From b37c20b3c3f2bc96ee9a93ac67949e523969be66 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Thu, 22 Sep 2016 23:49:48 +0200
Subject: [PATCH] upd: make verification processes more consistent on failure

Change-Id: I0a1dfd77fea5f9b365cc166196d0068607cc2b5d
---
 .../cacert/gigi/database/GigiPreparedStatement.java | 13 +++++++++++++
 src/org/cacert/gigi/dbObjects/Domain.java           |  4 +++-
 src/org/cacert/gigi/dbObjects/EmailAddress.java     |  6 ++++--
 src/org/cacert/gigi/pages/Verify.java               |  4 ++--
 4 files changed, 22 insertions(+), 5 deletions(-)

diff --git a/src/org/cacert/gigi/database/GigiPreparedStatement.java b/src/org/cacert/gigi/database/GigiPreparedStatement.java
index a779f965..4dea5f98 100644
--- a/src/org/cacert/gigi/database/GigiPreparedStatement.java
+++ b/src/org/cacert/gigi/database/GigiPreparedStatement.java
@@ -49,6 +49,19 @@ public class GigiPreparedStatement implements AutoCloseable {
         }
     }
 
+    public boolean executeMaybeUpdate() {
+        try {
+            int updated = target.executeUpdate();
+            if (updated > 1) {
+                throw new Error("More than one record (" + updated + ") updated.");
+            }
+            return updated == 1;
+        } catch (SQLException e) {
+            handleSQL(e);
+            throw new Error(e);
+        }
+    }
+
     public boolean execute() {
         try {
             return target.execute();
diff --git a/src/org/cacert/gigi/dbObjects/Domain.java b/src/org/cacert/gigi/dbObjects/Domain.java
index 36b7dc6f..3ecf7285 100644
--- a/src/org/cacert/gigi/dbObjects/Domain.java
+++ b/src/org/cacert/gigi/dbObjects/Domain.java
@@ -129,7 +129,9 @@ public class Domain implements IdCachable, Verifyable {
         try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE `domainPinglog` SET `state`='success' WHERE `challenge`=? AND `state`='open' AND `configId` IN (SELECT `id` FROM `pingconfig` WHERE `domainid`=? AND `type`='email')")) {
             ps.setString(1, hash);
             ps.setInt(2, id);
-            ps.executeUpdate();
+            if ( !ps.executeMaybeUpdate()) {
+                throw new IllegalArgumentException("Given token could not be found to complete the verification process (Domain Ping).");
+            }
         }
     }
 
diff --git a/src/org/cacert/gigi/dbObjects/EmailAddress.java b/src/org/cacert/gigi/dbObjects/EmailAddress.java
index afd7f2c1..b2106d8b 100644
--- a/src/org/cacert/gigi/dbObjects/EmailAddress.java
+++ b/src/org/cacert/gigi/dbObjects/EmailAddress.java
@@ -96,11 +96,13 @@ public class EmailAddress implements IdCachable, Verifyable {
     }
 
     public synchronized void verify(String hash) throws GigiApiException {
-        try (GigiPreparedStatement stmt = new GigiPreparedStatement("UPDATE `emailPinglog` SET `status`='success'::`pingState` WHERE `email`=? AND `uid`=? AND `type`='active' AND `challenge`=?")) {
+        try (GigiPreparedStatement stmt = new GigiPreparedStatement("UPDATE `emailPinglog` SET `status`='success'::`pingState` WHERE `email`=? AND `uid`=? AND `type`='active' AND `challenge`=? AND `status`='open'::`pingState`")) {
             stmt.setString(1, address);
             stmt.setInt(2, owner.getId());
             stmt.setString(3, hash);
-            stmt.executeUpdate();
+            if ( !stmt.executeMaybeUpdate()) {
+                throw new IllegalArgumentException("Given token could not be found to complete the verification process (Domain Ping).");
+            }
         }
         // Verify user with that primary email
         try (GigiPreparedStatement ps2 = new GigiPreparedStatement("update `users` set `verified`='1' where `id`=? and `email`=? and `verified`='0'")) {
diff --git a/src/org/cacert/gigi/pages/Verify.java b/src/org/cacert/gigi/pages/Verify.java
index d7e5aed6..2b4cd826 100644
--- a/src/org/cacert/gigi/pages/Verify.java
+++ b/src/org/cacert/gigi/pages/Verify.java
@@ -62,14 +62,14 @@ public class Verify extends Page {
                 try {
                     target.verify(hash);
                 } catch (IllegalArgumentException e) {
-                    throw new GigiApiException("The email address is invalid.");
+                    throw new PermamentFormException(new GigiApiException("Given token could not be found to complete the verification process (Email Ping)."));
                 }
                 return new SuccessMessageResult(new Scope(emailAddressVerified, data));
             } else if ("domain".equals(type)) {
                 try {
                     target.verify(hash);
                 } catch (IllegalArgumentException e) {
-                    throw new GigiApiException("The domain is invalid.");
+                    throw new PermamentFormException(new GigiApiException("Given token could not be found to complete the verification process (Domain Ping)."));
                 }
                 return new SuccessMessageResult(new Scope(domainVerified, data));
             } else {
-- 
2.39.2