From db3ef5c43aa600a5bba60e57efd92932d2323d8c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Thu, 5 Nov 2015 16:19:39 +0100
Subject: [PATCH] add: more strict ticket handling. User history page

---
 src/org/cacert/gigi/Gigi.java                 | 26 ++++----
 src/org/cacert/gigi/Gigi.templ                |  2 +-
 .../pages/admin/support/FindDomainPage.java   |  3 +-
 .../pages/admin/support/FindUserPage.java     |  3 +-
 .../admin/support/SupportEnterTicketForm.java | 23 ++++---
 .../support/SupportEnterTicketForm.templ      |  5 ++
 .../admin/support/SupportEnterTicketPage.java | 51 ++++++++++++++++
 .../admin/support/SupportUserDetailsPage.java | 19 ++----
 .../support/SupportUserDetailsPage.templ      |  1 -
 .../admin/support/SupportUserHistory.java     | 39 ++++++++++++
 .../gigi/util/AuthorizationContext.java       | 49 ++++++++++++++-
 .../pages/admin/TestSEAdminPageDetails.java   |  3 +
 .../TestSEAdminPageUserDomainSearch.java      |  2 +
 .../admin/TestSEAdminPageUserMailSearch.java  | 60 +++----------------
 .../pages/admin/TestSEAdminTicketSetting.java | 32 ++++++++++
 .../org/cacert/gigi/testUtils/ClientTest.java | 22 +++++++
 .../cacert/gigi/testUtils/ManagedTest.java    |  9 ++-
 17 files changed, 255 insertions(+), 94 deletions(-)
 create mode 100644 src/org/cacert/gigi/pages/admin/support/SupportEnterTicketPage.java
 create mode 100644 src/org/cacert/gigi/pages/admin/support/SupportUserHistory.java
 create mode 100644 tests/org/cacert/gigi/pages/admin/TestSEAdminTicketSetting.java

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index c70c913b..b347a63f 100644
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -22,11 +22,8 @@ import javax.servlet.http.HttpSession;
 
 import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.dbObjects.CACertificate;
-import org.cacert.gigi.dbObjects.CertificateOwner;
 import org.cacert.gigi.dbObjects.CertificateProfile;
 import org.cacert.gigi.dbObjects.DomainPingConfiguration;
-import org.cacert.gigi.dbObjects.Organisation;
-import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.Menu;
 import org.cacert.gigi.output.PageMenuItem;
@@ -53,7 +50,9 @@ import org.cacert.gigi.pages.account.mail.MailOverview;
 import org.cacert.gigi.pages.admin.TTPAdminPage;
 import org.cacert.gigi.pages.admin.support.FindDomainPage;
 import org.cacert.gigi.pages.admin.support.FindUserPage;
+import org.cacert.gigi.pages.admin.support.SupportEnterTicketPage;
 import org.cacert.gigi.pages.admin.support.SupportUserDetailsPage;
+import org.cacert.gigi.pages.admin.support.SupportUserHistory;
 import org.cacert.gigi.pages.error.AccessDenied;
 import org.cacert.gigi.pages.error.PageNotFound;
 import org.cacert.gigi.pages.main.RegisterPage;
@@ -141,7 +140,9 @@ public class Gigi extends HttpServlet {
             putPage(ViewOrgPage.DEFAULT_PATH + "/*", new ViewOrgPage(), "Organisation Admin");
             putPage(FindUserPage.PATH, new FindUserPage("Find User"), "System Admin");
             putPage(FindDomainPage.PATH, new FindDomainPage("Find Domain"), "System Admin");
+            putPage(SupportEnterTicketPage.PATH, new SupportEnterTicketPage(), "System Admin");
             putPage(SupportUserDetailsPage.PATH + "*", new SupportUserDetailsPage("Support: User Details"), null);
+            putPage(SupportUserHistory.PATH, new SupportUserHistory(), null);
             if (testing) {
                 try {
                     Class<?> manager = Class.forName("org.cacert.gigi.pages.Manager");
@@ -264,17 +265,20 @@ public class Gigi extends HttpServlet {
             return page;
         }
         int idx = pathInfo.lastIndexOf('/');
+        if (idx == -1 || idx == 0) {
+            return null;
+        }
 
