34
35
36
37
extern crate staticfile;
extern crate structopt;
extern crate time;
extern crate urlencoded;
38
39
40

#[cfg(feature = "postgres")]
extern crate postgres;
41
#[cfg(feature = "rusqlite")]
42
extern crate rusqlite;
43
#[cfg(feature = "webbrowser")]
44
extern crate webbrowser;
45

46
47
pub mod config;
pub mod contestreader_yaml;
48
pub mod core;
49
pub mod db_conn;
50
pub mod helpers;
51
52
53
pub mod oauth_provider;

mod db_apply_migrations;
54
mod db_conn_postgres;
55
mod db_conn_sqlite_new;
56
mod db_objects;
57
58
mod webfw_iron;

59
use db_conn::{MedalConnection, MedalObject};
60
use db_objects::*;
61
use helpers::SetPassword;
Robert Czechowski's avatar
Robert Czechowski committed
62
63
use webfw_iron::start_server;

64
use config::Config;
65
66
use structopt::StructOpt;

67
use std::path::{Path, PathBuf};
68

69
fn read_contest(p: &PathBuf) -> Option<Contest> {
70
71
    use std::fs::File;
    use std::io::Read;
72

73
74
75
    let mut file = File::open(p).unwrap();
    let mut contents = String::new();
    file.read_to_string(&mut contents).unwrap();
76

77
    contestreader_yaml::parse_yaml(&contents,
78
79
                                   p.file_name().to_owned()?.to_str()?,
                                   &format!("{}/", p.parent().unwrap().to_str()?))
Robert Czechowski's avatar
Robert Czechowski committed
80
81
82
}

fn get_all_contest_info(task_dir: &str) -> Vec<Contest> {
83
84
    fn walk_me_recursively(p: &PathBuf, contests: &mut Vec<Contest>) {
        if let Ok(paths) = std::fs::read_dir(p) {
85
            for path in paths {
Robert Czechowski's avatar
Robert Czechowski committed
86
87
                let p = path.unwrap().path();
                walk_me_recursively(&p, contests);
88
            }
Robert Czechowski's avatar
Robert Czechowski committed
89
        }
90

91
        if p.file_name().unwrap().to_string_lossy().to_string().ends_with(".yaml") {
92
            read_contest(p).map(|contest| contests.push(contest));
93
        };
Robert Czechowski's avatar
Robert Czechowski committed
94
95
96
    };

    let mut contests = Vec::new();
97
    match std::fs::read_dir(task_dir) {
Robert Czechowski's avatar
Robert Czechowski committed
98
        Err(why) => println!("Error opening tasks directory! {:?}", why.kind()),
Robert Czechowski's avatar
Robert Czechowski committed
99
100
101
102
103
        Ok(paths) => {
            for path in paths {
                walk_me_recursively(&path.unwrap().path(), &mut contests);
            }
        }
Robert Czechowski's avatar
Robert Czechowski committed
104
105
106
107
108
    };

    contests
}

109
110
111
112
fn refresh_all_contests<C>(conn: &mut C)
    where C: MedalConnection,
          db_objects::Contest: db_conn::MedalObject<C>
{
113
    conn.reset_all_contest_visibilities();
114
115
    conn.reset_all_taskgroup_visibilities();

Robert Czechowski's avatar
Robert Czechowski committed
116
117
118
119
120
121
122
    let v = get_all_contest_info("tasks/");

    for mut contest_info in v {
        contest_info.save(conn);
    }
}

123
124
fn add_admin_user<C>(conn: &mut C, resetpw: bool)
    where C: MedalConnection {
125
126
127
    let mut admin = match conn.get_user_by_id(1) {
        None => {
            print!("New Database. Creating new admin user with credentials 'admin':");
128
            conn.new_session("")
Robert Czechowski's avatar
Robert Czechowski committed
129
        }
130
131
        Some(user) => {
            if !resetpw {
Robert Czechowski's avatar
Robert Czechowski committed
132
                return;
133
            }
134
135
136
137
138
            print!("Request to reset admin password. Set credentials 'admin':");
            user
        }
    };

