import org.cacert.gigi.output.template.TranslateCommand;
public enum Group {
- SUPPORTER("supporter", "supporter", true, true), //
- ARBITRATOR("arbitrator", "arbitrator", true, true), //
- BLOCKEDASSURER("blockedassurer", "may not verify", true, false), //
- BLOCKEDASSUREE("blockedassuree", "may not be verified", true, false), //
- BLOCKEDLOGIN("blockedlogin", "may not login", true, false), //
- BLOCKEDCERT("blockedcert", "may not issue certificates", true, false), //
- TTP_ASSURER("ttp-assurer", "may verify via TTP", true, true), //
- TTP_APPLICANT("ttp-applicant", "requests to be verified via ttp", true, false), //
- CODESIGNING("codesigning", "may issue codesigning certificates", true, false), //
- ORGASSURER("orgassurer", "may verify organisations", true, true), //
- NUCLEUS_ASSURER("nucleus-assurer", "may enter nucleus verifications", true, true), //
- LOCATE_AGENT("locate-agent", "wants access to the locate agent system", false, false);
+ SUPPORTER("supporter", "supporter", true, false, true), //
+ ARBITRATOR("arbitrator", "arbitrator", true, false, true), //
+ BLOCKEDASSURER("blockedassurer", "may not verify", true, false, false), //
+ BLOCKEDASSUREE("blockedassuree", "may not be verified", true, false, false), //
+ BLOCKEDLOGIN("blockedlogin", "may not login", true, false, false), //
+ BLOCKEDCERT("blockedcert", "may not issue certificates", true, false, false), //
+ TTP_ASSURER("ttp-assurer", "may verify via TTP", true, false, true), //
+ TTP_APPLICANT("ttp-applicant", "requests to be verified via ttp", false, true, false), //
+ CODESIGNING("codesigning", "may issue codesigning certificates", true, false, false), //
+ ORGASSURER("orgassurer", "may verify organisations", true, false, true), //
+ NUCLEUS_ASSURER("nucleus-assurer", "may enter nucleus verifications", true, false, true), //
+ LOCATE_AGENT("locate-agent", "wants access to the locate agent system", false, true, false);
private final String dbName;
private final boolean managedBySupport;
+ private final boolean managedByUser;
+
private final boolean isSelfViewable;
/**
* @param isSelfViewable
* true iff user should be able to see others in the same group
*/
- private Group(String name, String display, boolean managedBySupport, boolean isSelfViewable) {
+ private Group(String name, String display, boolean managedBySupport, boolean managedByUser, boolean isSelfViewable) {
dbName = name;
tc = new TranslateCommand(display);
+ if (managedByUser && managedBySupport) {
+ throw new IllegalArgumentException("We do not allow groups to be user and support managable.");
+ }
+ if (managedByUser && isSelfViewable) {
+ throw new IllegalArgumentException("We do not allow groups to be self-viewable and managable by user.");
+ }
+ this.managedByUser = managedByUser;
this.managedBySupport = managedBySupport;
this.isSelfViewable = isSelfViewable;
}
return managedBySupport;
}
+ public boolean isManagedByUser() {
+ return managedByUser;
+ }
+
public boolean isSelfViewable() {
return isSelfViewable;
}
-Subject: [<?=${ticket}?>] <?=${subject}?>
+Subject: [<?=$ticket?>] <?=$subject?>
<?=_Hi?>,
<?=_supporter ${supporter} triggered:?>
<?=$action?>
-
-RA DB
--- /dev/null
+Subject: [<?=$ticket?>] Support action: <?=$subject?>
+
+<?=_Hi?>,
+
+<?=_support triggered:?>
+
+<?=$action?>
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.MailTemplate;
import org.cacert.gigi.output.template.Outputable;
+import org.cacert.gigi.output.template.SprintfCommand;
import org.cacert.gigi.util.DayDate;
import org.cacert.gigi.util.ServerConstants;
if (cert.getStatus() == CertificateStatus.ISSUED) {
writeSELog("SE Revoke certificate");
cert.revoke().waitFor(60000);
+ // send notification to support
+ String subject = "Revoke certificate";
+ Outputable message = SprintfCommand.createSimple("Certificate with serial number {0} for {1} <{2}>, has been revoked.", cert.getSerial(), target.getPreferredName().toString(), target.getEmail());
+ sendSupportNotification(subject, message);
+ // send notification to user
+ subject = "Revoke certificate";
+ message = SprintfCommand.createSimple("Certificate with serial number {0} with subject distinguished name {1} has been revoked.", cert.getSerial(), cert.getDistinguishedName());
+ sendSupportUserNotification(subject, message);
}
}
return target;
}
- public void grant(Group toMod) {
