From 7ea933e2e4cac62194d860cf213c1fd106ce76c5 Mon Sep 17 00:00:00 2001
From: INOPIAE <m.maengel@inopiae.de>
Date: Wed, 17 Jul 2019 06:06:36 +0200
Subject: [PATCH] add: ensure that for OrgAgent action there is a valid
 OrgAgent Challenge

related to issue #150

Change-Id: I9e57e82da383c26ccbcb659a0f93d5de59816b15
---
 src/club/wpia/gigi/pages/MainPage.java        |  5 ++++
 src/club/wpia/gigi/pages/MainPage.templ       |  3 +++
 .../wpia/gigi/pages/orga/CreateOrgPage.java   |  2 +-
 .../wpia/gigi/pages/orga/ViewOrgPage.java     |  2 +-
 tests/club/wpia/gigi/pages/TestMain.java      | 25 +++++++++++++++++++
 .../gigi/pages/orga/TestOrgManagement.java    | 13 ++++++++++
 tests/club/wpia/gigi/testUtils/OrgTest.java   |  2 ++
 7 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/src/club/wpia/gigi/pages/MainPage.java b/src/club/wpia/gigi/pages/MainPage.java
index 9b7e079c..e0170185 100644
--- a/src/club/wpia/gigi/pages/MainPage.java
+++ b/src/club/wpia/gigi/pages/MainPage.java
@@ -51,6 +51,11 @@ public class MainPage extends Page {
                 vars.put("catsinfo", true);
                 vars.put("catssupport", true);
             }
+            if (u.isInGroup(Group.ORG_AGENT) && !u.hasValidOrgAgentChallenge()) {
+                vars.put("catsinfo", true);
+                vars.put("catsorgagent", true);
+            }
+
             Certificate[] c = u.getCertificates(false);
             vars.put("c-no", c.length);
 
diff --git a/src/club/wpia/gigi/pages/MainPage.templ b/src/club/wpia/gigi/pages/MainPage.templ
index 52b805b5..e8ecee42 100644
--- a/src/club/wpia/gigi/pages/MainPage.templ
+++ b/src/club/wpia/gigi/pages/MainPage.templ
@@ -20,6 +20,9 @@
   <? if($catssupport) { ?>
     <p><?=_To act as supporter you need to pass the Support Challenge.?></p>
   <? } ?>
+  <? if($catsorgagent) { ?>
+    <p><?=_To act as Organisation Agent you need to pass the Organisation Agent Challenge.?></p>
+  <? } ?>
   </div>
 <? } ?>
 <div class="card card-body bg-light">
diff --git a/src/club/wpia/gigi/pages/orga/CreateOrgPage.java b/src/club/wpia/gigi/pages/orga/CreateOrgPage.java
index 27a0e4de..a27cf5ba 100644
--- a/src/club/wpia/gigi/pages/orga/CreateOrgPage.java
+++ b/src/club/wpia/gigi/pages/orga/CreateOrgPage.java
@@ -21,7 +21,7 @@ public class CreateOrgPage extends ManagedFormPage {
 
     @Override
     public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && ac.isInGroup(ORG_AGENT) && ac.isStronglyAuthenticated();
+        return ac != null && ac.isInGroup(ORG_AGENT) && ac.isStronglyAuthenticated() && ac.getActor().hasValidOrgAgentChallenge();
     }
 
     @Override
diff --git a/src/club/wpia/gigi/pages/orga/ViewOrgPage.java b/src/club/wpia/gigi/pages/orga/ViewOrgPage.java
index 0ee3d5dd..03274215 100644
--- a/src/club/wpia/gigi/pages/orga/ViewOrgPage.java
+++ b/src/club/wpia/gigi/pages/orga/ViewOrgPage.java
@@ -36,7 +36,7 @@ public class ViewOrgPage extends ManagedMultiFormPage {
 
     @Override
     public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && (ac.isInGroup(CreateOrgPage.ORG_AGENT) || ac.getActor().getOrganisations(true).size() != 0) && ac.isStronglyAuthenticated();
+        return ac != null && ((ac.isInGroup(CreateOrgPage.ORG_AGENT) && ac.getActor().hasValidOrgAgentChallenge()) || ac.getActor().getOrganisations(true).size() != 0) && ac.isStronglyAuthenticated();
     }
 
