upd: enforce a more strict Form call pattern.

[gigi.git] / src / org / cacert / gigi / pages / admin / support / SupportUserDetailsPage.java

diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
index 2a8ef874d8069d78303cabdb25b96ea945654b50..eea69f6dbfcbb9ebe0961157b4b8c78bf920356d 100644 (file)
--- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
+++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
@@ -7,20 +7,19 @@ import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.dbObjects.Domain;
 import org.cacert.gigi.dbObjects.EmailAddress;
 import org.cacert.gigi.dbObjects.SupportedUser;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.Form.CSRFException;
 import org.cacert.gigi.output.template.IterableDataset;
 import org.cacert.gigi.pages.LoginPage;
-import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.pages.ManagedMultiFormPage;
 import org.cacert.gigi.util.AuthorizationContext;
-import org.cacert.gigi.util.HTMLEncoder;
 
-public class SupportUserDetailsPage extends Page {
+public class SupportUserDetailsPage extends ManagedMultiFormPage {
 
     public static final String PATH = "/support/user/";
 
@@ -30,19 +29,32 @@ public class SupportUserDetailsPage extends Page {
 
     @Override
     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        User user = getUser(req, resp);
+        if (user == null) {
+            return;
+        }
+        SupportedUser targetUser = new SupportedUser(user, getUser(req), LoginPage.getAuthorizationContext(req).getSupporterTicketId());
+        outputContents(req, resp, user, new SupportRevokeCertificatesForm(req, targetUser), new SupportUserDetailsForm(req, targetUser));
+    }
+
+    private User getUser(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         int id = -1;
         if ( !req.getPathInfo().endsWith("/")) {
             resp.sendError(404);
+            return null;
         }
         String[] idP = req.getPathInfo().split("/");
         try {
             id = Integer.parseInt(idP[idP.length - 1]);
         } catch (NumberFormatException e) {
             resp.sendError(404);
+            return null;
         }
         final User user = User.getById(id);
-        SupportedUser targetUser = new SupportedUser(user, getUser(req), LoginPage.getAuthorizationContext(req).getSupporterTicketId());
-        SupportUserDetailsForm f = new SupportUserDetailsForm(req, targetUser);
+        return user;
+    }
+
+    private void outputContents(HttpServletRequest req, HttpServletResponse resp, final User user, SupportRevokeCertificatesForm certificatesForm, SupportUserDetailsForm f) throws IOException {
         HashMap<String, Object> vars = new HashMap<String, Object>();
         vars.put("details", f);
         final EmailAddress[] addrs = user.getEmails();
@@ -83,35 +95,41 @@ public class SupportUserDetailsPage extends Page {
             }
         });
 
-        vars.put("certifrevoke", new SupportRevokeCertificatesForm(req, targetUser));
+        vars.put("certifrevoke", certificatesForm);
         getDefaultTemplate().output(resp.getWriter(), getLanguage(req), vars);
     }
 
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        try {
-            if (req.getParameter("revokeall") != null) {
-                if ( !Form.getForm(req, SupportRevokeCertificatesForm.class).submitProtected(resp.getWriter(), req)) {
-                    throw new GigiApiException("No ticket number set.");
-                }
-            } else if (req.getParameter("detailupdate") != null || req.getParameter("resetPass") != null || req.getParameter("removeGroup") != null || req.getParameter("addGroup") != null) {
-                SupportUserDetailsForm f = Form.getForm(req, SupportUserDetailsForm.class);
-                if (f.wasWithPasswordReset()) {
-                    resp.getWriter().println(HTMLEncoder.encodeHTML(translate(req, "Password reset successful.")));
-                }
-                if ( !f.submitProtected(resp.getWriter(), req)) {
-                    throw new GigiApiException("No ticket number set.");
-                }
+        User user = getUser(req, resp);
+        if (user == null) {
+            return;
+        }
+        if (Form.printFormErrors(req, resp.getWriter())) {
+            Form f = getForm(req);
+            SupportedUser targetUser = new SupportedUser(user, getUser(req), LoginPage.getAuthorizationContext(req).getSupporterTicketId());
+
+            if (f instanceof SupportUserDetailsForm) {
+                outputContents(req, resp, user, new SupportRevokeCertificatesForm(req, targetUser), (SupportUserDetailsForm) f);
+            } else if (f instanceof SupportRevokeCertificatesForm) {
+                outputContents(req, resp, user, (SupportRevokeCertificatesForm) f, new SupportUserDetailsForm(req, targetUser));
             }
-        } catch (GigiApiException e) {
-            e.printStackTrace();
-            e.format(resp.getWriter(), getLanguage(req));
         }
-        super.doPost(req, resp);
+
     }
 
     @Override
     public boolean isPermitted(AuthorizationContext ac) {
         return ac != null && ac.canSupport();
     }
+
+    @Override
+    public Form getForm(HttpServletRequest req) throws CSRFException {
+        if (req.getParameter("revokeall") != null) {
+            return Form.getForm(req, SupportRevokeCertificatesForm.class);
+        } else if (req.getParameter("detailupdate") != null || req.getParameter("resetPass") != null || req.getParameter("removeGroup") != null || req.getParameter("addGroup") != null) {
+            return Form.getForm(req, SupportUserDetailsForm.class);
+        }
+        return null;
+    }
 }