[#11206] Remove admin information from user cookie (#11207)

* Move isAdmin setting to strictly using APP_ADMINS value

* Remove usage of sign in as administrator checkbox

* Remove admin field from login cookie

* Use proper user login instead of admin masquerade for E2E tests

Author: wkurniawan07

docs/development.md

@@ -103,9 +103,8 @@ This instruction set applies for both dev server and production server, with sli
 
 ### As administrator
 
-1. Go to any administrator page, e.g `/web/admin/home`.
-1. On the dev server, log in using any username, but remember to check the `Log in as administrator` check box. You will have the required access.
-1. On the production server, you will be granted the access only if your account has admin permission as defined in `build.properties`.
+1. Go to any administrator page, e.g `/web/admin/home`. You may be prompted to log in.
+   You will be granted access only if your account has admin permission as defined in `build.properties`.
 1. When logged in as administrator, ***masquerade mode*** can also be used to impersonate instructors and students by adding `user=username` to the URL
  e.g `http://localhost:8080/web/student/home?user=johnKent`.
 

src/e2e/java/teammates/e2e/cases/BaseE2ETestCase.java

@@ -27,7 +27,6 @@
 import teammates.common.util.JsonUtils;
 import teammates.common.util.StringHelper;
 import teammates.common.util.ThreadHelper;
-import teammates.e2e.pageobjects.AdminHomePage;
 import teammates.e2e.pageobjects.AppPage;
 import teammates.e2e.pageobjects.Browser;
 import teammates.e2e.pageobjects.DevServerLoginPage;
@@ -101,56 +100,45 @@ protected static AppUrl createUrl(String relativeUrl) {
     }
 
     /**
-     * Logs in a page using admin credentials (i.e. in masquerade mode).
+     * Logs in to a page using the given credentials.
      */
-    protected <T extends AppPage> T loginAdminToPage(AppUrl url, Class<T> typeOfPage) {
+    protected <T extends AppPage> T loginToPage(AppUrl url, Class<T> typeOfPage, String userId) {
         // When not using dev server, Google blocks log in by automation.
         // To work around that, we inject the user cookie directly into the browser session.
         if (!TestProperties.isDevServer()) {
             // In order for the cookie injection to work, we need to be in the domain.
             // Use the home page to minimize the page load time.
             browser.goToUrl(TestProperties.TEAMMATES_URL);
 
-            UserInfoCookie uic = new UserInfoCookie("devserver.admin.account", true);
+            UserInfoCookie uic = new UserInfoCookie(userId);
             browser.addCookie(Const.SecurityConfig.AUTH_COOKIE_NAME, StringHelper.encrypt(JsonUtils.toCompactJson(uic)),
                     true, true);
 
             return getNewPageInstance(url, typeOfPage);
         }
 
-        if (browser.isAdminLoggedIn) {
-            try {
-                return getNewPageInstance(url, typeOfPage);
-            } catch (Exception e) {
-                //ignore and try to logout and login again if fail.
-            }
-        }
-
-        // logout and attempt to load the requested URL. This will be
-        // redirected to a dev-server login page
-        logout();
+        // This will be redirected to the dev server login page.
         browser.goToUrl(url.toAbsoluteString());
 
-        // In dev server, any username is acceptable as admin
-        String adminUsername = "devserver.admin.account";
-
         DevServerLoginPage loginPage = AppPage.getNewPageInstance(browser, DevServerLoginPage.class);
-        loginPage.loginAsAdmin(adminUsername);
+        loginPage.loginAsUser(userId);
 
         return getNewPageInstance(url, typeOfPage);
     }
 
+    /**
+     * Logs in to a page using admin credentials.
+     */
+    protected <T extends AppPage> T loginAdminToPage(AppUrl url, Class<T> typeOfPage) {
+        return loginToPage(url, typeOfPage, TestProperties.TEST_ADMIN);
+    }
+
     /**
      * Equivalent to clicking the 'logout' link in the top menu of the page.
      */
     protected void logout() {
         browser.goToUrl(createUrl(Const.WebPageURIs.LOGOUT).toAbsoluteString());
         AppPage.getNewPageInstance(browser, HomePage.class).waitForPageToLoad();
-        browser.isAdminLoggedIn = false;
-    }
-
-    protected AdminHomePage loginAdmin() {
-        return loginAdminToPage(createUrl(Const.WebPageURIs.ADMIN_HOME_PAGE), AdminHomePage.class);
     }
 