+ public void grant(Group toMod) throws GigiApiException {
target.grantGroup(supporter, toMod);
}
e.printStackTrace();
}
}
+
+ private static final MailTemplate supportUserNotification = new MailTemplate(SupportedUser.class.getResource("SupportUserNotificationMail.templ"));
+
+ public void sendSupportUserNotification(String subject, Outputable message) {
+ try {
+ HashMap<String, Object> vars = new HashMap<>();
+ vars.put("action", message);
+ vars.put("ticket", this.getTicket());
+ vars.put("subject", subject);
+
+ supportUserNotification.sendMail(Language.getInstance(Locale.ENGLISH), vars, target.getEmail());
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
}
private Locale locale;
- private final Set<Group> groups = new HashSet<>();
+ private Set<Group> groups = new HashSet<>();
public static final int MINIMUM_AGE = 16;
locale = Language.getLocaleFromString(localeStr);
}
+ refreshGroups();
+ }
+
+ public synchronized void refreshGroups() {
+ HashSet<Group> hs = new HashSet<>();
try (GigiPreparedStatement psg = new GigiPreparedStatement("SELECT `permission` FROM `user_groups` WHERE `user`=? AND `deleted` is NULL")) {
- psg.setInt(1, rs.getInt("id"));
+ psg.setInt(1, getId());
try (GigiResultSet rs2 = psg.executeQuery()) {
while (rs2.next()) {
- groups.add(Group.getByString(rs2.getString(1)));
+ hs.add(Group.getByString(rs2.getString(1)));
}
}
}
+ groups = hs;
}
public User(String email, String password, DayDate dob, Locale locale, Country residenceCountry, NamePart... preferred) throws GigiApiException {
return Collections.unmodifiableSet(groups);
}
- public void grantGroup(User granter, Group toGrant) {
+ public void grantGroup(User granter, Group toGrant) throws GigiApiException {
+ if (toGrant.isManagedBySupport() && !granter.isInGroup(Group.SUPPORTER)) {
+ throw new GigiApiException("Group may only be managed by supporter");
+ }
groups.add(toGrant);
try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) {
ps.setInt(1, getId());
private Group value = null;
- private final boolean supportFlag;
+ private final boolean bySupporter;
- public GroupSelector(String name, boolean supportFlag) {
+ public GroupSelector(String name, boolean bySupporter) {
this.name = HTMLEncoder.encodeHTML(name);
- this.supportFlag = supportFlag;
+ this.bySupporter = bySupporter;
}
public void update(HttpServletRequest r) throws GigiApiException {
String vS = r.getParameter(name);
- value = null;
- for (Group g : Group.values()) {
- if (g.getDatabaseName().equals(vS)) {
- value = g;
- }
+ if (vS == null) {
+ throw new GigiApiException("No value for group.");
+ }
+ try {
+ value = Group.getByString(vS);
+ } catch (IllegalArgumentException e) {
+ throw new GigiApiException("Invalid value for group.");
}
}
public void output(PrintWriter out, Language l, Map<String, Object> vars) {
out.println("<select name='" + name + "'>");
for (Group g : Group.values()) {
- if (supportFlag == g.isManagedBySupport()) {
+ if (mayManage(g)) {
out.print("<option value='" + g.getDatabaseName());
if (g.equals(value)) {
out.print(" selected");
out.println("</select>");
}
+ private boolean mayManage(Group g) {
+ return (bySupporter && g.isManagedBySupport()) || ( !bySupporter && g.isManagedByUser());
+ }
+
public Group getGroup() {
return value;
}
return uc;
}
- private static final Group LOGIN_BLOCKED = Group.getByString("blockedlogin");
+ private static final Group LOGIN_BLOCKED = Group.BLOCKEDLOGIN;
private void loginSession(HttpServletRequest req, User user) {
if (user.isInGroup(LOGIN_BLOCKED)) {
public static final String PATH = "/admin/ttp";
- public static final Group TTP_APPLICANT = Group.getByString("ttp-applicant");
+ public static final Group TTP_APPLICANT = Group.TTP_APPLICANT;
public TTPAdminPage() {
super("TTP-Admin");
@Override
public boolean isPermitted(AuthorizationContext ac) {
- return ac != null && ac.isInGroup(Group.getByString("ttp-assurer"));
+ return ac != null && ac.isInGroup(Group.TTP_ASSURER);
}
}
if (form.submitProtected(resp.getWriter(), req)) {
final Certificate[] certs = form.getCerts();
if (certs.length == 1) {
- resp.sendRedirect(Certificates.SUPPORT_PATH + certs[0].getSerial() + "/");
+ resp.sendRedirect(Certificates.SUPPORT_PATH + "/" + certs[0].getSerial());
} else {
HashMap<String, Object> vars = new HashMap<String, Object>();
Language l = LoginPage.getLanguage(req);
