dnet-openaire-users/src/main/java/eu/dnetlib/openaire/usermanagement/RegisterServlet.java

package eu.dnetlib.openaire.usermanagement;

import com.unboundid.ldap.sdk.LDAPException;
import eu.dnetlib.openaire.user.utils.EmailSender;
import org.apache.commons.validator.routines.EmailValidator;
import eu.dnetlib.openaire.user.utils.LDAPActions;
import eu.dnetlib.openaire.user.utils.VerificationActions;
import eu.dnetlib.openaire.user.utils.VerifyRecaptcha;
import eu.dnetlib.openaire.usermanagement.utils.UrlConstructor;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;

import javax.mail.MessagingException;
import javax.mail.internet.AddressException;
import javax.mail.internet.InternetAddress;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Timestamp;
import java.util.Date;
import java.util.UUID;

/**
 * Created by sofia on 20/10/2017.
 */
public class RegisterServlet extends HttpServlet {

    @Autowired
    private VerificationActions verificationActions;

    @Autowired
    private EmailSender emailSender;

    @Autowired
    private LDAPActions ldapActions;

    @Value("${google.recaptcha.secret}")
    private String secret;

    @Value("${google.recaptcha.key}")
    private String sitekey;


    public void init(ServletConfig config) throws ServletException {
        super.init(config);
        SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this,
                config.getServletContext());
        config.getServletContext().setAttribute("sitekey", sitekey);
    }

    private static Logger logger = Logger.getLogger(RegisterServlet.class);

        @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException {
        response.setContentType("text/html");
        PrintWriter printWriter = response.getWriter();

        String firstName = request.getParameter("first_name").trim();
        String lastName = request.getParameter("last_name").trim();
        String organization = request.getParameter("organization").trim();
        String username = request.getParameter("username").trim();
        String email =request.getParameter("email").trim();
        String confirmEmail = request.getParameter("email_conf").trim();
        String password = request.getParameter("password");
        String confirmPassword = request.getParameter("password_conf");
        String gRecaptchaResponse = request.getParameter("g-recaptcha-response");

        //System.out.println("RESPONSE " + gRecaptchaResponse);

        if (organization == null){
            logger.info("organization is null");
        }

        if (firstName != null && lastName != null &&  username != null && email!= null &&
                email.equals(confirmEmail) && password!= null && password.equals(confirmPassword) &&
                !EmailValidator.getInstance().isValid(email) && isValidPassword(password) && VerifyRecaptcha.verify(gRecaptchaResponse, secret)) {

            try {

                 if (username.matches("^[a-zA-Z0-9\\.\\_\\-]{4,150}") && !ldapActions.usernameExists(username) && !ldapActions.emailExists(email)
                         && !ldapActions.isZombieUsersEmail(email) && !ldapActions.isZombieUsersUsername(username) && EmailValidator.getInstance().isValid(email)) {

                     ldapActions.createZombieUser(username, email, firstName, lastName, organization, password);
                     logger.info("Zombie user successfully created");

                     UUID verificationCode = UUID.randomUUID();
                     Date creationDate = new Date();

                     Timestamp timestamp = new Timestamp(creationDate.getTime());

                     if (!verificationActions.verificationEntryExists(username)) {
                         verificationActions.addVerificationEntry(username, verificationCode.toString(), timestamp);

                     } else {
                         verificationActions.updateVerificationEntry(username, verificationCode.toString(), timestamp);
                     }

                     String resultPath = UrlConstructor.getRedirectUrl(request, "activate.jsp");

                     String verificationCodeMsg = "<p>Hello " + username + ",</p>" +
                             "<p> A request has been made to verify your email and activate your OpenAIRE account. To activate your " +
                             "account, you will need to submit your username and this activation code in order to verify that the" +
                             "request was legitimate.</p>" +
                             "<p>" +
                             "The activation code is " + verificationCode.toString() +
                             "</p>" +
                             "Select the URL below and proceed with activating your password." +
                             "<p><a href=" + resultPath + ">" + resultPath + "</a></p>" +
                             "<p>Thank you</p>";