         page = pages.get(pathInfo.substring(0, idx) + "/*");
         if (page != null) {
             return page;
         }
-
-        int lIdx = pathInfo.lastIndexOf('/', idx);
+        int lIdx = pathInfo.lastIndexOf('/', idx - 1);
         if (lIdx == -1) {
             return null;
         }
-        page = pages.get(pathInfo.substring(0, lIdx) + "/" + pathInfo.substring(idx));
+        String lastResort = pathInfo.substring(0, lIdx) + "/*" + pathInfo.substring(idx);
+        page = pages.get(lastResort);
         return page;
 
     }
@@ -382,14 +386,10 @@ public class Gigi extends HttpServlet {
             vars.put("year", Calendar.getInstance().get(Calendar.YEAR));
             vars.put("content", content);
             if (currentAuthContext != null) {
-                CertificateOwner target = currentAuthContext.getTarget();
-                User currentPageUser = LoginPage.getUser(req);
-                if (target != currentPageUser) {
-                    vars.put("loggedInAs", ((Organisation) target).getName() + " (" + currentPageUser.getName().toString() + ")");
-                } else {
-                    vars.put("loggedInAs", currentPageUser.getName().toString());
-                }
+                // TODO maybe move this information into the AuthContext object
                 vars.put("loginMethod", lang.getTranslation((String) req.getSession().getAttribute(LOGIN_METHOD)));
+                vars.put("authContext", currentAuthContext);
+
             }
             resp.setContentType("text/html; charset=utf-8");
             baseTemplate.output(resp.getWriter(), lang, vars);
diff --git a/src/org/cacert/gigi/Gigi.templ b/src/org/cacert/gigi/Gigi.templ
index 478c9e9b..5be91d30 100644
--- a/src/org/cacert/gigi/Gigi.templ
+++ b/src/org/cacert/gigi/Gigi.templ
@@ -20,7 +20,7 @@
 			</div>
 		</div>
 		<div id="pageNav">
-			<? if($loggedInAs) { ?><div><?=_Logged in as?>: <?=$loggedInAs?> <?=_with?> <?=$loginMethod?></div><? } ?>
+			<? if($authContext) { ?><div><?=$authContext?></div><? } ?>
 			<?=$menu?>
 			<div>
 				<h3 class="pointer"><?=_Advertising?></h3>
diff --git a/src/org/cacert/gigi/pages/admin/support/FindDomainPage.java b/src/org/cacert/gigi/pages/admin/support/FindDomainPage.java
index acff6463..8f0830bb 100644
--- a/src/org/cacert/gigi/pages/admin/support/FindDomainPage.java
+++ b/src/org/cacert/gigi/pages/admin/support/FindDomainPage.java
@@ -1,6 +1,5 @@
 package org.cacert.gigi.pages.admin.support;
 
-import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.pages.OneFormPage;
 import org.cacert.gigi.util.AuthorizationContext;
@@ -20,6 +19,6 @@ public class FindDomainPage extends OneFormPage {
 
     @Override
     public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && ac.isInGroup(Group.SUPPORTER);
+        return ac != null && ac.canSupport();
     }
 }
diff --git a/src/org/cacert/gigi/pages/admin/support/FindUserPage.java b/src/org/cacert/gigi/pages/admin/support/FindUserPage.java
index ad112919..562f0e89 100644
--- a/src/org/cacert/gigi/pages/admin/support/FindUserPage.java
+++ b/src/org/cacert/gigi/pages/admin/support/FindUserPage.java
@@ -8,7 +8,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.cacert.gigi.GigiApiException;
-import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.template.Form;
@@ -67,7 +66,7 @@ public class FindUserPage extends Page {
 
     @Override
     public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && ac.isInGroup(Group.SUPPORTER);
+        return ac != null && ac.canSupport();
     }
 
 }
diff --git a/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketForm.java b/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketForm.java
index 5db93f30..f7ddea07 100644
--- a/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketForm.java
+++ b/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketForm.java
@@ -6,31 +6,38 @@ import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 
 import org.cacert.gigi.GigiApiException;
-import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.pages.LoginPage;
+import org.cacert.gigi.util.AuthorizationContext;
 
 public class SupportEnterTicketForm extends Form {
 
     private static Template t;
 
