diff options
Diffstat (limited to 'src/main/java/com/juick')
4 files changed, 33 insertions, 40 deletions
diff --git a/src/main/java/com/juick/server/api/ApiSocialLogin.java b/src/main/java/com/juick/server/api/ApiSocialLogin.java index fe5f2069e..2d0a5c7e8 100644 --- a/src/main/java/com/juick/server/api/ApiSocialLogin.java +++ b/src/main/java/com/juick/server/api/ApiSocialLogin.java @@ -302,13 +302,10 @@ public class ApiSocialLogin { String verifiedEmail = emailService.getEmailByAuthCode(verificationCode); if (StringUtils.isNotEmpty(verifiedEmail)) { - int uid = userService.createUser(username, password); - if (uid <= 0) { - throw new HttpBadRequestException(); - } - emailService.addEmail(uid, verifiedEmail); + com.juick.User newUser = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new); + emailService.addEmail(newUser.getUid(), verifiedEmail); emailService.deleteAuthCode(verificationCode); - return ResponseEntity.ok(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new)); + return ResponseEntity.ok(newUser); } else { return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null); } diff --git a/src/main/java/com/juick/server/www/controllers/SignUp.java b/src/main/java/com/juick/server/www/controllers/SignUp.java index 8793478a6..5fce2d35d 100644 --- a/src/main/java/com/juick/server/www/controllers/SignUp.java +++ b/src/main/java/com/juick/server/www/controllers/SignUp.java @@ -17,6 +17,7 @@ package com.juick.server.www.controllers; import com.juick.User; +import com.juick.model.AnonymousUser; import com.juick.server.util.HttpBadRequestException; import com.juick.server.util.HttpForbiddenException; import com.juick.server.www.WebApp; @@ -24,6 +25,9 @@ import com.juick.service.CrosspostService; import com.juick.service.EmailService; import com.juick.service.UserService; import com.juick.service.security.annotation.Visitor; +import com.juick.service.security.entities.JuickUser; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.web.bind.annotation.GetMapping; @@ -31,8 +35,6 @@ import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; import javax.inject.Inject; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletResponse; /** * @@ -93,14 +95,13 @@ public class SignUp { @PostMapping("/signup") protected String doPost( @Visitor User visitor, - HttpServletResponse response, @RequestParam String type, @RequestParam String hash, @RequestParam String action, @RequestParam(required = false) String username, @RequestParam(required = false) String password, ModelMap modelMap) { - int uid = 0; + User current; if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$") || !hash.matches("^[a-zA-Z0-9\\-]+$")) { throw new HttpBadRequestException(); @@ -112,22 +113,23 @@ public class SignUp { if (username.length() > 32) { throw new HttpBadRequestException(); } - uid = userService.checkPassword(username, password); + current = userService.checkPassword(username, password).orElseThrow(HttpForbiddenException::new); } else { - uid = visitor.getUid(); + current = visitor; } - if (uid <= 0) { + if (current.getUid() <= 0) { throw new HttpForbiddenException(); } - if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid)) - && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid)) - && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid)) - && !(type.charAt(0) == 'x' && userService.getAllJIDs(visitor).size() > 0 && crosspostService.setJIDUser(hash, uid))) { + if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid())) + && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid())) + && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid())) + && !(type.charAt(0) == 'x' && userService.getAllJIDs(visitor).size() > 0 + && crosspostService.setJIDUser(hash, current.getUid()))) { if (type.equals("email")) { String email = emailService.getEmailByAuthCode(hash); - emailService.addEmail(uid, email); + emailService.addEmail(current.getUid(), email); emailService.deleteAuthCode(hash); } else { if (type.equals("xmpp")) { @@ -144,19 +146,14 @@ public class SignUp { throw new HttpBadRequestException(); } - // CHECK USERNAME + current = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new); - uid = userService.createUser(username, password); - if (uid <= 0) { - throw new HttpBadRequestException(); - } - - if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid)) - && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid)) - && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid))) { + if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid())) + && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid())) + && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid()))) { if (type.equals("email")) { String email = emailService.getEmailByAuthCode(hash); - emailService.addEmail(uid, email); + emailService.addEmail(current.getUid(), email); emailService.deleteAuthCode(hash); } else { if (type.equals("xmpp")) { @@ -170,10 +167,9 @@ public class SignUp { } if (visitor.isAnonymous()) { - hash = userService.getHashByUID(uid); - Cookie c = new Cookie("hash", hash); - c.setMaxAge(365 * 24 * 60 * 60); - response.addCookie(c); + UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = + new UsernamePasswordAuthenticationToken(new JuickUser(current), password, JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken); } return "redirect:/"; } diff --git a/src/main/java/com/juick/service/UserService.java b/src/main/java/com/juick/service/UserService.java index 3a51dffb9..0d4efcfc0 100644 --- a/src/main/java/com/juick/service/UserService.java +++ b/src/main/java/com/juick/service/UserService.java @@ -40,7 +40,7 @@ public interface UserService { String getSignUpHashByTelegramID(Long telegramId, String username); - int createUser(String username, String password); + Optional<User> createUser(String username, String password); Optional<User> getUserByUID(int uid); @@ -66,7 +66,7 @@ public interface UserService { String getHashByUID(int uid); - int checkPassword(String username, String password); + Optional<User> checkPassword(String username, String password); boolean updatePassword(User user, String newPassword); diff --git a/src/main/java/com/juick/service/UserServiceImpl.java b/src/main/java/com/juick/service/UserServiceImpl.java index bcfb8dac7..8d2947f8d 100644 --- a/src/main/java/com/juick/service/UserServiceImpl.java +++ b/src/main/java/com/juick/service/UserServiceImpl.java @@ -103,7 +103,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { @Transactional @Override - public int createUser(final String username, final String password) { + public Optional<User> createUser(final String username, final String password) { KeyHolder holder = new GeneratedKeyHolder(); try { getJdbcTemplate().update( @@ -117,7 +117,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { }, holder); } catch (DuplicateKeyException e) { - return -1; + return Optional.empty(); } int uid = holder.getKeys().size() > 1 ? (int)holder.getKeys().get("id") : holder.getKey().intValue(); @@ -125,7 +125,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { getJdbcTemplate().update("INSERT INTO useroptions(user_id) VALUES (?)", uid); getJdbcTemplate().update("INSERT INTO subscr_users(user_id, suser_id) VALUES (2, ?)", uid); - return uid; + return getUserByUID(uid); } @Transactional(readOnly = true) @@ -322,7 +322,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { @Transactional(readOnly = true) @Override - public int checkPassword(final String username, final String password) { + public Optional<User> checkPassword(final String username, final String password) { if (StringUtils.isNotBlank(username)) { List<User> list = getJdbcTemplate().query( "SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen," + @@ -337,10 +337,10 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { if (!list.isEmpty()) { User user = list.get(0); if (Objects.equals(password, user.getCredentials())) - return user.getUid(); + return Optional.of(user); } } - return -1; + return Optional.empty(); } @Transactional |