private void handleLogin(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
Boolean isAuthorized;
String username = request.getParameter("login-username");
String password = request.getParameter("login-password");
if (Security.isSafeUsername(username) && Security.isSafePassword(password)) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
isAuthorized = DatabaseApi.isAuthorized(username, password);
session.setAttribute(Attribute.IS_AUTHORIZED.toString(), isAuthorized);
if (isAuthorized) { // Take the user to the projects page.
int accountId = DatabaseApi.getAccountId(username);
session.setAttribute(
Attribute.USERNAME.toString(), DatabaseApi.getAccountUsername(accountId));
session.setAttribute(Attribute.PASSWORD.toString(), password);
session.setAttribute(Attribute.EMAIL.toString(), DatabaseApi.getAccountEmail(accountId));
session.setAttribute(Attribute.NAME.toString(), DatabaseApi.getAccountName(accountId));
session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), false);
session.removeAttribute(
Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
response.sendRedirect("projects.jsp");
} else {
response.sendRedirect("index.jsp"); // Keep the user on the same page.
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
session.setAttribute(Attribute.IS_AUTHORIZED.toString(), false);
response.sendRedirect("index.jsp");
}
}
private void handleCreateProject(
HttpServletRequest request, HttpServletResponse response, HttpSession session, String json)
throws IOException {
response.setContentType("text/plain");
PrintWriter out = response.getWriter();
int accountId = getAccountIdFromSessionAttributes(session);
CreateProjectRequest createProjectRequest =
new Gson().fromJson(json, CreateProjectRequest.class);
String projectName = createProjectRequest.arguments.project;
if (Security.isSafeProjectName(projectName)
&& Security.isUniqueProjectName(projectName, accountId)
&& Security.projectFits(DatabaseApi.getNumberOfProjects(accountId))) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
String icon = "/olive/images/Ponkan_folder_opened_64.png";
Project project = new Project(projectName, accountId, icon, -1);
Boolean added = DatabaseApi.addProject(project);
if (!added) {
session.setAttribute(Attribute.ADD_SUCCESSFULLY.toString(), false);
} else {
session.setAttribute(Attribute.ADD_SUCCESSFULLY.toString(), true);
session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), false);
out.println(createProjectRequest.arguments.project + " created successfully.");
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
}
out.flush();
out.close();
}
private void handleNewPassword(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
// TODO Auto-generated method stub
String newPassword = request.getParameter("password");
String confirmNewPassword = request.getParameter("confirm_password");
Boolean newPasswordSet;
if (Security.isSafePassword(newPassword) && Security.isSafePassword(confirmNewPassword)) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
if (newPassword.equals(confirmNewPassword)) {
session.setAttribute(Attribute.PASSWORDS_MATCH.toString(), true);
String username = (String) session.getAttribute(Attribute.USERNAME.toString());
newPasswordSet = DatabaseApi.editPassword(username, newPassword);
session.setAttribute(Attribute.EDIT_SUCCESSFULLY.toString(), newPasswordSet);
} else {
session.setAttribute(Attribute.PASSWORDS_MATCH.toString(), false);
session.setAttribute(Attribute.EDIT_SUCCESSFULLY.toString(), false);
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
session.setAttribute(Attribute.EDIT_SUCCESSFULLY.toString(), false);
}
response.sendRedirect("new-password-form.jsp");
session.removeAttribute(Attribute.USERNAME.toString());
}
private void handleSplitVideo(
HttpServletRequest request, HttpServletResponse response, HttpSession session, String json)
throws IOException {
SplitVideoRequest splitVideoRequest = new Gson().fromJson(json, SplitVideoRequest.class);
response.setContentType("text/plain");
PrintWriter out = response.getWriter();
if (!Security.isSafeVideoName(splitVideoRequest.arguments.video)) {
out.println("Name of video to split is invalid.");
log.warning("Name of video to split is invalid.");
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}
if (!Security.isSafeSplitTimeInSeconds(splitVideoRequest.arguments.splitTimeInSeconds)) {
out.println("Split time (in seconds) is invalid.");
log.warning("Split time (in seconds) is invalid.");
response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
}
int projectId = getProjectIdFromSessionAttributes(session);
int videoId = DatabaseApi.getVideoId(splitVideoRequest.arguments.video, projectId);
Video[] videoFragments =
ZencoderApi.split(videoId, splitVideoRequest.arguments.splitTimeInSeconds);
for (Video videoFragment : videoFragments) { // foreach-loop
// Give the video a name only at the last moment to prevent duplicates.
String newVideoName =
Security.convertToSafeAndUniqueVideoName(
videoFragment.getName(),
projectId); // .getName() returns the original video name at this point.
videoFragment.setName(newVideoName); // Now, change .getName() to a unique name.
