add: ensure that for TTPAgent action there is a valid TTPAgent Challenge

author INOPIAE <m.maengel@inopiae.de>

Wed, 17 Jul 2019 08:50:09 +0000 (10:50 +0200)

committer INOPIAE <m.maengel@inopiae.de>

Sun, 8 Sep 2019 19:30:14 +0000 (21:30 +0200)
author INOPIAE <m.maengel@inopiae.de>
Wed, 17 Jul 2019 08:50:09 +0000 (10:50 +0200)
committer INOPIAE <m.maengel@inopiae.de>
Sun, 8 Sep 2019 19:30:14 +0000 (21:30 +0200)
diff --git a/src/club/wpia/gigi/pages/MainPage.java b/src/club/wpia/gigi/pages/MainPage.java

index e0170185982d4a1c3caf1492a09e5b4333dfa55f..9ebd30fa5b28f4994534e019a40dd7cc4c105d41 100644 (file)
--- a/src/club/wpia/gigi/pages/MainPage.java
+++ b/src/club/wpia/gigi/pages/MainPage.java
@@ -55,6 +55,10 @@ public class MainPage extends Page {
                  vars.put("catsinfo", true);
                  vars.put("catsorgagent", true);
              }
+            if (u.isInGroup(Group.TTP_AGENT) && !u.hasValidTTPAgentChallenge()) {
+                vars.put("catsinfo", true);
+                vars.put("catsttpagent", true);
+            }
  
              Certificate[] c = u.getCertificates(false);
              vars.put("c-no", c.length);
diff --git a/src/club/wpia/gigi/pages/MainPage.templ b/src/club/wpia/gigi/pages/MainPage.templ

index e8ecee42c3eacf5017c4e6436c016814cc357776..9b7ea86e4430f823fd2243ffd570aaa82999968f 100644 (file)
--- a/src/club/wpia/gigi/pages/MainPage.templ
+++ b/src/club/wpia/gigi/pages/MainPage.templ
@@ -23,6 +23,9 @@
    <? if($catsorgagent) { ?>
      <p><?=_To act as Organisation Agent you need to pass the Organisation Agent Challenge.?></p>
    <? } ?>
+    <? if($catsttpagent) { ?>
+      <p><?=_To act as TTP Agent you need to pass the TTP RA Agent Challenge.?></p>
+    <? } ?>
    </div>
  <? } ?>
  <div class="card card-body bg-light">
diff --git a/src/club/wpia/gigi/pages/admin/TTPAdminPage.java b/src/club/wpia/gigi/pages/admin/TTPAdminPage.java

index 90d58b24b6fb9173394904ed52f34afe4a35e693..fd1c90cdb238c2352b1e60583a8f594b0213a837 100644 (file)
--- a/src/club/wpia/gigi/pages/admin/TTPAdminPage.java
+++ b/src/club/wpia/gigi/pages/admin/TTPAdminPage.java
@@ -90,6 +90,6 @@ public class TTPAdminPage extends Page {
  
      @Override
      public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && ac.isInGroup(Group.TTP_AGENT) && ac.isStronglyAuthenticated();
+        return ac != null && ac.isInGroup(Group.TTP_AGENT) && ac.isStronglyAuthenticated() && ac.getActor().hasValidTTPAgentChallenge();
      }
  }
diff --git a/src/club/wpia/gigi/pages/wot/VerificationForm.java b/src/club/wpia/gigi/pages/wot/VerificationForm.java

index 77f2be093c4cf34e3338b90580544237479888ac..327b6eb530e734615a96f6f1bfbc8b64a3a9a5a7 100644 (file)
--- a/src/club/wpia/gigi/pages/wot/VerificationForm.java
+++ b/src/club/wpia/gigi/pages/wot/VerificationForm.java
@@ -12,6 +12,7 @@ import java.util.Map;
  import javax.servlet.http.HttpServletRequest;
  
  import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.Group;
  import club.wpia.gigi.dbObjects.Name;
  import club.wpia.gigi.dbObjects.User;
  import club.wpia.gigi.dbObjects.Verification.VerificationType;
@@ -152,6 +153,8 @@ public class VerificationForm extends Form {
                  return true;
              }
          });
+        res.put("ttpinfo", agent.isInGroup(Group.TTP_AGENT) && !agent.hasValidTTPAgentChallenge() && applicant.isInGroup(Group.TTP_APPLICANT));
+
          templ.output(out, l, res);
      }
  
