public static final String CSRF_FIELD = "csrf";
- private String csrf;
+ private final String csrf;
+
+ private final String action;
public Form(HttpServletRequest hsr) {
+ this(hsr, null);
+ }
+
+ public Form(HttpServletRequest hsr, String action) {
csrf = RandomToken.generateToken(32);
+ this.action = action;
HttpSession hs = hsr.getSession();
hs.setAttribute("form/" + getClass().getName() + "/" + csrf, this);
-
}
public abstract boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException;
@Override
public void output(PrintWriter out, Language l, Map<String, Object> vars) {
- out.println("<form method='POST'>");
+ if (action == null) {
+ out.println("<form method='POST'>");
+ } else {
+ out.println("<form method='POST' action='" + action + "'>");
+ }
failed = false;
outputContent(out, l, vars);
out.print("<input type='hidden' name='" + CSRF_FIELD + "' value='");
import java.io.IOException;
import java.io.PrintWriter;
+import java.util.HashMap;
+import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.dbObjects.Domain;
import org.cacert.gigi.dbObjects.EmailAddress;
+import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.output.template.Form;
public class Verify extends Page {
+ private class VerificationForm extends Form {
+
+ private String hash;
+
+ private String type;
+
+ private String id;
+
+ public VerificationForm(HttpServletRequest hsr) {
+ super(hsr, PATH);
+ hash = hsr.getParameter("hash");
+ type = hsr.getParameter("type");
+ id = hsr.getParameter("id");
+ }
+
+ @Override
+ public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ if ("email".equals(type)) {
+ try {
+ EmailAddress ea = EmailAddress.getById(Integer.parseInt(id));
+ ea.verify(hash);
+ out.println("Email verification completed.");
+ } catch (IllegalArgumentException e) {
+ out.println(translate(req, "The email address is invalid."));
+ } catch (GigiApiException e) {
+ e.format(out, getLanguage(req));
+ }
+ } else if ("domain".equals(type)) {
+ try {
+ Domain ea = Domain.getById(Integer.parseInt(id));
+ ea.verify(hash);
+ out.println("Domain verification completed.");
+ } catch (IllegalArgumentException e) {
+ out.println(translate(req, "The domain address is invalid."));
+ } catch (GigiApiException e) {
+ e.format(out, getLanguage(req));
+ }
+ }
+ return true;
+ }
+
+ @Override
+ protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
+ vars.put("hash", hash);
+ vars.put("id", id);
+ vars.put("type", type);
+ getDefaultTemplate().output(out, l, vars);
+ }
+
+ }
+
public static final String PATH = "/verify";
public Verify() {
}
@Override
- public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- PrintWriter out = resp.getWriter();
- String hash = req.getParameter("hash");
- String type = req.getParameter("type");
- String id = req.getParameter("id");
- if ("email".equals(type)) {
- try {
- EmailAddress ea = EmailAddress.getById(Integer.parseInt(id));
- ea.verify(hash);
- out.println("Email verification completed.");
- } catch (IllegalArgumentException e) {
- out.println(translate(req, "The email address is invalid."));
- } catch (GigiApiException e) {
- e.format(out, getLanguage(req));
- }
- } else if ("domain".equals(type)) {
- try {
- Domain ea = Domain.getById(Integer.parseInt(id));
- ea.verify(hash);
- out.println("Domain verification completed.");
- } catch (IllegalArgumentException e) {
- out.println(translate(req, "The domain address is invalid."));
- } catch (GigiApiException e) {
- e.format(out, getLanguage(req));
+ public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ try {
+ if (Form.getForm(req, VerificationForm.class).submit(resp.getWriter(), req)) {
}
+ } catch (GigiApiException e) {
+ e.format(resp.getWriter(), getLanguage(req));
}
}
+ @Override
+ public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ new VerificationForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+ }
+
}
import java.io.IOException;
import java.net.Socket;
import java.net.SocketAddress;
+import java.net.URL;
+import java.net.URLConnection;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.TimeUnit;
import java.util.regex.Matcher;
return m.group(0);
}
+ public void verify() throws IOException {
+ String[] parts = extractLink().split("\\?");
+ URL u = new URL("https://" + ManagedTest.getServerName() + "/verify?" + parts[1]);
+
+ URLConnection csrfConn = u.openConnection();
+ String csrf = ManagedTest.getCSRF(csrfConn, 0);
+
+ u = new URL("https://" + ManagedTest.getServerName() + "/verify");
+ URLConnection uc = u.openConnection();
+ ManagedTest.cookie(uc, ManagedTest.stripCookie(csrfConn.getHeaderField("Set-Cookie")));
+ uc.setDoOutput(true);
+ uc.getOutputStream().write((parts[1] + "&csrf=" + csrf).getBytes());
+ uc.connect();
+ uc.getInputStream().close();
+ }
+
}
private Socket s;