src/org/cacert/gigi/output/Form.java

   1 package org.cacert.gigi.output;
   2
   3 import java.io.PrintWriter;
   4 import java.util.Map;
   5
   6 import javax.servlet.ServletRequest;
   7 import javax.servlet.http.HttpServletRequest;
   8
   9 import org.cacert.gigi.Language;
  10 import org.cacert.gigi.pages.Page;
  11 import org.cacert.gigi.util.RandomToken;
  12
  13 public abstract class Form implements Outputable {
  14         String csrf;
  15
  16         public Form() {
  17                 csrf = RandomToken.generateToken(32);
  18         }
  19
  20         public abstract boolean submit(PrintWriter out, HttpServletRequest req);
  21
  22         @Override
  23         public final void output(PrintWriter out, Language l, Map<String, Object> vars) {
  24                 out.println("<form method='POST' autocomplete='off'>");
  25                 outputContent(out, l, vars);
  26                 out.print("<input type='csrf' value='");
  27                 out.print(getCSRFToken());
  28                 out.println("'></form>");
  29         }
  30
  31         protected abstract void outputContent(PrintWriter out, Language l, Map<String, Object> vars);
  32
  33         protected void outputError(PrintWriter out, ServletRequest req, String text) {
  34                 out.print("<div>");
  35                 out.print(Page.translate(req, text));
  36                 out.println("</div>");
  37         }
  38
  39         protected String getCSRFToken() {
  40                 return csrf;
  41         }
  42
  43         protected void checkCSRF(HttpServletRequest req) {
  44                 if (!csrf.equals(req.getParameter("csrf"))) {
  45                         throw new CSRFError();
  46                 }
  47         }
  48
  49         public class CSRFError extends Error {
  50
  51         }
  52 }