private final String supporterTicketId;
- public AuthorizationContext(CertificateOwner target, User actor) {
+ private final boolean isStronglyAuthenticated;
+
+ public AuthorizationContext(CertificateOwner target, User actor, boolean isStronglyAuthenticated) {
if (actor == null) {
throw new Error("Internal Error: The actor of an AuthorizationContext must not be null!");
}
this.target = target;
this.actor = actor;
this.supporterTicketId = null;
+ this.isStronglyAuthenticated = isStronglyAuthenticated;
}
public AuthorizationContext(User actor, String supporterTicket) throws GigiApiException {
throw new GigiApiException("requires a supporter");
}
this.supporterTicketId = supporterTicket;
+ this.isStronglyAuthenticated = true;
}
public CertificateOwner getTarget() {
}
public boolean canSupport() {
- return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER);
+ return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER) && isStronglyAuthenticated();
}
private static final SprintfCommand sp = new SprintfCommand("Logged in as {0} via {1}.", Arrays.asList("${username", "${loginMethod"));
- private static final SprintfCommand inner = new SprintfCommand("{0} (on behalf of {1})", Arrays.asList("${user", "${target"));
+ private static final SprintfCommand inner = new SprintfCommand("{0}, acting as {1},", Arrays.asList("${user", "${target"));
@Override
public void output(PrintWriter out, Language l, Map<String, Object> vars) {
@Override
public void output(PrintWriter out, Language l, Map<String, Object> vars) {
if (target != actor) {
- vars.put("user", ((Organisation) target).getName().toString());
- vars.put("target", actor.getPreferredName().toString());
+ vars.put("target", ((Organisation) target).getName().toString());
+ vars.put("user", actor.getPreferredName().toString());
inner.output(out, l, vars);
} else {
out.println(actor.getPreferredName().toString());
}
public boolean canVerify() {
- return target instanceof User && ((User) target).canVerify();
+ return target instanceof User && ((User) target).canVerify() && isStronglyAuthenticated() && ((User) target).hasValidRAChallenge();
+ }
+
+ public boolean isStronglyAuthenticated() {
+ return isStronglyAuthenticated;
}
}