diff --git a/src/club/wpia/gigi/pages/wot/VerificationForm.templ b/src/club/wpia/gigi/pages/wot/VerificationForm.templ

index 277dd8c6b603531c4133599930793e783d6130c7..9f1926534f63e418e9a96a3cf461721239e0adf6 100644 (file)
--- a/src/club/wpia/gigi/pages/wot/VerificationForm.templ
+++ b/src/club/wpia/gigi/pages/wot/VerificationForm.templ
@@ -55,7 +55,9 @@
         </tr>
         <tr>
                 <td><?=_Type?></td>
-               <td><select name="verificationType"><? foreach($ats) { ?><option value="<?=$id?>"<?=$sel?>><?=$type?></option><? } ?></select></td>
+               <td><select name="verificationType"><? foreach($ats) { ?><option value="<?=$id?>"<?=$sel?>><?=$type?></option><? } ?></select>
+                       <? if($ttpinfo) { ?></br><?=_To act as TTP Agent you need to pass the TTP RA Agent Challenge.?><? } ?>
+               </td>
         </tr>
         <tr>
                 <td><input type="checkbox" name="passwordReset" id="passwordReset" value="1" <? if($aword) { ?>checked<? } ?>></td>
diff --git a/src/club/wpia/gigi/util/Notary.java b/src/club/wpia/gigi/util/Notary.java

index c349a0f92ad61f5fa8049f9c71e0643c28325b13..a345f57e898b077b43b266608691620c74a5ff6c 100644 (file)
--- a/src/club/wpia/gigi/util/Notary.java
+++ b/src/club/wpia/gigi/util/Notary.java
@@ -209,8 +209,8 @@ public class Notary {
              }
              return;
          } else if (t == VerificationType.TTP_ASSISTED) {
-            if ( !agent.isInGroup(Group.TTP_AGENT)) {
-                throw new GigiApiException("RA Agent needs to be TTP RA Agent.");
+            if ( !agent.isInGroup(Group.TTP_AGENT) || !agent.hasValidTTPAgentChallenge()) {
+                throw new GigiApiException("RA Agent needs to be TTP RA Agent and have a valid TTP RA Agent Challenge.");
              }
              if ( !applicant.isInGroup(Group.TTP_APPLICANT)) {
                  throw new GigiApiException("Applicant needs to be TTP Applicant.");
diff --git a/tests/club/wpia/gigi/pages/TestMain.java b/tests/club/wpia/gigi/pages/TestMain.java

index 70a71a5dc50c6f7672ca699f24ea5aefd9095253..dfc6579e07139d780b5c35fc167f488f7e1cccc0 100644 (file)
--- a/tests/club/wpia/gigi/pages/TestMain.java
+++ b/tests/club/wpia/gigi/pages/TestMain.java
@@ -97,75 +97,66 @@ public class TestMain extends ClientTest {
  
      @Test
      public void testValidChallenges() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
-        cookie = cookieWithCertificateLogin(u);
  
          // test RA Agent challenge
-        URLConnection uc = new URL("https://" + getSecureServerName()).openConnection();
-        authenticate((HttpURLConnection) uc);
-        String content = IOUtils.readURL(uc);
-        assertThat(content, not(containsString("you need to pass the RA Agent Challenge")));
+        cookie = cookieWithCertificateLogin(u);
+        testChallengeText("you need to pass the RA Agent Challenge", false);
  
          add100Points(u.getId());
          addChallengeInPast(u.getId(), CATSType.AGENT_CHALLENGE);
-        uc = new URL("https://" + getSecureServerName()).openConnection();
-        authenticate((HttpURLConnection) uc);
-        content = IOUtils.readURL(uc);
-        assertThat(content, containsString("you need to pass the RA Agent Challenge"));
+        testChallengeText("you need to pass the RA Agent Challenge", true);
  
          addChallenge(u.getId(), CATSType.AGENT_CHALLENGE);
-        uc = new URL("https://" + getSecureServerName()).openConnection();
-        authenticate((HttpURLConnection) uc);
-        content = IOUtils.readURL(uc);
-        assertThat(content, not(containsString("you need to pass the RA Agent Challenge")));
+        testChallengeText("you need to pass the RA Agent Challenge", false);
  
