aboutsummaryrefslogtreecommitdiff
path: root/juick-www/src
diff options
context:
space:
mode:
Diffstat (limited to 'juick-www/src')
-rw-r--r--juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java2
-rw-r--r--juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java7
2 files changed, 3 insertions, 6 deletions
diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 23bec18bf..d19ad37d7 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -70,7 +70,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
http.addFilterAfter(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class);
http
.authorizeRequests()
- .antMatchers("/settings", "/pm/**", "/**/bl").authenticated()
+ .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter").authenticated()
.anyRequest().permitAll()
.and()
.anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
diff --git a/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java b/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java
index fddcd3559..432524954 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java
@@ -25,6 +25,7 @@ import com.github.scribejava.core.model.OAuth1RequestToken;
import com.github.scribejava.core.model.OAuthRequest;
import com.github.scribejava.core.model.Verb;
import com.github.scribejava.core.oauth.OAuth10aService;
+import com.juick.server.util.UserUtils;
import com.juick.service.UserService;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
@@ -82,11 +83,7 @@ public class TwitterAuth {
request_token_secret = cookie.getValue();
}
}
- com.juick.User user = userService.getUserByHash(hash);
- if ( user == null || user.getUid() == 0) {
- response.sendError(HttpServletResponse.SC_FORBIDDEN);
- return;
- }
+ com.juick.User user = UserUtils.getCurrentUser();
OAuth10aService oAuthService = serviceBuilder
.apiSecret(consumerSecret)
.callback("http://juick.com/_twitter")