import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
import org.cacert.gigi.dbObjects.CertificateProfile;
import org.cacert.gigi.dbObjects.SupportedUser;
+import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.output.template.Form;
import org.cacert.gigi.output.template.IterableDataset;
import org.cacert.gigi.output.template.Outputable;
+import org.cacert.gigi.output.template.SprintfCommand;
import org.cacert.gigi.output.template.Template;
-import org.cacert.gigi.output.template.TranslateCommand;
public class SupportRevokeCertificatesForm extends Form {
public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
if (user.getTicket() != null) {
user.revokeAllCertificates();
+ User target = user.getTargetUser();
+ // send notification to support
String subject = "Revoke certificates";
- Outputable message = new TranslateCommand("All certificates in the account have been revoked.");
+ Outputable message = SprintfCommand.createSimple("All certificates in the account {0} <{1}> have been revoked.", target.getPreferredName().toString(), target.getEmail());
user.sendSupportNotification(subject, message);
+ // send notification to user
+ subject = "Revoke certificate";
+ message = SprintfCommand.createSimple("All certificates in your account have been revoked.");
+ user.sendSupportUserNotification(subject, message);
return true;
}
return false;
throw new GigiApiException("More than one action requested!");
}
if (req.getParameter("addGroup") != null || req.getParameter("removeGroup") != null) {
- String actionType = "granted";
value.update(req);
Group toMod = value.getGroup();
+ boolean grant;
if (req.getParameter("addGroup") != null) {
+ grant = true;
user.grant(toMod);
} else {
- actionType = "revoked";
+ grant = false;
user.revoke(toMod);
}
String subject = "Change Group Permissions";
- Outputable message = SprintfCommand.createSimple("The group permission {0} was {1}.", toMod.getDatabaseName(), actionType);
+ // send notification to support
+ Outputable message = SprintfCommand.createSimple(grant ? "The group permission '{0}' was granted." : "The group permission '{0}' was revoked.", toMod.getName());
user.sendSupportNotification(subject, message);
+ // send notification to user
+ message = SprintfCommand.createSimple(grant ? "The group permission '{0}' was granted to your account." : "The group permission '{0}' was revoked from your account.", toMod.getName());
+ user.sendSupportUserNotification(subject, message);
return true;
}
if (req.getParameter("resetPass") != null) {
}
user.setDob(dobSelector.getDate());
- String subject = "Change Account Data";
- Outputable message = new TranslateCommand("The account data was changed.");
+ String subject = "Change DoB Data";
+ // send notification to support
+ Outputable message = new TranslateCommand("The DoB was changed.");
user.sendSupportNotification(subject, message);
+ // send notification to user
+ message = SprintfCommand.createSimple("The DoB in your account was changed to {0}.", dobSelector.getDate());
+ user.sendSupportUserNotification(subject, message);
return true;
}
<tr>
<td><?=_Date of Birth?>:</td>
<td>
- <?=$dob?>
+ <?=$dob?> <input class="btn btn-warning" name="detailupdate" type="submit" value="<?=_Update?>"/>
</td>
</tr>
<tr>
<tr>
<td colspan="2"><a href="history"><?=_Show account history?></a></td>
</tr>
- <tr><td colspan="2"><input class="btn btn-warning" name="detailupdate" type="submit" value="<?=_Update?>"/></td></tr>
</tbody>
</table>
<br/>
public class CreateOrgPage extends Page {
- public static final Group ORG_ASSURER = Group.getByString("orgassurer");
+ public static final Group ORG_ASSURER = Group.ORGASSURER;
public static final String DEFAULT_PATH = "/orga/new";
public class RequestTTPForm extends Form {
- public static final Group TTP_APPLICANT = Group.getByString("ttp-applicant");
+ public static final Group TTP_APPLICANT = Group.TTP_APPLICANT;
private static final Template t = new Template(RequestTTPForm.class.getResource("RequestTTPForm.templ"));
}
}
- public static final Group ASSURER_BLOCKED = Group.getByString("blockedassurer");
+ public static final Group ASSURER_BLOCKED = Group.BLOCKEDASSURER;
- public static final Group ASSUREE_BLOCKED = Group.getByString("blockedassuree");
+ public static final Group ASSUREE_BLOCKED = Group.BLOCKEDASSUREE;
/**
* This method assures another user.
