From 17a15662212d973d12ed4cea3f5eaa9c0d1169ed Mon Sep 17 00:00:00 2001 From: =?utf8?q?Felix=20D=C3=B6rre?= Date: Mon, 5 Sep 2016 19:05:17 +0200 Subject: [PATCH] upd: use a more strict pattern for handling forms Change-Id: I55e1087868820e652fccc7454c9ae290b6947119 --- .../cacert/gigi/dbObjects/SupportedUser.java | 5 +- src/org/cacert/gigi/output/template/Form.java | 64 ++++++++++++- src/org/cacert/gigi/pages/LoginPage.java | 18 ++-- src/org/cacert/gigi/pages/Page.java | 23 +++++ .../cacert/gigi/pages/PasswordResetPage.java | 5 +- src/org/cacert/gigi/pages/Verify.java | 29 +++--- .../cacert/gigi/pages/account/ChangeForm.java | 12 +-- .../pages/account/ChangePasswordPage.java | 3 +- .../gigi/pages/account/FindAgentAccess.java | 2 +- .../cacert/gigi/pages/account/MyDetails.java | 28 +++--- .../gigi/pages/account/MyDetailsForm.java | 9 +- .../pages/account/MyOrganisationsForm.java | 6 +- .../pages/account/certs/CertificateAdd.java | 18 +++- .../account/certs/CertificateIssueForm.java | 94 +++++++++---------- .../certs/CertificateModificationForm.java | 2 +- .../pages/account/certs/Certificates.java | 34 +++++-- .../account/certs/RevokeSingleCertForm.java | 2 +- .../pages/account/domain/DomainAddForm.java | 11 +-- .../account/domain/DomainManagementForm.java | 2 +- .../pages/account/domain/DomainOverview.java | 32 ++++--- .../account/domain/DomainPinglogForm.java | 6 +- .../pages/account/domain/PingConfigForm.java | 4 +- .../gigi/pages/account/mail/MailAddForm.java | 2 +- .../account/mail/MailManagementForm.java | 10 +- .../gigi/pages/account/mail/MailOverview.java | 24 +++-- .../cacert/gigi/pages/admin/TTPAdminForm.java | 2 +- .../pages/admin/support/FindCertForm.java | 2 +- .../admin/support/FindUserByDomainForm.java | 2 +- .../admin/support/FindUserByEmailForm.java | 2 +- .../admin/support/SupportEnterTicketForm.java | 2 +- .../admin/support/SupportEnterTicketPage.java | 21 +++-- .../SupportRevokeCertificatesForm.java | 10 +- .../admin/support/SupportUserDetailsForm.java | 13 ++- .../admin/support/SupportUserDetailsPage.java | 9 +- .../cacert/gigi/pages/main/RegisterPage.java | 2 +- src/org/cacert/gigi/pages/main/Signup.java | 2 +- .../gigi/pages/orga/AffiliationForm.java | 8 +- .../cacert/gigi/pages/orga/CreateOrgForm.java | 3 +- .../gigi/pages/orga/OrgDomainAddForm.java | 2 +- .../cacert/gigi/pages/wot/AssuranceForm.java | 10 +- src/org/cacert/gigi/pages/wot/AssurePage.java | 4 + .../cacert/gigi/pages/wot/RequestTTPForm.java | 2 +- .../cacert/gigi/testUtils/ManagedTest.java | 5 +- 43 files changed, 330 insertions(+), 216 deletions(-) diff --git a/src/org/cacert/gigi/dbObjects/SupportedUser.java b/src/org/cacert/gigi/dbObjects/SupportedUser.java index 67b5e119..e600b85b 100644 --- a/src/org/cacert/gigi/dbObjects/SupportedUser.java +++ b/src/org/cacert/gigi/dbObjects/SupportedUser.java @@ -1,7 +1,6 @@ package org.cacert.gigi.dbObjects; import java.io.IOException; -import java.io.PrintWriter; import java.util.HashMap; import java.util.Locale; @@ -175,11 +174,11 @@ public class SupportedUser { } } - public void triggerPasswordReset(String aword, PrintWriter out, HttpServletRequest req) { + public void triggerPasswordReset(String aword, HttpServletRequest req) { Language l = Language.getInstance(target.getPreferredLocale()); String method = l.getTranslation("A password reset was triggered. Please enter the required text sent to you by support on this page:"); String subject = l.getTranslation("Password reset by support."); - PasswordResetPage.initPasswordResetProcess(out, target, req, aword, l, method, subject); + PasswordResetPage.initPasswordResetProcess(target, req, aword, l, method, subject); Outputable message = new TranslateCommand("A password reset was triggered and an email was sent to user."); sendSupportNotification(subject, message); } diff --git a/src/org/cacert/gigi/output/template/Form.java b/src/org/cacert/gigi/output/template/Form.java index 1eb0efa0..9e58a3cd 100644 --- a/src/org/cacert/gigi/output/template/Form.java +++ b/src/org/cacert/gigi/output/template/Form.java @@ -11,6 +11,7 @@ import javax.servlet.http.HttpSession; import org.cacert.gigi.GigiApiException; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.pages.LoginPage; +import org.cacert.gigi.pages.Page; import org.cacert.gigi.util.RandomToken; /** @@ -18,8 +19,22 @@ import org.cacert.gigi.util.RandomToken; */ public abstract class Form implements Outputable { + public static class PermamentFormException extends RuntimeException { + + public PermamentFormException(GigiApiException cause) { + super(cause); + } + + @Override + public synchronized GigiApiException getCause() { + return (GigiApiException) super.getCause(); + } + } + public static final String CSRF_FIELD = "csrf"; + private static final String SUBMIT_EXCEPTION = "form-submit-exception"; + private final String csrf; private final String action; @@ -52,15 +67,13 @@ public abstract class Form implements Outputable { /** * Update the forms internal state based on submitted data. * - * @param out - * the stream to the user. * @param req * the request to take the initial data from. * @return true, iff the form succeeded and the user should be redirected. * @throws GigiApiException - * if internal operations went wrong. + * if form data had problems or operations went wrong. */ - public abstract boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException; + public abstract boolean submit(HttpServletRequest req) throws GigiApiException; /** * Calls {@link #submit(PrintWriter, HttpServletRequest)} while catching and @@ -77,8 +90,10 @@ public abstract class Form implements Outputable { */ public boolean submitProtected(PrintWriter out, HttpServletRequest req) { try { - boolean succeeded = submit(out, req); + boolean succeeded = submit(req); if (succeeded) { + HttpSession hs = req.getSession(); + hs.removeAttribute("form/" + getClass().getName() + "/" + csrf); return true; } } catch (GigiApiException e) { @@ -88,6 +103,45 @@ public abstract class Form implements Outputable { return false; } + public boolean submitExceptionProtected(HttpServletRequest req) { + try { + if (submit(req)) { + HttpSession hs = req.getSession(); + hs.removeAttribute("form/" + getClass().getName() + "/" + csrf); + return true; + } + return false; + } catch (PermamentFormException e) { + req.setAttribute(SUBMIT_EXCEPTION, e); + return false; + } catch (GigiApiException e) { + req.setAttribute(SUBMIT_EXCEPTION, e); + return false; + } + } + + /** + * Prints any errors in any form submits on this request. + * + * @param req + * The request to extract the errors from. + * @param out + * the output stream to the user to write the errors to. + * @return true if no permanent