aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/www/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/juick/www/controllers')
-rw-r--r--src/main/java/com/juick/www/controllers/Compat.java2
-rw-r--r--src/main/java/com/juick/www/controllers/Help.java2
-rw-r--r--src/main/java/com/juick/www/controllers/Settings.java64
-rw-r--r--src/main/java/com/juick/www/controllers/SignUp.java3
-rw-r--r--src/main/java/com/juick/www/controllers/Site.java4
-rw-r--r--src/main/java/com/juick/www/controllers/SocialLogin.java84
6 files changed, 94 insertions, 65 deletions
diff --git a/src/main/java/com/juick/www/controllers/Compat.java b/src/main/java/com/juick/www/controllers/Compat.java
index edd7bc29..334213be 100644
--- a/src/main/java/com/juick/www/controllers/Compat.java
+++ b/src/main/java/com/juick/www/controllers/Compat.java
@@ -30,7 +30,7 @@ import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import org.springframework.web.servlet.view.RedirectView;
-import javax.inject.Inject;
+import jakarta.inject.Inject;
@Controller
@Validated
diff --git a/src/main/java/com/juick/www/controllers/Help.java b/src/main/java/com/juick/www/controllers/Help.java
index ae722594..5754e55f 100644
--- a/src/main/java/com/juick/www/controllers/Help.java
+++ b/src/main/java/com/juick/www/controllers/Help.java
@@ -29,7 +29,7 @@ import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
-import javax.inject.Inject;
+import jakarta.inject.Inject;
import java.util.Locale;
import java.util.Objects;
diff --git a/src/main/java/com/juick/www/controllers/Settings.java b/src/main/java/com/juick/www/controllers/Settings.java
index d95b21b7..11f31efb 100644
--- a/src/main/java/com/juick/www/controllers/Settings.java
+++ b/src/main/java/com/juick/www/controllers/Settings.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2023, Juick
+ * Copyright (C) 2008-2024, Juick
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
@@ -23,7 +23,7 @@ import java.util.Locale;
import java.util.ResourceBundle;
import java.util.stream.IntStream;
-import javax.inject.Inject;
+import jakarta.inject.Inject;
import com.juick.model.User;
import com.juick.service.EmailService;
@@ -150,14 +150,20 @@ public class Settings {
visitor.setCountry(request.getParameter("country"));
visitor.setUrl(request.getParameter("url"));
visitor.setDescription(request.getParameter("descr"));
- String avatarTmpPath = HttpUtils.receiveMultiPartFile(newAvatar, storageService.getTemporaryDirectory()).getHost();
- if (StringUtils.isNotEmpty(avatarTmpPath)) {
- storageService.saveAvatar(avatarTmpPath, visitor);
- }
- if (userService.updateUserInfo(visitor)) {
- result = String.format("<p>Your info is updated.</p><p><a href='/%s/'>Back to blog</a>.</p>", visitor.getName());
+ try {
+ String avatarTmpPath = HttpUtils
+ .receiveMultiPartFile(newAvatar, storageService.getTemporaryDirectory()).getHost();
+ if (StringUtils.isNotEmpty(avatarTmpPath)) {
+ storageService.saveAvatar(avatarTmpPath, visitor);
+ }
+ if (userService.updateUserInfo(visitor)) {
+ result = String.format("<p>Your info is updated.</p><p><a href='/%s/'>Back to blog</a>.</p>",
+ visitor.getName());
+ }
+ applicationEventPublisher.publishEvent(new UpdateUserEvent(this, visitor));
+ } catch (Exception e) {
+ result = "<p>" + e.getMessage() + ". <a href=\"/settings\">Back</a>.</p>";
}
- applicationEventPublisher.publishEvent(new UpdateUserEvent(this, visitor));
break;
case "jid-del":
// FIXME: stop using ugnich-csv in parameters
@@ -175,25 +181,29 @@ public class Settings {
}
break;
case "email-add":
- if (!emailService.verifyAddressByCode(visitor.getUid(), request.getParameter("account"))) {
- String authCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
