add: ensure that for OrgAdmin action there is a valid OrgAdmin Challenge

[gigi.git] / tests / club / wpia / gigi / pages / orga / TestOrgSwitch.java

diff --git a/tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java b/tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java
index 94586e3452de2558126cf0113ba42a2b41264338..c19f387c38e28d7e7f6ac1c6b1993e80afa06267 100644 (file)
--- a/tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java
+++ b/tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java
@@ -5,13 +5,21 @@ import static org.hamcrest.MatcherAssert.assertThat;
 import static org.junit.Assert.*;
 
 import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URLConnection;
 import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
 import java.sql.SQLException;
 
 import org.junit.After;
 import org.junit.Test;
 
 import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
+import club.wpia.gigi.dbObjects.Certificate;
 import club.wpia.gigi.dbObjects.Organisation;
 import club.wpia.gigi.dbObjects.User;
 import club.wpia.gigi.testUtils.IOUtils;
@@ -25,6 +33,10 @@ public class TestOrgSwitch extends OrgTest {
 
     private Organisation org2 = createUniqueOrg();
 
+    private Certificate cagent;
+
+    private PrivateKey pkagent;
+
     public TestOrgSwitch() throws IOException, GigiApiException {
 
         assertEquals(403, get(SwitchOrganisation.PATH).getResponseCode());
@@ -33,9 +45,12 @@ public class TestOrgSwitch extends OrgTest {
         u2 = User.getById(createVerificationUser("testworker", "testname", email, TEST_PASSWORD));
         assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + org1.getId(), "email=" + URLEncoder.encode(u2.getEmail(), "UTF-8") + "&do_affiliate=y&master=y", 1));
         assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + org2.getId(), "email=" + URLEncoder.encode(u2.getEmail(), "UTF-8") + "&do_affiliate=y&master=y", 1));
+        addChallenge(u2.getId(), CATSType.ORG_ADMIN_DP_CHALLENGE_NAME);
+        cagent = loginCertificate;
+        pkagent = loginPrivateKey;
 
         // login with new user u2
-        cookie = login(email, TEST_PASSWORD);
+        cookie = cookieWithCertificateLogin(u2);
     }
 
     @After
@@ -49,7 +64,7 @@ public class TestOrgSwitch extends OrgTest {
         assertNull(executeBasicWebInteraction(cookie, SwitchOrganisation.PATH, "org:" + org1.getId() + "=y", 0));
 
         String res = IOUtils.readURL(get(SwitchOrganisation.PATH));
-        assertThat(res, containsString("Logged in as " + org1.getName() + " (on behalf of " + u2.getPreferredName()));
+        assertThat(res, containsString("Logged in as " + u2.getPreferredName() + ", acting as " + org1.getName()));
 
     }
 
@@ -83,7 +98,7 @@ public class TestOrgSwitch extends OrgTest {
         assertNull(executeBasicWebInteraction(cookie, SwitchOrganisation.PATH, "org:" + org2.getId() + "=y", 0));
 
         String res = IOUtils.readURL(get(SwitchOrganisation.PATH));
-        assertThat(res, containsString("Logged in as " + org2.getName() + " (on behalf of " + u2.getPreferredName()));
+        assertThat(res, containsString("Logged in as " + u2.getPreferredName() + ", acting as " + org2.getName()));
 
     }
 
@@ -94,7 +109,7 @@ public class TestOrgSwitch extends OrgTest {
         assertNull(executeBasicWebInteraction(cookie, SwitchOrganisation.PATH, "org:" + org1.getId() + "=y", 0));
 
         String res = IOUtils.readURL(get(SwitchOrganisation.PATH));
-        assertThat(res, containsString("Logged in as " + org1.getName() + " (on behalf of " + u2.getPreferredName()));
+        assertThat(res, containsString("Logged in as " + u2.getPreferredName() + ", acting as " + org1.getName()));
 
     }
 
@@ -118,4 +133,31 @@ public class TestOrgSwitch extends OrgTest {
 
     }
 
+    @Test
+    public void testSwitchOrgPasswordLogin() throws IOException, GigiApiException {
+        cookie = login(email, TEST_PASSWORD);
+        loginCertificate = null;
+        URLConnection uc = get(cookie, SwitchOrganisation.PATH);
+        assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
+    }
+
+    @Test
+    public void testSwitchOrgLoginChallenge() throws IOException, GigiApiException, KeyManagementException, NoSuchAlgorithmException, GeneralSecurityException {
+        loginCertificate = cagent;
+        loginPrivateKey = pkagent;
+        cookie = login(pkagent, cagent.cert());
+        String email = createUniqueName() + "@testdom.com";
+        User u3 = User.getById(createVerificationUser("testworker", "testname", email, TEST_PASSWORD));
+        assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + org1.getId(), "email=" + URLEncoder.encode(u3.getEmail(), "UTF-8") + "&do_affiliate=y&master=y", 1));
+        assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + org2.getId(), "email=" + URLEncoder.encode(u3.getEmail(), "UTF-8") + "&do_affiliate=y&master=y", 1));
+
+        cookie = cookieWithCertificateLogin(u3);
+        URLConnection uc = get(cookie, SwitchOrganisation.PATH);
+        assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
+
+        addChallenge(u3.getId(), CATSType.ORG_ADMIN_DP_CHALLENGE_NAME);
+        clearCaches();
+        uc = get(cookie, SwitchOrganisation.PATH);
+        assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+    }
 }