package org.cacert.gigi.pages.wot;
import java.io.IOException;
+import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import org.cacert.gigi.database.DatabaseConnection;
import org.cacert.gigi.output.DateSelector;
import org.cacert.gigi.output.Template;
+import org.cacert.gigi.output.Form.CSRFError;
import org.cacert.gigi.pages.LoginPage;
import org.cacert.gigi.pages.Page;
import org.cacert.gigi.util.Notary;
+import org.cacert.gigi.util.Notary.AssuranceResult;
public class AssurePage extends Page {
public static final String PATH = "/wot/assure";
public AssurePage() {
super("Assure someone");
+ t = new Template(new InputStreamReader(
+ AssuranceForm.class.getResourceAsStream("AssureeSearch.templ")));
}
if (pi.length() > 1) {
User myself = LoginPage.getUser(req);
int mid = Integer.parseInt(pi.substring(1));
-
- if (!Notary.checkAssuranceIsPossible(myself, new User(mid), out)) {
+ AssuranceResult check = Notary.checkAssuranceIsPossible(myself,
+ new User(mid));
+ if (check != AssuranceResult.ASSURANCE_SUCCEDED) {
+ out.println(translate(req, check.getMessage()));
return;
}
HttpSession hs = req.getSession();
out.println("No form found. This is an Error. Fill in the form again.");
return;
}
- form.submit(out, req);
+ try {
+ form.submit(out, req);
+ } catch (CSRFError e) {
+ resp.sendError(500, "CSRF Failed");
+ out.println(translate(req, "CSRF Token failed."));
+ }
return;
}
projects / gigi.git / blobdiff