diff options
Diffstat (limited to 'juick-server/src/main/java/com')
-rw-r--r-- | juick-server/src/main/java/com/juick/server/api/SocialLogin.java | 35 | ||||
-rw-r--r-- | juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java | 15 |
2 files changed, 30 insertions, 20 deletions
diff --git a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java index 691f98036..dc7425e17 100644 --- a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java +++ b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java @@ -18,6 +18,7 @@ package com.juick.server.api; import com.fasterxml.jackson.databind.ObjectMapper; import com.github.scribejava.apis.FacebookApi; +import com.github.scribejava.apis.VkontakteApi; import com.github.scribejava.core.builder.ServiceBuilder; import com.github.scribejava.core.model.OAuth2AccessToken; import com.github.scribejava.core.model.OAuthRequest; @@ -29,6 +30,7 @@ import com.juick.service.CrosspostService; import com.juick.service.EmailService; import com.juick.service.TelegramService; import com.juick.service.UserService; +import com.juick.vk.UsersResponse; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.math.NumberUtils; import org.slf4j.Logger; @@ -59,7 +61,7 @@ public class SocialLogin { @Value("${facebook_secret:secret}") private String FACEBOOK_SECRET; private static final String FACEBOOK_REDIRECT = "https://api.juick.com/_fblogin"; - private static final String VK_REDIRECT = "http://juick.com/_vklogin"; + private static final String VK_REDIRECT = "https://api.juick.com/_vklogin"; private static final String TWITTER_VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json"; @Inject private ObjectMapper jsonMapper; @@ -210,17 +212,13 @@ public class SocialLogin { } } } - } + }*/ @GetMapping("/_vklogin") - protected String doVKLogin(HttpServletRequest request, - @RequestParam(required = false) String code, - @RequestParam(required = false) String state, - @CookieValue(required = false) String vkstate, - HttpServletResponse response) throws IOException, ExecutionException, InterruptedException { + protected String doVKLogin(@RequestParam(required = false) String code, + @RequestParam String state) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { - vkstate = UUID.randomUUID().toString(); - Cookie c = new Cookie("vkstate", vkstate); - response.addCookie(c); + String vkstate = UUID.randomUUID().toString(); + crosspostService.addVKState(vkstate, state); OAuth20Service vkAuthService = vkBuilder .apiSecret(VK_SECRET) .scope("friends,wall,offline") @@ -230,12 +228,10 @@ public class SocialLogin { return "redirect:" + vkAuthService.getAuthorizationUrl(); } - if (StringUtils.isBlank(vkstate) || !vkstate.equals(state)) { + String redirectUrl = crosspostService.verifyVKState(state); + if (StringUtils.isBlank(redirectUrl)) { + logger.error("state is missing"); throw new HttpBadRequestException(); - } else { - Cookie c = new Cookie("vkstate", "-"); - c.setMaxAge(0); - response.addCookie(c); } OAuth20Service vkService = vkBuilder @@ -260,10 +256,9 @@ public class SocialLogin { Long vkID = NumberUtils.toLong(jsonUser.getId(), 0); int uid = crosspostService.getUIDbyVKID(vkID); if (uid > 0) { - Cookie c = new Cookie("hash", userService.getHashByUID(uid)); - c.setMaxAge(50 * 24 * 60 * 60); - response.addCookie(c); - return Utils.getPreviousPageByRequest(request).orElse("redirect:/"); + UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl); + uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid)); + return "redirect:" + uriComponentsBuilder.build().toUriString(); } else { String loginhash = UUID.randomUUID().toString(); if (!crosspostService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) { @@ -273,7 +268,7 @@ public class SocialLogin { return "redirect:/signup?type=vk&hash=" + loginhash; } } - + /* @GetMapping("/_tglogin") public String doDurovLogin(HttpServletRequest request, @RequestParam Map<String, String> params, diff --git a/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java b/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java index e1c59e657..14bdc7e2c 100644 --- a/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java +++ b/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java @@ -60,6 +60,11 @@ public class CrosspostServiceImpl extends BaseJdbcService implements CrosspostSe } @Override + public void addVKState(String state, String redirectUri) { + jdbcTemplate.update("INSERT INTO vk(loginhash, vk_link) VALUES(?, ?)", state, redirectUri); + } + + @Override public String verifyFacebookState(String state) { try { return jdbcTemplate.queryForObject("SELECT fb_link FROM facebook WHERE loginhash=?", @@ -69,6 +74,16 @@ public class CrosspostServiceImpl extends BaseJdbcService implements CrosspostSe } } + @Override + public String verifyVKState(String state) { + try { + return jdbcTemplate.queryForObject("SELECT vk_link FROM vk WHERE loginhash=?", + String.class, state); + } catch (EmptyResultDataAccessException e) { + return StringUtils.EMPTY; + } + } + @Transactional(readOnly = true) @Override public Optional<Pair<String, String>> getFacebookTokens(final int uid) { |