aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/com/juick/www/controllers
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/com/juick/www/controllers')
-rw-r--r--src/main/java/com/juick/www/controllers/Settings.java22
-rw-r--r--src/main/java/com/juick/www/controllers/SocialLogin.java82
2 files changed, 64 insertions, 40 deletions
diff --git a/src/main/java/com/juick/www/controllers/Settings.java b/src/main/java/com/juick/www/controllers/Settings.java
index 8d66bd36..11f31efb 100644
--- a/src/main/java/com/juick/www/controllers/Settings.java
+++ b/src/main/java/com/juick/www/controllers/Settings.java
@@ -150,14 +150,20 @@ public class Settings {
visitor.setCountry(request.getParameter("country"));
visitor.setUrl(request.getParameter("url"));
visitor.setDescription(request.getParameter("descr"));
- String avatarTmpPath = HttpUtils.receiveMultiPartFile(newAvatar, storageService.getTemporaryDirectory()).getHost();
- if (StringUtils.isNotEmpty(avatarTmpPath)) {
- storageService.saveAvatar(avatarTmpPath, visitor);
- }
- if (userService.updateUserInfo(visitor)) {
- result = String.format("<p>Your info is updated.</p><p><a href='/%s/'>Back to blog</a>.</p>", visitor.getName());
+ try {
+ String avatarTmpPath = HttpUtils
+ .receiveMultiPartFile(newAvatar, storageService.getTemporaryDirectory()).getHost();
+ if (StringUtils.isNotEmpty(avatarTmpPath)) {
+ storageService.saveAvatar(avatarTmpPath, visitor);
+ }
+ if (userService.updateUserInfo(visitor)) {
+ result = String.format("<p>Your info is updated.</p><p><a href='/%s/'>Back to blog</a>.</p>",
+ visitor.getName());
+ }
+ applicationEventPublisher.publishEvent(new UpdateUserEvent(this, visitor));
+ } catch (Exception e) {
+ result = "<p>" + e.getMessage() + ". <a href=\"/settings\">Back</a>.</p>";
}
- applicationEventPublisher.publishEvent(new UpdateUserEvent(this, visitor));
break;
case "jid-del":
// FIXME: stop using ugnich-csv in parameters
@@ -188,7 +194,7 @@ public class Settings {
message.addRecipient(Message.RecipientType.TO, new InternetAddress(request.getParameter("account")));
message.setSubject("Juick authorization link");
message.setText(String.format("Follow link to attach this email to Juick account:\n" +
- "http://juick.com/settings?page=auth-email&code=%s\n\n" +
+ "https://juick.com/settings?page=auth-email&code=%s\n\n" +
"If you don't know, what this mean - just ignore this mail.\n", authCode));
Transport.send(message);
result = "<p>Authorization link has been sent to your email. Follow it to proceed.</p>" +
diff --git a/src/main/java/com/juick/www/controllers/SocialLogin.java b/src/main/java/com/juick/www/controllers/SocialLogin.java
index 7f8d5f73..510c7d62 100644
--- a/src/main/java/com/juick/www/controllers/SocialLogin.java
+++ b/src/main/java/com/juick/www/controllers/SocialLogin.java
@@ -58,6 +58,7 @@ import jakarta.inject.Inject;
import java.io.IOException;
import java.util.List;
import java.util.Map;
+import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
@@ -70,7 +71,7 @@ import java.util.stream.Collectors;
@Controller
public class SocialLogin {
- private static final Logger logger = LoggerFactory.getLogger(SocialLogin.class);
+ private static final Logger logger = LoggerFactory.getLogger("Social");
public static final String AUTH_ERROR = "SocialLogin.AuthenticationError";
@@ -124,12 +125,12 @@ public class SocialLogin {
@GetMapping("/_fblogin")
protected String doFacebookLogin(HttpServletRequest request, @RequestParam(required = false) String code,
@RequestParam(required = false) String state,
- @RequestHeader(value = "referer", required = false) String referer, HttpServletResponse response,
+ HttpServletResponse response,
HttpSession session) throws IOException, ExecutionException, InterruptedException {
if (StringUtils.isBlank(code)) {
String fbstate = UUID.randomUUID().toString();
if (StringUtils.isBlank(state)) {
- state = Optional.ofNullable(referer).orElse("https://juick.com/");
+ state = UUID.randomUUID().toString();
}
userService.addFacebookState(fbstate, state);
return "redirect:" + facebookAuthService.getAuthorizationUrl(fbstate);
@@ -170,10 +171,12 @@ public class SocialLogin {
}
}
if (!existingFacebookUser.get().isBanned()) {
- Cookie c = new Cookie("hash", userService.getHashByUID(existingFacebookUser.get().getUid()));
- c.setMaxAge(50 * 24 * 60 * 60);
- response.addCookie(c);
- return "redirect:" + redirectUrl;
+ var authentication = new RememberMeAuthenticationToken(
+ ((AbstractRememberMeServices) rememberMeServices).getKey(),
+ new JuickUser(existingFacebookUser.get()), JuickUser.USER_AUTHORITY);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ rememberMeServices.loginSuccess(request, response, authentication);
+ return "redirect:/";
} else {
session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled");
return "redirect:/login";
@@ -188,9 +191,9 @@ public class SocialLogin {
@GetMapping("/_twitter")
protected String doTwitterLogin(@RequestParam(required = false) String code,
- @RequestParam(required = false) String state,
