We are currently migrating all git repositories to new storage. In the unlikely event that you attempt to write to your git repo at the exact time it is being moved, you will receive a message about your repository being write protected.

Commit 74ef04b7 authored by paulbentsen's avatar paulbentsen
Browse files

forsøkte å implementere anti-csrf (dette er kommentert ut, fikk bare error)

liten fiks på pw-length checker
parent 96b09ca1
......@@ -110,7 +110,7 @@ public class Handler extends AbstractHandler
}
} catch (Maybe.NothingException e) {
// Not enough data suppied for login
// Not enough data supplied for login
System.err.println("Broken usage of register");
}
} else if(request.getParameter("login") != null) {
......@@ -124,6 +124,25 @@ public class Handler extends AbstractHandler
(request.getParameter("password"))).get();
System.err.println("Password: " + password + " with length " + password.length());
inchat.login(username,password).forEach(sessionBuilder);
//attempted implemented anti-csrf
/*String csrfCookie = null;
for(Cookie cookie : request.getCookies()){
if (cookie.getName().equals("csrf")){
csrfCookie = cookie.getValue();
System.out.println("i'm a cookie!" + cookie.getValue());
}
}
// get the CSRF form field
String csrfField = request.getParameter("csrfToken");
System.out.println(csrfField + "cookie value");
if (csrfCookie.equals(csrfField)) {
inchat.login(username,password).forEach(sessionBuilder);
}
*/
} catch (Maybe.NothingException e) {
// Not enough data supplied for login
System.out.println("Broken usage of login");
......@@ -153,11 +172,11 @@ public class Handler extends AbstractHandler
final PrintWriter out = response.getWriter();
//generate a random CSRF Token
String csrfToken = CSRF.getToken();
//String csrfToken = CSRF.getToken();
//Place the CSRF token in a cookie
javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie("csrfToken", csrfToken);
response.addCookie(cookie);
//javax.servlet.http.Cookie csrf_cookie = new javax.servlet.http.Cookie("csrfToken", csrfToken);
//response.addCookie(csrf_cookie);
......@@ -222,6 +241,7 @@ public class Handler extends AbstractHandler
printStandardTop(out, "inChat: Create a new channel!");
out.println("<form class=\"login\" action=\"/\" method=\"POST\">"
// + "<input type=\"hidden\" name=\"csrfToken\" value=\"<%= csrfToken %>\"/>"
+ "<div class=\"name\"><input type=\"text\" name=\"channelname\" placeholder=\"Channel name\"></div>"
+ "<div class=\"submit\"><input type=\"submit\" name=\"createchannel\" value=\"Create Channel\"></div>"
+ "</form>");
......@@ -384,11 +404,10 @@ public class Handler extends AbstractHandler
Jetty will give them a 404. */
return;
}
} catch (Maybe.NothingException | NoSuchAlgorithmException e) {
} catch (Maybe.NothingException e) {
// All authentication methods failed
if (target.equals("/")) {
System.out.println("aisudhasd TEST");
serveFile(response,landingpage, "text/html;charset=utf-8");
baseRequest.setHandled(true);
return;
......
......@@ -10,8 +10,8 @@ public class Password {
//returns True if pw length is between 8 and 1000
public static Boolean checkLength(String preHash){
return (1000 > preHash.length() && preHash.length() > 8);
}
return (1000 > preHash.length() && preHash.length() > 7);
}
//returns True if pw is not found in our dictionary (cirt-default-passwords.txt)
public static Boolean checkPwNotInDictionary(String preHash) throws IOException {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment