From 6b7d6a59d006d1d252ccbe86a4f5ab7099c6c002 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Mon, 2 May 2016 14:05:50 +0200
Subject: [PATCH] upd: tighten synchronizeation on User Objects while assuring

---
 src/org/cacert/gigi/dbObjects/User.java       |  4 ++
 .../gigi/pages/account/MyDetailsForm.java     | 29 +++++----
 .../admin/support/SupportUserDetailsForm.java |  6 +-
 src/org/cacert/gigi/util/Notary.java          | 64 ++++++++++---------
 4 files changed, 57 insertions(+), 46 deletions(-)

diff --git a/src/org/cacert/gigi/dbObjects/User.java b/src/org/cacert/gigi/dbObjects/User.java
index bf12dd77..70fd8214 100644
--- a/src/org/cacert/gigi/dbObjects/User.java
+++ b/src/org/cacert/gigi/dbObjects/User.java
@@ -19,6 +19,10 @@ import org.cacert.gigi.util.Notary;
 import org.cacert.gigi.util.PasswordHash;
 import org.cacert.gigi.util.PasswordStrengthChecker;
 
+/**
+ * Represents an acting, assurable, user. Synchronizing on user means: no
+ * name-change and no assurance.
+ */
 public class User extends CertificateOwner {
 
     private Name name = new Name(null, null, null, null);
diff --git a/src/org/cacert/gigi/pages/account/MyDetailsForm.java b/src/org/cacert/gigi/pages/account/MyDetailsForm.java
index 0339326a..9ea66b35 100644
--- a/src/org/cacert/gigi/pages/account/MyDetailsForm.java
+++ b/src/org/cacert/gigi/pages/account/MyDetailsForm.java
@@ -37,20 +37,23 @@ public class MyDetailsForm extends Form {
     @Override
     public boolean submit(PrintWriter out, HttpServletRequest req) {
         try {
-            if (target.getAssurancePoints() == 0) {
-                String newFname = req.getParameter("fname").trim();
-                String newLname = req.getParameter("lname").trim();
-                String newMname = req.getParameter("mname").trim();
-                String newSuffix = req.getParameter("suffix").trim();
-                if (newLname.isEmpty()) {
-                    throw new GigiApiException("Last name cannot be empty.");
+            synchronized (target) {
+                if (target.getAssurancePoints() == 0) {
+                    String newFname = req.getParameter("fname").trim();
+                    String newLname = req.getParameter("lname").trim();
+                    String newMname = req.getParameter("mname").trim();
+                    String newSuffix = req.getParameter("suffix").trim();
+                    if (newLname.isEmpty()) {
+                        throw new GigiApiException("Last name cannot be empty.");
+                    }
+
+                    target.setName(new Name(newFname, newLname, newMname, newSuffix));
+                    ds.update(req);
+                    target.setDoB(ds.getDate());
+                    target.updateUserData();
+                } else {
+                    throw new GigiApiException("No change after assurance allowed.");
                 }
-                target.setName(new Name(newFname, newLname, newMname, newSuffix));
-                ds.update(req);
-                target.setDoB(ds.getDate());
-                target.updateUserData();
-            } else {
-                throw new GigiApiException("No change after assurance allowed.");
             }
         } catch (GigiApiException e) {
             e.format(out, Page.getLanguage(req));
diff --git a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java
index e1c94c6b..74fb02bb 100644
--- a/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java
+++ b/src/org/cacert/gigi/pages/admin/support/SupportUserDetailsForm.java
@@ -105,8 +105,10 @@ public class SupportUserDetailsForm extends Form {
             throw new GigiApiException("Invalid date of birth!");
         }
         Name newName = new Name(fname, lname, mname, suffix);
-        if (user.setDob(dobSelector.getDate()) | user.setName(newName)) {
-            user.submitSupportAction();
+        synchronized (user.getTargetUser()) {
+            if (user.setDob(dobSelector.getDate()) | user.setName(newName)) {
+                user.submitSupportAction();
+            }
         }
         return true;
     }
diff --git a/src/org/cacert/gigi/util/Notary.java b/src/org/cacert/gigi/util/Notary.java
index aa806fa9..c3a889ab 100644
--- a/src/org/cacert/gigi/util/Notary.java
+++ b/src/org/cacert/gigi/util/Notary.java
@@ -99,45 +99,47 @@ public class Notary {
         } else if (location.length() <= 2) {
             gae.mergeInto(new GigiApiException("You must enter a location with at least 3 characters eg town and country."));
         }
+        synchronized (assuree) {
 
-        try {
-            checkAssuranceIsPossible(assurer, assuree);
-        } catch (GigiApiException e) {
-            gae.mergeInto(e);
-        }
+            try {
+                checkAssuranceIsPossible(assurer, assuree);
+            } catch (GigiApiException e) {
+                gae.mergeInto(e);
+            }
 
-        if ( !assuree.getName().equals(assureeName) || !assuree.getDoB().equals(dob)) {
-            gae.mergeInto(new GigiApiException("The person you are assuring changed his personal details."));
-        }
-        if (awarded < 0) {
-            gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
-        } else {
-            if (type == AssuranceType.NUCLEUS) {
-                if (awarded > 50) {
-                    gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
-                }
+            if ( !assuree.getName().equals(assureeName) || !assuree.getDoB().equals(dob)) {
+                gae.mergeInto(new GigiApiException("The person you are assuring changed his personal details."));
+            }
+            if (awarded < 0) {
+                gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
             } else {
-                if (awarded > assurer.getMaxAssurePoints()) {
-                    gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
+                if (type == AssuranceType.NUCLEUS) {
+                    if (awarded > 50) {
+                        gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
+                    }
+                } else {
+                    if (awarded > assurer.getMaxAssurePoints()) {
+                        gae.mergeInto(new GigiApiException("The points you are trying to award are out of range."));
+                    }
                 }
             }
-        }
 
-        if ( !gae.isEmpty()) {
-            throw gae;
-        }
+            if ( !gae.isEmpty()) {
+                throw gae;
+            }
 
-        if (type == AssuranceType.FACE_TO_FACE) {
-            assureF2F(assurer, assuree, awarded, location, date);
-        } else if (type == AssuranceType.NUCLEUS) {
-            assureNucleus(assurer, assuree, awarded, location, date);
-        } else if (type == AssuranceType.TTP_ASSISTED) {
-            assureTTP(assurer, assuree, awarded, location, date);
-        } else {
-            throw new GigiApiException("Unknown Assurance type: " + type);
+            if (type == AssuranceType.FACE_TO_FACE) {
+                assureF2F(assurer, assuree, awarded, location, date);
+            } else if (type == AssuranceType.NUCLEUS) {
+                assureNucleus(assurer, assuree, awarded, location, date);
+            } else if (type == AssuranceType.TTP_ASSISTED) {
+                assureTTP(assurer, assuree, awarded, location, date);
+            } else {
+                throw new GigiApiException("Unknown Assurance type: " + type);
+            }
+            assurer.invalidateMadeAssurances();
+            assuree.invalidateReceivedAssurances();
         }
-        assurer.invalidateMadeAssurances();
-        assuree.invalidateReceivedAssurances();
     }
 
     private static void assureF2F(User assurer, User assuree, int awarded, String location, String date) throws GigiApiException {
-- 
2.39.2