aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2023-01-11 06:57:36 +0300
committerGravatar Vitaly Takmazov2023-01-11 06:57:36 +0300
commit6c3663df82c7e29febc0aebd51717184df7da09c (patch)
tree6b987923e6b28081352f67687306a5c410a2c738
parente96411433898f940b22257affba284787e2783cd (diff)
Social login refactoring: set cookie after login
-rw-r--r--src/main/java/com/juick/TelegramBotManager.java20
-rw-r--r--src/main/java/com/juick/service/TelegramService.java2
-rw-r--r--src/main/java/com/juick/service/TelegramServiceImpl.java10
-rw-r--r--src/main/java/com/juick/service/UserService.java2
-rw-r--r--src/main/java/com/juick/service/UserServiceImpl.java16
-rw-r--r--src/main/java/com/juick/www/controllers/SignUp.java17
-rw-r--r--src/main/java/com/juick/www/controllers/SocialLogin.java22
7 files changed, 56 insertions, 33 deletions
diff --git a/src/main/java/com/juick/TelegramBotManager.java b/src/main/java/com/juick/TelegramBotManager.java
index b68658ae..b92704a0 100644
--- a/src/main/java/com/juick/TelegramBotManager.java
+++ b/src/main/java/com/juick/TelegramBotManager.java
@@ -136,7 +136,7 @@ public class TelegramBotManager implements NotificationListener {
logger.error("error parsing telegram update: {}", update);
return;
}
- User user_from = userService.getUserByUID(telegramService.getUser(message.chat().id())).orElse(AnonymousUser.INSTANCE);
+ User user_from = userService.getUserByTelegramId(message.chat().id()).orElse(AnonymousUser.INSTANCE);
logger.info("Found juick user {}", user_from.getUid());
Optional<Pair<Integer, Integer>> originalMessageData = messagesService.findMessageByProperty("durovId",
String.valueOf(message.messageId()));
@@ -157,7 +157,7 @@ public class TelegramBotManager implements NotificationListener {
telegramNotify(message.chat().id(), "Error updating message", new com.juick.model.Message());
}
} else {
- User user_from = userService.getUserByUID(telegramService.getUser(message.chat().id())).orElse(AnonymousUser.INSTANCE);
+ User user_from = userService.getUserByTelegramId(message.chat().id()).orElse(AnonymousUser.INSTANCE);
logger.info("Found juick user {}", user_from.getUid());
String username = message.from().username();
@@ -355,7 +355,7 @@ public class TelegramBotManager implements NotificationListener {
}
private void processTelegramResponse(Long chatId, SendResponse response, com.juick.model.Message source) {
- int userId = telegramService.getUser(chatId);
+ var user = userService.getUserByTelegramId(chatId).orElse(AnonymousUser.INSTANCE);
if (!response.isOk()) {
if (response.errorCode() == 403) {
// remove from anonymous users
@@ -365,11 +365,9 @@ public class TelegramBotManager implements NotificationListener {
logger.info("deleted {} chat", d);
}
);
- if (userId > 0) {
- User userToDelete = userService.getUserByUID(userId)
- .orElseThrow(IllegalStateException::new);
- boolean status = telegramService.deleteTelegramUser(userToDelete.getUid());
- logger.info("deleting telegram id of @{} : {}", userToDelete.getName(), status);
+ if (!user.isAnonymous()) {
+ boolean status = telegramService.deleteTelegramUser(user.getUid());
+ logger.info("deleting telegram id of @{} : {}", user.getName(), status);
}
} else {
logger.warn("error response, isOk: {}, errorCode: {}, description: {}",
