X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=69b05887bb0babd9d381603504031e8cccb55d2e;hb=bdb770e853028d8510a941c936a290ab69cf675c;hp=ba6e0eecd8f7f2055f11b303a111398c356cd1d3;hpb=a0232b6e40e7e09767f0444d24e18bf12dafc362;p=gigi.git diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java index ba6e0eec..69b05887 100644 --- a/src/org/cacert/gigi/pages/LoginPage.java +++ b/src/org/cacert/gigi/pages/LoginPage.java @@ -20,12 +20,18 @@ import org.cacert.gigi.dbObjects.Group; import org.cacert.gigi.dbObjects.User; import org.cacert.gigi.localisation.Language; import org.cacert.gigi.output.template.Form; +import org.cacert.gigi.output.template.TranslateCommand; +import org.cacert.gigi.pages.main.RegisterPage; import org.cacert.gigi.util.AuthorizationContext; import org.cacert.gigi.util.PasswordHash; +import org.cacert.gigi.util.RateLimit; +import org.cacert.gigi.util.RateLimit.RateLimitException; import org.cacert.gigi.util.ServerConstants; public class LoginPage extends Page { + public static final RateLimit RATE_LIMIT = new RateLimit(10, 5 * 60 * 1000); + public class LoginForm extends Form { public LoginForm(HttpServletRequest hsr) { @@ -33,9 +39,12 @@ public class LoginPage extends Page { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public RedirectResult submit(HttpServletRequest req) throws GigiApiException { + if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) { + throw new RateLimitException(); + } tryAuthWithUnpw(req); - return false; + return new RedirectResult(redirectPath(req)); } @Override @@ -47,8 +56,8 @@ public class LoginPage extends Page { public static final String LOGIN_RETURNPATH = "login-returnpath"; - public LoginPage(String title) { - super(title); + public LoginPage() { + super("Password Login"); } @Override @@ -60,43 +69,51 @@ public class LoginPage extends Page { } } + @Override + public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (Form.printFormErrors(req, resp.getWriter())) { + Form.getForm(req, LoginForm.class).output(resp.getWriter(), getLanguage(req), new HashMap()); + } + } + @Override public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException { - String redir = (String) req.getSession().getAttribute(LOGIN_RETURNPATH); if (req.getSession().getAttribute("loggedin") == null) { X509Certificate cert = getCertificateFromRequest(req); if (cert != null) { tryAuthWithCertificate(req, cert); } if (req.getMethod().equals("POST")) { - try { - Form.getForm(req, LoginForm.class).submit(resp.getWriter(), req); - } catch (GigiApiException e) { - } + return Form.getForm(req, LoginForm.class).submitExceptionProtected(req, resp); } } if (req.getSession().getAttribute("loggedin") != null) { - String s = redir; - if (s != null) { - if ( !s.startsWith("/")) { - s = "/" + s; - } - resp.sendRedirect(s); - } else { - resp.sendRedirect("/"); - } + resp.sendRedirect(redirectPath(req)); return true; } return false; } + private static String redirectPath(HttpServletRequest req) { + String redir = (String) req.getSession().getAttribute(LOGIN_RETURNPATH); + String s = redir; + if (s != null) { + if ( !s.startsWith("/")) { + s = "/" + s; + } + return s; + } else { + return "/"; + } + } + @Override public boolean needsLogin() { return false; } - private void tryAuthWithUnpw(HttpServletRequest req) { + private void tryAuthWithUnpw(HttpServletRequest req) throws GigiApiException { String un = req.getParameter("username"); String pw = req.getParameter("password"); try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'")) { @@ -114,10 +131,12 @@ public class LoginPage extends Page { } } loginSession(req, User.getById(rs.getInt(2))); - req.getSession().setAttribute(LOGIN_METHOD, "Password"); + req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password")); + return; } } } + throw new GigiApiException("Username and password didn't match."); } public static User getUser(HttpServletRequest req) { @@ -141,15 +160,15 @@ public class LoginPage extends Page { loginSession(req, user); req.getSession().setAttribute(CERT_SERIAL, serial); req.getSession().setAttribute(CERT_ISSUER, x509Certificate.getIssuerDN()); - req.getSession().setAttribute(LOGIN_METHOD, "Certificate"); + req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Certificate")); } public static String extractSerialFormCert(X509Certificate x509Certificate) { - return x509Certificate.getSerialNumber().toString(16).toUpperCase(); + return x509Certificate.getSerialNumber().toString(16).toLowerCase(); } public static User fetchUserBySerial(String serial) { - if ( !serial.matches("[A-Fa-f0-9]+")) { + if ( !serial.matches("[a-f0-9]+")) { throw new Error("serial malformed."); } @@ -169,7 +188,7 @@ public class LoginPage extends Page { return uc; } - private static final Group LOGIN_BLOCKED = Group.getByString("blockedlogin"); + private static final Group LOGIN_BLOCKED = Group.BLOCKEDLOGIN; private void loginSession(HttpServletRequest req, User user) { if (user.isInGroup(LOGIN_BLOCKED)) {