Merge "Update notes about password security"

[gigi.git] / src / org / cacert / gigi / pages / main / RegisterPage.java

diff --git a/src/org/cacert/gigi/pages/main/RegisterPage.java b/src/org/cacert/gigi/pages/main/RegisterPage.java
index 6505c625cbb9e70a986d4a778add5ff7447b7aaa..1e6b33783ee3b89c47c3e602cb90b0196bb949a8 100644 (file)
--- a/src/org/cacert/gigi/pages/main/RegisterPage.java
+++ b/src/org/cacert/gigi/pages/main/RegisterPage.java
@@ -1,58 +1,66 @@
 package org.cacert.gigi.pages.main;
 
 import java.io.IOException;
-import java.io.InputStreamReader;
 import java.io.PrintWriter;
-import java.io.UnsupportedEncodingException;
 import java.util.HashMap;
 
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
-import org.cacert.gigi.output.Template;
+import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
+import org.cacert.gigi.util.RateLimit;
 
 public class RegisterPage extends Page {
 
-       public static final String PATH = "/register";
-       Template t;
-
-       public RegisterPage() {
-               super("Register");
-               try {
-                       t = new Template(new InputStreamReader(
-                                       Signup.class.getResourceAsStream("RegisterPage.templ"),
-                                       "UTF-8"));
-               } catch (UnsupportedEncodingException e) {
-                       e.printStackTrace();
-               }
-       }
-
-       @Override
-       public void doGet(HttpServletRequest req, ServletResponse resp)
-                       throws IOException {
-               PrintWriter out = resp.getWriter();
-               t.output(out, getLanguage(req), new HashMap<String, Object>());
-               Signup s = getForm(req);
-               s.writeForm(out, req);
-       }
-       public Signup getForm(HttpServletRequest req) {
-               HttpSession hs = req.getSession();
-               Signup s = (Signup) hs.getAttribute("signupProcess");
-               if (s == null) {
-                       s = new Signup();
-                       hs.setAttribute("signupProcess", s);
-               }
-               return s;
-
-       }
-       @Override
-       public void doPost(HttpServletRequest req, ServletResponse resp)
-                       throws IOException {
-               Signup s = getForm(req);
-               s.update(req);
-
-               super.doPost(req, resp);
-       }
+    private static final String SIGNUP_PROCESS = "signupProcess";
+
+    public static final String PATH = "/register";
+
+    // 50 per 5 min
+    public static final RateLimit RATE_LIMIT = new RateLimit(50, 5 * 60 * 1000);
+
+    public RegisterPage() {
+        super("Register");
+    }
+
+    @Override
+    public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        Signup s = new Signup(req);
+        outputGet(req, resp, s);
+    }
+
+    private void outputGet(HttpServletRequest req, HttpServletResponse resp, Signup s) throws IOException {
+        PrintWriter out = resp.getWriter();
+        HashMap<String, Object> vars = new HashMap<String, Object>();
+        getDefaultTemplate().output(out, getLanguage(req), vars);
+        s.output(out, getLanguage(req), vars);
+    }
+
+    @Override
+    public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        Signup s = Form.getForm(req, Signup.class);
+        if (s == null) {
+            resp.getWriter().println(translate(req, "CSRF token check failed."));
+        } else if (s.submit(resp.getWriter(), req)) {
+            HttpSession hs = req.getSession();
+            hs.setAttribute(SIGNUP_PROCESS, null);
+            resp.getWriter().println(translate(req, "Your information has been submitted" + " into our system. You will now be sent an email with a web link," + " you need to open that link in your web browser within 24 hours" + " or your information will be removed from our system!"));
+            return;
+        }
+
+        outputGet(req, resp, s);
+    }
+
+    @Override
+    public boolean needsLogin() {
+        return false;
+    }
+
+    @Override
+    public boolean isPermitted(AuthorizationContext ac) {
+        return ac == null;
+    }
 }