- if (emailService.addVerificationCode(visitor.getUid(), request.getParameter("account"), authCode)) {
- Session session = Session.getDefaultInstance(System.getProperties());
- try {
- MimeMessage message = new MimeMessage(session);
- message.setFrom(new InternetAddress("noreply@juick.com"));
- message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account")));
- message.setSubject("Juick authorization link");
- message.setText(String.format("Follow link to attach this email to Juick account:\n" +
- "http://juick.com/settings?page=auth-email&code=%s\n\n" +
- "If you don't know, what this mean - just ignore this mail.\n", authCode));
- Transport.send(message);
- result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" +
- "<p><a href=\"/settings\">Back</a></p>";
+ if (!emailService.isValidEmail(request.getParameter("account"))) {
+ result = "<p>Invalid email. <a href=\"/settings\">Back</a>.</p>";
+ } else {
+ if (!emailService.verifyAddressByCode(visitor.getUid(), request.getParameter("account"))) {
+ String authCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
+ if (emailService.addVerificationCode(visitor.getUid(), request.getParameter("account"), authCode)) {
+ Session session = Session.getDefaultInstance(System.getProperties());
+ try {
+ MimeMessage message = new MimeMessage(session);
+ message.setFrom(new InternetAddress("noreply@juick.com"));
+ message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account")));
+ message.setSubject("Juick authorization link");
+ message.setText(String.format("Follow link to attach this email to Juick account:\n" +
+ "https://juick.com/settings?page=auth-email&code=%s\n\n" +
+ "If you don't know, what this mean - just ignore this mail.\n", authCode));
+ Transport.send(message);
+ result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" +
+ "<p><a href=\"/settings\">Back</a></p>";
- } catch (MessagingException ex) {
- logger.error("mail exception", ex);
- throw new HttpBadRequestException();
+ } catch (MessagingException ex) {
+ logger.error("mail exception", ex);
+ throw new HttpBadRequestException();
+ }
}
}
}
diff --git a/src/main/java/com/juick/www/controllers/SignUp.java b/src/main/java/com/juick/www/controllers/SignUp.java
index 50ce6955..dddefef3 100644
--- a/src/main/java/com/juick/www/controllers/SignUp.java
+++ b/src/main/java/com/juick/www/controllers/SignUp.java
@@ -37,7 +37,7 @@ import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
-import javax.inject.Inject;
+import jakarta.inject.Inject;
/**
*
@@ -92,6 +92,7 @@ public class SignUp {
model.addAttribute("account", account);
model.addAttribute("type", type);
model.addAttribute("hash", hash);
+ model.addAttribute("headers", "<meta name=\"robots\" content=\"noindex\"/>");
return "views/signup";
}
diff --git a/src/main/java/com/juick/www/controllers/Site.java b/src/main/java/com/juick/www/controllers/Site.java
index 3af6f2c2..c5074547 100644
--- a/src/main/java/com/juick/www/controllers/Site.java
+++ b/src/main/java/com/juick/www/controllers/Site.java
@@ -45,7 +45,7 @@ import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.servlet.view.RedirectView;
-import javax.inject.Inject;
+import jakarta.inject.Inject;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
@@ -595,7 +595,7 @@ public class Site {
fillUserModel(model, visitor, visitor);
visitor.setAvatar(webApp.getAvatarWebPath(visitor));
model.addAttribute("title", "Написать");
- model.addAttribute("headers", "");
+ model.addAttribute("headers", "<meta name=\"robots\" content=\"noindex\"/>");
model.addAttribute("visitor", visitor);
if (body == null) {
body = StringUtils.EMPTY;
diff --git a/src/main/java/com/juick/www/controllers/SocialLogin.java b/src/main/java/com/juick/www/controllers/SocialLogin.java