@Test
public void testAddRm() throws GigiApiException, IOException {
User u1 = User.getById(createAssuranceUser("fn", "ln", createUniqueName() + "@email.org", TEST_PASSWORD));
- u1.grantGroup(u1, Group.ORGASSURER);
+ u1.grantGroup(getSupporter(), Group.ORGASSURER);
User u2 = User.getById(createAssuranceUser("fn", "ln", createUniqueName() + "@email.org", TEST_PASSWORD));
- u2.grantGroup(u1, Group.ORGASSURER);
+ u2.grantGroup(getSupporter(), Group.ORGASSURER);
User u3 = User.getById(createAssuranceUser("fn", "ln", createUniqueName() + "@email.org", TEST_PASSWORD));
- u3.grantGroup(u1, Group.ORGASSURER);
+ u3.grantGroup(getSupporter(), Group.ORGASSURER);
User u4 = User.getById(createAssuranceUser("fn", "ln", createUniqueName() + "@email.org", TEST_PASSWORD));
- u4.grantGroup(u1, Group.ORGASSURER);
+ u4.grantGroup(getSupporter(), Group.ORGASSURER);
Organisation o1 = new Organisation("name", Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "prov", "city", "email", "optional name", "postal address", u1);
assertEquals(0, o1.getAllAdmins().size());
o1.addAdmin(u2, u1, false);
import static org.hamcrest.CoreMatchers.*;
import static org.junit.Assert.*;
+import java.io.IOException;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.Collections;
public class TestUserGroupMembership extends BusinessTest {
- private final Group ttpGroup = Group.getByString("ttp-assurer");
+ private final Group ttpGroup = Group.TTP_ASSURER;
- private final Group supporter = Group.getByString("supporter");
+ private final Group supporter = Group.SUPPORTER;
@Test
- public void testAddObject() throws GigiApiException, SQLException {
+ public void testAddObject() throws GigiApiException, SQLException, IOException {
User u = User.getById(createVerifiedUser("fname", "lname", createUniqueName() + "@example.org", TEST_PASSWORD));
- User granter = User.getById(createVerifiedUser("grFname", "lname", createUniqueName() + "@example.org", TEST_PASSWORD));
+ User granter = getSupporter();
assertBehavesEmpty(u);
u.grantGroup(granter, ttpGroup);
}
@Test
- public void testRemoveObject() throws GigiApiException, SQLException {
+ public void testRemoveObject() throws GigiApiException, SQLException, IOException {
User u = User.getById(createVerifiedUser("fname", "lname", createUniqueName() + "@example.org", TEST_PASSWORD));
- User granter = User.getById(createVerifiedUser("grFname", "lname", createUniqueName() + "@example.org", TEST_PASSWORD));
+ User granter = getSupporter();
assertBehavesEmpty(u);
u.grantGroup(granter, ttpGroup);
}
@Test
- public void testListGroup() throws GigiApiException {
- Group g = Group.getByString("supporter");
+ public void testListGroup() throws GigiApiException, IOException {
+ Group g = Group.SUPPORTER;
int start = g.getMembers(0, 10).length;
User ux = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@example.org", TEST_PASSWORD));
User ux2 = User.getById(createVerifiedUser("fn", "ln", createUniqueName() + "@example.org", TEST_PASSWORD));
assertEquals(0, g.getMembers(0, 10).length + start);
- ux.grantGroup(ux, g);
- assertEquals(1, g.getMembers(0, 10).length + start);
- ux2.grantGroup(ux, g);
+ ux.grantGroup(getSupporter(), g); // creates a supporter
assertEquals(2, g.getMembers(0, 10).length + start);
+ ux2.grantGroup(ux, g);
+ assertEquals(3, g.getMembers(0, 10).length + start);
ux2.revokeGroup(ux, g);
- assertEquals(1, g.getMembers(0, 10).length + start);
+ assertEquals(2, g.getMembers(0, 10).length + start);
ux.revokeGroup(ux, g);
- assertEquals(0, g.getMembers(0, 10).length + start);
+ assertEquals(1, g.getMembers(0, 10).length + start);
}
import org.cacert.gigi.dbObjects.Certificate;
import org.cacert.gigi.dbObjects.Certificate.CSRType;
import org.cacert.gigi.dbObjects.Certificate.CertificateStatus;
-import org.cacert.gigi.dbObjects.Country.CountryCodeType;
import org.cacert.gigi.dbObjects.CertificateProfile;
import org.cacert.gigi.dbObjects.Country;
+import org.cacert.gigi.dbObjects.Country.CountryCodeType;
import org.cacert.gigi.dbObjects.Digest;
import org.cacert.gigi.dbObjects.Domain;
import org.cacert.gigi.dbObjects.Group;
@Test
public void testIssueOrgCert() throws Exception {
makeAssurer(id);
- u.grantGroup(u, Group.ORGASSURER);