                     String verificationCodeSubject = "Activate your OpenAIRE account";

                     emailSender.sendEmail(email, verificationCodeSubject, verificationCodeMsg);

                     response.sendRedirect("./activate.jsp");

                 } else {

                     if(!username.matches("^[a-zA-Z0-9\\.\\_\\-]{4,150}")) {

                         validateUsername(request, username);

                     }

                     if (ldapActions.usernameExists(username) || ldapActions.isZombieUsersUsername(username)) {
                        request.getSession().setAttribute("username_message", "Username already exists! Choose another one.");
                        logger.info("Username already exists");
                     }

                     if (ldapActions.emailExists(email)) {
                         request.getSession().setAttribute("email_message", "There is another user with this email.");
                         logger.info("There is another user with this email");
                     }

                     if (!EmailValidator.getInstance().isValid(email)) {
                         request.getSession().setAttribute("email_message", "Please enter a valid email.");
                         logger.info("Invalid email.");
                     }

                     if (ldapActions.isZombieUsersEmail(email)) {
                         request.getSession().setAttribute("email_message", "You have already registered with this email address! Please check your email to activate your account or contact OpenAIRE <a href=\"https://www.openaire.eu/support/helpdesk\">helpdesk</a>.");
                         logger.info("There is another user with this email");
                     }

                     request.getSession().setAttribute("first_name", firstName);
                     request.getSession().setAttribute("msg_first_name_error_display", "display:none");

                     request.getSession().setAttribute("last_name", lastName);
                     request.getSession().setAttribute("msg_last_name_error_display", "display:none");

                     request.getSession().setAttribute("organization", organization);
                     request.getSession().setAttribute("username", username);
                     request.getSession().setAttribute("email", email);
                     request.getSession().setAttribute("msg_email_error_display", "display:none" );

                     request.getSession().setAttribute("email_conf", confirmEmail);
                     request.getSession().setAttribute("msg_email_conf_error_display", "display:none");
                     request.getSession().setAttribute("msg_email_validation_error_display", "display:none");

                     request.getSession().setAttribute("msg_password_error_display", "display:none" );
                     request.getSession().setAttribute("msg_pass_conf_error_display", "display:none" );
                     request.getSession().setAttribute("msg_invalid_password_display", "display:none");

                     request.getSession().setAttribute("recaptcha_error_display", "display:none");

                     response.sendRedirect("./register.jsp");
                 }


            } catch (MessagingException e) {
                logger.error("Error in sending email", e);
                request.getSession().setAttribute("message","Error sending email");
                response.sendRedirect(UrlConstructor.getRedirectUrl(request, "./remindUsername.jsp"));
                //response.sendRedirect("./error.jsp");

                //TODO better handling of these exceprions
            }catch (Exception e) {
                logger.error("LDAP error in creating user", e);
                response.sendRedirect(UrlConstructor.getRedirectUrl(request, "error.jsp"));
                //response.sendRedirect("./error.jsp");
            }

        } else {

            request.getSession().setAttribute("first_name", firstName);
            request.getSession().setAttribute("last_name", lastName);
            request.getSession().setAttribute("organization", organization);
            request.getSession().setAttribute("username", username);
            request.getSession().setAttribute("email", email);
            request.getSession().setAttribute("email_conf", confirmEmail);

            if (firstName == null || firstName.isEmpty()) {
                request.getSession().setAttribute("msg_first_name_error_display", "display:block" );
            }

            if (lastName == null || lastName.isEmpty()) {
                request.getSession().setAttribute("msg_last_name_error_display", "display:block" );
            }

            if (username == null || username.isEmpty()) {
                request.getSession().setAttribute("username_message", "Minimum username length 5 characters.");
                logger.info("Username does not exist.");