errors occurred and the form should be + * reprinted. + */ + public static boolean printFormErrors(HttpServletRequest req, PrintWriter out) { + Object o = req.getAttribute(SUBMIT_EXCEPTION); + if (o != null && (o instanceof PermamentFormException)) { + ((PermamentFormException) o).getCause().format(out, Page.getLanguage(req)); + return false; + } + if (o != null && (o instanceof GigiApiException)) { + ((GigiApiException) o).format(out, Page.getLanguage(req)); + } + return true; + } + protected String getCsrfFieldName() { return CSRF_FIELD; } diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java index 1c002e57..b19de897 100644 --- a/src/org/cacert/gigi/pages/LoginPage.java +++ b/src/org/cacert/gigi/pages/LoginPage.java @@ -39,7 +39,7 @@ public class LoginPage extends Page { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) { throw new RateLimitException(); } @@ -64,10 +64,6 @@ public class LoginPage extends Page { @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - Object o = req.getAttribute(SUBMIT_EXCEPTION); - if (o != null) { - ((GigiApiException) o).format(resp.getWriter(), getLanguage(req)); - } if (req.getHeader("Host").equals(ServerConstants.getSecureHostNamePort())) { resp.getWriter().println(getLanguage(req).getTranslation("Authentication with certificate failed. Try another certificate or use a password.")); } else { @@ -75,6 +71,13 @@ public class LoginPage extends Page { } } + @Override + public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (Form.printFormErrors(req, resp.getWriter())) { + Form.getForm(req, LoginForm.class).output(resp.getWriter(), getLanguage(req), new HashMap()); + } + } + @Override public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException { String redir = (String) req.getSession().getAttribute(LOGIN_RETURNPATH); @@ -84,10 +87,7 @@ public class LoginPage extends Page { tryAuthWithCertificate(req, cert); } if (req.getMethod().equals("POST")) { - try { - Form.getForm(req, LoginForm.class).submit(resp.getWriter(), req); - } catch (GigiApiException e) { - req.setAttribute(SUBMIT_EXCEPTION, e); + if ( !Form.getForm(req, LoginForm.class).submitExceptionProtected(req)) { return false; } } diff --git a/src/org/cacert/gigi/pages/Page.java b/src/org/cacert/gigi/pages/Page.java index 8d64d94f..054a1e52 100644 --- a/src/org/cacert/gigi/pages/Page.java +++ b/src/org/cacert/gigi/pages/Page.java @@ -58,6 +58,29 @@ public abstract class Page implements PermissionCheckable { * if output goes wrong. */ public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (req.getMethod().equals("POST")) { + return beforePost(req, resp); + } + return false; + } + + /** + * This method can be overridden to execute code and do stuff before the + * default template is applied when the request is a post request and the + * default implementation of + * {@link #beforeTemplate(HttpServletRequest, HttpServletResponse)} is + * called. + * + * @param req + * the request to handle. + * @param resp + * the response to write to + * @return true, if the request is consumed and the default template should + * not be applied. + * @throws IOException + * if output goes wrong. + */ + public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException { return false; } diff --git a/src/org/cacert/gigi/pages/PasswordResetPage.java b/src/org/cacert/gigi/pages/PasswordResetPage.java index 4090bdd4..4ac3b188 100644 --- a/src/org/cacert/gigi/pages/PasswordResetPage.java +++ b/src/org/cacert/gigi/pages/PasswordResetPage.java @@ -59,7 +59,7 @@ public class PasswordResetPage extends Page { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { try (GigiPreparedStatement passwordReset = new GigiPreparedStatement("UPDATE `passwordResetTickets` SET `used` = CURRENT_TIMESTAMP WHERE `used` IS NULL AND `created` < CURRENT_TIMESTAMP - interval '1 hours' * ?;")) { passwordReset.setInt(1, HOUR_MAX); passwordReset.execute(); @@ -114,7 +114,7 @@ public class PasswordResetPage extends Page { private static final MailTemplate passwordResetMail = new MailTemplate(PasswordResetPage.class.getResource("PasswordResetMail.templ")); - public static void initPasswordResetProcess(PrintWriter out, User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) { + public static void initPasswordResetProcess(User targetUser, HttpServletRequest req, String aword, Language l, String method, String subject) { String ptok = RandomToken.generateToken(32); int id = targetUser.generatePasswordResetTicket(Page.getUser(req), ptok, aword); try { @@ -126,7 +126,6 @@ public class PasswordResetPage extends Page { vars.put("hour_max", HOUR_MAX); passwordResetMail.sendMail(l, vars, Page.getUser(req).getEmail()); - out.println(Page.getLanguage(req).getTranslation("Password reset successful.")); } catch (IOException e) { e.printStackTrace(); } diff --git a/src/org/cacert/gigi/pages/Verify.java b/src/org/cacert/gigi/pages/Verify.java index 2a5950e9..a17ec62b 100644 --- a/src/org/cacert/gigi/pages/Verify.java +++ b/src/org/cacert/gigi/pages/Verify.java @@ -48,30 +48,24 @@ public class Verify extends Page { Domain domain = Domain.getById(Integer.parseInt(id)); subject = domain.getSuffix(); target = domain; + } else { + throw new IllegalArgumentException(); } } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { - HashMap data = new HashMap<>(); - data.put("subject", subject); + public boolean submit(HttpServletRequest req) throws GigiApiException { if ("email".equals(type)) { try { target.verify(hash); - emailAddressVerified.output(out, getLanguage(req), data); } catch (IllegalArgumentException e) { - out.println(translate(req, "The email address is invalid.")); - } catch (GigiApiException e) { - e.format(out, getLanguage(req)); + throw new GigiApiException("The email address is invalid."); } } else if ("domain".equals(type)) { try { target.verify(hash); - domainVerified.output(out, getLanguage(req), data); } catch (IllegalArgumentException e) { - out.println(translate(req, "The domain is invalid.")); - } catch (GigiApiException e) { - e.format(out, getLanguage(req)); + throw new GigiApiException("The domain is invalid."); } } return true; @@ -101,7 +95,17 @@ public class Verify extends Page { @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { - if (Form.getForm(req, VerificationForm.class).submitProtected(resp.getWriter(), req)) { + VerificationForm form = Form.getForm(req, VerificationForm.class); + if (form.submitProtected(resp.getWriter(), req)) { + String type = form.type; + HashMap data = new HashMap<>(); + data.put("subject", form.subject); + PrintWriter out = resp.getWriter(); + if ("email".equals(type)) { + emailAddressVerified.output(out, getLanguage(req), data); + } else if ("domain".equals(type)) { + domainVerified.output(out, getLanguage(req), data); + } } } @@ -111,7 +115,6 @@ public class Verify extends Page { new VerificationForm(req).output(resp.getWriter(), getLanguage(req), new HashMap()); } catch (IllegalArgumentException e) { resp.getWriter().println(translate(req, "The object to verify is invalid.")); - } } diff --git a/src/org/cacert/gigi/pages/account/ChangeForm.java b/src/org/cacert/gigi/pages/account/ChangeForm.java index 667dc751..582fea07 100644 --- a/src/org/cacert/gigi/pages/account/ChangeForm.java +++ b/src/org/cacert/gigi/pages/account/ChangeForm.java @@ -10,7 +10,6 @@ import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.Template; -import org.cacert.gigi.pages.Page; public class ChangeForm extends Form { @@ -29,18 +28,16 @@ public class ChangeForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) { + public boolean submit(HttpServletRequest req) throws GigiApiException { String oldpassword = req.getParameter("oldpassword"); String p1 = req.getParameter("pword1"); String p2 = req.getParameter("pword2"); GigiApiException error = new GigiApiException(); if (oldpassword == null || p1 == null || p2 == null) { - new GigiApiException("All fields are required.").format(out, Page.getLanguage(req)); - return false; + throw new GigiApiException("All fields are required."); } if ( !p1.equals(p2)) { - new GigiApiException("New passwords do not match.").format(out, Page.getLanguage(req)); - return false; + throw new GigiApiException("New passwords do not match."); } try { target.changePassword(oldpassword, p1); @@ -48,8 +45,7 @@ public class ChangeForm extends Form { error.mergeInto(e); } if ( !error.isEmpty()) { - error.format(out, Page.getLanguage(req)); - return false; + throw error; } return true; } diff --git a/src/org/cacert/gigi/pages/account/ChangePasswordPage.java b/src/org/cacert/gigi/pages/account/ChangePasswordPage.java index 8432f027..a88d6a24 100644 --- a/src/org/cacert/gigi/pages/account/ChangePasswordPage.java +++ b/src/org/cacert/gigi/pages/account/ChangePasswordPage.java @@ -26,8 +26,7 @@ public class ChangePasswordPage extends Page { @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { - ChangeForm f = Form.getForm(req, ChangeForm.class); - f.submit(resp.getWriter(), req); + Form.getForm(req, ChangeForm.class).submitProtected(resp.getWriter(), req); } @Override diff --git a/src/org/cacert/gigi/pages/account/FindAgentAccess.java b/src/org/cacert/gigi/pages/account/FindAgentAccess.java index 98ee3ae3..0728cdd4 100644 --- a/src/org/cacert/gigi/pages/account/FindAgentAccess.java +++ b/src/org/cacert/gigi/pages/account/FindAgentAccess.java @@ -27,7 +27,7 @@ public class FindAgentAccess extends Form { private static final Template t = new Template(ChangePasswordPage.class.getResource("FindAgentAccess.templ")); @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { String nv = req.getParameter("new-val"); if (nv == null) { return false; diff --git a/src/org/cacert/gigi/pages/account/MyDetails.java b/src/org/cacert/gigi/pages/account/MyDetails.java index bf80d47b..321e9093 100644 --- a/src/org/cacert/gigi/pages/account/MyDetails.java +++ b/src/org/cacert/gigi/pages/account/MyDetails.java @@ -32,23 +32,29 @@ public class MyDetails extends Page { } @Override - public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException { - if (req.getParameter("orgaForm") != null) { - Form.getForm(req, MyOrganisationsForm.class).submit(resp.getWriter(), req); - } else { - return false; + public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (req.getParameter("orgaForm") != null && Form.getForm(req, MyOrganisationsForm.class).submitExceptionProtected(req)) { + resp.sendRedirect(PATH); + return true; } - resp.sendRedirect(PATH); - return true; + if (req.getParameter("action") != null || req.getParameter("removeName") != null || req.getParameter("deprecateName") != null || req.getParameter("preferred") != null) { + if (Form.getForm(req, MyDetailsForm.class).submitExceptionProtected(req)) { + resp.sendRedirect(PATH); + return true; + } + } + return false; } @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { - if (req.getParameter("action") != null || req.getParameter("removeName") != null || req.getParameter("deprecateName") != null || req.getParameter("preferred") != null) { - if (Form.getForm(req, MyDetailsForm.class).submit(resp.getWriter(), req)) { - resp.sendRedirect(PATH); + if (Form.printFormErrors(req, resp.getWriter())) { + if (req.getParameter("orgaForm") != null) { + Form.getForm(req, MyOrganisationsForm.class).output(resp.getWriter(), getLanguage(req), new HashMap()); + } + if (req.getParameter("action") != null || req.getParameter("removeName") != null || req.getParameter("deprecateName") != null || req.getParameter("preferred") != null) { + Form.getForm(req, MyDetailsForm.class).output(resp.getWriter(), getLanguage(req), new HashMap()); } } - super.doPost(req, resp); } } diff --git a/src/org/cacert/gigi/pages/account/MyDetailsForm.java b/src/org/cacert/gigi/pages/account/MyDetailsForm.java index 81390228..6a1bb25a 100644 --- a/src/org/cacert/gigi/pages/account/MyDetailsForm.java +++ b/src/org/cacert/gigi/pages/account/MyDetailsForm.java @@ -19,7 +19,6 @@ import org.cacert.gigi.output.GroupSelector; import org.cacert.gigi.output.NameInput; import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.Template; -import org.cacert.gigi.pages.Page; public class MyDetailsForm extends Form { @@ -56,7 +55,7 @@ public class MyDetailsForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) { + public boolean submit(HttpServletRequest req) throws GigiApiException { try { String rn = req.getParameter("removeName"); if (rn != null) { @@ -115,12 +114,8 @@ public class MyDetailsForm extends Form { return true; } - } catch (GigiApiException e) { - e.format(out, Page.getLanguage(req)); - return false; } catch (NumberFormatException e) { - new GigiApiException("Invalid value.").format(out, Page.getLanguage(req)); - return false; + throw new GigiApiException("Invalid value."); } return false; } diff --git a/src/org/cacert/gigi/pages/account/MyOrganisationsForm.java b/src/org/cacert/gigi/pages/account/MyOrganisationsForm.java index 706e9597..9879c37d 100644 --- a/src/org/cacert/gigi/pages/account/MyOrganisationsForm.java +++ b/src/org/cacert/gigi/pages/account/MyOrganisationsForm.java @@ -9,6 +9,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.cacert.gigi.Gigi; +import org.cacert.gigi.GigiApiException; import org.cacert.gigi.dbObjects.Organisation; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.template.Form; @@ -29,7 +30,7 @@ public class MyOrganisationsForm extends Form { private static final Template template = new