add: ensure that for Org Agent actions certificate login is used

author INOPIAE <m.maengel@inopiae.de>

Sun, 14 Jul 2019 05:33:56 +0000 (07:33 +0200)

committer INOPIAE <m.maengel@inopiae.de>

Sun, 8 Sep 2019 19:21:55 +0000 (21:21 +0200)
author INOPIAE <m.maengel@inopiae.de>
Sun, 14 Jul 2019 05:33:56 +0000 (07:33 +0200)
committer INOPIAE <m.maengel@inopiae.de>
Sun, 8 Sep 2019 19:21:55 +0000 (21:21 +0200)
diff --git a/src/club/wpia/gigi/pages/orga/CreateOrgPage.java b/src/club/wpia/gigi/pages/orga/CreateOrgPage.java

index 98076fe94dd347c5fbf13ada4d984c9cfd895acb..27a0e4de9e8808e518824aec9a7595162406ad55 100644 (file)
--- a/src/club/wpia/gigi/pages/orga/CreateOrgPage.java
+++ b/src/club/wpia/gigi/pages/orga/CreateOrgPage.java
@@ -21,7 +21,7 @@ public class CreateOrgPage extends ManagedFormPage {
  
      @Override
      public boolean isPermitted(AuthorizationContext ac) {
  
      @Override
      public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && ac.isInGroup(ORG_AGENT);
+        return ac != null && ac.isInGroup(ORG_AGENT) && ac.isStronglyAuthenticated();
      }
  
      @Override
      }
  
      @Override
diff --git a/src/club/wpia/gigi/pages/orga/ViewOrgPage.java b/src/club/wpia/gigi/pages/orga/ViewOrgPage.java

index 6d7e9a2a034f28c0a59370e363bdb83142e61fa0..a5119068a8bdd904a4c206f133b3de916d596307 100644 (file)
--- a/src/club/wpia/gigi/pages/orga/ViewOrgPage.java
+++ b/src/club/wpia/gigi/pages/orga/ViewOrgPage.java
@@ -36,7 +36,7 @@ public class ViewOrgPage extends ManagedMultiFormPage {
  
      @Override
      public boolean isPermitted(AuthorizationContext ac) {
  
      @Override
      public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && (ac.isInGroup(CreateOrgPage.ORG_AGENT) || ac.getActor().getOrganisations(true).size() != 0);
+        return ac != null && ((ac.isInGroup(CreateOrgPage.ORG_AGENT) && ac.isStronglyAuthenticated()) || ac.getActor().getOrganisations(true).size() != 0);
      }
  
      @Override
      }
  
      @Override
diff --git a/tests/club/wpia/gigi/pages/orga/TestOrgDomain.java b/tests/club/wpia/gigi/pages/orga/TestOrgDomain.java

index a17586b27224c5f48c81ca113511782b18cf5036..7d4123cba769d6b6f79c110ed9bdfff6fba66b31 100644 (file)
--- a/tests/club/wpia/gigi/pages/orga/TestOrgDomain.java
+++ b/tests/club/wpia/gigi/pages/orga/TestOrgDomain.java
@@ -100,6 +100,7 @@ public class TestOrgDomain extends OrgTest {
          assertEquals(1, o.getDomains().length);
          User admin = createOrgAdmin(o);
          String adminCookie = login(admin.getEmail(), TEST_PASSWORD);
          assertEquals(1, o.getDomains().length);
          User admin = createOrgAdmin(o);
          String adminCookie = login(admin.getEmail(), TEST_PASSWORD);
+        loginCertificate = null;
          assertNull(executeBasicWebInteraction(adminCookie, SwitchOrganisation.PATH, "org:" + o.getId() + "=y", 0));
  
          // test that delete button is not displayed
          assertNull(executeBasicWebInteraction(adminCookie, SwitchOrganisation.PATH, "org:" + o.getId() + "=y", 0));
  
          // test that delete button is not displayed
diff --git a/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java b/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java

index 2bb91f12c87dad6df21e67ba3d5b19b0f8f0c574..6565d25fe04ed41a88933560823a661709d48d29 100644 (file)
--- a/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java
+++ b/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java
@@ -9,6 +9,7 @@ import java.net.HttpURLConnection;
  import java.net.MalformedURLException;
  import java.net.URLConnection;
  import java.net.URLEncoder;
  import java.net.MalformedURLException;
  import java.net.URLConnection;
  import java.net.URLEncoder;
+import java.security.PrivateKey;
  import java.sql.SQLException;
  import java.util.List;
  
  import java.sql.SQLException;
  import java.util.List;
  
@@ -16,6 +17,7 @@ import org.junit.After;
  import org.junit.Test;
  
  import club.wpia.gigi.GigiApiException;
  import org.junit.Test;
  
  import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.Certificate;
  import club.wpia.gigi.dbObjects.Country;
  import club.wpia.gigi.dbObjects.Country.CountryCodeType;
  import club.wpia.gigi.dbObjects.Organisation;
  import club.wpia.gigi.dbObjects.Country;
  import club.wpia.gigi.dbObjects.Country.CountryCodeType;
  import club.wpia.gigi.dbObjects.Organisation;
@@ -90,9 +92,14 @@ public class TestOrgManagement extends OrgTest {
          o1.addAdmin(u2, u, false);
          String session2 = login(u2.getEmail(), TEST_PASSWORD);
  
          o1.addAdmin(u2, u, false);
          String session2 = login(u2.getEmail(), TEST_PASSWORD);
  