            } else {
                validateUsername(request, username);
            }

            if (password == null || password.isEmpty()) {
                request.getSession().setAttribute("msg_password_error_display", "display:block" );
            }

            if(!EmailValidator.getInstance().isValid(email)) {
                request.getSession().setAttribute("msg_email_validation_error_display", "display:block");
            }

            if (!email.equals(confirmEmail)) {
                request.getSession().setAttribute("msg_email_conf_error_display", "display:block" );
            }

            if (!password.equals(confirmPassword)){
                request.getSession().setAttribute("msg_pass_conf_error_display", "display:block" );
            }

            if(!isValidPassword(password)) {
                request.getSession().setAttribute("msg_invalid_password_display", "display:block");
            }

            if (!VerifyRecaptcha.verify(gRecaptchaResponse, secret)) {
                request.getSession().setAttribute("recaptcha_error_display", "display:block" );
            }

            response.sendRedirect("./register.jsp");

        }

        printWriter.close();

    }

    private void validateUsername(HttpServletRequest request, String username) {
        if (username.length() < 5) {
            request.getSession().setAttribute("username_message", "Minimum username length 5 characters.");
            logger.info("Minimum username length 5 characters.");
        }

        if (username.length() > 150) {
            request.getSession().setAttribute("username_message", "Maximum username length 150 characters.");
            logger.info("Maximum username length 150 characters.");
        }

        if (!username.matches("^[a-zA-Z0-9\\.\\_\\-]")) {
            request.getSession().setAttribute("username_allowed_chars_message", "You can use letters, numbers, underscores, hyphens and periods.");
            logger.info("Only letters, numbers, underscores, hyphens and periods.");
        }

        if (!username.matches("^[a-zA-Z0-9].*")) {
            request.getSession().setAttribute("username_first_char_message", "The username must start with letter or digit.");
            logger.info("The username must start with letter or digit.");
        }
    }

    public static boolean isValidPassword(String password) {
        /*
             ^                 # start-of-string
            (?=.*[0-9])       # a digit must occur at least once
            (?=.*[a-z])       # a lower case letter must occur at least once
            (?=.*[A-Z])       # an upper case letter must occur at least once
            (?=.*[@#$%^&+=])  # a special character must occur at least once
            (?=\S+$)          # no whitespace allowed in the entire string
            .{8,}             # anything, at least eight places though
            $                 # end-of-string
         */

        if (password.matches("^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=])(?=\\S+$).{6,}$")) {
            logger.info("Valid password!");
            return true;
        }

        logger.info("Not valid password!");
        return false;
    }


}
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`package eu.dnetlib.openaire.usermanagement;`

Added recaptcha 2018-04-12 12:12:32 +02:00			`import com.unboundid.ldap.sdk.LDAPException;`
Add emailSender at register 2017-10-25 16:15:07 +02:00			`import eu.dnetlib.openaire.user.utils.EmailSender;`
Change username regulars expression - Allow usernames that start with character or digit, Change error messages 2018-04-06 00:34:36 +02:00			`import org.apache.commons.validator.routines.EmailValidator;`
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`import eu.dnetlib.openaire.user.utils.LDAPActions;`
			`import eu.dnetlib.openaire.user.utils.VerificationActions;`
Added recaptcha 2018-04-12 12:12:32 +02:00			`import eu.dnetlib.openaire.user.utils.VerifyRecaptcha;`
Add session check to redirect pages 2018-03-09 17:11:28 +01:00			`import eu.dnetlib.openaire.usermanagement.utils.UrlConstructor;`
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`import org.apache.log4j.Logger;`
			`import org.springframework.beans.factory.annotation.Autowired;`
Added recaptcha 2018-04-12 12:12:32 +02:00			`import org.springframework.beans.factory.annotation.Value;`
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`import org.springframework.web.context.support.SpringBeanAutowiringSupport;`