@@ -377,9 +375,7 @@ public class TelegramBotManager implements NotificationListener {
}
} else {
if (MessageUtils.isReply(source)) {
- messagesService.setLastReadComment(userService.getUserByUID(userId)
- .orElseThrow(IllegalStateException::new), source.getMid(), source.getRid());
- User user = userService.getUserByUID(userId).orElseThrow(IllegalStateException::new);
+ messagesService.setLastReadComment(user, source.getMid(), source.getRid());
userService.updateLastSeen(user);
applicationEventPublisher.publishEvent(
new SystemEvent(this, SystemActivity.read(user, source)));
@@ -453,7 +449,7 @@ public class TelegramBotManager implements NotificationListener {
users.forEach(c -> telegramNotify(c, msg, jmsg));
// anonymous
- chats.stream().filter(u -> telegramService.getUser(u) == 0).forEach(c -> telegramNotify(c, msg, jmsg));
+ chats.stream().filter(u -> userService.getUserByTelegramId(u).isPresent()).forEach(c -> telegramNotify(c, msg, jmsg));
}
}
diff --git a/src/main/java/com/juick/service/TelegramService.java b/src/main/java/com/juick/service/TelegramService.java
index 4acf4cbe..16ba531d 100644
--- a/src/main/java/com/juick/service/TelegramService.java
+++ b/src/main/java/com/juick/service/TelegramService.java
@@ -30,8 +30,6 @@ public interface TelegramService {
List<Long> getAnonymous();
- int getUser(long tgId);
-
boolean createTelegramUser(long tgID, String tgName);
boolean deleteTelegramUser(Integer uid);
diff --git a/src/main/java/com/juick/service/TelegramServiceImpl.java b/src/main/java/com/juick/service/TelegramServiceImpl.java
index 12142e7a..7b893b6b 100644
--- a/src/main/java/com/juick/service/TelegramServiceImpl.java
+++ b/src/main/java/com/juick/service/TelegramServiceImpl.java
@@ -45,16 +45,6 @@ public class TelegramServiceImpl extends BaseJdbcService implements TelegramServ
return getJdbcTemplate().queryForList("SELECT tg_id FROM telegram WHERE user_id IS NULL", Long.class);
}
- @Transactional(readOnly = true)
- @Override
- public int getUser(final long tgId) {
- List<Integer> list = getJdbcTemplate().queryForList(
- "SELECT id FROM users INNER JOIN telegram " +
- "ON telegram.user_id = users.id WHERE telegram.tg_id=?", Integer.class, tgId);
-
- return list.isEmpty() ? 0 : list.get(0);
- }
-
@Transactional
@Override
public boolean createTelegramUser(final long tgID, final String tgName) {
diff --git a/src/main/java/com/juick/service/UserService.java b/src/main/java/com/juick/service/UserService.java
index 8fe8bc1f..8d7f7e02 100644
--- a/src/main/java/com/juick/service/UserService.java
+++ b/src/main/java/com/juick/service/UserService.java
@@ -180,6 +180,8 @@ public interface UserService {
String getTelegramNameByHash(String hash);
+ Optional<User> getUserByTelegramId(final Long id);
+
@CacheEvict(value = "users_by_name", allEntries = true)
boolean setFacebookUser(String hash, int uid);
diff --git a/src/main/java/com/juick/service/UserServiceImpl.java b/src/main/java/com/juick/service/UserServiceImpl.java
index ab947bac..69ca7569 100644
--- a/src/main/java/com/juick/service/UserServiceImpl.java
+++ b/src/main/java/com/juick/service/UserServiceImpl.java
@@ -783,6 +783,22 @@ public class UserServiceImpl extends BaseJdbcService implements UserService {
return list.isEmpty() ?
