X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Foutput%2FForm.java;h=a6374e532b74c0b2b57f50015bbdd878fc7c9d56;hp=b86b6dcb7ea62d5f9301ee87b177eb2b3aa58339;hb=fb38a9c8b9d86289213a36bd3d2afddc58ec7d3f;hpb=70ac38c2e844e293d9815b8703341b94b029977a diff --git a/src/org/cacert/gigi/output/Form.java b/src/org/cacert/gigi/output/Form.java index b86b6dcb..a6374e53 100644 --- a/src/org/cacert/gigi/output/Form.java +++ b/src/org/cacert/gigi/output/Form.java @@ -1,43 +1,102 @@ package org.cacert.gigi.output; +import java.io.IOException; import java.io.PrintWriter; import java.util.Map; import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; -import org.cacert.gigi.Language; +import org.cacert.gigi.localisation.Language; import org.cacert.gigi.pages.Page; import org.cacert.gigi.util.RandomToken; public abstract class Form implements Outputable { - String csrf; - public Form() { - csrf = RandomToken.generateToken(32); - } - - public abstract boolean submit(PrintWriter out, HttpServletRequest req); - @Override - public final void output(PrintWriter out, Language l, - Map vars) { - out.println("
"); - outputContent(out, l, vars); - out.println("
"); - } - - public abstract void outputContent(PrintWriter out, Language l, - Map vars); - - protected void outputError(PrintWriter out, ServletRequest req, String text) { - out.print("
"); - out.print(Page.translate(req, text)); - out.println("
"); - } - - public String getCSRFToken() { - return csrf; - } + public static final String CSRF_FIELD = "csrf"; + + private String csrf; + + public Form(HttpServletRequest hsr) { + csrf = RandomToken.generateToken(32); + HttpSession hs = hsr.getSession(); + hs.setAttribute("form/" + getClass().getName() + "/" + csrf, this); + + } + + public abstract boolean submit(PrintWriter out, HttpServletRequest req); + + protected String getCsrfFieldName() { + return CSRF_FIELD; + } + + @Override + public void output(PrintWriter out, Language l, Map vars) { + out.println("
"); + failed = false; + outputContent(out, l, vars); + out.print("
"); + } + + protected abstract void outputContent(PrintWriter out, Language l, Map vars); + + boolean failed; + + protected void outputError(PrintWriter out, ServletRequest req, String text, Object... contents) { + if ( !failed) { + failed = true; + out.println("
"); + } + out.print("
"); + if (contents.length == 0) { + out.print(Page.translate(req, text)); + } else { + out.print(String.format(Page.translate(req, text), contents)); + } + out.println("
"); + } + + protected void outputErrorPlain(PrintWriter out, String text) { + if ( !failed) { + failed = true; + out.println("
"); + } + out.print("
"); + out.print(text); + out.println("
"); + } + + public boolean isFailed(PrintWriter out) { + if (failed) { + out.println("
"); + } + return failed; + } + + protected String getCSRFToken() { + return csrf; + } + + public static T getForm(HttpServletRequest req, Class target) throws CSRFException { + String csrf = req.getParameter(CSRF_FIELD); + if (csrf == null) { + throw new CSRFException(); + } + HttpSession hs = req.getSession(); + if (hs == null) { + throw new CSRFException(); + } + Form f = (Form) hs.getAttribute("form/" + target.getName() + "/" + csrf); + if (f == null) { + throw new CSRFException(); + } + return (T) f; + } + + public static class CSRFException extends IOException { + + } }