vars.put("vp", u.getVerificationPoints());
vars.put("xp", u.getExperiencePoints());
+
+ vars.put("catsinfo", false);
+ if (u.canVerify() && !u.hasValidRAChallenge()) {
+ vars.put("catsinfo", true);
+ vars.put("catsra", true);
+ }
Certificate[] c = u.getCertificates(false);
vars.put("c-no", c.length);
</div>
<? } ?>
<? } ?>
-
+<? if($catsinfo) { ?>
+ <div class="alert alert-warning" role="alert">
+ <? if($catsra) { ?>
+ <p><?=_To add a verification you need to pass the RA Agent Challenge.?></p>
+ <? } ?>
+ </div>
+<? } ?>
<div class="card card-body bg-light">
<? if($ra-agent) { ?><p><?=_You are an RA Agent.?></p><? } ?>
<p><?=_Assigned support permissions?>: <?=$support-groups?></p>
}
public boolean canVerify() {
- return target instanceof User && ((User) target).canVerify() && isStronglyAuthenticated();
+ return target instanceof User && ((User) target).canVerify() && isStronglyAuthenticated() && ((User) target).hasValidRAChallenge();
}
public boolean isStronglyAuthenticated() {
import org.junit.Test;
import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
import club.wpia.gigi.dbObjects.Country;
import club.wpia.gigi.dbObjects.Country.CountryCodeType;
import club.wpia.gigi.dbObjects.Group;
makeAgent(orgAdmin.getId());
o.addAdmin(orgAdmin, u, true);
}
+
+ @Test
+ public void testValidChallenges() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
+ cookie = cookieWithCertificateLogin(u);
+
+ // test RA Agent challenge
+ URLConnection uc = new URL("https://" + getSecureServerName()).openConnection();
+ authenticate((HttpURLConnection) uc);
+ String content = IOUtils.readURL(uc);
+ assertThat(content, not(containsString("you need to pass the RA Agent Challenge")));
+
+ add100Points(u.getId());
+ addChallengeInPast(u.getId(), CATSType.AGENT_CHALLENGE);
+ uc = new URL("https://" + getSecureServerName()).openConnection();
+ authenticate((HttpURLConnection) uc);
+ content = IOUtils.readURL(uc);
+ assertThat(content, containsString("you need to pass the RA Agent Challenge"));
+
+ addChallenge(u.getId(), CATSType.AGENT_CHALLENGE);
+ uc = new URL("https://" + getSecureServerName()).openConnection();
+ authenticate((HttpURLConnection) uc);
+ content = IOUtils.readURL(uc);
+ assertThat(content, not(containsString("you need to pass the RA Agent Challenge")));
+ }
}
import club.wpia.gigi.GigiApiException;
import club.wpia.gigi.database.GigiPreparedStatement;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
import club.wpia.gigi.dbObjects.Country;
import club.wpia.gigi.dbObjects.Group;
import club.wpia.gigi.dbObjects.User;
private int applicantName;
+ private int applicantId;
+
private String cookie;
@Before
applicantM = createUniqueName() + "@example.org";
createVerificationUser("a", "b", agentM, TEST_PASSWORD);
- int applicantId = createVerifiedUser("a", "c", applicantM, TEST_PASSWORD);
+ applicantId = createVerifiedUser("a", "c", applicantM, TEST_PASSWORD);
applicantName = User.getById(applicantId).getPreferredName().getId();
User users[] = User.findByEmail(agentM);
loginCertificate = null;
assertEquals(403, get(cookie, VerifyPage.PATH).getResponseCode());
}
+
+ @Test
+ public void testVerifyWithoutValidChallenge() throws IOException, GigiApiException {
+ cookie = cookieWithCertificateLogin(User.getById(applicantId));
+ add100Points(applicantId);
+ addChallengeInPast(applicantId, CATSType.AGENT_CHALLENGE);
+ assertEquals(403, get(cookie, VerifyPage.PATH).getResponseCode());
+ addChallenge(applicantId, CATSType.AGENT_CHALLENGE);
+ assertEquals(200, get(cookie, VerifyPage.PATH).getResponseCode());
+ }
}
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.sql.SQLException;
+import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import club.wpia.gigi.database.DatabaseConnection.Link;
import club.wpia.gigi.database.GigiPreparedStatement;
import club.wpia.gigi.database.SQLFileManager.ImportType;
+import club.wpia.gigi.dbObjects.CATS;
import club.wpia.gigi.dbObjects.CATS.CATSType;
import club.wpia.gigi.dbObjects.CertificateProfile;
import club.wpia.gigi.dbObjects.Domain;
}
public static void makeAgent(int uid) {
+ addChallenge(uid, CATSType.AGENT_CHALLENGE);
+ add100Points(uid);
+ }
+
+ public static void addChallenge(int uid, CATSType ct) {
try (GigiPreparedStatement ps1 = new GigiPreparedStatement("INSERT INTO cats_passed SET user_id=?, variant_id=?, language='en_EN', version='1'")) {
ps1.setInt(1, uid);
- ps1.setInt(2, CATSType.AGENT_CHALLENGE.getId());
+ ps1.setInt(2, ct.getId());
+ ps1.execute();
+ }
+ }
+
+ public static void addChallengeInPast(int uid, CATSType ct) {
+ try (GigiPreparedStatement ps1 = new GigiPreparedStatement("INSERT INTO cats_passed SET user_id=?, variant_id=?, pass_date=?, language='en_EN', version='1'")) {
+ ps1.setInt(1, uid);
+ ps1.setInt(2, ct.getId());
+ ps1.setTimestamp(3, new Timestamp(new Date(System.currentTimeMillis() - 24L * 60 * 60 * (CATS.TEST_MONTHS + 1) * 31 * 1000L).getTime()));
ps1.execute();
}
+ }
+ public static void add100Points(int uid) {
try (GigiPreparedStatement ps2 = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, points='100'")) {
ps2.setInt(1, uid);
ps2.setInt(2, User.getById(uid).getPreferredName().getId());