aboutsummaryrefslogtreecommitdiff
path: root/juick-server/src/main/java/com/juick/server
diff options
context:
space:
mode:
Diffstat (limited to 'juick-server/src/main/java/com/juick/server')
-rw-r--r--juick-server/src/main/java/com/juick/server/api/SocialLogin.java35
1 files changed, 15 insertions, 20 deletions
diff --git a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
index 691f9803..dc7425e1 100644
--- a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
+++ b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
@@ -18,6 +18,7 @@ package com.juick.server.api;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.scribejava.apis.FacebookApi;
+import com.github.scribejava.apis.VkontakteApi;
import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.model.OAuth2AccessToken;
import com.github.scribejava.core.model.OAuthRequest;
@@ -29,6 +30,7 @@ import com.juick.service.CrosspostService;
import com.juick.service.EmailService;
import com.juick.service.TelegramService;
import com.juick.service.UserService;
+import com.juick.vk.UsersResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
@@ -59,7 +61,7 @@ public class SocialLogin {
@Value("${facebook_secret:secret}")
private String FACEBOOK_SECRET;
private static final String FACEBOOK_REDIRECT = "https://api.juick.com/_fblogin";
- private static final String VK_REDIRECT = "http://juick.com/_vklogin";
+ private static final String VK_REDIRECT = "https://api.juick.com/_vklogin";
private static final String TWITTER_VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json";
@Inject
private ObjectMapper jsonMapper;
@@ -210,17 +212,13 @@ public class SocialLogin {
}
}
}
- }
+ }*/
@GetMapping("/_vklogin")
- protected String doVKLogin(HttpServletRequest request,
- @RequestParam(required = false) String code,
- @RequestParam(required = false) String state,
- @CookieValue(required = false) String vkstate,
- HttpServletResponse response) throws IOException, ExecutionException, InterruptedException {
+ protected String doVKLogin(@RequestParam(required = false) String code,
+ @RequestParam String state) throws IOException, ExecutionException, InterruptedException {
if (StringUtils.isBlank(code)) {
- vkstate = UUID.randomUUID().toString();
- Cookie c = new Cookie("vkstate", vkstate);
- response.addCookie(c);
+ String vkstate = UUID.randomUUID().toString();
+ crosspostService.addVKState(vkstate, state);
OAuth20Service vkAuthService = vkBuilder
.apiSecret(VK_SECRET)
.scope("friends,wall,offline")
@@ -230,12 +228,10 @@ public class SocialLogin {
return "redirect:" + vkAuthService.getAuthorizationUrl();
}
- if (StringUtils.isBlank(vkstate) || !vkstate.equals(state)) {
+ String redirectUrl = crosspostService.verifyVKState(state);
+ if (StringUtils.isBlank(redirectUrl)) {
+ logger.error("state is missing");
throw new HttpBadRequestException();
- } else {
- Cookie c = new Cookie("vkstate", "-");
- c.setMaxAge(0);
- response.addCookie(c);
}
OAuth20Service vkService = vkBuilder
@@ -260,10 +256,9 @@ public class SocialLogin {
Long vkID = NumberUtils.toLong(jsonUser.getId(), 0);
int uid = crosspostService.getUIDbyVKID(vkID);
if (uid > 0) {
- Cookie c = new Cookie("hash", userService.getHashByUID(uid));
- c.setMaxAge(50 * 24 * 60 * 60);
- response.addCookie(c);
- return Utils.getPreviousPageByRequest(request).orElse("redirect:/");
+ UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl);
+ uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid));
+ return "redirect:" + uriComponentsBuilder.build().toUriString();
} else {
String loginhash = UUID.randomUUID().toString();
if (!crosspostService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) {
@@ -273,7 +268,7 @@ public class SocialLogin {
return "redirect:/signup?type=vk&hash=" + loginhash;
}
}
-
+ /*
@GetMapping("/_tglogin")
public String doDurovLogin(HttpServletRequest request,
@RequestParam Map<String, String> params,