aboutsummaryrefslogtreecommitdiff
path: root/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'src/main')
-rw-r--r--src/main/java/com/juick/server/api/ApiSocialLogin.java9
-rw-r--r--src/main/java/com/juick/server/www/controllers/SignUp.java48
-rw-r--r--src/main/java/com/juick/service/UserService.java4
-rw-r--r--src/main/java/com/juick/service/UserServiceImpl.java12
4 files changed, 33 insertions, 40 deletions
diff --git a/src/main/java/com/juick/server/api/ApiSocialLogin.java b/src/main/java/com/juick/server/api/ApiSocialLogin.java
index fe5f2069..2d0a5c7e 100644
--- a/src/main/java/com/juick/server/api/ApiSocialLogin.java
+++ b/src/main/java/com/juick/server/api/ApiSocialLogin.java
@@ -302,13 +302,10 @@ public class ApiSocialLogin {
String verifiedEmail = emailService.getEmailByAuthCode(verificationCode);
if (StringUtils.isNotEmpty(verifiedEmail)) {
- int uid = userService.createUser(username, password);
- if (uid <= 0) {
- throw new HttpBadRequestException();
- }
- emailService.addEmail(uid, verifiedEmail);
+ com.juick.User newUser = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new);
+ emailService.addEmail(newUser.getUid(), verifiedEmail);
emailService.deleteAuthCode(verificationCode);
- return ResponseEntity.ok(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+ return ResponseEntity.ok(newUser);
} else {
return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null);
}
diff --git a/src/main/java/com/juick/server/www/controllers/SignUp.java b/src/main/java/com/juick/server/www/controllers/SignUp.java
index 8793478a..5fce2d35 100644
--- a/src/main/java/com/juick/server/www/controllers/SignUp.java
+++ b/src/main/java/com/juick/server/www/controllers/SignUp.java
@@ -17,6 +17,7 @@
package com.juick.server.www.controllers;
import com.juick.User;
+import com.juick.model.AnonymousUser;
import com.juick.server.util.HttpBadRequestException;
import com.juick.server.util.HttpForbiddenException;
import com.juick.server.www.WebApp;
@@ -24,6 +25,9 @@ import com.juick.service.CrosspostService;
import com.juick.service.EmailService;
import com.juick.service.UserService;
import com.juick.service.security.annotation.Visitor;
+import com.juick.service.security.entities.JuickUser;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.GetMapping;
@@ -31,8 +35,6 @@ import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestParam;
import javax.inject.Inject;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
/**
*
@@ -93,14 +95,13 @@ public class SignUp {
@PostMapping("/signup")
protected String doPost(
@Visitor User visitor,
- HttpServletResponse response,
@RequestParam String type,
@RequestParam String hash,
@RequestParam String action,
@RequestParam(required = false) String username,
@RequestParam(required = false) String password,
ModelMap modelMap) {
- int uid = 0;
+ User current;
if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$") || !hash.matches("^[a-zA-Z0-9\\-]+$")) {
throw new HttpBadRequestException();
@@ -112,22 +113,23 @@ public class SignUp {
if (username.length() > 32) {
throw new HttpBadRequestException();
}
- uid = userService.checkPassword(username, password);
+ current = userService.checkPassword(username, password).orElseThrow(HttpForbiddenException::new);
} else {
- uid = visitor.getUid();
+ current = visitor;
}
- if (uid <= 0) {
+ if (current.getUid() <= 0) {
throw new HttpForbiddenException();
}
- if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid))
- && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid))
- && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid))
- && !(type.charAt(0) == 'x' && userService.getAllJIDs(visitor).size() > 0 && crosspostService.setJIDUser(hash, uid))) {
+ if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid()))
+ && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid()))
+ && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid()))
+ && !(type.charAt(0) == 'x' && userService.getAllJIDs(visitor).size() > 0
+ && crosspostService.setJIDUser(hash, current.getUid()))) {
if (type.equals("email")) {
String email = emailService.getEmailByAuthCode(hash);
- emailService.addEmail(uid, email);
+ emailService.addEmail(current.getUid(), email);