139
    let password = helpers::make_unambiguous_code(8);
140
141
    print!("'{}', ", &password);

142
    let logincode = helpers::make_unambiguous_code_prefix(8, "a");
143
    print!(" logincode:'{}' …", &logincode);
144
145

    admin.username = Some("admin".into());
146
    admin.logincode = Some(logincode);
147
    match admin.set_password(&password) {
148
        None => println!(" FAILED! (Password hashing error)"),
149
150
        _ => {
            conn.save_session(admin);
151
            println!(" Done");
152
        }
153
154
155
    }
}

156
157
158
159
160
161
162
fn prepare_and_start_server<C>(mut conn: C, config: Config, onlycontestscan: bool, resetadminpw: bool)
    where C: MedalConnection + std::marker::Send + 'static,
          db_objects::Contest: db_conn::MedalObject<C>
{
    db_apply_migrations::test(&mut conn);

    if onlycontestscan || config.no_contest_scan == Some(false) {
163
        print!("Scanning for contests …");
164
        refresh_all_contests(&mut conn);
165
        println!(" Done")
166
167
168
169
170
    }

    if !onlycontestscan {
        add_admin_user(&mut conn, resetadminpw);

171
        #[cfg(feature = "webbrowser")]
172
        let self_url = config.self_url.clone();
173
        #[cfg(feature = "webbrowser")]
174
175
        let open_browser = config.open_browser;

176
        match start_server(conn, config) {
177
178
            Ok(_) => {
                println!("Server started");
179

180
181
182
183
184
                #[cfg(feature = "webbrowser")]
                {
                    if let (Some(self_url), Some(true)) = (self_url, open_browser) {
                        open_browser_window(&self_url);
                    }
185
                }
186
            }
187
188
            Err(_) => println!("Error on server start …"),
        };
189

190
191
192
193
        println!("Could not run server. Is the port already in use?");
    }
}

194
#[cfg(feature = "webbrowser")]
195
196
197
fn open_browser_window(self_url: &str) {
    match webbrowser::open(&self_url) {
        Ok(_) => (),
198
        Err(e) => println!("Error while opening webbrowser: {:?}", e),
199
200
201
    }
}

Robert Czechowski's avatar
Robert Czechowski committed
202
fn main() {
203
    let opt = config::Opt::from_args();
204
205
206

    #[cfg(feature = "debug")]
    println!("Options: {:#?}", opt);
Daniel Brüning's avatar
Daniel Brüning committed
207

208
    let mut config = config::read_config_from_file(&opt.configfile);
209

210
211
212
213
214
215
    #[cfg(feature = "debug")]
    println!("Config: {:#?}", config);

    // Let options override config values
    opt.databasefile.map(|x| config.database_file = Some(x));
    opt.databaseurl.map(|x| config.database_url = Some(x));
216
    opt.teacherpage.map(|x| config.teacher_page = Some(x));
217
218
219
    opt.port.map(|x| config.port = Some(x));
    config.no_contest_scan = if opt.nocontestscan { Some(true) } else { config.no_contest_scan };
    config.open_browser = if opt.openbrowser { Some(true) } else { config.open_browser };
220
    config.disable_results_page = if opt.disableresultspage { Some(true) } else { config.disable_results_page };
221
222
223
224
225
226

    // Use default database file if none set
    config.database_file.get_or_insert(Path::new("medal.db").to_owned());

    #[cfg(feature = "debug")]
    println!("Using config: {:#?}", config);
227

228
229
230
    #[cfg(feature = "postgres")]
    {
        if let Some(url) = config.database_url.clone() {
231
            #[cfg(feature = "debug")]
232
            print!("Using database {} … ", &url);
233
234
            #[cfg(not(feature = "debug"))]
            {
235
236
237
238
                let (begin_middle, end) = url.split_at(url.find('@').unwrap_or(0));
                let (begin, _middle) = begin_middle.split_at(begin_middle.rfind(':').unwrap_or(0));
                print!("Using database {}:***{} … ", begin, end);
            }
239
240
241
242
243
244
            let conn = postgres::Connection::connect(url, postgres::TlsMode::None).unwrap();
            println!("Connected");

            prepare_and_start_server(conn, config, opt.onlycontestscan, opt.resetadminpw);
            return;
        }
245
    }
246
247
248
249
250
251
252
253
254
255
256
257
258
259

