upd: use a more strict pattern for handling forms

[gigi.git] / src / org / cacert / gigi / pages / admin / support / SupportUserDetailsPage.java

diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
index 7ab65b329f351da4a5194fb2f968d8103e026852..2a8ef874d8069d78303cabdb25b96ea945654b50 100644 (file)
--- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
+++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
@@ -18,6 +18,7 @@ import org.cacert.gigi.output.template.IterableDataset;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.Page;
 import org.cacert.gigi.util.AuthorizationContext;
+import org.cacert.gigi.util.HTMLEncoder;
 
 public class SupportUserDetailsPage extends Page {
 
@@ -30,6 +31,9 @@ public class SupportUserDetailsPage extends Page {
     @Override
     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         int id = -1;
+        if ( !req.getPathInfo().endsWith("/")) {
+            resp.sendError(404);
+        }
         String[] idP = req.getPathInfo().split("/");
         try {
             id = Integer.parseInt(idP[idP.length - 1]);
@@ -49,9 +53,11 @@ public class SupportUserDetailsPage extends Page {
             @Override
             public boolean next(Language l, Map<String, Object> vars) {
                 for (; i < addrs.length;) {
-                    String address = addrs[i++].getAddress();
+                    EmailAddress secAddress = addrs[i++];
+                    String address = secAddress.getAddress();
                     if ( !address.equals(user.getEmail())) {
                         vars.put("secmail", address);
+                        vars.put("status", l.getTranslation(secAddress.isVerified() ? "verified" : "not verified"));
                         return true;
                     }
                 }
@@ -85,11 +91,15 @@ public class SupportUserDetailsPage extends Page {
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         try {
             if (req.getParameter("revokeall") != null) {
-                if ( !Form.getForm(req, SupportRevokeCertificatesForm.class).submit(resp.getWriter(), req)) {
+                if ( !Form.getForm(req, SupportRevokeCertificatesForm.class).submitProtected(resp.getWriter(), req)) {
                     throw new GigiApiException("No ticket number set.");
                 }
-            } else if (req.getParameter("detailupdate") != null || req.getParameter("resetPass") != null || req.getParameter("deny") != null || req.getParameter("grant") != null) {
-                if ( !Form.getForm(req, SupportUserDetailsForm.class).submit(resp.getWriter(), req)) {
+            } else if (req.getParameter("detailupdate") != null || req.getParameter("resetPass") != null || req.getParameter("removeGroup") != null || req.getParameter("addGroup") != null) {
+                SupportUserDetailsForm f = Form.getForm(req, SupportUserDetailsForm.class);
+                if (f.wasWithPasswordReset()) {
+                    resp.getWriter().println(HTMLEncoder.encodeHTML(translate(req, "Password reset successful.")));
+                }
+                if ( !f.submitProtected(resp.getWriter(), req)) {
                     throw new GigiApiException("No ticket number set.");
                 }
             }