}
public boolean canVerify() {
- return target instanceof User && ((User) target).canVerify();
+ return target instanceof User && ((User) target).canVerify() && isStronglyAuthenticated();
}
public boolean isStronglyAuthenticated() {
import java.io.IOException;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
-import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
import org.junit.Test;
+import club.wpia.gigi.GigiApiException;
import club.wpia.gigi.dbObjects.User;
import club.wpia.gigi.pages.PasswordResetPage;
import club.wpia.gigi.pages.wot.TestVerification;
public class TestPasswordResetExternal extends ClientTest {
@Test
- public void testByVerification() throws IOException {
+ public void testByVerification() throws IOException, GeneralSecurityException, GigiApiException, InterruptedException {
User u = User.getById(createVerificationUser("fn", "ln", createUniqueName() + "@example.com", TEST_PASSWORD));
- String cookie2 = login(u.getEmail(), TEST_PASSWORD);
+ String cookie2 = cookieWithCertificateLogin(u);
URLConnection uc = TestVerification.buildupVerifyFormConnection(cookie2, email, true);
String avalue = RandomToken.generateToken(32);
uc.getOutputStream().write(("verifiedName=" + this.u.getPreferredName().getId() + "&date=" + TestVerification.validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10&passwordReset=1&passwordResetValue=" + URLEncoder.encode(avalue, "UTF-8")).getBytes("UTF-8"));
mail = getMailReceiver().receive(this.u.getEmail());
String link = mail.extractLink();
String npw = TEST_PASSWORD + "'";
- System.out.println(link);
assertNotNull(toPasswordReset(avalue, link, npw, npw + "'"));
assertNotNull(toPasswordReset(avalue + "'", link, npw, npw));
assertNotNull(toPasswordReset(avalue, link, "a", "a"));
uc2.setDoOutput(true);
OutputStream o = uc2.getOutputStream();
o.write(("csrf=" + csrf + "&pword1=" + URLEncoder.encode(npw, "UTF-8") + "&pword2=" + URLEncoder.encode(npw2, "UTF-8") + "&private_token=" + URLEncoder.encode(avalue, "UTF-8")).getBytes("UTF-8"));
- System.out.println(((HttpURLConnection) uc2).getResponseCode());
String readURL = IOUtils.readURL(uc2);
return fetchStartErrorMessage(readURL);
}
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
import java.util.Random;
import org.junit.Test;
import club.wpia.gigi.GigiApiException;
-import club.wpia.gigi.dbObjects.Certificate;
-import club.wpia.gigi.dbObjects.Certificate.CSRType;
-import club.wpia.gigi.dbObjects.Digest;
import club.wpia.gigi.dbObjects.Group;
import club.wpia.gigi.pages.admin.support.FindCertPage;
import club.wpia.gigi.pages.admin.support.FindUserByDomainPage;
public TestSEAdminTicketSetting() throws IOException, GigiApiException {
grant(u, Group.SUPPORTER);
- try {
- KeyPair kp = generateKeypair();
- String csr = generatePEMCSR(kp, "CN=" + u.getPreferredName().toString());
- Certificate c = new Certificate(u, u, Certificate.buildDN("CN", u.getPreferredName().toString()), Digest.SHA256, csr, CSRType.CSR, getClientProfile());
- final PrivateKey pk = kp.getPrivate();
- await(c.issue(null, "2y", u));
- final X509Certificate ce = c.cert();
- c.setLoginEnabled(true);
- cookie = login(pk, ce);
- loginCertificate = c;
- loginPrivateKey = pk;
- } catch (InterruptedException e) {
- throw new GigiApiException(e.toString());
- } catch (GeneralSecurityException e) {
- throw new GigiApiException(e.toString());
- }
+ cookie = cookieWithCertificateLogin(u);
}
@Test
import java.net.MalformedURLException;
import java.net.URLConnection;
import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
import java.sql.SQLException;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
private String cookie;
@Before
- public void setup() throws IOException {
+ public void setup() throws IOException, GeneralSecurityException, GigiApiException, InterruptedException {
clearCaches();
agentM = createUniqueName() + "@example.org";
applicantM = createUniqueName() + "@example.org";
int applicantId = createVerifiedUser("a", "c", applicantM, TEST_PASSWORD);
applicantName = User.getById(applicantId).getPreferredName().getId();
- cookie = login(agentM, TEST_PASSWORD);
+ User users[] = User.findByEmail(agentM);
+ cookie = cookieWithCertificateLogin(users[0]);
}
private Matcher<String> isVerificationForm() {
String applicantCookie = login(applicantM, TEST_PASSWORD);
String newDob = "day=1&month=1&year=" + ( !succeed ? 1911 : 1910);
-
+ loginCertificate = null;
assertNull(executeBasicWebInteraction(applicantCookie, MyDetails.PATH, newDob + "&action=updateDoB", 0));
uc.getOutputStream().write(("verifiedName=" + applicantName + "&date=" + validVerificationDateString() + "&location=testcase&countryCode=DE&certify=1&rules=1&assertion=1&points=10").getBytes("UTF-8"));
getMailReceiver().receive(applicantM);
String cookie = login(applicantM, TEST_PASSWORD);
