aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/server/www
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/juick/server/www')
-rw-r--r--src/main/java/com/juick/server/www/controllers/SignUp.java48
1 files changed, 22 insertions, 26 deletions
diff --git a/src/main/java/com/juick/server/www/controllers/SignUp.java b/src/main/java/com/juick/server/www/controllers/SignUp.java
index 8793478a..5fce2d35 100644
--- a/src/main/java/com/juick/server/www/controllers/SignUp.java
+++ b/src/main/java/com/juick/server/www/controllers/SignUp.java
@@ -17,6 +17,7 @@
package com.juick.server.www.controllers;
import com.juick.User;
+import com.juick.model.AnonymousUser;
import com.juick.server.util.HttpBadRequestException;
import com.juick.server.util.HttpForbiddenException;
import com.juick.server.www.WebApp;
@@ -24,6 +25,9 @@ import com.juick.service.CrosspostService;
import com.juick.service.EmailService;
import com.juick.service.UserService;
import com.juick.service.security.annotation.Visitor;
+import com.juick.service.security.entities.JuickUser;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.GetMapping;
@@ -31,8 +35,6 @@ import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import javax.inject.Inject;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
/**
*
@@ -93,14 +95,13 @@ public class SignUp {
@PostMapping("/signup")
protected String doPost(
@Visitor User visitor,
- HttpServletResponse response,
@RequestParam String type,
@RequestParam String hash,
@RequestParam String action,
@RequestParam(required = false) String username,
@RequestParam(required = false) String password,
ModelMap modelMap) {
- int uid = 0;
+ User current;
if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$") || !hash.matches("^[a-zA-Z0-9\\-]+$")) {
throw new HttpBadRequestException();
@@ -112,22 +113,23 @@ public class SignUp {
if (username.length() > 32) {
throw new HttpBadRequestException();
}
- uid = userService.checkPassword(username, password);
+ current = userService.checkPassword(username, password).orElseThrow(HttpForbiddenException::new);
} else {
- uid = visitor.getUid();
+ current = visitor;
}
- if (uid <= 0) {
+ if (current.getUid() <= 0) {
throw new HttpForbiddenException();
}
- if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid))
- && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid))
- && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid))
- && !(type.charAt(0) == 'x' && userService.getAllJIDs(visitor).size() > 0 && crosspostService.setJIDUser(hash, uid))) {
+ if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid()))
+ && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid()))
+ && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid()))
+ && !(type.charAt(0) == 'x' && userService.getAllJIDs(visitor).size() > 0
+ && crosspostService.setJIDUser(hash, current.getUid()))) {
if (type.equals("email")) {
String email = emailService.getEmailByAuthCode(hash);
- emailService.addEmail(uid, email);
+ emailService.addEmail(current.getUid(), email);
emailService.deleteAuthCode(hash);
} else {
if (type.equals("xmpp")) {
@@ -144,19 +146,14 @@ public class SignUp {
throw new HttpBadRequestException();
}
- // CHECK USERNAME
+ current = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new);
- uid = userService.createUser(username, password);
- if (uid <= 0) {
- throw new HttpBadRequestException();
- }
-
- if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid))
- && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid))
- && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid))) {
+ if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid()))
+ && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid()))
+ && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid()))) {
if (type.equals("email")) {
String email = emailService.getEmailByAuthCode(hash);
- emailService.addEmail(uid, email);
+ emailService.addEmail(current.getUid(), email);
emailService.deleteAuthCode(hash);
} else {
if (type.equals("xmpp")) {
@@ -170,10 +167,9 @@ public class SignUp {
}
if (visitor.isAnonymous()) {
- hash = userService.getHashByUID(uid);
- Cookie c = new Cookie("hash", hash);
- c.setMaxAge(365 * 24 * 60 * 60);
- response.addCookie(c);
+ UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
+ new UsernamePasswordAuthenticationToken(new JuickUser(current), password, JuickUser.USER_AUTHORITY);
+ SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
return "redirect:/";
}