private void handleSecurityAnswer(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
// TODO Auto-generated method stub
String answer = request.getParameter("security_answer");
String username = (String) session.getAttribute(Attribute.USERNAME.toString());
if (Security.isSafeSecurityAnswer(answer)) {
session.setAttribute(Attribute.IS_SAFE.toString(), true);
String securityQuestion =
DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
Boolean isCorrect = DatabaseApi.isCorrectSecurityInfo(username, securityQuestion, answer);
if (isCorrect) {
session.setAttribute(Attribute.IS_CORRECT.toString(), true);
session.removeAttribute(
Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
response.sendRedirect("new-password-form.jsp");
} else {
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("securityQuestion.jsp");
}
} else {
session.setAttribute(Attribute.IS_SAFE.toString(), false);
session.setAttribute(Attribute.IS_CORRECT.toString(), false);
response.sendRedirect("securityQuestion.jsp");
}
}
private void handleEditUserSecurity(
HttpServletRequest request, HttpServletResponse response, HttpSession session)
throws UnsupportedEncodingException, IOException {
String username = (String) session.getAttribute(Attribute.USERNAME.toString());
String securityQuestion = request.getParameter("new-security-question");
String securityAnswer = request.getParameter("new-security-answer");
if (Security.isSafeSecurityQuestion(securityQuestion)
&& Security.isSafeSecurityAnswer(securityAnswer)) {
User updateUser = new User(username, "", "", "", securityQuestion, securityAnswer);
Boolean editSuccessfully = DatabaseApi.editAccount(updateUser);
session.setAttribute(Attribute.EDIT_QA_SUCCESSFULLY.toString(), editSuccessfully);
session.setAttribute(Attribute.SECURITY_QUESTION.toString(), securityQuestion);
session.setAttribute(Attribute.SECURITY_ANSWER.toString(), securityAnswer);
} else {
session.setAttribute(Attribute.EDIT_QA_SUCCESSFULLY.toString(), false);
}
response.sendRedirect("account.jsp");
}