+ loginCertificate = null;
URLConnection url = get(cookie, Points.PATH);
String resp = IOUtils.readURL(url);
resp = resp.split(Pattern.quote("</table>"))[1];
getMailReceiver().receive(applicantM);
String cookie = login(agentM, TEST_PASSWORD);
+ loginCertificate = null;
URLConnection url = get(cookie, Points.PATH);
String resp = IOUtils.readURL(url);
resp = resp.split(Pattern.quote("</table>"))[2];
}
@Test
- public void testMultipleVerification() throws IOException {
-
+ public void testMultipleVerification() throws IOException, GeneralSecurityException, GigiApiException, InterruptedException {
User users[] = User.findByEmail(agentM);
int agentID = users[0].getId();
}
@Test
- public void testRANotificationSet() throws IOException, GigiApiException {
+ public void testRANotificationSet() throws IOException, GigiApiException, GeneralSecurityException, InterruptedException {
getMailReceiver().assertEmpty();
User users[] = User.findByEmail(agentM);
User u = users[0];
u.grantGroup(u, Group.VERIFY_NOTIFICATION);
clearCaches();
- cookie = login(agentM, TEST_PASSWORD);
-
- String targetMail = u.getEmail();
+ cookie = cookieWithCertificateLogin(users[0]);
// enter verification
String uniqueLoc = createUniqueName();
executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
getMailReceiver().receive(applicantM);
- TestMail tm = getMailReceiver().receive(targetMail);
+
+ TestMail tm = getMailReceiver().receive(agentM);
assertThat(tm.getMessage(), containsString("You entered a verification for the account with email address " + applicantM));
}
User u = users[0];
u.revokeGroup(u, Group.VERIFY_NOTIFICATION);
clearCaches();
- cookie = login(agentM, TEST_PASSWORD);
// enter verification
String uniqueLoc = createUniqueName();
executeSuccess("date=" + validVerificationDateString() + "&location=" + uniqueLoc + "&countryCode=DE&certify=1&rules=1&assertion=1&points=10");
- TestMail tm;
-
- tm = getMailReceiver().receive(applicantM);
+ TestMail tm = getMailReceiver().receive(applicantM);
assertThat(tm.getMessage(), not(containsString("You entered a verification for the account with email address " + applicantM)));
}
+
+ @Test
+ public void testVerifyWithoutCertLogin() throws IOException {
+ cookie = login(agentM, TEST_PASSWORD);
+ loginCertificate = null;
+ assertEquals(403, get(cookie, VerifyPage.PATH).getResponseCode());
+ }
}
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
+import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import club.wpia.gigi.database.GigiPreparedStatement;
import club.wpia.gigi.database.GigiResultSet;
import club.wpia.gigi.dbObjects.Certificate;
+import club.wpia.gigi.dbObjects.Certificate.CSRType;
+import club.wpia.gigi.dbObjects.Digest;
import club.wpia.gigi.dbObjects.EmailAddress;
import club.wpia.gigi.dbObjects.Group;
import club.wpia.gigi.dbObjects.Job;
}
}
}
+
+ protected String cookieWithCertificateLogin(User u) throws IOException, GigiApiException {
+
+ try {
+ KeyPair kp;
+ kp = generateKeypair();
+
+ String csr;
+ csr = generatePEMCSR(kp, "CN=" + u.getPreferredName().toString());
+
+ Certificate c = new Certificate(u, u, Certificate.buildDN("CN", u.getPreferredName().toString()), Digest.SHA256, csr, CSRType.CSR, getClientProfile());
+ final PrivateKey pk = kp.getPrivate();
+ await(c.issue(null, "2y", u));
+ final X509Certificate ce = c.cert();
+ c.setLoginEnabled(true);
+ loginCertificate = c;
+ loginPrivateKey = pk;
+ return login(pk, ce);
+ } catch (InterruptedException e) {
+ throw new GigiApiException(e.toString());
+ } catch (GeneralSecurityException e) {
+ throw new GigiApiException(e.toString());
+ }
+
+ }
}
import static org.junit.Assert.*;
import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
import club.wpia.gigi.GigiApiException;
-import club.wpia.gigi.dbObjects.Certificate;
-import club.wpia.gigi.dbObjects.Certificate.CSRType;
-import club.wpia.gigi.dbObjects.Digest;
import club.wpia.gigi.dbObjects.Group;
import club.wpia.gigi.pages.admin.support.SupportEnterTicketPage;
public SEClientTest() throws IOException, GigiApiException {
grant(u, Group.SUPPORTER);
- try {
- KeyPair kp = generateKeypair();
- String csr = generatePEMCSR(kp, "CN=" + u.getPreferredName().toString());
- Certificate c = new Certificate(u, u, Certificate.buildDN("CN", u.getPreferredName().toString()), Digest.SHA256, csr, CSRType.CSR, getClientProfile());
- final PrivateKey pk = kp.getPrivate();
- await(c.issue(null, "2y", u));
- final X509Certificate ce = c.cert();
- c.setLoginEnabled(true);
- loginCertificate = c;
- loginPrivateKey = pk;
- cookie = login(pk, ce);
- } catch (InterruptedException e) {
- throw new GigiApiException(e.toString());
- } catch (GeneralSecurityException e) {
- throw new GigiApiException(e.toString());
- }
+ cookie = cookieWithCertificateLogin(u);
assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
}