Redirects user after sending data to protect from double submission.

php-coder · php-coder · commit 79cc3ae93408 · 2011-08-07T20:47:28.000+07:00
/account/register -> /successful/registration /account/activate -> /successful/activation Fixed #74
diff --git a/src/main/java/ru/mystamps/web/SiteMap.java b/src/main/java/ru/mystamps/web/SiteMap.java
@@ -34,6 +34,8 @@ public final class SiteMap {
 	// defined at src/main/resources/spring/DispatcherServletContext.xml
 	public static final String INDEX_PAGE_URL            = "/";
 	public static final String MAINTENANCE_PAGE_URL      = "/site/maintenance";
+	public static final String SUCCESSFUL_REGISTRATION_PAGE_URL = "/successful/registration";
+	public static final String SUCCESSFUL_ACTIVATION_PAGE_URL = "/successful/activation";
 	
 	public static final String REGISTRATION_PAGE_URL     = "/account/register";
 	public static final String AUTHENTICATION_PAGE_URL   = "/account/auth";
diff --git a/src/main/java/ru/mystamps/web/controller/ActivateAccountController.java b/src/main/java/ru/mystamps/web/controller/ActivateAccountController.java
@@ -38,6 +38,7 @@
 
 import static ru.mystamps.web.SiteMap.ACTIVATE_ACCOUNT_PAGE_URL;
 import static ru.mystamps.web.SiteMap.ACTIVATE_ACCOUNT_PAGE_WITH_KEY_URL;
+import static ru.mystamps.web.SiteMap.SUCCESSFUL_ACTIVATION_PAGE_URL;
 
 @Controller
 public class ActivateAccountController {
@@ -91,7 +92,7 @@ public String processInput(
 			form.getActivationKey()
 		);
 		
-		return "account/activation_successful";
+		return "redirect:" + SUCCESSFUL_ACTIVATION_PAGE_URL;
 	}
 	
 }
diff --git a/src/main/java/ru/mystamps/web/controller/RegisterAccountController.java b/src/main/java/ru/mystamps/web/controller/RegisterAccountController.java
@@ -34,6 +34,7 @@
 import ru.mystamps.web.validation.RegisterAccountValidator;
 
 import static ru.mystamps.web.SiteMap.REGISTRATION_PAGE_URL;
+import static ru.mystamps.web.SiteMap.SUCCESSFUL_REGISTRATION_PAGE_URL;
 
 @Controller
 @RequestMapping(REGISTRATION_PAGE_URL)
@@ -73,8 +74,7 @@ public String processInput(
 		
 		userService.addRegistrationRequest(form.getEmail());
 		
-		// TODO: do redirect to protect from double submission (#74)
-		return "account/activation_sent";
+		return "redirect:" + SUCCESSFUL_REGISTRATION_PAGE_URL;
 	}
 	
 }
diff --git a/src/main/resources/spring/DispatcherServletContext.xml b/src/main/resources/spring/DispatcherServletContext.xml
@@ -32,6 +32,8 @@
 	<mvc:view-controller path="/" view-name="site/index" />
 	<mvc:view-controller path="/site/maintenance" view-name="site/maintenance" />
 	<mvc:view-controller path="/password/restore" view-name="password/restore" />
+	<mvc:view-controller path="/successful/registration" view-name="account/activation_sent" />
+	<mvc:view-controller path="/successful/activation" view-name="account/activation_successful" />
 	
 	<import resource="database.xml" />
 	
diff --git a/src/test/java/ru/mystamps/web/tests/cases/WhenUserActivateAccount.java b/src/test/java/ru/mystamps/web/tests/cases/WhenUserActivateAccount.java
@@ -40,6 +40,7 @@
 
 import static ru.mystamps.web.SiteMap.ACTIVATE_ACCOUNT_PAGE_WITH_KEY_URL;
 import static ru.mystamps.web.SiteMap.AUTHENTICATION_PAGE_URL;
+import static ru.mystamps.web.SiteMap.SUCCESSFUL_ACTIVATION_PAGE_URL;
 
