upd: use a more strict pattern for handling forms

[gigi.git] / src / org / cacert / gigi / pages / orga / CreateOrgForm.java

diff --git a/src/org/cacert/gigi/pages/orga/CreateOrgForm.java b/src/org/cacert/gigi/pages/orga/CreateOrgForm.java
index 5e6b35a2a99989e49be3d1a5eebad307a0a31884..086b3059cc591a6ca8bf66278039b379261cfdb2 100644 (file)
--- a/src/org/cacert/gigi/pages/orga/CreateOrgForm.java
+++ b/src/org/cacert/gigi/pages/orga/CreateOrgForm.java
@@ -7,8 +7,11 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.dbObjects.Organisation;
+import org.cacert.gigi.email.EmailProvider;
 import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.output.CountrySelector;
 import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.SprintfCommand;
 import org.cacert.gigi.output.template.Template;
 import org.cacert.gigi.pages.LoginPage;
 
@@ -20,8 +23,6 @@ public class CreateOrgForm extends Form {
 
     private String o = "";
 
-    private String c = "";
-
     private String st = "";
 
     private String l = "";
@@ -34,16 +35,21 @@ public class CreateOrgForm extends Form {
 
     private boolean isEdit = false;
 
+    private CountrySelector cs;
+
     public CreateOrgForm(HttpServletRequest hsr) {
         super(hsr);
+        cs = new CountrySelector("C", false);
     }
 
     public CreateOrgForm(HttpServletRequest hsr, Organisation t) {
-        super(hsr);
+        this(hsr);
         isEdit = true;
         result = t;
         o = t.getName();
-        c = t.getState();
+
+        cs = new CountrySelector("C", false, t.getState());
+
         st = t.getProvince();
         l = t.getCity();
         email = t.getContactEmail();
@@ -52,49 +58,66 @@ public class CreateOrgForm extends Form {
     }
 
     @Override
-    public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+    public boolean submit(HttpServletRequest req) throws GigiApiException {
         String action = req.getParameter("action");
         if (action == null) {
             return false;
         }
+
         if (action.equals("new")) {
-            o = req.getParameter("O");
-            c = req.getParameter("C");
-            st = req.getParameter("ST");
-            l = req.getParameter("L");
-            email = req.getParameter("contact");
-            optionalName = req.getParameter("optionalName");
-            postalAddress = req.getParameter("postalAddress");
-
-            Organisation ne = new Organisation(o, c, st, l, email, optionalName, postalAddress, LoginPage.getUser(req));
+            checkCertData(req);
+            checkOrganisationData(req);
+            Organisation ne = new Organisation(o, cs.getCountry(), st, l, email, optionalName, postalAddress, LoginPage.getUser(req));
             result = ne;
             return true;
         } else if (action.equals("updateOrganisationData")) {
-            updateOrganisationData(out, req);
+            checkOrganisationData(req);
+            result.updateOrgData(email, optionalName, postalAddress);
             return true;
         } else if (action.equals("updateCertificateData")) {
-            updateCertificateData(out, req);
+            checkCertData(req);
+            result.updateCertData(o, cs.getCountry(), st, l);
             return true;
         }
 
         return false;
     }
 
-    private void updateOrganisationData(PrintWriter out, HttpServletRequest req) throws GigiApiException {
-        email = req.getParameter("contact");
-        optionalName = req.getParameter("optionalName");
-        postalAddress = req.getParameter("postalAddress");
-
-        result.updateOrgData(email, optionalName, postalAddress);
+    private void checkOrganisationData(HttpServletRequest req) throws GigiApiException {
+        email = extractParam(req, "contact");
+        optionalName = extractParam(req, "optionalName");
+        postalAddress = extractParam(req, "postalAddress");
+        if ( !EmailProvider.isValidMailAddress(email)) {
+            throw new GigiApiException("Contact email is not a valid email address");
+        }
     }
 
-    private void updateCertificateData(PrintWriter out, HttpServletRequest req) throws GigiApiException {
-        o = req.getParameter("O");
-        c = req.getParameter("C");
-        st = req.getParameter("ST");
-        l = req.getParameter("L");
+    private void checkCertData(HttpServletRequest req) throws GigiApiException {
+        o = extractParam(req, "O");
+        st = extractParam(req, "ST");
+        l = extractParam(req, "L");
 
-        result.updateCertData(o, c, st, l);
+        if (o.length() > 64 || o.length() < 1) {
+            throw new GigiApiException(SprintfCommand.createSimple("{0} not given or longer than {1} characters", "Organisation name", 64));
+        }
+
+        cs.update(req);
+
+        if (st.length() > 128 || st.length() < 1) {
+            throw new GigiApiException(SprintfCommand.createSimple("{0} not given or longer than {1} characters", "State/county", 128));
+        }
+
+        if (l.length() > 128 || l.length() < 1) {
+            throw new GigiApiException(SprintfCommand.createSimple("{0} not given or longer than {1} characters", "Town/suburb", 128));
+        }
+    }
+
+    private String extractParam(HttpServletRequest req, String name) {
+        String parameter = req.getParameter(name);
+        if (parameter == null) {
+            return "";
+        }
+        return parameter.trim();
     }
 
     public Organisation getResult() {
@@ -104,12 +127,13 @@ public class CreateOrgForm extends Form {
     @Override
     protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
         vars.put("O", o);
-        vars.put("C", c);
+        vars.put("C", cs);
         vars.put("ST", st);
         vars.put("L", this.l);
         vars.put("email", email);
         vars.put("optionalName", optionalName);
         vars.put("postalAddress", postalAddress);
+        vars.put("countryCode", cs);
         if (isEdit) {
             vars.put("edit", true);
         }