X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=128855fcf0dced4e2ed690cfda5c92fdc887ed88;hb=c4e4a54f12c4eff9958ae0c2b9408be70ac9e605;hp=d2d39ba4fa1d6b9e2b26ff4ee2ffd89b8adb930a;hpb=701ba7f582c84412cabd47aeb9d785b93a892c07;p=gigi.git diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java index d2d39ba4..128855fc 100644 --- a/src/org/cacert/gigi/pages/LoginPage.java +++ b/src/org/cacert/gigi/pages/LoginPage.java @@ -3,22 +3,46 @@ package org.cacert.gigi.pages; import static org.cacert.gigi.Gigi.*; import java.io.IOException; +import java.io.PrintWriter; import java.security.cert.X509Certificate; +import java.util.HashMap; +import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.cacert.gigi.GigiApiException; import org.cacert.gigi.database.DatabaseConnection; import org.cacert.gigi.database.GigiPreparedStatement; import org.cacert.gigi.database.GigiResultSet; import org.cacert.gigi.dbObjects.Group; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; +import org.cacert.gigi.output.template.Form; import org.cacert.gigi.util.PasswordHash; public class LoginPage extends Page { + public class LoginForm extends Form { + + public LoginForm(HttpServletRequest hsr) { + super(hsr); + } + + @Override + public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + tryAuthWithUnpw(req); + return false; + } + + @Override + protected void outputContent(PrintWriter out, Language l, Map vars) { + getDefaultTemplate().output(out, l, vars); + } + + } + public static final String LOGIN_RETURNPATH = "login-returnpath"; public LoginPage(String title) { @@ -27,7 +51,7 @@ public class LoginPage extends Page { @Override public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { - resp.getWriter().println("
" + "" + "
"); + new LoginForm(req).output(resp.getWriter(), getLanguage(req), new HashMap()); } @Override @@ -39,7 +63,10 @@ public class LoginPage extends Page { tryAuthWithCertificate(req, cert[0]); } if (req.getMethod().equals("POST")) { - tryAuthWithUnpw(req); + try { + Form.getForm(req, LoginForm.class).submit(resp.getWriter(), req); + } catch (GigiApiException e) { + } } } @@ -70,7 +97,15 @@ public class LoginPage extends Page { ps.setString(1, un); GigiResultSet rs = ps.executeQuery(); if (rs.next()) { - if (PasswordHash.verifyHash(pw, rs.getString(1))) { + String dbHash = rs.getString(1); + String hash = PasswordHash.verifyHash(pw, dbHash); + if (hash != null) { + if ( !hash.equals(dbHash)) { + GigiPreparedStatement gps = DatabaseConnection.getInstance().prepare("UPDATE `users` SET `password`=? WHERE `email`=?"); + gps.setString(1, hash); + gps.setString(2, un); + gps.executeUpdate(); + } loginSession(req, User.getById(rs.getInt(2))); } } @@ -88,6 +123,8 @@ public class LoginPage extends Page { GigiResultSet rs = ps.executeQuery(); if (rs.next()) { loginSession(req, User.getById(rs.getInt(1))); + req.getSession().setAttribute(CERT_SERIAL, serial); + req.getSession().setAttribute(CERT_ISSUER, x509Certificate.getIssuerDN()); } rs.close(); }