Template(MyOrganisationsForm.class.getResource("MyOrganisationsForm.templ")); @Override - public boolean submit(PrintWriter out, HttpServletRequest req) { + public boolean submit(HttpServletRequest req) throws GigiApiException { if (req.getParameter("org-leave") != null) { req.getSession().setAttribute(Gigi.AUTH_CONTEXT, new AuthorizationContext(target.getActor(), target.getActor())); return true; @@ -43,8 +44,7 @@ public class MyOrganisationsForm extends Form { if (orgId == -1) { orgId = id; } else { - out.println(LoginPage.getLanguage(req).getTranslation("Error: invalid parameter.")); - return false; + throw new GigiApiException("Error: invalid parameter."); } } } diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java b/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java index e37b930c..eeb3eafb 100644 --- a/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java +++ b/src/org/cacert/gigi/pages/account/certs/CertificateAdd.java @@ -28,23 +28,31 @@ public class CertificateAdd extends Page { } @Override - public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException { CertificateIssueForm f = Form.getForm(req, CertificateIssueForm.class); - if (f.submit(resp.getWriter(), req)) { + if (f.submitExceptionProtected(req)) { Certificate c = f.getResult(); if (c.getStatus() != CertificateStatus.ISSUED) { resp.getWriter().println("Timeout while waiting for certificate."); - return; + return false; } String ser = c.getSerial(); if (ser.isEmpty()) { resp.getWriter().println("Timeout while waiting for certificate."); - return; + return false; } resp.sendRedirect(Certificates.PATH + "/" + ser); + return true; } - f.output(resp.getWriter(), getLanguage(req), Collections.emptyMap()); + return super.beforePost(req, resp); + } + @Override + public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (Form.printFormErrors(req, resp.getWriter())) { + CertificateIssueForm f = Form.getForm(req, CertificateIssueForm.class); + f.output(resp.getWriter(), getLanguage(req), Collections.emptyMap()); + } } @Override diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java index 0a95497d..badef543 100644 --- a/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java +++ b/src/org/cacert/gigi/pages/account/certs/CertificateIssueForm.java @@ -20,7 +20,6 @@ import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.IterableDataset; import org.cacert.gigi.output.template.Template; import org.cacert.gigi.pages.LoginPage; -import org.cacert.gigi.pages.Page; import org.cacert.gigi.util.AuthorizationContext; import org.cacert.gigi.util.RandomToken; @@ -57,61 +56,58 @@ public class CertificateIssueForm extends Form { CertificateValiditySelector issueDate = new CertificateValiditySelector(); @Override - public boolean submit(PrintWriter out, HttpServletRequest req) { + public boolean submit(HttpServletRequest req) throws GigiApiException { String csr = req.getParameter("CSR"); String spkac = req.getParameter("SPKAC"); try { - try { - if (csr != null) { - cr = new CertificateRequest(c, csr); - cr.checkKeyStrength(out); - } else if (spkac != null) { - cr = new CertificateRequest(c, spkac, spkacChallenge); - cr.checkKeyStrength(out); - } else if (cr != null) { - login = "1".equals(req.getParameter("login")); - issueDate.update(req); - GigiApiException error = new GigiApiException(); - - try { - cr.update(req.getParameter("CN"), req.getParameter("hash_alg"), req.getParameter("profile"), // - req.getParameter("org"), req.getParameter("OU"), req.getParameter("SANs")); - } catch (GigiApiException e) { - error.mergeInto(e); - } + if (csr != null) { + cr = new CertificateRequest(c, csr); + // TODO cr.checkKeyStrength(out); + return false; + } else if (spkac != null) { + cr = new CertificateRequest(c, spkac, spkacChallenge); + // TODO cr.checkKeyStrength(out); + return false; + } else if (cr != null) { + login = "1".equals(req.getParameter("login")); + issueDate.update(req); + GigiApiException error = new GigiApiException(); + + try { + cr.update(req.getParameter("CN"), req.getParameter("hash_alg"), req.getParameter("profile"), // + req.getParameter("org"), req.getParameter("OU"), req.getParameter("SANs")); + } catch (GigiApiException e) { + error.mergeInto(e); + } - Certificate result = null; - try { - result = cr.draft(); - } catch (GigiApiException e) { - error.mergeInto(e); - } - if ( !error.isEmpty() || result == null) { - error.format(out, Page.getLanguage(req)); - return false; - } - if (login) { - result.setLoginEnabled(true); - } - result.issue(issueDate.getFrom(), issueDate.getTo(), c.getActor()).waitFor(60000); - this.result = result; - return true; - } else { - throw new GigiApiException("Error no action."); + Certificate result = null; + try { + result = cr.draft(); + } catch (GigiApiException e) { + error.mergeInto(e); + } + if ( !error.isEmpty() || result == null) { + throw error; } - } catch (IOException e) { - e.printStackTrace(); - } catch (IllegalArgumentException e) { - e.printStackTrace(); - throw new GigiApiException("Certificate Request format is invalid."); - } catch (GeneralSecurityException e) { - e.printStackTrace(); - throw new GigiApiException("Certificate Request format is invalid."); + if (login) { + result.setLoginEnabled(true); + } + result.issue(issueDate.getFrom(), issueDate.getTo(), c.getActor()).waitFor(60000); + this.result = result; + return true; + } else { + throw new GigiApiException("Error no action."); } - } catch (GigiApiException e) { - e.format(out, Page.getLanguage(req)); + } catch (IOException e) { + e.printStackTrace(); + throw new GigiApiException("Certificate Request format is invalid."); + } catch (IllegalArgumentException e) { + e.printStackTrace(); + throw new GigiApiException("Certificate Request format is invalid."); + } catch (GeneralSecurityException e) { + e.printStackTrace(); + throw new GigiApiException("Certificate Request format is invalid."); } - return false; } @Override diff --git a/src/org/cacert/gigi/pages/account/certs/CertificateModificationForm.java b/src/org/cacert/gigi/pages/account/certs/CertificateModificationForm.java index fc367920..e6f53cce 100644 --- a/src/org/cacert/gigi/pages/account/certs/CertificateModificationForm.java +++ b/src/org/cacert/gigi/pages/account/certs/CertificateModificationForm.java @@ -32,7 +32,7 @@ public class CertificateModificationForm extends Form { private static final Template myTemplate = new Template(CertificateModificationForm.class.getResource("CertificateModificationForm.templ")); @Override - public boolean submit(PrintWriter out, HttpServletRequest req) { + public boolean submit(HttpServletRequest req) { String action = req.getParameter("action"); if ( !"revoke".equals(action)) { return false; diff --git a/src/org/cacert/gigi/pages/account/certs/Certificates.java b/src/org/cacert/gigi/pages/account/certs/Certificates.java index 4db201cc..8acd4842 100644 --- a/src/org/cacert/gigi/pages/account/certs/Certificates.java +++ b/src/org/cacert/gigi/pages/account/certs/Certificates.java @@ -49,6 +49,9 @@ public class Certificates extends Page implements HandlesMixedRequest { @Override public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if ("POST".equals(req.getMethod())) { + return beforePost(req, resp); + } String pi = req.getPathInfo().substring(PATH.length()); if (pi.length() == 0) { @@ -98,24 +101,43 @@ public class Certificates extends Page implements HandlesMixedRequest { return true; } + @Override + public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (support && "revoke".equals(req.getParameter("action"))) { + if (Form.getForm(req, RevokeSingleCertForm.class).submitExceptionProtected(req)) { + resp.sendRedirect(req.getPathInfo()); + return true; + } + return false; + } + if ( !req.getPathInfo().equals(PATH)) { + resp.sendError(500); + return true; + } + if (Form.getForm(req, CertificateModificationForm.class).submitExceptionProtected(req)) { + resp.sendRedirect(PATH); + return true; + } + return false; + } + @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { if (req.getQueryString() != null && !req.getQueryString().equals("") && !req.getQueryString().equals("withRevoked")) { return;// Block actions by get parameters. } + if (support && "revoke".equals(req.getParameter("action"))) { - if (Form.getForm(req, RevokeSingleCertForm.class).submitProtected(resp.getWriter(), req)) { - resp.sendRedirect(req.getPathInfo()); - return; + if (Form.printFormErrors(req, resp.getWriter())) { + Form.getForm(req, RevokeSingleCertForm.class).output(resp.getWriter(), getLanguage(req), new HashMap()); } + return; } if ( !req.getPathInfo().equals(PATH)) { resp.sendError(500); return; } - Form.getForm(req, CertificateModificationForm.class).submit(resp.getWriter(), req); - - doGet(req, resp); + Form.getForm(req, CertificateModificationForm.class).output(resp.getWriter(), getLanguage(req), new HashMap()); } @Override diff --git a/src/org/cacert/gigi/pages/account/certs/RevokeSingleCertForm.java b/src/org/cacert/gigi/pages/account/certs/RevokeSingleCertForm.java index 5219081a..7cb2cbc6 100644 --- a/src/org/cacert/gigi/pages/account/certs/RevokeSingleCertForm.java +++ b/src/org/cacert/gigi/pages/account/certs/RevokeSingleCertForm.java @@ -27,7 +27,7 @@ public class RevokeSingleCertForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { if (target != null) { target.revokeCertificate(c); } else { diff --git a/src/org/cacert/gigi/pages/account/domain/DomainAddForm.java b/src/org/cacert/gigi/pages/account/domain/DomainAddForm.java index a0e5685b..7625abc0 100644 --- a/src/org/cacert/gigi/pages/account/domain/DomainAddForm.java +++ b/src/org/cacert/gigi/pages/account/domain/DomainAddForm.java @@ -12,7 +12,6 @@ import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.Outputable; import org.cacert.gigi.output.template.Template; -import org.cacert.gigi.pages.Page; public class DomainAddForm extends Form { @@ -29,7 +28,7 @@ public class DomainAddForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) { + public boolean submit(HttpServletRequest req) throws GigiApiException { try { String parameter = req.getParameter("newdomain"); if (parameter.trim().isEmpty()) { @@ -37,14 +36,10 @@ public class DomainAddForm extends Form { } Domain d = new Domain(target, target, parameter); pcf.setTarget(d); - pcf.submit(out, req); + pcf.submit(req); return true; } catch (NumberFormatException e) { - new GigiApiException("A number could not be parsed").format(out, Page.getLanguage(req)); - return false; - } catch (GigiApiException e) { - e.format(out, Page.getLanguage(req)); - return false; + throw new GigiApiException("A number could not be parsed"); } } diff --git a/src/org/cacert/gigi/pages/account/domain/DomainManagementForm.java b/src/org/cacert/gigi/pages/account/domain/DomainManagementForm.java index 568c8a3a..5b97d321 100644 --- a/src/org/cacert/gigi/pages/account/domain/DomainManagementForm.java +++ b/src/org/cacert/gigi/pages/account/domain/DomainManagementForm.java @@ -28,7 +28,7 @@ public class DomainManagementForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { String dels = req.getParameter("delete"); int delId = Integer.parseInt(dels); diff --git a/src/org/cacert/gigi/pages/account/domain/DomainOverview.java b/src/org/cacert/gigi/pages/account/domain/DomainOverview.java index 97c47eeb..4d8165df 100644 --- a/src/org/cacert/gigi/pages/account/domain/DomainOverview.java +++ b/src/org/cacert/gigi/pages/account/domain/DomainOverview.java @@ -27,6 +27,7 @@ public class DomainOverview extends Page { CertificateOwner u = LoginPage.getAuthorizationContext(req).getTarget(); String pi = req.getPathInfo(); if (pi.length() - PATH.length() > 0) { + Form.printFormErrors(req, resp.getWriter()); int i = Integer.parseInt(pi.substring(PATH.length())); Domain d; try { @@ -63,30 +64,31 @@ public class DomainOverview extends Page { } @Override - public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException { String pi = req.getPathInfo(); if (pi.length() - PATH.length() > 0) { - try { - if (req.getParameter("configId") != null) { - if ( !Form.getForm(req, DomainPinglogForm.class).submit(resp.getWriter(), req)) { - // error? - } - - } else { - if ( !Form.getForm(req, PingConfigForm.class).submit(resp.getWriter(), req)) { + if (req.getParameter("configId") != null) { + if (Form.getForm(req, DomainPinglogForm.class).submitExceptionProtected(req)) { + resp.sendRedirect(pi); + return true; + } - } + } else { + if (Form.getForm(req, PingConfigForm.class).submitExceptionProtected(req)) { + resp.sendRedirect(pi); + return true; } - } catch (GigiApiException e) { - e.format(resp.getWriter(), getLanguage(req)); - return; } - resp.sendRedirect(pi); } + return super.beforePost(req, resp); + } + + @Override + public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { if (req.getParameter("adddomain") != null) { DomainAddForm f = Form.getForm(req, DomainAddForm.class); - if (f.submit(resp.getWriter(), req)) { + if (f.submitProtected(resp.getWriter(), req)) { resp.sendRedirect(PATH); } } else if (req.getParameter("delete") != null) { diff --git a/src/org/cacert/gigi/pages/account/domain/DomainPinglogForm.java b/src/org/cacert/gigi/pages/account/domain/DomainPinglogForm.java index 525cd125..d2e83066 100644 --- a/src/org/cacert/gigi/pages/account/domain/DomainPinglogForm.java +++ b/src/org/cacert/gigi/pages/account/domain/DomainPinglogForm.java @@ -28,18 +28,18 @@ public class DomainPinglogForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { CertificateOwner u = LoginPage.getAuthorizationContext(req).getTarget(); int i = Integer.parseInt(req.getPathInfo().substring(DomainOverview.PATH.length())); Domain d = Domain.getById(i); if (u.getId() != d.getOwner().getId()) { - return false; + throw new GigiApiException("Error, owner mismatch."); } int reping = Integer.parseInt(req.getParameter("configId")); DomainPingConfiguration dpc = DomainPingConfiguration.getById(reping); if (dpc.getTarget() != d) { - return false; + throw new GigiApiException("Error, target mismatch."); } dpc.requestReping(); return true; diff --git a/src/org/cacert/gigi/pages/account/domain/PingConfigForm.java b/src/org/cacert/gigi/pages/account/domain/PingConfigForm.java index 496bc4cf..6c3ca400 100644 --- a/src/org/cacert/gigi/pages/account/domain/PingConfigForm.java +++ b/src/org/cacert/gigi/pages/account/domain/PingConfigForm.java @@ -108,7 +108,7 @@ public class PingConfigForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { target.clearPings(); if (req.getParameter("emailType") != null && req.getParameter("email") != null) { try { @@ -142,7 +142,7 @@ public class PingConfigForm extends Form { } } Gigi.notifyPinger(null); - return false; + return true; } @Override diff --git a/src/org/cacert/gigi/pages/account/mail/MailAddForm.java b/src/org/cacert/gigi/pages/account/mail/MailAddForm.java index 1a67f8e2..bb28a119 100644 --- a/src/org/cacert/gigi/pages/account/mail/MailAddForm.java +++ b/src/org/cacert/gigi/pages/account/mail/MailAddForm.java @@ -28,7 +28,7 @@ public class MailAddForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { String formMail = req.getParameter("newemail"); mail = formMail; try { diff --git a/src/org/cacert/gigi/pages/account/mail/MailManagementForm.java b/src/org/cacert/gigi/pages/account/mail/MailManagementForm.java index 9a399884..2287a015 100644 --- a/src/org/cacert/gigi/pages/account/mail/MailManagementForm.java +++ b/src/org/cacert/gigi/pages/account/mail/MailManagementForm.java @@ -27,7 +27,7 @@ public class MailManagementForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) { + public boolean submit(HttpServletRequest req) throws GigiApiException { try { String d; if ((d = req.getParameter("default")) != null) { @@ -37,14 +37,10 @@ public class MailManagementForm extends Form { } else if ((d = req.getParameter("reping")) != null) { EmailAddress.getById(Integer.parseInt(d)).requestReping(Page.getLanguage(req)); } - } catch (GigiApiException e) { - e.format(out, Page.getLanguage(req)); - return false; + return true; } catch (IOException e1) { - new GigiApiException("Error while doing reping.").format(out, Page.getLanguage(req)); - return false; + throw new GigiApiException("Error while doing reping."); } - return true; } @Override diff --git a/src/org/cacert/gigi/pages/account/mail/MailOverview.java b/src/org/cacert/gigi/pages/account/mail/MailOverview.java index b828b718..4177d79c 100644 --- a/src/org/cacert/gigi/pages/account/mail/MailOverview.java +++ b/src/org/cacert/gigi/pages/account/mail/MailOverview.java @@ -1,7 +1,6 @@ package org.cacert.gigi.pages.account.mail; import java.io.IOException; -import java.io.PrintWriter; import java.util.HashMap; import javax.servlet.http.HttpServletRequest; @@ -34,21 +33,20 @@ public class MailOverview extends Page { @Override public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { - PrintWriter out = resp.getWriter(); - if (req.getParameter("addmail") != null) { - MailAddForm f = Form.getForm(req, MailAddForm.class); - try { - if (f.submit(out, req)) { + try { + if (req.getParameter("addmail") != null) { + MailAddForm f = Form.getForm(req, MailAddForm.class); + if (f.submit(req)) { + resp.sendRedirect(MailOverview.DEFAULT_PATH); + } + } else { + MailManagementForm f = Form.getForm(req, MailManagementForm.class); + if (f.submit(req)) { resp.sendRedirect(MailOverview.DEFAULT_PATH); } - } catch (GigiApiException e) { - e.format(resp.getWriter(), getLanguage(req)); - } - } else { - MailManagementForm f = Form.getForm(req, MailManagementForm.class); - if (f.submit(out, req)) { - resp.sendRedirect(MailOverview.DEFAULT_PATH); } + } catch (GigiApiException e) { + e.format(resp.getWriter(), getLanguage(req)); } super.doPost(req, resp); } diff --git a/src/org/cacert/gigi/pages/admin/TTPAdminForm.java b/src/org/cacert/gigi/pages/admin/TTPAdminForm.java index ce6eecb3..8b38b18d 100644 --- a/src/org/cacert/gigi/pages/admin/TTPAdminForm.java +++ b/src/org/cacert/gigi/pages/admin/TTPAdminForm.java @@ -27,7 +27,7 @@ public class TTPAdminForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { if (req.getParameter("deny") != null) { u.revokeGroup(ttpAdmin, TTPAdminPage.TTP_APPLICANT); } diff --git a/src/org/cacert/gigi/pages/admin/support/FindCertForm.java b/src/org/cacert/gigi/pages/admin/support/FindCertForm.java index 07d9b929..8ffee249 100644 --- a/src/org/cacert/gigi/pages/admin/support/FindCertForm.java +++ b/src/org/cacert/gigi/pages/admin/support/FindCertForm.java @@ -28,7 +28,7 @@ public class FindCertForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { this.certType = req.getParameter("certType"); String request = req.getParameter("cert").trim(); diff --git a/src/org/cacert/gigi/pages/admin/support/FindUserByDomainForm.java b/src/org/cacert/gigi/pages/admin/support/FindUserByDomainForm.java index cce4aa0d..35fa8f24 100644 --- a/src/org/cacert/gigi/pages/admin/support/FindUserByDomainForm.java +++ b/src/org/cacert/gigi/pages/admin/support/FindUserByDomainForm.java @@ -24,7 +24,7 @@ public class FindUserByDomainForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { String request = req.getParameter("domain"); Domain d = null; if (request.matches("#[0-9]+")) { diff --git a/src/org/cacert/gigi/pages/admin/support/FindUserByEmailForm.java b/src/org/cacert/gigi/pages/admin/support/FindUserByEmailForm.java index 12c33e97..70a66b04 100644 --- a/src/org/cacert/gigi/pages/admin/support/FindUserByEmailForm.java +++ b/src/org/cacert/gigi/pages/admin/support/FindUserByEmailForm.java @@ -23,7 +23,7 @@ public class FindUserByEmailForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { EmailAddress[] emails = EmailAddress.findByAllEmail(req.getParameter("email")); if (emails.length == 0) { throw new GigiApiException(SprintfCommand.createSimple("No users found matching {0}", req.getParameter("email"))); diff --git a/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketForm.java b/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketForm.java index 18afc0c6..c4ed0dbe 100644 --- a/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketForm.java +++ b/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketForm.java @@ -22,7 +22,7 @@ public class SupportEnterTicketForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { if (req.getParameter("setTicket") != null) { // [asdmASDM]\d{8}\.