-    private User target;
     static {
         t = new Template(SupportEnterTicketForm.class.getResource("SupportEnterTicketForm.templ"));
     }
 
-    public SupportEnterTicketForm(HttpServletRequest hsr, User target) {
+    public SupportEnterTicketForm(HttpServletRequest hsr) {
         super(hsr);
-        this.target = target;
     }
 
     @Override
     public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
-        // [asdmASDM]\d{8}\.\d+
-        String ticket = req.getParameter("ticketno");
-        if (ticket.matches("[asdmASDM]\\d{8}\\.\\d+")) {
-            req.getSession().setAttribute("ticketNo" + target.getId(), ticket);
+        if (req.getParameter("setTicket") != null) {
+            // [asdmASDM]\d{8}\.\d+
+            String ticket = req.getParameter("ticketno");
+            if (ticket.matches("[asdmASDM]\\d{8}\\.\\d+")) {
+                AuthorizationContext ac = LoginPage.getAuthorizationContext(req);
+                ac.setSupporterTicketId(ticket);
+                return true;
+            }
+            return false;
+        } else if (req.getParameter("deleteTicket") != null) {
+            AuthorizationContext ac = LoginPage.getAuthorizationContext(req);
+            ac.setSupporterTicketId(null);
             return true;
         }
         return false;
diff --git a/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketForm.templ b/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketForm.templ
index fe9c34fb..3f7c82c4 100644
--- a/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketForm.templ
+++ b/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketForm.templ
@@ -9,4 +9,9 @@
         <tr>
             <td colspan="2"><input type="submit" name="setTicket" value="<?=_Set ticket number?>"></td>
         </tr>
+<? if($ticketNo) {?>
+        <tr>
+            <td colspan="2"><input type="submit" name="deleteTicket" value="<?=_End working on ticket?>"></td>
+        </tr>
+<? } ?>
 </table>
\ No newline at end of file
diff --git a/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketPage.java b/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketPage.java
new file mode 100644
index 00000000..10b65f6a
--- /dev/null
+++ b/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketPage.java
@@ -0,0 +1,51 @@
+package org.cacert.gigi.pages.admin.support;
+
+import java.io.IOException;
+import java.util.HashMap;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.cacert.gigi.GigiApiException;
+import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.pages.LoginPage;
+import org.cacert.gigi.pages.Page;
+
+public class SupportEnterTicketPage extends Page {
+
+    public static final String PATH = "/support/ticket";
+
+    public SupportEnterTicketPage() {
+        super("Set Ticket");
+    }
+
+    @Override
+    public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        if (req.getParameter("setTicket") == null && req.getParameter("deleteTicket") == null) {
+            return false;
+        }
+        SupportEnterTicketForm f = Form.getForm(req, SupportEnterTicketForm.class);
+        try {
+            if (f.submit(resp.getWriter(), req)) {
+                if (req.getParameter("setTicket") != null) {
+                    resp.sendRedirect(FindUserPage.PATH);
+                } else {
+                    resp.sendRedirect(PATH);
+                }
+                return true;
+            }
+        } catch (GigiApiException e) {
+            e.format(resp.getWriter(), getLanguage(req));
+        }
+        return false;
+
+    }
+
+    @Override
+    public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        HashMap<String, Object> vars = new HashMap<String, Object>();
+        vars.put("ticketNo", LoginPage.getAuthorizationContext(req).getSupporterTicketId());
+        new SupportEnterTicketForm(req).output(resp.getWriter(), getLanguage(req), vars);
+    }
+
+}
diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
index b1ec3abf..b0ddb8fe 100644
--- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
+++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
@@ -9,12 +9,12 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.dbObjects.EmailAddress;
-import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.SupportedUser;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.output.template.IterableDataset;
+import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.Page;
 import org.cacert.gigi.util.AuthorizationContext;
 
