UserAccountServlet.java

package com.googlecode.flickr2twitter.servlet;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.mortbay.log.Log;

import com.google.appengine.repackaged.com.google.common.base.StringUtil;
import com.googlecode.flickr2twitter.datastore.MessageDigestUtil;
import com.googlecode.flickr2twitter.datastore.MyPersistenceManagerFactory;
import com.googlecode.flickr2twitter.datastore.model.User;
import com.googlecode.flickr2twitter.org.apache.commons.lang3.StringUtils;

/**
 * @author Meng Zang (DeepNightTwo@gmail.com)
 * 
 */

public class UserAccountServlet extends HttpServlet {

	private static final long serialVersionUID = 1L;

	// private static final Logger log =
	// Logger.getLogger(UserAccountServlet.class
	// .getName());

	public static final String OPT_ADD_USER = "Add_User";
	public static final String OPT_LOGIN = "Login";
	public static final String OPT_Change_Display_Name = "ChangeDisplayName";
	public static final String OPT_Change_Password = "ChangPassword";

	public static final String PARA_OPT = "operation";

	public static final String PARA_SESSION_USER = "user";

	public static final String PARA_KEY = "user_key";
	public static final String PARA_EMAIL = "user_email";
	public static final String PARA_PASSWORD = "user_password";
	public static final String PARA_SCREEN_NAME = "user_screenName";
	public static final String PARA_PERMISSION = "user_permission";

	public static final String PARA_PASSWORD_1 = "user_password_1";
	public static final String PARA_PASSWORD_2 = "user_password_2";

	@Override
	protected void service(HttpServletRequest req, HttpServletResponse resp)
			throws ServletException, IOException {
		StringBuffer msg = new StringBuffer();

		resp.setContentType("text/plain");
		String operation = req.getParameter(PARA_OPT);

		try {
			if (OPT_ADD_USER.equalsIgnoreCase(operation)) {
				addUserAccount(req, resp, msg);
			} else if (OPT_LOGIN.equalsIgnoreCase(operation)) {
				doLogin(req, resp, msg);
			} else if (OPT_Change_Display_Name.equalsIgnoreCase(operation)) {
				updateUserDisplayName(req, resp, msg);
			} else if (OPT_Change_Password.equalsIgnoreCase(operation)) {
				updateUserPassord(req, resp, msg);
			}
		} catch (Exception ex) {
			msg.append("Exception occured:\n");
			msg.append(ex.getMessage());
		} finally {
			if (msg.length() > 0) {
				req.getSession().setAttribute("message", msg.toString());
			}
			resp.sendRedirect("/index.jsp");
		}
	}

	private void updateUserDisplayName(HttpServletRequest req,
			HttpServletResponse resp, StringBuffer msg) {
		User user = (User) req.getSession().getAttribute(
				UserAccountServlet.PARA_SESSION_USER);
		if (user == null) {
			msg.append("Please login first before change your display name.");
			return;
		}
		String screenName = req.getParameter(PARA_SCREEN_NAME);
		if (StringUtils.isBlank(screenName) == true) {
			msg.append("Display name could not be empty.");
			return;
		}
		user = MyPersistenceManagerFactory.updateUserDisplayName(user.getKey(),
				screenName);
		if (user == null) {
			msg.append("Update user display name failed due to database internal error.");
			return;
		}
		req.getSession().setAttribute(PARA_SESSION_USER, user);

		msg.append("Update display name to " + screenName);
	}

	private void updateUserPassord(HttpServletRequest req,
			HttpServletResponse resp, StringBuffer msg) {
		User user = (User) req.getSession().getAttribute(
				UserAccountServlet.PARA_SESSION_USER);

		String password = req.getParameter(PARA_PASSWORD);
		String password1 = req.getParameter(PARA_PASSWORD_1);
		String password2 = req.getParameter(PARA_PASSWORD_2);
		if (StringUtils.isBlank(password1) == true) {
			msg.append("Password could not be empty.");
			return;
		}

		try {
			if (user.getPassword().equals(
					MessageDigestUtil.getSHAPassword(password)) == false) {
				msg.append("Old password specified is incorrect.");
				return;
			}
		} catch (NoSuchAlgorithmException e) {
			msg.append("Unable to verify old password. Error message is :"
					+ e.getMessage());
			Log.warn(e);
		}

		if (StringUtils.equals(password1, password2) == false) {
			msg.append("New passwords don't match.");
			return;
		}

		user = MyPersistenceManagerFactory.updateUserPassword(user.getKey(),
				password1);
		if (user == null) {
			msg.append("Update user display name failed due to database internal error.");
			return;
		}
		req.getSession().setAttribute(PARA_SESSION_USER, user);
		msg.append("Password is changed successfully.");
	}

	private void addUserAccount(HttpServletRequest req,
			HttpServletResponse resp, StringBuffer msg) {
		String userEmail = req.getParameter(PARA_EMAIL);
		String password = req.getParameter(PARA_PASSWORD);
		String screenName = req.getParameter(PARA_SCREEN_NAME);

		if (StringUtils.isEmpty(userEmail) == true) {
			msg.append("User Email could not be empty! Creation is not successful.");
			return;
		}

		MyPersistenceManagerFactory.createNewUser(userEmail, password,
				screenName);
	}

	private void doLogin(HttpServletRequest req, HttpServletResponse resp,
			StringBuffer msg) {
		String userEmail = req.getParameter(PARA_EMAIL);
		String password = req.getParameter(PARA_PASSWORD);
		if (StringUtils.isEmpty(userEmail) == true) {
			msg.append("User Email could not be empty! Login failed.");
			return;
		}
		User user = MyPersistenceManagerFactory.getLoginUser(userEmail,
				password);
		if (user == null) {
			msg.append("User name and password not match! Login failed");
		} else {
			msg.append("Login Success!");
			req.getSession().setAttribute(PARA_SESSION_USER, user);
		}

	}

}