index 75099e50..510c7d62 100644
--- a/src/main/java/com/juick/www/controllers/SocialLogin.java
+++ b/src/main/java/com/juick/www/controllers/SocialLogin.java
@@ -53,11 +53,12 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.util.UriComponentsBuilder;
-import javax.inject.Inject;
+import jakarta.inject.Inject;
import java.io.IOException;
import java.util.List;
import java.util.Map;
+import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
@@ -70,7 +71,7 @@ import java.util.stream.Collectors;
@Controller
public class SocialLogin {
- private static final Logger logger = LoggerFactory.getLogger(SocialLogin.class);
+ private static final Logger logger = LoggerFactory.getLogger("Social");
public static final String AUTH_ERROR = "SocialLogin.AuthenticationError";
@@ -124,12 +125,12 @@ public class SocialLogin {
@GetMapping("/_fblogin")
protected String doFacebookLogin(HttpServletRequest request, @RequestParam(required = false) String code,
@RequestParam(required = false) String state,
- @RequestHeader(value = "referer", required = false) String referer, HttpServletResponse response,
+ HttpServletResponse response,
HttpSession session) throws IOException, ExecutionException, InterruptedException {
if (StringUtils.isBlank(code)) {
String fbstate = UUID.randomUUID().toString();
if (StringUtils.isBlank(state)) {
- state = Optional.ofNullable(referer).orElse("https://juick.com/");
+ state = UUID.randomUUID().toString();
}
userService.addFacebookState(fbstate, state);
return "redirect:" + facebookAuthService.getAuthorizationUrl(fbstate);
@@ -170,10 +171,12 @@ public class SocialLogin {
}
}
if (!existingFacebookUser.get().isBanned()) {
- Cookie c = new Cookie("hash", userService.getHashByUID(existingFacebookUser.get().getUid()));
- c.setMaxAge(50 * 24 * 60 * 60);
- response.addCookie(c);
- return "redirect:" + redirectUrl;
+ var authentication = new RememberMeAuthenticationToken(
+ ((AbstractRememberMeServices) rememberMeServices).getKey(),
+ new JuickUser(existingFacebookUser.get()), JuickUser.USER_AUTHORITY);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ rememberMeServices.loginSuccess(request, response, authentication);
+ return "redirect:/";
} else {
session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled");
return "redirect:/login";
@@ -188,9 +191,9 @@ public class SocialLogin {
@GetMapping("/_twitter")
protected String doTwitterLogin(@RequestParam(required = false) String code,
- @RequestParam(required = false) String state,
- com.juick.model.User user,
- HttpServletRequest request)
+ @RequestParam(required = false) String state,
+ com.juick.model.User user,
+ HttpServletRequest request)
throws IOException, ExecutionException, InterruptedException {
if (StringUtils.isBlank(code)) {
@@ -229,14 +232,17 @@ public class SocialLogin {
@GetMapping("/_vklogin")
protected String doVKLogin(@RequestParam(required = false) String code,
@RequestParam(required = false) String state,
- @RequestHeader(value = "referer", required = false) String referer,
- @CookieValue(required = false) String vkstate, HttpServletResponse response)
+ @CookieValue(required = false) String vkstate,
+ HttpServletRequest request,
+ HttpServletResponse response,
+ HttpSession session)
throws IOException, ExecutionException, InterruptedException {
if (StringUtils.isBlank(code)) {
vkstate = UUID.randomUUID().toString();
Cookie c = new Cookie("vkstate", vkstate);
response.addCookie(c);
- return "redirect:" + vkService.getVkAuthService().getAuthorizationUrl(vkstate);
+ var redirect = "redirect:" + vkService.getVkAuthService().getAuthorizationUrl(vkstate);
+ return redirect;
}
if (StringUtils.isBlank(vkstate) || !vkstate.equals(state)) {
@@ -265,13 +271,19 @@ public class SocialLogin {
}
