1 files changed, 175 insertions, 0 deletions
diff --git a/src/main/java/com/juick/www/controllers/SignUp.java b/src/main/java/com/juick/www/controllers/SignUp.java
new file mode 100644
index 00000000..4e74d4c4
--- /dev/null
+++ b/src/main/java/com/juick/www/controllers/SignUp.java
@@ -0,0 +1,175 @@
+/*
+ * Copyright (C) 2008-2019, Juick
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.juick.www.controllers;
+
+import com.juick.model.User;
+import com.juick.server.util.HttpBadRequestException;
+import com.juick.server.util.HttpForbiddenException;
+import com.juick.www.WebApp;
+import com.juick.service.CrosspostService;
+import com.juick.service.EmailService;
+import com.juick.service.UserService;
+import com.juick.service.security.annotation.Visitor;
+import com.juick.service.security.entities.JuickUser;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+import javax.inject.Inject;
+
+/**
+ *
+ * @author Ugnich Anton
+ */
+@Controller
+public class SignUp {
+
+    @Inject
+    private UserService userService;
+    @Inject
+    private CrosspostService crosspostService;
+    @Inject
+    private EmailService emailService;
+    @Inject
+    private WebApp webApp;
+
+
+    @GetMapping("/signup")
+    protected String doGet(
+            @Visitor User visitor,
+            @RequestParam String type, @RequestParam String hash, ModelMap model) {
+        if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$")
+                || !hash.matches("^[a-zA-Z0-9\\-]+$")) {
+            throw new HttpBadRequestException();
+        }
+
+        String account = null;
+        switch (type) {
+            case "fb":
+                account = crosspostService.getFacebookNameByHash(hash);
+                break;
+            case "vk":
+                account = crosspostService.getVKNameByHash(hash);
+                break;
+            case "xmpp":
+                account = crosspostService.getJIDByHash(hash);
+                break;
+            case "durov":
+                account = crosspostService.getTelegramNameByHash(hash);
+                break;
+            case "email":
+                account = emailService.getEmailByAuthCode(hash);
+        }
+        if (account == null) {
+            throw new HttpBadRequestException();
+        }
+
+        model.addAttribute("title", "Новый пользователь");
+        visitor.setAvatar(webApp.getAvatarWebPath(visitor));
+        model.addAttribute("visitor", visitor);
+        model.addAttribute("account", account);
+        model.addAttribute("type", type);
+        model.addAttribute("hash", hash);
+        return "views/signup";
+    }
+
+    @PostMapping("/signup")
+    protected String doPost(
+            @Visitor User visitor,
+            @RequestParam String type,
+            @RequestParam String hash,
+            @RequestParam String action,
+            @RequestParam(required = false) String username,
+            @RequestParam(required = false) String password,
+            ModelMap modelMap) {
+        User current;
+
+        if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$") || !hash.matches("^[a-zA-Z0-9\\-]+$")) {
+            throw new HttpBadRequestException();
+        }
+
+        if (action.charAt(0) == 'l') {
+
+            if (visitor.isAnonymous()) {
+                if (username.length() > 32) {
+                    throw new HttpBadRequestException();
+                }
+                current = userService.checkPassword(username, password).orElseThrow(HttpForbiddenException::new);
+            } else {
+                current = visitor;
+            }
+
+            if (current.getUid() <= 0) {
+                throw new HttpForbiddenException();
+            }
+
+            if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid()))
+                    && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid()))
+                    && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid()))
+                    && !(type.charAt(0) == 'x' && userService.getAllJIDs(visitor).size() > 0
+                    && crosspostService.setJIDUser(hash, current.getUid()))) {
+                if (type.equals("email")) {
+                    String email = emailService.getEmailByAuthCode(hash);
+                    emailService.addEmail(current.getUid(), email);
+                    emailService.deleteAuthCode(hash);
+                } else {
+                    if (type.equals("xmpp")) {
+                        modelMap.addAttribute("visitor", visitor);
+                        modelMap.addAttribute("result", "XMPP support is disabled for new users");
+                        return "views/settings_result";
+                    }
+                    throw new HttpBadRequestException();
+                }
+            }
+
+        } else { // Create new account
+            if (username.length() < 2 || username.length() > 16 || !username.matches("^[a-zA-Z0-9\\-]+$") || password.length() < 6 || password.length() > 32) {
+                throw new HttpBadRequestException();
+            }
+
+            current = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new);
+
+            if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid()))
+                    && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid()))
+                    && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid()))) {
+                if (type.equals("email")) {
+                    String email = emailService.getEmailByAuthCode(hash);
+                    emailService.addEmail(current.getUid(), email);
+                    emailService.deleteAuthCode(hash);
+                } else {
+                    if (type.equals("xmpp")) {
+                        modelMap.addAttribute("visitor", visitor);
+                        modelMap.addAttribute("result", "XMPP support is disabled for new users");
+                        return "views/settings_result";
+                    }
+                    throw new HttpBadRequestException();
+                }
+            }
+        }
+
+        if (visitor.isAnonymous()) {
+            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
+                    new UsernamePasswordAuthenticationToken(new JuickUser(current), password, JuickUser.USER_AUTHORITY);
+            SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
+        }
+        return "redirect:/";
+    }
+}