예제 #1
0
 private void handleSecurityAnswer(
     HttpServletRequest request, HttpServletResponse response, HttpSession session)
     throws UnsupportedEncodingException, IOException {
   // TODO Auto-generated method stub
   String answer = request.getParameter("security_answer");
   String username = (String) session.getAttribute(Attribute.USERNAME.toString());
   if (Security.isSafeSecurityAnswer(answer)) {
     session.setAttribute(Attribute.IS_SAFE.toString(), true);
     String securityQuestion =
         DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
     Boolean isCorrect = DatabaseApi.isCorrectSecurityInfo(username, securityQuestion, answer);
     if (isCorrect) {
       session.setAttribute(Attribute.IS_CORRECT.toString(), true);
       session.removeAttribute(
           Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
       response.sendRedirect("new-password-form.jsp");
     } else {
       session.setAttribute(Attribute.IS_CORRECT.toString(), false);
       response.sendRedirect("securityQuestion.jsp");
     }
   } else {
     session.setAttribute(Attribute.IS_SAFE.toString(), false);
     session.setAttribute(Attribute.IS_CORRECT.toString(), false);
     response.sendRedirect("securityQuestion.jsp");
   }
 }
예제 #2
0
 private void handleSecurityQuestionRetrieval(
     HttpServletRequest request, HttpServletResponse response, HttpSession session)
     throws UnsupportedEncodingException, IOException {
   // TODO Auto-generated method stub
   String username = request.getParameter("username");
   if (Security.isSafeUsername(username)) {
     session.setAttribute(Attribute.IS_SAFE.toString(), true);
     if (DatabaseApi.usernameExists(username)) {
       String securityQuestion =
           DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
       if (securityQuestion != null) {
         session.setAttribute(Attribute.SECURITY_QUESTION.toString(), securityQuestion);
         session.setAttribute(Attribute.USERNAME.toString(), username);
         session.removeAttribute(
             Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
         response.sendRedirect("securityQuestion.jsp");
       } else {
         session.setAttribute(Attribute.IS_CORRECT.toString(), false);
         response.sendRedirect("forgot.jsp");
       }
     } else {
       session.setAttribute(Attribute.IS_CORRECT.toString(), false);
       response.sendRedirect("forgot.jsp");
     }
   } else {
     session.setAttribute(Attribute.IS_SAFE.toString(), false);
     session.setAttribute(Attribute.IS_CORRECT.toString(), false);
     response.sendRedirect("forgot.jsp");
   }
 }