     /**

src/e2e/java/teammates/e2e/cases/BaseFeedbackQuestionE2ETest.java

@@ -34,25 +34,22 @@ public abstract class BaseFeedbackQuestionE2ETest extends BaseE2ETestCase {
 
     protected InstructorFeedbackEditPage loginToFeedbackEditPage() {
         AppUrl url = createUrl(Const.WebPageURIs.INSTRUCTOR_SESSION_EDIT_PAGE)
-                .withUserId(instructor.googleId)
                 .withCourseId(course.getId())
                 .withSessionName(feedbackSession.getFeedbackSessionName());
 
-        return loginAdminToPage(url, InstructorFeedbackEditPage.class);
+        return loginToPage(url, InstructorFeedbackEditPage.class, instructor.googleId);
     }
 
     protected FeedbackSubmitPage loginToFeedbackSubmitPage() {
         AppUrl url = createUrl(Const.WebPageURIs.STUDENT_SESSION_SUBMISSION_PAGE)
-                .withUserId(student.googleId)
                 .withCourseId(student.course)
                 .withSessionName(feedbackSession.getFeedbackSessionName());
 
-        return loginAdminToPage(url, FeedbackSubmitPage.class);
+        return loginToPage(url, FeedbackSubmitPage.class, student.googleId);
     }
 
     protected FeedbackSubmitPage getFeedbackSubmitPage() {
         AppUrl url = createUrl(Const.WebPageURIs.STUDENT_SESSION_SUBMISSION_PAGE)
-                .withUserId(student.googleId)
                 .withCourseId(student.course)
                 .withSessionName(feedbackSession.getFeedbackSessionName());
 

src/e2e/java/teammates/e2e/cases/FeedbackConstSumOptionQuestionE2ETest.java

@@ -33,6 +33,7 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         testEditPage();
+        logout();
         testSubmitPage();
     }
 

src/e2e/java/teammates/e2e/cases/FeedbackConstSumRecipientQuestionE2ETest.java

@@ -34,6 +34,7 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         testEditPage();
+        logout();
         testSubmitPage();
     }
 

src/e2e/java/teammates/e2e/cases/FeedbackContributionQuestionE2ETest.java

@@ -35,6 +35,7 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         testEditPage();
+        logout();
         testSubmitPage();
     }
 

src/e2e/java/teammates/e2e/cases/FeedbackMcqQuestionE2ETest.java

@@ -34,6 +34,7 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         testEditPage();
+        logout();
         testSubmitPage();
     }
 

src/e2e/java/teammates/e2e/cases/FeedbackMsqQuestionE2ETest.java

@@ -37,6 +37,7 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         testEditPage();
+        logout();
         testSubmitPage();
     }
 

src/e2e/java/teammates/e2e/cases/FeedbackNumScaleQuestionE2ETest.java

@@ -31,6 +31,7 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         testEditPage();
+        logout();
         testSubmitPage();
     }
 

src/e2e/java/teammates/e2e/cases/FeedbackRankOptionQuestionE2ETest.java

@@ -36,6 +36,7 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         testEditPage();
+        logout();
         testSubmitPage();
     }
 

src/e2e/java/teammates/e2e/cases/FeedbackRankRecipientQuestionE2ETest.java

@@ -36,6 +36,7 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         testEditPage();
+        logout();
         testSubmitPage();
     }
 

src/e2e/java/teammates/e2e/cases/FeedbackRubricQuestionE2ETest.java

@@ -35,6 +35,7 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         testEditPage();
+        logout();
         testSubmitPage();
     }
 

src/e2e/java/teammates/e2e/cases/FeedbackSubmitPageE2ETest.java

@@ -48,10 +48,9 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         AppUrl url = createUrl(Const.WebPageURIs.INSTRUCTOR_SESSION_SUBMISSION_PAGE)
-                .withUserId(instructor.getGoogleId())
                 .withCourseId(openSession.getCourseId())
                 .withSessionName(openSession.getFeedbackSessionName());
-        FeedbackSubmitPage submitPage = loginAdminToPage(url, FeedbackSubmitPage.class);
+        FeedbackSubmitPage submitPage = loginToPage(url, FeedbackSubmitPage.class, instructor.googleId);
 
