diff options
Diffstat (limited to 'src/main/java/com/juick/server/www')
-rw-r--r-- | src/main/java/com/juick/server/www/controllers/SignUp.java | 48 |
1 files changed, 22 insertions, 26 deletions
diff --git a/src/main/java/com/juick/server/www/controllers/SignUp.java b/src/main/java/com/juick/server/www/controllers/SignUp.java index 8793478a..5fce2d35 100644 --- a/src/main/java/com/juick/server/www/controllers/SignUp.java +++ b/src/main/java/com/juick/server/www/controllers/SignUp.java @@ -17,6 +17,7 @@ package com.juick.server.www.controllers; import com.juick.User; +import com.juick.model.AnonymousUser; import com.juick.server.util.HttpBadRequestException; import com.juick.server.util.HttpForbiddenException; import com.juick.server.www.WebApp; @@ -24,6 +25,9 @@ import com.juick.service.CrosspostService; import com.juick.service.EmailService; import com.juick.service.UserService; import com.juick.service.security.annotation.Visitor; +import com.juick.service.security.entities.JuickUser; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.web.bind.annotation.GetMapping; @@ -31,8 +35,6 @@ import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import javax.inject.Inject; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletResponse; /** * @@ -93,14 +95,13 @@ public class SignUp { @PostMapping("/signup") protected String doPost( @Visitor User visitor, - HttpServletResponse response, @RequestParam String type, @RequestParam String hash, @RequestParam String action, @RequestParam(required = false) String username, @RequestParam(required = false) String password, ModelMap modelMap) { - int uid = 0; + User current; if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$") || !hash.matches("^[a-zA-Z0-9\\-]+$")) { throw new HttpBadRequestException(); @@ -112,22 +113,23 @@ public class SignUp { if (username.length() > 32) { throw new HttpBadRequestException(); } - uid = userService.checkPassword(username, password); + current = userService.checkPassword(username, password).orElseThrow(HttpForbiddenException::new); } else { - uid = visitor.getUid(); + current = visitor; } - if (uid <= 0) { + if (current.getUid() <= 0) { throw new HttpForbiddenException(); } - if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid)) - && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid)) - && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid)) - && !(type.charAt(0) == 'x' && userService.getAllJIDs(visitor).size() > 0 && crosspostService.setJIDUser(hash, uid))) { + if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid())) + && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid())) + && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid())) + && !(type.charAt(0) == 'x' && userService.getAllJIDs(visitor).size() > 0 + && crosspostService.setJIDUser(hash, current.getUid()))) { if (type.equals("email")) { String email = emailService.getEmailByAuthCode(hash); - emailService.addEmail(uid, email); + emailService.addEmail(current.getUid(), email); emailService.deleteAuthCode(hash); } else { if (type.equals("xmpp")) { @@ -144,19 +146,14 @@ public class SignUp { throw new HttpBadRequestException(); } - // CHECK USERNAME + current = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new); - uid = userService.createUser(username, password); - if (uid <= 0) { - throw new HttpBadRequestException(); - } - - if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid)) - && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid)) - && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid))) { + if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid())) + && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid())) + && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid()))) { if (type.equals("email")) { String email = emailService.getEmailByAuthCode(hash); - emailService.addEmail(uid, email); + emailService.addEmail(current.getUid(), email); emailService.deleteAuthCode(hash); } else { if (type.equals("xmpp")) { @@ -170,10 +167,9 @@ public class SignUp { } if (visitor.isAnonymous()) { - hash = userService.getHashByUID(uid); - Cookie c = new Cookie("hash", hash); - c.setMaxAge(365 * 24 * 60 * 60); - response.addCookie(c); + UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = + new UsernamePasswordAuthenticationToken(new JuickUser(current), password, JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken); } return "redirect:/"; } |