/**
* Validates the login. Writes the isValid flag into the session along with the current user.
*
* @return true if OK, false if there's a problem
*/
private boolean validateLogin(
HttpSession session, HttpServletRequest req, HttpServletResponse res) throws Exception {
// Creates a user database access bean.
UserManager userManager = new UserManager();
// (no setSession() here, since user may not exist yet)
// Validates the login
String username = req.getParameter("Username");
String password = req.getParameter("Password");
boolean isValid = userManager.isValidUser(username, password);
boolean isAdmin = userManager.isAdmin(username);
// To allow bootstrapping the system, if there are no users
// yet, set this session valid, and grant admin privileges.
if (userManager.getRecords().isEmpty()) {
isValid = true;
isAdmin = true;
}
if (isValid) {
// Writes User object and validity flag to the session
session.setAttribute("user", new User(username, password, isAdmin));
session.setAttribute("isValid", new Boolean(isValid));
} else {
Util.putMessagePage(res, "Invalid user or password");
return false;
}
return isValid;
}
public Message startAuthentication(AuthenticationMessage msg)
throws AuthenticationException, GeneralSecurityException {
if (msg instanceof RequestLoginMessage) {
RequestLoginMessage rlm = (RequestLoginMessage) msg;
username = rlm.getLogin();
if (!allowRoot && username.equals("root")) {
throw new AuthenticationException("Must authenticate as a regular user first.");
}
// generate challange
byte[] passhash = UserManager.v().getPassHash(username);
if (passhash == null) {
throw new AuthenticationException("User has no password");
}
ChallangeMessage cm = new ChallangeMessage();
SecureRandom rand = new SecureRandom();
rand.nextBytes(randNumber);
cm.setChallange(randNumber, passhash);
state = CL_CHALLANGE_SENT;
// send the challange
return cm;
} else if (msg instanceof ChallangeCheckStatusMessage) {
// After authentication is complete the client sends this message
// It can be safely ignored. We don't care that the client has
// actually authenticated us.
return null;
}
throw new AuthenticationException("State Error");
}
public Message updateState(AuthenticationMessage msg)
throws AuthenticationException, GeneralSecurityException {
switch (state) {
case CL_CHALLANGE_SENT:
{
ChallangeResponseMessage crm = null;
byte[] resp;
if (msg instanceof ChallangeResponseMessage) {
crm = (ChallangeResponseMessage) msg;
resp = crm.getResponse();
} else {
throw new AuthenticationException("State Error");
}
if (!Arrays.equals(randNumber, resp)) {
throw new AuthenticationException("Authentication Failed");
}
state = SR_AUTH_SERVER;
// wait for challenge
ChallangeCheckStatusMessage check = new ChallangeCheckStatusMessage();
check.setOk(true);
return check;
}
case SR_AUTH_SERVER:
{
ChallangeMessage cm = null;
if (msg instanceof ChallangeMessage) {
cm = (ChallangeMessage) msg;
} else {
throw new AuthenticationException("State Error");
}
// send reponse
ChallangeResponseMessage crm = new ChallangeResponseMessage();
byte[] passhash = UserManager.v().getPassHash(username);
if (passhash == null) {
throw new AuthenticationException("User has no password");
}
crm.produceResponse(cm.getChallange(), passhash);
authenticated = true;
logger.info("User " + username + " logged in");
state = DONE_STATE;
// complete the challenege-response
return crm;
}
default:
{
if (msg instanceof ChallangeCheckStatusMessage) {
return null;
}
}
}
throw new AuthenticationException("State Incomplete");
}
/**
* Displays a given Meeting page for a HTTP Get, or creates a new Meeting for a HTTP Post
*
* <p>- Requires a cookie for the session user - Requires a meetingId request parameter for a GET
* - Requires description, createdByUserId, datepicker, meetingTime, groupId request parameters
* for a POST
*
* @param req The HTTP Request
* @param res The HTTP Response
*/
public void meetingAction(HttpServletRequest req, HttpServletResponse res) {
// Ensure there is a cookie for the session user
if (AccountController.redirectIfNoCookie(req, res)) return;
Map<String, Object> viewData = new HashMap<String, Object>();
viewData.put("title", "Meeting");
// Initialise Manager connections
MeetingManager meetingMan = new MeetingManager();
GroupManager groupMan = new GroupManager();
if (req.getMethod() == HttpMethod.Get) {
// Get request parameter
int meetingId = Integer.parseInt(req.getParameter("meetingId"));
Meeting meeting = meetingMan.get(meetingId);
if (meeting != null) {
List<User> meetingUsers = groupMan.getGroupUsers(meeting.getGroupId());
viewData.put("meetingUsers", meetingUsers);
viewData.put("meeting", meeting);
view(req, res, "/views/group/Meeting.jsp", viewData);
} else {
httpNotFound(req, res);
}
} else if (req.getMethod() == HttpMethod.Post) {
// Get details from request
String description = req.getParameter("description");
int createdByUserId = Integer.parseInt(req.getParameter("createdByUserId"));
Date dateCreated = new Date();
String meetingDate = req.getParameter("datepicker");
String meetingTime = req.getParameter("meetingTime");
// Parse meeting date time details
DateFormat format = new SimpleDateFormat("MM/dd/yyyy HH:mm");
Date dateDue = new Date();
try {
dateDue = format.parse(meetingDate + " " + meetingTime);
} catch (ParseException e) {
// Unable to parse date. This shouldn't happen since we are
// performing javascript validation.
}
int groupId = Integer.parseInt(req.getParameter("groupId"));
// Create a Meeting
Meeting meeting = new Meeting();
meeting.setDescription(description);
meeting.setCreatedByUserId(createdByUserId);
meeting.setDateCreated(dateCreated);
meeting.setDateDue(dateDue);
meeting.setGroupId(groupId);
meetingMan.createMeeting(meeting);
int meetingId = meetingMan.getIdFor(meeting);
meeting.setId(meetingId);
UserManager userMan = new UserManager();
User createdByUser = userMan.get(createdByUserId);
// Create a notification for all users in group
NotificationManager notificationMan = new NotificationManager();
List<User> users = groupMan.getGroupUsers(groupId);
for (User u : users) {
Notification notification =
new Notification(
u.getId(),
u,
groupId,
null,
"Meeting " + description + " was created by " + createdByUser.getFullName(),
"/group/meeting?meetingId=" + meetingId);
notificationMan.createNotification(notification);
}
// Update the User Session to show new meeting
HttpSession session = req.getSession();
Session userSession = (Session) session.getAttribute("userSession");
User admin = userSession.getUser();
admin.getMeetings().add(meeting);
// Show meeting page
viewData.put("meetingUsers", users);
viewData.put("meeting", meeting);
view(req, res, "/views/group/Meeting.jsp", viewData);
}
}
