@Override
public void output(PrintWriter out, Language l, Map<String, Object> vars) {
- out.println("<form method='POST' autocomplete='off'>");
+ out.println("<form method='POST'>");
failed = false;
outputContent(out, l, vars);
out.print("<input type='hidden' name='" + CSRF_FIELD + "' value='");
import static org.cacert.gigi.Gigi.*;
import java.io.IOException;
+import java.io.PrintWriter;
import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
+import org.cacert.gigi.GigiApiException;
import org.cacert.gigi.database.DatabaseConnection;
import org.cacert.gigi.database.GigiPreparedStatement;
import org.cacert.gigi.database.GigiResultSet;
import org.cacert.gigi.dbObjects.Group;
import org.cacert.gigi.dbObjects.User;
import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.output.Form;
import org.cacert.gigi.util.PasswordHash;
public class LoginPage extends Page {
+ public class LoginForm extends Form {
+
+ public LoginForm(HttpServletRequest hsr) {
+ super(hsr);
+ }
+
+ @Override
+ public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+ tryAuthWithUnpw(req);
+ return false;
+ }
+
+ @Override
+ protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
+ getDefaultTemplate().output(out, l, vars);
+ }
+
+ }
+
public static final String LOGIN_RETURNPATH = "login-returnpath";
public LoginPage(String title) {
@Override
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
- resp.getWriter().println("<form method='POST' action='/login'>" + "<input type='text' name='username'>" + "<input type='password' name='password'> <input type='submit' value='login'></form>");
+ new LoginForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
}
@Override
tryAuthWithCertificate(req, cert[0]);
}
if (req.getMethod().equals("POST")) {
- tryAuthWithUnpw(req);
+ try {
+ Form.getForm(req, LoginForm.class).submit(resp.getWriter(), req);
+ } catch (GigiApiException e) {
+ }
}
}
--- /dev/null
+<div class='loginbox'>
+<h1><?=_Login?></h1>
+<p class='smalltext'><?=_Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.?></p>
+<label for="username"><?=_Email Address?>:</label><input type='text' name="username"/><br />
+<label for="password"><?=_Pass Phrase?>:</label><input type='password' name='password'/><br />
+<input type='submit' name="process" value="<?=_Login?>" /><br /><br />
+<a href='https://blah/index.php?id=4'><?=_Password Login?></a> -<!-- TODO -->
+<a href='https://blah/index.php?id=5'><?=_Lost Password?></a> -
+<a href='https://blah/index.php?id=4&noauto=1'><?=_Net Cafe Login?></a><br />
+<p class='smalltext'><?=s,!"<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>",!"</a>",If you are having trouble with your username or password, please visit our %swiki page%s for more information?></p>
+</div>
\ No newline at end of file
pre.string{
display: inline;
-}
\ No newline at end of file
+}
+
+.loginbox {background:#F5F7F7;border:2px solid #cccccc;margin:0px auto;height:auto;width:300px;padding:1em;text-align:center;}
+.loginbox .smalltext {font-size:10px;}
+.loginbox label {width:100px;display:block;float:left;}
+.loginbox text {width:166px;display:block;float:left;}
+.loginbox br {clear:left;}
+.loginbox h1 {font-size:1.9em;text-align:center;}
\ No newline at end of file
public static String login(String email, String pw) throws IOException {
URL u = new URL("https://" + getServerName() + "/login");
HttpURLConnection huc = (HttpURLConnection) u.openConnection();
+
+ String csrf = getCSRF(huc);
+ String headerField = stripCookie(huc.getHeaderField("Set-Cookie"));
+
+ huc = (HttpURLConnection) u.openConnection();
+ cookie(huc, headerField);
huc.setDoOutput(true);
OutputStream os = huc.getOutputStream();
- String data = "username=" + URLEncoder.encode(email, "UTF-8") + "&password=" + URLEncoder.encode(pw, "UTF-8");
+ String data = "username=" + URLEncoder.encode(email, "UTF-8") + "&password=" + URLEncoder.encode(pw, "UTF-8") + "&csrf=" + URLEncoder.encode(csrf, "UTF-8");
os.write(data.getBytes());
os.flush();
- String headerField = huc.getHeaderField("Set-Cookie");
+ headerField = huc.getHeaderField("Set-Cookie");
+ if (headerField == null) {
+ return "";
+ }
return stripCookie(headerField);
}