Correct csrf-token impl.

[gigi.git] / src / org / cacert / gigi / pages / main / RegisterPage.java

diff --git a/src/org/cacert/gigi/pages/main/RegisterPage.java b/src/org/cacert/gigi/pages/main/RegisterPage.java
index f552189f7ff27e827bc91ca863d045925c5109d8..b80429fb72ff753c89a782172fb08c3c803f0dc4 100644 (file)
--- a/src/org/cacert/gigi/pages/main/RegisterPage.java
+++ b/src/org/cacert/gigi/pages/main/RegisterPage.java
@@ -8,6 +8,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.cacert.gigi.output.Form;
 import org.cacert.gigi.pages.Page;
 
 public class RegisterPage extends Page {
@@ -20,44 +21,33 @@ public class RegisterPage extends Page {
        }
 
        @Override
-       public void doGet(HttpServletRequest req, HttpServletResponse resp)
-                       throws IOException {
+       public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
                PrintWriter out = resp.getWriter();
-               getDefaultTemplate().output(out, getLanguage(req),
-                               new HashMap<String, Object>());
-               Signup s = getForm(req);
-               s.writeForm(out, getLanguage(req));
+               HashMap<String, Object> vars = new HashMap<String, Object>();
+               getDefaultTemplate().output(out, getLanguage(req), vars);
+               Signup s = new Signup(req);
+               s.output(out, getLanguage(req), vars);
        }
-       public Signup getForm(HttpServletRequest req) {
-               HttpSession hs = req.getSession();
-               Signup s = (Signup) hs.getAttribute(SIGNUP_PROCESS);
-               if (s == null) {
-                       s = new Signup();
-                       hs.setAttribute(SIGNUP_PROCESS, s);
-               }
-               return s;
 
-       }
        @Override
-       public void doPost(HttpServletRequest req, HttpServletResponse resp)
-                       throws IOException {
-               Signup s = getForm(req);
-               if (s.submit(resp.getWriter(), req)) {
+       public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+               Signup s = Form.getForm(req, Signup.class);
+               if (s == null) {
+                       resp.getWriter().println(translate(req, "CSRF token check failed."));
+               } else if (s.submit(resp.getWriter(), req)) {
                        HttpSession hs = req.getSession();
                        hs.setAttribute(SIGNUP_PROCESS, null);
-                       resp.getWriter()
-                                       .println(
-                                                       translate(
-                                                                       req,
-                                                                       "Your information has been submitted"
-                                                                                       + " into our system. You will now be sent an email with a web link,"
-                                                                                       + " you need to open that link in your web browser within 24 hours"
-                                                                                       + " or your information will be removed from our system!"));
+                       resp.getWriter().println(
+                               translate(req, "Your information has been submitted"
+                                       + " into our system. You will now be sent an email with a web link,"
+                                       + " you need to open that link in your web browser within 24 hours"
+                                       + " or your information will be removed from our system!"));
                        return;
                }
 
                super.doPost(req, resp);
        }
+
        @Override
        public boolean needsLogin() {
                return false;