vars.put("catsinfo", true);
vars.put("catssupport", true);
}
+ if (u.isInGroup(Group.ORG_AGENT) && !u.hasValidOrgAgentChallenge()) {
+ vars.put("catsinfo", true);
+ vars.put("catsorgagent", true);
+ }
+
Certificate[] c = u.getCertificates(false);
vars.put("c-no", c.length);
<? if($catssupport) { ?>
<p><?=_To act as supporter you need to pass the Support Challenge.?></p>
<? } ?>
+ <? if($catsorgagent) { ?>
+ <p><?=_To act as Organisation Agent you need to pass the Organisation Agent Challenge.?></p>
+ <? } ?>
</div>
<? } ?>
<div class="card card-body bg-light">
@Override
public boolean isPermitted(AuthorizationContext ac) {
- return ac != null && ac.isInGroup(ORG_AGENT) && ac.isStronglyAuthenticated();
+ return ac != null && ac.isInGroup(ORG_AGENT) && ac.isStronglyAuthenticated() && ac.getActor().hasValidOrgAgentChallenge();
}
@Override
@Override
public boolean isPermitted(AuthorizationContext ac) {
- return ac != null && (ac.isInGroup(CreateOrgPage.ORG_AGENT) || ac.getActor().getOrganisations(true).size() != 0) && ac.isStronglyAuthenticated();
+ return ac != null && ((ac.isInGroup(CreateOrgPage.ORG_AGENT) && ac.getActor().hasValidOrgAgentChallenge()) || ac.getActor().getOrganisations(true).size() != 0) && ac.isStronglyAuthenticated();
}
@Override
authenticate((HttpURLConnection) uc);
content = IOUtils.readURL(uc);
assertThat(content, not(containsString("you need to pass the Support Challenge")));
+
+ // test Org Agent challenge
+ uc = new URL("https://" + getSecureServerName()).openConnection();
+ authenticate((HttpURLConnection) uc);
+ content = IOUtils.readURL(uc);
+ assertThat(content, not(containsString("you need to pass the Organisation Agent Challenge")));
+
+ grant(u, Group.ORG_AGENT);
+ cookie = login(loginPrivateKey, loginCertificate.cert());
+ uc = new URL("https://" + getSecureServerName()).openConnection();
+ authenticate((HttpURLConnection) uc);
+ content = IOUtils.readURL(uc);
+ assertThat(content, containsString("you need to pass the Organisation Agent Challenge"));
+
+ addChallengeInPast(u.getId(), CATSType.ORG_AGENT_CHALLENGE);
+ uc = new URL("https://" + getSecureServerName()).openConnection();
+ authenticate((HttpURLConnection) uc);
+ content = IOUtils.readURL(uc);
+ assertThat(content, containsString("you need to pass the Organisation Agent Challenge"));
+
+ addChallenge(u.getId(), CATSType.ORG_AGENT_CHALLENGE);
+ uc = new URL("https://" + getSecureServerName()).openConnection();
+ authenticate((HttpURLConnection) uc);
+ content = IOUtils.readURL(uc);
+ assertThat(content, not(containsString("you need to pass the Organisation Agent Challenge")));
}
}
import org.junit.Test;
import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
import club.wpia.gigi.dbObjects.Certificate;
import club.wpia.gigi.dbObjects.Country;
import club.wpia.gigi.dbObjects.Country.CountryCodeType;
uc = get(cookie, CreateOrgPage.DEFAULT_PATH);
assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
}
+
+ @Test
+ public void testAgentWithoutValidChallenge() throws IOException, GigiApiException {
+ User agent = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+ addChallenge(agent.getId(), CATSType.ORG_AGENT_CHALLENGE);
+ loginCertificate = null;
+ cookie = cookieWithCertificateLogin(agent);
+ URLConnection uc = get(cookie, ViewOrgPage.DEFAULT_PATH);
+ assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
+ uc = get(cookie, CreateOrgPage.DEFAULT_PATH);
+ assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
+ }
}
import java.io.IOException;
import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
import club.wpia.gigi.dbObjects.Country;
import club.wpia.gigi.dbObjects.Country.CountryCodeType;
import club.wpia.gigi.dbObjects.Group;
public OrgTest() throws IOException, GigiApiException {
makeAgent(u.getId());
u.grantGroup(getSupporter(), Group.ORG_AGENT);
+ addChallenge(u.getId(), CATSType.ORG_AGENT_CHALLENGE);
clearCaches();
cookie = cookieWithCertificateLogin(u);
}