X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=e4aa2e744ad008da66724da8278540dccdb07cfa;hb=744d44637a97bcf226bf574fcf80ad1e688c047e;hp=97a0c29f313d5b89b9999f99f46afb25562aba90;hpb=ea1cb8576551bc4404b5d0cdce1a436d9df7894f;p=gigi.git

diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java
index 97a0c29f..e4aa2e74 100644
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -21,12 +21,17 @@ import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.output.template.TranslateCommand;
+import org.cacert.gigi.pages.main.RegisterPage;
 import org.cacert.gigi.util.AuthorizationContext;
 import org.cacert.gigi.util.PasswordHash;
+import org.cacert.gigi.util.RateLimit;
+import org.cacert.gigi.util.RateLimit.RateLimitException;
 import org.cacert.gigi.util.ServerConstants;
 
 public class LoginPage extends Page {
 
+    public static final RateLimit RATE_LIMIT = new RateLimit(10, 5 * 60 * 1000);
+
     public class LoginForm extends Form {
 
         public LoginForm(HttpServletRequest hsr) {
@@ -34,9 +39,12 @@ public class LoginPage extends Page {
         }
 
         @Override
-        public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+        public RedirectResult submit(HttpServletRequest req) throws GigiApiException {
+            if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) {
+                throw new RateLimitException();
+            }
             tryAuthWithUnpw(req);
-            return false;
+            return new RedirectResult(redirectPath(req));
         }
 
         @Override
@@ -61,43 +69,51 @@ public class LoginPage extends Page {
         }
     }
 
+    @Override
+    public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        if (Form.printFormErrors(req, resp.getWriter())) {
+            Form.getForm(req, LoginForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+        }
+    }
+
     @Override
     public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        String redir = (String) req.getSession().getAttribute(LOGIN_RETURNPATH);
         if (req.getSession().getAttribute("loggedin") == null) {
             X509Certificate cert = getCertificateFromRequest(req);
             if (cert != null) {
                 tryAuthWithCertificate(req, cert);
             }
             if (req.getMethod().equals("POST")) {
-                try {
-                    Form.getForm(req, LoginForm.class).submit(resp.getWriter(), req);
-                } catch (GigiApiException e) {
-                }
+                return Form.getForm(req, LoginForm.class).submitExceptionProtected(req, resp);
             }
         }
 
         if (req.getSession().getAttribute("loggedin") != null) {
-            String s = redir;
-            if (s != null) {
-                if ( !s.startsWith("/")) {
-                    s = "/" + s;
-                }
-                resp.sendRedirect(s);
-            } else {
-                resp.sendRedirect("/");
-            }
+            resp.sendRedirect(redirectPath(req));
             return true;
         }
         return false;
     }
 
+    private static String redirectPath(HttpServletRequest req) {
+        String redir = (String) req.getAttribute(LOGIN_RETURNPATH);
+        String s = redir;
+        if (s != null) {
+            if ( !s.startsWith("/")) {
+                s = "/" + s;
+            }
+            return s;
+        } else {
+            return "/";
+        }
+    }
+
     @Override
     public boolean needsLogin() {
         return false;
     }
 
-    private void tryAuthWithUnpw(HttpServletRequest req) {
+    private void tryAuthWithUnpw(HttpServletRequest req) throws GigiApiException {
         String un = req.getParameter("username");
         String pw = req.getParameter("password");
         try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'")) {
@@ -116,9 +132,11 @@ public class LoginPage extends Page {
                     }
                     loginSession(req, User.getById(rs.getInt(2)));
                     req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password"));
+                    return;
                 }
             }
         }
+        throw new GigiApiException("Username and password didn't match.");
     }
 
     public static User getUser(HttpServletRequest req) {
@@ -146,11 +164,11 @@ public class LoginPage extends Page {
     }
 
     public static String extractSerialFormCert(X509Certificate x509Certificate) {
-        return x509Certificate.getSerialNumber().toString(16).toUpperCase();
+        return x509Certificate.getSerialNumber().toString(16).toLowerCase();
     }
 
     public static User fetchUserBySerial(String serial) {
-        if ( !serial.matches("[A-Fa-f0-9]+")) {
+        if ( !serial.matches("[a-f0-9]+")) {
             throw new Error("serial malformed.");
         }
 
@@ -170,12 +188,13 @@ public class LoginPage extends Page {
         return uc;
     }
 
-    private static final Group LOGIN_BLOCKED = Group.getByString("blockedlogin");
+    private static final Group LOGIN_BLOCKED = Group.BLOCKEDLOGIN;
 
     private void loginSession(HttpServletRequest req, User user) {
         if (user.isInGroup(LOGIN_BLOCKED)) {
             return;
         }
+        req.setAttribute(LOGIN_RETURNPATH, req.getSession().getAttribute(LOGIN_RETURNPATH));
         req.getSession().invalidate();
         HttpSession hs = req.getSession();
         hs.setAttribute(LOGGEDIN, true);