X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=b19de897aa5e7b3f71f9ba122d1fb70a00938696;hp=141c6ca18cc6466ffae0248458347b10511228f7;hb=17a15662212d973d12ed4cea3f5eaa9c0d1169ed;hpb=d23d7a6fa9dc38c6193fea70017e0bff11257be5 diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java index 141c6ca1..b19de897 100644 --- a/src/org/cacert/gigi/pages/LoginPage.java +++ b/src/org/cacert/gigi/pages/LoginPage.java @@ -25,6 +25,7 @@ import org.cacert.gigi.pages.main.RegisterPage; import org.cacert.gigi.util.AuthorizationContext; import org.cacert.gigi.util.PasswordHash; import org.cacert.gigi.util.RateLimit; +import org.cacert.gigi.util.RateLimit.RateLimitException; import org.cacert.gigi.util.ServerConstants; public class LoginPage extends Page { @@ -38,10 +39,9 @@ public class LoginPage extends Page { } @Override - public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException { + public boolean submit(HttpServletRequest req) throws GigiApiException { if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) { - outputError(out, req, "Rate Limit Exceeded"); - return false; + throw new RateLimitException(); } tryAuthWithUnpw(req); return false; @@ -56,6 +56,8 @@ public class LoginPage extends Page { public static final String LOGIN_RETURNPATH = "login-returnpath"; + private static final String SUBMIT_EXCEPTION = "login-submit-exception"; + public LoginPage() { super("Password Login"); } @@ -69,6 +71,13 @@ public class LoginPage extends Page { } } + @Override + public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException { + if (Form.printFormErrors(req, resp.getWriter())) { + Form.getForm(req, LoginForm.class).output(resp.getWriter(), getLanguage(req), new HashMap()); + } + } + @Override public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException { String redir = (String) req.getSession().getAttribute(LOGIN_RETURNPATH); @@ -78,9 +87,8 @@ public class LoginPage extends Page { tryAuthWithCertificate(req, cert); } if (req.getMethod().equals("POST")) { - try { - Form.getForm(req, LoginForm.class).submit(resp.getWriter(), req); - } catch (GigiApiException e) { + if ( !Form.getForm(req, LoginForm.class).submitExceptionProtected(req)) { + return false; } } } @@ -105,7 +113,7 @@ public class LoginPage extends Page { return false; } - private void tryAuthWithUnpw(HttpServletRequest req) { + private void tryAuthWithUnpw(HttpServletRequest req) throws GigiApiException { String un = req.getParameter("username"); String pw = req.getParameter("password"); try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'")) { @@ -124,9 +132,11 @@ public class LoginPage extends Page { } loginSession(req, User.getById(rs.getInt(2))); req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password")); + return; } } } + throw new GigiApiException("Username and password didn't match."); } public static User getUser(HttpServletRequest req) { @@ -178,7 +188,7 @@ public class LoginPage extends Page { return uc; } - private static final Group LOGIN_BLOCKED = Group.getByString("blockedlogin"); + private static final Group LOGIN_BLOCKED = Group.BLOCKEDLOGIN; private void loginSession(HttpServletRequest req, User user) { if (user.isInGroup(LOGIN_BLOCKED)) {