]> WPIA git - gigi.git/blobdiff - src/org/cacert/gigi/pages/wot/AssuranceForm.java
upd: enforce a more strict Form call pattern.
[gigi.git] / src / org / cacert / gigi / pages / wot / AssuranceForm.java
index a4ea3c23bf6102cf2629a7ed0a5c69f2613b931d..b46dfdd530637785a4fcb10b974f8b0459a34061 100644 (file)
@@ -1,35 +1,62 @@
 package org.cacert.gigi.pages.wot;
 
-import java.io.IOException;
 import java.io.PrintWriter;
-import java.net.URLEncoder;
 import java.text.SimpleDateFormat;
-import java.util.Date;
+import java.util.Arrays;
 import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 
 import org.cacert.gigi.GigiApiException;
+import org.cacert.gigi.dbObjects.Assurance.AssuranceType;
 import org.cacert.gigi.dbObjects.Name;
 import org.cacert.gigi.dbObjects.User;
-import org.cacert.gigi.email.Sendmail;
 import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.output.ArrayIterable;
+import org.cacert.gigi.output.CountrySelector;
 import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.IterableDataset;
+import org.cacert.gigi.output.template.Outputable;
+import org.cacert.gigi.output.template.SprintfCommand;
 import org.cacert.gigi.output.template.Template;
+import org.cacert.gigi.output.template.TranslateCommand;
 import org.cacert.gigi.pages.Page;
 import org.cacert.gigi.pages.PasswordResetPage;
+import org.cacert.gigi.util.DayDate;
 import org.cacert.gigi.util.Notary;
-import org.cacert.gigi.util.RandomToken;
-import org.cacert.gigi.util.ServerConstants;
 
 public class AssuranceForm extends Form {
 
+    public static class ConcatOutputable implements Outputable {
+
+        private Outputable[] outputables;
+
+        public ConcatOutputable(Outputable... outputables) {
+            this.outputables = outputables;
+        }
+
+        @Override
+        public void output(PrintWriter out, Language l, Map<String, Object> vars) {
+            for (int i = 0; i < outputables.length; i++) {
+                if (i != 0) {
+                    out.println();
+                }
+                outputables[i].output(out, l, vars);
+            }
+        }
+    }
+
     private User assuree;
 
-    private Name assureeName;
+    private Name[] assureeNames;
 
-    private Date dob;
+    private boolean[] selected;
+
+    private DayDate dob;
 
     private String location = "";
 
@@ -37,16 +64,40 @@ public class AssuranceForm extends Form {
 
     private String aword;
 
-    private static final Template templ;
-    static {
-        templ = new Template(AssuranceForm.class.getResource("AssuranceForm.templ"));
-    }
+    private User assurer;
 
-    public AssuranceForm(HttpServletRequest hsr, User assuree) {
+    private AssuranceType type = AssuranceType.FACE_TO_FACE;
+
+    private static final Template templ = new Template(AssuranceForm.class.getResource("AssuranceForm.templ"));
+
+    private CountrySelector cs;
+
+    public AssuranceForm(HttpServletRequest hsr, User assuree) throws GigiApiException {
         super(hsr);
+        assurer = Page.getUser(hsr);
         this.assuree = assuree;
-        assureeName = this.assuree.getName();
+
+        if (assurer.getId() == assuree.getId()) {
+            throw new GigiApiException("You cannot verify yourself.");
+        }
+        if ( !assurer.canAssure()) {
+            throw new GigiApiException("You are not a RA-Agent.");
+        }
+
+        Name[] initialNames = this.assuree.getNonDeprecatedNames();
+        LinkedList<Name> names = new LinkedList<>();
+        for (Name name : initialNames) {
+            if (Notary.checkAssuranceIsPossible(assurer, name)) {
+                names.add(name);
+            }
+        }
+        if (names.size() == 0) {
+            throw new GigiApiException(SprintfCommand.createSimple("You have already verified all names of this applicant within the last {0} days.", Notary.LIMIT_DAYS_VERIFICATION));
+        }
+        assureeNames = names.toArray(new Name[names.size()]);
         dob = this.assuree.getDoB();
+        selected = new boolean[assureeNames.length];
+        cs = new CountrySelector("countryCode", false);
     }
 
     SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
@@ -57,28 +108,64 @@ public class AssuranceForm extends Form {
     public void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
         HashMap<String, Object> res = new HashMap<String, Object>();
         res.putAll(vars);
-        res.put("nameExplicit", assuree.getName());
-        res.put("name", assuree.getName().toString());
-        res.put("maxpoints", assuree.getMaxAssurePoints());
-        res.put("dob", sdf.format(assuree.getDoB()));
-        res.put("dobFmt2", sdf2.format(assuree.getDoB()));
+        res.put("names", new ArrayIterable<Name>(assureeNames) {
+
+            @Override
+            public void apply(Name t, Language l, Map<String, Object> vars) {
+                vars.put("nameExplicit", t);
+                vars.put("nameId", t.getId());
+                vars.put("checked", selected[i] ? " checked" : "");
+            }
+
+        });
+        res.put("name", assuree.getPreferredName().toString());
+        res.put("maxpoints", assurer.getMaxAssurePoints());
+        res.put("dob", sdf.format(assuree.getDoB().toDate()));
+        res.put("dobFmt2", sdf2.format(assuree.getDoB().toDate()));
         res.put("location", location);
         res.put("date", date);
         res.put("aword", aword);
+        res.put("countryCode", cs);
+
+        final LinkedList<AssuranceType> ats = new LinkedList<>();
+        for (AssuranceType at : AssuranceType.values()) {
+            try {
+                Notary.may(assurer, assuree, at);
+                ats.add(at);
+            } catch (GigiApiException e) {
+            }
+        }
+        res.put("ats", new IterableDataset() {
+
+            Iterator<AssuranceType> t = ats.iterator();
+
+            @Override
+            public boolean next(Language l, Map<String, Object> vars) {
+                if ( !t.hasNext()) {
+                    return false;
+                }
+                AssuranceType t1 = t.next();
+                vars.put("type", t1.getDescription());
+                vars.put("id", t1.toString());
+                vars.put("sel", t1 == type ? " selected" : "");
+                return true;
+            }
+        });
         templ.output(out, l, res);
     }
 
     @Override
-    public boolean submit(PrintWriter out, HttpServletRequest req) {
+    public SubmissionResult submit(HttpServletRequest req) throws GigiApiException {
         location = req.getParameter("location");
         date = req.getParameter("date");
+        cs.update(req);
+        GigiApiException gae = new GigiApiException();
         if (date == null || location == null) {
-            outputError(out, req, "You need to enter location and date!");
+            gae.mergeInto(new GigiApiException("You need to enter location and date!"));
         }
 
-        if ( !"1".equals(req.getParameter("certify")) || !"1".equals(req.getParameter("rules")) || !"1".equals(req.getParameter("CCAAgreed")) || !"1".equals(req.getParameter("assertion"))) {
-            outputError(out, req, "You failed to check all boxes to validate" + " your adherence to the rules and policies of CAcert");
-
+        if ( !"1".equals(req.getParameter("certify")) || !"1".equals(req.getParameter("rules")) || !"1".equals(req.getParameter("assertion"))) {
+            gae.mergeInto(new GigiApiException("You failed to check all boxes to validate" + " your adherence to the rules and policies of SomeCA"));
         }
         if ("1".equals(req.getParameter("passwordReset"))) {
             aword = req.getParameter("passwordResetValue");
@@ -88,53 +175,60 @@ public class AssuranceForm extends Form {
         } else {
             aword = null;
         }
+        String val = req.getParameter("assuranceType");
+        if (val != null) {
+            try {
+                type = AssuranceType.valueOf(val);
+            } catch (IllegalArgumentException e) {
+                gae.mergeInto(new GigiApiException("Verification Type wrong."));
+            }
+        }
 