\d+ String ticket = req.getParameter("ticketno"); diff --git a/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketPage.java b/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketPage.java index eb1cfcab..1c59db30 100644 --- a/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketPage.java +++ b/src/org/cacert/gigi/pages/admin/support/SupportEnterTicketPage.java @@ -6,7 +6,6 @@ import java.util.HashMap; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.cacert.gigi.GigiApiException; import org.cacert.gigi.dbObjects.Group; import org.cacert.gigi.output.template.Form; import org.cacert.gigi.pages.LoginPage; @@ -22,18 +21,14 @@ public class SupportEnterTicketPage extends Page { } @Override - public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException { + public boolean beforePost(HttpServletRequest req, HttpServletResponse resp) throws IOException { if (req.getParameter("setTicket") == null && req.getParameter("deleteTicket") == null) { return false; } SupportEnterTicketForm f = Form.getForm(req, SupportEnterTicketForm.class); - try { - if (f.submit(resp.getWriter(), req)) { - resp.sendRedirect(PATH); - return true; - } - } catch (GigiApiException e) { - e.format(resp.getWriter(), getLanguage(req)); + if (f.submitExceptionProtected(req)) { + resp.sendRedirect(PATH); + return true; } return false; @@ -46,6 +41,14 @@ public class SupportEnterTicketPage extends Page { new SupportEnterTicketForm(req).output(resp.getWriter(), getLanguage(req), vars); } + @Override + public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (Form.printFormErrors(req, resp.getWriter())) { + SupportEnterTicketForm f = Form.getForm(req, SupportEnterTicketForm.class); + f.output(resp.getWriter(), getLanguage(req), new HashMap()); + } + } + @Override public boolean isPermitted(AuthorizationContext ac) { return ac != null && ac.isInGroup(Group.SUPPORTER); diff --git a/src/org/cacert/gigi/pages/admin/support/SupportRevokeCertificatesForm.java b/src/org/cacert/gigi/pages/admin/support/SupportRevokeCertificatesForm.java index 9c1f3f5b..b43220c2 100644 --- a/src/org/cacert/gigi/pages/admin/support/SupportRevokeCertificatesForm.java +++ b/src/org/cacert/gigi/pages/admin/support/SupportRevokeCertificatesForm.java @@ -30,12 +30,12 @@ public class SupportRevokeCertificatesForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { - if (user.getTicket() != null) { - user.revokeAllCertificates(); - return true; + public boolean submit(HttpServletRequest req) throws GigiApiException { + if (user.getTicket() == null) { + throw new GigiApiException("No ticket number set."); } - return false; + user.revokeAllCertificates(); + return true; } @Override diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java index d3589c8e..10fb19e5 100644 --- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java +++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java @@ -30,6 +30,8 @@ public class SupportUserDetailsForm extends Form { private GroupSelector value = new GroupSelector("groupToModify", true); + private boolean wasWithPasswordReset = false; + public SupportUserDetailsForm(HttpServletRequest hsr, SupportedUser user) { super(hsr); this.user = user; @@ -37,9 +39,9 @@ public class SupportUserDetailsForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { if (user.getTicket() == null) { - return false; + throw new GigiApiException("No ticket number set."); } if (user.getTargetUser() == LoginPage.getUser(req)) { throw new GigiApiException("Supporter may not modify himself."); @@ -62,7 +64,8 @@ public class SupportUserDetailsForm extends Form { if (aword == null || aword.equals("")) { throw new GigiApiException("An A-Word is required to perform a password reset."); } - user.triggerPasswordReset(aword, out, req); + user.triggerPasswordReset(aword, req); + wasWithPasswordReset = true; return true; } dobSelector.update(req); @@ -73,6 +76,10 @@ public class SupportUserDetailsForm extends Form { return true; } + public boolean wasWithPasswordReset() { + return wasWithPasswordReset; + } + @Override protected void outputContent(PrintWriter out, Language l, Map vars) { User user = this.user.getTargetUser(); diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java index 04898f8c..2a8ef874 100644 --- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java +++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsPage.java @@ -18,6 +18,7 @@ import org.cacert.gigi.output.template.IterableDataset; import org.cacert.gigi.pages.LoginPage; import org.cacert.gigi.pages.Page; import org.cacert.gigi.util.AuthorizationContext; +import org.cacert.gigi.util.HTMLEncoder; public class SupportUserDetailsPage extends Page { @@ -90,11 +91,15 @@ public class SupportUserDetailsPage extends Page { public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { try { if (req.getParameter("revokeall") != null) { - if ( !Form.getForm(req, SupportRevokeCertificatesForm.class).submit(resp.getWriter(), req)) { + if ( !Form.getForm(req, SupportRevokeCertificatesForm.class).submitProtected(resp.getWriter(), req)) { throw new GigiApiException("No ticket number set."); } } else if (req.getParameter("detailupdate") != null || req.getParameter("resetPass") != null || req.getParameter("removeGroup") != null || req.getParameter("addGroup") != null) { - if ( !Form.getForm(req, SupportUserDetailsForm.class).submit(resp.getWriter(), req)) { + SupportUserDetailsForm f = Form.getForm(req, SupportUserDetailsForm.class); + if (f.wasWithPasswordReset()) { + resp.getWriter().println(HTMLEncoder.encodeHTML(translate(req, "Password reset successful."))); + } + if ( !f.submitProtected(resp.getWriter(), req)) { throw new GigiApiException("No ticket number set."); } } diff --git a/src/org/cacert/gigi/pages/main/RegisterPage.java b/src/org/cacert/gigi/pages/main/RegisterPage.java index 30c42833..1d43a75a 100644 --- a/src/org/cacert/gigi/pages/main/RegisterPage.java +++ b/src/org/cacert/gigi/pages/main/RegisterPage.java @@ -44,7 +44,7 @@ public class RegisterPage extends Page { public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { Signup s = Form.getForm(req, Signup.class); try { - if (s.submit(resp.getWriter(), req)) { + if (s.submit(req)) { HttpSession hs = req.getSession(); hs.setAttribute(SIGNUP_PROCESS, null); resp.getWriter().println(translate(req, "Your information has been submitted" + " into our system. You will now be sent an email with a web link," + " you need to open that link in your web browser within 24 hours" + " or your information will be removed from our