Map<String, Object> vars) {
out.println("<form method='POST' autocomplete='off'>");
outputContent(out, l, vars);
- out.println("<input type='csrf' value='");
+ out.print("<input type='csrf' value='");
out.print(getCSRFToken());
out.println("'></form>");
}
- public abstract void outputContent(PrintWriter out, Language l,
+ protected abstract void outputContent(PrintWriter out, Language l,
Map<String, Object> vars);
protected void outputError(PrintWriter out, ServletRequest req, String text) {
out.println("</div>");
}
- public String getCSRFToken() {
+ protected String getCSRFToken() {
return csrf;
}
+ protected void checkCSRF(HttpServletRequest req) {
+ if (!csrf.equals(req.getParameter("csrf"))) {
+ throw new CSRFError();
+ }
+ }
+
+ public class CSRFError extends Error {
+ }
}
@Override
public boolean submit(PrintWriter out, HttpServletRequest req) {
+ checkCSRF(req);
+
out.println("<div class='formError'>");
boolean failed = false;
out.println("</div>");
return false;
}
+
}
import org.cacert.gigi.database.DatabaseConnection;
import org.cacert.gigi.output.DateSelector;
import org.cacert.gigi.output.Template;
+import org.cacert.gigi.output.Form.CSRFError;
import org.cacert.gigi.pages.LoginPage;
import org.cacert.gigi.pages.Page;
import org.cacert.gigi.util.Notary;
out.println("No form found. This is an Error. Fill in the form again.");
return;
}
- form.submit(out, req);
+ try {
+ form.submit(out, req);
+ } catch (CSRFError e) {
+ resp.sendError(500, "CSRF Failed");
+ out.println(translate(req, "CSRF Token failed."));
+ }
return;
}
+ assuree);
URLConnection uc = u.openConnection();
uc.addRequestProperty("Cookie", cookie);
- uc.getInputStream();// request form
+ String csrf = getCSRF(uc);
uc = u.openConnection();
uc.addRequestProperty("Cookie", cookie);
uc.setDoOutput(true);
+ uc.getOutputStream().write(("csrf=" + csrf + "&").getBytes());
return uc;
}
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.URL;
+import java.net.URLConnection;
import java.net.URLEncoder;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Properties;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import org.cacert.gigi.DevelLauncher;
import org.cacert.gigi.database.DatabaseConnection;
headerField = headerField.substring(0, headerField.indexOf(';'));
return headerField;
}
+
+ public String getCSRF(URLConnection u) throws IOException {
+ String content = IOUtils.readURL(u);
+ Pattern p = Pattern.compile("<input type='csrf' value='([^']+)'>");
+ Matcher m = p.matcher(content);
+ if (!m.find()) {
+ throw new Error("New CSRF Token");
+ }
+ return m.group(1);
+ }
}