diff options
Diffstat (limited to 'src/main/java/com/juick/www/controllers/SignUp.java')
-rw-r--r-- | src/main/java/com/juick/www/controllers/SignUp.java | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/src/main/java/com/juick/www/controllers/SignUp.java b/src/main/java/com/juick/www/controllers/SignUp.java new file mode 100644 index 00000000..4e74d4c4 --- /dev/null +++ b/src/main/java/com/juick/www/controllers/SignUp.java @@ -0,0 +1,175 @@ +/* + * Copyright (C) 2008-2019, Juick + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package com.juick.www.controllers; + +import com.juick.model.User; +import com.juick.server.util.HttpBadRequestException; +import com.juick.server.util.HttpForbiddenException; +import com.juick.www.WebApp; +import com.juick.service.CrosspostService; +import com.juick.service.EmailService; +import com.juick.service.UserService; +import com.juick.service.security.annotation.Visitor; +import com.juick.service.security.entities.JuickUser; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Controller; +import org.springframework.ui.ModelMap; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestParam; + +import javax.inject.Inject; + +/** + * + * @author Ugnich Anton + */ +@Controller +public class SignUp { + + @Inject + private UserService userService; + @Inject + private CrosspostService crosspostService; + @Inject + private EmailService emailService; + @Inject + private WebApp webApp; + + + @GetMapping("/signup") + protected String doGet( + @Visitor User visitor, + @RequestParam String type, @RequestParam String hash, ModelMap model) { + if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$") + || !hash.matches("^[a-zA-Z0-9\\-]+$")) { + throw new HttpBadRequestException(); + } + + String account = null; + switch (type) { + case "fb": + account = crosspostService.getFacebookNameByHash(hash); + break; + case "vk": + account = crosspostService.getVKNameByHash(hash); + break; + case "xmpp": + account = crosspostService.getJIDByHash(hash); + break; + case "durov": + account = crosspostService.getTelegramNameByHash(hash); + break; + case "email": + account = emailService.getEmailByAuthCode(hash); + } + if (account == null) { + throw new HttpBadRequestException(); + } + + model.addAttribute("title", "Новый пользователь"); + visitor.setAvatar(webApp.getAvatarWebPath(visitor)); + model.addAttribute("visitor", visitor); + model.addAttribute("account", account); + model.addAttribute("type", type); + model.addAttribute("hash", hash); + return "views/signup"; + } + + @PostMapping("/signup") + protected String doPost( + @Visitor User visitor, + @RequestParam String type, + @RequestParam String hash, + @RequestParam String action, + @RequestParam(required = false) String username, + @RequestParam(required = false) String password, + ModelMap modelMap) { + User current; + + if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$") || !hash.matches("^[a-zA-Z0-9\\-]+$")) { + throw new HttpBadRequestException(); + } + + if (action.charAt(0) == 'l') { + + if (visitor.isAnonymous()) { + if (username.length() > 32) { + throw new HttpBadRequestException(); + } + current = userService.checkPassword(username, password).orElseThrow(HttpForbiddenException::new); + } else { + current = visitor; + } + + if (current.getUid() <= 0) { + throw new HttpForbiddenException(); + } + + if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid())) + && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid())) + && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid())) + && !(type.charAt(0) == 'x' && userService.getAllJIDs(visitor).size() > 0 + && crosspostService.setJIDUser(hash, current.getUid()))) { + if (type.equals("email")) { + String email = emailService.getEmailByAuthCode(hash); + emailService.addEmail(current.getUid(), email); + emailService.deleteAuthCode(hash); + } else { + if (type.equals("xmpp")) { + modelMap.addAttribute("visitor", visitor); + modelMap.addAttribute("result", "XMPP support is disabled for new users"); + return "views/settings_result"; + } + throw new HttpBadRequestException(); + } + } + + } else { // Create new account + if (username.length() < 2 || username.length() > 16 || !username.matches("^[a-zA-Z0-9\\-]+$") || password.length() < 6 || password.length() > 32) { + throw new HttpBadRequestException(); + } + + current = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new); + + if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid())) + && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid())) + && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid()))) { + if (type.equals("email")) { + String email = emailService.getEmailByAuthCode(hash); + emailService.addEmail(current.getUid(), email); + emailService.deleteAuthCode(hash); + } else { + if (type.equals("xmpp")) { + modelMap.addAttribute("visitor", visitor); + modelMap.addAttribute("result", "XMPP support is disabled for new users"); + return "views/settings_result"; + } + throw new HttpBadRequestException(); + } + } + } + + if (visitor.isAnonymous()) { + UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = + new UsernamePasswordAuthenticationToken(new JuickUser(current), password, JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken); + } + return "redirect:/"; + } +} |