From efb1a90c9fd0e4529731693faa1f0fb1f8039049 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Mon, 2 Nov 2015 21:09:49 +0100 Subject: [PATCH] Allow only verified emails and domains. --- .../cacert/gigi/dbObjects/CertificateOwner.java | 2 +- src/org/cacert/gigi/dbObjects/Domain.java | 2 +- src/org/cacert/gigi/dbObjects/User.java | 2 +- tests/org/cacert/gigi/TestUser.java | 12 ++++++++---- tests/org/cacert/gigi/testUtils/ManagedTest.java | 16 ++++++++++++++++ .../cacert/gigi/testUtils/TestEmailReceiver.java | 4 +++- 6 files changed, 30 insertions(+), 8 deletions(-) diff --git a/src/org/cacert/gigi/dbObjects/CertificateOwner.java b/src/org/cacert/gigi/dbObjects/CertificateOwner.java index 84acca2e..661033fb 100644 --- a/src/org/cacert/gigi/dbObjects/CertificateOwner.java +++ b/src/org/cacert/gigi/dbObjects/CertificateOwner.java @@ -87,7 +87,7 @@ public abstract class CertificateOwner implements IdCachable { for (Domain d : getDomains()) { String sfx = d.getSuffix(); if (domainname.equals(sfx) || domainname.endsWith("." + sfx)) { - return true; + return d.isVerified(); } } diff --git a/src/org/cacert/gigi/dbObjects/Domain.java b/src/org/cacert/gigi/dbObjects/Domain.java index 6b0e8283..bf76d435 100644 --- a/src/org/cacert/gigi/dbObjects/Domain.java +++ b/src/org/cacert/gigi/dbObjects/Domain.java @@ -192,7 +192,7 @@ public class Domain implements IdCachable, Verifyable { } public synchronized void verify(String hash) throws GigiApiException { - GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE `domainPinglog` SET `state`='success' WHERE `challenge`=? AND `configId` IN (SELECT `id` FROM `pingconfig` WHERE `domainid`=?)"); + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE `domainPinglog` SET `state`='success' WHERE `challenge`=? AND `state`='open' AND `configId` IN (SELECT `id` FROM `pingconfig` WHERE `domainid`=? AND `type`='email')"); ps.setString(1, hash); ps.setInt(2, id); ps.executeUpdate(); diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java index eeb79dfd..1b4b52ea 100644 --- a/src/org/cacert/gigi/dbObjects/User.java +++ b/src/org/cacert/gigi/dbObjects/User.java @@ -461,7 +461,7 @@ public class User extends CertificateOwner { public boolean isValidEmail(String email) { for (EmailAddress em : getEmails()) { if (em.getAddress().equals(email)) { - return true; + return em.isVerified(); } } diff --git a/tests/org/cacert/gigi/TestUser.java b/tests/org/cacert/gigi/TestUser.java index 9fd1fe7a..e276fddf 100644 --- a/tests/org/cacert/gigi/TestUser.java +++ b/tests/org/cacert/gigi/TestUser.java @@ -2,6 +2,7 @@ package org.cacert.gigi; import static org.junit.Assert.*; +import java.io.IOException; import java.sql.Date; import java.sql.SQLException; import java.util.Locale; @@ -58,16 +59,18 @@ public class TestUser extends ManagedTest { } @Test - public void testMatcherMethods() throws SQLException, GigiApiException { + public void testMatcherMethods() throws SQLException, GigiApiException, IOException { String uq = createUniqueName(); int id = createVerifiedUser("aä", "b", uq + "a@email.org", TEST_PASSWORD); User u = User.getById(id); new EmailAddress(u, uq + "b@email.org", Locale.ENGLISH); + getMailReciever().receive().verify(); new EmailAddress(u, uq + "c@email.org", Locale.ENGLISH); - new Domain(u, uq + "a-testdomain.org"); - new Domain(u, uq + "b-testdomain.org"); - new Domain(u, uq + "c-testdomain.org"); + getMailReciever().receive();// no-verify + verify(new Domain(u, uq + "a-testdomain.org")); + verify(new Domain(u, uq + "b-testdomain.org")); + verify(new Domain(u, uq + "c-testdomain.org")); assertEquals(3, u.getEmails().length); assertEquals(3, u.getDomains().length); assertTrue(u.isValidDomain(uq + "a-testdomain.org")); @@ -82,6 +85,7 @@ public class TestUser extends ManagedTest { assertTrue(u.isValidEmail(uq + "b@email.org")); assertFalse(u.isValidEmail(uq + "b+6@email.org")); assertFalse(u.isValidEmail(uq + "b*@email.org")); + assertFalse(u.isValidEmail(uq + "c@email.org")); assertTrue(u.isValidName("aä b")); assertFalse(u.isValidName("aä c")); diff --git a/tests/org/cacert/gigi/testUtils/ManagedTest.java b/tests/org/cacert/gigi/testUtils/ManagedTest.java index cc3215c1..279f08c7 100644 --- a/tests/org/cacert/gigi/testUtils/ManagedTest.java +++ b/tests/org/cacert/gigi/testUtils/ManagedTest.java @@ -39,6 +39,8 @@ import org.cacert.gigi.database.DatabaseConnection; import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; import org.cacert.gigi.database.SQLFileManager.ImportType; +import org.cacert.gigi.dbObjects.Domain; +import org.cacert.gigi.dbObjects.DomainPingType; import org.cacert.gigi.dbObjects.EmailAddress; import org.cacert.gigi.dbObjects.Group; import org.cacert.gigi.dbObjects.ObjectCache; @@ -481,4 +483,18 @@ public class ManagedTest extends ConfiguredTest { return openConnection; } + public static void verify(Domain d) { + try { + System.out.println(d.getId()); + d.addPing(DomainPingType.EMAIL, "admin"); + TestMail testMail = ter.receive(); + testMail.verify(); + assertTrue(d.isVerified()); + } catch (GigiApiException e) { + throw new Error(e); + } catch (IOException e) { + throw new Error(e); + } + } + } diff --git a/tests/org/cacert/gigi/testUtils/TestEmailReceiver.java b/tests/org/cacert/gigi/testUtils/TestEmailReceiver.java index 30e62e5e..24b7f78a 100644 --- a/tests/org/cacert/gigi/testUtils/TestEmailReceiver.java +++ b/tests/org/cacert/gigi/testUtils/TestEmailReceiver.java @@ -74,7 +74,9 @@ public final class TestEmailReceiver extends EmailProvider implements Runnable { } public void verify() throws IOException { - String[] parts = extractLink().split("\\?"); + String link = extractLink(); + System.out.println(link); + String[] parts = link.split("\\?"); URL u = new URL("https://" + ManagedTest.getServerName() + "/verify?" + parts[1]); URLConnection csrfConn = u.openConnection(); -- 2.39.2