Added recaptcha 2018-04-12 12:12:32 +02:00			`import javax.mail.MessagingException;`
			`import javax.mail.internet.AddressException;`
			`import javax.mail.internet.InternetAddress;`
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`import javax.servlet.ServletConfig;`
			`import javax.servlet.ServletException;`
			`import javax.servlet.http.HttpServlet;`
			`import javax.servlet.http.HttpServletRequest;`
			`import javax.servlet.http.HttpServletResponse;`
			`import java.io.IOException;`
			`import java.io.PrintWriter;`
Add emailSender at register 2017-10-25 16:15:07 +02:00			`import java.sql.Timestamp;`
			`import java.util.Date;`
			`import java.util.UUID;`
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00
			`/**`
			`* Created by sofia on 20/10/2017.`
			`*/`
			`public class RegisterServlet extends HttpServlet {`

			`@Autowired`
			`private VerificationActions verificationActions;`

Add emailSender at register 2017-10-25 16:15:07 +02:00			`@Autowired`
			`private EmailSender emailSender;`

Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`@Autowired`
			`private LDAPActions ldapActions;`

Added recaptcha 2018-04-12 12:12:32 +02:00			`@Value("${google.recaptcha.secret}")`
			`private String secret;`

			`@Value("${google.recaptcha.key}")`
			`private String sitekey;`
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00
Added recaptcha 2018-04-12 12:12:32 +02:00
			`public void init(ServletConfig config) throws ServletException {`
			`super.init(config);`
			`SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this,`
			`config.getServletContext());`
			`config.getServletContext().setAttribute("sitekey", sitekey);`
			`}`

			`private static Logger logger = Logger.getLogger(RegisterServlet.class);`

			`@Override`
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`protected void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException {`
			`response.setContentType("text/html");`
			`PrintWriter printWriter = response.getWriter();`

Trim input fields at the backend 2017-11-07 11:56:43 +01:00			`String firstName = request.getParameter("first_name").trim();`
			`String lastName = request.getParameter("last_name").trim();`
			`String organization = request.getParameter("organization").trim();`
			`String username = request.getParameter("username").trim();`
			`String email =request.getParameter("email").trim();`
			`String confirmEmail = request.getParameter("email_conf").trim();`
Add registerSuccess.jsp 2017-11-01 11:58:15 +01:00			`String password = request.getParameter("password");`
			`String confirmPassword = request.getParameter("password_conf");`
Added recaptcha 2018-04-12 12:12:32 +02:00			`String gRecaptchaResponse = request.getParameter("g-recaptcha-response");`