         ______TS("verify loaded session data");
         submitPage.verifyFeedbackSessionDetails(openSession);
@@ -61,7 +60,8 @@ public void testAll() {
         submitPage.verifyQuestionDetails(1, testData.feedbackQuestions.get("qn5InSession1"));
 
         ______TS("questions with giver type students");
-        submitPage = loginAdminToPage(getStudentSubmitPageUrl(student, openSession), FeedbackSubmitPage.class);
+        logout();
+        submitPage = loginToPage(getStudentSubmitPageUrl(student, openSession), FeedbackSubmitPage.class, student.googleId);
 
         submitPage.verifyNumQuestions(4);
         submitPage.verifyQuestionDetails(1, testData.feedbackQuestions.get("qn1InSession1"));
@@ -124,9 +124,21 @@ public void testAll() {
         submitPage.verifyNoCommentPresent(qnToComment, recipient);
         verifyAbsentInDatastore(getFeedbackResponseComment(responseId, comment));
 
+        ______TS("preview as instructor");
+        logout();
+        url = createUrl(Const.WebPageURIs.INSTRUCTOR_SESSION_SUBMISSION_PAGE)
+                .withCourseId(openSession.getCourseId())
+                .withSessionName(openSession.getFeedbackSessionName())
+                .withParam("previewas", instructor.getEmail());
+        submitPage = loginToPage(url, FeedbackSubmitPage.class, instructor.googleId);
+
+        submitPage.verifyFeedbackSessionDetails(openSession);
+        submitPage.verifyNumQuestions(1);
+        submitPage.verifyQuestionDetails(1, testData.feedbackQuestions.get("qn5InSession1"));
+        submitPage.verifyCannotSubmit();
+
         ______TS("preview as student");
         url = createUrl(Const.WebPageURIs.SESSION_SUBMISSION_PAGE)
-                .withUserId(instructor.googleId)
                 .withCourseId(openSession.getCourseId())
                 .withSessionName(openSession.getFeedbackSessionName())
                 .withParam("previewas", student.getEmail());
@@ -140,22 +152,8 @@ public void testAll() {
         submitPage.verifyQuestionDetails(4, testData.feedbackQuestions.get("qn4InSession1"));
         submitPage.verifyCannotSubmit();
 
-        ______TS("preview as instructor");
-        url = createUrl(Const.WebPageURIs.INSTRUCTOR_SESSION_SUBMISSION_PAGE)
-                .withUserId(instructor.googleId)
-                .withCourseId(openSession.getCourseId())
-                .withSessionName(openSession.getFeedbackSessionName())
-                .withParam("previewas", instructor.getEmail());
-        submitPage = getNewPageInstance(url, FeedbackSubmitPage.class);
-
-        submitPage.verifyFeedbackSessionDetails(openSession);
-        submitPage.verifyNumQuestions(1);
-        submitPage.verifyQuestionDetails(1, testData.feedbackQuestions.get("qn5InSession1"));
-        submitPage.verifyCannotSubmit();
-
         ______TS("moderating instructor cannot see questions without instructor visibility");
         url = createUrl(Const.WebPageURIs.SESSION_SUBMISSION_PAGE)
-                .withUserId(instructor.googleId)
                 .withCourseId(gracePeriodSession.getCourseId())
                 .withSessionName(gracePeriodSession.getFeedbackSessionName())
                 .withParam("moderatedperson", student.getEmail())
@@ -176,7 +174,6 @@ public void testAll() {
 
     private AppUrl getStudentSubmitPageUrl(StudentAttributes student, FeedbackSessionAttributes session) {
         return createUrl(Const.WebPageURIs.STUDENT_SESSION_SUBMISSION_PAGE)
-                .withUserId(student.googleId)
                 .withCourseId(student.course)
                 .withSessionName(session.getFeedbackSessionName());
     }

