aboutsummaryrefslogtreecommitdiff
path: root/juick-server/src/main/java/com
diff options
context:
space:
mode:
Diffstat (limited to 'juick-server/src/main/java/com')
-rw-r--r--juick-server/src/main/java/com/juick/server/api/SocialLogin.java35
-rw-r--r--juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java15
2 files changed, 30 insertions, 20 deletions
diff --git a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
index 691f98036..dc7425e17 100644
--- a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
+++ b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java
@@ -18,6 +18,7 @@ package com.juick.server.api;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.scribejava.apis.FacebookApi;
+import com.github.scribejava.apis.VkontakteApi;
import com.github.scribejava.core.builder.ServiceBuilder;
import com.github.scribejava.core.model.OAuth2AccessToken;
import com.github.scribejava.core.model.OAuthRequest;
@@ -29,6 +30,7 @@ import com.juick.service.CrosspostService;
import com.juick.service.EmailService;
import com.juick.service.TelegramService;
import com.juick.service.UserService;
+import com.juick.vk.UsersResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.slf4j.Logger;
@@ -59,7 +61,7 @@ public class SocialLogin {
@Value("${facebook_secret:secret}")
private String FACEBOOK_SECRET;
private static final String FACEBOOK_REDIRECT = "https://api.juick.com/_fblogin";
- private static final String VK_REDIRECT = "http://juick.com/_vklogin";
+ private static final String VK_REDIRECT = "https://api.juick.com/_vklogin";
private static final String TWITTER_VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json";
@Inject
private ObjectMapper jsonMapper;
@@ -210,17 +212,13 @@ public class SocialLogin {
}
}
}
- }
+ }*/
@GetMapping("/_vklogin")
- protected String doVKLogin(HttpServletRequest request,
- @RequestParam(required = false) String code,
- @RequestParam(required = false) String state,
- @CookieValue(required = false) String vkstate,
- HttpServletResponse response) throws IOException, ExecutionException, InterruptedException {
+ protected String doVKLogin(@RequestParam(required = false) String code,
+ @RequestParam String state) throws IOException, ExecutionException, InterruptedException {
if (StringUtils.isBlank(code)) {
- vkstate = UUID.randomUUID().toString();
- Cookie c = new Cookie("vkstate", vkstate);
- response.addCookie(c);
+ String vkstate = UUID.randomUUID().toString();
+ crosspostService.addVKState(vkstate, state);
OAuth20Service vkAuthService = vkBuilder
.apiSecret(VK_SECRET)
.scope("friends,wall,offline")
@@ -230,12 +228,10 @@ public class SocialLogin {
return "redirect:" + vkAuthService.getAuthorizationUrl();
}
- if (StringUtils.isBlank(vkstate) || !vkstate.equals(state)) {
+ String redirectUrl = crosspostService.verifyVKState(state);
+ if (StringUtils.isBlank(redirectUrl)) {
+ logger.error("state is missing");
throw new HttpBadRequestException();
- } else {
- Cookie c = new Cookie("vkstate", "-");
- c.setMaxAge(0);
- response.addCookie(c);
}
OAuth20Service vkService = vkBuilder
@@ -260,10 +256,9 @@ public class SocialLogin {
Long vkID = NumberUtils.toLong(jsonUser.getId(), 0);
int uid = crosspostService.getUIDbyVKID(vkID);
if (uid > 0) {
- Cookie c = new Cookie("hash", userService.getHashByUID(uid));
- c.setMaxAge(50 * 24 * 60 * 60);
- response.addCookie(c);
- return Utils.getPreviousPageByRequest(request).orElse("redirect:/");
+ UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl);
+ uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid));
+ return "redirect:" + uriComponentsBuilder.build().toUriString();
} else {
String loginhash = UUID.randomUUID().toString();
if (!crosspostService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) {
@@ -273,7 +268,7 @@ public class SocialLogin {
return "redirect:/signup?type=vk&hash=" + loginhash;
}
}
-
+ /*
@GetMapping("/_tglogin")
public String doDurovLogin(HttpServletRequest request,
@RequestParam Map<String, String> params,
diff --git a/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java b/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java
index e1c59e657..14bdc7e2c 100644
--- a/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java
+++ b/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java
@@ -60,6 +60,11 @@ public class CrosspostServiceImpl extends BaseJdbcService implements CrosspostSe
}
@Override
+ public void addVKState(String state, String redirectUri) {
+ jdbcTemplate.update("INSERT INTO vk(loginhash, vk_link) VALUES(?, ?)", state, redirectUri);
+ }
+
+ @Override
public String verifyFacebookState(String state) {
try {
return jdbcTemplate.queryForObject("SELECT fb_link FROM facebook WHERE loginhash=?",
@@ -69,6 +74,16 @@ public class CrosspostServiceImpl extends BaseJdbcService implements CrosspostSe
}
}
+ @Override
+ public String verifyVKState(String state) {
+ try {
+ return jdbcTemplate.queryForObject("SELECT vk_link FROM vk WHERE loginhash=?",
+ String.class, state);
+ } catch (EmptyResultDataAccessException e) {
+ return StringUtils.EMPTY;
+ }
+ }
+
@Transactional(readOnly = true)
@Override
public Optional<Pair<String, String>> getFacebookTokens(final int uid) {