pefido / ss Goto Github PK

void change_pwd(String name, String pwd1, String pwd2)

• changes the password of the account name to pwd1
• pwd1 and pwd2 given in cleartext
• preconditions:
  • name must identify an created account
  • pwd1 == pwd2 (see note in comments on create_account)

void logout(Account a)

• logs out the account a (sets logged_in to false)

Se o utilizador já estiver logado conseguimos aceder ao form login. É preciso tratar desses redirects.

void delete_account(String name)

• deletes an existing account object
  • deleted account should be deleted from the associated persistent storage
  • preconditions
  • the account cannot be logged in
  • the account must be locked (so no one will authenticate on the way)

Account login(HttpServletRequest req, HttpServletResponse resp)

• to authenticate the caller in every servlet interaction
• caller is supposed to be already logged in
• extracts name and (hashed) password from req state
• several possible implementations
  • cookie
  • session parameters (easier)
• If this fails, raise AuthenticationError exception
• Otherwise, call login(String name, String pwd)
• this method is supposed to be called by all application operations that require authentication (e.g., if the app needs to know who is the authority requesting the op)

void create_account(String name, String pwd1, String pwd2)

• creates a new account object
• created account info should be stored (serialised) in persistent storage (e.g., file, sql(lite) database)
  • name: the account name (must not be defined yet)
  • pwd1, pwd2: the password (in cleartext)
    • precondition: pwd1 == pwd2
    • this common trick is just to remind the API user (the programmer) to ask for pwd confirmation
• the account pwd must be stored in encrypted form (using non-invertible hash, see example below)

Account get_account(String name)

• returns a clone (readonly) of an existing account object

Account login(String name, String pwd)

• authenticates the caller, given name and password
• checks if name is defined as a account name
• if not, raise exception (UndefinedAccount)
• checks if account is locked
• if locked, raise exception (LockedAccount)
• compares the encryption of pwd with the stored hash
• if comparison succeeds, sets logged_in to true and succeeds, returning the authenticated account
• otherwise raise exception (AuthenticationError)
• must not let password flow anywhere else

Aparentemente tudo o que não usa preparedstatement tá sujeito a SQLInjection, por isso mudar tudo para isso seria fixe (quando tiver tudo terminado)