private void handleLogin(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
Boolean isAuthorized;
String username = request.getParameter("login-username");
String password = request.getParameter("login-password");
if (Security.isSafeUsername(username) && Security.isSafePassword(password)) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
isAuthorized = DatabaseApi.isAuthorized(username, password);
session.setAttribute(Attribute.IS_AUTHORIZED.toString(), isAuthorized);
if (isAuthorized) { // Take the user to the projects page.
int accountId = DatabaseApi.getAccountId(username);
session.setAttribute(
Attribute.USERNAME.toString(), DatabaseApi.getAccountUsername(accountId));
session.setAttribute(Attribute.PASSWORD.toString(), password);
session.setAttribute(Attribute.EMAIL.toString(), DatabaseApi.getAccountEmail(accountId));
session.setAttribute(Attribute.NAME.toString(), DatabaseApi.getAccountName(accountId));
session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), false);
session.removeAttribute(
Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
response.sendRedirect("projects.jsp");
} else {
response.sendRedirect("index.jsp"); // Keep the user on the same page.
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
session.setAttribute(Attribute.IS_AUTHORIZED.toString(), false);
response.sendRedirect("index.jsp");
}
}
private void handleSecurityQuestionRetrieval(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
// TODO Auto-generated method stub
String username = request.getParameter("username");
if (Security.isSafeUsername(username)) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
if (DatabaseApi.usernameExists(username)) {
String securityQuestion =
DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
if (securityQuestion != null) {
session.setAttribute(Attribute.SECURITY_QUESTION.toString(), securityQuestion);
session.setAttribute(Attribute.USERNAME.toString(), username);
session.removeAttribute(
Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
response.sendRedirect("securityQuestion.jsp");
} else {
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("forgot.jsp");
}
} else {
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("forgot.jsp");
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("forgot.jsp");
}
}
private void handleCreateAccount(
HttpServletRequest request, HttpServletResponse response, HttpSession session, String json)
throws IOException {
CreateAccountRequest createAccountRequest =
new Gson().fromJson(json, CreateAccountRequest.class);
response.setContentType("text/plain");
PrintWriter out = response.getWriter();
String username = createAccountRequest.arguments.username;
String email = createAccountRequest.arguments.email;
String password = createAccountRequest.arguments.password;
String confirmPassword = createAccountRequest.arguments.confirmPassword;
String name = "Enter your name";
if (Security.isSafeUsername(username)
&& Security.isSafeEmail(email)
&& Security.isSafePassword(password)
&& Security.isSafePassword(confirmPassword)
&& password.equals(confirmPassword)
&& Security.isSafeName(name)) { // Short-circuitry
User newUser = new User(username, password, name, email);
boolean addedSuccessfully = DatabaseApi.AddAccount(newUser);
if (addedSuccessfully) {
session.setAttribute(Attribute.IS_AUTHORIZED.toString(), true);
session.setAttribute(Attribute.USERNAME.toString(), username);
session.setAttribute(Attribute.EMAIL.toString(), email);
session.setAttribute(Attribute.PASSWORD.toString(), password);
session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), true);
out.println(username + " created successfully.");
} else {
// TODO Add error message here
}
} else {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
}
out.flush();
out.close();
}