private void handleCreateProject(
HttpServletRequest request, HttpServletResponse response, HttpSession session, String json)
throws IOException {
response.setContentType("text/plain");
PrintWriter out = response.getWriter();
int accountId = getAccountIdFromSessionAttributes(session);
CreateProjectRequest createProjectRequest =
new Gson().fromJson(json, CreateProjectRequest.class);
String projectName = createProjectRequest.arguments.project;
if (Security.isSafeProjectName(projectName)
&& Security.isUniqueProjectName(projectName, accountId)
&& Security.projectFits(DatabaseApi.getNumberOfProjects(accountId))) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
String icon = "/olive/images/Ponkan_folder_opened_64.png";
Project project = new Project(projectName, accountId, icon, -1);
Boolean added = DatabaseApi.addProject(project);
if (!added) {
session.setAttribute(Attribute.ADD_SUCCESSFULLY.toString(), false);
} else {
session.setAttribute(Attribute.ADD_SUCCESSFULLY.toString(), true);
session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), false);
out.println(createProjectRequest.arguments.project + " created successfully.");
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
}
out.flush();
out.close();
}
private void handleLogin(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
Boolean isAuthorized;
String username = request.getParameter("login-username");
String password = request.getParameter("login-password");
if (Security.isSafeUsername(username) && Security.isSafePassword(password)) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
isAuthorized = DatabaseApi.isAuthorized(username, password);
session.setAttribute(Attribute.IS_AUTHORIZED.toString(), isAuthorized);
if (isAuthorized) { // Take the user to the projects page.
int accountId = DatabaseApi.getAccountId(username);
session.setAttribute(
Attribute.USERNAME.toString(), DatabaseApi.getAccountUsername(accountId));
session.setAttribute(Attribute.PASSWORD.toString(), password);
session.setAttribute(Attribute.EMAIL.toString(), DatabaseApi.getAccountEmail(accountId));
session.setAttribute(Attribute.NAME.toString(), DatabaseApi.getAccountName(accountId));
session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), false);
session.removeAttribute(
Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
response.sendRedirect("projects.jsp");
} else {
response.sendRedirect("index.jsp"); // Keep the user on the same page.
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
session.setAttribute(Attribute.IS_AUTHORIZED.toString(), false);
response.sendRedirect("index.jsp");
}
}
private void handleSecurityQuestionRetrieval(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
// TODO Auto-generated method stub
String username = request.getParameter("username");
if (Security.isSafeUsername(username)) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
if (DatabaseApi.usernameExists(username)) {
String securityQuestion =
DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
if (securityQuestion != null) {
session.setAttribute(Attribute.SECURITY_QUESTION.toString(), securityQuestion);
session.setAttribute(Attribute.USERNAME.toString(), username);
session.removeAttribute(
Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
response.sendRedirect("securityQuestion.jsp");
} else {
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("forgot.jsp");
}
} else {
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("forgot.jsp");
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("forgot.jsp");
}
}
private void handleSecurityAnswer(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
// TODO Auto-generated method stub
String answer = request.getParameter("security_answer");
String username = (String) session.getAttribute(Attribute.USERNAME.toString());
if (Security.isSafeSecurityAnswer(answer)) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
String securityQuestion =
DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
Boolean isCorrect = DatabaseApi.isCorrectSecurityInfo(username, securityQuestion, answer);
if (isCorrect) {
session.setAttribute(Attribute.IS_CORRECT.toString(), true);
session.removeAttribute(
Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
response.sendRedirect("new-password-form.jsp");
} else {
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("securityQuestion.jsp");
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("securityQuestion.jsp");
}
}
private void handleNewPassword(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
// TODO Auto-generated method stub
String newPassword = request.getParameter("password");
String confirmNewPassword = request.getParameter("confirm_password");
Boolean newPasswordSet;
if (Security.isSafePassword(newPassword) && Security.isSafePassword(confirmNewPassword)) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
if (newPassword.equals(confirmNewPassword)) {
session.setAttribute(Attribute.PASSWORDS_MATCH.toString(), true);
String username = (String) session.getAttribute(Attribute.USERNAME.toString());
newPasswordSet = DatabaseApi.editPassword(username, newPassword);
session.setAttribute(Attribute.EDIT_SUCCESSFULLY.toString(), newPasswordSet);
} else {
session.setAttribute(Attribute.PASSWORDS_MATCH.toString(), false);
session.setAttribute(Attribute.EDIT_SUCCESSFULLY.toString(), false);
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
session.setAttribute(Attribute.EDIT_SUCCESSFULLY.toString(), false);
}
response.sendRedirect("new-password-form.jsp");
session.removeAttribute(Attribute.USERNAME.toString());
}