+ u.grantGroup(getSupporter(), Group.ORGASSURER);
Organisation o1 = new Organisation("name", Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "st", "test@mail", "", "", u);
o1.addAdmin(u, u, false);
assertEquals(501, v.getResponseCode());
assertThat(IOUtils.readURL(new InputStreamReader(v.getErrorStream(), "UTF-8")), containsString(FindAgentAccess.PATH));
- grant(u.getEmail(), Group.LOCATE_AGENT);
+ grant(u, Group.LOCATE_AGENT);
v = doApi(FindAgent.PATH_RESOLVE, "serial=" + target2.getSerial().toLowerCase());
assertEquals(u.getId(), Integer.parseInt(IOUtils.readURL(v)));
}
assertThat(v.getResponseMessage(), containsString("needs to enable access"));
// even if sender enables service
- grant((userUFirst ? u : us2).getEmail(), Group.LOCATE_AGENT);
+ grant((userUFirst ? u : us2), Group.LOCATE_AGENT);
v = doApi(FindAgent.PATH_MAIL, "from=" + id + "&to=" + u2 + "&subject=the-subject&body=body");
assertEquals(v.getResponseMessage(), 501, v.getResponseCode());
assertThat(v.getResponseMessage(), containsString("needs to enable access"));
// receiver needs to enable access as well
- grant((userUFirst ? us2 : u).getEmail(), Group.LOCATE_AGENT);
+ grant((userUFirst ? us2 : u), Group.LOCATE_AGENT);
v = doApi(FindAgent.PATH_MAIL, "from=" + id + "&to=" + u2 + "&subject=the-subject&body=body");
assertEquals(v.getResponseMessage(), 200, v.getResponseCode());
TestMail mail = getMailReceiver().receive();
String res = IOUtils.readURL(doApi(FindAgent.PATH_INFO, "id=" + id + "&id=" + u2)).replace("\r", "");
assertEquals(res, "");
- grant(email, Group.LOCATE_AGENT);
- grant(User.getById(u2).getEmail(), Group.LOCATE_AGENT);
+ grant(u, Group.LOCATE_AGENT);
+ grant(User.getById(u2), Group.LOCATE_AGENT);
res = IOUtils.readURL(doApi(FindAgent.PATH_INFO, "id=" + id + "&id=" + u2)).replace("\r", "");
assertEquals(id + ",true," + u.getPreferredName().toAbbreviatedString() + "\n" + u2 + ",false," + User.getById(u2).getPreferredName().toAbbreviatedString() + "\n", res);
}
AuthorizationContext ac;
- public TestCertificateRequest() throws GeneralSecurityException, IOException {
+ public TestCertificateRequest() throws GeneralSecurityException, IOException, GigiApiException {
ac = new AuthorizationContext(u, u);
makeAssurer(u.getId());
- grant(email, Group.CODESIGNING);
-
}
@Test
@Test
public void testCodesignModifiedName() throws Exception {
try {
- u.grantGroup(u, Group.CODESIGNING);
+ u.grantGroup(getSupporter(), Group.CODESIGNING);
CertificateRequest cr = new CertificateRequest(ac, generatePEMCSR(kp, "CN=a ab"));
cr.update("name", "SHA512", "code-a", null, null, "email:" + email);
cr.draft();
import static org.junit.Assert.*;
import java.io.IOException;
+import java.net.URLEncoder;
import java.sql.Date;
import java.util.Arrays;
import java.util.Calendar;
import java.util.TimeZone;
import org.cacert.gigi.GigiApiException;
+import org.cacert.gigi.dbObjects.Group;
import org.cacert.gigi.dbObjects.Name;
import org.cacert.gigi.dbObjects.NamePart;
import org.cacert.gigi.dbObjects.NamePart.NamePartType;
assertNull(executeBasicWebInteraction(cookie, MyDetails.PATH, "residenceCountry=invalid&action=updateResidenceCountry", 0));
assertEquals(null, user.getResidenceCountry());
}
+
+ @Test
+ public void testModifyUserGroup() throws IOException {
+ User user = User.getById(id);
+ // test add group
+ assertNull(executeBasicWebInteraction(cookie, MyDetails.PATH, "action=addGroup&groupToModify=" + URLEncoder.encode(Group.LOCATE_AGENT.getDatabaseName(), "UTF-8"), 0));
+
+ user = User.getById(id);
+ user.refreshGroups();
+ assertTrue(user.isInGroup(Group.LOCATE_AGENT));
+
+ // test remove group
+ assertNull(executeBasicWebInteraction(cookie, MyDetails.PATH, "action=removeGroup&groupToModify=" + URLEncoder.encode(Group.LOCATE_AGENT.getDatabaseName(), "UTF-8"), 0));
+
+ user = User.getById(id);
+ user.refreshGroups();
+ assertFalse(user.isInGroup(Group.LOCATE_AGENT));
+
+ // test add group that only support can add
+ assertNotNull(executeBasicWebInteraction(cookie, MyDetails.PATH, "action=addGroup&groupToModify=" + URLEncoder.encode(Group.SUPPORTER.getDatabaseName(), "UTF-8"), 0));
+
+ user = User.getById(id);
+ user.refreshGroups();
+ assertFalse(user.isInGroup(Group.SUPPORTER));
+
+ // test add invalid group