    #[cfg(feature = "rusqlite")]
    {
        if let Some(path) = config.database_file.clone() {
            print!("Using database file {} … ", &path.to_str().unwrap_or("<unprintable filename>"));
            let conn = rusqlite::Connection::open(path).unwrap();
            println!("Connected");

            prepare_and_start_server(conn, config, opt.onlycontestscan, opt.resetadminpw);
            return;
        }
    }

    println!("No database configured. Try enableing the 'rusqlite' feature during compilation.\nLeaving now.");
260
}
261
262
263
264

#[cfg(test)]
mod tests {
    use super::*;
Robert Czechowski's avatar
Robert Czechowski committed
265
    use reqwest::StatusCode;
266

Robert Czechowski's avatar
Robert Czechowski committed
267
268
    fn start_server_and_fn<F>(port: u16, set_user: Option<(String, String, bool)>, f: F)
        where F: Fn() {
269
        use std::sync::mpsc::channel;
Robert Czechowski's avatar
Robert Czechowski committed
270
        use std::{thread, time};
271
272
273
274
        let (start_tx, start_rx) = channel();
        let (stop_tx, stop_rx) = channel();

        thread::spawn(move || {
275
            let mut conn = rusqlite::Connection::open_in_memory().unwrap();
276
277
            db_apply_migrations::test(&mut conn);

278
            if let Some(user) = set_user {
279
                let mut test_user = conn.new_session("");
280
                test_user.username = Some(user.0);
Robert Czechowski's avatar
Robert Czechowski committed
281
282
283
                test_user.is_teacher = user.2;
                test_user.set_password(&user.1).expect("Set Password did not work correctly.");
                conn.save_session(test_user);
284
285
            }

286
            // ID: 1, gets renamed
Robert Czechowski's avatar
Robert Czechowski committed
287
288
289
290
291
292
            let mut contest = Contest::new("directory".to_string(),
                                           "public.yaml".to_string(),
                                           "RenamedContestName".to_string(),
                                           1,
                                           true,
                                           None,
293
294
                                           None,
                                           None,
295
                                           None,
296
297
                                           None,
                                           None,
Robert Czechowski's avatar
Robert Czechowski committed
298
299
300
                                           None);
            contest.save(&conn);

301
            // ID: 1
Robert Czechowski's avatar
Robert Czechowski committed
302
303
304
305
306
307
            let mut contest = Contest::new("directory".to_string(),
                                           "public.yaml".to_string(),
                                           "PublicContestName".to_string(),
                                           1,
                                           true,
                                           None,
308
309
                                           None,
                                           None,
310
                                           None,
311
312
                                           None,
                                           None,
Robert Czechowski's avatar
Robert Czechowski committed
313
                                           None);
314
            let mut taskgroup = Taskgroup::new("TaskgroupName".to_string(), None);
315
            let task = Task::new("taskdir1".to_string(), 3); // ID: 1
Robert Czechowski's avatar
Robert Czechowski committed
316
            taskgroup.tasks.push(task);
317
            let task = Task::new("taskdir2".to_string(), 4); // ID: 2
Robert Czechowski's avatar
Robert Czechowski committed
318
319
320
321
            taskgroup.tasks.push(task);
            contest.taskgroups.push(taskgroup);
            contest.save(&conn);

322
            // ID: 2
Robert Czechowski's avatar
Robert Czechowski committed
323
324
325
326
327
328
            let mut contest = Contest::new("directory".to_string(),
                                           "private.yaml".to_string(),
                                           "PrivateContestName".to_string(),
                                           1,
                                           false,
                                           None,
329
330
                                           None,
                                           None,
331
                                           None,
332
333
                                           None,
                                           None,
Robert Czechowski's avatar
Robert Czechowski committed
334
                                           None);
335
            let mut taskgroup = Taskgroup::new("TaskgroupName".to_string(), None);
336
            let task = Task::new("taskdir1".to_string(), 3); // ID: 3
Robert Czechowski's avatar
Robert Czechowski committed
337
            taskgroup.tasks.push(task);
338
            let task = Task::new("taskdir2".to_string(), 4); // ID: 4
Robert Czechowski's avatar
Robert Czechowski committed
339
340
341
342
            taskgroup.tasks.push(task);
            contest.taskgroups.push(taskgroup);
            contest.save(&conn);