system!")); diff --git a/src/org/cacert/gigi/pages/main/Signup.java b/src/org/cacert/gigi/pages/main/Signup.java index 819bfd5b..5ec0d12c 100644 --- a/src/org/cacert/gigi/pages/main/Signup.java +++ b/src/org/cacert/gigi/pages/main/Signup.java @@ -93,7 +93,7 @@ public class Signup extends Form { } @Override - public synchronized boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public synchronized boolean submit(HttpServletRequest req) throws GigiApiException { if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) { throw new RateLimitException(); } diff --git a/src/org/cacert/gigi/pages/orga/AffiliationForm.java b/src/org/cacert/gigi/pages/orga/AffiliationForm.java index cef4dc91..bf455bde 100644 --- a/src/org/cacert/gigi/pages/orga/AffiliationForm.java +++ b/src/org/cacert/gigi/pages/orga/AffiliationForm.java @@ -16,7 +16,6 @@ import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.IterableDataset; import org.cacert.gigi.output.template.Template; import org.cacert.gigi.pages.LoginPage; -import org.cacert.gigi.pages.Page; public class AffiliationForm extends Form { @@ -30,7 +29,7 @@ public class AffiliationForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { if (req.getParameter("del") != null) { User toRemove = User.getByEmail(req.getParameter("del")); if (toRemove != null) { @@ -43,11 +42,10 @@ public class AffiliationForm extends Form { o.addAdmin(byEmail, LoginPage.getUser(req), req.getParameter("master") != null); return true; } else { - out.println(Page.getLanguage(req).getTranslation("Requested user is not a RA Agent. We need a RA Agent here.")); + throw new GigiApiException("Requested user is not a RA Agent. We need a RA Agent here."); } } - out.println(Page.getLanguage(req).getTranslation("No action could have been carried out.")); - return false; + throw new GigiApiException("No action could have been carried out."); } @Override diff --git a/src/org/cacert/gigi/pages/orga/CreateOrgForm.java b/src/org/cacert/gigi/pages/orga/CreateOrgForm.java index 36bbbe8e..086b3059 100644 --- a/src/org/cacert/gigi/pages/orga/CreateOrgForm.java +++ b/src/org/cacert/gigi/pages/orga/CreateOrgForm.java @@ -6,7 +6,6 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.cacert.gigi.GigiApiException; -import org.cacert.gigi.dbObjects.Country; import org.cacert.gigi.dbObjects.Organisation; import org.cacert.gigi.email.EmailProvider; import org.cacert.gigi.localisation.Language; @@ -59,7 +58,7 @@ public class CreateOrgForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { String action = req.getParameter("action"); if (action == null) { return false; diff --git a/src/org/cacert/gigi/pages/orga/OrgDomainAddForm.java b/src/org/cacert/gigi/pages/orga/OrgDomainAddForm.java index c18cf8f1..e880e41e 100644 --- a/src/org/cacert/gigi/pages/orga/OrgDomainAddForm.java +++ b/src/org/cacert/gigi/pages/orga/OrgDomainAddForm.java @@ -29,7 +29,7 @@ public class OrgDomainAddForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { String domain = req.getParameter("domain"); new Domain(LoginPage.getUser(req), target, domain); return true; diff --git a/src/org/cacert/gigi/pages/wot/AssuranceForm.java b/src/org/cacert/gigi/pages/wot/AssuranceForm.java index 8ad735fb..55837532 100644 --- a/src/org/cacert/gigi/pages/wot/AssuranceForm.java +++ b/src/org/cacert/gigi/pages/wot/AssuranceForm.java @@ -134,7 +134,7 @@ public class AssuranceForm extends Form { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { location = req.getParameter("location"); date = req.getParameter("date"); cs.update(req); @@ -196,15 +196,19 @@ public class AssuranceForm extends Form { Notary.assureAll(assurer, assuree, dob, pointsI, location, req.getParameter("date"), type, toAssure.toArray(new Name[toAssure.size()]), cs.getCountry()); - if (aword != null && !aword.equals("")) { + if (isWithPasswordReset()) { Language langApplicant = Language.getInstance(assuree.getPreferredLocale()); String method = langApplicant.getTranslation("A password reset was triggered. If you did a password reset by verification, please enter your secret password using this form:"); String subject = langApplicant.getTranslation("Password reset by verification"); - PasswordResetPage.initPasswordResetProcess(out, assuree, req, aword, langApplicant, method, subject); + PasswordResetPage.initPasswordResetProcess(assuree, req, aword, langApplicant, method, subject); } return true; } + public boolean isWithPasswordReset() { + return aword != null && !aword.equals(""); + } + public User getAssuree() { return assuree; } diff --git a/src/org/cacert/gigi/pages/wot/AssurePage.java b/src/org/cacert/gigi/pages/wot/AssurePage.java index 95ab35f0..c29b2388 100644 --- a/src/org/cacert/gigi/pages/wot/AssurePage.java +++ b/src/org/cacert/gigi/pages/wot/AssurePage.java @@ -16,6 +16,7 @@ import org.cacert.gigi.output.template.Form; import org.cacert.gigi.output.template.Template; import org.cacert.gigi.pages.Page; import org.cacert.gigi.util.AuthorizationContext; +import org.cacert.gigi.util.HTMLEncoder; public class AssurePage extends Page { @@ -50,6 +51,9 @@ public class AssurePage extends Page { if (req.getParameter("search") == null) { AssuranceForm form = Form.getForm(req, AssuranceForm.class); if (form.submitProtected(out, req)) { + if (form.isWithPasswordReset()) { + resp.getWriter().println(HTMLEncoder.encodeHTML(translate(req, "Password reset successful."))); + } out.println(translate(req, "Verification complete.")); return; } diff --git a/src/org/cacert/gigi/pages/wot/RequestTTPForm.java b/src/org/cacert/gigi/pages/wot/RequestTTPForm.java index 3a6f7fe4..449c35b7 100644 --- a/src/org/cacert/gigi/pages/wot/RequestTTPForm.java +++ b/src/org/cacert/gigi/pages/wot/RequestTTPForm.java @@ -32,7 +32,7 @@ public class RequestTTPForm extends Form { }; @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { String country = req.getParameter("country"); if (country != null) { int cid = Integer.parseInt(country); diff --git a/tests/org/cacert/gigi/testUtils/ManagedTest.java b/tests/org/cacert/gigi/testUtils/ManagedTest.java index 01ee4c59..89b380a9 100644 --- a/tests/org/cacert/gigi/testUtils/ManagedTest.java +++ b/tests/org/cacert/gigi/testUtils/ManagedTest.java @@ -437,7 +437,10 @@ public class ManagedTest extends ConfiguredTest { } public static String executeBasicWebInteraction(String cookie, String path, String query, int formIndex) throws IOException, MalformedURLException, UnsupportedEncodingException { - URLConnection uc = post(cookie, path, query, formIndex); + HttpURLConnection uc = post(cookie, path, query, formIndex); + if (uc.getResponseCode() == 302) { + return null; + } String error = fetchStartErrorMessage(IOUtils.readURL(uc)); return error; } -- 2.39.2