+ assertNotNull(executeBasicWebInteraction(cookie, MyDetails.PATH, "action=addGroup&groupToModify=non-existing", 0));
+ }
}
import static org.junit.Assert.*;
import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.StringWriter;
import java.net.MalformedURLException;
+import java.net.URLEncoder;
+import java.util.HashMap;
+import java.util.Locale;
+import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Group;
+import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.localisation.Language;
import org.cacert.gigi.pages.admin.support.SupportEnterTicketPage;
import org.cacert.gigi.pages.admin.support.SupportUserDetailsPage;
import org.cacert.gigi.testUtils.ClientTest;
private int targetID;
- public TestSEAdminNotificationMail() throws IOException {
- grant(email, Group.SUPPORTER);
+ public TestSEAdminNotificationMail() throws IOException, GigiApiException {
+ grant(u, Group.SUPPORTER);
+ cookie = login(email, TEST_PASSWORD);
assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
String email = createUniqueName() + "@example.com";
executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "dobd=1&dobm=2&doby=2000&detailupdate", 0);
+ // mail to support
String message = getMailReceiver().receive().getMessage();
- assertThat(message, containsString("The account data was changed."));
+ assertThat(message, containsString("The DoB was changed"));
assertThat(message, containsString("supporter " + u.getPreferredName().toString() + " triggered:"));
-
+ // mail to user
+ message = getMailReceiver().receive().getMessage();
+ assertThat(message, containsString("The DoB in your account was changed to 2000-02-01."));
}
@Test
@Test
public void testGrantUserGroup() throws MalformedURLException, IOException {
- executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "addGroup&groupToModify=supporter", 0);
+ executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "addGroup&groupToModify=" + URLEncoder.encode(Group.SUPPORTER.getDatabaseName(), "UTF-8"), 0);
+
+ StringWriter sw = new StringWriter();
+ PrintWriter pw = new PrintWriter(sw);
+ Group.SUPPORTER.getName().output(pw, Language.getInstance(Locale.ENGLISH), new HashMap<String, Object>());
+ // mail to support
String message = getMailReceiver().receive().getMessage();
- assertThat(message, containsString("The group permission supporter was granted."));
+ assertThat(message, containsString("The group permission '" + sw.toString() + "' was granted."));
+ // mail to user
+ message = getMailReceiver().receive().getMessage();
+ assertThat(message, containsString("The group permission '" + sw.toString() + "' was granted to your account."));
}
@Test
public void testRemoveUserGroup() throws MalformedURLException, IOException {
- executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "removeGroup&groupToModify=supporter", 0);
+ executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "removeGroup&groupToModify=" + URLEncoder.encode(Group.SUPPORTER.getDatabaseName(), "UTF-8"), 0);
+ StringWriter sw = new StringWriter();
+ PrintWriter pw = new PrintWriter(sw);
+ Group.SUPPORTER.getName().output(pw, Language.getInstance(Locale.ENGLISH), new HashMap<String, Object>());
+
+ // mail to support
String message = getMailReceiver().receive().getMessage();
- assertThat(message, containsString("The group permission supporter was revoked."));
+ assertThat(message, containsString("The group permission '" + sw.toString() + "' was revoked."));
+ // mail to user
+ message = getMailReceiver().receive().getMessage();
+ assertThat(message, containsString("The group permission '" + sw.toString() + "' was revoked from your account."));
}
@Test
- public void testRevokeCertificates() throws MalformedURLException, IOException {
+ public void testRevokeAllCertificates() throws MalformedURLException, IOException {
executeBasicWebInteraction(cookie, SupportUserDetailsPage.PATH + targetID + "/", "revokeall", 1);
+ User user = User.getById(targetID);
+ // mail to support
String message = getMailReceiver().receive().getMessage();
- assertThat(message, containsString("All certificates in the account have been revoked."));
-
+ assertThat(message, containsString("All certificates in the account " + user.getPreferredName().toString()));
