diff options
author | Jannis M. Hoffmann <jannis.hoffmann@rwth-aachen.de> | 2022-05-05 14:41:10 +0200 |
---|---|---|
committer | Jannis M. Hoffmann <jannis.hoffmann@rwth-aachen.de> | 2022-05-05 14:41:10 +0200 |
commit | febfd792ce3a63314c980cc29440cf2f127953b4 (patch) | |
tree | 196b98d1ead81459869aa4675fd7a198b0d7822b /templates/webmail/login.html.ep | |
parent | e740d60265adacfef6edb6b534ae31eedf9011da (diff) |
propper cram support (baring some details rng)
Diffstat (limited to 'templates/webmail/login.html.ep')
-rw-r--r-- | templates/webmail/login.html.ep | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/templates/webmail/login.html.ep b/templates/webmail/login.html.ep index 3e224a8..0b7b080 100644 --- a/templates/webmail/login.html.ep +++ b/templates/webmail/login.html.ep @@ -1,5 +1,7 @@ % layout 'mainlayout'; +% my $uses_cram = config->{session}{secure} eq 'cram'; + <div id=login class="jwm-base"> <h1> @@ -22,14 +24,36 @@ %= label_for password => ucfirst l 'passwd' %= password_field 'password' => (required => '') </div> +% if ($uses_cram) { + %= hidden_field challenge => rand +% } <div class="pure-controls"> - %= submit_button l('login') => (class => 'pure-button pure-button-primary') + %= submit_button l('login') => (class => 'pure-button pure-button-primary') => (name => 'submit_button') => $uses_cram ? (disabled => '') : () </div> </fieldset> % end </div> +% if ($uses_cram) { +<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js" + integrity="sha512-E8QSvWZ0eCLGk4km3hxSsNmGWbLtSCSUcewDQPQWZF6pEU8GlT8a5fF32wOl1i8ftdMhssTrF/OhyGWwonTcXA==" + crossorigin="anonymous" referrerpolicy="no-referrer"></script> +<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/hmac-md5.min.js" + integrity="sha512-gy8JaBxTrtIxNLe1FfMAXey61VjQk3Af4EyY/EpVfmWPH16iCgdRZMHEFgKIyxMrarlc6+rDf6WneGL4SWqnpg==" + crossorigin="anonymous" referrerpolicy="no-referrer"></script> + +<script> + document.login1.submit_button.disabled = false; + + document.forms.login1.addEventListener("formdata", (form_data_evt) => { + const form_data = form_data_evt.formData; + const res = CryptoJS.HmacMD5(form_data.get("challenge"), form_data.get("password")) + form_data.set("password", res) + }); +</script> +% } + %= javascript begin if (!document.login1.userid.value) { document.login1.userid.focus(); |