chg: ensure actor, target and support ticket are non-null

[gigi.git] / src / club / wpia / gigi / pages / LoginPage.java

diff --git a/src/club/wpia/gigi/pages/LoginPage.java b/src/club/wpia/gigi/pages/LoginPage.java
index 2af51cf71b937d31c9ebd1497985a6a74273e4a6..66412a9166adee300775efa19f2d60c9901917b4 100644 (file)
--- a/src/club/wpia/gigi/pages/LoginPage.java
+++ b/src/club/wpia/gigi/pages/LoginPage.java
@@ -4,8 +4,8 @@ import static club.wpia.gigi.Gigi.*;
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.math.BigInteger;
 import java.security.cert.X509Certificate;
-import java.util.HashMap;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
@@ -25,8 +25,9 @@ import club.wpia.gigi.pages.main.RegisterPage;
 import club.wpia.gigi.util.AuthorizationContext;
 import club.wpia.gigi.util.PasswordHash;
 import club.wpia.gigi.util.RateLimit;
-import club.wpia.gigi.util.ServerConstants;
 import club.wpia.gigi.util.RateLimit.RateLimitException;
+import club.wpia.gigi.util.ServerConstants;
+import club.wpia.gigi.util.ServerConstants.Host;
 
 public class LoginPage extends Page {
 
@@ -62,17 +63,17 @@ public class LoginPage extends Page {
 
     @Override
     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        if (req.getHeader("Host").equals(ServerConstants.getSecureHostNamePortSecure())) {
+        if (req.getHeader("Host").equals(ServerConstants.getHostNamePortSecure(Host.SECURE))) {
             resp.getWriter().println(getLanguage(req).getTranslation("Authentication with certificate failed. Try another certificate or use a password."));
         } else {
-            new LoginForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+            new LoginForm(req).output(resp.getWriter(), getLanguage(req), getDefaultVars(req));
         }
     }
 
     @Override
     public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
         if (Form.printFormErrors(req, resp.getWriter())) {
-            Form.getForm(req, LoginForm.class).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
+            Form.getForm(req, LoginForm.class).output(resp.getWriter(), getLanguage(req), getDefaultVars(req));
         }
     }
 
@@ -119,24 +120,31 @@ public class LoginPage extends Page {
         try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'")) {
             ps.setString(1, un);
             GigiResultSet rs = ps.executeQuery();
-            if (rs.next()) {
-                String dbHash = rs.getString(1);
-                String hash = PasswordHash.verifyHash(pw, dbHash);
-                if (hash != null) {
-                    if ( !hash.equals(dbHash)) {
-                        try (GigiPreparedStatement gps = new GigiPreparedStatement("UPDATE `users` SET `password`=? WHERE `email`=?")) {
-                            gps.setString(1, hash);
-                            gps.setString(2, un);
-                            gps.executeUpdate();
-                        }
+            if ( !rs.next()) {
+                throw new GigiApiException("Username and password didn't match.");
+            }
+
+            User user = User.getById(rs.getInt(2));
+            if (user == null) {
+                throw new GigiApiException("Username and password didn't match.");
+            }
+
+            String dbHash = rs.getString(1);
+            String hash = PasswordHash.verifyHash(pw, dbHash);
+            if (hash != null) {
+                if ( !hash.equals(dbHash)) {
+                    try (GigiPreparedStatement gps = new GigiPreparedStatement("UPDATE `users` SET `password`=? WHERE `email`=?")) {
+                        gps.setString(1, hash);
+                        gps.setString(2, un);
+                        gps.executeUpdate();
                     }
-                    loginSession(req, User.getById(rs.getInt(2)));
-                    req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password"));
-                    return;
                 }
+
+                loginSession(req, user);
+                req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password"));
+                return;
             }
         }
-        throw new GigiApiException("Username and password didn't match.");
     }
 
     public static User getUser(HttpServletRequest req) {
@@ -152,7 +160,7 @@ public class LoginPage extends Page {
     }
 
     private void tryAuthWithCertificate(HttpServletRequest req, X509Certificate x509Certificate) {
-        String serial = extractSerialFormCert(x509Certificate);
+        BigInteger serial = extractSerialFormCert(x509Certificate);
         User user = fetchUserBySerial(serial);
         if (user == null) {
             return;
@@ -163,15 +171,11 @@ public class LoginPage extends Page {
         req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Certificate"));
     }
 
-    public static String extractSerialFormCert(X509Certificate x509Certificate) {
-        return x509Certificate.getSerialNumber().toString(16).toLowerCase();
+    public static BigInteger extractSerialFormCert(X509Certificate x509Certificate) {
+        return x509Certificate.getSerialNumber();
     }
 
-    public static User fetchUserBySerial(String serial) {
-        if ( !serial.matches("[a-f0-9]+")) {
-            throw new Error("serial malformed.");
-        }
-
+    public static User fetchUserBySerial(BigInteger serial) {
         CertificateOwner o = CertificateOwner.getByEnabledSerial(serial);
         if (o == null || !(o instanceof User)) {
             return null;
@@ -188,7 +192,7 @@ public class LoginPage extends Page {
         return uc;
     }
 
-    private static final Group LOGIN_BLOCKED = Group.BLOCKEDLOGIN;
+    private static final Group LOGIN_BLOCKED = Group.BLOCKED_LOGIN;
 
     private void loginSession(HttpServletRequest req, User user) {
         if (user.isInGroup(LOGIN_BLOCKED)) {