Пример #1
0
 private void handleLogin(
     HttpServletRequest request, HttpServletResponse response, HttpSession session)
     throws UnsupportedEncodingException, IOException {
   Boolean isAuthorized;
   String username = request.getParameter("login-username");
   String password = request.getParameter("login-password");
   if (Security.isSafeUsername(username) && Security.isSafePassword(password)) {
     session.setAttribute(Attribute.IS_SAFE.toString(), true);
     isAuthorized = DatabaseApi.isAuthorized(username, password);
     session.setAttribute(Attribute.IS_AUTHORIZED.toString(), isAuthorized);
     if (isAuthorized) { // Take the user to the projects page.
       int accountId = DatabaseApi.getAccountId(username);
       session.setAttribute(
           Attribute.USERNAME.toString(), DatabaseApi.getAccountUsername(accountId));
       session.setAttribute(Attribute.PASSWORD.toString(), password);
       session.setAttribute(Attribute.EMAIL.toString(), DatabaseApi.getAccountEmail(accountId));
       session.setAttribute(Attribute.NAME.toString(), DatabaseApi.getAccountName(accountId));
       session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), false);
       session.removeAttribute(
           Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
       response.sendRedirect("projects.jsp");
     } else {
       response.sendRedirect("index.jsp"); // Keep the user on the same page.
     }
   } else {
     session.setAttribute(Attribute.IS_SAFE.toString(), false);
     session.setAttribute(Attribute.IS_AUTHORIZED.toString(), false);
     response.sendRedirect("index.jsp");
   }
 }
Пример #2
0
  private void handleCreateProject(
      HttpServletRequest request, HttpServletResponse response, HttpSession session, String json)
      throws IOException {
    response.setContentType("text/plain");
    PrintWriter out = response.getWriter();

    int accountId = getAccountIdFromSessionAttributes(session);
    CreateProjectRequest createProjectRequest =
        new Gson().fromJson(json, CreateProjectRequest.class);
    String projectName = createProjectRequest.arguments.project;

    if (Security.isSafeProjectName(projectName)
        && Security.isUniqueProjectName(projectName, accountId)
        && Security.projectFits(DatabaseApi.getNumberOfProjects(accountId))) {
      session.setAttribute(Attribute.IS_SAFE.toString(), true);

      String icon = "/olive/images/Ponkan_folder_opened_64.png";
      Project project = new Project(projectName, accountId, icon, -1);
      Boolean added = DatabaseApi.addProject(project);
      if (!added) {
        session.setAttribute(Attribute.ADD_SUCCESSFULLY.toString(), false);
      } else {
        session.setAttribute(Attribute.ADD_SUCCESSFULLY.toString(), true);
        session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), false);
        out.println(createProjectRequest.arguments.project + " created successfully.");
      }
    } else {
      session.setAttribute(Attribute.IS_SAFE.toString(), false);
    }

    out.flush();
    out.close();
  }
Пример #3
0
 private void handleNewPassword(
     HttpServletRequest request, HttpServletResponse response, HttpSession session)
     throws UnsupportedEncodingException, IOException {
   // TODO Auto-generated method stub
   String newPassword = request.getParameter("password");
   String confirmNewPassword = request.getParameter("confirm_password");
   Boolean newPasswordSet;
   if (Security.isSafePassword(newPassword) && Security.isSafePassword(confirmNewPassword)) {
     session.setAttribute(Attribute.IS_SAFE.toString(), true);
     if (newPassword.equals(confirmNewPassword)) {
       session.setAttribute(Attribute.PASSWORDS_MATCH.toString(), true);
       String username = (String) session.getAttribute(Attribute.USERNAME.toString());
       newPasswordSet = DatabaseApi.editPassword(username, newPassword);
       session.setAttribute(Attribute.EDIT_SUCCESSFULLY.toString(), newPasswordSet);
     } else {
       session.setAttribute(Attribute.PASSWORDS_MATCH.toString(), false);
       session.setAttribute(Attribute.EDIT_SUCCESSFULLY.toString(), false);
     }
   } else {
     session.setAttribute(Attribute.IS_SAFE.toString(), false);
     session.setAttribute(Attribute.EDIT_SUCCESSFULLY.toString(), false);
   }
   response.sendRedirect("new-password-form.jsp");
   session.removeAttribute(Attribute.USERNAME.toString());
 }
Пример #4
0
  private void handleSplitVideo(
      HttpServletRequest request, HttpServletResponse response, HttpSession session, String json)
      throws IOException {
    SplitVideoRequest splitVideoRequest = new Gson().fromJson(json, SplitVideoRequest.class);

    response.setContentType("text/plain");