+ // mail to user
+ message = getMailReceiver().receive().getMessage();
+ assertThat(message, containsString("All certificates in your account have been revoked."));
}
}
public class TestSEAdminPageDetails extends ClientTest {
- public TestSEAdminPageDetails() throws IOException {
- grant(email, Group.SUPPORTER);
+ public TestSEAdminPageDetails() throws IOException, GigiApiException {
+ grant(u, Group.SUPPORTER);
+ cookie = login(email, TEST_PASSWORD);
assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
}
private int tid;
public TestSEAdminPageUserDomainSearch() throws IOException, GigiApiException {
- grant(email, Group.SUPPORTER);
+ grant(u, Group.SUPPORTER);
+ cookie = login(email, TEST_PASSWORD);
assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
String mail = createUniqueName() + "@example.com";
public class TestSEAdminPageUserMailSearch extends ClientTest {
- public TestSEAdminPageUserMailSearch() throws IOException {
- grant(email, Group.SUPPORTER);
+ public TestSEAdminPageUserMailSearch() throws IOException, GigiApiException {
+ grant(u, Group.SUPPORTER);
+ cookie = login(email, TEST_PASSWORD);
assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
}
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
+import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Group;
import org.cacert.gigi.pages.admin.support.FindUserByDomainPage;
import org.cacert.gigi.pages.admin.support.FindUserByEmailPage;
public class TestSEAdminTicketSetting extends ClientTest {
- public TestSEAdminTicketSetting() throws IOException {
- grant(email, Group.SUPPORTER);
+ public TestSEAdminTicketSetting() throws IOException, GigiApiException {
+ grant(u, Group.SUPPORTER);
+ cookie = login(email, TEST_PASSWORD);
}
@Test
public class TestOrgDomain extends OrgTest {
- public TestOrgDomain() throws IOException {
+ public TestOrgDomain() throws IOException, GigiApiException {
}
public class TestOrgManagement extends OrgTest {
- public TestOrgManagement() throws IOException {
+ public TestOrgManagement() throws IOException, GigiApiException {
}
public void testTTPApply() throws IOException {
String ttp = IOUtils.readURL(get(RequestTTPPage.PATH));
assertThat(ttp, containsString("<form"));
- executeBasicWebInteraction(cookie, RequestTTPPage.PATH, "country=0");
+ assertNull(executeBasicWebInteraction(cookie, RequestTTPPage.PATH, "country=0"));
ttp = IOUtils.readURL(get(RequestTTPPage.PATH));
assertThat(ttp, not(containsString("<form")));
ObjectCache.clearAllCaches();
u = User.getById(u.getId());
- assertTrue(u.isInGroup(Group.getByString("ttp-applicant")));
+ assertTrue(u.isInGroup(Group.TTP_APPLICANT));
}
@Test
import java.io.IOException;
import java.net.MalformedURLException;
+import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Group;
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.pages.admin.TTPAdminPage;
}
@Test
- public void testHasRight() throws IOException {
+ public void testHasRight() throws IOException, GigiApiException {
testTTPAdmin(true);
}
@Test
- public void testHasNoRight() throws IOException {
+ public void testHasNoRight() throws IOException, GigiApiException {
testTTPAdmin(false);
}
- public void testTTPAdmin(boolean hasRight) throws IOException {
+ public void testTTPAdmin(boolean hasRight) throws IOException, GigiApiException {
if (hasRight) {
- grant(email, Group.getByString("ttp-assurer"));
+ grant(u, Group.TTP_ASSURER);
}
- grant(u.getEmail(), TTPAdminPage.TTP_APPLICANT);
+ grant(u, TTPAdminPage.TTP_APPLICANT);
cookie = login(u.getEmail(), TEST_PASSWORD);
assertEquals( !hasRight ? 403 : 200, fetchStatusCode(TTPAdminPage.PATH));
import java.util.regex.Pattern;
import org.cacert.gigi.GigiApiException;
+import org.cacert.gigi.database.GigiPreparedStatement;
import org.cacert.gigi.dbObjects.Domain;
import org.cacert.gigi.dbObjects.EmailAddress;
+import org.cacert.gigi.dbObjects.Group;
import org.cacert.gigi.dbObjects.NamePart;
import org.cacert.gigi.dbObjects.NamePart.NamePartType;
import org.cacert.gigi.dbObjects.User;
public MailReceiver getMailReceiver() {
return InVMEmail.getInstance();
}
+
+ private User supporter;
+
+ public User getSupporter() throws GigiApiException, IOException {
