From 2ebc6197318505616d3775775d17180845154f84 Mon Sep 17 00:00:00 2001
From: INOPIAE <m.maengel@inopiae.de>
Date: Sun, 14 Jul 2019 06:43:47 +0200
Subject: [PATCH] add: ensure that for TTP Agent actions certificate login is
 used

related to issue #150

Change-Id: If6f636f09b9ea32a8558f1e44474a6585b09ef8d
---
 src/club/wpia/gigi/pages/admin/TTPAdminPage.java |  2 +-
 tests/club/wpia/gigi/pages/wot/TestTTPAdmin.java | 16 ++++++++++++----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/club/wpia/gigi/pages/admin/TTPAdminPage.java b/src/club/wpia/gigi/pages/admin/TTPAdminPage.java
index 3e7c4e86..90d58b24 100644
--- a/src/club/wpia/gigi/pages/admin/TTPAdminPage.java
+++ b/src/club/wpia/gigi/pages/admin/TTPAdminPage.java
@@ -90,6 +90,6 @@ public class TTPAdminPage extends Page {
 
     @Override
     public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && ac.isInGroup(Group.TTP_AGENT);
+        return ac != null && ac.isInGroup(Group.TTP_AGENT) && ac.isStronglyAuthenticated();
     }
 }
diff --git a/tests/club/wpia/gigi/pages/wot/TestTTPAdmin.java b/tests/club/wpia/gigi/pages/wot/TestTTPAdmin.java
index d518dea4..0e11f6df 100644
--- a/tests/club/wpia/gigi/pages/wot/TestTTPAdmin.java
+++ b/tests/club/wpia/gigi/pages/wot/TestTTPAdmin.java
@@ -4,6 +4,7 @@ import static org.junit.Assert.*;
 
 import java.io.IOException;
 import java.net.MalformedURLException;
+import java.security.GeneralSecurityException;
 
 import org.junit.Test;
 
@@ -22,21 +23,21 @@ public class TestTTPAdmin extends ClientTest {
     }
 
     @Test
-    public void testHasRight() throws IOException, GigiApiException {
+    public void testHasRight() throws IOException, GigiApiException, GeneralSecurityException, InterruptedException {
         testTTPAdmin(true);
     }
 
     @Test
-    public void testHasNoRight() throws IOException, GigiApiException {
+    public void testHasNoRight() throws IOException, GigiApiException, GeneralSecurityException, InterruptedException {
         testTTPAdmin(false);
     }
 
-    public void testTTPAdmin(boolean hasRight) throws IOException, GigiApiException {
+    public void testTTPAdmin(boolean hasRight) throws IOException, GigiApiException, GeneralSecurityException, InterruptedException {
         if (hasRight) {
             grant(u, Group.TTP_AGENT);
         }
         grant(u, TTPAdminPage.TTP_APPLICANT);
-        cookie = login(u.getEmail(), TEST_PASSWORD);
+        cookie = cookieWithCertificateLogin(u);
 
         assertEquals( !hasRight ? 403 : 200, fetchStatusCode(TTPAdminPage.PATH));
         assertEquals( !hasRight ? 403 : 200, fetchStatusCode(TTPAdminPage.PATH + "/"));
@@ -48,4 +49,11 @@ public class TestTTPAdmin extends ClientTest {
     private int fetchStatusCode(String path) throws MalformedURLException, IOException {
         return get(path).getResponseCode();
     }
+
+    @Test
+    public void testVerifyWithoutCertLogin() throws IOException {
+        cookie = login(u.getEmail(), TEST_PASSWORD);
+        loginCertificate = null;
+        assertEquals(403, get(cookie, TTPAdminPage.PATH).getResponseCode());
+    }
 }
-- 
2.39.2