    PrintWriter out = response.getWriter();

    if (!Security.isSafeVideoName(splitVideoRequest.arguments.video)) {
      out.println("Name of video to split is invalid.");
      log.warning("Name of video to split is invalid.");
      response.sendError(HttpServletResponse.SC_BAD_REQUEST);
      return;
    }

    if (!Security.isSafeSplitTimeInSeconds(splitVideoRequest.arguments.splitTimeInSeconds)) {
      out.println("Split time (in seconds) is invalid.");
      log.warning("Split time (in seconds) is invalid.");
      response.sendError(HttpServletResponse.SC_BAD_REQUEST);
      return;
    }

    int projectId = getProjectIdFromSessionAttributes(session);
    int videoId = DatabaseApi.getVideoId(splitVideoRequest.arguments.video, projectId);
    Video[] videoFragments =
        ZencoderApi.split(videoId, splitVideoRequest.arguments.splitTimeInSeconds);

    for (Video videoFragment : videoFragments) { // foreach-loop
      // Give the video a name only at the last moment to prevent duplicates.
      String newVideoName =
          Security.convertToSafeAndUniqueVideoName(
              videoFragment.getName(),
              projectId); // .getName() returns the original video name at this point.
      videoFragment.setName(newVideoName); // Now, change .getName() to a unique name.

      DatabaseApi.addVideo(
          new Video(
              videoFragment.getName(),
              videoFragment.getUrl(),
              videoFragment.getIcon(),
              projectId,
              -1,
              -1,
              false)); // projectId not computed by Zencoder
    }

    out.println(
        splitVideoRequest.arguments.video
            + " split at "
            + splitVideoRequest.arguments.splitTimeInSeconds
            + " seconds successfully.");
    out.flush();
    out.close();
  }
Пример #5
0
 private void handleSecurityAnswer(
     HttpServletRequest request, HttpServletResponse response, HttpSession session)
     throws UnsupportedEncodingException, IOException {
   // TODO Auto-generated method stub
   String answer = request.getParameter("security_answer");
   String username = (String) session.getAttribute(Attribute.USERNAME.toString());
   if (Security.isSafeSecurityAnswer(answer)) {
     session.setAttribute(Attribute.IS_SAFE.toString(), true);
     String securityQuestion =
         DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
     Boolean isCorrect = DatabaseApi.isCorrectSecurityInfo(username, securityQuestion, answer);
     if (isCorrect) {
       session.setAttribute(Attribute.IS_CORRECT.toString(), true);
       session.removeAttribute(
           Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
       response.sendRedirect("new-password-form.jsp");
     } else {
       session.setAttribute(Attribute.IS_CORRECT.toString(), false);
       response.sendRedirect("securityQuestion.jsp");
     }
   } else {
     session.setAttribute(Attribute.IS_SAFE.toString(), false);
     session.setAttribute(Attribute.IS_CORRECT.toString(), false);
     response.sendRedirect("securityQuestion.jsp");
   }
 }
Пример #6
0
 private void handleSecurityQuestionRetrieval(
     HttpServletRequest request, HttpServletResponse response, HttpSession session)
     throws UnsupportedEncodingException, IOException {
   // TODO Auto-generated method stub
   String username = request.getParameter("username");
   if (Security.isSafeUsername(username)) {
     session.setAttribute(Attribute.IS_SAFE.toString(), true);
     if (DatabaseApi.usernameExists(username)) {
       String securityQuestion =
           DatabaseApi.getAccountSecurityQuestion(DatabaseApi.getAccountId(username));
       if (securityQuestion != null) {
         session.setAttribute(Attribute.SECURITY_QUESTION.toString(), securityQuestion);
         session.setAttribute(Attribute.USERNAME.toString(), username);
         session.removeAttribute(
             Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form.
         response.sendRedirect("securityQuestion.jsp");
       } else {
         session.setAttribute(Attribute.IS_CORRECT.toString(), false);
         response.sendRedirect("forgot.jsp");
       }
     } else {
       session.setAttribute(Attribute.IS_CORRECT.toString(), false);
       response.sendRedirect("forgot.jsp");
     }
   } else {
     session.setAttribute(Attribute.IS_SAFE.toString(), false);
     session.setAttribute(Attribute.IS_CORRECT.toString(), false);
     response.sendRedirect("forgot.jsp");
   }
 }
Пример #7
0
  private void handleEditUserNameEmail(
      HttpServletRequest request, HttpServletResponse response, HttpSession session)
      throws UnsupportedEncodingException, IOException {
    String username = (String) session.getAttribute(Attribute.USERNAME.toString());
    String newName = request.getParameter("new-name");
    String newEmail = request.getParameter("new-email");
    if (Security.isSafeName(newName) && Security.isSafeEmail(newEmail)) {
      User updateUser = new User(username, "", newName, newEmail, "", "");
      Boolean editSuccessfully = DatabaseApi.editAccount(updateUser);
      session.setAttribute(Attribute.EDIT_NAME_SUCCESSFULLY.toString(), editSuccessfully);
      session.setAttribute(Attribute.EMAIL.toString(), newEmail);
      session.setAttribute(Attribute.NAME.toString(), newName);

