Search in sources :

Example 81 with AnswerItem

use of org.cerberus.util.answer.AnswerItem in project cerberus-source by cerberustesting.

the class ForgotPassword method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    try (PrintWriter out = response.getWriter()) {
        ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
        IUserService userService = appContext.getBean(UserService.class);
        IEmailService emailService = appContext.getBean(IEmailService.class);
        IParameterService parameterService = appContext.getBean(ParameterService.class);
        String system = "";
        JSONObject jsonResponse = new JSONObject();
        String login = ParameterParserUtil.parseStringParam(request.getParameter("login"), "");
        /**
         * Check if notification parameter is set to Y. If not, return an
         * error
         */
        String sendNotification = parameterService.findParameterByKey("cerberus_notification_accountcreation_activatenotification", system).getValue();
        if (!sendNotification.equalsIgnoreCase("Y")) {
            jsonResponse.put("messageType", "Error");
            jsonResponse.put("message", "This functionality is not activated. Please contact your Cerberus Administrator.");
            response.getWriter().print(jsonResponse);
            response.getWriter().flush();
            return;
        }
        /**
         * If email not found in database, send error message
         */
        AnswerItem ai = userService.readByKey(login);
        User user = (User) ai.getItem();
        if (user == null) {
            jsonResponse.put("messageType", "Error");
            jsonResponse.put("message", "Login submitted is unknown !");
            response.getWriter().print(jsonResponse);
            response.getWriter().flush();
            return;
        }
        /**
         * Update user setting a new value in requestresetpassword
         */
        userService.requestResetPassword(user);
        /**
         * Send an email with the hash as a parameter
         */
        Answer mailSent = new Answer(emailService.generateAndSendForgotPasswordEmail(user));
        if (!mailSent.isCodeStringEquals("OK")) {
            jsonResponse.put("messageType", "Error");
            jsonResponse.put("message", "An error occured sending the notification. Detail : " + mailSent.getMessageDescription());
            response.getWriter().print(jsonResponse);
            response.getWriter().flush();
            return;
        }
        /**
         * Adding Log entry.
         */
        ILogEventService logEventService = appContext.getBean(ILogEventService.class);
        logEventService.createForPrivateCalls("/ForgotPassword", "CREATE", "User : " + login + " asked for password recovery", request);
        /**
         * Build Response Message
         */
        jsonResponse.put("messageType", "OK");
        jsonResponse.put("message", "An e-mail has been sent to the mailbox " + user.getEmail() + ".");
        response.getWriter().print(jsonResponse);
        response.getWriter().flush();
    } catch (CerberusException myexception) {
        response.getWriter().print(myexception.getMessageError().getDescription());
    } catch (JSONException ex) {
        LOG.warn(ex);
        response.setContentType("application/json");
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : CerberusException(org.cerberus.exception.CerberusException) User(org.cerberus.crud.entity.User) JSONException(org.json.JSONException) IParameterService(org.cerberus.crud.service.IParameterService) AnswerItem(org.cerberus.util.answer.AnswerItem) Answer(org.cerberus.util.answer.Answer) ApplicationContext(org.springframework.context.ApplicationContext) JSONObject(org.json.JSONObject) IUserService(org.cerberus.crud.service.IUserService) ILogEventService(org.cerberus.crud.service.ILogEventService) IEmailService(org.cerberus.service.email.IEmailService) PrintWriter(java.io.PrintWriter)

Example 82 with AnswerItem

use of org.cerberus.util.answer.AnswerItem in project cerberus-source by cerberustesting.

the class ReadLogEvent method findDistinctValuesOfColumn.