343
            // ID: 3
Robert Czechowski's avatar
Robert Czechowski committed
344
345
346
347
348
349
            let mut contest = Contest::new("directory".to_string(),
                                           "infinte.yaml".to_string(),
                                           "InfiniteContestName".to_string(),
                                           0,
                                           true,
                                           None,
350
351
                                           None,
                                           None,
352
                                           None,
353
354
                                           None,
                                           None,
Robert Czechowski's avatar
Robert Czechowski committed
355
                                           None);
356
357
358
359
360
361
362
363
364
            let mut taskgroup = Taskgroup::new("TaskgroupRenameName".to_string(), None);
            let task = Task::new("taskdir1".to_string(), 3); // ID: 5
            taskgroup.tasks.push(task);
            let task = Task::new("taskdir2".to_string(), 4); // ID: 6
            taskgroup.tasks.push(task);
            contest.taskgroups.push(taskgroup);
            contest.save(&conn);

            let mut taskgroup = Taskgroup::new("TaskgroupNewName".to_string(), None);
365
            let task = Task::new("taskdir1".to_string(), 3); // ID: 5
Robert Czechowski's avatar
Robert Czechowski committed
366
            taskgroup.tasks.push(task);
367
            let task = Task::new("taskdir2".to_string(), 4); // ID: 6
Robert Czechowski's avatar
Robert Czechowski committed
368
369
370
371
            taskgroup.tasks.push(task);
            contest.taskgroups.push(taskgroup);
            contest.save(&conn);

372
            let mut config = config::read_config_from_file(Path::new("thisfileshoudnotexist"));
373
            config.port = Some(port);
374
            config.cookie_signing_secret = Some("testtesttesttesttesttesttesttest".to_string());
Robert Czechowski's avatar
Robert Czechowski committed
375
376
            let message = format!("Could not start server on port {}", port);
            let mut srvr = start_server(conn, config).expect(&message);
377

378
            // Message server started
379
380
            start_tx.send(()).unwrap();

381
            // Wait for test to finish
382
383
            stop_rx.recv().unwrap();

384
            srvr.close().unwrap();
385
386
        });

387
        // Wait for server to start
388
389
        start_rx.recv().unwrap();
        thread::sleep(time::Duration::from_millis(100));
390
391

        // Run test code
392
        f();
393

394
        // Message test finished
395
396
397
        stop_tx.send(()).unwrap();
    }

398
    fn login(port: u16, client: &reqwest::Client, username: &str, password: &str) -> reqwest::Response {
399
        let params = [("username", username), ("password", password)];
Robert Czechowski's avatar
Robert Czechowski committed
400
        client.post(&format!("http://localhost:{}/login", port)).form(&params).send().unwrap()
401
    }
Robert Czechowski's avatar
Robert Czechowski committed
402

403
404
    fn login_code(port: u16, client: &reqwest::Client, code: &str) -> reqwest::Response {
        let params = [("code", code)];
Robert Czechowski's avatar
Robert Czechowski committed
405
        client.post(&format!("http://localhost:{}/clogin", port)).form(&params).send().unwrap()
406
    }
407