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = "classpath:spring/TestContext.xml")
@@ -278,6 +279,8 @@ public void afterActivationShouldExistsMessageWithLinkForAuthentication() {
 		page.fillField("activationKey", NOT_ACTIVATED_USER_ACT_KEY);
 		page.submit();
 		
+		assertThat(page.getCurrentUrl()).isEqualTo(SUCCESSFUL_ACTIVATION_PAGE_URL);
+		
 		assertThat(page.textPresent(stripHtmlTags(tr("t_activation_successful")))).isTrue();
 		
 		assertThat(page.linkHasLabelAndPointsTo("authentication", AUTHENTICATION_PAGE_URL))
diff --git a/src/test/java/ru/mystamps/web/tests/cases/WhenUserRegisterAccount.java b/src/test/java/ru/mystamps/web/tests/cases/WhenUserRegisterAccount.java
@@ -22,6 +22,7 @@
 
 import static ru.mystamps.web.SiteMap.AUTHENTICATION_PAGE_URL;
 import static ru.mystamps.web.SiteMap.RESTORE_PASSWORD_PAGE_URL;
+import static ru.mystamps.web.SiteMap.SUCCESSFUL_REGISTRATION_PAGE_URL;
 import static ru.mystamps.web.tests.TranslationUtils.tr;
 import static ru.mystamps.web.tests.TranslationUtils.stripHtmlTags;
 import static ru.mystamps.web.validation.ValidationRules.EMAIL_MAX_LENGTH;
@@ -99,7 +100,9 @@ public void emailShouldBeStripedFromLeadingAndTrailingSpaces() {
 	public void successfulMessageShouldBeShownAfterRegistration() {
 		page.fillField("email", "coder@rock.home");
 		page.submit();
-		// TODO: check page url
+		
+		assertThat(page.getCurrentUrl()).isEqualTo(SUCCESSFUL_REGISTRATION_PAGE_URL);
+		
 		assertThat(page.textPresent(tr("t_activation_sent_message"))).isTrue();
 	}
 	

Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@`
`38`	`38`
`39`	`39`	`import static ru.mystamps.web.SiteMap.ACTIVATE_ACCOUNT_PAGE_URL;`
`40`	`40`	`import static ru.mystamps.web.SiteMap.ACTIVATE_ACCOUNT_PAGE_WITH_KEY_URL;`
	`41`	`+import static ru.mystamps.web.SiteMap.SUCCESSFUL_ACTIVATION_PAGE_URL;`
`41`	`42`
`42`	`43`	`@Controller`
`43`	`44`	`public class ActivateAccountController {`
`@@ -91,7 +92,7 @@ public String processInput(`
`91`	`92`	`form.getActivationKey()`
`92`	`93`	`);`
`93`	`94`
`94`		`- return "account/activation_successful";`
	`95`	`+ return "redirect:" + SUCCESSFUL_ACTIVATION_PAGE_URL;`
`95`	`96`	`}`
`96`	`97`
`97`	`98`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,7 @@`
`34`	`34`	`import ru.mystamps.web.validation.RegisterAccountValidator;`
`35`	`35`
`36`	`36`	`import static ru.mystamps.web.SiteMap.REGISTRATION_PAGE_URL;`
	`37`	`+import static ru.mystamps.web.SiteMap.SUCCESSFUL_REGISTRATION_PAGE_URL;`
`37`	`38`
`38`	`39`	`@Controller`
`39`	`40`	`@RequestMapping(REGISTRATION_PAGE_URL)`
`@@ -73,8 +74,7 @@ public String processInput(`
`73`	`74`
`74`	`75`	`userService.addRegistrationRequest(form.getEmail());`
`75`	`76`
`76`		`- // TODO: do redirect to protect from double submission (#74)`
`77`		`- return "account/activation_sent";`
	`77`	`+ return "redirect:" + SUCCESSFUL_REGISTRATION_PAGE_URL;`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`}`