@@ -36,11 +36,10 @@ public class SupportUserDetailsPage extends Page {
             resp.sendError(404);
         }
         final User user = User.getById(id);
-        String ticket = (String) req.getSession().getAttribute("ticketNo" + user.getId());
-        SupportUserDetailsForm f = new SupportUserDetailsForm(req, new SupportedUser(user, getUser(req), ticket));
+        SupportedUser targetUser = new SupportedUser(user, getUser(req), LoginPage.getAuthorizationContext(req).getSupporterTicketId());
+        SupportUserDetailsForm f = new SupportUserDetailsForm(req, targetUser);
         HashMap<String, Object> vars = new HashMap<String, Object>();
         vars.put("details", f);
-        vars.put("ticketNo", ticket);
         final EmailAddress[] addrs = user.getEmails();
         vars.put("emails", new IterableDataset() {
 
@@ -59,20 +58,14 @@ public class SupportUserDetailsPage extends Page {
                 return true;
             }
         });
-        vars.put("certifrevoke", new SupportRevokeCertificatesForm(req, new SupportedUser(user, getUser(req), ticket)));
-        vars.put("tickethandling", new SupportEnterTicketForm(req, user));
+        vars.put("certifrevoke", new SupportRevokeCertificatesForm(req, targetUser));
         getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars);
     }
 
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         try {
-            if (req.getParameter("setTicket") != null) {
-
-                if ( !Form.getForm(req, SupportEnterTicketForm.class).submit(resp.getWriter(), req)) {
-                    throw new GigiApiException("Invalid ticket number!");
-                }
-            } else if (req.getParameter("revokeall") != null) {
+            if (req.getParameter("revokeall") != null) {
                 if ( !Form.getForm(req, SupportRevokeCertificatesForm.class).submit(resp.getWriter(), req)) {
                     throw new GigiApiException("No ticket number set.");
                 }
@@ -90,6 +83,6 @@ public class SupportUserDetailsPage extends Page {
 
     @Override
     public boolean isPermitted(AuthorizationContext ac) {
-        return ac != null && ac.isInGroup(Group.SUPPORTER);
+        return ac != null && ac.canSupport();
     }
 }
diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.templ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.templ
index 04195c4a..abd4167b 100644
--- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.templ
+++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.templ
@@ -1,4 +1,3 @@
-<?=$tickethandling?>
 <br/>
 <?=$details?>
 <table class="wrapper dataTable centertext">
diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserHistory.java b/src/org/cacert/gigi/pages/admin/support/SupportUserHistory.java
new file mode 100644
index 00000000..02ad8b0a
--- /dev/null
+++ b/src/org/cacert/gigi/pages/admin/support/SupportUserHistory.java
@@ -0,0 +1,39 @@
+package org.cacert.gigi.pages.admin.support;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.cacert.gigi.dbObjects.Group;
+import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
+
+public class SupportUserHistory extends Page {
+
+    public static final String PATH = "/support/user/*/history";
+
+    private static final int intStart = PATH.indexOf('*');
+
+    public SupportUserHistory() {
+        super("Support user history");
+    }
+
+    @Override
+    public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        String info = req.getPathInfo();
+        int id = Integer.parseInt(info.substring(intStart, info.length() - PATH.length() + intStart + 1));
+        User u = User.getById(id);
+        if (u == null) {
+            resp.sendError(404);
+            return;
+        }
+        // TODO get Admin log
+    }
+
+    @Override
+    public boolean isPermitted(AuthorizationContext ac) {
+        return ac != null && ac.isInGroup(Group.SUPPORTER);
+    }
+}
diff --git a/src/org/cacert/gigi/util/AuthorizationContext.java b/src/org/cacert/gigi/util/AuthorizationContext.java
index 9d190f72..16f458ca 100644
--- a/src/org/cacert/gigi/util/AuthorizationContext.java
+++ b/src/org/cacert/gigi/util/AuthorizationContext.java
@@ -1,15 +1,24 @@
 package org.cacert.gigi.util;
 
+import java.io.PrintWriter;
+import java.util.Map;
+
+import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.dbObjects.CertificateOwner;
 import org.cacert.gigi.dbObjects.Group;
+import org.cacert.gigi.dbObjects.Organisation;
 import org.cacert.gigi.dbObjects.User;
+import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.output.template.Outputable;
 
