redirect back to login page on invalid login

2020-05-09 08:05:05 +01:00
parent 9d6e967124
commit 7a8e7e0dd1
3 changed files with 18 additions and 2 deletions
--- a/grails-app/conf/spring/resources.groovy
+++ b/grails-app/conf/spring/resources.groovy
@ -1,11 +1,18 @@
 import com.muwire.mucats.security.*
 import org.springframework.security.authentication.*
+import org.springframework.security.web.authentication.*

 // Place your Spring DSL code here
 beans = {
+
+    failureHandler(SimpleUrlAuthenticationFailureHandler) {
+        defaultFailureUrl = "/login?error=true"
+        useForward = false
+    }
 
    authenticationProcessingFilter(ChallengeResponseAuthenticationFilter) {
        authenticationManager = ref('authenticationManager')
+        authenticationFailureHandler = ref('failureHandler')
    }
    challengeResponseAuthenticationProvider(ChallengeResponseAuthenticationProvider)
 }
--- a/grails-app/controllers/com/muwire/mucats/LoginController.groovy
+++ b/grails-app/controllers/com/muwire/mucats/LoginController.groovy
@ -8,6 +8,7 @@ import net.i2p.data.Signature
 import net.i2p.data.DataHelper

 import java.security.SecureRandom
+import java.net.Authenticator.RequestorType
 import java.nio.charset.StandardCharsets

 import com.muwire.core.Persona
@ -28,6 +29,10 @@ class LoginController {
        if (springSecurityService.isLoggedIn()) {
            redirect uri: conf.successHandler.defaultTargetUrl
        }
+        if (request.getParameter("error") != null) {
+            flash.error="Invalid login"
+        } 
+        render view : "index"
    }

    def challenge() {
--- a/src/main/groovy/com/muwire/mucats/security/ChallengeResponseAuthenticationProvider.groovy
+++ b/src/main/groovy/com/muwire/mucats/security/ChallengeResponseAuthenticationProvider.groovy
@ -20,8 +20,12 @@ class ChallengeResponseAuthenticationProvider implements AuthenticationProvider
        byte [] response = Base64.decode(cra.getResponse())
        if (response == null)
            throw new AuthenticationException("base64 couldn't decode response") {}
-        
-        def sig = new Signature(Constants.SIG_TYPE, response)
+        def sig
+        try {
+            sig = new Signature(Constants.SIG_TYPE, response)
+        } catch (Exception invalidSig) {
+            throw new AuthenticationException("invalid signature", sig) {}
+        }
        def spk = cra.getPersona().getDestination().getSigningPublicKey()
        if (DSAEngine.getInstance().verifySignature(sig, cra.getChallenge(), spk)) {
            authentication.setAuthenticated(true)