Finds CSRF token from user's cookies[], validates. @param userCookies All of the user's cookies from their browser @return csrfCookie
(Cookie[] userCookies)
| 58 | * @return csrfCookie |
| 59 | */ |
| 60 | public static Cookie getToken (Cookie[] userCookies) |
| 61 | { |
| 62 | int i = 0; |
| 63 | Cookie theToken = null; |
| 64 | for(i = 0; i < userCookies.length; i++) |
| 65 | { |
| 66 | if(userCookies[i].getName().compareTo("token") == 0) |
| 67 | { |
| 68 | theToken = userCookies[i]; |
| 69 | break; //End Loop, because we found the token |
| 70 | } |
| 71 | } |
| 72 | if(theToken != null) |
| 73 | { |
| 74 | //log.debug("Found Cookie " + theToken.getName() + " with value " + theToken.getValue()); |
| 75 | //The Token is currently designed to be a random Big Integer. If the Big Integer Case does not work, the token has been modified. Potentially in a malicious manner |
| 76 | try |
| 77 | { |
| 78 | BigInteger theTokenCasted = new BigInteger(theToken.getValue()); |
| 79 | BigInteger tenGrand = new BigInteger("10000"); |
| 80 | BigInteger tenGrandNeg = new BigInteger("-10000"); |
| 81 | if(!(theTokenCasted.compareTo(tenGrand) > 0 || theTokenCasted.compareTo(tenGrandNeg) < 0)) |
| 82 | { |
| 83 | log.error("CSRF Cookie Token was modified in some manor!"); |
| 84 | theToken = null; |
| 85 | } |
| 86 | } |
| 87 | catch (Exception e) |
| 88 | { |
| 89 | log.error("CSRF Cookie Token was modified in some manor: " + e.toString()); |
| 90 | theToken = null; |
| 91 | } |
| 92 | } |
| 93 | return theToken; |
| 94 | } |
| 95 | |
| 96 | /** |
| 97 | * Validates class year when creating classes. Class year should be YY/YY, e.g. 11/12. So the first year must be less than the second. |