aboutsummaryrefslogtreecommitdiff
path: root/juick-www
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2017-10-24 19:12:19 +0300
committerGravatar Vitaly Takmazov2017-10-24 19:12:40 +0300
commit881a546bf7a56550eec1e38ce839f47a1cb1a750 (patch)
treeb92e4ca70c39ae7c50a661ffd48697d8d6539a2a /juick-www
parent67d8070d5a5ed6603e5aaa10f3f9475f6b1de8ab (diff)
www: fix twitter auth flow
Diffstat (limited to 'juick-www')
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java2
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java7
2 files changed, 3 insertions, 6 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 23bec18b..d19ad37d 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -70,7 +70,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
http.addFilterAfter(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class);
http
.authorizeRequests()
- .antMatchers("/settings", "/pm/**", "/**/bl").authenticated()
+ .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter").authenticated()
.anyRequest().permitAll()
.and()
.anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
diff --git a/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java b/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java
index fddcd355..43252495 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java
@@ -25,6 +25,7 @@ import com.github.scribejava.core.model.OAuth1RequestToken;
import com.github.scribejava.core.model.OAuthRequest;
import com.github.scribejava.core.model.Verb;
import com.github.scribejava.core.oauth.OAuth10aService;
+import com.juick.server.util.UserUtils;
import com.juick.service.UserService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
@@ -82,11 +83,7 @@ public class TwitterAuth {
request_token_secret = cookie.getValue();
}
}
- com.juick.User user = userService.getUserByHash(hash);
- if ( user == null || user.getUid() == 0) {
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
- }
+ com.juick.User user = UserUtils.getCurrentUser();
OAuth10aService oAuthService = serviceBuilder
.apiSecret(consumerSecret)
.callback("http://juick.com/_twitter")