			`//System.out.println("RESPONSE " + gRecaptchaResponse);`
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00
			`if (organization == null){`
			`logger.info("organization is null");`
			`}`
Added recaptcha 2018-04-12 12:12:32 +02:00
			`if (firstName != null && lastName != null && username != null && email!= null &&`
			`email.equals(confirmEmail) && password!= null && password.equals(confirmPassword) &&`
			`!EmailValidator.getInstance().isValid(email) && isValidPassword(password) && VerifyRecaptcha.verify(gRecaptchaResponse, secret)) {`
Add another java check about username lenght 2017-10-30 14:00:20 +01:00
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`try {`
Add emailSender at register 2017-10-25 16:15:07 +02:00
Escape chars in regular expession for username 2018-04-04 23:25:50 +02:00			`if (username.matches("^[a-zA-Z0-9\\.\\_\\-]{4,150}") && !ldapActions.usernameExists(username) && !ldapActions.emailExists(email)`
Change username regulars expression - Allow usernames that start with character or digit, Change error messages 2018-04-06 00:34:36 +02:00			`&& !ldapActions.isZombieUsersEmail(email) && !ldapActions.isZombieUsersUsername(username) && EmailValidator.getInstance().isValid(email)) {`
Add javascript code to keep input after redirect to the same jsp page 2017-10-30 13:33:02 +01:00
Complete ldapmodify about zombies and users :P at front end 2017-11-06 14:51:36 +01:00			`ldapActions.createZombieUser(username, email, firstName, lastName, organization, password);`
Trim input fields at the backend 2017-11-07 11:56:43 +01:00			`logger.info("Zombie user successfully created");`
Add emailSender at register 2017-10-25 16:15:07 +02:00
Add email and username check 2017-10-26 15:10:30 +02:00			`UUID verificationCode = UUID.randomUUID();`
			`Date creationDate = new Date();`
Add emailSender at register 2017-10-25 16:15:07 +02:00
Add email and username check 2017-10-26 15:10:30 +02:00			`Timestamp timestamp = new Timestamp(creationDate.getTime());`
Add emailSender at register 2017-10-25 16:15:07 +02:00
Add email and username check 2017-10-26 15:10:30 +02:00			`if (!verificationActions.verificationEntryExists(username)) {`
			`verificationActions.addVerificationEntry(username, verificationCode.toString(), timestamp);`
Add emailSender at register 2017-10-25 16:15:07 +02:00
Add email and username check 2017-10-26 15:10:30 +02:00			`} else {`
			`verificationActions.updateVerificationEntry(username, verificationCode.toString(), timestamp);`
			`}`
Add emailSender at register 2017-10-25 16:15:07 +02:00
Add session check to redirect pages 2018-03-09 17:11:28 +01:00			`String resultPath = UrlConstructor.getRedirectUrl(request, "activate.jsp");`
Uncomment check for session attribute in case of empty username redirect to forgotPassword page 2018-03-08 15:41:15 +01:00
Change email format and add link for activation 2017-11-07 13:21:18 +01:00			`String verificationCodeMsg = "<p>Hello " + username + ",</p>" +`
Change email format and add link for verification 2017-11-07 13:41:53 +01:00			`"<p> A request has been made to verify your email and activate your OpenAIRE account. To activate your " +`
Change email format and add link for activation 2017-11-07 13:21:18 +01:00			`"account, you will need to submit your username and this activation code in order to verify that the" +`
			`"request was legitimate.</p>" +`
			`"<p>" +`
			`"The activation code is " + verificationCode.toString() +`
			`"</p>" +`
			`"Select the URL below and proceed with activating your password." +`
Change email format and add link for verification 2017-11-07 13:41:53 +01:00			`"<p><a href=" + resultPath + ">" + resultPath + "</a></p>" +`
			`"<p>Thank you</p>";`
Add emailSender at register 2017-10-25 16:15:07 +02:00
Change email subject 2017-10-26 15:42:42 +02:00			`String verificationCodeSubject = "Activate your OpenAIRE account";`
Add emailSender at register 2017-10-25 16:15:07 +02:00
Add email and username check 2017-10-26 15:10:30 +02:00			`emailSender.sendEmail(email, verificationCodeSubject, verificationCodeMsg);`
Add emailSender at register 2017-10-25 16:15:07 +02:00
Add email and username check 2017-10-26 15:10:30 +02:00			`response.sendRedirect("./activate.jsp");`
Add variables in session 2017-10-30 15:34:06 +01:00
Add email and username check 2017-10-26 15:10:30 +02:00			`} else {`

Escape chars in regular expession for username 2018-04-04 23:25:50 +02:00			`if(!username.matches("^[a-zA-Z0-9\\.\\_\\-]{4,150}")) {`
Add another java check about username lenght 2017-10-30 14:00:20 +01:00
Added recaptcha 2018-04-12 12:12:32 +02:00			`validateUsername(request, username);`
Change username regulars expression - Allow usernames that start with character or digit, Change error messages 2018-04-06 00:34:36 +02:00
Add another java check about username lenght 2017-10-30 14:00:20 +01:00			`}`

