vars.put("certlogininfo", false);
}
+ if ( !o.isEmpty() && !u.hasValidOrgAdminChallenge()) {
+ vars.put("catsinfo", true);
+ vars.put("catsorgadmin", true);
+ }
+
getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars);
} else {
<? if($catsorgagent) { ?>
<p><?=_To act as Organisation Agent you need to pass the Organisation Agent Challenge.?></p>
<? } ?>
- <? if($catsttpagent) { ?>
- <p><?=_To act as TTP Agent you need to pass the TTP RA Agent Challenge.?></p>
- <? } ?>
+ <? if($catsttpagent) { ?>
+ <p><?=_To act as TTP Agent you need to pass the TTP RA Agent Challenge.?></p>
+ <? } ?>
+ <? if($catsorgadmin) { ?>
+ <p><?=_To act as Organisation Administrator you need to pass the Organisation Administrator Challenge.?></p>
+ <? } ?>
</div>
<? } ?>
<div class="card card-body bg-light">
@Override
protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
final List<Organisation> o = target.getActor().getOrganisations();
- vars.put("certlogin", target.isStronglyAuthenticated());
+ vars.put("certlogin", target.isStronglyAuthenticated() && target.getActor().hasValidOrgAdminChallenge());
if (target.getTarget() != target.getActor()) {
vars.put("personal", target.getTarget() != target.getActor());
}
@Override
public boolean isPermitted(AuthorizationContext ac) {
- return ac != null && ac.getActor().getOrganisations().size() != 0 && ac.isStronglyAuthenticated();
+ return ac != null && ac.getActor().getOrganisations().size() != 0 && ac.isStronglyAuthenticated() && ac.getActor().hasValidOrgAdminChallenge();
}
@Override
@Override
public boolean isPermitted(AuthorizationContext ac) {
- return ac != null && ((ac.isInGroup(CreateOrgPage.ORG_AGENT) && ac.getActor().hasValidOrgAgentChallenge()) || ac.getActor().getOrganisations(true).size() != 0) && ac.isStronglyAuthenticated();
+ return ac != null && ((ac.isInGroup(CreateOrgPage.ORG_AGENT) && ac.getActor().hasValidOrgAgentChallenge()) || (ac.getActor().getOrganisations(true).size() != 0) && ac.getActor().hasValidOrgAdminChallenge()) && ac.isStronglyAuthenticated();
}
@Override
addChallenge(u.getId(), CATSType.TTP_AGENT_CHALLENGE);
testChallengeText("you need to pass the TTP RA Agent Challenge", false);
+
+ // test Org Admin Challenge
+ Organisation o = new Organisation(createUniqueName(), Country.getCountryByCode("DE", CountryCodeType.CODE_2_CHARS), "pr", "city", "test@example.com", "", "", u);
+ User admin = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+
+ loginCertificate = null;
+ cookie = cookieWithCertificateLogin(admin);
+ testChallengeText("you need to pass the Organisation Administrator Challenge", false);
+
+ o.addAdmin(admin, u, true);
+ testChallengeText("you need to pass the Organisation Administrator Challenge", true);
+
+ addChallengeInPast(admin.getId(), CATSType.ORG_ADMIN_DP_CHALLENGE_NAME);
+ testChallengeText("you need to pass the Organisation Administrator Challenge", true);
+
+ addChallenge(admin.getId(), CATSType.ORG_ADMIN_DP_CHALLENGE_NAME);
+ testChallengeText("you need to pass the Organisation Administrator Challenge", false);
}
- private void testChallengeText(String contentText, boolean contains) throws IOException, MalformedURLException {
+ private void testChallengeText(String contentText, boolean contains) throws IOException, MalformedURLException, GigiApiException {
URLConnection uc = new URL("https://" + getSecureServerName()).openConnection();
authenticate((HttpURLConnection) uc);
String content = IOUtils.readURL(uc);
import org.junit.Test;
import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
import club.wpia.gigi.dbObjects.Domain;
import club.wpia.gigi.dbObjects.Organisation;
import club.wpia.gigi.dbObjects.User;
Domain d = new Domain(u, o, dom);
assertEquals(1, o.getDomains().length);
User admin = createOrgAdmin(o);
+ addChallenge(admin.getId(), CATSType.ORG_ADMIN_DP_CHALLENGE_NAME);
String adminCookie = cookieWithCertificateLogin(admin);
assertNull(executeBasicWebInteraction(adminCookie, SwitchOrganisation.PATH, "org:" + o.getId() + "=y", 0));
import java.net.HttpURLConnection;
import java.net.URLConnection;
import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
import java.sql.SQLException;
import org.junit.After;
import org.junit.Test;
import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
+import club.wpia.gigi.dbObjects.Certificate;
import club.wpia.gigi.dbObjects.Organisation;
import club.wpia.gigi.dbObjects.User;
import club.wpia.gigi.testUtils.IOUtils;
private Organisation org2 = createUniqueOrg();
+ private Certificate cagent;
+
+ private PrivateKey pkagent;
+
public TestOrgSwitch() throws IOException, GigiApiException {
assertEquals(403, get(SwitchOrganisation.PATH).getResponseCode());
u2 = User.getById(createVerificationUser("testworker", "testname", email, TEST_PASSWORD));
assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + org1.getId(), "email=" + URLEncoder.encode(u2.getEmail(), "UTF-8") + "&do_affiliate=y&master=y", 1));
assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + org2.getId(), "email=" + URLEncoder.encode(u2.getEmail(), "UTF-8") + "&do_affiliate=y&master=y", 1));
+ addChallenge(u2.getId(), CATSType.ORG_ADMIN_DP_CHALLENGE_NAME);
+ cagent = loginCertificate;
+ pkagent = loginPrivateKey;
// login with new user u2
cookie = cookieWithCertificateLogin(u2);
URLConnection uc = get(cookie, SwitchOrganisation.PATH);
assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
}
+
+ @Test
+ public void testSwitchOrgLoginChallenge() throws IOException, GigiApiException, KeyManagementException, NoSuchAlgorithmException, GeneralSecurityException {
+ loginCertificate = cagent;
+ loginPrivateKey = pkagent;
+ cookie = login(pkagent, cagent.cert());
+ String email = createUniqueName() + "@testdom.com";
+ User u3 = User.getById(createVerificationUser("testworker", "testname", email, TEST_PASSWORD));
+ assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + org1.getId(), "email=" + URLEncoder.encode(u3.getEmail(), "UTF-8") + "&do_affiliate=y&master=y", 1));
+ assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + org2.getId(), "email=" + URLEncoder.encode(u3.getEmail(), "UTF-8") + "&do_affiliate=y&master=y", 1));
+
+ cookie = cookieWithCertificateLogin(u3);
+ URLConnection uc = get(cookie, SwitchOrganisation.PATH);
+ assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
+
+ addChallenge(u3.getId(), CATSType.ORG_ADMIN_DP_CHALLENGE_NAME);
+ clearCaches();
+ uc = get(cookie, SwitchOrganisation.PATH);
+ assertEquals(200, ((HttpURLConnection) uc).getResponseCode());
+ }
}