    } else {
      session.setAttribute(Attribute.EDIT_NAME_SUCCESSFULLY.toString(), false);
    }
    response.sendRedirect("account.jsp");
  }
Пример #8
0
  private void handleEditUserSecurity(
      HttpServletRequest request, HttpServletResponse response, HttpSession session)
      throws UnsupportedEncodingException, IOException {
    String username = (String) session.getAttribute(Attribute.USERNAME.toString());
    String securityQuestion = request.getParameter("new-security-question");
    String securityAnswer = request.getParameter("new-security-answer");
    if (Security.isSafeSecurityQuestion(securityQuestion)
        && Security.isSafeSecurityAnswer(securityAnswer)) {
      User updateUser = new User(username, "", "", "", securityQuestion, securityAnswer);
      Boolean editSuccessfully = DatabaseApi.editAccount(updateUser);
      session.setAttribute(Attribute.EDIT_QA_SUCCESSFULLY.toString(), editSuccessfully);
      session.setAttribute(Attribute.SECURITY_QUESTION.toString(), securityQuestion);
      session.setAttribute(Attribute.SECURITY_ANSWER.toString(), securityAnswer);

    } else {
      session.setAttribute(Attribute.EDIT_QA_SUCCESSFULLY.toString(), false);
    }
    response.sendRedirect("account.jsp");
  }
Пример #9
0
  private void handleRenameVideo(
      HttpServletRequest request, HttpServletResponse response, HttpSession session, String json)
      throws IOException {
    RenameVideoRequest renameVideoRequest = new Gson().fromJson(json, RenameVideoRequest.class);

    String newVideoName = renameVideoRequest.arguments.newVideoName;
    String oldVideoName = renameVideoRequest.arguments.oldVideoName;
    int videoId = getVideoIdFromSessionAttributes(session, oldVideoName);
    int projectId = getProjectIdFromSessionAttributes(session);
    response.setContentType("text/plain");
    PrintWriter out = response.getWriter();

    if (Security.isSafeVideoName(newVideoName)
        && Security.isUniqueVideoName(newVideoName, projectId)) {
      DatabaseApi.renameVideo(videoId, newVideoName);
      out.println(newVideoName);
    } else {
      out.println(oldVideoName);
    }
    out.flush();
    out.close();
  }
Пример #10
0
  private void handleCreateAccount(
      HttpServletRequest request, HttpServletResponse response, HttpSession session, String json)
      throws IOException {
    CreateAccountRequest createAccountRequest =
        new Gson().fromJson(json, CreateAccountRequest.class);

    response.setContentType("text/plain");
    PrintWriter out = response.getWriter();

    String username = createAccountRequest.arguments.username;
    String email = createAccountRequest.arguments.email;
    String password = createAccountRequest.arguments.password;
    String confirmPassword = createAccountRequest.arguments.confirmPassword;
    String name = "Enter your name";