Check if it is zombie user's username or email 2017-11-08 13:00:59 +01:00			`if (ldapActions.usernameExists(username) \|\| ldapActions.isZombieUsersUsername(username)) {`
Add email and username check 2017-10-26 15:10:30 +02:00			`request.getSession().setAttribute("username_message", "Username already exists! Choose another one.");`
			`logger.info("Username already exists");`
			`}`

			`if (ldapActions.emailExists(email)) {`
			`request.getSession().setAttribute("email_message", "There is another user with this email.");`
			`logger.info("There is another user with this email");`
			`}`

Change username regulars expression - Allow usernames that start with character or digit, Change error messages 2018-04-06 00:34:36 +02:00			`if (!EmailValidator.getInstance().isValid(email)) {`
			`request.getSession().setAttribute("email_message", "Please enter a valid email.");`
			`logger.info("Invalid email.");`
			`}`

Check if it is zombie user's username or email 2017-11-08 13:00:59 +01:00			`if (ldapActions.isZombieUsersEmail(email)) {`
			`request.getSession().setAttribute("email_message", "You have already registered with this email address! Please check your email to activate your account or contact OpenAIRE <a href=\"https://www.openaire.eu/support/helpdesk\">helpdesk</a>.");`
			`logger.info("There is another user with this email");`
			`}`

Add variables in session 2017-10-30 15:34:06 +01:00			`request.getSession().setAttribute("first_name", firstName);`
Added recaptcha 2018-04-12 12:12:32 +02:00			`request.getSession().setAttribute("msg_first_name_error_display", "display:none");`

Add variables in session 2017-10-30 15:34:06 +01:00			`request.getSession().setAttribute("last_name", lastName);`
Added recaptcha 2018-04-12 12:12:32 +02:00			`request.getSession().setAttribute("msg_last_name_error_display", "display:none");`

Add variables in session 2017-10-30 15:34:06 +01:00			`request.getSession().setAttribute("organization", organization);`
			`request.getSession().setAttribute("username", username);`
			`request.getSession().setAttribute("email", email);`
Added recaptcha 2018-04-12 12:12:32 +02:00			`request.getSession().setAttribute("msg_email_error_display", "display:none" );`

Add variables in session 2017-10-30 15:34:06 +01:00			`request.getSession().setAttribute("email_conf", confirmEmail);`
Added recaptcha 2018-04-12 12:12:32 +02:00			`request.getSession().setAttribute("msg_email_conf_error_display", "display:none");`
			`request.getSession().setAttribute("msg_email_validation_error_display", "display:none");`

			`request.getSession().setAttribute("msg_password_error_display", "display:none" );`
			`request.getSession().setAttribute("msg_pass_conf_error_display", "display:none" );`
			`request.getSession().setAttribute("msg_invalid_password_display", "display:none");`

			`request.getSession().setAttribute("recaptcha_error_display", "display:none");`
Add variables in session 2017-10-30 15:34:06 +01:00
Add email and username check 2017-10-26 15:10:30 +02:00			`response.sendRedirect("./register.jsp");`
			`}`

Add emailSender at register 2017-10-25 16:15:07 +02:00
Added recaptcha 2018-04-12 12:12:32 +02:00			`} catch (MessagingException e) {`
			`logger.error("Error in sending email", e);`
			`request.getSession().setAttribute("message","Error sending email");`
			`response.sendRedirect(UrlConstructor.getRedirectUrl(request, "./remindUsername.jsp"));`
			`//response.sendRedirect("./error.jsp");`

			`//TODO better handling of these exceprions`
			`}catch (Exception e) {`
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`logger.error("LDAP error in creating user", e);`
Add session check to redirect pages 2018-03-09 17:11:28 +01:00			`response.sendRedirect(UrlConstructor.getRedirectUrl(request, "error.jsp"));`
			`//response.sendRedirect("./error.jsp");`
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`}`
Added recaptcha 2018-04-12 12:12:32 +02:00
			`} else {`

