diff options
author | Vitaly Takmazov | 2017-01-17 15:27:18 +0300 |
---|---|---|
committer | Vitaly Takmazov | 2017-01-17 15:27:18 +0300 |
commit | e39440a08a194eeb1a3e9513037d6bd3f4b8a3e1 (patch) | |
tree | 734ccfff5ef440af425e673a33f0d385d99232c4 /juick-www/src/main | |
parent | 3890570bf190a63f8f34c47a7fd21e780a61b6b0 (diff) |
juick-www: using state in vk login
Diffstat (limited to 'juick-www/src/main')
-rw-r--r-- | juick-www/src/main/java/com/juick/www/controllers/VKontakteLogin.java | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/juick-www/src/main/java/com/juick/www/controllers/VKontakteLogin.java b/juick-www/src/main/java/com/juick/www/controllers/VKontakteLogin.java index 6ecdfd4a..e0a39220 100644 --- a/juick-www/src/main/java/com/juick/www/controllers/VKontakteLogin.java +++ b/juick-www/src/main/java/com/juick/www/controllers/VKontakteLogin.java @@ -36,6 +36,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.core.env.Environment; import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.CookieValue; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; @@ -81,17 +82,31 @@ public class VKontakteLogin { @RequestMapping(value = "/_vklogin", method = RequestMethod.GET) protected String doGet(HttpServletRequest request, @RequestParam(required = false) String code, + @RequestParam(required = false) String state, + @CookieValue(required = false) String vkstate, HttpServletResponse response) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { + vkstate = UUID.randomUUID().toString(); + Cookie c = new Cookie("vkstate", vkstate); + response.addCookie(c); OAuth20Service vkAuthService = serviceBuilder .apiKey(VK_APPID) .apiSecret(VK_SECRET) .scope("friends,wall,offline") + .state(vkstate) .callback(VK_REDIRECT) .build(VkontakteApi.instance()); return "redirect:" + vkAuthService.getAuthorizationUrl(); } + if (StringUtils.isBlank(vkstate) || !vkstate.equals(state)) { + throw new HttpBadRequestException(); + } else { + Cookie c = new Cookie("vkstate", "-"); + c.setMaxAge(0); + response.addCookie(c); + } + OAuth20Service vkService = serviceBuilder .apiKey(VK_APPID) .apiSecret(VK_SECRET) |