src/e2e/java/teammates/e2e/cases/FeedbackTextQuestionE2ETest.java

@@ -31,6 +31,7 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         testEditPage();
+        logout();
         testSubmitPage();
     }
 

src/e2e/java/teammates/e2e/cases/InstructorAuditLogsPageE2ETest.java

@@ -44,8 +44,8 @@ protected void prepareTestData() {
     @Test
     @Override
     public void testAll() {
-        AppUrl url = createUrl(Const.WebPageURIs.INSTRUCTOR_AUDIT_LOGS_PAGE).withUserId(instructor.googleId);
-        InstructorAuditLogsPage auditLogsPage = loginAdminToPage(url, InstructorAuditLogsPage.class);
+        AppUrl url = createUrl(Const.WebPageURIs.INSTRUCTOR_AUDIT_LOGS_PAGE);
+        InstructorAuditLogsPage auditLogsPage = loginToPage(url, InstructorAuditLogsPage.class, instructor.googleId);
 
         ______TS("verify default datetime");
         String currentLogsFromDate = auditLogsPage.getLogsFromDate();
@@ -72,16 +72,17 @@ public void testAll() {
         }
 
         ______TS("verify logs output");
+        logout();
         AppUrl studentSubmissionPageUrl = createUrl(Const.WebPageURIs.STUDENT_SESSION_SUBMISSION_PAGE)
                 .withCourseId(course.getId())
-                .withUserId(student.googleId)
                 .withSessionName(feedbackSession.getFeedbackSessionName());
-        StudentFeedbackSubmissionPage studentSubmissionPage = loginAdminToPage(studentSubmissionPageUrl,
-                StudentFeedbackSubmissionPage.class);
+        StudentFeedbackSubmissionPage studentSubmissionPage = loginToPage(studentSubmissionPageUrl,
+                StudentFeedbackSubmissionPage.class, student.googleId);
         studentSubmissionPage.populateResponse();
         studentSubmissionPage.submit();
 
-        auditLogsPage = loginAdminToPage(url, InstructorAuditLogsPage.class);
+        logout();
+        auditLogsPage = loginToPage(url, InstructorAuditLogsPage.class, instructor.googleId);
         auditLogsPage.setCourseId(course.getId());
         auditLogsPage.startSearching();
 

src/e2e/java/teammates/e2e/cases/InstructorCourseDetailsPageE2ETest.java

@@ -48,9 +48,9 @@ public void classSetup() {
     @Override
     public void testAll() {
         AppUrl detailsPageUrl = createUrl(Const.WebPageURIs.INSTRUCTOR_COURSE_DETAILS_PAGE)
-                .withUserId(testData.instructors.get("ICDet.instr").googleId)
                 .withCourseId(course.getId());
-        InstructorCourseDetailsPage detailsPage = loginAdminToPage(detailsPageUrl, InstructorCourseDetailsPage.class);
+        InstructorCourseDetailsPage detailsPage = loginToPage(detailsPageUrl, InstructorCourseDetailsPage.class,
+                testData.instructors.get("ICDet.instr").googleId);
 
         ______TS("verify loaded details");
         InstructorAttributes[] instructors = {

src/e2e/java/teammates/e2e/cases/InstructorCourseEditPageE2ETest.java

@@ -36,20 +36,19 @@ public void testAll() {
         ______TS("verify cannot edit without privilege");
         // log in as instructor with no edit privilege
         AppUrl url = createUrl(Const.WebPageURIs.INSTRUCTOR_COURSE_EDIT_PAGE)
-                .withUserId(instructors[2].googleId)
                 .withCourseId(course.getId());
-        InstructorCourseEditPage editPage = loginAdminToPage(url, InstructorCourseEditPage.class);
+        InstructorCourseEditPage editPage = loginToPage(url, InstructorCourseEditPage.class, instructors[2].googleId);
 
         editPage.verifyCourseNotEditable();
         editPage.verifyInstructorsNotEditable();
         editPage.verifyAddInstructorNotAllowed();
 
