/*
* Copyright 2015 MongoDB, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package course;
import com.mongodb.ErrorCategory;
import com.mongodb.MongoWriteException;
import com.mongodb.client.MongoCollection;
import com.mongodb.client.MongoDatabase;
import com.mongodb.client.model.Filters;
import org.bson.Document;
import org.bson.conversions.Bson;
import sun.misc.BASE64Encoder;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Random;
public class UserDAO {
private final MongoCollection<Document> usersCollection;
private Random random = new SecureRandom();
public UserDAO(final MongoDatabase blogDatabase) {
usersCollection = blogDatabase.getCollection("users");
}
// validates that username is unique and insert into db
public boolean addUser(String username, String password, String email) {
String passwordHash = makePasswordHash(password, Integer.toString(random.nextInt()));
// create an object suitable for insertion into the user collection
// be sure to add username and hashed password to the document. problem instructions
// will tell you the schema that the documents must follow.
Document userDoc = new Document("_id", username).append("password", passwordHash);
if (email != null && !email.equals("")) {
// if there is an email address specified, add it to the document too.
userDoc.append("email", email);
}
try {
// insert the document into the user collection here
usersCollection.insertOne(userDoc);
return true;
} catch (MongoWriteException e) {
if (e.getError().getCategory().equals(ErrorCategory.DUPLICATE_KEY)) {
System.out.println("Username already in use: " + username);
return false;
}
throw e;
}
}
public Document validateLogin(String username, String password) {
Document user = null;
// assign the result to the user variable.
Bson filterByUsername = Filters.eq("_id", username);
user = usersCollection.find(filterByUsername).first();
if (user == null) {
System.out.println("User not in database");
return null;
}
String hashedAndSalted = user.get("password").toString();
String salt = hashedAndSalted.split(",")[1];
if (!hashedAndSalted.equals(makePasswordHash(password, salt))) {
System.out.println("Submitted password is not a match");
return null;
}
return user;
}
private String makePasswordHash(String password, String salt) {
try {
String saltedAndHashed = password + "," + salt;
MessageDigest digest = MessageDigest.getInstance("MD5");
digest.update(saltedAndHashed.getBytes());
BASE64Encoder encoder = new BASE64Encoder();
byte hashedBytes[] = (new String(digest.digest(), "UTF-8")).getBytes();
return encoder.encode(hashedBytes) + "," + salt;
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("MD5 is not available", e);
} catch (UnsupportedEncodingException e) {
throw new RuntimeException("UTF-8 unavailable? Not a chance", e);
}
}
}