From: Felix Dörre <felix@dogcraft.de>
Date: Wed, 5 Nov 2014 08:47:17 +0000 (+0100)
Subject: UPD: copy the login page from old software
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=4f532bd35f41121838756b67dfc0ca330940079e

UPD: copy the login page from old software
---

diff --git a/src/org/cacert/gigi/output/Form.java b/src/org/cacert/gigi/output/Form.java
index 7cad69e7..b7caa214 100644
--- a/src/org/cacert/gigi/output/Form.java
+++ b/src/org/cacert/gigi/output/Form.java
@@ -34,7 +34,7 @@ public abstract class Form implements Outputable {
 
     @Override
     public void output(PrintWriter out, Language l, Map<String, Object> vars) {
-        out.println("<form method='POST' autocomplete='off'>");
+        out.println("<form method='POST'>");
         failed = false;
         outputContent(out, l, vars);
         out.print("<input type='hidden' name='" + CSRF_FIELD + "' value='");
diff --git a/src/org/cacert/gigi/pages/LoginPage.java b/src/org/cacert/gigi/pages/LoginPage.java
index d2d39ba4..8e920d09 100644
--- a/src/org/cacert/gigi/pages/LoginPage.java
+++ b/src/org/cacert/gigi/pages/LoginPage.java
@@ -3,22 +3,46 @@ package org.cacert.gigi.pages;
 import static org.cacert.gigi.Gigi.*;
 
 import java.io.IOException;
+import java.io.PrintWriter;
 import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.cacert.gigi.GigiApiException;
 import org.cacert.gigi.database.DatabaseConnection;
 import org.cacert.gigi.database.GigiPreparedStatement;
 import org.cacert.gigi.database.GigiResultSet;
 import org.cacert.gigi.dbObjects.Group;
 import org.cacert.gigi.dbObjects.User;
 import org.cacert.gigi.localisation.Language;
+import org.cacert.gigi.output.Form;
 import org.cacert.gigi.util.PasswordHash;
 
 public class LoginPage extends Page {
 
+    public class LoginForm extends Form {
+
+        public LoginForm(HttpServletRequest hsr) {
+            super(hsr);
+        }
+
+        @Override
+        public boolean submit(PrintWriter out, HttpServletRequest req) throws GigiApiException {
+            tryAuthWithUnpw(req);
+            return false;
+        }
+
+        @Override
+        protected void outputContent(PrintWriter out, Language l, Map<String, Object> vars) {
+            getDefaultTemplate().output(out, l, vars);
+        }
+
+    }
+
     public static final String LOGIN_RETURNPATH = "login-returnpath";
 
     public LoginPage(String title) {
@@ -27,7 +51,7 @@ public class LoginPage extends Page {
 
     @Override
     public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
-        resp.getWriter().println("<form method='POST' action='/login'>" + "<input type='text' name='username'>" + "<input type='password' name='password'> <input type='submit' value='login'></form>");
+        new LoginForm(req).output(resp.getWriter(), getLanguage(req), new HashMap<String, Object>());
     }
 
     @Override
@@ -39,7 +63,10 @@ public class LoginPage extends Page {
                 tryAuthWithCertificate(req, cert[0]);
             }
             if (req.getMethod().equals("POST")) {
-                tryAuthWithUnpw(req);
+                try {
+                    Form.getForm(req, LoginForm.class).submit(resp.getWriter(), req);
+                } catch (GigiApiException e) {
+                }
             }
         }
 
diff --git a/src/org/cacert/gigi/pages/LoginPage.templ b/src/org/cacert/gigi/pages/LoginPage.templ
new file mode 100644
index 00000000..c2418cda
--- /dev/null
+++ b/src/org/cacert/gigi/pages/LoginPage.templ
@@ -0,0 +1,11 @@
+<div class='loginbox'>
+<h1><?=_Login?></h1>
+<p class='smalltext'><?=_Warning! This site requires cookies to be enabled to ensure your privacy and security. This site uses session cookies to store temporary values to prevent people from copying and pasting the session ID to someone else exposing their account, personal details and identity theft as a result.?></p>
+<label for="username"><?=_Email Address?>:</label><input type='text' name="username"/><br />
+<label for="password"><?=_Pass Phrase?>:</label><input type='password' name='password'/><br />
+<input type='submit' name="process" value="<?=_Login?>" /><br /><br />
+<a href='https://blah/index.php?id=4'><?=_Password Login?></a> -<!-- TODO -->
+<a href='https://blah/index.php?id=5'><?=_Lost Password?></a> -
+<a href='https://blah/index.php?id=4&amp;noauto=1'><?=_Net Cafe Login?></a><br />
+<p class='smalltext'><?=s,!"<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>",!"</a>",If you are having trouble with your username or password, please visit our %swiki page%s for more information?></p>
+</div>
\ No newline at end of file
diff --git a/static/static/default.css b/static/static/default.css
index 70646809..294a99d4 100644
--- a/static/static/default.css
+++ b/static/static/default.css
@@ -800,4 +800,11 @@ pre{
 
 pre.string{
 	display: inline;
-}
\ No newline at end of file
+}
+
+.loginbox {background:#F5F7F7;border:2px solid #cccccc;margin:0px auto;height:auto;width:300px;padding:1em;text-align:center;}
+.loginbox .smalltext {font-size:10px;}
+.loginbox label {width:100px;display:block;float:left;}
+.loginbox text {width:166px;display:block;float:left;}
+.loginbox br {clear:left;}
+.loginbox h1 {font-size:1.9em;text-align:center;}
\ No newline at end of file
diff --git a/tests/org/cacert/gigi/testUtils/ManagedTest.java b/tests/org/cacert/gigi/testUtils/ManagedTest.java
index 6f6dfcf4..437031e4 100644
--- a/tests/org/cacert/gigi/testUtils/ManagedTest.java
+++ b/tests/org/cacert/gigi/testUtils/ManagedTest.java
@@ -331,12 +331,21 @@ public class ManagedTest extends ConfiguredTest {
     public static String login(String email, String pw) throws IOException {
         URL u = new URL("https://" + getServerName() + "/login");
         HttpURLConnection huc = (HttpURLConnection) u.openConnection();
+
+        String csrf = getCSRF(huc);
+        String headerField = stripCookie(huc.getHeaderField("Set-Cookie"));
+
+        huc = (HttpURLConnection) u.openConnection();
+        cookie(huc, headerField);
         huc.setDoOutput(true);
         OutputStream os = huc.getOutputStream();
-        String data = "username=" + URLEncoder.encode(email, "UTF-8") + "&password=" + URLEncoder.encode(pw, "UTF-8");
+        String data = "username=" + URLEncoder.encode(email, "UTF-8") + "&password=" + URLEncoder.encode(pw, "UTF-8") + "&csrf=" + URLEncoder.encode(csrf, "UTF-8");
         os.write(data.getBytes());
         os.flush();
-        String headerField = huc.getHeaderField("Set-Cookie");
+        headerField = huc.getHeaderField("Set-Cookie");
+        if (headerField == null) {
+            return "";
+        }
         return stripCookie(headerField);
     }