UPD: copy the login page from old software
authorFelix Dörre <felix@dogcraft.de>
Wed, 5 Nov 2014 08:47:17 +0000 (09:47 +0100)
committerJanis Streib <janis@dogcraft.de>
Wed, 31 Dec 2014 01:36:01 +0000 (02:36 +0100)
src/org/cacert/gigi/output/Form.java
src/org/cacert/gigi/pages/LoginPage.java
src/org/cacert/gigi/pages/LoginPage.templ [new file with mode: 0644]
static/static/default.css
tests/org/cacert/gigi/testUtils/ManagedTest.java

index 7cad69e7343b422d34369490452e4dc7f7ed2615..b7caa214ca992da73bb56b34e3f868b50fb33cc3 100644 (file)
@@ -34,7 +34,7 @@ public abstract class Form implements Outputable {
 
     @Override
     public void output(PrintWriter out, Language l, Map<String, Object> vars) {
-        out.println("<form method='POST' autocomplete='off'>");
+        out.println("<form method='POST'>");
         failed = false;
         outputContent(out, l, vars);
         out.print("<input type='hidden' name='" + CSRF_FIELD + "' value='");
index d2d39ba4fa1d6b9e2b26ff4ee2ffd89b8adb930a..8e920d092c0ea0fb9fcfbc08ff0d4b142738640e 100644 (file)
@@ -3,22 +3,46 @@ package org.cacert.gigi.pages;
 import static org.cacert.gigi.Gigi.*;
 
 import java.io.IOException;
+import java.io.PrintWriter;
 import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.database.GigiResultSet;
 import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.output.Form;
 import org.cacert.gigi.util.PasswordHash;
 
 public class LoginPage extends Page {
 
+    public class LoginForm extends Form {
+
+        public LoginForm(HttpServletRequest hsr) {
+            super(hsr);
+        }
+
+        @Override
+        public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+            tryAuthWithUnpw(req);
+            return false;
+        }
+
+        @Override
+        protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
+            getDefaultTemplate().output(out, l, vars);
+        }
+
+    }
+
     public static final String LOGIN_RETURNPATH = "login-returnpath";
 
     public LoginPage(String title) {
@@ -27,7 +51,7 @@ public class LoginPage extends Page {
 
     @Override
     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        resp.getWriter().println("<form method='POST' action='/login'>" + "<input type='text' name='username'>" + "<input type='password' name='password'> <input type='submit' value='login'></form>");
+        new LoginForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
     }
 
     @Override
@@ -39,7 +63,10 @@ public class LoginPage extends Page {
                 tryAuthWithCertificate(req, cert[0]);
             }
             if (req.getMethod().equals("POST")) {
-                tryAuthWithUnpw(req);
+                try {
+                    Form.getForm(req, LoginForm.class).submit(resp.getWriter(), req);
+                } catch (GigiApiException e) {
+                }
             }
         }
 
diff --git a/src/org/cacert/gigi/pages/LoginPage.templ b/src/org/cacert/gigi/pages/LoginPage.templ
new file mode 100644 (file)
index 0000000..c2418cd
--- /dev/null
@@ -0,0 +1,11 @@
+<div class='loginbox'>
+<h1><?=_Login?></h1>
+<p class='smalltext'><?=_Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.?></p>
+<label for="username"><?=_Email Address?>:</label><input type='text' name="username"/><br />
+<label for="password"><?=_Pass Phrase?>:</label><input type='password' name='password'/><br />
+<input type='submit' name="process" value="<?=_Login?>" /><br /><br />
+<a href='https://blah/index.php?id=4'><?=_Password Login?></a> -<!-- TODO -->
+<a href='https://blah/index.php?id=5'><?=_Lost Password?></a> -
+<a href='https://blah/index.php?id=4&amp;noauto=1'><?=_Net Cafe Login?></a><br />
+<p class='smalltext'><?=s,!"<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>",!"</a>",If you are having trouble with your username or password, please visit our %swiki page%s for more information?></p>
+</div>
\ No newline at end of file
index 706468093cac089f6ba2f38c3a3954d38c7a9ae0..294a99d49bfbc788d4fd28b76596c8056f021757 100644 (file)
@@ -800,4 +800,11 @@ pre{
 
 pre.string{
        display: inline;
-}
\ No newline at end of file
+}
+
+.loginbox {background:#F5F7F7;border:2px solid #cccccc;margin:0px auto;height:auto;width:300px;padding:1em;text-align:center;}
+.loginbox .smalltext {font-size:10px;}
+.loginbox label {width:100px;display:block;float:left;}
+.loginbox text {width:166px;display:block;float:left;}
+.loginbox br {clear:left;}
+.loginbox h1 {font-size:1.9em;text-align:center;}
\ No newline at end of file
index 6f6dfcf4e6035c8c603926147bca91528343f169..437031e4bf8a3b6fef077cfff37c0b52ed64b0a2 100644 (file)
@@ -331,12 +331,21 @@ public class ManagedTest extends ConfiguredTest {
     public static String login(String email, String pw) throws IOException {
         URL u = new URL("https://" + getServerName() + "/login");
         HttpURLConnection huc = (HttpURLConnection) u.openConnection();
+
+        String csrf = getCSRF(huc);
+        String headerField = stripCookie(huc.getHeaderField("Set-Cookie"));
+
+        huc = (HttpURLConnection) u.openConnection();
+        cookie(huc, headerField);
         huc.setDoOutput(true);
         OutputStream os = huc.getOutputStream();
-        String data = "username=" + URLEncoder.encode(email, "UTF-8") + "&password=" + URLEncoder.encode(pw, "UTF-8");
+        String data = "username=" + URLEncoder.encode(email, "UTF-8") + "&password=" + URLEncoder.encode(pw, "UTF-8") + "&csrf=" + URLEncoder.encode(csrf, "UTF-8");
         os.write(data.getBytes());
         os.flush();
-        String headerField = huc.getHeaderField("Set-Cookie");
+        headerField = huc.getHeaderField("Set-Cookie");
+        if (headerField == null) {
+            return "";
+        }
         return stripCookie(headerField);
     }