fix facebook login redirect

author: Vitaly Takmazov 2018-06-21 22:49:13 +0300
committer: Vitaly Takmazov 2018-06-21 22:55:53 +0300
commit: 4b75aae5fdfe1612cf1fae7a526ac4afd60a16c5 (patch)
tree: 76bcbd92df2f743ac62b29918bab68ae25c119e4
parent: 8022992b2601badfe53d6e58aa73268d5e8f1aa4 (diff)
3 files changed, 14 insertions, 12 deletions
diff --git a/juick-common/src/main/java/com/juick/service/CrosspostService.java b/juick-common/src/main/java/com/juick/service/CrosspostService.java
index 8db8c935..beac9c8a 100644
--- a/juick-common/src/main/java/com/juick/service/CrosspostService.java
+++ b/juick-common/src/main/java/com/juick/service/CrosspostService.java
@@ -33,9 +33,9 @@ public interface CrosspostService {
 
     boolean deleteTwitterToken(Integer uid);
 
-    void addFacebookState(String state);
+    void addFacebookState(String state, String redirectUri);
 
-    boolean verifyFacebookState(String state);
+    String verifyFacebookState(String state);
 
     Optional<Pair<String, String>> getFacebookTokens(int uid);
 
diff --git a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
index 9ca0c6be..691f9803 100644
--- a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
+++ b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
@@ -58,7 +58,7 @@ public class SocialLogin {
     private String FACEBOOK_APPID;
     @Value("${facebook_secret:secret}")
     private String FACEBOOK_SECRET;
-    private static final String FACEBOOK_REDIRECT = "https://juick.com/_fblogin";
+    private static final String FACEBOOK_REDIRECT = "https://api.juick.com/_fblogin";
     private static final String VK_REDIRECT = "http://juick.com/_vklogin";
     private static final String TWITTER_VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json";
     @Inject
@@ -97,7 +97,7 @@ public class SocialLogin {
                          @RequestParam(required = false) String state) throws IOException, ExecutionException, InterruptedException {
         if (StringUtils.isBlank(code)) {
             String fbstate = UUID.randomUUID().toString();
-            crosspostService.addFacebookState(fbstate);
+            crosspostService.addFacebookState(fbstate, state);
             OAuth20Service facebookAuthService = facebookBuilder
                     .apiSecret(FACEBOOK_SECRET)
                     .callback(FACEBOOK_REDIRECT)
@@ -107,7 +107,9 @@ public class SocialLogin {
             return "redirect:" + facebookAuthService.getAuthorizationUrl();
         }
 
-        if (!crosspostService.verifyFacebookState(state)) {
+        String redirectUrl = crosspostService.verifyFacebookState(state);
+
+        if (StringUtils.isEmpty(redirectUrl)) {
             logger.error("state is missing");
             throw new HttpBadRequestException();
         }
@@ -139,7 +141,7 @@ public class SocialLogin {
                 logger.error("error updating facebook user, id: {}, token: {}", fbID, token.getAccessToken());
                 throw new HttpBadRequestException();
             }
-            UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(state);
+            UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl);
             uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid));
             return "redirect:" + uriComponentsBuilder.build().toUriString();
         } else if (fb.getVerified()) {
diff --git a/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java b/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java
index 0bd5fe66..e1c59e65 100644
--- a/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java
+++ b/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java
@@ -55,17 +55,17 @@ public class CrosspostServiceImpl extends BaseJdbcService implements CrosspostSe
     }
 
     @Override
-    public void addFacebookState(String state) {
-        jdbcTemplate.update("INSERT INTO facebook(loginhash) VALUES(?)", state);
+    public void addFacebookState(String state, String redirectUri) {
+        jdbcTemplate.update("INSERT INTO facebook(loginhash, fb_link) VALUES(?, ?)", state, redirectUri);
     }
 
     @Override
-    public boolean verifyFacebookState(String state) {
+    public String verifyFacebookState(String state) {
         try {
-            return jdbcTemplate.queryForObject("SELECT COUNT(loginhash) FROM facebook WHERE loginhash=?",
-                    Integer.class, state) == 1;
+            return jdbcTemplate.queryForObject("SELECT fb_link FROM facebook WHERE loginhash=?",
+                    String.class, state);
         } catch (EmptyResultDataAccessException e) {
-            return false;
+            return StringUtils.EMPTY;
         }
     }
author	Vitaly Takmazov	2018-06-21 22:49:13 +0300
committer	Vitaly Takmazov	2018-06-21 22:55:53 +0300
commit	4b75aae5fdfe1612cf1fae7a526ac4afd60a16c5 (patch)
tree	76bcbd92df2f743ac62b29918bab68ae25c119e4
parent	8022992b2601badfe53d6e58aa73268d5e8f1aa4 (diff)