+ if (supporter != null) {
+ return supporter;
+ }
+ supporter = createVerifiedUser();
+ try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) {
+ ps.setInt(1, supporter.getId());
+ ps.setString(2, Group.SUPPORTER.getDatabaseName());
+ ps.setInt(3, supporter.getId());
+ ps.execute();
+ }
+ supporter.refreshGroups();
+ return supporter;
+ }
}
import org.cacert.gigi.dbObjects.Job;
import org.cacert.gigi.dbObjects.ObjectCache;
import org.cacert.gigi.dbObjects.User;
-import org.cacert.gigi.pages.Manager;
import org.cacert.gigi.pages.account.MyDetails;
import org.cacert.gigi.pages.main.RegisterPage;
import org.cacert.gigi.testUtils.TestEmailReceiver.TestMail;
}
}
- public static void grant(String email, Group g) throws IOException {
- HttpURLConnection huc = (HttpURLConnection) new URL("https://" + getServerName() + Manager.PATH).openConnection();
- huc.setDoOutput(true);
- huc.getOutputStream().write(("addpriv=y&priv=" + URLEncoder.encode(g.getDatabaseName(), "UTF-8") + "&email=" + URLEncoder.encode(email, "UTF-8")).getBytes("UTF-8"));
- assertEquals(200, huc.getResponseCode());
+ public static void grant(User u, Group g) throws IOException, GigiApiException {
+ u.grantGroup(getSupporter(), g);
+ clearCaches();
}
/**
return openConnection;
}
+ private static User supporter;
+
+ public static User getSupporter() throws GigiApiException, IOException {
+ if (supporter != null) {
+ return supporter;
+ }
+ int i = createVerifiedUser("fn", "ln", createUniqueName() + "@email.com", TEST_PASSWORD);
+ try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) {
+ ps.setInt(1, i);
+ ps.setString(2, Group.SUPPORTER.getDatabaseName());
+ ps.setInt(3, i);
+ ps.execute();
+ }
+ clearCaches();
+ supporter = User.getById(i);
+ return supporter;
+ }
}
public class OrgTest extends ClientTest {
- public OrgTest() throws IOException {
+ public OrgTest() throws IOException, GigiApiException {
makeAssurer(u.getId());
- u.grantGroup(u, Group.ORGASSURER);
+ u.grantGroup(getSupporter(), Group.ORGASSURER);
clearCaches();
cookie = login(email, TEST_PASSWORD);
}
initEnvironment();
try {
User u = User.getById(createAssuranceUser("f", "l", createUniqueName() + "@email.com", TEST_PASSWORD));
- grant(u.getEmail(), Group.ORGASSURER);
+ grant(u, Group.ORGASSURER);
clearCaches();
u = User.getById(u.getId());
Organisation o = new Organisation(Organisation.SELF_ORG_NAME, Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "NA", "NA", "contact@cacert.org", "", "", u);
}
}
+ public User getSupporter() {
+ if (supporter != null) {
+ return supporter;
+ }
+ try {
+ User u = createAssurer( -1);
+ if ( !u.isInGroup(Group.SUPPORTER)) {
+ try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `user_groups` SET `user`=?, `permission`=?::`userGroup`, `grantedby`=?")) {
+ ps.setInt(1, u.getId());
+ ps.setString(2, Group.SUPPORTER.getDatabaseName());
+ ps.setInt(3, u.getId());
+ ps.execute();
+ }
+ u.refreshGroups();
+ }
+ supporter = u;
+ } catch (ReflectiveOperationException | GigiApiException e) {
+ e.printStackTrace();
+ }
+ return supporter;
+ }
+
public User getAssurer(int i) {
if (assurers[i] != null) {
return assurers[i];
User[] assurers = new User[25];
+ User supporter;
+
@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
if (req.getParameter("create") != null) {
return;
}
if (req.getParameter("addpriv") != null) {
- u.grantGroup(u, Group.getByString(req.getParameter("priv")));
+ try {
+ u.grantGroup(getSupporter(), Group.getByString(req.getParameter("priv")));
+ } catch (GigiApiException e) {
+ throw new Error(e);
+ }
resp.getWriter().println("Privilege granted");
} else {
u.revokeGroup(u, Group.getByString(req.getParameter("priv")));
import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
+import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
PKCS10 p10 = new PKCS10(PEM.decode("(NEW )?CERTIFICATE REQUEST", new String(data, "UTF-8")));
pk = p10.getSubjectPublicKeyInfo();
}
- String ca = caP.getProperty("ca") + "_2015_1";
+ Calendar cal = GregorianCalendar.getInstance();
+ String ca = caP.getProperty("ca") + "_" + cal.get(Calendar.YEAR) + (cal.get(Calendar.MONTH) >= 6 ? "_2" : "_1");
File parent = new File("signer/ca");
File[] caFiles = parent.listFiles();
if (null == caFiles) {