aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2019-12-25 16:17:43 +0300
committerGravatar Vitaly Takmazov2019-12-25 16:17:43 +0300
commitdf812aa75aac92ff4685dcf052b9ac4ed8d12fe6 (patch)
treedcb3a0b86611fe24079694e37f1ca174f1474df9 /src/main/java/com/juick
parent15419fe34b6dd92223eff7c9f64b34f044eb0133 (diff)
Cleanup SocialLogin
Diffstat (limited to 'src/main/java/com/juick')
-rw-r--r--src/main/java/com/juick/server/api/ApiSocialLogin.java38
-rw-r--r--src/main/java/com/juick/server/www/controllers/SocialLogin.java40
2 files changed, 10 insertions, 68 deletions
diff --git a/src/main/java/com/juick/server/api/ApiSocialLogin.java b/src/main/java/com/juick/server/api/ApiSocialLogin.java
index 164c71a4..8ca7d6d8 100644
--- a/src/main/java/com/juick/server/api/ApiSocialLogin.java
+++ b/src/main/java/com/juick/server/api/ApiSocialLogin.java
@@ -302,39 +302,11 @@ public class ApiSocialLogin {
var jsonNode = jsonMapper.readTree(token.getRawResponse());
var idToken = jsonNode.get("id_token").textValue();
-// Create a JWT processor for the access tokens
- ConfigurableJWTProcessor<SecurityContext> jwtProcessor =
- new DefaultJWTProcessor<>();
+ AppleSignInApi api = (AppleSignInApi) appleSignInService.getApi();
+ var email = api.validateToken(idToken);
-// The public RSA keys to validate the signatures will be sourced from the
-// OAuth 2.0 server's JWK set, published at a well-known URL. The RemoteJWKSet
-// object caches the retrieved keys to speed up subsequent look-ups and can
-// also handle key-rollover
- JWKSource<SecurityContext> keySource =
- new RemoteJWKSet<>(new URL("https://appleid.apple.com/auth/keys"));
-
-// The expected JWS algorithm of the access tokens (agreed out-of-band)
- JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
-
-// Configure the JWT processor with a key selector to feed matching public
-// RSA keys sourced from the JWK set URL
- JWSKeySelector<SecurityContext> keySelector =
- new JWSVerificationKeySelector<>(expectedJWSAlg, keySource);
-
- jwtProcessor.setJWSKeySelector(keySelector);
-
-// Set the required JWT claims for access tokens issued by the Connect2id
-// server, may differ with other servers
- jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier<>());
-
-// Process the token
- JSONObject claimsSet = jwtProcessor.process(idToken, null).toJSONObject();
-
- var email = claimsSet.getAsString("email");
- var verified = claimsSet.getAsString("email_verified").equals("true");
-
- if (verified) {
- com.juick.User user = userService.getUserByEmail(email);
+ if (email.isPresent()) {
+ com.juick.User user = userService.getUserByEmail(email.get());
if (!user.isAnonymous()) {
String redirectUrl = crosspostService.verifyVKState(body.get("state"));
if (StringUtils.isBlank(redirectUrl)) {
@@ -347,7 +319,7 @@ public class ApiSocialLogin {
return "redirect:" + uriComponentsBuilder.build().toUriString();
} else {
String verificationCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
- emailService.addVerificationCode(null, email, verificationCode);
+ emailService.addVerificationCode(null, email.get(), verificationCode);
return "redirect:/signup?type=email&hash=" + verificationCode;
}
}
diff --git a/src/main/java/com/juick/server/www/controllers/SocialLogin.java b/src/main/java/com/juick/server/www/controllers/SocialLogin.java
index eb1e3cfe..2985e42f 100644
--- a/src/main/java/com/juick/server/www/controllers/SocialLogin.java
+++ b/src/main/java/com/juick/server/www/controllers/SocialLogin.java
@@ -360,40 +360,10 @@ public class SocialLogin {
OAuth2AccessToken token = appleSignInService.getAccessToken(body.get("code"));
var jsonNode = jsonMapper.readTree(token.getRawResponse());
var idToken = jsonNode.get("id_token").textValue();
-
-// Create a JWT processor for the access tokens
- ConfigurableJWTProcessor<SecurityContext> jwtProcessor =
- new DefaultJWTProcessor<>();
-
-// The public RSA keys to validate the signatures will be sourced from the
-// OAuth 2.0 server's JWK set, published at a well-known URL. The RemoteJWKSet
-// object caches the retrieved keys to speed up subsequent look-ups and can
-// also handle key-rollover
- JWKSource<SecurityContext> keySource =
- new RemoteJWKSet<>(new URL("https://appleid.apple.com/auth/keys"));
-
-// The expected JWS algorithm of the access tokens (agreed out-of-band)
- JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
-
-// Configure the JWT processor with a key selector to feed matching public
-// RSA keys sourced from the JWK set URL
- JWSKeySelector<SecurityContext> keySelector =
- new JWSVerificationKeySelector<>(expectedJWSAlg, keySource);
-
- jwtProcessor.setJWSKeySelector(keySelector);
-
-// Set the required JWT claims for access tokens issued by the Connect2id
-// server, may differ with other servers
- jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier<>());
-
-// Process the token
- JSONObject claimsSet = jwtProcessor.process(idToken, null).toJSONObject();
-
- var email = claimsSet.getAsString("email");
- var verified = claimsSet.getAsString("email_verified").equals("true");
-
- if (verified) {
- com.juick.User user = userService.getUserByEmail(email);
+ AppleSignInApi api = (AppleSignInApi) appleSignInService.getApi();
+ var email = api.validateToken(idToken);
+ if (email.isPresent()) {
+ com.juick.User user = userService.getUserByEmail(email.get());
if (!user.isAnonymous()) {
Cookie c = new Cookie("hash", userService.getHashByUID(user.getUid()));
c.setMaxAge(50 * 24 * 60 * 60);
@@ -401,7 +371,7 @@ public class SocialLogin {
return "redirect:/";
} else {
String verificationCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
- emailService.addVerificationCode(null, email, verificationCode);
+ emailService.addVerificationCode(null, email.get(), verificationCode);
return "redirect:/signup?type=email&hash=" + verificationCode;
}
}