X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Fclub%2Fwpia%2Fgigi%2Futil%2FAuthorizationContext.java;h=0cc653c18ced141565d9cd624a97e00dc9d34a9e;hp=13f70cc7c96c088c301d6a9c618ce152048fc586;hb=86c54e084577b712268320f990facc8e9a09aec6;hpb=7d8ec14b31b08647465fe73c48218f0afa149b09

diff --git a/src/club/wpia/gigi/util/AuthorizationContext.java b/src/club/wpia/gigi/util/AuthorizationContext.java
index 13f70cc7..0cc653c1 100644
--- a/src/club/wpia/gigi/util/AuthorizationContext.java
+++ b/src/club/wpia/gigi/util/AuthorizationContext.java
@@ -24,7 +24,9 @@ public class AuthorizationContext implements Outputable, Serializable {
 
     private final String supporterTicketId;
 
-    public AuthorizationContext(CertificateOwner target, User actor) {
+    private final boolean isStronglyAuthenticated;
+
+    public AuthorizationContext(CertificateOwner target, User actor, boolean isStronglyAuthenticated) {
         if (actor == null) {
             throw new Error("Internal Error: The actor of an AuthorizationContext must not be null!");
         }
@@ -34,6 +36,7 @@ public class AuthorizationContext implements Outputable, Serializable {
         this.target = target;
         this.actor = actor;
         this.supporterTicketId = null;
+        this.isStronglyAuthenticated = isStronglyAuthenticated;
     }
 
     public AuthorizationContext(User actor, String supporterTicket) throws GigiApiException {
@@ -49,6 +52,7 @@ public class AuthorizationContext implements Outputable, Serializable {
             throw new GigiApiException("requires a supporter");
         }
         this.supporterTicketId = supporterTicket;
+        this.isStronglyAuthenticated = true;
     }
 
     public CertificateOwner getTarget() {
@@ -75,7 +79,7 @@ public class AuthorizationContext implements Outputable, Serializable {
     }
 
     public boolean canSupport() {
-        return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER);
+        return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER) && isStronglyAuthenticated() && ((User) target).hasValidSupportChallenge();
     }
 
     private static final SprintfCommand sp = new SprintfCommand("Logged in as {0} via {1}.", Arrays.asList("${username", "${loginMethod"));
@@ -109,6 +113,10 @@ public class AuthorizationContext implements Outputable, Serializable {
     }
 
     public boolean canVerify() {
-        return target instanceof User && ((User) target).canVerify();
+        return target instanceof User && ((User) target).canVerify() && isStronglyAuthenticated() && ((User) target).hasValidRAChallenge();
+    }
+
+    public boolean isStronglyAuthenticated() {
+        return isStronglyAuthenticated;
     }
 }