-public class AuthorizationContext {
+public class AuthorizationContext implements Outputable {
 
     CertificateOwner target;
 
     User actor;
 
+    String supporterTicketId;
+
     public AuthorizationContext(CertificateOwner target, User actor) {
         this.target = target;
         this.actor = actor;
@@ -33,4 +42,42 @@ public class AuthorizationContext {
         }
         return ac.getActor();
     }
+
+    public void setSupporterTicketId(String supporterTicketId) throws GigiApiException {
+        if ( !isInGroup(Group.SUPPORTER)) {
+            throw new GigiApiException("requires a supporter");
+        }
+        this.supporterTicketId = supporterTicketId;
+    }
+
+    public String getSupporterTicketId() {
+        return supporterTicketId;
+    }
+
+    public boolean canSupport() {
+        return getSupporterTicketId() != null && isInGroup(Group.SUPPORTER);
+    }
+
+    @Override
+    public void output(PrintWriter out, Language l, Map<String, Object> vars) {
+        out.println("<div>");
+        out.println(l.getTranslation("Logged in as"));
+        out.println(": ");
+
+        if (target != actor) {
+            out.println(((Organisation) target).getName() + " (" + actor.getName().toString() + ")");
+        } else {
+            out.println(actor.getName().toString());
+        }
+
+        out.println(l.getTranslation("with"));
+        out.println(vars.get("loginMethod"));
+        out.println("</div>");
+        if (supporterTicketId != null) {
+            out.println("<div>");
+            out.println(l.getTranslation("SupportTicket: "));
+            out.println(supporterTicketId);
+            out.println("</div>");
+        }
+    }
 }
diff --git a/tests/org/cacert/gigi/pages/admin/TestSEAdminPageDetails.java b/tests/org/cacert/gigi/pages/admin/TestSEAdminPageDetails.java
index 39d1ac40..ef71210b 100644
--- a/tests/org/cacert/gigi/pages/admin/TestSEAdminPageDetails.java
+++ b/tests/org/cacert/gigi/pages/admin/TestSEAdminPageDetails.java
@@ -1,5 +1,6 @@
 package org.cacert.gigi.pages.admin;
 
+import static org.cacert.gigi.testUtils.ManagedTest.*;
 import static org.hamcrest.CoreMatchers.*;
 import static org.junit.Assert.*;
 
@@ -9,6 +10,7 @@ import java.net.URL;
 import java.net.URLConnection;
 
 import org.cacert.gigi.dbObjects.Group;
+import org.cacert.gigi.pages.admin.support.SupportEnterTicketPage;
 import org.cacert.gigi.pages.admin.support.SupportUserDetailsPage;
 import org.cacert.gigi.testUtils.ClientTest;
 import org.cacert.gigi.testUtils.IOUtils;
@@ -18,6 +20,7 @@ public class TestSEAdminPageDetails extends ClientTest {
 
     public TestSEAdminPageDetails() throws IOException {
         grant(email, Group.SUPPORTER);
+        assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
     }
 
     @Test
diff --git a/tests/org/cacert/gigi/pages/admin/TestSEAdminPageUserDomainSearch.java b/tests/org/cacert/gigi/pages/admin/TestSEAdminPageUserDomainSearch.java
index 3229908f..81d727bc 100644
--- a/tests/org/cacert/gigi/pages/admin/TestSEAdminPageUserDomainSearch.java
+++ b/tests/org/cacert/gigi/pages/admin/TestSEAdminPageUserDomainSearch.java
@@ -16,6 +16,7 @@ import org.cacert.gigi.dbObjects.Domain;
 import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.pages.admin.support.FindDomainPage;
+import org.cacert.gigi.pages.admin.support.SupportEnterTicketPage;
 import org.cacert.gigi.pages.admin.support.SupportUserDetailsPage;
 import org.cacert.gigi.testUtils.ClientTest;
 import org.cacert.gigi.testUtils.IOUtils;
@@ -26,6 +27,7 @@ public class TestSEAdminPageUserDomainSearch extends ClientTest {
 
     public TestSEAdminPageUserDomainSearch() throws IOException {
         grant(email, Group.SUPPORTER);
+        assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
     }
 
