X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Fclub%2Fwpia%2Fgigi%2Fpages%2FLoginPage.java;h=fccfea1d2e8db8f0d793af85d7ca930dd9618f33;hb=13a45cb32dc366dfba718199e968f9b5c1d2001e;hp=b0ed6e69397dcaa4cd313752eed3e473c405f643;hpb=76baa398052ef0f82828621be1357a92f30c13a4;p=gigi.git

diff --git a/src/club/wpia/gigi/pages/LoginPage.java b/src/club/wpia/gigi/pages/LoginPage.java
index b0ed6e69..fccfea1d 100644
--- a/src/club/wpia/gigi/pages/LoginPage.java
+++ b/src/club/wpia/gigi/pages/LoginPage.java
@@ -6,6 +6,7 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.math.BigInteger;
 import java.security.cert.X509Certificate;
+import java.util.Date;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
@@ -15,6 +16,7 @@ import javax.servlet.http.HttpSession;
 import club.wpia.gigi.GigiApiException;
 import club.wpia.gigi.database.GigiPreparedStatement;
 import club.wpia.gigi.database.GigiResultSet;
+import club.wpia.gigi.dbObjects.Certificate;
 import club.wpia.gigi.dbObjects.CertificateOwner;
 import club.wpia.gigi.dbObjects.Group;
 import club.wpia.gigi.dbObjects.User;
@@ -120,24 +122,31 @@ public class LoginPage extends Page {
         try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'")) {
             ps.setString(1, un);
             GigiResultSet rs = ps.executeQuery();
-            if (rs.next()) {
-                String dbHash = rs.getString(1);
-                String hash = PasswordHash.verifyHash(pw, dbHash);
-                if (hash != null) {
-                    if ( !hash.equals(dbHash)) {
-                        try (GigiPreparedStatement gps = new GigiPreparedStatement("UPDATE `users` SET `password`=? WHERE `email`=?")) {
-                            gps.setString(1, hash);
-                            gps.setString(2, un);
-                            gps.executeUpdate();
-                        }
+            if ( !rs.next()) {
+                throw new GigiApiException("Username and password didn't match.");
+            }
+
+            User user = User.getById(rs.getInt(2));
+            if (user == null) {
+                throw new GigiApiException("Username and password didn't match.");
+            }
+
+            String dbHash = rs.getString(1);
+            String hash = PasswordHash.verifyHash(pw, dbHash);
+            if (hash != null) {
+                if ( !hash.equals(dbHash)) {
+                    try (GigiPreparedStatement gps = new GigiPreparedStatement("UPDATE `users` SET `password`=? WHERE `email`=?")) {
+                        gps.setString(1, hash);
+                        gps.setString(2, un);
+                        gps.executeUpdate();
                     }
-                    loginSession(req, User.getById(rs.getInt(2)));
-                    req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password"));
-                    return;
                 }
+
+                loginSession(req, user, false);
+                req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password"));
+                return;
             }
         }
-        throw new GigiApiException("Username and password didn't match.");
     }
 
     public static User getUser(HttpServletRequest req) {
@@ -154,11 +163,15 @@ public class LoginPage extends Page {
 
     private void tryAuthWithCertificate(HttpServletRequest req, X509Certificate x509Certificate) {
         BigInteger serial = extractSerialFormCert(x509Certificate);
+        Certificate c = Certificate.getBySerial(serial);
         User user = fetchUserBySerial(serial);
         if (user == null) {
             return;
         }
-        loginSession(req, user);
+        if (c.getExpiryDate().before(new Date()) || c.getRevocationDate() != null || c.isLoginEnabled() == false) {
+            return;
+        }
+        loginSession(req, user, true);
         req.getSession().setAttribute(CERT_SERIAL, serial);
         req.getSession().setAttribute(CERT_ISSUER, x509Certificate.getIssuerDN());
         req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Certificate"));
@@ -187,7 +200,7 @@ public class LoginPage extends Page {
 
     private static final Group LOGIN_BLOCKED = Group.BLOCKED_LOGIN;
 
-    private void loginSession(HttpServletRequest req, User user) {
+    private void loginSession(HttpServletRequest req, User user, boolean isStronglyAuthenticated) {
         if (user.isInGroup(LOGIN_BLOCKED)) {
             return;
         }
@@ -196,7 +209,7 @@ public class LoginPage extends Page {
         HttpSession hs = req.getSession();
         hs.setAttribute(LOGGEDIN, true);
         hs.setAttribute(Language.SESSION_ATTRIB_NAME, user.getPreferredLocale());
-        hs.setAttribute(AUTH_CONTEXT, new AuthorizationContext(user, user));
+        hs.setAttribute(AUTH_CONTEXT, new AuthorizationContext(user, user, isStronglyAuthenticated));
     }
 
     @Override