summaryrefslogtreecommitdiff
path: root/templates/webmail/login.html.ep
diff options
context:
space:
mode:
Diffstat (limited to 'templates/webmail/login.html.ep')
-rw-r--r--templates/webmail/login.html.ep26
1 files changed, 25 insertions, 1 deletions
diff --git a/templates/webmail/login.html.ep b/templates/webmail/login.html.ep
index 3e224a8..0b7b080 100644
--- a/templates/webmail/login.html.ep
+++ b/templates/webmail/login.html.ep
@@ -1,5 +1,7 @@
% layout 'mainlayout';
+% my $uses_cram = config->{session}{secure} eq 'cram';
+
<div id=login class="jwm-base">
<h1>
@@ -22,14 +24,36 @@
%= label_for password => ucfirst l 'passwd'
%= password_field 'password' => (required => '')
</div>
+% if ($uses_cram) {
+ %= hidden_field challenge => rand
+% }
<div class="pure-controls">
- %= submit_button l('login') => (class => 'pure-button pure-button-primary')
+ %= submit_button l('login') => (class => 'pure-button pure-button-primary') => (name => 'submit_button') => $uses_cram ? (disabled => '') : ()
</div>
</fieldset>
% end
</div>
+% if ($uses_cram) {
+<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"
+ integrity="sha512-E8QSvWZ0eCLGk4km3hxSsNmGWbLtSCSUcewDQPQWZF6pEU8GlT8a5fF32wOl1i8ftdMhssTrF/OhyGWwonTcXA=="
+ crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/hmac-md5.min.js"
+ integrity="sha512-gy8JaBxTrtIxNLe1FfMAXey61VjQk3Af4EyY/EpVfmWPH16iCgdRZMHEFgKIyxMrarlc6+rDf6WneGL4SWqnpg=="
+ crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+
+<script>
+ document.login1.submit_button.disabled = false;
+
+ document.forms.login1.addEventListener("formdata", (form_data_evt) => {
+ const form_data = form_data_evt.formData;
+ const res = CryptoJS.HmacMD5(form_data.get("challenge"), form_data.get("password"))
+ form_data.set("password", res)
+ });
+</script>
+% }
+
%= javascript begin
if (!document.login1.userid.value) {
document.login1.userid.focus();