     @Test
diff --git a/tests/org/cacert/gigi/pages/admin/TestSEAdminPageUserMailSearch.java b/tests/org/cacert/gigi/pages/admin/TestSEAdminPageUserMailSearch.java
index 23b551e7..95b9ec74 100644
--- a/tests/org/cacert/gigi/pages/admin/TestSEAdminPageUserMailSearch.java
+++ b/tests/org/cacert/gigi/pages/admin/TestSEAdminPageUserMailSearch.java
@@ -13,6 +13,7 @@ import java.net.URLEncoder;
 
 import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.pages.admin.support.FindUserPage;
+import org.cacert.gigi.pages.admin.support.SupportEnterTicketPage;
 import org.cacert.gigi.pages.admin.support.SupportUserDetailsPage;
 import org.cacert.gigi.testUtils.ClientTest;
 import org.cacert.gigi.testUtils.IOUtils;
@@ -23,23 +24,15 @@ public class TestSEAdminPageUserMailSearch extends ClientTest {
 
     public TestSEAdminPageUserMailSearch() throws IOException {
         grant(email, Group.SUPPORTER);
+        assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
     }
 
     @Test
     public void testFulltextMailSearch() throws MalformedURLException, UnsupportedEncodingException, IOException {
         String mail = createUniqueName() + "@example.com";
         int id = createVerifiedUser("Först", "Secönd", mail, TEST_PASSWORD);
-        URLConnection uc = new URL("https://" + getServerName() + FindUserPage.PATH).openConnection();
-        uc.addRequestProperty("Cookie", cookie);
-        String csrf = getCSRF(uc, 0);
 
-        uc = new URL("https://" + getServerName() + FindUserPage.PATH).openConnection();
-        uc.addRequestProperty("Cookie", cookie);
-        uc.setDoOutput(true);
-        OutputStream os = uc.getOutputStream();
-        os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
-                + "process&email=" + URLEncoder.encode(mail, "UTF-8")).getBytes("UTF-8"));
-        os.flush();
+        URLConnection uc = post(cookie, FindUserPage.PATH, "process&email=" + URLEncoder.encode(mail, "UTF-8"), 0);
         assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + id, uc.getHeaderField("Location"));
     }
 
@@ -47,17 +40,8 @@ public class TestSEAdminPageUserMailSearch extends ClientTest {
     public void testWildcardMailSearchSingle() throws MalformedURLException, UnsupportedEncodingException, IOException {
         String mail = createUniqueName() + "@example.tld";
         int id = createVerifiedUser("Först", "Secönd", mail, TEST_PASSWORD);
-        URLConnection uc = new URL("https://" + getServerName() + FindUserPage.PATH).openConnection();
-        uc.addRequestProperty("Cookie", cookie);
-        String csrf = getCSRF(uc, 0);
 
-        uc = new URL("https://" + getServerName() + FindUserPage.PATH).openConnection();
-        uc.addRequestProperty("Cookie", cookie);
-        uc.setDoOutput(true);
-        OutputStream os = uc.getOutputStream();
-        os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
-                + "process&email=" + URLEncoder.encode("%@example.tld", "UTF-8")).getBytes("UTF-8"));
-        os.flush();
+        URLConnection uc = post(cookie, FindUserPage.PATH, "process&email=" + URLEncoder.encode("%@example.tld", "UTF-8"), 0);
         assertEquals("https://" + ServerConstants.getWwwHostNamePortSecure() + SupportUserDetailsPage.PATH + id, uc.getHeaderField("Location"));
     }
 
@@ -67,17 +51,8 @@ public class TestSEAdminPageUserMailSearch extends ClientTest {
         int id = createVerifiedUser("Först", "Secönd", mail, TEST_PASSWORD);
         String mail2 = createUniqueName() + "@example.org";
         int id2 = createVerifiedUser("Först", "Secönd", mail2, TEST_PASSWORD);
-        URLConnection uc = new URL("https://" + getServerName() + FindUserPage.PATH).openConnection();
-        uc.addRequestProperty("Cookie", cookie);
-        String csrf = getCSRF(uc, 0);
+        URLConnection uc = post(cookie, FindUserPage.PATH, "process&email=" + URLEncoder.encode("%@example.org", "UTF-8"), 0);
 
