Beispiel #1
0
  private void handleCreateProject(
      HttpServletRequest request, HttpServletResponse response, HttpSession session, String json)
      throws IOException {
    response.setContentType("text/plain");
    PrintWriter out = response.getWriter();

    int accountId = getAccountIdFromSessionAttributes(session);
    CreateProjectRequest createProjectRequest =
        new Gson().fromJson(json, CreateProjectRequest.class);
    String projectName = createProjectRequest.arguments.project;

    if (Security.isSafeProjectName(projectName)
        && Security.isUniqueProjectName(projectName, accountId)
        && Security.projectFits(DatabaseApi.getNumberOfProjects(accountId))) {
      session.setAttribute(Attribute.IS_SAFE.toString(), true);

      String icon = "/olive/images/Ponkan_folder_opened_64.png";
      Project project = new Project(projectName, accountId, icon, -1);
      Boolean added = DatabaseApi.addProject(project);
      if (!added) {
        session.setAttribute(Attribute.ADD_SUCCESSFULLY.toString(), false);
      } else {
        session.setAttribute(Attribute.ADD_SUCCESSFULLY.toString(), true);
        session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), false);
        out.println(createProjectRequest.arguments.project + " created successfully.");
      }
    } else {
      session.setAttribute(Attribute.IS_SAFE.toString(), false);
    }

    out.flush();
    out.close();
  }
Beispiel #2
0
 private void handleLogin(
     HttpServletRequest request, HttpServletResponse response, HttpSession session)
     throws UnsupportedEncodingException, IOException {
   Boolean isAuthorized;
   String username = request.getParameter("login-username");
   String password = request.getParameter("login-password");
   if (Security.isSafeUsername(username) && Security.isSafePassword(password)) {
     session.setAttribute(Attribute.IS_SAFE.toString(), true);
     isAuthorized = DatabaseApi.isAuthorized(username, password);
     session.setAttribute(Attribute.IS_AUTHORIZED.toString(), isAuthorized);
     if (isAuthorized) { // Take the user to the projects page.
       int accountId = DatabaseApi.getAccountId(username);
       session.setAttribute(
           Attribute.USERNAME.toString(), DatabaseApi.getAccountUsername(accountId));
       session.setAttribute(Attribute.PASSWORD.toString(), password);
       session.setAttribute(Attribute.EMAIL.toString(), DatabaseApi.getAccountEmail(accountId));
       session.setAttribute(Attribute.NAME.toString(), DatabaseApi.getAccountName(accountId));
       session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), false);
       session.removeAttribute(
           Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
       response.sendRedirect("projects.jsp");
     } else {
       response.sendRedirect("index.jsp"); // Keep the user on the same page.
     }
   } else {
     session.setAttribute(Attribute.IS_SAFE.toString(), false);
     session.setAttribute(Attribute.IS_AUTHORIZED.toString(), false);
     response.sendRedirect("index.jsp");
   }
 }
Beispiel #3
0
 private void handleSecurityQuestionRetrieval(
     HttpServletRequest request, HttpServletResponse response, HttpSession session)
     throws UnsupportedEncodingException, IOException {
   // TODO Auto-generated method stub
   String username = request.getParameter("username");
   if (Security.isSafeUsername(username)) {
     session.setAttribute(Attribute.IS_SAFE.toString(), true);
     if (DatabaseApi.usernameExists(username)) {
       String securityQuestion =
           DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
       if (securityQuestion != null) {
         session.setAttribute(Attribute.SECURITY_QUESTION.toString(), securityQuestion);
         session.setAttribute(Attribute.USERNAME.toString(), username);
         session.removeAttribute(
             Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
         response.sendRedirect("securityQuestion.jsp");
       } else {
         session.setAttribute(Attribute.IS_CORRECT.toString(), false);
         response.sendRedirect("forgot.jsp");
       }
     } else {
       session.setAttribute(Attribute.IS_CORRECT.toString(), false);
       response.sendRedirect("forgot.jsp");
     }
   } else {
     session.setAttribute(Attribute.IS_SAFE.toString(), false);
     session.setAttribute(Attribute.IS_CORRECT.toString(), false);
     response.sendRedirect("forgot.jsp");
   }
 }
Beispiel #4
0
 private void handleSecurityAnswer(
     HttpServletRequest request, HttpServletResponse response, HttpSession session)
     throws UnsupportedEncodingException, IOException {
   // TODO Auto-generated method stub
   String answer = request.getParameter("security_answer");
   String username = (String) session.getAttribute(Attribute.USERNAME.toString());
   if (Security.isSafeSecurityAnswer(answer)) {
     session.setAttribute(Attribute.IS_SAFE.toString(), true);
     String securityQuestion =
         DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
     Boolean isCorrect = DatabaseApi.isCorrectSecurityInfo(username, securityQuestion, answer);
     if (isCorrect) {
       session.setAttribute(Attribute.IS_CORRECT.toString(), true);
       session.removeAttribute(
           Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
       response.sendRedirect("new-password-form.jsp");
     } else {
       session.setAttribute(Attribute.IS_CORRECT.toString(), false);
       response.sendRedirect("securityQuestion.jsp");
     }
   } else {
     session.setAttribute(Attribute.IS_SAFE.toString(), false);
     session.setAttribute(Attribute.IS_CORRECT.toString(), false);
     response.sendRedirect("securityQuestion.jsp");
   }
 }
Beispiel #5
0
 private void handleNewPassword(
     HttpServletRequest request, HttpServletResponse response, HttpSession session)
     throws UnsupportedEncodingException, IOException {
   // TODO Auto-generated method stub
   String newPassword = request.getParameter("password");
   String confirmNewPassword = request.getParameter("confirm_password");
   Boolean newPasswordSet;
   if (Security.isSafePassword(newPassword) && Security.isSafePassword(confirmNewPassword)) {
     session.setAttribute(Attribute.IS_SAFE.toString(), true);
     if (newPassword.equals(confirmNewPassword)) {
       session.setAttribute(Attribute.PASSWORDS_MATCH.toString(), true);
       String username = (String) session.getAttribute(Attribute.USERNAME.toString());
       newPasswordSet = DatabaseApi.editPassword(username, newPassword);
       session.setAttribute(Attribute.EDIT_SUCCESSFULLY.toString(), newPasswordSet);
     } else {
       session.setAttribute(Attribute.PASSWORDS_MATCH.toString(), false);
       session.setAttribute(Attribute.EDIT_SUCCESSFULLY.toString(), false);
     }
   } else {
     session.setAttribute(Attribute.IS_SAFE.toString(), false);
     session.setAttribute(Attribute.EDIT_SUCCESSFULLY.toString(), false);
   }
   response.sendRedirect("new-password-form.jsp");
   session.removeAttribute(Attribute.USERNAME.toString());
 }