          // test Support challenge
-        uc = new URL("https://" + getSecureServerName()).openConnection();
-        authenticate((HttpURLConnection) uc);
-        content = IOUtils.readURL(uc);
-        assertThat(content, not(containsString("you need to pass the Support Challenge")));
+        testChallengeText("you need to pass the Support Challenge", false);
  
          grant(u, Group.SUPPORTER);
          cookie = login(loginPrivateKey, loginCertificate.cert());
-        uc = new URL("https://" + getSecureServerName()).openConnection();
-        authenticate((HttpURLConnection) uc);
-        content = IOUtils.readURL(uc);
-        assertThat(content, containsString("you need to pass the Support Challenge"));
+        testChallengeText("you need to pass the Support Challenge", true);
  
          addChallengeInPast(u.getId(), CATSType.SUPPORT_DP_CHALLENGE_NAME);
-        uc = new URL("https://" + getSecureServerName()).openConnection();
-        authenticate((HttpURLConnection) uc);
-        content = IOUtils.readURL(uc);
-        assertThat(content, containsString("you need to pass the Support Challenge"));
+        testChallengeText("you need to pass the Support Challenge", true);
  
          addChallenge(u.getId(), CATSType.SUPPORT_DP_CHALLENGE_NAME);
-        uc = new URL("https://" + getSecureServerName()).openConnection();
-        authenticate((HttpURLConnection) uc);
-        content = IOUtils.readURL(uc);
-        assertThat(content, not(containsString("you need to pass the Support Challenge")));
+        testChallengeText("you need to pass the Support Challenge", false);
  
          // test Org Agent challenge
-        uc = new URL("https://" + getSecureServerName()).openConnection();
-        authenticate((HttpURLConnection) uc);
-        content = IOUtils.readURL(uc);
-        assertThat(content, not(containsString("you need to pass the Organisation Agent Challenge")));
+        testChallengeText("you need to pass the Organisation Agent Challenge", false);
  
          grant(u, Group.ORG_AGENT);
          cookie = login(loginPrivateKey, loginCertificate.cert());
-        uc = new URL("https://" + getSecureServerName()).openConnection();
-        authenticate((HttpURLConnection) uc);
-        content = IOUtils.readURL(uc);
-        assertThat(content, containsString("you need to pass the Organisation Agent Challenge"));
+        testChallengeText("you need to pass the Organisation Agent Challenge", true);
  
          addChallengeInPast(u.getId(), CATSType.ORG_AGENT_CHALLENGE);
-        uc = new URL("https://" + getSecureServerName()).openConnection();
-        authenticate((HttpURLConnection) uc);
-        content = IOUtils.readURL(uc);
-        assertThat(content, containsString("you need to pass the Organisation Agent Challenge"));
+        testChallengeText("you need to pass the Organisation Agent Challenge", true);
  
          addChallenge(u.getId(), CATSType.ORG_AGENT_CHALLENGE);
-        uc = new URL("https://" + getSecureServerName()).openConnection();
+        testChallengeText("you need to pass the Organisation Agent Challenge", false);
+
+        // test TTP Agent challenge
+        testChallengeText("you need to pass the TTP RA Agent Challenge", false);
+
+        grant(u, Group.TTP_AGENT);
+        cookie = login(loginPrivateKey, loginCertificate.cert());
+        testChallengeText("you need to pass the TTP RA Agent Challenge", true);
+
+        addChallengeInPast(u.getId(), CATSType.TTP_AGENT_CHALLENGE);
+        testChallengeText("you need to pass the TTP RA Agent Challenge", true);
+
+        addChallenge(u.getId(), CATSType.TTP_AGENT_CHALLENGE);
+        testChallengeText("you need to pass the TTP RA Agent Challenge", false);
+    }
+
+    private void testChallengeText(String contentText, boolean contains) throws IOException, MalformedURLException {
+        URLConnection uc = new URL("https://" + getSecureServerName()).openConnection();
          authenticate((HttpURLConnection) uc);
-        content = IOUtils.readURL(uc);
-        assertThat(content, not(containsString("you need to pass the Organisation Agent Challenge")));
+        String content = IOUtils.readURL(uc);
+        if (contains) {
+            assertThat(content, containsString(contentText));
+        } else {
+            assertThat(content, not(containsString(contentText)));
+        }
      }
  }
diff --git a/tests/club/wpia/gigi/pages/wot/TestTTPAdmin.java b/tests/club/wpia/gigi/pages/wot/TestTTPAdmin.java

