X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2Fmain%2FSignup.java;h=7cc389e72e2ac2b249c0b4c78773cdc5a8f3d04a;hp=bb72a9cd1a44fa516624823a36b7671c7d62ea58;hb=9def69bd08ea69eb27786d5b34f00e154e09e9f3;hpb=a0232b6e40e7e09767f0444d24e18bf12dafc362 diff --git a/src/org/cacert/gigi/pages/main/Signup.java b/src/org/cacert/gigi/pages/main/Signup.java index bb72a9cd..7cc389e7 100644 --- a/src/org/cacert/gigi/pages/main/Signup.java +++ b/src/org/cacert/gigi/pages/main/Signup.java @@ -2,52 +2,51 @@ package org.cacert.gigi.pages.main; import java.io.IOException; import java.io.PrintWriter; -import java.sql.SQLException; import java.util.HashMap; import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.cacert.gigi.GigiApiException; -import org.cacert.gigi.database.DatabaseConnection; import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; -import org.cacert.gigi.dbObjects.Name; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.email.EmailProvider; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.DateSelector; +import org.cacert.gigi.output.NameInput; import org.cacert.gigi.output.template.Form; +import org.cacert.gigi.output.template.PlainOutputable; +import org.cacert.gigi.output.template.SprintfCommand; import org.cacert.gigi.output.template.Template; import org.cacert.gigi.pages.Page; +import org.cacert.gigi.util.CalendarUtil; import org.cacert.gigi.util.HTMLEncoder; import org.cacert.gigi.util.Notary; import org.cacert.gigi.util.PasswordStrengthChecker; +import org.cacert.gigi.util.RateLimit.RateLimitException; public class Signup extends Form { - Name buildupName = new Name("", "", "", ""); + private NameInput ni; - String email = ""; + private String email = ""; - private Template t; + private static final Template t = new Template(Signup.class.getResource("Signup.templ")); - boolean general = true, country = true, regional = true, radius = true; + private boolean general = true, country = true, regional = true, radius = true; public Signup(HttpServletRequest hsr) { super(hsr); - t = new Template(Signup.class.getResource("Signup.templ")); + ni = new NameInput(); } - DateSelector myDoB = new DateSelector("day", "month", "year"); + private DateSelector myDoB = new DateSelector("day", "month", "year"); @Override public void outputContent(PrintWriter out, Language l, Map outerVars) { HashMap vars = new HashMap(); - vars.put("fname", HTMLEncoder.encodeHTML(buildupName.getFname())); - vars.put("mname", HTMLEncoder.encodeHTML(buildupName.getMname())); - vars.put("lname", HTMLEncoder.encodeHTML(buildupName.getLname())); - vars.put("suffix", HTMLEncoder.encodeHTML(buildupName.getSuffix())); + vars.put("name", ni); vars.put("dob", myDoB); vars.put("email", HTMLEncoder.encodeHTML(email)); vars.put("general", general ? " checked=\"checked\"" : ""); @@ -56,30 +55,15 @@ public class Signup extends Form { vars.put("radius", radius ? " checked=\"checked\"" : ""); vars.put("helpOnNames", String.format(l.getTranslation("Help on Names %sin the wiki%s"), "", "")); vars.put("csrf", getCSRFToken()); + vars.put("dobmin", User.MINIMUM_AGE + ""); t.output(out, l, vars); } - private void update(HttpServletRequest r) { - String fname = buildupName.getFname(); - String lname = buildupName.getLname(); - String mname = buildupName.getMname(); - String suffix = buildupName.getSuffix(); - if (r.getParameter("fname") != null) { - fname = r.getParameter("fname"); - } - if (r.getParameter("lname") != null) { - lname = r.getParameter("lname"); - } - if (r.getParameter("mname") != null) { - mname = r.getParameter("mname"); - } - if (r.getParameter("suffix") != null) { - suffix = r.getParameter("suffix"); - } + private void update(HttpServletRequest r) throws GigiApiException { + ni.update(r); if (r.getParameter("email") != null) { email = r.getParameter("email"); } - buildupName = new Name(fname, lname, mname, suffix); general = "1".equals(r.getParameter("general")); country = "1".equals(r.getParameter("country")); regional = "1".equals(r.getParameter("regional")); @@ -91,41 +75,55 @@ public class Signup extends Form { } @Override - public synchronized boolean submit(PrintWriter out, HttpServletRequest req) { + public synchronized boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) { + throw new RateLimitException(); + } + update(req); - if (buildupName.getLname().trim().equals("")) { - outputError(out, req, "Last name were blank."); + GigiApiException ga = new GigiApiException(); + try { + ni.getNameParts(); + } catch (GigiApiException e) { + ga.mergeInto(e); } + if ( !myDoB.isValid()) { - outputError(out, req, "Invalid date of birth"); + ga.mergeInto(new GigiApiException("Invalid date of birth")); } - if ( !"1".equals(req.getParameter("cca_agree"))) { - outputError(out, req, "You have to agree to the CAcert Community agreement."); + + if ( !CalendarUtil.isOfAge(myDoB.getDate(), User.MINIMUM_AGE)) { + ga.mergeInto(new GigiApiException("Entered dated of birth is below the restricted age requirements.")); + } + + if ( !"1".equals(req.getParameter("tos_agree"))) { + ga.mergeInto(new GigiApiException("Acceptance of the ToS is required to continue.")); } if (email.equals("")) { - outputError(out, req, "Email Address was blank"); + ga.mergeInto(new