408
    #[test]
Robert Czechowski's avatar
Robert Czechowski committed
409
    fn start_server_and_check_requests() {
Robert Czechowski's avatar
Robert Czechowski committed
410
        start_server_and_fn(8080, None, || {
411
            let mut resp = reqwest::get("http://localhost:8080").unwrap();
412
            assert_eq!(resp.status(), StatusCode::OK);
413
414

            let content = resp.text().unwrap();
415
            assert!(content.contains("Jugendwettbewerb Informatik</h1>"));
416
            assert!(!content.contains("Error"));
Robert Czechowski's avatar
Robert Czechowski committed
417
            assert!(!content.contains("Gruppenverwaltung"));
418
419

            let mut resp = reqwest::get("http://localhost:8080/contest").unwrap();
420
            assert_eq!(resp.status(), StatusCode::OK);
421
422

            let content = resp.text().unwrap();
423
424
            assert!(content.contains("<h1>Wettbewerbe</h1>"));
            assert!(!content.contains("Error"));
Robert Czechowski's avatar
Robert Czechowski committed
425
426

            let mut resp = reqwest::get("http://localhost:8080/group").unwrap();
427
            let content = resp.text().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
428
            assert!(content.contains("<h1>Login</h1>"));
429
430
        })
    }
Daniel Brüning's avatar
Daniel Brüning committed
431

432
433
    #[test]
    fn check_login_wrong_credentials() {
Robert Czechowski's avatar
Robert Czechowski committed
434
        start_server_and_fn(8081, None, || {
435
            let client = reqwest::Client::new();
Robert Czechowski's avatar
Robert Czechowski committed
436

437
            let mut resp = login(8081, &client, "nonexistingusername", "wrongpassword");
438
            assert_eq!(resp.status(), StatusCode::OK);
439
440

            let content = resp.text().unwrap();
441
442
            assert!(content.contains("<h1>Login</h1>"));
            assert!(content.contains("Login fehlgeschlagen."));
443
            assert!(!content.contains("Error"));
Robert Czechowski's avatar
Robert Czechowski committed
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459

            let mut resp = login_code(8081, &client, "g23AgaV");
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<h1>Login</h1>"));
            assert!(content.contains("Kein gültiger Code."));
            assert!(!content.contains("Error"));

            let mut resp = login_code(8081, &client, "u9XuAbH7p");
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<h1>Login</h1>"));
            assert!(content.contains("Kein gültiger Code."));
            assert!(!content.contains("Error"));
460
        })
461
    }
462
463

    #[test]
Robert Czechowski's avatar
Robert Czechowski committed
464
    fn check_login() {
Robert Czechowski's avatar
Robert Czechowski committed
465
        start_server_and_fn(8082, Some(("testusr".to_string(), "testpw".to_string(), false)), || {
466
467
468
469
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
470

471
            let mut resp = login(8082, &client, "testusr", "testpw");
472
            assert_eq!(resp.status(), StatusCode::FOUND);
473

474
            let content = resp.text().unwrap();
475
476
            assert!(!content.contains("Error"));

477
478
479
480
            let mut set_cookie = resp.headers().get_all("Set-Cookie").iter();
            assert!(set_cookie.next().is_some());
            assert!(set_cookie.next().is_none());

Robert Czechowski's avatar
Robert Czechowski committed
481
482
483
484
            let location = resp.headers().get(reqwest::header::LOCATION).unwrap().to_str().unwrap();
            assert_eq!(location, "http://localhost:8082/");

            let mut resp = client.get(location).send().unwrap();
485
486
            assert_eq!(resp.status(), StatusCode::OK);

487
            let content = resp.text().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
488
489
490
491
            assert!(!content.contains("Error"));
            assert!(!content.contains("Gruppenverwaltung"));
            assert!(content.contains("Eingeloggt als <em>testusr</em>"));
            assert!(content.contains("Jugendwettbewerb Informatik</h1>"));
492
493
494
        })
    }

495
    #[test]
Robert Czechowski's avatar
Robert Czechowski committed
496
    fn check_logout() {
Robert Czechowski's avatar
Robert Czechowski committed
497
        start_server_and_fn(8083, Some(("testusr".to_string(), "testpw".to_string(), false)), || {
498
499
500
501
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
502

503
            let resp = login(8083, &client, "testusr", "testpw");
504
505
506
507
508
509
510
            assert_eq!(resp.status(), StatusCode::FOUND);

            let resp = client.get("http://localhost:8083/logout").send().unwrap();
            assert_eq!(resp.status(), StatusCode::FOUND);

            let mut resp = client.get("http://localhost:8083").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);
511
512

            let content = resp.text().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
513
514
515
516
            assert!(content.contains("Benutzername"));
            assert!(content.contains("Passwort"));
            assert!(content.contains("Gruppencode / Teilnahmecode"));
            assert!(content.contains("Jugendwettbewerb Informatik</h1>"));
517
518
519
        })
    }

