예제 #1
0
 private void handleSecurityAnswer(
     HttpServletRequest request, HttpServletResponse response, HttpSession session)
     throws UnsupportedEncodingException, IOException {
   // TODO Auto-generated method stub
   String answer = request.getParameter("security_answer");
   String username = (String) session.getAttribute(Attribute.USERNAME.toString());
   if (Security.isSafeSecurityAnswer(answer)) {
     session.setAttribute(Attribute.IS_SAFE.toString(), true);
     String securityQuestion =
         DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
     Boolean isCorrect = DatabaseApi.isCorrectSecurityInfo(username, securityQuestion, answer);
     if (isCorrect) {
       session.setAttribute(Attribute.IS_CORRECT.toString(), true);
       session.removeAttribute(
           Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
       response.sendRedirect("new-password-form.jsp");
     } else {
       session.setAttribute(Attribute.IS_CORRECT.toString(), false);
       response.sendRedirect("securityQuestion.jsp");
     }
   } else {
     session.setAttribute(Attribute.IS_SAFE.toString(), false);
     session.setAttribute(Attribute.IS_CORRECT.toString(), false);
     response.sendRedirect("securityQuestion.jsp");
   }
 }
예제 #2
0
  private void handleEditUserSecurity(
      HttpServletRequest request, HttpServletResponse response, HttpSession session)
      throws UnsupportedEncodingException, IOException {
    String username = (String) session.getAttribute(Attribute.USERNAME.toString());
    String securityQuestion = request.getParameter("new-security-question");
    String securityAnswer = request.getParameter("new-security-answer");
    if (Security.isSafeSecurityQuestion(securityQuestion)
        && Security.isSafeSecurityAnswer(securityAnswer)) {
      User updateUser = new User(username, "", "", "", securityQuestion, securityAnswer);
      Boolean editSuccessfully = DatabaseApi.editAccount(updateUser);
      session.setAttribute(Attribute.EDIT_QA_SUCCESSFULLY.toString(), editSuccessfully);
      session.setAttribute(Attribute.SECURITY_QUESTION.toString(), securityQuestion);
      session.setAttribute(Attribute.SECURITY_ANSWER.toString(), securityAnswer);

    } else {
      session.setAttribute(Attribute.EDIT_QA_SUCCESSFULLY.toString(), false);
    }
    response.sendRedirect("account.jsp");
  }