private void handleSignupPost(Request request, HttpServletResponse httpServletResponse)
throws Exception {
String userId = request.getParameter(PARAM_USER_ID);
String userName = request.getParameter(PARAM_USER_NAME);
String email = request.getParameter(PARAM_EMAIL);
String stringPassword = request.getParameter(PARAM_PASSWORD);
String stringPasswordConfirm = request.getParameter(PARAM_PASSWORD_CONFIRM);
if (!stringPassword.equals(stringPasswordConfirm)) {
WebUtils.redirectToError(
"Mismatch between password and password confirmation", request, httpServletResponse);
return;
}
SecureRandom secureRandom = new SecureRandom();
String salt = "" + secureRandom.nextLong();
byte[] password = User.computeHashedPassword(stringPassword, salt);
User user = userDb.get(userId);
if (user != null) {
WebUtils.redirectToError(
"There already exists a user with the ID " + userId, request, httpServletResponse);
return;
}
user =
new User(
userId,
userName,
password,
salt,
email,
new ArrayList<String>(),
Config.getConfig().activateAccountsAtCreation,
false);
// ttt2 add confirmation by email, captcha, ...
List<String> fieldErrors = user.checkFields();
if (!fieldErrors.isEmpty()) {
StringBuilder bld =
new StringBuilder("Invalid values when trying to create user with ID ")
.append(userId)
.append("<br/>");
for (String s : fieldErrors) {
bld.append(s).append("<br/>");
}
WebUtils.redirectToError(bld.toString(), request, httpServletResponse);
return;
}
// ttt2 2 clients can add the same userId simultaneously
userDb.add(user);
httpServletResponse.sendRedirect("/");
}
private void handleChangePasswordPost(Request request, HttpServletResponse httpServletResponse)
throws Exception {
LoginInfo loginInfo = userHelpers.getLoginInfo(request);
if (loginInfo == null) {
WebUtils.redirectToError("Couldn't determine the current user", request, httpServletResponse);
return;
}
String userId = loginInfo.userId;
String stringCrtPassword = request.getParameter(PARAM_CURRENT_PASSWORD);
String stringNewPassword = request.getParameter(PARAM_PASSWORD);
String stringNewPasswordConfirm = request.getParameter(PARAM_PASSWORD_CONFIRM);
if (!stringNewPassword.equals(stringNewPasswordConfirm)) {
showResult(
"Mismatch between password and password confirmation",
PATH_SETTINGS,
request,
httpServletResponse);
return;
}
User user =
userDb.get(
userId); // ttt1 crashes for wrong ID; 2013.07.20 - no longer have an idea what this is
// about
if (user == null) {
WebUtils.redirectToError("Couldn't find the current user", request, httpServletResponse);
return;
}
if (!user.checkPassword(stringCrtPassword)) {
showResult("Incorrect current password", PATH_SETTINGS, request, httpServletResponse);
return;
}
SecureRandom secureRandom = new SecureRandom();
String salt = "" + secureRandom.nextLong();
byte[] password = User.computeHashedPassword(stringNewPassword, salt);
user.salt = salt;
user.password = password;
// ttt3 2 clients can change the password simultaneously
userDb.add(user);
// httpServletResponse.sendRedirect(PATH_SETTINGS);
showResult("Password changed", PATH_SETTINGS, request, httpServletResponse);
}
private String getRandomId() {
SecureRandom secureRandom = new SecureRandom();
return "" + secureRandom.nextLong();
}