520
521
    #[test]
    fn check_group_creation_and_group_code_login() {
Robert Czechowski's avatar
Robert Czechowski committed
522
        start_server_and_fn(8084, Some(("testusr".to_string(), "testpw".to_string(), true)), || {
523
524
525
526
527
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();

528
            let resp = login(8084, &client, "testusr", "testpw");
529
            assert_eq!(resp.status(), StatusCode::FOUND);
530

531
532
            let mut resp = client.get("http://localhost:8084").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);
533
534

            let content = resp.text().unwrap();
535
536
            assert!(content.contains("[Lehrer]"));
            assert!(content.contains("Gruppenverwaltung"));
537
538
539

            let mut resp = client.get("http://localhost:8084/group/").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);
540
541

            let content = resp.text().unwrap();
542
543
            assert!(content.contains("Gruppe anlegen"));

544
            let params = [("name", "WrongGroupname"), ("tag", "WrongMarker"), ("csrf_token", "76CfTPJaoz")];
545
546
            let resp = client.post("http://localhost:8084/group/").form(&params).send().unwrap();
            assert_eq!(resp.status(), StatusCode::FORBIDDEN);
547

548
549
550
            let pos = content.find("type=\"hidden\" name=\"csrf_token\" value=\"").expect("CSRF-Token not found");
            let csrf = &content[pos + 39..pos + 49];
            let params = [("name", "Groupname"), ("tag", "Marker"), ("csrf_token", csrf)];
551
552
            let resp = client.post("http://localhost:8084/group/").form(&params).send().unwrap();
            assert_eq!(resp.status(), StatusCode::FOUND);
553
554
555
556

            let mut resp = client.get("http://localhost:8084/group/").send().unwrap();
            let content = resp.text().unwrap();
            assert!(!content.contains("WrongGroupname"));
Robert Czechowski's avatar
Robert Czechowski committed
557

558
559
560
561
562
            let pos = content.find("<td><a href=\"/group/1\">Groupname</a></td>").expect("Group not found");
            let groupcode = &content[pos + 58..pos + 65];

            // New client to test group code login
            let client = reqwest::Client::builder().cookie_store(true)
Robert Czechowski's avatar
Robert Czechowski committed
563
564
565
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();
566
567
568
569

            let resp = login_code(8084, &client, groupcode);
            assert_eq!(resp.status(), StatusCode::FOUND);

Robert Czechowski's avatar
Robert Czechowski committed
570
571
572
573
574
            let mut set_cookie = resp.headers().get_all("Set-Cookie").iter();
            assert!(set_cookie.next().is_some());
            assert!(set_cookie.next().is_none());

            let location = resp.headers().get(reqwest::header::LOCATION).unwrap().to_str().unwrap();
575
            assert_eq!(location, "http://localhost:8084/profile?status=firstlogin");
Robert Czechowski's avatar
Robert Czechowski committed
576
577

            let mut resp = client.get(location).send().unwrap();
578
579
580
581
582
583
584
            let content = resp.text().unwrap();

            let pos = content.find("<p>Login-Code: ").expect("Logincode not found");
            let logincode = &content[pos + 15..pos + 24];

            // New client to test login code login
            let client = reqwest::Client::builder().cookie_store(true)
Robert Czechowski's avatar
Robert Czechowski committed
585
586
587
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();
588
589
590
591

            let resp = login_code(8084, &client, logincode);
            assert_eq!(resp.status(), StatusCode::FOUND);

Robert Czechowski's avatar
Robert Czechowski committed
592
593
594
595
            let location = resp.headers().get(reqwest::header::LOCATION).unwrap().to_str().unwrap();
            assert_eq!(location, "http://localhost:8084/");

            let mut resp = client.get(location).send().unwrap();
596
597
            let content = resp.text().unwrap();
            assert!(content.contains("Eingeloggt als <em></em>"));
598
599
        })
    }
Robert Czechowski's avatar
Robert Czechowski committed
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632

