X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Fadmin%2Fsupport%2FSupportUserDetailsPage.java;h=2a8ef874d8069d78303cabdb25b96ea945654b50;hp=fad39e90c4007cc2b69b7f2eb90e0d78280d325f;hb=17a15662212d973d12ed4cea3f5eaa9c0d1169ed;hpb=823aef539f73838a1bea6e0c108904a6346e8db4

diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
index fad39e90..2a8ef874 100644
--- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
+++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java
@@ -18,6 +18,7 @@ import org.cacert.gigi.output.template.IterableDataset;
 import org.cacert.gigi.pages.LoginPage;
 import org.cacert.gigi.pages.Page;
 import org.cacert.gigi.util.AuthorizationContext;
+import org.cacert.gigi.util.HTMLEncoder;
 
 public class SupportUserDetailsPage extends Page {
 
@@ -30,6 +31,9 @@ public class SupportUserDetailsPage extends Page {
     @Override
     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         int id = -1;
+        if ( !req.getPathInfo().endsWith("/")) {
+            resp.sendError(404);
+        }
         String[] idP = req.getPathInfo().split("/");
         try {
             id = Integer.parseInt(idP[idP.length - 1]);
@@ -87,11 +91,15 @@ public class SupportUserDetailsPage extends Page {
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         try {
             if (req.getParameter("revokeall") != null) {
-                if ( !Form.getForm(req, SupportRevokeCertificatesForm.class).submit(resp.getWriter(), req)) {
+                if ( !Form.getForm(req, SupportRevokeCertificatesForm.class).submitProtected(resp.getWriter(), req)) {
                     throw new GigiApiException("No ticket number set.");
                 }
-            } else if (req.getParameter("detailupdate") != null || req.getParameter("resetPass") != null || req.getParameter("deny") != null || req.getParameter("grant") != null) {
-                if ( !Form.getForm(req, SupportUserDetailsForm.class).submit(resp.getWriter(), req)) {
+            } else if (req.getParameter("detailupdate") != null || req.getParameter("resetPass") != null || req.getParameter("removeGroup") != null || req.getParameter("addGroup") != null) {
+                SupportUserDetailsForm f = Form.getForm(req, SupportUserDetailsForm.class);
+                if (f.wasWithPasswordReset()) {
+                    resp.getWriter().println(HTMLEncoder.encodeHTML(translate(req, "Password reset successful.")));
+                }
+                if ( !f.submitProtected(resp.getWriter(), req)) {
                     throw new GigiApiException("No ticket number set.");
                 }
             }