import org.cacert.gigi.database.DatabaseConnection;
import org.cacert.gigi.output.DateSelector;
import org.cacert.gigi.output.Template;
+import org.cacert.gigi.output.Form.CSRFError;
import org.cacert.gigi.pages.LoginPage;
import org.cacert.gigi.pages.Page;
import org.cacert.gigi.util.Notary;
+import org.cacert.gigi.util.Notary.AssuranceResult;
public class AssurePage extends Page {
public static final String PATH = "/wot/assure";
if (pi.length() > 1) {
User myself = LoginPage.getUser(req);
int mid = Integer.parseInt(pi.substring(1));
-
- if (!Notary.checkAssuranceIsPossible(myself, new User(mid), out)) {
+ AssuranceResult check = Notary.checkAssuranceIsPossible(myself,
+ new User(mid));
+ if (check != AssuranceResult.ASSURANCE_SUCCEDED) {
+ out.println(translate(req, check.getMessage()));
return;
}
HttpSession hs = req.getSession();
out.println("No form found. This is an Error. Fill in the form again.");
return;
}
- form.submit(out, req);
+ try {
+ form.submit(out, req);
+ } catch (CSRFError e) {
+ resp.sendError(500, "CSRF Failed");
+ out.println(translate(req, "CSRF Token failed."));
+ }
return;
}