X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Fpages%2FLoginPage.java;h=e647c053bd553b75934cc833aca375dc49f279b3;hp=2c7d0336c8a83b08f6603080000fd1797e8dbada;hb=30a66c84a3f33e99bd5cbfe50b25a83acfbf5425;hpb=6aa2a2b2b90e9f05386f7fe1bcc831a6a574a0f6 diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java index 2c7d0336..e647c053 100644 --- a/src/org/cacert/gigi/pages/LoginPage.java +++ b/src/org/cacert/gigi/pages/LoginPage.java @@ -1,24 +1,112 @@ package org.cacert.gigi.pages; +import static org.cacert.gigi.Gigi.*; + import java.io.IOException; +import java.security.cert.X509Certificate; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; +import org.cacert.gigi.database.DatabaseConnection; +import org.cacert.gigi.database.GigiPreparedStatement; +import org.cacert.gigi.database.GigiResultSet; +import org.cacert.gigi.dbObjects.Group; +import org.cacert.gigi.dbObjects.User; +import org.cacert.gigi.localisation.Language; +import org.cacert.gigi.util.PasswordHash; public class LoginPage extends Page { - public LoginPage(String title) { - super(title); - } - - @Override - public void doGet(ServletRequest req, ServletResponse resp) - throws IOException { - super.doGet(req, resp); - resp.getWriter() - .println( - "
" - + "" - + "
"); - } + public static final String LOGIN_RETURNPATH = "login-returnpath"; + + public LoginPage(String title) { + super(title); + } + + @Override + public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { + resp.getWriter().println("
" + "" + "
"); + } + + @Override + public boolean beforeTemplate(HttpServletRequest req, HttpServletResponse resp) throws IOException { + String redir = (String) req.getSession().getAttribute(LOGIN_RETURNPATH); + if (req.getSession().getAttribute("loggedin") == null) { + X509Certificate[] cert = (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate"); + if (cert != null && cert[0] != null) { + tryAuthWithCertificate(req, cert[0]); + } + if (req.getMethod().equals("POST")) { + tryAuthWithUnpw(req); + } + } + + if (req.getSession().getAttribute("loggedin") != null) { + String s = redir; + if (s != null) { + if ( !s.startsWith("/")) { + s = "/" + s; + } + resp.sendRedirect(s); + } else { + resp.sendRedirect("/"); + } + return true; + } + return false; + } + + @Override + public boolean needsLogin() { + return false; + } + + private void tryAuthWithUnpw(HttpServletRequest req) { + String un = req.getParameter("username"); + String pw = req.getParameter("password"); + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `password`, `id` FROM `users` WHERE `email`=? AND verified='1'"); + ps.setString(1, un); + GigiResultSet rs = ps.executeQuery(); + if (rs.next()) { + if (PasswordHash.verifyHash(pw, rs.getString(1))) { + loginSession(req, User.getById(rs.getInt(2))); + } + } + rs.close(); + } + + public static User getUser(HttpServletRequest req) { + return (User) req.getSession().getAttribute(USER); + } + + private void tryAuthWithCertificate(HttpServletRequest req, X509Certificate x509Certificate) { + String serial = x509Certificate.getSerialNumber().toString(16).toUpperCase(); + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT `memid` FROM `certs` WHERE `serial`=? AND `disablelogin`='0' AND `revoked` = '0000-00-00 00:00:00'"); + ps.setString(1, serial); + GigiResultSet rs = ps.executeQuery(); + if (rs.next()) { + loginSession(req, User.getById(rs.getInt(1))); + } + rs.close(); + } + + private static final Group LOGIN_BLOCKED = Group.getByString("blockedlogin"); + + private void loginSession(HttpServletRequest req, User user) { + if (user.isInGroup(LOGIN_BLOCKED)) { + return; + } + req.getSession().invalidate(); + HttpSession hs = req.getSession(); + hs.setAttribute(LOGGEDIN, true); + hs.setAttribute(Language.SESSION_ATTRIB_NAME, user.getPreferredLocale()); + hs.setAttribute(USER, user); + } + + @Override + public boolean isPermitted(User u) { + return u == null; + } }