long vkID = NumberUtils.toLong(jsonUser.id(), 0);
- int uid = userService.getUIDbyVKID(vkID);
- if (uid > 0) {
- userService.updateVkUser(vkID, token.getAccessToken(), vkName, vkLink);
- Cookie c = new Cookie("hash", userService.getHashByUID(uid));
- c.setMaxAge(50 * 24 * 60 * 60);
- response.addCookie(c);
- return "redirect:/" + Optional.ofNullable(referer).orElse(StringUtils.EMPTY);
+ var user = userService.getUserByVKID(vkID);
+ if (user.isPresent()) {
+ if (!user.get().isBanned()) {
+ var authentication = new RememberMeAuthenticationToken(
+ ((AbstractRememberMeServices) rememberMeServices).getKey(),
+ new JuickUser(user.get()), JuickUser.USER_AUTHORITY);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ rememberMeServices.loginSuccess(request, response, authentication);
+ return "redirect:/";
+ } else {
+ session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled");
+ return "redirect:/login";
+ }
} else {
String loginhash = UUID.randomUUID().toString();
if (!userService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) {
@@ -290,8 +302,7 @@ public class SocialLogin {
@GetMapping("/_tglogin")
public String doDurovLogin(@RequestParam Map<String, String> params,
@RequestParam String hash,
- @RequestHeader(value = "referer", required = false) String referer,
- HttpServletRequest request, HttpServletResponse response) {
+ HttpServletRequest request, HttpServletResponse response, HttpSession session) {
String dataCheckString = params.entrySet().stream().filter(p -> !p.getKey().equals("hash"))
.sorted(Map.Entry.comparingByKey()).map(p -> p.getKey() + "=" + p.getValue())
.collect(Collectors.joining("\n"));
@@ -301,14 +312,19 @@ public class SocialLogin {
long tgUser = Long.parseLong(params.get("id"));
var user = userService.getUserByTelegramId(tgUser);
if (user.isPresent()) {
- var authentication = new RememberMeAuthenticationToken(
- ((AbstractRememberMeServices) rememberMeServices).getKey(),
- new JuickUser(user.get()), JuickUser.USER_AUTHORITY);
- SecurityContextHolder.getContext().setAuthentication(authentication);
- rememberMeServices.loginSuccess(request, response, authentication);
- return "redirect:" + Optional.ofNullable(referer).orElse(StringUtils.EMPTY);
+ if (!user.get().isBanned()) {
+ var authentication = new RememberMeAuthenticationToken(
+ ((AbstractRememberMeServices) rememberMeServices).getKey(),
+ new JuickUser(user.get()), JuickUser.USER_AUTHORITY);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ rememberMeServices.loginSuccess(request, response, authentication);
+ return "redirect:/";
+ } else {
+ session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled");
+ return "redirect:/login";
+ }
} else {
- String username = StringUtils.defaultString(params.get("username"), params.get("first_name"));
+ String username = Objects.toString(params.get("username"), params.get("first_name"));
List<Long> chats = telegramService.getAnonymous();
if (!chats.contains(tgUser)) {
logger.info("added chat with {}", username);
@@ -347,9 +363,11 @@ public class SocialLogin {
com.juick.model.User user = userService.getUserByEmail(email.get());
if (!user.isAnonymous()) {
if (!user.isBanned()) {
- Cookie c = new Cookie("hash", userService.getHashByUID(user.getUid()));
- c.setMaxAge(50 * 24 * 60 * 60);
- response.addCookie(c);
+ var authentication = new RememberMeAuthenticationToken(
+ ((AbstractRememberMeServices) rememberMeServices).getKey(),
+ new JuickUser(user), JuickUser.USER_AUTHORITY);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ rememberMeServices.loginSuccess(request, response, authentication);
return "redirect:/";
} else {
session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled");
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 06:37:42 +0000