VK login

author: Vitaly Takmazov 2018-06-22 10:07:13 +0300
committer: Vitaly Takmazov 2018-06-22 10:33:24 +0300
commit: c9834a79f4eb7fc4739bb6d588cbfdf591ae9d82 (patch)
tree: 71e5453c7bd8041b540f761fde6dd3c4bd0c7d2a
parent: 4b75aae5fdfe1612cf1fae7a526ac4afd60a16c5 (diff)
3 files changed, 34 insertions, 20 deletions
diff --git a/juick-common/src/main/java/com/juick/service/CrosspostService.java b/juick-common/src/main/java/com/juick/service/CrosspostService.java
index beac9c8a..38481d72 100644
--- a/juick-common/src/main/java/com/juick/service/CrosspostService.java
+++ b/juick-common/src/main/java/com/juick/service/CrosspostService.java
@@ -35,8 +35,12 @@ public interface CrosspostService {
 
     void addFacebookState(String state, String redirectUri);
 
+    void addVKState(String state, String redirectUri);
+
     String verifyFacebookState(String state);
 
+    String verifyVKState(String state);
+
     Optional<Pair<String, String>> getFacebookTokens(int uid);
 
     ApplicationStatus getFbCrossPostStatus(int uid);
diff --git a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
index 691f9803..dc7425e1 100644
--- a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
+++ b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
@@ -18,6 +18,7 @@ package com.juick.server.api;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.github.scribejava.apis.FacebookApi;
+import com.github.scribejava.apis.VkontakteApi;
 import com.github.scribejava.core.builder.ServiceBuilder;
 import com.github.scribejava.core.model.OAuth2AccessToken;
 import com.github.scribejava.core.model.OAuthRequest;
@@ -29,6 +30,7 @@ import com.juick.service.CrosspostService;
 import com.juick.service.EmailService;
 import com.juick.service.TelegramService;
 import com.juick.service.UserService;
+import com.juick.vk.UsersResponse;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.math.NumberUtils;
 import org.slf4j.Logger;
@@ -59,7 +61,7 @@ public class SocialLogin {
     @Value("${facebook_secret:secret}")
     private String FACEBOOK_SECRET;
     private static final String FACEBOOK_REDIRECT = "https://api.juick.com/_fblogin";
-    private static final String VK_REDIRECT = "http://juick.com/_vklogin";
+    private static final String VK_REDIRECT = "https://api.juick.com/_vklogin";
     private static final String TWITTER_VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json";
     @Inject
     private ObjectMapper jsonMapper;
@@ -210,17 +212,13 @@ public class SocialLogin {
                 }
             }
         }
-    }
+    }*/
     @GetMapping("/_vklogin")
-    protected String doVKLogin(HttpServletRequest request,
-                           @RequestParam(required = false) String code,
-                           @RequestParam(required = false) String state,
-                           @CookieValue(required = false) String vkstate,
-                           HttpServletResponse response) throws IOException, ExecutionException, InterruptedException {
+    protected String doVKLogin(@RequestParam(required = false) String code,
+                           @RequestParam String state) throws IOException, ExecutionException, InterruptedException {
         if (StringUtils.isBlank(code)) {
-            vkstate = UUID.randomUUID().toString();
-            Cookie c = new Cookie("vkstate", vkstate);
-            response.addCookie(c);
+            String vkstate = UUID.randomUUID().toString();
+            crosspostService.addVKState(vkstate, state);
             OAuth20Service vkAuthService = vkBuilder
                     .apiSecret(VK_SECRET)
                     .scope("friends,wall,offline")
@@ -230,12 +228,10 @@ public class SocialLogin {
             return "redirect:" + vkAuthService.getAuthorizationUrl();
         }
 
-        if (StringUtils.isBlank(vkstate) || !vkstate.equals(state)) {
+        String redirectUrl = crosspostService.verifyVKState(state);
+        if (StringUtils.isBlank(redirectUrl)) {
+            logger.error("state is missing");
             throw new HttpBadRequestException();
-        } else {
-            Cookie c = new Cookie("vkstate", "-");
-            c.setMaxAge(0);
-            response.addCookie(c);
         }
 
         OAuth20Service vkService = vkBuilder
@@ -260,10 +256,9 @@ public class SocialLogin {
         Long vkID = NumberUtils.toLong(jsonUser.getId(), 0);
         int uid = crosspostService.getUIDbyVKID(vkID);
         if (uid > 0) {
-            Cookie c = new Cookie("hash", userService.getHashByUID(uid));
-            c.setMaxAge(50 * 24 * 60 * 60);
-            response.addCookie(c);
-            return Utils.getPreviousPageByRequest(request).orElse("redirect:/");
+            UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl);
+            uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid));
+            return "redirect:" + uriComponentsBuilder.build().toUriString();
         } else {
             String loginhash = UUID.randomUUID().toString();
             if (!crosspostService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) {
@@ -273,7 +268,7 @@ public class SocialLogin {
             return "redirect:/signup?type=vk&hash=" + loginhash;
         }
     }
-
+    /*
     @GetMapping("/_tglogin")
     public String doDurovLogin(HttpServletRequest request,
                                @RequestParam Map<String, String> params,
diff --git a/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java b/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java
index e1c59e65..14bdc7e2 100644
--- a/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java
+++ b/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java
@@ -60,6 +60,11 @@ public class CrosspostServiceImpl extends BaseJdbcService implements CrosspostSe
     }
 
     @Override
+    public void addVKState(String state, String redirectUri) {
+        jdbcTemplate.update("INSERT INTO vk(loginhash, vk_link) VALUES(?, ?)", state, redirectUri);
+    }
+
+    @Override
     public String verifyFacebookState(String state) {
         try {
             return jdbcTemplate.queryForObject("SELECT fb_link FROM facebook WHERE loginhash=?",
@@ -69,6 +74,16 @@ public class CrosspostServiceImpl extends BaseJdbcService implements CrosspostSe
         }
     }
 
+    @Override
+    public String verifyVKState(String state) {
+        try {
+            return jdbcTemplate.queryForObject("SELECT vk_link FROM vk WHERE loginhash=?",
+                    String.class, state);
+        } catch (EmptyResultDataAccessException e) {
+            return StringUtils.EMPTY;
+        }
+    }
+
     @Transactional(readOnly = true)
     @Override
     public Optional<Pair<String, String>> getFacebookTokens(final int uid) {
author	Vitaly Takmazov	2018-06-22 10:07:13 +0300
committer	Vitaly Takmazov	2018-06-22 10:33:24 +0300
commit	c9834a79f4eb7fc4739bb6d588cbfdf591ae9d82 (patch)
tree	71e5453c7bd8041b540f761fde6dd3c4bd0c7d2a
parent	4b75aae5fdfe1612cf1fae7a526ac4afd60a16c5 (diff)