DatabaseApi.addVideo(
new Video(
videoFragment.getName(),
videoFragment.getUrl(),
videoFragment.getIcon(),
projectId,
-1,
-1,
false)); // projectId not computed by Zencoder
}
out.println(
splitVideoRequest.arguments.video
+ " split at "
+ splitVideoRequest.arguments.splitTimeInSeconds
+ " seconds successfully.");
out.flush();
out.close();
}
private void handleSecurityAnswer(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
// TODO Auto-generated method stub
String answer = request.getParameter("security_answer");
String username = (String) session.getAttribute(Attribute.USERNAME.toString());
if (Security.isSafeSecurityAnswer(answer)) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
String securityQuestion =
DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
Boolean isCorrect = DatabaseApi.isCorrectSecurityInfo(username, securityQuestion, answer);
if (isCorrect) {
session.setAttribute(Attribute.IS_CORRECT.toString(), true);
session.removeAttribute(
Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
response.sendRedirect("new-password-form.jsp");
} else {
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("securityQuestion.jsp");
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("securityQuestion.jsp");
}
}
private void handleSecurityQuestionRetrieval(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
// TODO Auto-generated method stub
String username = request.getParameter("username");
if (Security.isSafeUsername(username)) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
if (DatabaseApi.usernameExists(username)) {
String securityQuestion =
DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
if (securityQuestion != null) {
session.setAttribute(Attribute.SECURITY_QUESTION.toString(), securityQuestion);
session.setAttribute(Attribute.USERNAME.toString(), username);
session.removeAttribute(
Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
response.sendRedirect("securityQuestion.jsp");
} else {
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("forgot.jsp");
}
} else {
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("forgot.jsp");
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("forgot.jsp");
}
}
private void handleEditUserNameEmail(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
String username = (String) session.getAttribute(Attribute.USERNAME.toString());
String newName = request.getParameter("new-name");
String newEmail = request.getParameter("new-email");
if (Security.isSafeName(newName) && Security.isSafeEmail(newEmail)) {
User updateUser = new User(username, "", newName, newEmail, "", "");
Boolean editSuccessfully = DatabaseApi.editAccount(updateUser);
session.setAttribute(Attribute.EDIT_NAME_SUCCESSFULLY.toString(), editSuccessfully);
session.setAttribute(Attribute.EMAIL.toString(), newEmail);
session.setAttribute(Attribute.NAME.toString(), newName);
} else {
session.setAttribute(Attribute.EDIT_NAME_SUCCESSFULLY.toString(), false);
}
response.sendRedirect("account.jsp");
}
private void handleEditUserSecurity(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
String username = (String) session.getAttribute(Attribute.USERNAME.toString());
String securityQuestion = request.getParameter("new-security-question");
String securityAnswer = request.getParameter("new-security-answer");
if (Security.isSafeSecurityQuestion(securityQuestion)
&& Security.isSafeSecurityAnswer(securityAnswer)) {
User updateUser = new User(username, "", "", "", securityQuestion, securityAnswer);
Boolean editSuccessfully = DatabaseApi.editAccount(updateUser);
session.setAttribute(Attribute.EDIT_QA_SUCCESSFULLY.toString(), editSuccessfully);
session.setAttribute(Attribute.SECURITY_QUESTION.toString(), securityQuestion);
session.setAttribute(Attribute.SECURITY_ANSWER.toString(), securityAnswer);
} else {
session.setAttribute(Attribute.EDIT_QA_SUCCESSFULLY.toString(), false);
}
response.sendRedirect("account.jsp");
}
private void handleRenameVideo(
HttpServletRequest request, HttpServletResponse response, HttpSession session, String json)
throws IOException {
RenameVideoRequest renameVideoRequest = new Gson().fromJson(json, RenameVideoRequest.class);
String newVideoName = renameVideoRequest.arguments.newVideoName;
String oldVideoName = renameVideoRequest.arguments.oldVideoName;
int videoId = getVideoIdFromSessionAttributes(session, oldVideoName);
int projectId = getProjectIdFromSessionAttributes(session);
response.setContentType("text/plain");
PrintWriter out = response.getWriter();
if (Security.isSafeVideoName(newVideoName)
&& Security.isUniqueVideoName(newVideoName, projectId)) {
DatabaseApi.renameVideo(videoId, newVideoName);
out.println(newVideoName);
} else {
out.println(oldVideoName);
}
out.flush();
out.close();
}
private void handleCreateAccount(
HttpServletRequest request, HttpServletResponse response, HttpSession session, String json)
throws IOException {
