From 8f8ecf399f5e25fdf8620dcba77fb1474839dc92 Mon Sep 17 00:00:00 2001 From: INOPIAE Date: Tue, 16 Jul 2019 14:42:33 +0200 Subject: [PATCH] add: ensure that for RA Agent actions there is a valid RA Challenge related to issue #150 Change-Id: I2438e8941864103fe1b2d7c542736c19acb01419 --- src/club/wpia/gigi/pages/MainPage.java | 6 +++++ src/club/wpia/gigi/pages/MainPage.templ | 8 +++++- .../wpia/gigi/util/AuthorizationContext.java | 2 +- tests/club/wpia/gigi/pages/TestMain.java | 25 +++++++++++++++++++ .../wpia/gigi/pages/wot/TestVerification.java | 15 ++++++++++- .../wpia/gigi/testUtils/ConfiguredTest.java | 20 ++++++++++++++- 6 files changed, 72 insertions(+), 4 deletions(-) diff --git a/src/club/wpia/gigi/pages/MainPage.java b/src/club/wpia/gigi/pages/MainPage.java index 7fb5228e..a486618f 100644 --- a/src/club/wpia/gigi/pages/MainPage.java +++ b/src/club/wpia/gigi/pages/MainPage.java @@ -41,6 +41,12 @@ public class MainPage extends Page { vars.put("vp", u.getVerificationPoints()); vars.put("xp", u.getExperiencePoints()); + + vars.put("catsinfo", false); + if (u.canVerify() && !u.hasValidRAChallenge()) { + vars.put("catsinfo", true); + vars.put("catsra", true); + } Certificate[] c = u.getCertificates(false); vars.put("c-no", c.length); diff --git a/src/club/wpia/gigi/pages/MainPage.templ b/src/club/wpia/gigi/pages/MainPage.templ index 2b14f704..8f9f8731 100644 --- a/src/club/wpia/gigi/pages/MainPage.templ +++ b/src/club/wpia/gigi/pages/MainPage.templ @@ -12,7 +12,13 @@ - + + +

:

diff --git a/src/club/wpia/gigi/util/AuthorizationContext.java b/src/club/wpia/gigi/util/AuthorizationContext.java index 566436ac..66c65450 100644 --- a/src/club/wpia/gigi/util/AuthorizationContext.java +++ b/src/club/wpia/gigi/util/AuthorizationContext.java @@ -113,7 +113,7 @@ public class AuthorizationContext implements Outputable, Serializable { } public boolean canVerify() { - return target instanceof User && ((User) target).canVerify() && isStronglyAuthenticated(); + return target instanceof User && ((User) target).canVerify() && isStronglyAuthenticated() && ((User) target).hasValidRAChallenge(); } public boolean isStronglyAuthenticated() { diff --git a/tests/club/wpia/gigi/pages/TestMain.java b/tests/club/wpia/gigi/pages/TestMain.java index 194097fa..e6dce456 100644 --- a/tests/club/wpia/gigi/pages/TestMain.java +++ b/tests/club/wpia/gigi/pages/TestMain.java @@ -13,6 +13,7 @@ import java.security.GeneralSecurityException; import org.junit.Test; import club.wpia.gigi.GigiApiException; +import club.wpia.gigi.dbObjects.CATS.CATSType; import club.wpia.gigi.dbObjects.Country; import club.wpia.gigi.dbObjects.Country.CountryCodeType; import club.wpia.gigi.dbObjects.Group; @@ -93,4 +94,28 @@ public class TestMain extends ClientTest { makeAgent(orgAdmin.getId()); o.addAdmin(orgAdmin, u, true); } + + @Test + public void testValidChallenges() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException { + cookie = cookieWithCertificateLogin(u); + + // test RA Agent challenge + URLConnection uc = new URL("https://" + getSecureServerName()).openConnection(); + authenticate((HttpURLConnection) uc); + String content = IOUtils.readURL(uc); + assertThat(content, not(containsString("you need to pass the RA Agent Challenge"))); + + add100Points(u.getId()); + addChallengeInPast(u.getId(), CATSType.AGENT_CHALLENGE); + uc = new URL("https://" + getSecureServerName()).openConnection(); + authenticate((HttpURLConnection) uc); + content = IOUtils.readURL(uc); + assertThat(content, containsString("you need to pass the RA Agent Challenge")); + + addChallenge(u.getId(), CATSType.AGENT_CHALLENGE); + uc = new URL("https://" + getSecureServerName()).openConnection(); + authenticate((HttpURLConnection) uc); + content = IOUtils.readURL(uc); + assertThat(content, not(containsString("you need to pass the RA Agent Challenge"))); + } } diff --git a/tests/club/wpia/gigi/pages/wot/TestVerification.java