GigiApiException("Email Address was blank")); } String pw1 = req.getParameter("pword1"); String pw2 = req.getParameter("pword2"); if (pw1 == null || pw1.equals("")) { - outputError(out, req, "Pass Phrases were blank"); + ga.mergeInto(new GigiApiException("Pass Phrases were blank")); } else if ( !pw1.equals(pw2)) { - outputError(out, req, "Pass Phrases don't match"); + ga.mergeInto(new GigiApiException("Pass Phrases don't match")); } - int pwpoints = PasswordStrengthChecker.checkpw(pw1, buildupName, email); + int pwpoints = PasswordStrengthChecker.checkpw(pw1, ni.getNamePartsPlain(), email); if (pwpoints < 3) { - outputError(out, req, "The Pass Phrase you submitted failed to contain enough" + " differing characters and/or contained words from" + " your name and/or email address."); + ga.mergeInto(new GigiApiException("The Pass Phrase you submitted failed to contain enough" + " differing characters and/or contained words from" + " your name and/or email address.")); } - if (isFailed(out)) { - return false; + if ( !ga.isEmpty()) { + throw ga; } + GigiApiException ga2 = new GigiApiException(); try (GigiPreparedStatement q1 = new GigiPreparedStatement("SELECT * FROM `emails` WHERE `email`=? AND `deleted` IS NULL"); GigiPreparedStatement q2 = new GigiPreparedStatement("SELECT * FROM `certOwners` INNER JOIN `users` ON `users`.`id`=`certOwners`.`id` WHERE `email`=? AND `deleted` IS NULL")) { q1.setString(1, email); q2.setString(1, email); GigiResultSet r1 = q1.executeQuery(); GigiResultSet r2 = q2.executeQuery(); if (r1.next() || r2.next()) { - outputError(out, req, "This email address is currently valid in the system."); + ga2.mergeInto(new GigiApiException("This email address is currently valid in the system.")); } } try (GigiPreparedStatement q3 = new GigiPreparedStatement("SELECT `domain` FROM `baddomains` WHERE `domain`=RIGHT(?, LENGTH(`domain`))")) { @@ -134,7 +132,7 @@ public class Signup extends Form { GigiResultSet r3 = q3.executeQuery(); if (r3.next()) { String domain = r3.getString(1); - outputError(out, req, "We don't allow signups from people using email addresses from %s", domain); + ga2.mergeInto(new GigiApiException(SprintfCommand.createSimple("We don't allow signups from people using email addresses from {0}.", domain))); } } String mailResult = EmailProvider.FAIL; @@ -144,50 +142,36 @@ public class Signup extends Form { } if ( !mailResult.equals(EmailProvider.OK)) { if (mailResult.startsWith("4")) { - outputError(out, req, "The mail server responsible for your domain indicated" + " a temporary failure. This may be due to anti-SPAM measures, such" + " as greylisting. Please try again in a few minutes."); + ga2.mergeInto(new GigiApiException("The mail server responsible for your domain indicated" + " a temporary failure. This may be due to anti-SPAM measures, such" + " as greylisting. Please try again in a few minutes.")); } else { - outputError(out, req, "Email Address given was invalid, or a test connection" + " couldn't be made to your server, or the server" + " rejected the email address as invalid"); + ga2.mergeInto(new GigiApiException("Email Address given was invalid, or a test connection" + " couldn't be made to your server, or the server" + " rejected the email address as invalid")); } if (mailResult.equals(EmailProvider.FAIL)) { - outputError(out, req, "Failed to make a connection to the mail server"); + ga2.mergeInto(new GigiApiException("Failed to make a connection to the mail server")); } else { - outputErrorPlain(out, mailResult); + ga2.mergeInto(new GigiApiException(new PlainOutputable(mailResult))); } } - if (isFailed(out)) { - return false; - } - try { - run(req, pw1); - } catch (SQLException e) { - e.printStackTrace(); - } catch (GigiApiException e) { - outputError(out, req, e.getMessage()); - return false; + if ( !ga2.isEmpty()) { + throw ga2; } + run(req, pw1); return true; } - private void run(HttpServletRequest req, String password) throws SQLException, GigiApiException { - try { - DatabaseConnection.getInstance().beginTransaction(); - User u = new User(email, password, buildupName, myDoB.getDate(), Page.getLanguage(req).getLocale()); - - try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `alerts` SET `memid`=?," + " `general`=?, `country`=?, `regional`=?, `radius`=?")) { - ps.setInt(1, u.getId()); - ps.setBoolean(2, general); - ps.setBoolean(3, country); - ps.setBoolean(4, regional); - ps.setBoolean(5, radius); - ps.execute(); - } - Notary.writeUserAgreement(u, "CCA", "account creation", "", true, 0); + private void run(HttpServletRequest req, String password) throws GigiApiException { + User u = new User(email, password, myDoB.getDate(), Page.getLanguage(req).getLocale(), ni.getNameParts()); - DatabaseConnection.getInstance().commitTransaction(); - } finally { - DatabaseConnection.getInstance().quitTransaction(); + try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `alerts` SET `memid`=?," + " `general`=?, `country`=?, `regional`=?, `radius`=?")) { + ps.setInt(1, u.getId()); + ps.setBoolean(2, general); + ps.setBoolean(3, country); + ps.setBoolean(4, regional); + ps.setBoolean(5, radius); + ps.execute(); } + Notary.writeUserAgreement(u, "ToS", "account creation", "", true, 0); } }