CreateAccountRequest createAccountRequest =
new Gson().fromJson(json, CreateAccountRequest.class);
response.setContentType("text/plain");
PrintWriter out = response.getWriter();
String username = createAccountRequest.arguments.username;
String email = createAccountRequest.arguments.email;
String password = createAccountRequest.arguments.password;
String confirmPassword = createAccountRequest.arguments.confirmPassword;
String name = "Enter your name";
if (Security.isSafeUsername(username)
&& Security.isSafeEmail(email)
&& Security.isSafePassword(password)
&& Security.isSafePassword(confirmPassword)
&& password.equals(confirmPassword)
&& Security.isSafeName(name)) { // Short-circuitry
User newUser = new User(username, password, name, email);
boolean addedSuccessfully = DatabaseApi.AddAccount(newUser);
if (addedSuccessfully) {
session.setAttribute(Attribute.IS_AUTHORIZED.toString(), true);
session.setAttribute(Attribute.USERNAME.toString(), username);
session.setAttribute(Attribute.EMAIL.toString(), email);
session.setAttribute(Attribute.PASSWORD.toString(), password);
session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), true);
out.println(username + " created successfully.");
} else {
// TODO Add error message here
}
} else {
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
}
out.flush();
out.close();
}
private void handleEditUserPassword(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
String username = (String) session.getAttribute(Attribute.USERNAME.toString());
String newPassword = request.getParameter("new-password");
String confirmNewPassword = request.getParameter("confirm-new-password");
if (Security.isSafePassword(newPassword) && Security.isSafePassword(confirmNewPassword)) {
if (newPassword.equals(confirmNewPassword)) {
User updateUser = new User(username, newPassword, "", "", "", "");
Boolean editSuccessfully = DatabaseApi.editAccount(updateUser);
session.setAttribute(Attribute.EDIT_PWD_SUCCESSFULLY.toString(), editSuccessfully);
session.setAttribute(Attribute.PASSWORDS_MATCH.toString(), true);
} else {
session.setAttribute(Attribute.EDIT_PWD_SUCCESSFULLY.toString(), false);
session.setAttribute(Attribute.PASSWORDS_MATCH.toString(), false);
}
} else {
session.setAttribute(Attribute.EDIT_PWD_SUCCESSFULLY.toString(), false);
}
response.sendRedirect("account.jsp");
}
private void addVideoEverywhere(PrintWriter out, int projectId, File video)
throws InvalidFileSizeException, IOException, ServiceException, NoSuchAlgorithmException {
if (Security.isSafeVideo(video)
&& Security.videoFits(DatabaseApi.getNumberOfVideos(projectId))) {
String[] videoUrlAndIcon = S3Api.uploadFile(video);
String videoUrl = videoUrlAndIcon[0];
String videoIcon = videoUrlAndIcon[1];
if (videoUrl != null) {
// Give the video a name only at the last moment to prevent duplicates.
String videoName = Security.convertToSafeAndUniqueVideoName(video.getName(), projectId);
DatabaseApi.addVideo(new Video(videoName, videoUrl, videoIcon, projectId, -1, -1, false));
// File downloadedFile = S3Api.downloadFile(videoUrl); // TODO Add to /temp/ folder so it
// can be played in the player.
out.println("File uploaded. Please close this window and refresh the editor page.");
out.println();
return;
}
out.println("Upload Failed. Error uploading video to the cloud.");
log.warning("Upload Failed. Error uploading video to the cloud.");
// response.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
} else if (!Security.isSafeVideo(video)) {
out.println("Upload Failed. Video is invalid.");
log.warning("Upload Failed. Video is invalid.");
return;
} else if (!Security.videoFits(DatabaseApi.getNumberOfVideos(projectId))) {
out.println("Upload Failed. Maximum number of videos reached.");
log.warning("Upload Failed. Maximum number of videos reached.");
return;
} else {
out.println("Upload Failed. Unknown reason.");
log.warning("Upload Failed. Unknown reason.");
// response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Bad Name");
return;
}
}
// http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-Form-Data.html
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
log.info("The servlet is responding to an HTTP GET request");
response.setContentType("text/html");
HttpSession session = request.getSession();
String projectName = request.getParameter("projectName");
int accountId =
DatabaseApi.getAccountId((String) session.getAttribute(Attribute.USERNAME.toString()));
if (projectName != null
&& Security.isSafeProjectName(projectName)
&& DatabaseApi.projectExists(projectName, accountId)) { // Short-circuiting
session.setAttribute(Attribute.PROJECT_NAME.toString(), projectName);
response.sendRedirect("editor.jsp");
} else {
response.sendRedirect("projects.jsp");
}
PrintWriter out = response.getWriter();
out.println("File uploaded. Please close this window and refresh the editor page.");
out.flush();
out.close();
}