emailService.deleteAuthCode(hash);
} else {
if (type.equals("xmpp")) {
@@ -144,19 +146,14 @@ public class SignUp {
throw new HttpBadRequestException();
}
- // CHECK USERNAME
+ current = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new);
- uid = userService.createUser(username, password);
- if (uid <= 0) {
- throw new HttpBadRequestException();
- }
-
- if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid))
- && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid))
- && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid))) {
+ if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid()))
+ && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid()))
+ && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid()))) {
if (type.equals("email")) {
String email = emailService.getEmailByAuthCode(hash);
- emailService.addEmail(uid, email);
+ emailService.addEmail(current.getUid(), email);
emailService.deleteAuthCode(hash);
} else {
if (type.equals("xmpp")) {
@@ -170,10 +167,9 @@ public class SignUp {
}
if (visitor.isAnonymous()) {
- hash = userService.getHashByUID(uid);
- Cookie c = new Cookie("hash", hash);
- c.setMaxAge(365 * 24 * 60 * 60);
- response.addCookie(c);
+ UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
+ new UsernamePasswordAuthenticationToken(new JuickUser(current), password, JuickUser.USER_AUTHORITY);
+ SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
return "redirect:/";
}
diff --git a/src/main/java/com/juick/service/UserService.java b/src/main/java/com/juick/service/UserService.java
index 3a51dffb..0d4efcfc 100644
--- a/src/main/java/com/juick/service/UserService.java
+++ b/src/main/java/com/juick/service/UserService.java
@@ -40,7 +40,7 @@ public interface UserService {
String getSignUpHashByTelegramID(Long telegramId, String username);
- int createUser(String username, String password);
+ Optional<User> createUser(String username, String password);
Optional<User> getUserByUID(int uid);
@@ -66,7 +66,7 @@ public interface UserService {
String getHashByUID(int uid);
- int checkPassword(String username, String password);
+ Optional<User> checkPassword(String username, String password);
boolean updatePassword(User user, String newPassword);
diff --git a/src/main/java/com/juick/service/UserServiceImpl.java b/src/main/java/com/juick/service/UserServiceImpl.java
index bcfb8dac..8d2947f8 100644
--- a/src/main/java/com/juick/service/UserServiceImpl.java
+++ b/src/main/java/com/juick/service/UserServiceImpl.java
@@ -103,7 +103,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService {
@Transactional
@Override
- public int createUser(final String username, final String password) {
+ public Optional<User> createUser(final String username, final String password) {
KeyHolder holder = new GeneratedKeyHolder();
try {
getJdbcTemplate().update(
@@ -117,7 +117,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService {
},
holder);
} catch (DuplicateKeyException e) {
- return -1;
+ return Optional.empty();
}
int uid = holder.getKeys().size() > 1 ? (int)holder.getKeys().get("id") : holder.getKey().intValue();
@@ -125,7 +125,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService {
getJdbcTemplate().update("INSERT INTO useroptions(user_id) VALUES (?)", uid);
getJdbcTemplate().update("INSERT INTO subscr_users(user_id, suser_id) VALUES (2, ?)", uid);
- return uid;
+ return getUserByUID(uid);
}
@Transactional(readOnly = true)
@@ -322,7 +322,7 @@ public class UserServiceImpl extends BaseJdbcService implements UserService {
@Transactional(readOnly = true)
@Override
- public int checkPassword(final String username, final String password) {
+ public Optional<User> checkPassword(final String username, final String password) {
if (StringUtils.isNotBlank(username)) {
List<User> list = getJdbcTemplate().query(
"SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen," +
@@ -337,10 +337,10 @@ public class UserServiceImpl extends BaseJdbcService implements UserService {
if (!list.isEmpty()) {
User user = list.get(0);
if (Objects.equals(password, user.getCredentials()))
- return user.getUid();
+ return Optional.of(user);
}
}
- return -1;
+ return Optional.empty();
}
@Transactional