This method will reject requests if cheat sheet availability is marked as unavailable by administration. @param moduleId @param csrfToken
(HttpServletRequest request, HttpServletResponse response)
| 51 | * @param csrfToken |
| 52 | */ |
| 53 | public void doPost (HttpServletRequest request, HttpServletResponse response) |
| 54 | throws ServletException, IOException |
| 55 | { |
| 56 | //Setting IpAddress To Log and taking header for original IP if forwarded from proxy |
| 57 | ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For")); |
| 58 | log.debug("*** servlets.Admin.GetCheat ***"); |
| 59 | String[] result = null; |
| 60 | PrintWriter out = response.getWriter(); |
| 61 | out.print(getServletInfo()); |
| 62 | |
| 63 | HttpSession ses = request.getSession(true); |
| 64 | if(Validate.validateSession(ses)) |
| 65 | { |
| 66 | ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"), ses.getAttribute("userName").toString()); |
| 67 | log.debug("Current User: " + ses.getAttribute("userName").toString()); |
| 68 | Cookie tokenCookie = Validate.getToken(request.getCookies()); |
| 69 | Object tokenParmeter = request.getParameter("csrfToken"); |
| 70 | if(Validate.validateTokens(tokenCookie, tokenParmeter)) |
| 71 | { |
| 72 | if(CheatSheetStatus.showCheat(ses.getAttribute("userRole").toString())) |
| 73 | { |
| 74 | String ApplicationRoot = getServletContext().getRealPath(""); |
| 75 | String moduleId = request.getParameter("moduleId"); |
| 76 | Locale locale = new Locale(Validate.validateLanguage(request.getSession())); |
| 77 | log.debug(ses.getAttribute("userName") + " submitted the following moduleId: " + moduleId); |
| 78 | if(moduleId != null) |
| 79 | { |
| 80 | result = Getter.getModuleSolution(ApplicationRoot, moduleId, locale); |
| 81 | if(result != null) |
| 82 | { |
| 83 | out.write( |
| 84 | "<div id='theActualCheat' class='cheatBox'>" + |
| 85 | "<big style='color:#A878EF;'>" + Encode.forHtml(result[0]) + " Cheat</big>" + |
| 86 | "<p>" + |
| 87 | result[1] + |
| 88 | "</div></p><br>"); |
| 89 | } |
| 90 | } |
| 91 | } |
| 92 | } |
| 93 | else |
| 94 | { |
| 95 | log.error("CSRF Attack Detected: Made Against" + ses.getAttribute("userName")); |
| 96 | } |
| 97 | } |
| 98 | else |
| 99 | { |
| 100 | out.write("<img src='css/images/loggedOutSheep.jpg'/>"); |
| 101 | } |
| 102 | if(result == null) |
| 103 | { |
| 104 | out.write("An error Occurred..."); |
| 105 | } |
| 106 | log.debug("*** END servlets.Admin.GetCheat ***"); |
| 107 | } |
| 108 | } |
nothing calls this directly
no test coverage detected