/* * Copyright 2015 MongoDB, Inc. * * Licensed under the Apache License, V

1. /*
2. * Copyright 2015 MongoDB, Inc.
3. *
4. * Licensed under the Apache License, Version 2.0 (the "License");
5. * you may not use this file except in compliance with the License.
6. * You may obtain a copy of the License at
7. *
8. * http://www.apache.org/licenses/LICENSE-2.0
9. *
10. * Unless required by applicable law or agreed to in writing, software
11. * distributed under the License is distributed on an "AS IS" BASIS,
12. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13. * See the License for the specific language governing permissions and
14. * limitations under the License.
15. */
16.  
17. package course;
18.  
19. import com.mongodb.ErrorCategory;
20. import com.mongodb.MongoWriteException;
21. import com.mongodb.client.MongoCollection;
22. import com.mongodb.client.MongoDatabase;
23. import org.bson.Document;
24. import sun.misc.BASE64Encoder;
25.  
26. import java.io.UnsupportedEncodingException;
27. import java.security.MessageDigest;
28. import java.security.NoSuchAlgorithmException;
29. import java.security.SecureRandom;
30. import java.util.Random;
31.  
32.  
33. public class UserDAO {
34. private final MongoCollection<Document> usersCollection;
35. private Random random = new SecureRandom();
36.  
37. public UserDAO(final MongoDatabase blogDatabase) {
38. usersCollection = blogDatabase.getCollection("users");
39. }
40.  
41. // validates that username is unique and insert into db
42. public boolean addUser(String username, String password, String email) {
43.  
44. String passwordHash = makePasswordHash(password, Integer.toString(random.nextInt()));
45.  
46.  
47. Document doc = new Document("username", username).append("_id", username).append("password", passwordHash);
48.  
49. // XXX WORK HERE
50. // create an object suitable for insertion into the user collection
51. // be sure to add username and hashed password to the document. problem instructions
52. // will tell you the schema that the documents must follow.
53.  
54. if (email != null && !email.equals("")) {
55. // XXX WORK HERE
56. // if there is an email address specified, add it to the document too.
57. doc.append("email", email);
58. }
59.  
60. try {
61. // XXX WORK HERE
62. // insert the document into the user collection here
63. usersCollection.insertOne(doc);
64. return true;
65. } catch (MongoWriteException e) {
66. if (e.getError().getCategory().equals(ErrorCategory.DUPLICATE_KEY)) {
67. System.out.println("Username already in use: " + username);
68. return false;
69. }
70. throw e;
71. }
72. }
73.  
74. public Document validateLogin(String username, String password) {
75. Document user = null;
76.  
77. // XXX look in the user collection for a user that has this username
78. // assign the result to the user variable.
79. user = usersCollection.find(new Document("username", username)).first();
80. if (user == null) {
81. System.out.println("User not in database");
82. return null;
83. }
84.  
85. String hashedAndSalted = user.get("password").toString();
86.  
87. String salt = hashedAndSalted.split(",")[1];
88.  
89. if (!hashedAndSalted.equals(makePasswordHash(password, salt))) {
90. System.out.println("Submitted password is not a match");
91. return null;
92. }
93.  
94. return user;
95. }
96.  
97.  
98. private String makePasswordHash(String password, String salt) {
99. try {
100. String saltedAndHashed = password + "," + salt;
101. MessageDigest digest = MessageDigest.getInstance("MD5");
102. digest.update(saltedAndHashed.getBytes());
103. BASE64Encoder encoder = new BASE64Encoder();
104. byte hashedBytes[] = (new String(digest.digest(), "UTF-8")).getBytes();
105. return encoder.encode(hashedBytes) + "," + salt;
106. } catch (NoSuchAlgorithmException e) {
107. throw new RuntimeException("MD5 is not available", e);
108. } catch (UnsupportedEncodingException e) {
109. throw new RuntimeException("UTF-8 unavailable? Not a chance", e);
110. }
111. }
112. }