aboutsummaryrefslogtreecommitdiff
path: root/juick-server/src/main/java/com/juick
diff options
context:
space:
mode:
Diffstat (limited to 'juick-server/src/main/java/com/juick')
-rw-r--r--juick-server/src/main/java/com/juick/server/api/SocialLogin.java10
-rw-r--r--juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java12
2 files changed, 12 insertions, 10 deletions
diff --git a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
index 9ca0c6be..691f9803 100644
--- a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
+++ b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
@@ -58,7 +58,7 @@ public class SocialLogin {
private String FACEBOOK_APPID;
@Value("${facebook_secret:secret}")
private String FACEBOOK_SECRET;
- private static final String FACEBOOK_REDIRECT = "https://juick.com/_fblogin";
+ private static final String FACEBOOK_REDIRECT = "https://api.juick.com/_fblogin";
private static final String VK_REDIRECT = "http://juick.com/_vklogin";
private static final String TWITTER_VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json";
@Inject
@@ -97,7 +97,7 @@ public class SocialLogin {
@RequestParam(required = false) String state) throws IOException, ExecutionException, InterruptedException {
if (StringUtils.isBlank(code)) {
String fbstate = UUID.randomUUID().toString();
- crosspostService.addFacebookState(fbstate);
+ crosspostService.addFacebookState(fbstate, state);
OAuth20Service facebookAuthService = facebookBuilder
.apiSecret(FACEBOOK_SECRET)
.callback(FACEBOOK_REDIRECT)
@@ -107,7 +107,9 @@ public class SocialLogin {
return "redirect:" + facebookAuthService.getAuthorizationUrl();
}
- if (!crosspostService.verifyFacebookState(state)) {
+ String redirectUrl = crosspostService.verifyFacebookState(state);
+
+ if (StringUtils.isEmpty(redirectUrl)) {
logger.error("state is missing");
throw new HttpBadRequestException();
}
@@ -139,7 +141,7 @@ public class SocialLogin {
logger.error("error updating facebook user, id: {}, token: {}", fbID, token.getAccessToken());
throw new HttpBadRequestException();
}
- UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(state);
+ UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl);
uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid));
return "redirect:" + uriComponentsBuilder.build().toUriString();
} else if (fb.getVerified()) {
diff --git a/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java b/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java
index 0bd5fe66..e1c59e65 100644
--- a/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java
+++ b/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java
@@ -55,17 +55,17 @@ public class CrosspostServiceImpl extends BaseJdbcService implements CrosspostSe
}
@Override
- public void addFacebookState(String state) {
- jdbcTemplate.update("INSERT INTO facebook(loginhash) VALUES(?)", state);
+ public void addFacebookState(String state, String redirectUri) {
+ jdbcTemplate.update("INSERT INTO facebook(loginhash, fb_link) VALUES(?, ?)", state, redirectUri);
}
@Override
- public boolean verifyFacebookState(String state) {
+ public String verifyFacebookState(String state) {
try {
- return jdbcTemplate.queryForObject("SELECT COUNT(loginhash) FROM facebook WHERE loginhash=?",
- Integer.class, state) == 1;
+ return jdbcTemplate.queryForObject("SELECT fb_link FROM facebook WHERE loginhash=?",
+ String.class, state);
} catch (EmptyResultDataAccessException e) {
- return false;
+ return StringUtils.EMPTY;
}
}