upd: enforce a more strict Form call pattern.

[gigi.git] / src / org / cacert / gigi / pages / main / RegisterPage.java

diff --git a/src/org/cacert/gigi/pages/main/RegisterPage.java b/src/org/cacert/gigi/pages/main/RegisterPage.java
index b80429fb72ff753c89a782172fb08c3c803f0dc4..69dc4c1085062d042484c4e60f4730496b5c13ef 100644 (file)
--- a/src/org/cacert/gigi/pages/main/RegisterPage.java
+++ b/src/org/cacert/gigi/pages/main/RegisterPage.java
@@ -1,55 +1,58 @@
 package org.cacert.gigi.pages.main;
 
 import java.io.IOException;
-import java.io.PrintWriter;
 import java.util.HashMap;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
 
-import org.cacert.gigi.output.Form;
+import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.pages.Page;
+import org.cacert.gigi.util.AuthorizationContext;
+import org.cacert.gigi.util.RateLimit;
 
 public class RegisterPage extends Page {
 
-       private static final String SIGNUP_PROCESS = "signupProcess";
-       public static final String PATH = "/register";
-
-       public RegisterPage() {
-               super("Register");
-       }
-
-       @Override
-       public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-               PrintWriter out = resp.getWriter();
-               HashMap<String, Object> vars = new HashMap<String, Object>();
-               getDefaultTemplate().output(out, getLanguage(req), vars);
-               Signup s = new Signup(req);
-               s.output(out, getLanguage(req), vars);
-       }
-
-       @Override
-       public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-               Signup s = Form.getForm(req, Signup.class);
-               if (s == null) {
-                       resp.getWriter().println(translate(req, "CSRF token check failed."));
-               } else if (s.submit(resp.getWriter(), req)) {
-                       HttpSession hs = req.getSession();
-                       hs.setAttribute(SIGNUP_PROCESS, null);
-                       resp.getWriter().println(
-                               translate(req, "Your information has been submitted"
-                                       + " into our system. You will now be sent an email with a web link,"
-                                       + " you need to open that link in your web browser within 24 hours"
-                                       + " or your information will be removed from our system!"));
-                       return;
-               }
-
-               super.doPost(req, resp);
-       }
-
-       @Override
-       public boolean needsLogin() {
-               return false;
-       }
+    public static final String PATH = "/register";
+
+    // 50 per 5 min
+    public static final RateLimit RATE_LIMIT = new RateLimit(50, 5 * 60 * 1000);
+
+    public RegisterPage() {
+        super("Register");
+    }
+
+    @Override
+    public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        Signup s = new Signup(req);
+        outputGet(req, resp, s);
+    }
+
+    private void outputGet(HttpServletRequest req, HttpServletResponse resp, Signup s) throws IOException {
+        getDefaultTemplate().output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+        s.output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+    }
+
+    @Override
+    public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        return Form.getForm(req, Signup.class).submitExceptionProtected(req, resp);
+    }
+
+    @Override
+    public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        if (Form.printFormErrors(req, resp.getWriter())) {
+            Signup s = Form.getForm(req, Signup.class);
+            outputGet(req, resp, s);
+        }
+    }
+
+    @Override
+    public boolean needsLogin() {
+        return false;
+    }
+
+    @Override
+    public boolean isPermitted(AuthorizationContext ac) {
+        return ac == null;
+    }
 }