     @Override
diff --git a/tests/club/wpia/gigi/pages/TestMain.java b/tests/club/wpia/gigi/pages/TestMain.java
index 47c4c151..70a71a5d 100644
--- a/tests/club/wpia/gigi/pages/TestMain.java
+++ b/tests/club/wpia/gigi/pages/TestMain.java
@@ -142,5 +142,30 @@ public class TestMain extends ClientTest {
         authenticate((HttpURLConnection) uc);
         content = IOUtils.readURL(uc);
         assertThat(content, not(containsString("you need to pass the Support Challenge")));
+
+        // test Org Agent challenge
+        uc = new URL("https://" + getSecureServerName()).openConnection();
+        authenticate((HttpURLConnection) uc);
+        content = IOUtils.readURL(uc);
+        assertThat(content, not(containsString("you need to pass the Organisation Agent Challenge")));
+
+        grant(u, Group.ORG_AGENT);
+        cookie = login(loginPrivateKey, loginCertificate.cert());
+        uc = new URL("https://" + getSecureServerName()).openConnection();
+        authenticate((HttpURLConnection) uc);
+        content = IOUtils.readURL(uc);
+        assertThat(content, containsString("you need to pass the Organisation Agent Challenge"));
+
+        addChallengeInPast(u.getId(), CATSType.ORG_AGENT_CHALLENGE);
+        uc = new URL("https://" + getSecureServerName()).openConnection();
+        authenticate((HttpURLConnection) uc);
+        content = IOUtils.readURL(uc);
+        assertThat(content, containsString("you need to pass the Organisation Agent Challenge"));
+
+        addChallenge(u.getId(), CATSType.ORG_AGENT_CHALLENGE);
+        uc = new URL("https://" + getSecureServerName()).openConnection();
+        authenticate((HttpURLConnection) uc);
+        content = IOUtils.readURL(uc);
+        assertThat(content, not(containsString("you need to pass the Organisation Agent Challenge")));
     }
 }
diff --git a/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java b/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java
index 6565d25f..164facf6 100644
--- a/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java
+++ b/tests/club/wpia/gigi/pages/orga/TestOrgManagement.java
@@ -17,6 +17,7 @@ import org.junit.After;
 import org.junit.Test;
 
 import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
 import club.wpia.gigi.dbObjects.Certificate;
 import club.wpia.gigi.dbObjects.Country;
 import club.wpia.gigi.dbObjects.Country.CountryCodeType;
@@ -286,4 +287,16 @@ public class TestOrgManagement extends OrgTest {
         uc = get(cookie, CreateOrgPage.DEFAULT_PATH);
         assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
     }
+
+    @Test
+    public void testAgentWithoutValidChallenge() throws IOException, GigiApiException {
+        User agent = User.getById(createVerificationUser("testworker", "testname", createUniqueName() + "@testdom.com", TEST_PASSWORD));
+        addChallenge(agent.getId(), CATSType.ORG_AGENT_CHALLENGE);
+        loginCertificate = null;
+        cookie = cookieWithCertificateLogin(agent);
+        URLConnection uc = get(cookie, ViewOrgPage.DEFAULT_PATH);
+        assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
+        uc = get(cookie, CreateOrgPage.DEFAULT_PATH);
+        assertEquals(403, ((HttpURLConnection) uc).getResponseCode());
+    }
 }
diff --git a/tests/club/wpia/gigi/testUtils/OrgTest.java b/tests/club/wpia/gigi/testUtils/OrgTest.java
index 6c3ba7c4..9f33686c 100644
--- a/tests/club/wpia/gigi/testUtils/OrgTest.java
+++ b/tests/club/wpia/gigi/testUtils/OrgTest.java
@@ -3,6 +3,7 @@ package club.wpia.gigi.testUtils;
 import java.io.IOException;
 
 import club.wpia.gigi.GigiApiException;
+import club.wpia.gigi.dbObjects.CATS.CATSType;
 import club.wpia.gigi.dbObjects.Country;
 import club.wpia.gigi.dbObjects.Country.CountryCodeType;
 import club.wpia.gigi.dbObjects.Group;
@@ -14,6 +15,7 @@ public class OrgTest extends ClientTest {
     public OrgTest() throws IOException, GigiApiException {
         makeAgent(u.getId());
         u.grantGroup(getSupporter(), Group.ORG_AGENT);
+        addChallenge(u.getId(), CATSType.ORG_AGENT_CHALLENGE);
         clearCaches();
         cookie = cookieWithCertificateLogin(u);
     }
-- 
2.39.2