    #[test]
    fn check_contest_start() {
        start_server_and_fn(8085, Some(("testusr".to_string(), "testpw".to_string(), false)), || {
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();

            let resp = login(8085, &client, "testusr", "testpw");
            assert_eq!(resp.status(), StatusCode::FOUND);

            let mut resp = client.get("http://localhost:8085/contest/").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("PublicContestName"));
            assert!(content.contains("InfiniteContestName"));
            //assert!(content.contains("PrivateContestName"));
            assert!(!content.contains("WrongContestName"));
            assert!(!content.contains("RenamedContestName"));
            assert!(content.contains("<a href=\"/contest/1\">PublicContestName</a>"));

            let mut resp = client.get("http://localhost:8085/contest/1").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("PublicContestName"));
            assert!(!content.contains("InfiniteContestName"));
            assert!(!content.contains("PrivateContestName"));
            assert!(!content.contains("WrongContestName"));
            assert!(!content.contains("RenamedContestName"));

633
            let params = [("csrf_token", "76CfTPJaoz")];
Robert Czechowski's avatar
Robert Czechowski committed
634
635
636
            let resp = client.post("http://localhost:8085/contest/1").form(&params).send().unwrap();
            assert_eq!(resp.status(), StatusCode::FORBIDDEN);

637
638
639
            let pos = content.find("type=\"hidden\" name=\"csrf_token\" value=\"").expect("CSRF-Token not found");
            let csrf = &content[pos + 39..pos + 49];
            let params = [("csrf_token", csrf)];
Robert Czechowski's avatar
Robert Czechowski committed
640
641
            let resp = client.post("http://localhost:8085/contest/1").form(&params).send().unwrap();
            assert_eq!(resp.status(), StatusCode::FOUND);
Robert Czechowski's avatar
Robert Czechowski committed
642
643
644
645
646
647
648

            let mut resp = client.get("http://localhost:8085/contest/1").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<a href=\"/task/1\">☆☆☆</a></li>"));
            assert!(content.contains("<a href=\"/task/2\">☆☆☆☆</a></li>"));
649
650
651
652
653
        })
    }

    #[test]
    fn check_task_load_save() {
654
        start_server_and_fn(8086, None, || {
655
656
657
658
659
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();

660
            let resp = client.get("http://localhost:8086/contest/3").send().unwrap();
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
            assert_eq!(resp.status(), StatusCode::OK);

            let mut resp = client.get("http://localhost:8086/task/5").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            let pos = content.find("#taskid=5&csrftoken=").expect("CSRF-Token not found");
            let csrf = &content[pos + 20..pos + 30];

            let mut resp = client.get("http://localhost:8086/load/5").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert_eq!(content, "{}");

            let params = [("data", "WrongData"), ("grade", "1"), ("csrf_token", "FNQU4QsEMY")];
            let resp = client.post("http://localhost:8086/save/5").form(&params).send().unwrap();
            assert_eq!(resp.status(), StatusCode::FORBIDDEN);

            // Check that the illegitimate request did not actually change anything
            let mut resp = client.get("http://localhost:8086/load/5").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert_eq!(content, "{}");

            let mut resp = client.get("http://localhost:8086/contest/3").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<a href=\"/task/5\">☆☆☆</a></li>"));
            assert!(content.contains("<a href=\"/task/6\">☆☆☆☆</a></li>"));

            let params = [("data", "SomeData"), ("grade", "2"), ("csrf_token", csrf)];
            let mut resp = client.post("http://localhost:8086/save/5").form(&params).send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert_eq!(content, "{}");

            let mut resp = client.get("http://localhost:8086/load/5").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert_eq!(content, "SomeData");

            let mut resp = client.get("http://localhost:8086/contest/3").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<a href=\"/task/5\">★★☆</a></li>"));
            assert!(content.contains("<a href=\"/task/6\">☆☆☆☆</a></li>"));
        })
    }

