X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Foutput%2FForm.java;h=a4c65a488c70310b311627247e0484df22c9c362;hb=3a3adaeea6980f1bd175939f2215cd2422af8573;hp=d321fc31238f76c151c4aae5cc74991ce9c1e051;hpb=2824d1c165c501e2f3a8809044788b33b81f478a;p=gigi.git diff --git a/src/org/cacert/gigi/output/Form.java b/src/org/cacert/gigi/output/Form.java index d321fc31..a4c65a48 100644 --- a/src/org/cacert/gigi/output/Form.java +++ b/src/org/cacert/gigi/output/Form.java @@ -1,52 +1,102 @@ package org.cacert.gigi.output; +import java.io.IOException; import java.io.PrintWriter; import java.util.Map; import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; -import org.cacert.gigi.Language; +import org.cacert.gigi.localisation.Language; import org.cacert.gigi.pages.Page; import org.cacert.gigi.util.RandomToken; public abstract class Form implements Outputable { - String csrf; - public Form() { - csrf = RandomToken.generateToken(32); - } + public static final String CSRF_FIELD = "csrf"; - public abstract boolean submit(PrintWriter out, HttpServletRequest req); + String csrf; - @Override - public final void output(PrintWriter out, Language l, Map vars) { - out.println("
"); - outputContent(out, l, vars); - out.print("
"); - } + public Form(HttpServletRequest hsr) { + csrf = RandomToken.generateToken(32); + HttpSession hs = hsr.getSession(); + hs.setAttribute("form/" + getClass().getName() + "/" + csrf, this); - protected abstract void outputContent(PrintWriter out, Language l, Map vars); + } - protected void outputError(PrintWriter out, ServletRequest req, String text) { - out.print("
"); - out.print(Page.translate(req, text)); - out.println("
"); - } + public abstract boolean submit(PrintWriter out, HttpServletRequest req); - protected String getCSRFToken() { - return csrf; - } + protected String getCsrfFieldName() { + return CSRF_FIELD; + } - protected void checkCSRF(HttpServletRequest req) { - if (!csrf.equals(req.getParameter("csrf"))) { - throw new CSRFError(); - } - } + @Override + public void output(PrintWriter out, Language l, Map vars) { + out.println("
"); + failed = false; + outputContent(out, l, vars); + out.print("
"); + } - public class CSRFError extends Error { + protected abstract void outputContent(PrintWriter out, Language l, Map vars); - } + boolean failed; + + protected void outputError(PrintWriter out, ServletRequest req, String text, Object... contents) { + if ( !failed) { + failed = true; + out.println("
"); + } + out.print("
"); + if (contents.length == 0) { + out.print(Page.translate(req, text)); + } else { + out.print(String.format(Page.translate(req, text), contents)); + } + out.println("
"); + } + + protected void outputErrorPlain(PrintWriter out, String text) { + if ( !failed) { + failed = true; + out.println("
"); + } + out.print("
"); + out.print(text); + out.println("
"); + } + + public boolean isFailed(PrintWriter out) { + if (failed) { + out.println("
"); + } + return failed; + } + + protected String getCSRFToken() { + return csrf; + } + + public static T getForm(HttpServletRequest req, Class target) throws CSRFException { + String csrf = req.getParameter(CSRF_FIELD); + if (csrf == null) { + throw new CSRFException(); + } + HttpSession hs = req.getSession(); + if (hs == null) { + throw new CSRFException(); + } + Form f = (Form) hs.getAttribute("form/" + target.getName() + "/" + csrf); + if (f == null) { + throw new CSRFException(); + } + return (T) f; + } + + public static class CSRFException extends IOException { + + } }