StringUtils.EMPTY : list.get(0);
}
+ @Override
+ @Transactional(readOnly = true)
+ public Optional<User> getUserByTelegramId(Long id) {
+ List<User> list = getJdbcTemplate().query(
+ """
+ SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen,
+ COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified
+ FROM users u LEFT JOIN facebook f ON f.user_id = u.id
+ LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id
+ LEFT JOIN emails e ON e.user_id = u.id
+ WHERE t.tg_id = ?""",
+ new UserMapper(), id
+ );
+
+ return list.isEmpty() ? Optional.empty() : Optional.of(list.get(0));
+ }
@Transactional(readOnly = true)
@Override
diff --git a/src/main/java/com/juick/www/controllers/SignUp.java b/src/main/java/com/juick/www/controllers/SignUp.java
index 8318dabd..955b3b92 100644
--- a/src/main/java/com/juick/www/controllers/SignUp.java
+++ b/src/main/java/com/juick/www/controllers/SignUp.java
@@ -24,8 +24,13 @@ import com.juick.www.WebApp;
import com.juick.service.EmailService;
import com.juick.service.UserService;
import com.juick.service.security.entities.JuickUser;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.security.authentication.RememberMeAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.GetMapping;
@@ -48,6 +53,8 @@ public class SignUp {
private EmailService emailService;
@Inject
private WebApp webApp;
+ @Inject
+ private RememberMeServices rememberMeServices;
@GetMapping("/signup")
@@ -91,6 +98,8 @@ public class SignUp {
@PostMapping("/signup")
protected String doPost(
+ HttpServletRequest request,
+ HttpServletResponse response,
@ModelAttribute User visitor,
@RequestParam String type,
@RequestParam String hash,
@@ -180,9 +189,11 @@ public class SignUp {
}
if (visitor.isAnonymous()) {
- UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
- new UsernamePasswordAuthenticationToken(new JuickUser(current), password, JuickUser.USER_AUTHORITY);
- SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
+ var authentication = new RememberMeAuthenticationToken(
+ ((AbstractRememberMeServices) rememberMeServices).getKey(),
+ new JuickUser(current), JuickUser.USER_AUTHORITY);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ rememberMeServices.loginSuccess(request, response, authentication);
}
return "redirect:/";
}
diff --git a/src/main/java/com/juick/www/controllers/SocialLogin.java b/src/main/java/com/juick/www/controllers/SocialLogin.java
index 3d8e7027..66747df2 100644
--- a/src/main/java/com/juick/www/controllers/SocialLogin.java
+++ b/src/main/java/com/juick/www/controllers/SocialLogin.java
@@ -27,6 +27,7 @@ import com.juick.model.ext.vk.UsersResponse;
import com.juick.service.EmailService;
import com.juick.service.TelegramService;
import com.juick.service.UserService;
+import com.juick.service.security.entities.JuickUser;
import com.juick.util.HttpBadRequestException;
import jakarta.annotation.PostConstruct;
@@ -44,6 +45,10 @@ import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.RememberMeAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.RememberMeServices;
+import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.util.UriComponentsBuilder;
@@ -102,6 +107,8 @@ public class SocialLogin {
private TelegramService telegramService;
@Inject
private AppleClientSecretGenerator clientSecretGenerator;
+ @Inject
+ private RememberMeServices rememberMeServices;
@PostConstruct
public void init() {
@@ -292,7 +299,8 @@ public class SocialLogin {
@GetMapping("/_tglogin")
public String doDurovLogin(@RequestParam Map<String, String> params,
- @RequestHeader(value = "referer", required = false) String referer, HttpServletResponse response) {
+ @RequestHeader(value = "referer", required = false) String referer,
+ HttpServletRequest request, HttpServletResponse response) {
String dataCheckString = params.entrySet().stream().filter(p -> !p.getKey().equals("hash"))
.sorted(Map.Entry.comparingByKey()).map(p -> p.getKey() + "=" + p.getValue())
.collect(Collectors.joining("\n"));
@@ -301,11 +309,13 @@ public class SocialLogin {
String resultString = new HmacUtils(HmacAlgorithms.HMAC_SHA_256, secretKey).hmacHex(dataCheckString);
if (hash.equals(resultString)) {
long tgUser = Long.parseLong(params.get("id"));
- int uid = telegramService.getUser(tgUser);
- if (uid > 0) {
- Cookie c = new Cookie("hash", userService.getHashByUID(uid));
- c.setMaxAge(50 * 24 * 60 * 60);
- response.addCookie(c);
+ var user = userService.getUserByTelegramId(tgUser);
+ if (user.isPresent()) {
+ var authentication = new RememberMeAuthenticationToken(
+ ((AbstractRememberMeServices) rememberMeServices).getKey(),
+ new JuickUser(user.get()), JuickUser.USER_AUTHORITY);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ rememberMeServices.loginSuccess(request, response, authentication);
return "redirect:" + Optional.ofNullable(referer).orElse(StringUtils.EMPTY);
} else {
String username = StringUtils.defaultString(params.get("username"), params.get("first_name"));