         ______TS("verify loaded data");
         // re-log in as instructor with edit privilege
+        logout();
         url = createUrl(Const.WebPageURIs.INSTRUCTOR_COURSE_EDIT_PAGE)
-                .withUserId(instructors[3].googleId)
                 .withCourseId(course.getId());
-        editPage = getNewPageInstance(url, InstructorCourseEditPage.class);
+        editPage = loginToPage(url, InstructorCourseEditPage.class, instructors[3].googleId);
 
         editPage.verifyCourseDetails(course);
         editPage.verifyInstructorDetails(instructors[0]);

src/e2e/java/teammates/e2e/cases/InstructorCourseEnrollPageE2ETest.java

@@ -21,9 +21,9 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         AppUrl url = createUrl(Const.WebPageURIs.INSTRUCTOR_COURSE_ENROLL_PAGE)
-                .withUserId(testData.instructors.get("ICEnroll.teammates.test").googleId)
                 .withCourseId(testData.courses.get("ICEnroll.CS2104").getId());
-        InstructorCourseEnrollPage enrollPage = loginAdminToPage(url, InstructorCourseEnrollPage.class);
+        InstructorCourseEnrollPage enrollPage = loginToPage(url, InstructorCourseEnrollPage.class,
+                testData.instructors.get("ICEnroll.teammates.test").googleId);
 
         ______TS("Add rows to enroll spreadsheet");
         int numRowsToAdd = 30;

src/e2e/java/teammates/e2e/cases/InstructorCourseJoinConfirmationPageE2ETest.java

@@ -31,9 +31,8 @@ public void testAll() {
         String invalidEncryptedKey = "invalidKey";
         AppUrl joinLink = createUrl(Const.WebPageURIs.JOIN_PAGE)
                 .withRegistrationKey(invalidEncryptedKey)
-                .withEntityType(Const.EntityType.INSTRUCTOR)
-                .withUserId(newInstructor.googleId);
-        ErrorReportingModal errorPage = loginAdminToPage(joinLink, ErrorReportingModal.class);
+                .withEntityType(Const.EntityType.INSTRUCTOR);
+        ErrorReportingModal errorPage = loginToPage(joinLink, ErrorReportingModal.class, newInstructor.googleId);
 
         errorPage.verifyErrorMessage("No instructor with given registration key: " + invalidEncryptedKey);
 
@@ -42,9 +41,8 @@ public void testAll() {
         String instructorEmail = newInstructor.email;
         joinLink = createUrl(Const.WebPageURIs.JOIN_PAGE)
                 .withRegistrationKey(getKeyForInstructor(courseId, instructorEmail))
-                .withEntityType(Const.EntityType.INSTRUCTOR)
-                .withUserId(newInstructor.googleId);
-        CourseJoinConfirmationPage confirmationPage = loginAdminToPage(joinLink, CourseJoinConfirmationPage.class);
+                .withEntityType(Const.EntityType.INSTRUCTOR);
+        CourseJoinConfirmationPage confirmationPage = getNewPageInstance(joinLink, CourseJoinConfirmationPage.class);
 
         confirmationPage.verifyJoiningUser(newInstructor.googleId);
         confirmationPage.confirmJoinCourse(InstructorHomePage.class);

src/e2e/java/teammates/e2e/cases/InstructorCourseStudentDetailsEditPageE2ETest.java

@@ -31,11 +31,11 @@ protected void prepareTestData() {
     @Override
     public void testAll() {
         AppUrl editPageUrl = createUrl(Const.WebPageURIs.INSTRUCTOR_COURSE_STUDENT_DETAILS_EDIT_PAGE)
-                .withUserId(testData.instructors.get("ICSDetEdit.instr").googleId)
                 .withCourseId(course.getId())
                 .withStudentEmail(student.email);
         InstructorCourseStudentDetailsEditPage editPage =
-                loginAdminToPage(editPageUrl, InstructorCourseStudentDetailsEditPage.class);
+                loginToPage(editPageUrl, InstructorCourseStudentDetailsEditPage.class,
+                        testData.instructors.get("ICSDetEdit.instr").googleId);
 
         ______TS("verify loaded data");
         editPage.verifyStudentDetails(student);