X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=c206ad444df43c5b0df0a08e4add6612fda6f5c4;hp=97a0c29f313d5b89b9999f99f46afb25562aba90;hb=fab3ca9955f6fb5248e828bc7ca0ca919375f7c3;hpb=035c67402c9c861257f0b74e18c00648425d4f31

diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java
index 97a0c29f..c206ad44 100644
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -21,12 +21,17 @@ import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
 import org.cacert.gigi.output.template.Form;
 import org.cacert.gigi.output.template.TranslateCommand;
+import org.cacert.gigi.pages.main.RegisterPage;
 import org.cacert.gigi.util.AuthorizationContext;
 import org.cacert.gigi.util.PasswordHash;
+import org.cacert.gigi.util.RateLimit;
+import org.cacert.gigi.util.RateLimit.RateLimitException;
 import org.cacert.gigi.util.ServerConstants;
 
 public class LoginPage extends Page {
 
+    public static final RateLimit RATE_LIMIT = new RateLimit(10, 5 * 60 * 1000);
+
     public class LoginForm extends Form {
 
         public LoginForm(HttpServletRequest hsr) {
@@ -35,6 +40,9 @@ public class LoginPage extends Page {
 
         @Override
         public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+            if (RegisterPage.RATE_LIMIT.isLimitExceeded(req.getRemoteAddr())) {
+                throw new RateLimitException();
+            }
             tryAuthWithUnpw(req);
             return false;
         }
@@ -48,12 +56,18 @@ public class LoginPage extends Page {
 
     public static final String LOGIN_RETURNPATH = "login-returnpath";
 
+    private static final String SUBMIT_EXCEPTION = "login-submit-exception";
+
     public LoginPage() {
         super("Password Login");
     }
 
     @Override
     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+        Object o = req.getAttribute(SUBMIT_EXCEPTION);
+        if (o != null) {
+            ((GigiApiException) o).format(resp.getWriter(), getLanguage(req));
+        }
         if (req.getHeader("Host").equals(ServerConstants.getSecureHostNamePort())) {
             resp.getWriter().println(getLanguage(req).getTranslation("Authentication with certificate failed. Try another certificate or use a password."));
         } else {
@@ -73,6 +87,8 @@ public class LoginPage extends Page {
                 try {
                     Form.getForm(req, LoginForm.class).submit(resp.getWriter(), req);
                 } catch (GigiApiException e) {
+                    req.setAttribute(SUBMIT_EXCEPTION, e);
+                    return false;
                 }
             }
         }
@@ -97,7 +113,7 @@ public class LoginPage extends Page {
         return false;
     }
 
-    private void tryAuthWithUnpw(HttpServletRequest req) {
+    private void tryAuthWithUnpw(HttpServletRequest req) throws GigiApiException {
         String un = req.getParameter("username");
         String pw = req.getParameter("password");
         try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'")) {
@@ -116,9 +132,11 @@ public class LoginPage extends Page {
                     }
                     loginSession(req, User.getById(rs.getInt(2)));
                     req.getSession().setAttribute(LOGIN_METHOD, new TranslateCommand("Password"));
+                    return;
                 }
             }
         }
+        throw new GigiApiException("Username and password didn't match.");
     }
 
     public static User getUser(HttpServletRequest req) {