+        Certificate c1 = loginCertificate;
+        PrivateKey pk1 = loginPrivateKey;
+        loginCertificate = null;
+
          URLConnection uc = get(session2, ViewOrgPage.DEFAULT_PATH);
          assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
  
          URLConnection uc = get(session2, ViewOrgPage.DEFAULT_PATH);
          assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
  
+        session2 = cookieWithCertificateLogin(u2);
          uc = get(session2, MyDetails.PATH);
          String content = IOUtils.readURL(uc);
          assertThat(content, containsString(o1.getName()));
          uc = get(session2, MyDetails.PATH);
          String content = IOUtils.readURL(uc);
          assertThat(content, containsString(o1.getName()));
@@ -102,6 +109,9 @@ public class TestOrgManagement extends OrgTest {
          uc = get(session2, ViewOrgPage.DEFAULT_PATH + "/" + o2.getId());
          assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
  
          uc = get(session2, ViewOrgPage.DEFAULT_PATH + "/" + o2.getId());
          assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
  
+        loginCertificate = c1;
+        loginPrivateKey = pk1;
+
          uc = get(ViewOrgPage.DEFAULT_PATH);
          content = IOUtils.readURL(uc);
          assertThat(content, containsString(o1.getName()));
          uc = get(ViewOrgPage.DEFAULT_PATH);
          content = IOUtils.readURL(uc);
          assertThat(content, containsString(o1.getName()));
@@ -267,4 +277,13 @@ public class TestOrgManagement extends OrgTest {
          return executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + o1.getId(), "action=updateCertificateData&O=" + o + "&C=" + c + "&ST=" + province + "&L=" + ct, 0);
      }
  
          return executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + o1.getId(), "action=updateCertificateData&O=" + o + "&C=" + c + "&ST=" + province + "&L=" + ct, 0);
      }
  
+    @Test
+    public void testAgentWithoutCertLogin() throws IOException, GigiApiException {
+        cookie = login(u.getEmail(), TEST_PASSWORD);
+        loginCertificate = null;
+        URLConnection uc = get(cookie, ViewOrgPage.DEFAULT_PATH);
+        assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
+        uc = get(cookie, CreateOrgPage.DEFAULT_PATH);
+        assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
+    }
  }
  }
diff --git a/tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java b/tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java

index 122ed18b99127f6f367b9eaf425ff38d5fe17e08..40aed5f4055b77990018ee93b865cd69aa253e36 100644 (file)
--- a/tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java
+++ b/tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java
@@ -35,7 +35,7 @@ public class TestOrgSwitch extends OrgTest {
          assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + org2.getId(), "email=" + URLEncoder.encode(u2.getEmail(), "UTF-8") + "&do_affiliate=y&master=y", 1));
  
          // login with new user u2
          assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + org2.getId(), "email=" + URLEncoder.encode(u2.getEmail(), "UTF-8") + "&do_affiliate=y&master=y", 1));
  
          // login with new user u2
-        cookie = login(email, TEST_PASSWORD);
+        cookie = cookieWithCertificateLogin(u2);
      }
  
      @After
      }
  
      @After
diff --git a/tests/club/wpia/gigi/testUtils/OrgTest.java b/tests/club/wpia/gigi/testUtils/OrgTest.java

index 2d79c5a497b0e15d289ff38e699599e8cabe414d..6c3ba7c4621651952aa12dcdc04b737481a6ef66 100644 (file)
--- a/tests/club/wpia/gigi/testUtils/OrgTest.java
+++ b/tests/club/wpia/gigi/testUtils/OrgTest.java
@@ -15,7 +15,7 @@ public class OrgTest extends ClientTest {
          makeAgent(u.getId());
          u.grantGroup(getSupporter(), Group.ORG_AGENT);
          clearCaches();
          makeAgent(u.getId());
          u.grantGroup(getSupporter(), Group.ORG_AGENT);
          clearCaches();
-        cookie = login(email, TEST_PASSWORD);
+        cookie = cookieWithCertificateLogin(u);
      }
  
      public Organisation createUniqueOrg() throws GigiApiException {
      }
  
      public Organisation createUniqueOrg() throws GigiApiException {
author	INOPIAE <m.maengel@inopiae.de>
	Sun, 14 Jul 2019 05:33:56 +0000 (07:33 +0200)
committer	INOPIAE <m.maengel@inopiae.de>
	Sun, 8 Sep 2019 19:21:55 +0000 (21:21 +0200)
src/club/wpia/gigi/pages/orga/CreateOrgPage.java		patch \| blob \| history
src/club/wpia/gigi/pages/orga/ViewOrgPage.java		patch \| blob \| history
tests/club/wpia/gigi/pages/orga/TestOrgDomain.java		patch \| blob \| history
tests/club/wpia/gigi/pages/orga/TestOrgManagement.java		patch \| blob \| history
tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java		patch \| blob \| history
tests/club/wpia/gigi/testUtils/OrgTest.java		patch \| blob \| history