From 13a45cb32dc366dfba718199e968f9b5c1d2001e Mon Sep 17 00:00:00 2001 From: INOPIAE Date: Sun, 14 Jul 2019 07:33:56 +0200 Subject: [PATCH] add: ensure that for Org Agent actions certificate login is used related to issue #150 Change-Id: I9242be2df77ae9a7e9723bd0a5c5e577a22c3b54 --- .../wpia/gigi/pages/orga/CreateOrgPage.java | 2 +- .../wpia/gigi/pages/orga/ViewOrgPage.java | 2 +- .../wpia/gigi/pages/orga/TestOrgDomain.java | 1 + .../gigi/pages/orga/TestOrgManagement.java | 19 +++++++++++++++++++ .../wpia/gigi/pages/orga/TestOrgSwitch.java | 2 +- tests/club/wpia/gigi/testUtils/OrgTest.java | 2 +- 6 files changed, 24 insertions(+), 4 deletions(-) diff --git a/src/club/wpia/gigi/pages/orga/CreateOrgPage.java b/src/club/wpia/gigi/pages/orga/CreateOrgPage.java index 98076fe9..27a0e4de 100644 --- a/src/club/wpia/gigi/pages/orga/CreateOrgPage.java +++ b/src/club/wpia/gigi/pages/orga/CreateOrgPage.java @@ -21,7 +21,7 @@ public class CreateOrgPage extends ManagedFormPage { @Override public boolean isPermitted(AuthorizationContext ac) { - return ac != null && ac.isInGroup(ORG_AGENT); + return ac != null && ac.isInGroup(ORG_AGENT) && ac.isStronglyAuthenticated(); } @Override diff --git a/src/club/wpia/gigi/pages/orga/ViewOrgPage.java b/src/club/wpia/gigi/pages/orga/ViewOrgPage.java index 6d7e9a2a..a5119068 100644 --- a/src/club/wpia/gigi/pages/orga/ViewOrgPage.java +++ b/src/club/wpia/gigi/pages/orga/ViewOrgPage.java @@ -36,7 +36,7 @@ public class ViewOrgPage extends ManagedMultiFormPage { @Override public boolean isPermitted(AuthorizationContext ac) { - return ac != null && (ac.isInGroup(CreateOrgPage.ORG_AGENT) || ac.getActor().getOrganisations(true).size() != 0); + return ac != null && ((ac.isInGroup(CreateOrgPage.ORG_AGENT) && ac.isStronglyAuthenticated()) || ac.getActor().getOrganisations(true).size() != 0); } @Override diff --git a/tests/club/wpia/gigi/pages/orga/TestOrgDomain.java b/tests/club/wpia/gigi/pages/orga/TestOrgDomain.java index a17586b2..7d4123cb 100644 --- a/tests/club/wpia/gigi/pages/orga/TestOrgDomain.java +++ b/tests/club/wpia/gigi/pages/orga/TestOrgDomain.java @@ -100,6 +100,7 @@ public class TestOrgDomain extends OrgTest { assertEquals(1, o.getDomains().length); User admin = createOrgAdmin(o); String adminCookie = login(admin.getEmail(), TEST_PASSWORD); + loginCertificate = null; assertNull(executeBasicWebInteraction(adminCookie, SwitchOrganisation.PATH, "org:" + o.getId() + "=y", 0)); // test that delete button is not displayed diff --git a/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java b/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java index 2bb91f12..6565d25f 100644 --- a/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java +++ b/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java @@ -9,6 +9,7 @@ import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URLConnection; import java.net.URLEncoder; +import java.security.PrivateKey; import java.sql.SQLException; import java.util.List; @@ -16,6 +17,7 @@ import org.junit.After; import org.junit.Test; import club.wpia.gigi.GigiApiException; +import club.wpia.gigi.dbObjects.Certificate; import club.wpia.gigi.dbObjects.Country; import club.wpia.gigi.dbObjects.Country.CountryCodeType; import club.wpia.gigi.dbObjects.Organisation; @@ -90,9 +92,14 @@ public class TestOrgManagement extends OrgTest { o1.addAdmin(u2, u, false); String session2 = login(u2.getEmail(), TEST_PASSWORD); + Certificate c1 = loginCertificate; + PrivateKey pk1 = loginPrivateKey; + loginCertificate = null; + URLConnection uc = get(session2, ViewOrgPage.DEFAULT_PATH); assertEquals(403, ((HttpURLConnection) uc).getResponseCode()); + session2 = cookieWithCertificateLogin(u2); uc = get(session2, MyDetails.PATH); String content = IOUtils.readURL(uc); assertThat(content, containsString(o1.getName())); @@ -102,6 +109,9 @@ public class TestOrgManagement extends OrgTest { uc = get(session2, ViewOrgPage.DEFAULT_PATH + "/" + o2.getId()); assertEquals(403, ((HttpURLConnection) uc).getResponseCode()); + loginCertificate = c1; + loginPrivateKey = pk1; + uc = get(ViewOrgPage.DEFAULT_PATH); content = IOUtils.readURL(uc); assertThat(content, containsString(o1.getName())); @@ -267,4 +277,13 @@ public class TestOrgManagement extends OrgTest { return executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + o1.getId(), "action=updateCertificateData&O=" + o + "&C=" + c + "&ST=" + province + "&L=" + ct, 0); } + @Test + public void testAgentWithoutCertLogin() throws IOException, GigiApiException { + cookie = login(u.getEmail(), TEST_PASSWORD); + loginCertificate = null; + URLConnection uc = get(cookie, ViewOrgPage.DEFAULT_PATH); + assertEquals(403, ((HttpURLConnection) uc).getResponseCode()); + uc = get(cookie, CreateOrgPage.DEFAULT_PATH); + assertEquals(403, ((HttpURLConnection) uc).getResponseCode()); + } } diff --git a/tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java b/tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java index 122ed18b..40aed5f4 100644 --- a/tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java +++ b/tests/club/wpia/gigi/pages/orga/TestOrgSwitch.java @@ -35,7 +35,7 @@ public class TestOrgSwitch extends OrgTest { assertNull(executeBasicWebInteraction(cookie, ViewOrgPage.DEFAULT_PATH + "/" + org2.getId(), "email=" + URLEncoder.encode(u2.getEmail(), "UTF-8") + "&do_affiliate=y&master=y", 1)); // login with new user u2 - cookie = login(email, TEST_PASSWORD); + cookie = cookieWithCertificateLogin(u2); } @After diff --git a/tests/club/wpia/gigi/testUtils/OrgTest.java b/tests/club/wpia/gigi/testUtils/OrgTest.java index 2d79c5a4..6c3ba7c4 100644 --- a/tests/club/wpia/gigi/testUtils/OrgTest.java +++ b/tests/club/wpia/gigi/testUtils/OrgTest.java @@ -15,7 +15,7 @@ public class OrgTest extends ClientTest { makeAgent(u.getId()); u.grantGroup(getSupporter(), Group.ORG_AGENT); clearCaches(); - cookie = login(email, TEST_PASSWORD); + cookie = cookieWithCertificateLogin(u); } public Organisation createUniqueOrg() throws GigiApiException { -- 2.39.2