private void handleLogin( HttpServletRequest request, HttpServletResponse response, HttpSession session) throws UnsupportedEncodingException, IOException { Boolean isAuthorized; String username = request.getParameter("login-username"); String password = request.getParameter("login-password"); if (Security.isSafeUsername(username) && Security.isSafePassword(password)) { session.setAttribute(Attribute.IS_SAFE.toString(), true); isAuthorized = DatabaseApi.isAuthorized(username, password); session.setAttribute(Attribute.IS_AUTHORIZED.toString(), isAuthorized); if (isAuthorized) { // Take the user to the projects page. int accountId = DatabaseApi.getAccountId(username); session.setAttribute( Attribute.USERNAME.toString(), DatabaseApi.getAccountUsername(accountId)); session.setAttribute(Attribute.PASSWORD.toString(), password); session.setAttribute(Attribute.EMAIL.toString(), DatabaseApi.getAccountEmail(accountId)); session.setAttribute(Attribute.NAME.toString(), DatabaseApi.getAccountName(accountId)); session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), false); session.removeAttribute( Attribute.IS_SAFE.toString()); // Cleared so as to not interfere with any other form. response.sendRedirect("projects.jsp"); } else { response.sendRedirect("index.jsp"); // Keep the user on the same page. } } else { session.setAttribute(Attribute.IS_SAFE.toString(), false); session.setAttribute(Attribute.IS_AUTHORIZED.toString(), false); response.sendRedirect("index.jsp"); } }
private void handleCreateAccount( HttpServletRequest request, HttpServletResponse response, HttpSession session, String json) throws IOException { CreateAccountRequest createAccountRequest = new Gson().fromJson(json, CreateAccountRequest.class); response.setContentType("text/plain"); PrintWriter out = response.getWriter(); String username = createAccountRequest.arguments.username; String email = createAccountRequest.arguments.email; String password = createAccountRequest.arguments.password; String confirmPassword = createAccountRequest.arguments.confirmPassword; String name = "Enter your name"; if (Security.isSafeUsername(username) && Security.isSafeEmail(email) && Security.isSafePassword(password) && Security.isSafePassword(confirmPassword) && password.equals(confirmPassword) && Security.isSafeName(name)) { // Short-circuitry User newUser = new User(username, password, name, email); boolean addedSuccessfully = DatabaseApi.AddAccount(newUser); if (addedSuccessfully) { session.setAttribute(Attribute.IS_AUTHORIZED.toString(), true); session.setAttribute(Attribute.USERNAME.toString(), username); session.setAttribute(Attribute.EMAIL.toString(), email); session.setAttribute(Attribute.PASSWORD.toString(), password); session.setAttribute(Attribute.IS_FIRST_SIGN_IN.toString(), true); out.println(username + " created successfully."); } else { // TODO Add error message here } } else { response.setStatus(HttpServletResponse.SC_BAD_REQUEST); } out.flush(); out.close(); }