upd: enforce a more strict Form call pattern.

[gigi.git] / src / org / cacert / gigi / pages / main / RegisterPage.java

diff --git a/src/org/cacert/gigi/pages/main/RegisterPage.java b/src/org/cacert/gigi/pages/main/RegisterPage.java
index 78b1cc19faa311089970778a59d854f5c3a3b8e4..69dc4c1085062d042484c4e60f4730496b5c13ef 100644 (file)
--- a/src/org/cacert/gigi/pages/main/RegisterPage.java
+++ b/src/org/cacert/gigi/pages/main/RegisterPage.java
@@ -1,23 +1,23 @@
 package org.cacert.gigi.pages.main;
 
 import java.io.IOException;
-import java.io.PrintWriter;
 import java.util.HashMap;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
 
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.pages.Page;
 import org.cacert.gigi.util.AuthorizationContext;
+import org.cacert.gigi.util.RateLimit;
 
 public class RegisterPage extends Page {
 
-    private static final String SIGNUP_PROCESS = "signupProcess";
-
     public static final String PATH = "/register";
 
+    // 50 per 5 min
+    public static final RateLimit RATE_LIMIT = new RateLimit(50, 5 * 60 * 1000);
+
     public RegisterPage() {
         super("Register");
     }
@@ -29,25 +29,21 @@ public class RegisterPage extends Page {
     }
 
     private void outputGet(HttpServletRequest req, HttpServletResponse resp, Signup s) throws IOException {
-        PrintWriter out = resp.getWriter();
-        HashMap<String, Object> vars = new HashMap<String, Object>();
-        getDefaultTemplate().output(out, getLanguage(req), vars);
-        s.output(out, getLanguage(req), vars);
+        getDefaultTemplate().output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+        s.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+    }
+
+    @Override
+    public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        return Form.getForm(req, Signup.class).submitExceptionProtected(req, resp);
     }
 
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        Signup s = Form.getForm(req, Signup.class);
-        if (s == null) {
-            resp.getWriter().println(translate(req, "CSRF token check failed."));
-        } else if (s.submit(resp.getWriter(), req)) {
-            HttpSession hs = req.getSession();
-            hs.setAttribute(SIGNUP_PROCESS, null);
-            resp.getWriter().println(translate(req, "Your information has been submitted" + " into our system. You will now be sent an email with a web link," + " you need to open that link in your web browser within 24 hours" + " or your information will be removed from our system!"));
-            return;
+        if (Form.printFormErrors(req, resp.getWriter())) {
+            Signup s = Form.getForm(req, Signup.class);
+            outputGet(req, resp, s);
         }
-
-        outputGet(req, resp, s);
     }
 
     @Override