Merge "add: ensure that for Support actions there is a valid Support Challenge"

diff --git a/src/club/wpia/gigi/pages/MainPage.java b/src/club/wpia/gigi/pages/MainPage.java
index a486618fedf39cba887c4d212c26f72c177557dd..9b7e079c25af0a8081c9e70f4cc1c9b562d8d998 100644 (file)
--- a/src/club/wpia/gigi/pages/MainPage.java
+++ b/src/club/wpia/gigi/pages/MainPage.java
@@ -47,6 +47,10 @@ public class MainPage extends Page {
                 vars.put("catsinfo", true);
                 vars.put("catsra", true);
             }
+            if (u.isInGroup(Group.SUPPORTER) && !u.hasValidSupportChallenge()) {
+                vars.put("catsinfo", true);
+                vars.put("catssupport", true);
+            }
             Certificate[] c = u.getCertificates(false);
             vars.put("c-no", c.length);
 

diff --git a/src/club/wpia/gigi/pages/MainPage.templ b/src/club/wpia/gigi/pages/MainPage.templ
index 8f9f87313c553aea6b7317b7b15e5a7f3b1d76fc..52b805b55c555deafe729740baa2e323d5d240cf 100644 (file)
--- a/src/club/wpia/gigi/pages/MainPage.templ
+++ b/src/club/wpia/gigi/pages/MainPage.templ
@@ -17,6 +17,9 @@
   <? if($catsra) { ?>
     <p><?=_To add a verification you need to pass the RA Agent Challenge.?></p>
   <? } ?>
+  <? if($catssupport) { ?>
+    <p><?=_To act as supporter you need to pass the Support Challenge.?></p>
+  <? } ?>
   </div>
 <? } ?>
 <div class="card card-body bg-light">

diff --git a/src/club/wpia/gigi/pages/admin/support/SupportEnterTicketPage.java b/src/club/wpia/gigi/pages/admin/support/SupportEnterTicketPage.java
index 14b1faafc62a7afcd7ed5d43538c836fd94c370e..3db0881bbb80a19368f8a188bef6c66cedcd6b4f 100644 (file)
--- a/src/club/wpia/gigi/pages/admin/support/SupportEnterTicketPage.java
+++ b/src/club/wpia/gigi/pages/admin/support/SupportEnterTicketPage.java
@@ -47,7 +47,7 @@ public class SupportEnterTicketPage extends Page {
 
     @Override
     public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && ac.isInGroup(Group.SUPPORTER) && ac.isStronglyAuthenticated();
+        return ac != null && ac.isInGroup(Group.SUPPORTER) && ac.isStronglyAuthenticated() && ac.getActor().hasValidSupportChallenge();
     }
 
 }

diff --git a/src/club/wpia/gigi/util/AuthorizationContext.java b/src/club/wpia/gigi/util/AuthorizationContext.java
index 66c65450bb3fac8180a9025f2af99b465482d3a8..0cc653c18ced141565d9cd624a97e00dc9d34a9e 100644 (file)
--- a/src/club/wpia/gigi/util/AuthorizationContext.java
+++ b/src/club/wpia/gigi/util/AuthorizationContext.java
@@ -79,7 +79,7 @@ public class AuthorizationContext implements Outputable, Serializable {
     }
 
     public boolean canSupport() {
-        return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER) && isStronglyAuthenticated();
+        return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER) && isStronglyAuthenticated() && ((User) target).hasValidSupportChallenge();
     }
 
     private static final SprintfCommand sp = new SprintfCommand("Logged in as {0} via {1}.", Arrays.asList("${username", "${loginMethod"));