-        uc = new URL("https://" + getServerName() + FindUserPage.PATH).openConnection();
-        uc.addRequestProperty("Cookie", cookie);
-        uc.setDoOutput(true);
-        OutputStream os = uc.getOutputStream();
-        os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
-                + "process&email=" + URLEncoder.encode("%@example.org", "UTF-8")).getBytes("UTF-8"));
-        os.flush();
         String res = IOUtils.readURL(uc);
         assertThat(res, containsString(SupportUserDetailsPage.PATH + id));
         assertThat(res, containsString(SupportUserDetailsPage.PATH + id2));
@@ -87,19 +62,11 @@ public class TestSEAdminPageUserMailSearch extends ClientTest {
     public void testWildcardMailSearchSingleChar() throws MalformedURLException, UnsupportedEncodingException, IOException {
         String mail = createUniqueName() + "@example.org";
         int id = createVerifiedUser("Först", "Secönd", mail, TEST_PASSWORD);
-        String mail2 = createUniqueName() + "@example.org";
+        String mail2 = createUniqueName() + "@fxample.org";
         int id2 = createVerifiedUser("Först", "Secönd", mail2, TEST_PASSWORD);
-        URLConnection uc = new URL("https://" + getServerName() + FindUserPage.PATH).openConnection();
-        uc.addRequestProperty("Cookie", cookie);
-        String csrf = getCSRF(uc, 0);
 
-        uc = new URL("https://" + getServerName() + FindUserPage.PATH).openConnection();
-        uc.addRequestProperty("Cookie", cookie);
-        uc.setDoOutput(true);
-        OutputStream os = uc.getOutputStream();
-        os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
-                + "process&email=" + URLEncoder.encode("%@_xample.org", "UTF-8")).getBytes("UTF-8"));
-        os.flush();
+        URLConnection uc = post(cookie, FindUserPage.PATH, "process&email=" + URLEncoder.encode("%@_xample.org", "UTF-8"), 0);
+
         String res = IOUtils.readURL(uc);
         assertThat(res, containsString(SupportUserDetailsPage.PATH + id));
         assertThat(res, containsString(SupportUserDetailsPage.PATH + id2));
@@ -123,17 +90,8 @@ public class TestSEAdminPageUserMailSearch extends ClientTest {
 
     @Test
     public void testFulltextMailSearchNoRes() throws MalformedURLException, UnsupportedEncodingException, IOException {
-        URLConnection uc = new URL("https://" + getServerName() + FindUserPage.PATH).openConnection();
-        uc.addRequestProperty("Cookie", cookie);
-        String csrf = getCSRF(uc, 0);
+        URLConnection uc = post(cookie, FindUserPage.PATH, "process&email=" + URLEncoder.encode(createUniqueName() + "@example.org", "UTF-8"), 0);
 
