X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=141c6ca18cc6466ffae0248458347b10511228f7;hp=ba6e0eecd8f7f2055f11b303a111398c356cd1d3;hb=d23d7a6fa9dc38c6193fea70017e0bff11257be5;hpb=a0232b6e40e7e09767f0444d24e18bf12dafc362

diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java
index ba6e0eec..141c6ca1 100644
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -20,12 +20,17 @@ import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.template.Form;
+import org.cacert.gigi.output.template.TranslateCommand;
+import org.cacert.gigi.pages.main.RegisterPage;
 import org.cacert.gigi.util.AuthorizationContext;
 import org.cacert.gigi.util.PasswordHash;
+import org.cacert.gigi.util.RateLimit;
 import org.cacert.gigi.util.ServerConstants;
 
 public class LoginPage extends Page {
 
+    public static final RateLimit RATE_LIMIT = new RateLimit(10, 5 * 60 * 1000);
+
     public class LoginForm extends Form {
 
         public LoginForm(HttpServletRequest hsr) {
@@ -34,6 +39,10 @@ public class LoginPage extends Page {
 
         @Override
         public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+            if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) {
+                outputError(out, req, "Rate Limit Exceeded");
+                return false;
+            }
             tryAuthWithUnpw(req);
             return false;
         }
@@ -47,8 +56,8 @@ public class LoginPage extends Page {
 
     public static final String LOGIN_RETURNPATH = "login-returnpath";
 
-    public LoginPage(String title) {
-        super(title);
+    public LoginPage() {
+        super("Password Login");
     }
 
     @Override
@@ -114,7 +123,7 @@ public class LoginPage extends Page {
                         }
                     }
                     loginSession(req, User.getById(rs.getInt(2)));
-                    req.getSession().setAttribute(LOGIN_METHOD, "Password");
+                    req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password"));
                 }
             }
         }
@@ -141,7 +150,7 @@ public class LoginPage extends Page {
         loginSession(req, user);
         req.getSession().setAttribute(CERT_SERIAL, serial);
         req.getSession().setAttribute(CERT_ISSUER, x509Certificate.getIssuerDN());
-        req.getSession().setAttribute(LOGIN_METHOD, "Certificate");
+        req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Certificate"));
     }
 
     public static String extractSerialFormCert(X509Certificate x509Certificate) {