private AnswerItem findDistinctValuesOfColumn(ApplicationContext appContext, HttpServletRequest request, String columnName) throws JSONException {
    AnswerItem answer = new AnswerItem();
    JSONObject object = new JSONObject();
    logEventService = appContext.getBean(ILogEventService.class);
    String searchParameter = ParameterParserUtil.parseStringParam(request.getParameter("sSearch"), "");
    String sColumns = ParameterParserUtil.parseStringParam(request.getParameter("sColumns"), "Time,login,Page,Action,log");
    String[] columnToSort = sColumns.split(",");
    List<String> individualLike = new ArrayList(Arrays.asList(ParameterParserUtil.parseStringParam(request.getParameter("sLike"), "").split(",")));
    Map<String, List<String>> individualSearch = new HashMap<>();
    for (int a = 0; a < columnToSort.length; a++) {
        if (null != request.getParameter("sSearch_" + a) && !request.getParameter("sSearch_" + a).isEmpty()) {
            List<String> search = new ArrayList(Arrays.asList(request.getParameter("sSearch_" + a).split(",")));
            if (individualLike.contains(columnToSort[a])) {
                individualSearch.put(columnToSort[a] + ":like", search);
            } else {
                individualSearch.put(columnToSort[a], search);
            }
        }
    }
    AnswerList logList = logEventService.readDistinctValuesByCriteria(searchParameter, individualSearch, columnName);
    object.put("distinctValues", logList.getDataList());
    answer.setItem(object);
    answer.setResultMessage(logList.getResultMessage());
    return answer;
}
Also used : AnswerList(org.cerberus.util.answer.AnswerList) JSONObject(org.json.JSONObject) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) ILogEventService(org.cerberus.crud.service.ILogEventService) AnswerList(org.cerberus.util.answer.AnswerList) ArrayList(java.util.ArrayList) List(java.util.List) AnswerItem(org.cerberus.util.answer.AnswerItem)

Example 83 with AnswerItem

use of org.cerberus.util.answer.AnswerItem in project cerberus-source by cerberustesting.

the class ReadLogEvent method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException, CerberusException {
    String echo = request.getParameter("sEcho");
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    response.setContentType("application/json");
    response.setCharacterEncoding("utf8");
    // Calling Servlet Transversal Util.
    ServletUtil.servletStart(request);
    // Default message to unexpected error.
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    /**
     * Parsing and securing all required parameters.
     */
    long idlog = 0;
    boolean idlog_error = true;
    try {
        if (request.getParameter("logeventid") != null && !request.getParameter("logeventid").equals("")) {
            idlog = Integer.valueOf(policy.sanitize(request.getParameter("logeventid")));
            idlog_error = false;
        }
    } catch (Exception ex) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", "LogEvent"));
        msg.setDescription(msg.getDescription().replace("%OPERATION%", "Read"));
        msg.setDescription(msg.getDescription().replace("%REASON%", "logeventid must be an integer value."));
        idlog_error = true;
    }
    // Get Parameters
    String columnName = ParameterParserUtil.parseStringParam(request.getParameter("columnName"), "");
    // Init Answer with potencial error from Parsing parameter.
    AnswerItem answer = new AnswerItem(msg);
    try {
        JSONObject jsonResponse = new JSONObject();
        if (!Strings.isNullOrEmpty(columnName)) {
            answer = findDistinctValuesOfColumn(appContext, request, columnName);
            jsonResponse = (JSONObject) answer.getItem();
        } else if (request.getParameter("logeventid") == null) {
            answer = findLogEventList(appContext, request);
            jsonResponse = (JSONObject) answer.getItem();
        } else if ((request.getParameter("logeventid") != null) && !(idlog_error)) {
            answer = findLogEventByID(appContext, idlog);
            jsonResponse = (JSONObject) answer.getItem();
        }
        jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
        jsonResponse.put("message", answer.getResultMessage().getDescription());
        jsonResponse.put("sEcho", echo);
        response.getWriter().print(jsonResponse.toString());
    } catch (JSONException e) {
        LOG.warn(e);
        // returns a default error message with the json format that is able to be parsed by the client-side
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) MessageEvent(org.cerberus.engine.entity.MessageEvent) JSONException(org.json.JSONException) AnswerItem(org.cerberus.util.answer.AnswerItem) ServletException(javax.servlet.ServletException) JSONException(org.json.JSONException) IOException(java.io.IOException) CerberusException(org.cerberus.exception.CerberusException)

Example 84 with AnswerItem

use of org.cerberus.util.answer.AnswerItem in project cerberus-source by cerberustesting.

the class ReadLogEvent method findLogEventByID.

private AnswerItem findLogEventByID(ApplicationContext appContext, long id) throws JSONException, CerberusException {
    AnswerItem item = new AnswerItem();
    JSONObject object = new JSONObject();
    ILogEventService libService = appContext.getBean(ILogEventService.class);
    AnswerItem answer = libService.readByKey(id);
    if (answer.isCodeEquals(MessageEventEnum.DATA_OPERATION_OK.getCode())) {
        // if the service returns an OK message then we can get the item and convert it to JSONformat
        LogEvent lib = (LogEvent) answer.getItem();
        JSONObject response = convertLogEventToJSONObject(lib);
        object.put("contentTable", response);
    }
    item.setItem(object);
    item.setResultMessage(answer.getResultMessage());
    return item;
}
Also used : JSONObject(org.json.JSONObject) LogEvent(org.cerberus.crud.entity.LogEvent) ILogEventService(org.cerberus.crud.service.ILogEventService) AnswerItem(org.cerberus.util.answer.AnswerItem)

Example 85 with AnswerItem

use of org.cerberus.util.answer.AnswerItem in project cerberus-source by cerberustesting.

the class ReadUser method processRequest.