-        uc = new URL("https://" + getServerName() + FindUserPage.PATH).openConnection();
-        uc.addRequestProperty("Cookie", cookie);
-        uc.setDoOutput(true);
-        OutputStream os = uc.getOutputStream();
-        os.write(("csrf=" + URLEncoder.encode(csrf, "UTF-8") + "&" //
-                + "process&email=" + URLEncoder.encode(createUniqueName() + "@example.org", "UTF-8")).getBytes("UTF-8"));
-        os.flush();
         assertNotNull(fetchStartErrorMessage(IOUtils.readURL(uc)));
     }
 }
diff --git a/tests/org/cacert/gigi/pages/admin/TestSEAdminTicketSetting.java b/tests/org/cacert/gigi/pages/admin/TestSEAdminTicketSetting.java
new file mode 100644
index 00000000..c4c1a305
--- /dev/null
+++ b/tests/org/cacert/gigi/pages/admin/TestSEAdminTicketSetting.java
@@ -0,0 +1,32 @@
+package org.cacert.gigi.pages.admin;
+
+import static org.junit.Assert.*;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.MalformedURLException;
+
+import org.cacert.gigi.dbObjects.Group;
+import org.cacert.gigi.pages.admin.support.FindDomainPage;
+import org.cacert.gigi.pages.admin.support.FindUserPage;
+import org.cacert.gigi.pages.admin.support.SupportEnterTicketPage;
+import org.cacert.gigi.testUtils.ClientTest;
+import org.junit.Test;
+
+public class TestSEAdminTicketSetting extends ClientTest {
+
+    public TestSEAdminTicketSetting() throws IOException {
+        grant(email, Group.SUPPORTER);
+    }
+
+    @Test
+    public void testFulltextMailSearch() throws MalformedURLException, UnsupportedEncodingException, IOException {
+        assertEquals(403, get(FindUserPage.PATH).getResponseCode());
+        assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&setTicket=action", 0).getResponseCode());
+        assertEquals(200, get(FindUserPage.PATH).getResponseCode());
+        assertEquals(200, get(FindDomainPage.PATH).getResponseCode());
+        assertEquals(302, post(cookie, SupportEnterTicketPage.PATH, "ticketno=a20140808.8&deleteTicket=action", 0).getResponseCode());
+        assertEquals(403, get(FindUserPage.PATH).getResponseCode());
+    }
+
+}
diff --git a/tests/org/cacert/gigi/testUtils/ClientTest.java b/tests/org/cacert/gigi/testUtils/ClientTest.java
index fc22e6d0..846a5abe 100644
--- a/tests/org/cacert/gigi/testUtils/ClientTest.java
+++ b/tests/org/cacert/gigi/testUtils/ClientTest.java
@@ -1,6 +1,9 @@
 package org.cacert.gigi.testUtils;
 
 import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.net.URLConnection;
 
 import org.cacert.gigi.dbObjects.User;
 
@@ -37,4 +40,23 @@ public abstract class ClientTest extends ManagedTest {
             throw new Error(e);
         }
     }
+
+    public HttpURLConnection post(String path, String query) throws IOException {
+        return post(path, query, 0);
+    }
+
+    public HttpURLConnection post(String path, String query, int formIndex) throws IOException {
+        return post(cookie, path, query, formIndex);
+    }
+
+    public HttpURLConnection get(String path) throws IOException {
+        return get(path, 0);
+    }
+
+    public HttpURLConnection get(String path, int formIndex) throws IOException {
+        URLConnection uc = new URL("https://" + getServerName() + path).openConnection();
+        uc.addRequestProperty("Cookie", cookie);
+        return (HttpURLConnection) uc;
+    }
+
 }
diff --git a/tests/org/cacert/gigi/testUtils/ManagedTest.java b/tests/org/cacert/gigi/testUtils/ManagedTest.java
index 279f08c7..3bc32ca7 100644
--- a/tests/org/cacert/gigi/testUtils/ManagedTest.java
+++ b/tests/org/cacert/gigi/testUtils/ManagedTest.java
@@ -452,6 +452,12 @@ public class ManagedTest extends ConfiguredTest {
     }
 
     public static String executeBasicWebInteraction(String cookie, String path, String query, int formIndex) throws IOException, MalformedURLException, UnsupportedEncodingException {
+        URLConnection uc = post(cookie, path, query, formIndex);
+        String error = fetchStartErrorMessage(IOUtils.readURL(uc));
+        return error;
+    }
+
+    public static HttpURLConnection post(String cookie, String path, String query, int formIndex) throws IOException, MalformedURLException, UnsupportedEncodingException {
         URLConnection uc = new URL("https://" + getServerName() + path).openConnection();
         uc.addRequestProperty("Cookie", cookie);
         String csrf = getCSRF(uc, formIndex);
@@ -464,8 +470,7 @@ public class ManagedTest extends ConfiguredTest {
         + query//
         ).getBytes("UTF-8"));
         os.flush();
-        String error = fetchStartErrorMessage(IOUtils.readURL(uc));
-        return error;
+        return (HttpURLConnection) uc;
     }
 
     public static EmailAddress createVerifiedEmail(User u) throws InterruptedException, GigiApiException {
-- 
2.39.2