diff --git a/tests/club/wpia/gigi/pages/TestMain.java b/tests/club/wpia/gigi/pages/TestMain.java
index e6dce4569348d0d6a795aecaa742911a449c80fb..47c4c151a7c4351fe96a58f85c482d49b93883e9 100644 (file)
--- a/tests/club/wpia/gigi/pages/TestMain.java
+++ b/tests/club/wpia/gigi/pages/TestMain.java
@@ -117,5 +117,30 @@ public class TestMain extends ClientTest {
         authenticate((HttpURLConnection) uc);
         content = IOUtils.readURL(uc);
         assertThat(content, not(containsString("you need to pass the RA Agent Challenge")));
+
+        // test Support challenge
+        uc = new URL("https://" + getSecureServerName()).openConnection();
+        authenticate((HttpURLConnection) uc);
+        content = IOUtils.readURL(uc);
+        assertThat(content, not(containsString("you need to pass the Support Challenge")));
+
+        grant(u, Group.SUPPORTER);
+        cookie = login(loginPrivateKey, loginCertificate.cert());
+        uc = new URL("https://" + getSecureServerName()).openConnection();
+        authenticate((HttpURLConnection) uc);
+        content = IOUtils.readURL(uc);
+        assertThat(content, containsString("you need to pass the Support Challenge"));
+
+        addChallengeInPast(u.getId(), CATSType.SUPPORT_DP_CHALLENGE_NAME);
+        uc = new URL("https://" + getSecureServerName()).openConnection();
+        authenticate((HttpURLConnection) uc);
+        content = IOUtils.readURL(uc);
+        assertThat(content, containsString("you need to pass the Support Challenge"));
+
+        addChallenge(u.getId(), CATSType.SUPPORT_DP_CHALLENGE_NAME);
+        uc = new URL("https://" + getSecureServerName()).openConnection();
+        authenticate((HttpURLConnection) uc);
+        content = IOUtils.readURL(uc);
+        assertThat(content, not(containsString("you need to pass the Support Challenge")));
     }
 }

diff --git a/tests/club/wpia/gigi/pages/admin/TestSEAdminTicketSetting.java b/tests/club/wpia/gigi/pages/admin/TestSEAdminTicketSetting.java
index ac4c23bf5cdb454a3c2ca9b63bdc823b921f2f8d..7562ed0076d6eac643423019287c4b92a4c10efa 100644 (file)
--- a/tests/club/wpia/gigi/pages/admin/TestSEAdminTicketSetting.java
+++ b/tests/club/wpia/gigi/pages/admin/TestSEAdminTicketSetting.java
@@ -12,7 +12,9 @@ import java.util.Random;
 import org.junit.Test;
 
 import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
 import club.wpia.gigi.dbObjects.Group;
+import club.wpia.gigi.dbObjects.User;
 import club.wpia.gigi.pages.admin.support.FindCertPage;
 import club.wpia.gigi.pages.admin.support.FindUserByDomainPage;
 import club.wpia.gigi.pages.admin.support.FindUserByEmailPage;
@@ -25,6 +27,7 @@ public class TestSEAdminTicketSetting extends ClientTest {
 
     public TestSEAdminTicketSetting() throws IOException, GigiApiException {
         grant(u, Group.SUPPORTER);
+        addChallenge(u.getId(), CATSType.SUPPORT_DP_CHALLENGE_NAME);
         cookie = cookieWithCertificateLogin(u);
     }
 
@@ -111,4 +114,17 @@ public class TestSEAdminTicketSetting extends ClientTest {
         assertEquals(403, get(cookiePW, FindCertPage.PATH).getResponseCode());
     }
 
+    @Test
+    public void testNoSupportChallenge() throws MalformedURLException, UnsupportedEncodingException, IOException, GigiApiException {
+        User supporter1 = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+        grant(supporter1, Group.SUPPORTER);
+        loginCertificate = null;
+        cookie = cookieWithCertificateLogin(supporter1);
+
+        assertEquals(403, get(SupportEnterTicketPage.PATH).getResponseCode());
+        assertEquals(403, get(FindUserByEmailPage.PATH).getResponseCode());
+        assertEquals(403, get(FindUserByDomainPage.PATH).getResponseCode());
+        assertEquals(403, get(FindCertPage.PATH).getResponseCode());
+    }
+
 }

diff --git a/tests/club/wpia/gigi/testUtils/SEClientTest.java b/tests/club/wpia/gigi/testUtils/SEClientTest.java
index a77967295bd6c9bc87c33754284bbe8ff307cabd..32cb1d84f380c2b3913ee86e796b8f2e7d757262 100644 (file)
--- a/tests/club/wpia/gigi/testUtils/SEClientTest.java
+++ b/tests/club/wpia/gigi/testUtils/SEClientTest.java
@@ -5,6 +5,7 @@ import static org.junit.Assert.*;
 import java.io.IOException;
 
 import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
 import club.wpia.gigi.dbObjects.Group;
 import club.wpia.gigi.pages.admin.support.SupportEnterTicketPage;
 
@@ -16,6 +17,7 @@ public abstract class SEClientTest extends ClientTest {
 
     public SEClientTest() throws IOException, GigiApiException {
         grant(u, Group.SUPPORTER);
+        addChallenge(u.getId(), CATSType.SUPPORT_DP_CHALLENGE_NAME);
         cookie = cookieWithCertificateLogin(u);
         assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
     }