/**
 * Processes requests for both HTTP <code>GET</code> and <code>POST</code>
 * methods.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String echo = request.getParameter("sEcho");
    ApplicationContext appContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext());
    PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
    response.setContentType("application/json");
    response.setCharacterEncoding("utf8");
    // Default message to unexpected error.
    MessageEvent msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_UNEXPECTED);
    msg.setDescription(msg.getDescription().replace("%DESCRIPTION%", ""));
    /**
     * Parsing and securing all required parameters.
     */
    Integer brpid = 0;
    boolean brpid_error = true;
    try {
        if (request.getParameter("id") != null && !request.getParameter("id").equals("")) {
            brpid = Integer.valueOf(policy.sanitize(request.getParameter("id")));
            brpid_error = false;
        }
    } catch (Exception ex) {
        msg = new MessageEvent(MessageEventEnum.DATA_OPERATION_ERROR_EXPECTED);
        msg.setDescription(msg.getDescription().replace("%ITEM%", OBJECT_NAME));
        msg.setDescription(msg.getDescription().replace("%OPERATION%", "Read"));
        msg.setDescription(msg.getDescription().replace("%REASON%", "id must be an integer value."));
        brpid_error = true;
    }
    // Init Answer with potencial error from Parsing parameter.
    AnswerItem answer = new AnswerItem(msg);
    try {
        JSONObject jsonResponse = new JSONObject();
        if ((request.getParameter("id") != null) && !(brpid_error)) {
            // ID parameter is specified so we return the unique record of object.
            // answer = readByKey(appContext, brpid); // TODO
            jsonResponse = (JSONObject) answer.getItem();
        } else if (request.getParameter("login") != null) {
            answer = readByKey(appContext, request);
            jsonResponse = (JSONObject) answer.getItem();
        } else {
            // Default behaviour, we return the simple list of objects.
            answer = findUserList(appContext, request, response);
            jsonResponse = (JSONObject) answer.getItem();
        }
        jsonResponse.put("messageType", answer.getResultMessage().getMessage().getCodeString());
        jsonResponse.put("message", answer.getResultMessage().getDescription());
        jsonResponse.put("sEcho", echo);
        response.getWriter().print(jsonResponse.toString());
    } catch (JSONException e) {
        LOG.warn(e);
        // returns a default error message with the json format that is able to be parsed by the client-side
        response.getWriter().print(AnswerUtil.createGenericErrorAnswer());
    }
}
Also used : ApplicationContext(org.springframework.context.ApplicationContext) PolicyFactory(org.owasp.html.PolicyFactory) JSONObject(org.json.JSONObject) MessageEvent(org.cerberus.engine.entity.MessageEvent) JSONException(org.json.JSONException) AnswerItem(org.cerberus.util.answer.AnswerItem) ServletException(javax.servlet.ServletException) JSONException(org.json.JSONException) IOException(java.io.IOException)

Aggregations

AnswerItem (org.cerberus.util.answer.AnswerItem)322 MessageEvent (org.cerberus.engine.entity.MessageEvent)212 JSONObject (org.json.JSONObject)206 ApplicationContext (org.springframework.context.ApplicationContext)98 AnswerList (org.cerberus.util.answer.AnswerList)90 ArrayList (java.util.ArrayList)78 JSONArray (org.json.JSONArray)74 PolicyFactory (org.owasp.html.PolicyFactory)74 List (java.util.List)72 JSONException (org.json.JSONException)69 HashMap (java.util.HashMap)60 ILogEventService (org.cerberus.crud.service.ILogEventService)58 SQLException (java.sql.SQLException)57 Connection (java.sql.Connection)55 PreparedStatement (java.sql.PreparedStatement)53 Answer (org.cerberus.util.answer.Answer)53 ResultSet (java.sql.ResultSet)52 CerberusException (org.cerberus.exception.CerberusException)44 IOException (java.io.IOException)34 ServletException (javax.servlet.ServletException)24