add: ensure that for Org Administrator actions certificate login is used
[gigi.git] / tests / club / wpia / gigi / pages / TestMain.java
index 682daf8..194097f 100644 (file)
@@ -9,23 +9,24 @@ import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URLConnection;
 import java.security.GeneralSecurityException;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
 
 import org.junit.Test;
 
 import club.wpia.gigi.GigiApiException;
-import club.wpia.gigi.dbObjects.Certificate;
-import club.wpia.gigi.dbObjects.Certificate.CSRType;
-import club.wpia.gigi.dbObjects.Digest;
+import club.wpia.gigi.dbObjects.Country;
+import club.wpia.gigi.dbObjects.Country.CountryCodeType;
+import club.wpia.gigi.dbObjects.Group;
+import club.wpia.gigi.dbObjects.Organisation;
+import club.wpia.gigi.dbObjects.User;
 import club.wpia.gigi.testUtils.ClientTest;
 import club.wpia.gigi.testUtils.IOUtils;
 
 public class TestMain extends ClientTest {
 
+    private User orgAdmin;
+
     @Test
-    public void testPasswordLogin() throws MalformedURLException, IOException {
+    public void testPasswordLogin() throws MalformedURLException, IOException, GigiApiException {
         URLConnection uc = new URL("https://" + getServerName()).openConnection();
         uc.addRequestProperty("Cookie", cookie);
         String content = IOUtils.readURL(uc);
@@ -42,16 +43,7 @@ public class TestMain extends ClientTest {
 
     @Test
     public void testCertLogin() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
-        KeyPair kp = generateKeypair();
-        String csr = generatePEMCSR(kp, "CN=" + u.getPreferredName().toString());
-        Certificate c = new Certificate(u, u, Certificate.buildDN("CN", u.getPreferredName().toString()), Digest.SHA256, csr, CSRType.CSR, getClientProfile());
-        final PrivateKey pk = kp.getPrivate();
-        await(c.issue(null, "2y", u));
-        final X509Certificate ce = c.cert();
-        c.setLoginEnabled(true);
-        cookie = login(pk, ce);
-        loginCertificate = c;
-        loginPrivateKey = pk;
+        cookie = cookieWithCertificateLogin(u);
 
         URLConnection uc = new URL("https://" + getSecureServerName()).openConnection();
         authenticate((HttpURLConnection) uc);
@@ -63,6 +55,42 @@ public class TestMain extends ClientTest {
         authenticate((HttpURLConnection) uc);
         content = IOUtils.readURL(uc);
         assertThat(content, containsString("You are authenticated via certificate, so you will be able to perform all actions."));
+    }
+
+    @Test
+    public void testPasswordLoginOrgAdmin() throws MalformedURLException, IOException, GigiApiException {
+        URLConnection uc = new URL("https://" + getServerName()).openConnection();
+        addOrgAdmin();
+        cookie = login(orgAdmin.getEmail(), TEST_PASSWORD);
+        loginCertificate = null;
+        uc.addRequestProperty("Cookie", cookie);
+        String content = IOUtils.readURL(uc);
+        assertThat(content, containsString("You need to be logged in via certificate to get access to the organisations."));
+        assertThat(content, containsString("For some actions, e.g. add verification, support, you need to be authenticated via certificate."));
+
+    }
+
+    @Test
+    public void testCertLoginOrgAdmin() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
+        cookie = cookieWithCertificateLogin(u);
+        addOrgAdmin();
+        cookie = cookieWithCertificateLogin(orgAdmin);
+
+        URLConnection uc = new URL("https://" + getSecureServerName()).openConnection();
+        authenticate((HttpURLConnection) uc);
+        String content = IOUtils.readURL(uc);
+
+        assertThat(content, containsString("change to organisation administrator context"));
+        assertThat(content, containsString("You are authenticated via certificate, so you will be able to perform all actions."));
+    }
 
+    private void addOrgAdmin() throws GigiApiException, IOException {
+        makeAgent(u.getId());
+        u.grantGroup(getSupporter(), Group.ORG_AGENT);
+        clearCaches();
+        Organisation o = new Organisation(createUniqueName(), Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "city", "test@example.com", "", "", u);
+        orgAdmin = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+        makeAgent(orgAdmin.getId());
+        o.addAdmin(orgAdmin, u, true);
     }
 }