    if (Security.isSafeUsername(username)
        && Security.isSafeEmail(email)
        && Security.isSafePassword(password)
        && Security.isSafePassword(confirmPassword)
        && password.equals(confirmPassword)
        && Security.isSafeName(name)) { // Short-circuitry
      User newUser = new User(username, password, name, email);
      boolean addedSuccessfully = DatabaseApi.AddAccount(newUser);
      if (addedSuccessfully) {
        session.setAttribute(Attribute.IS_AUTHORIZED.toString(), true);
        session.setAttribute(Attribute.USERNAME.toString(), username);
        session.setAttribute(Attribute.EMAIL.toString(), email);
        session.setAttribute(Attribute.PASSWORD.toString(), password);
        session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), true);
        out.println(username + " created successfully.");
      } else {
        // TODO Add error message here
      }
    } else {
      response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
    }
    out.flush();
    out.close();
  }
Пример #11
0
  private void handleEditUserPassword(
      HttpServletRequest request, HttpServletResponse response, HttpSession session)
      throws UnsupportedEncodingException, IOException {
    String username = (String) session.getAttribute(Attribute.USERNAME.toString());
    String newPassword = request.getParameter("new-password");
    String confirmNewPassword = request.getParameter("confirm-new-password");
    if (Security.isSafePassword(newPassword) && Security.isSafePassword(confirmNewPassword)) {
      if (newPassword.equals(confirmNewPassword)) {
        User updateUser = new User(username, newPassword, "", "", "", "");
        Boolean editSuccessfully = DatabaseApi.editAccount(updateUser);
        session.setAttribute(Attribute.EDIT_PWD_SUCCESSFULLY.toString(), editSuccessfully);
        session.setAttribute(Attribute.PASSWORDS_MATCH.toString(), true);
      } else {
        session.setAttribute(Attribute.EDIT_PWD_SUCCESSFULLY.toString(), false);
        session.setAttribute(Attribute.PASSWORDS_MATCH.toString(), false);
      }

    } else {
      session.setAttribute(Attribute.EDIT_PWD_SUCCESSFULLY.toString(), false);
    }
    response.sendRedirect("account.jsp");
  }
Пример #12
0
  private void addVideoEverywhere(PrintWriter out, int projectId, File video)
      throws InvalidFileSizeException, IOException, ServiceException, NoSuchAlgorithmException {
    if (Security.isSafeVideo(video)
        && Security.videoFits(DatabaseApi.getNumberOfVideos(projectId))) {
      String[] videoUrlAndIcon = S3Api.uploadFile(video);
      String videoUrl = videoUrlAndIcon[0];
      String videoIcon = videoUrlAndIcon[1];
      if (videoUrl != null) {
        // Give the video a name only at the last moment to prevent duplicates.
        String videoName = Security.convertToSafeAndUniqueVideoName(video.getName(), projectId);
        DatabaseApi.addVideo(new Video(videoName, videoUrl, videoIcon, projectId, -1, -1, false));
        // File downloadedFile = S3Api.downloadFile(videoUrl); // TODO Add to /temp/ folder so it
        // can be played in the player.
        out.println("File uploaded. Please close this window and refresh the editor page.");
        out.println();

        return;
      }
      out.println("Upload Failed. Error uploading video to the cloud.");
      log.warning("Upload Failed. Error uploading video to the cloud.");
      // response.sendError(HttpServletResponse.SC_BAD_REQUEST);
      return;
    } else if (!Security.isSafeVideo(video)) {
      out.println("Upload Failed. Video is invalid.");
      log.warning("Upload Failed. Video is invalid.");
      return;
    } else if (!Security.videoFits(DatabaseApi.getNumberOfVideos(projectId))) {
      out.println("Upload Failed. Maximum number of videos reached.");
      log.warning("Upload Failed. Maximum number of videos reached.");
      return;
    } else {
      out.println("Upload Failed. Unknown reason.");
      log.warning("Upload Failed. Unknown reason.");
      // response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Bad Name");
      return;
    }
  }
Пример #13
0
 // http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-Form-Data.html
 @Override
 protected void doGet(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
   log.info("The servlet is responding to an HTTP GET request");
   response.setContentType("text/html");
   HttpSession session = request.getSession();
   String projectName = request.getParameter("projectName");
   int accountId =
       DatabaseApi.getAccountId((String) session.getAttribute(Attribute.USERNAME.toString()));
   if (projectName != null
       && Security.isSafeProjectName(projectName)
       && DatabaseApi.projectExists(projectName, accountId)) { // Short-circuiting
     session.setAttribute(Attribute.PROJECT_NAME.toString(), projectName);
     response.sendRedirect("editor.jsp");
   } else {
     response.sendRedirect("projects.jsp");
   }
   PrintWriter out = response.getWriter();
   out.println("File uploaded. Please close this window and refresh the editor page.");
   out.flush();
   out.close();
 }