         int pointsI = 0;
         String points = req.getParameter("points");
         if (points == null || "".equals(points)) {
-            outputError(out, req, "For an assurance, you need to enter points.");
+            gae.mergeInto(new GigiApiException("For a verification, you need to enter points."));
         } else {
             try {
                 pointsI = Integer.parseInt(points);
             } catch (NumberFormatException e) {
-                outputError(out, req, "The points entered were not a number.");
+                gae.mergeInto(new GigiApiException("The points entered were not a number."));
             }
         }
+        String[] parameterValues = req.getParameterValues("assuredName");
+        HashSet<String> data = new HashSet<>(Arrays.asList(parameterValues == null ? new String[0] : parameterValues));
+        for (int i = 0; i < assureeNames.length; i++) {
+            selected[i] = data.contains(Integer.toString(assureeNames[i].getId()));
+        }
 
-        if (isFailed(out)) {
-            return false;
-        }
-        try {
-            Notary.assure(Page.getUser(req), assuree, assureeName, dob, pointsI, location, req.getParameter("date"));
-            if (aword != null && !aword.equals("")) {
-                String systemToken = RandomToken.generateToken(32);
-                int id = assuree.generatePasswordResetTicket(Page.getUser(req), systemToken, aword);
-                try {
-                    Language l = Language.getInstance(assuree.getPreferredLocale());
-                    StringBuffer body = new StringBuffer();
-                    body.append(l.getTranslation("Hi,") + "\n\n");
-                    body.append(l.getTranslation("A password reset was triggered. If you did a password reset by assurance, please enter your secret password using this form: \nhttps://"));
-                    body.append(ServerConstants.getWwwHostNamePortSecure() + PasswordResetPage.PATH);
-                    body.append("?id=");
-                    body.append(id);
-                    body.append("&token=");
-                    body.append(URLEncoder.encode(systemToken, "UTF-8"));
-                    body.append("\n");
-                    body.append("\n");
-                    body.append(l.getTranslation("Best regards"));
-                    body.append("\n");
-                    body.append(l.getTranslation("CAcert.org Support!"));
-                    Sendmail.getInstance().sendmail(assuree.getEmail(), "[CAcert.org] " + l.getTranslation("Password reset by assurance"), body.toString(), "support@cacert.org", null, null, null, null, false);
-                } catch (IOException e) {
-                    e.printStackTrace();
-                }
+        if ( !gae.isEmpty()) {
+            throw gae;
+        }
+
+        LinkedList<Name> toAssure = new LinkedList<Name>();
+        for (int i = 0; i < selected.length; i++) {
+            if (selected[i]) {
+                toAssure.add(assureeNames[i]);
             }
-            return true;
-        } catch (GigiApiException e) {
-            e.format(out, Page.getLanguage(req));
         }
+        if (toAssure.size() == 0) {
+            throw new GigiApiException("You must confirm at least one name to verify an account.");
+        }
+
+        Notary.assureAll(assurer, assuree, dob, pointsI, location, req.getParameter("date"), type, toAssure.toArray(new Name[toAssure.size()]), cs.getCountry());
+        Outputable result = new TranslateCommand("Verification complete.");
+        if (isWithPasswordReset()) {
+            Language langApplicant = Language.getInstance(assuree.getPreferredLocale());
+            String method = langApplicant.getTranslation("A password reset was triggered. If you did a password reset by verification, please enter your secret password using this form:");
+            String subject = langApplicant.getTranslation("Password reset by verification");
+            PasswordResetPage.initPasswordResetProcess(assuree, req, aword, langApplicant, method, subject);
+            result = new ConcatOutputable(result, new TranslateCommand("Password reset successful."));
+        }
+        return new SuccessMessageResult(result);
+    }
 
-        return false;
+    public boolean isWithPasswordReset() {
+        return aword != null && !aword.equals("");
     }
 
     public User getAssuree() {