index 0e11f6df501c479c8b0d6fea2da5780c315e7368..ec423d681c3f76321f347b6a4467f4cc2be71dab 100644 (file)
--- a/tests/club/wpia/gigi/pages/wot/TestTTPAdmin.java
+++ b/tests/club/wpia/gigi/pages/wot/TestTTPAdmin.java
@@ -9,6 +9,7 @@ import java.security.GeneralSecurityException;
  import org.junit.Test;
  
  import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
  import club.wpia.gigi.dbObjects.Group;
  import club.wpia.gigi.dbObjects.User;
  import club.wpia.gigi.pages.admin.TTPAdminPage;
@@ -35,6 +36,7 @@ public class TestTTPAdmin extends ClientTest {
      public void testTTPAdmin(boolean hasRight) throws IOException, GigiApiException, GeneralSecurityException, InterruptedException {
          if (hasRight) {
              grant(u, Group.TTP_AGENT);
+            addChallenge(u.getId(), CATSType.TTP_AGENT_CHALLENGE);
          }
          grant(u, TTPAdminPage.TTP_APPLICANT);
          cookie = cookieWithCertificateLogin(u);
@@ -56,4 +58,12 @@ public class TestTTPAdmin extends ClientTest {
          loginCertificate = null;
          assertEquals(403, get(cookie, TTPAdminPage.PATH).getResponseCode());
      }
+
+    @Test
+    public void testAccessTTPPageWithoutValidChallenge() throws IOException, GigiApiException {
+        grant(u, Group.TTP_AGENT);
+        loginCertificate = null;
+        cookie = cookieWithCertificateLogin(u);
+        assertEquals(403, get(cookie, TTPAdminPage.PATH).getResponseCode());
+    }
  }
diff --git a/tests/club/wpia/gigi/pages/wot/TestVerification.java b/tests/club/wpia/gigi/pages/wot/TestVerification.java

index 9ad541a383bc18effb800060dfde0f242891b5aa..81ec4df561d2ab4c2adef673b2acab9531d4d5f3 100644 (file)
--- a/tests/club/wpia/gigi/pages/wot/TestVerification.java
+++ b/tests/club/wpia/gigi/pages/wot/TestVerification.java
@@ -404,4 +404,21 @@ public class TestVerification extends ManagedTest {
          addChallenge(applicantId, CATSType.AGENT_CHALLENGE);
          assertEquals(200, get(cookie, VerifyPage.PATH).getResponseCode());
      }
+
+    @Test
+    public void testVerifyValidTTPChallenge() throws IOException, GigiApiException {
+        grant(User.getByEmail(agentM), Group.TTP_AGENT);
+        grant(User.getById(applicantId), Group.TTP_APPLICANT);
+        cookie = cookieWithCertificateLogin(User.getById(applicantId));
+        cookie = cookieWithCertificateLogin(User.getByEmail(agentM));
+
+        // test without valid challenge
+        String content = search("email=" + URLEncoder.encode(applicantM, "UTF-8") + "&day=1&month=1&year=1910");
+        assertThat(content, containsString("you need to pass the TTP RA Agent Challenge"));
+
+        // test with valid challenge
+        addChallenge(User.getByEmail(agentM).getId(), CATSType.TTP_AGENT_CHALLENGE);
+        content = search("email=" + URLEncoder.encode(applicantM, "UTF-8") + "&day=1&month=1&year=1910");
+        assertThat(content, not(containsString("you need to pass the TTP RA Agent Challenge")));
+    }
  }
author	INOPIAE <m.maengel@inopiae.de>
	Wed, 17 Jul 2019 08:50:09 +0000 (10:50 +0200)
committer	INOPIAE <m.maengel@inopiae.de>
	Sun, 8 Sep 2019 19:30:14 +0000 (21:30 +0200)
src/club/wpia/gigi/pages/MainPage.java		patch \| blob \| history
src/club/wpia/gigi/pages/MainPage.templ		patch \| blob \| history
src/club/wpia/gigi/pages/admin/TTPAdminPage.java		patch \| blob \| history
src/club/wpia/gigi/pages/wot/VerificationForm.java		patch \| blob \| history
src/club/wpia/gigi/pages/wot/VerificationForm.templ		patch \| blob \| history
src/club/wpia/gigi/util/Notary.java		patch \| blob \| history
tests/club/wpia/gigi/pages/TestMain.java		patch \| blob \| history
tests/club/wpia/gigi/pages/wot/TestTTPAdmin.java		patch \| blob \| history
tests/club/wpia/gigi/pages/wot/TestVerification.java		patch \| blob \| history