vars.put("catsinfo", true);
vars.put("catsra", true);
}
+ if (u.isInGroup(Group.SUPPORTER) && !u.hasValidSupportChallenge()) {
+ vars.put("catsinfo", true);
+ vars.put("catssupport", true);
+ }
Certificate[] c = u.getCertificates(false);
vars.put("c-no", c.length);
<? if($catsra) { ?>
<p><?=_To add a verification you need to pass the RA Agent Challenge.?></p>
<? } ?>
+ <? if($catssupport) { ?>
+ <p><?=_To act as supporter you need to pass the Support Challenge.?></p>
+ <? } ?>
</div>
<? } ?>
<div class="card card-body bg-light">
@Override
public boolean isPermitted(AuthorizationContext ac) {
- return ac != null && ac.isInGroup(Group.SUPPORTER) && ac.isStronglyAuthenticated();
+ return ac != null && ac.isInGroup(Group.SUPPORTER) && ac.isStronglyAuthenticated() && ac.getActor().hasValidSupportChallenge();
}
}
}
public boolean canSupport() {
- return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER) && isStronglyAuthenticated();
+ return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER) && isStronglyAuthenticated() && ((User) target).hasValidSupportChallenge();
}
private static final SprintfCommand sp = new SprintfCommand("Logged in as {0} via {1}.", Arrays.asList("${username", "${loginMethod"));
authenticate((HttpURLConnection) uc);
content = IOUtils.readURL(uc);
assertThat(content, not(containsString("you need to pass the RA Agent Challenge")));
+
+ // test Support challenge
+ uc = new URL("https://" + getSecureServerName()).openConnection();
+ authenticate((HttpURLConnection) uc);
+ content = IOUtils.readURL(uc);
+ assertThat(content, not(containsString("you need to pass the Support Challenge")));
+
+ grant(u, Group.SUPPORTER);
+ cookie = login(loginPrivateKey, loginCertificate.cert());
+ uc = new URL("https://" + getSecureServerName()).openConnection();
+ authenticate((HttpURLConnection) uc);
+ content = IOUtils.readURL(uc);
+ assertThat(content, containsString("you need to pass the Support Challenge"));
+
+ addChallengeInPast(u.getId(), CATSType.SUPPORT_DP_CHALLENGE_NAME);
+ uc = new URL("https://" + getSecureServerName()).openConnection();
+ authenticate((HttpURLConnection) uc);
+ content = IOUtils.readURL(uc);
+ assertThat(content, containsString("you need to pass the Support Challenge"));
+
+ addChallenge(u.getId(), CATSType.SUPPORT_DP_CHALLENGE_NAME);
+ uc = new URL("https://" + getSecureServerName()).openConnection();
+ authenticate((HttpURLConnection) uc);
+ content = IOUtils.readURL(uc);
+ assertThat(content, not(containsString("you need to pass the Support Challenge")));
}
}
import org.junit.Test;
import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
import club.wpia.gigi.dbObjects.Group;
+import club.wpia.gigi.dbObjects.User;
import club.wpia.gigi.pages.admin.support.FindCertPage;
import club.wpia.gigi.pages.admin.support.FindUserByDomainPage;
import club.wpia.gigi.pages.admin.support.FindUserByEmailPage;
public TestSEAdminTicketSetting() throws IOException, GigiApiException {
grant(u, Group.SUPPORTER);
+ addChallenge(u.getId(), CATSType.SUPPORT_DP_CHALLENGE_NAME);
cookie = cookieWithCertificateLogin(u);
}
assertEquals(403, get(cookiePW, FindCertPage.PATH).getResponseCode());
}
+ @Test
+ public void testNoSupportChallenge() throws MalformedURLException, UnsupportedEncodingException, IOException, GigiApiException {
+ User supporter1 = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+ grant(supporter1, Group.SUPPORTER);
+ loginCertificate = null;
+ cookie = cookieWithCertificateLogin(supporter1);
+
+ assertEquals(403, get(SupportEnterTicketPage.PATH).getResponseCode());
+ assertEquals(403, get(FindUserByEmailPage.PATH).getResponseCode());
+ assertEquals(403, get(FindUserByDomainPage.PATH).getResponseCode());
+ assertEquals(403, get(FindCertPage.PATH).getResponseCode());
+ }
+
}
import java.io.IOException;
import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
import club.wpia.gigi.dbObjects.Group;
import club.wpia.gigi.pages.admin.support.SupportEnterTicketPage;
public SEClientTest() throws IOException, GigiApiException {
grant(u, Group.SUPPORTER);
+ addChallenge(u.getId(), CATSType.SUPPORT_DP_CHALLENGE_NAME);
cookie = cookieWithCertificateLogin(u);
assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
}