			`request.getSession().setAttribute("first_name", firstName);`
			`request.getSession().setAttribute("last_name", lastName);`
			`request.getSession().setAttribute("organization", organization);`
			`request.getSession().setAttribute("username", username);`
			`request.getSession().setAttribute("email", email);`
			`request.getSession().setAttribute("email_conf", confirmEmail);`

			`if (firstName == null \|\| firstName.isEmpty()) {`
			`request.getSession().setAttribute("msg_first_name_error_display", "display:block" );`
			`}`

			`if (lastName == null \|\| lastName.isEmpty()) {`
			`request.getSession().setAttribute("msg_last_name_error_display", "display:block" );`
			`}`

			`if (username == null \|\| username.isEmpty()) {`
			`request.getSession().setAttribute("username_message", "Minimum username length 5 characters.");`
			`logger.info("Username does not exist.");`

			`} else {`
			`validateUsername(request, username);`
			`}`

			`if (password == null \|\| password.isEmpty()) {`
			`request.getSession().setAttribute("msg_password_error_display", "display:block" );`
			`}`

			`if(!EmailValidator.getInstance().isValid(email)) {`
			`request.getSession().setAttribute("msg_email_validation_error_display", "display:block");`
			`}`

			`if (!email.equals(confirmEmail)) {`
			`request.getSession().setAttribute("msg_email_conf_error_display", "display:block" );`
			`}`

			`if (!password.equals(confirmPassword)){`
			`request.getSession().setAttribute("msg_pass_conf_error_display", "display:block" );`
			`}`

			`if(!isValidPassword(password)) {`
			`request.getSession().setAttribute("msg_invalid_password_display", "display:block");`
			`}`

			`if (!VerifyRecaptcha.verify(gRecaptchaResponse, secret)) {`
			`request.getSession().setAttribute("recaptcha_error_display", "display:block" );`
			`}`

			`response.sendRedirect("./register.jsp");`

Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`}`
Added recaptcha 2018-04-12 12:12:32 +02:00
Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`printWriter.close();`

			`}`
Added recaptcha 2018-04-12 12:12:32 +02:00
			`private void validateUsername(HttpServletRequest request, String username) {`
			`if (username.length() < 5) {`
			`request.getSession().setAttribute("username_message", "Minimum username length 5 characters.");`
			`logger.info("Minimum username length 5 characters.");`
			`}`

			`if (username.length() > 150) {`
			`request.getSession().setAttribute("username_message", "Maximum username length 150 characters.");`
			`logger.info("Maximum username length 150 characters.");`
			`}`

			`if (!username.matches("^[a-zA-Z0-9\\.\\_\\-]")) {`
			`request.getSession().setAttribute("username_allowed_chars_message", "You can use letters, numbers, underscores, hyphens and periods.");`
			`logger.info("Only letters, numbers, underscores, hyphens and periods.");`
			`}`

			`if (!username.matches("^[a-zA-Z0-9].*")) {`
			`request.getSession().setAttribute("username_first_char_message", "The username must start with letter or digit.");`
			`logger.info("The username must start with letter or digit.");`
			`}`
			`}`

			`public static boolean isValidPassword(String password) {`
			`/*`
			`^ # start-of-string`
			`(?=.*[0-9]) # a digit must occur at least once`
			`(?=.*[a-z]) # a lower case letter must occur at least once`
			`(?=.*[A-Z]) # an upper case letter must occur at least once`
			`(?=.*[@#$%^&+=]) # a special character must occur at least once`
			`(?=\S+$) # no whitespace allowed in the entire string`
			`.{8,} # anything, at least eight places though`
			`$ # end-of-string`
			`*/`

			`if (password.matches("^(?=.[0-9])(?=.[a-z])(?=.[A-Z])(?=.[@#$%^&+=])(?=\\S+$).{6,}$")) {`
			`logger.info("Valid password!");`
			`return true;`
			`}`

			`logger.info("Not valid password!");`
			`return false;`
			`}`



Add RegisterServlet.java 2017-10-20 14:31:39 +02:00			`}`