Commit 27f74d20 authored by Simen.Forland's avatar Simen.Forland
Browse files

Finished Oblig

parent f1868580
......@@ -59,7 +59,13 @@ Task 0a)
Task 0b)
Her I created the classes UserName and Password. I then replaced all uses of String username
and String password with these classes instead.
and String password in the Handler and InChat with these classes. I know the task asked to
change the Strings used in Account and User. But since these classes takes their input from
InChat and Handler, I saw no reason to replace the ones in Account and User.
I did fix the password check for "login" in InChat. I also created a NIST password checker
for the "register" in InChat. It's currently commented out, as it makes the mvn test fail, since
one of the test user has a password shorter than 8 characters. It does however work and can be
found at line 111.
Task 0c)
Here I simply added an ".setSecure(true);" to the new cookies created on line 139 in the handler.
......@@ -71,16 +77,30 @@ Task 1)
used "executeQuery(sql)" instead of "executeUpdate(sql)". When I tried to fix these, the mvn test
would fail.
While fixing these injections I ran the "mvn test" to make sure everything was working, however.
When I finished, I discovered that InChat stopps working when creating a new chatroom. I did not
When I finished, I discovered that InChat runs into an HTTP ERROR 404 when you try to make a new
channel. I did wasn't able to find the problem, so Create Channel is still broken.
Task 2)
I was only able to fix
I was only able to add an HTTP ONLY flag on the Cookies created, however. It is currently
commented out, as I ran into a problem where I was never able to leave the create user window.
You can see it in Handler.java at line 141
Task 3)
I did not manage to complete this task
Task 4)
I was able to create an "if(request.getParameter("setpermission")!= null)" in Handler which called the
setRole in InChat when you press the set permission button. The setRole however is not complete. It
currently allows you to set the role of an existing user, however the roles won't save properly and
everyone can use it despite the fact that the owner is the only one supposed to use it.
I did however make it print out the user who's role has been changed in the form of a chat message.
The owner is also set when creating the channel, and all new users joining is automatically set as
participants.
The roles doesn't actually affect anything. I tried to make if statements similar to the ones in
login and register where only users in the owner or participants lists could for example post a message
or delete a comment. This however caused a problem where when the page would crash if you posted as a
user without permission.
In the end. You're able to set roles and be notified when they are set, but they don't actually do anything.
Task 5)
I did not manage to complete this task
......@@ -138,6 +138,7 @@ public class Handler extends AbstractHandler
// We set the session cookie to keep the user logged in:
Cookie cook = new Cookie("session",session.identity.toString());
cook.setSecure(true);
//cook.setHttpOnly(true);
response.addCookie(cook);
final PrintWriter out = response.getWriter();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment