From: senju <senju@users.sourceforge.jp>
Date: Sun, 23 Aug 2009 07:01:05 +0000 (+0900)
Subject: チェックが厳しすぎるので修正。
X-Git-Url: http://git.osdn.net/view?p=rabbit-bts%2FRabbitBTS.git;a=commitdiff_plain;h=a0b5354796ee1e61b1e7fbf5bcec2a32af022870

チェックが厳しすぎるので修正。

期限切れチェック未実装。
---

diff --git a/src/jp/sourceforge/rabbitBTS/interceptors/CSRFInterceptor.java b/src/jp/sourceforge/rabbitBTS/interceptors/CSRFInterceptor.java
index 1d16cb9..28a588f 100644
--- a/src/jp/sourceforge/rabbitBTS/interceptors/CSRFInterceptor.java
+++ b/src/jp/sourceforge/rabbitBTS/interceptors/CSRFInterceptor.java
@@ -17,6 +17,10 @@
 
 package jp.sourceforge.rabbitBTS.interceptors;
 
+import java.util.List;
+import java.util.Date;
+import java.util.LinkedList;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -41,18 +45,14 @@ public class CSRFInterceptor extends HandlerInterceptorAdapter {
 			HttpServletResponse response, Object handler) throws Exception {
 		if (request.getMethod().equals("POST")
 				&& handler instanceof IController) {
-			final String sentToken = request.getParameter("secureToken");
-			final String sessionToken = (String) request.getSession()
-					.getAttribute("secureToken");
 			final IController c = (IController) handler;
-
-			if (StringUtils.equals(sentToken, sessionToken)) {
+			final CsrfChecker checker = new CsrfChecker(request);
+			if (checker.checkTokenValid()) {
 				c.setCsrfSafe(true);
 			} else {
 				c.setCsrfSafe(false);
 				Sht.log(this).warning("CSRF detected.");
 			}
-
 		}
 		return true;
 	}
@@ -67,8 +67,8 @@ public class CSRFInterceptor extends HandlerInterceptorAdapter {
 		// ãªãã¤ã¬ã¯ãããå ´åã¯ä¸è¦
 		if (mav != null) {
 			if (!StringUtils.startsWith(mav.getViewName(), "redirect:")) {
-				final String token = RandomStringUtils.randomAlphanumeric(128);
-				request.getSession().setAttribute("secureToken", token);
+				final CsrfChecker checker = new CsrfChecker(request);
+				final String token = checker.saveNewToken();
 				mav.addObject("secureToken", token);
 			}
 		}
@@ -84,4 +84,44 @@ public class CSRFInterceptor extends HandlerInterceptorAdapter {
 		}
 	}
 
+	class CsrfChecker{
+		private HttpServletRequest req;
+		private List<Object> tokenList;
+		public CsrfChecker(HttpServletRequest request){
+			this.req = request;
+			this.tokenList = (List)request.getSession().getAttribute("tokenList");
+			if(this.tokenList == null){
+				this.tokenList = new LinkedList<Object>();
+				request.getSession().setAttribute("tokenList", this.tokenList);
+			}
+		}
+
+		/**
+		 * ãã¼ã¯ã³ãã»ãã·ã§ã³ã«ä¿å­ããã
+		 * @return ä¿å­ãããæ°è¦ãã¼ã¯ã³
+		 */
+		public String saveNewToken(){
+			final String token = RandomStringUtils.randomAlphanumeric(128);
+			this.tokenList.add(token);
+			this.tokenList.add(new Date());
+
+			return token;
+		}
+
+		public boolean checkTokenValid(){
+			final String reqToken = this.req.getParameter("secureToken");
+			boolean found = false;
+			for(int i = 0; i < tokenList.size(); i+=2){
+				final String token = (String)this.tokenList.get(i);
+				if(token.equals(reqToken)){
+					// TODO:æéãã§ãã¯
+					found = true;
+					break;
+				}
+			}
+			// TODO:æéåãåé¤
+			return found;
+		}
+	}
+
 }
