X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fclub%2Fwpia%2Fgigi%2Fpages%2FLoginPage.java;h=66412a9166adee300775efa19f2d60c9901917b4;hb=aeec439eb11ecd11f408595744c13dcaf0e09907;hp=69b93863366d5b1928cee228812756e169478022;hpb=248c19aee75f896005872549b65f17701ded1fd2;p=gigi.git diff --git a/src/club/wpia/gigi/pages/LoginPage.java b/src/club/wpia/gigi/pages/LoginPage.java index 69b93863..66412a91 100644 --- a/src/club/wpia/gigi/pages/LoginPage.java +++ b/src/club/wpia/gigi/pages/LoginPage.java @@ -4,6 +4,7 @@ import static club.wpia.gigi.Gigi.*; import java.io.IOException; import java.io.PrintWriter; +import java.math.BigInteger; import java.security.cert.X509Certificate; import java.util.Map; @@ -119,24 +120,31 @@ public class LoginPage extends Page { try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'")) { ps.setString(1, un); GigiResultSet rs = ps.executeQuery(); - if (rs.next()) { - String dbHash = rs.getString(1); - String hash = PasswordHash.verifyHash(pw, dbHash); - if (hash != null) { - if ( !hash.equals(dbHash)) { - try (GigiPreparedStatement gps = new GigiPreparedStatement("UPDATE `users` SET `password`=? WHERE `email`=?")) { - gps.setString(1, hash); - gps.setString(2, un); - gps.executeUpdate(); - } + if ( !rs.next()) { + throw new GigiApiException("Username and password didn't match."); + } + + User user = User.getById(rs.getInt(2)); + if (user == null) { + throw new GigiApiException("Username and password didn't match."); + } + + String dbHash = rs.getString(1); + String hash = PasswordHash.verifyHash(pw, dbHash); + if (hash != null) { + if ( !hash.equals(dbHash)) { + try (GigiPreparedStatement gps = new GigiPreparedStatement("UPDATE `users` SET `password`=? WHERE `email`=?")) { + gps.setString(1, hash); + gps.setString(2, un); + gps.executeUpdate(); } - loginSession(req, User.getById(rs.getInt(2))); - req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password")); - return; } + + loginSession(req, user); + req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password")); + return; } } - throw new GigiApiException("Username and password didn't match."); } public static User getUser(HttpServletRequest req) { @@ -152,7 +160,7 @@ public class LoginPage extends Page { } private void tryAuthWithCertificate(HttpServletRequest req, X509Certificate x509Certificate) { - String serial = extractSerialFormCert(x509Certificate); + BigInteger serial = extractSerialFormCert(x509Certificate); User user = fetchUserBySerial(serial); if (user == null) { return; @@ -163,15 +171,11 @@ public class LoginPage extends Page { req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Certificate")); } - public static String extractSerialFormCert(X509Certificate x509Certificate) { - return x509Certificate.getSerialNumber().toString(16).toLowerCase(); + public static BigInteger extractSerialFormCert(X509Certificate x509Certificate) { + return x509Certificate.getSerialNumber(); } - public static User fetchUserBySerial(String serial) { - if ( !serial.matches("[a-f0-9]+")) { - throw new Error("serial malformed."); - } - + public static User fetchUserBySerial(BigInteger serial) { CertificateOwner o = CertificateOwner.getByEnabledSerial(serial); if (o == null || !(o instanceof User)) { return null;