MCPcopy Create free account
hub / github.com/OWASP/SecurityShepherd / doPost

Method doPost

src/main/java/servlets/Register.java:54–170  ·  view source on GitHub ↗

Initiated by register.jsp. If successful a player is added to the system, otherwise there is no change. Adding the player to the database is handled by the dbProcs.Setter class. Email is stored for future application expansion This function will request requests if the application's registration fun

(HttpServletRequest request, HttpServletResponse response)

Source from the content-addressed store, hash-verified

52 * @param userAddressCnf User's Email Confirmation
53 */
54 public void doPost (HttpServletRequest request, HttpServletResponse response)
55 throws ServletException, IOException
56 {
57 //Setting IpAddress To Log and taking header for original IP if forwarded from proxy
58 ShepherdLogManager.setRequestIp(request.getRemoteAddr(), request.getHeader("X-Forwarded-For"));
59 log.debug("**** servlets.Register ***");
60 PrintWriter out = response.getWriter();
61 out.print(getServletInfo());
62 if(OpenRegistration.isEnabled())
63 {
64 HttpSession ses = request.getSession(true);
65 boolean notNull = false;
66 boolean notEmpty = false;
67 boolean validPasswords = false;
68 boolean validAddress = false;
69 boolean userValidate = false;
70 try
71 {
72 log.debug("Getting ApplicationRoot");
73 String ApplicationRoot = getServletContext().getRealPath("");
74 log.debug("Servlet root = " + ApplicationRoot );
75
76 log.debug("Ensuring not a CSRF");
77 String paramToken = (String)request.getParameter("csrfToken");
78 String sessToken = (String)ses.getAttribute("csrfToken");
79 if(paramToken.compareTo(sessToken) == 0)
80 {
81 log.debug("Getting Registration Parameters");
82 String userName = (String)request.getParameter("userName");
83 log.debug("userName = " + userName);
84 String passWord = (String)request.getParameter("passWord");
85 log.debug("passWord retrieved");
86 String passWordConfirm = (String)request.getParameter("passWordConfirm");
87 log.debug("passWordConfirm retrieved");
88 String userAddress = (String)request.getParameter("userAddress");
89 log.debug("userAddress = " + userAddress);
90 String userAddressCnf = (String)request.getParameter("userAddressCnf");
91 log.debug("userAddressCnf = " + userAddressCnf);
92
93 //Validation
94 log.debug("Checking for nulls");
95 notNull = (userName != null && passWord != null);
96 log.debug("Ensuring strings are not empty");
97 notEmpty = (!userName.isEmpty() && !passWord.isEmpty());
98 log.debug("Validating passwords");
99 validPasswords = passWord.compareTo(passWordConfirm) == 0; // 0 returned if the same
100 log.debug("Validating addresses");
101 validAddress = userAddress.compareTo(userAddressCnf) == 0;
102 validAddress = (Validate.isValidEmailAddress(userAddress) && validAddress);
103 if(!validAddress)
104 userAddress = new String();
105 boolean basicValidation = validPasswords && notNull && notEmpty;
106 if(basicValidation && !validAddress)
107 userValidate = (Validate.isValidUser(userName, passWord));
108 else
109 userValidate = (Validate.isValidUser(userName, passWord, userAddress));
110 if(basicValidation && userValidate)
111 {

Callers

nothing calls this directly

Calls 6

setRequestIpMethod · 0.95
isEnabledMethod · 0.95
isValidEmailAddressMethod · 0.95
isValidUserMethod · 0.95
userCreateMethod · 0.95
getSessionMethod · 0.80

Tested by

no test coverage detected