    #[test]
    fn check_task_load_save_logged_in() {
        start_server_and_fn(8087, Some(("testusr".to_string(), "testpw".to_string(), false)), || {
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();

            let resp = login(8087, &client, "testusr", "testpw");
725
            assert_eq!(resp.status(), StatusCode::FOUND);
Robert Czechowski's avatar
Robert Czechowski committed
726

727
            let mut resp = client.get("http://localhost:8087/contest/1").send().unwrap();
728
729
730
731
732
733
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            let pos = content.find("type=\"hidden\" name=\"csrf_token\" value=\"").expect("CSRF-Token not found");
            let csrf = &content[pos + 39..pos + 49];
            let params = [("csrf_token", csrf)];
734
            let resp = client.post("http://localhost:8087/contest/1").form(&params).send().unwrap();
735
736
            assert_eq!(resp.status(), StatusCode::FOUND);

737
            let mut resp = client.get("http://localhost:8087/task/1").send().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
738
739
740
741
742
743
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            let pos = content.find("#taskid=1&csrftoken=").expect("CSRF-Token not found");
            let csrf = &content[pos + 20..pos + 30];

744
            let mut resp = client.get("http://localhost:8087/load/1").send().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
745
            assert_eq!(resp.status(), StatusCode::OK);
746

Robert Czechowski's avatar
Robert Czechowski committed
747
748
749
            let content = resp.text().unwrap();
            assert_eq!(content, "{}");

750
            let params = [("data", "WrongData"), ("grade", "1"), ("csrf_token", "FNQU4QsEMY")];
751
            let resp = client.post("http://localhost:8087/save/1").form(&params).send().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
752
753
            assert_eq!(resp.status(), StatusCode::FORBIDDEN);

754
            // Check that the illigal request did not actually change anything
755
            let mut resp = client.get("http://localhost:8087/load/1").send().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
756
            assert_eq!(resp.status(), StatusCode::OK);
757

Robert Czechowski's avatar
Robert Czechowski committed
758
759
            let content = resp.text().unwrap();
            assert_eq!(content, "{}");
760

761
            let mut resp = client.get("http://localhost:8087/contest/1").send().unwrap();
762
763
764
765
766
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<a href=\"/task/1\">☆☆☆</a></li>"));
            assert!(content.contains("<a href=\"/task/2\">☆☆☆☆</a></li>"));
767
768

            let params = [("data", "SomeData"), ("grade", "2"), ("csrf_token", csrf)];
769
            let mut resp = client.post("http://localhost:8087/save/1").form(&params).send().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
770
771
772
773
774
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert_eq!(content, "{}");

775
            let mut resp = client.get("http://localhost:8087/load/1").send().unwrap();
Robert Czechowski's avatar
Robert Czechowski committed
776
            assert_eq!(resp.status(), StatusCode::OK);
777

Robert Czechowski's avatar
Robert Czechowski committed
778
779
            let content = resp.text().unwrap();
            assert_eq!(content, "SomeData");
780

781
            let mut resp = client.get("http://localhost:8087/contest/1").send().unwrap();
782
783
784
785
786
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("<a href=\"/task/1\">★★☆</a></li>"));
            assert!(content.contains("<a href=\"/task/2\">☆☆☆☆</a></li>"));
Robert Czechowski's avatar
Robert Czechowski committed
787
788
        })
    }
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813

    #[test]
    fn check_taskgroup_rename() {
        start_server_and_fn(8088, None, || {
            let client = reqwest::Client::builder().cookie_store(true)
                                                   .redirect(reqwest::RedirectPolicy::none())
                                                   .build()
                                                   .unwrap();

            let mut resp = client.get("http://localhost:8088/contest/3").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            println!("{}", content);
            assert!(content.contains("TaskgroupNewName"));
            assert!(!content.contains("TaskgroupRenameName"));

            let mut resp = client.get("http://localhost:8088/task/5").send().unwrap();
            assert_eq!(resp.status(), StatusCode::OK);

            let content = resp.text().unwrap();
            assert!(content.contains("TaskgroupNewName"));
            assert!(!content.contains("TaskgroupRenameName"));
        })
    }
814
}