b/tests/club/wpia/gigi/pages/wot/TestVerification.java index a25a2bc4..9ad541a3 100644 --- a/tests/club/wpia/gigi/pages/wot/TestVerification.java +++ b/tests/club/wpia/gigi/pages/wot/TestVerification.java @@ -23,6 +23,7 @@ import org.junit.Test; import club.wpia.gigi.GigiApiException; import club.wpia.gigi.database.GigiPreparedStatement; +import club.wpia.gigi.dbObjects.CATS.CATSType; import club.wpia.gigi.dbObjects.Country; import club.wpia.gigi.dbObjects.Group; import club.wpia.gigi.dbObjects.User; @@ -41,6 +42,8 @@ public class TestVerification extends ManagedTest { private int applicantName; + private int applicantId; + private String cookie; @Before @@ -50,7 +53,7 @@ public class TestVerification extends ManagedTest { applicantM = createUniqueName() + "@example.org"; createVerificationUser("a", "b", agentM, TEST_PASSWORD); - int applicantId = createVerifiedUser("a", "c", applicantM, TEST_PASSWORD); + applicantId = createVerifiedUser("a", "c", applicantM, TEST_PASSWORD); applicantName = User.getById(applicantId).getPreferredName().getId(); User users[] = User.findByEmail(agentM); @@ -391,4 +394,14 @@ public class TestVerification extends ManagedTest { loginCertificate = null; assertEquals(403, get(cookie, VerifyPage.PATH).getResponseCode()); } + + @Test + public void testVerifyWithoutValidChallenge() throws IOException, GigiApiException { + cookie = cookieWithCertificateLogin(User.getById(applicantId)); + add100Points(applicantId); + addChallengeInPast(applicantId, CATSType.AGENT_CHALLENGE); + assertEquals(403, get(cookie, VerifyPage.PATH).getResponseCode()); + addChallenge(applicantId, CATSType.AGENT_CHALLENGE); + assertEquals(200, get(cookie, VerifyPage.PATH).getResponseCode()); + } } diff --git a/tests/club/wpia/gigi/testUtils/ConfiguredTest.java b/tests/club/wpia/gigi/testUtils/ConfiguredTest.java index 13eaee5d..c0d6d4f7 100644 --- a/tests/club/wpia/gigi/testUtils/ConfiguredTest.java +++ b/tests/club/wpia/gigi/testUtils/ConfiguredTest.java @@ -20,6 +20,7 @@ import java.security.Signature; import java.security.spec.RSAPrivateKeySpec; import java.security.spec.RSAPublicKeySpec; import java.sql.SQLException; +import java.sql.Timestamp; import java.text.SimpleDateFormat; import java.util.Calendar; import java.util.Date; @@ -38,6 +39,7 @@ import club.wpia.gigi.database.DatabaseConnection; import club.wpia.gigi.database.DatabaseConnection.Link; import club.wpia.gigi.database.GigiPreparedStatement; import club.wpia.gigi.database.SQLFileManager.ImportType; +import club.wpia.gigi.dbObjects.CATS; import club.wpia.gigi.dbObjects.CATS.CATSType; import club.wpia.gigi.dbObjects.CertificateProfile; import club.wpia.gigi.dbObjects.Domain; @@ -332,12 +334,28 @@ public abstract class ConfiguredTest { } public static void makeAgent(int uid) { + addChallenge(uid, CATSType.AGENT_CHALLENGE); + add100Points(uid); + } + + public static void addChallenge(int uid, CATSType ct) { try (GigiPreparedStatement ps1 = new GigiPreparedStatement("INSERT INTO cats_passed SET user_id=?, variant_id=?, language='en_EN', version='1'")) { ps1.setInt(1, uid); - ps1.setInt(2, CATSType.AGENT_CHALLENGE.getId()); + ps1.setInt(2, ct.getId()); + ps1.execute(); + } + } + + public static void addChallengeInPast(int uid, CATSType ct) { + try (GigiPreparedStatement ps1 = new GigiPreparedStatement("INSERT INTO cats_passed SET user_id=?, variant_id=?, pass_date=?, language='en_EN', version='1'")) { + ps1.setInt(1, uid); + ps1.setInt(2, ct.getId()); + ps1.setTimestamp(3, new Timestamp(new Date(System.currentTimeMillis() - 24L * 60 * 60 * (CATS.TEST_MONTHS + 1) * 31 * 1000L).getTime())); ps1.execute(); } + } + public static void add100Points(int uid) { try (GigiPreparedStatement ps2 = new GigiPreparedStatement("INSERT INTO `notary` SET `from`=?, `to`=?, points='100'")) { ps2.setInt(1, uid); ps2.setInt(2, User.getById(uid).getPreferredName().getId()); -- 2.39.2