- com.juick.model.User user,
- HttpServletRequest request)
+ @RequestParam(required = false) String state,
+ com.juick.model.User user,
+ HttpServletRequest request)
throws IOException, ExecutionException, InterruptedException {
if (StringUtils.isBlank(code)) {
@@ -229,14 +232,17 @@ public class SocialLogin {
@GetMapping("/_vklogin")
protected String doVKLogin(@RequestParam(required = false) String code,
@RequestParam(required = false) String state,
- @RequestHeader(value = "referer", required = false) String referer,
- @CookieValue(required = false) String vkstate, HttpServletResponse response)
+ @CookieValue(required = false) String vkstate,
+ HttpServletRequest request,
+ HttpServletResponse response,
+ HttpSession session)
throws IOException, ExecutionException, InterruptedException {
if (StringUtils.isBlank(code)) {
vkstate = UUID.randomUUID().toString();
Cookie c = new Cookie("vkstate", vkstate);
response.addCookie(c);
- return "redirect:" + vkService.getVkAuthService().getAuthorizationUrl(vkstate);
+ var redirect = "redirect:" + vkService.getVkAuthService().getAuthorizationUrl(vkstate);
+ return redirect;
}
if (StringUtils.isBlank(vkstate) || !vkstate.equals(state)) {
@@ -265,13 +271,19 @@ public class SocialLogin {
}
long vkID = NumberUtils.toLong(jsonUser.id(), 0);
- int uid = userService.getUIDbyVKID(vkID);
- if (uid > 0) {
- userService.updateVkUser(vkID, token.getAccessToken(), vkName, vkLink);
- Cookie c = new Cookie("hash", userService.getHashByUID(uid));
- c.setMaxAge(50 * 24 * 60 * 60);
- response.addCookie(c);
- return "redirect:/" + Optional.ofNullable(referer).orElse(StringUtils.EMPTY);
+ var user = userService.getUserByVKID(vkID);
+ if (user.isPresent()) {
+ if (!user.get().isBanned()) {
+ var authentication = new RememberMeAuthenticationToken(
+ ((AbstractRememberMeServices) rememberMeServices).getKey(),
+ new JuickUser(user.get()), JuickUser.USER_AUTHORITY);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ rememberMeServices.loginSuccess(request, response, authentication);
+ return "redirect:/";
+ } else {
+ session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled");
+ return "redirect:/login";
+ }
} else {
String loginhash = UUID.randomUUID().toString();
if (!userService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) {
@@ -290,8 +302,7 @@ public class SocialLogin {
@GetMapping("/_tglogin")
public String doDurovLogin(@RequestParam Map<String, String> params,
@RequestParam String hash,
- @RequestHeader(value = "referer", required = false) String referer,
- HttpServletRequest request, HttpServletResponse response) {
+ HttpServletRequest request, HttpServletResponse response, HttpSession session) {
String dataCheckString = params.entrySet().stream().filter(p -> !p.getKey().equals("hash"))
.sorted(Map.Entry.comparingByKey()).map(p -> p.getKey() + "=" + p.getValue())
.collect(Collectors.joining("\n"));
@@ -301,14 +312,19 @@ public class SocialLogin {
long tgUser = Long.parseLong(params.get("id"));
var user = userService.getUserByTelegramId(tgUser);
if (user.isPresent()) {
- var authentication = new RememberMeAuthenticationToken(
- ((AbstractRememberMeServices) rememberMeServices).getKey(),
- new JuickUser(user.get()), JuickUser.USER_AUTHORITY);
- SecurityContextHolder.getContext().setAuthentication(authentication);
- rememberMeServices.loginSuccess(request, response, authentication);
- return "redirect:" + Optional.ofNullable(referer).orElse(StringUtils.EMPTY);
+ if (!user.get().isBanned()) {
+ var authentication = new RememberMeAuthenticationToken(
+ ((AbstractRememberMeServices) rememberMeServices).getKey(),
+ new JuickUser(user.get()), JuickUser.USER_AUTHORITY);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ rememberMeServices.loginSuccess(request, response, authentication);
+ return "redirect:/";
+ } else {
+ session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled");
+ return "redirect:/login";
+ }
} else {
- String username = StringUtils.defaultString(params.get("username"), params.get("first_name"));
+ String username = Objects.toString(params.get("username"), params.get("first_name"));
List<Long> chats = telegramService.getAnonymous();
if (!chats.contains(tgUser)) {
logger.info("added chat with {}", username);
@@ -347,9 +363,11 @@ public class SocialLogin {
com.juick.model.User user = userService.getUserByEmail(email.get());
if (!user.isAnonymous()) {
if (!user.isBanned()) {
- Cookie c = new Cookie("hash", userService.getHashByUID(user.getUid()));
- c.setMaxAge(50 * 24 * 60 * 60);
- response.addCookie(c);
+ var authentication = new RememberMeAuthenticationToken(
+ ((AbstractRememberMeServices) rememberMeServices).getKey(),
+ new JuickUser(user), JuickUser.USER_AUTHORITY);
+ SecurityContextHolder.getContext().setAuthentication(authentication);
+ rememberMeServices.loginSuccess(request, response, authentication);
return "redirect:/";
} else {
session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled");
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 13:39:07 +0000