From 17fa861b4426018062c509ded6897b8d37a6f59a Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Sun, 25 Nov 2018 18:50:24 +0300 Subject: Signup API --- .../java/com/juick/server/api/ApiSocialLogin.java | 31 ++++++++++++++++++++-- .../juick/server/configuration/SecurityConfig.java | 2 +- .../java/com/juick/server/tests/ServerTests.java | 10 +++++++ 3 files changed, 40 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/juick/server/api/ApiSocialLogin.java b/src/main/java/com/juick/server/api/ApiSocialLogin.java index 9e111223..7b9b56f0 100644 --- a/src/main/java/com/juick/server/api/ApiSocialLogin.java +++ b/src/main/java/com/juick/server/api/ApiSocialLogin.java @@ -31,6 +31,7 @@ import com.google.api.client.http.HttpTransport; import com.google.api.client.http.javanet.NetHttpTransport; import com.google.api.client.json.JsonFactory; import com.google.api.client.json.jackson2.JacksonFactory; +import com.juick.model.Auth; import com.juick.model.facebook.User; import com.juick.server.util.HttpBadRequestException; import com.juick.server.util.HttpForbiddenException; @@ -39,6 +40,7 @@ import com.juick.service.EmailService; import com.juick.service.TelegramService; import com.juick.service.UserService; import com.juick.model.vk.UsersResponse; +import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.math.NumberUtils; import org.slf4j.Logger; @@ -293,13 +295,38 @@ public class ApiSocialLogin { } @ResponseBody @PostMapping("/api/_google") - public IdToken.Payload googleSignIn(@RequestParam(name = "idToken") String idTokenString) + public Auth googleSignIn(@RequestParam(name = "idToken") String idTokenString) throws GeneralSecurityException, IOException { logger.info("Token: {}", idTokenString); logger.info("Client: {}", googleClientId); GoogleIdToken idToken = verifier.verify(idTokenString); if (idToken != null) { - return idToken.getPayload(); + String email = idToken.getPayload().getEmail(); + if (!userService.getUserByEmail(email).isAnonymous()) { + String verificationCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase(); + emailService.addVerificationCode(null, email, verificationCode); + return new Auth(email, verificationCode); + } + } + throw new HttpForbiddenException(); + } + @ResponseBody + @PostMapping("/api/signup") + public com.juick.User signupWithEmail(String username, String password, String verificationCode) { + if (username.length() < 2 || username.length() > 16 || !username.matches("^[a-zA-Z0-9\\-]+$") + || password.length() < 6 || password.length() > 32) { + throw new HttpBadRequestException(); + } + + String verifiedEmail = emailService.getEmailByAuthCode(verificationCode); + if (StringUtils.isNotEmpty(verifiedEmail)) { + int uid = userService.createUser(username, password); + if (uid <= 0) { + throw new HttpBadRequestException(); + } + emailService.addEmail(uid, verifiedEmail); + emailService.deleteAuthCode(verificationCode); + return userService.getUserByUID(uid).orElseThrow(IllegalStateException::new); } else { throw new HttpForbiddenException(); } diff --git a/src/main/java/com/juick/server/configuration/SecurityConfig.java b/src/main/java/com/juick/server/configuration/SecurityConfig.java index 4442d115..f53cc531 100644 --- a/src/main/java/com/juick/server/configuration/SecurityConfig.java +++ b/src/main/java/com/juick/server/configuration/SecurityConfig.java @@ -98,7 +98,7 @@ public class SecurityConfig { .authorizeRequests() .antMatchers(HttpMethod.OPTIONS).permitAll() .antMatchers("/api/", "/api/messages", "/api/messages/discussions", "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk", - "/api/skypebotendpoint", "/api/_fblogin", "/api/_vklogin", "/api/_tglogin", "/api/_google", "/api/inbox", "/api/u/**", "/.well-known/webfinger", "/.well-known/x-nodeinfo2", "/rss/**", "/api/events").permitAll() + "/api/skypebotendpoint", "/api/_fblogin", "/api/_vklogin", "/api/_tglogin", "/api/_google", "/api/signup", "/api/inbox", "/api/u/**", "/.well-known/webfinger", "/.well-known/x-nodeinfo2", "/rss/**", "/api/events").permitAll() .anyRequest().hasRole("USER") .and() .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY) diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java index 0abce093..4b0de65d 100644 --- a/src/test/java/com/juick/server/tests/ServerTests.java +++ b/src/test/java/com/juick/server/tests/ServerTests.java @@ -1799,4 +1799,14 @@ public class ServerTests { messagesService.createMessage(newUserUid, "YO", "", null); assertThat(userService.getUserByUID(newUserUid).get().getSeen(), greaterThanOrEqualTo(now)); } + @Test + public void signupTest() throws Exception { + emailService.addVerificationCode(null, "demo@email.com", "123456"); + MvcResult result = mockMvc.perform(post("/api/signup") + .param("username", "testuser") + .param("password", "demopassword") + .param("verificationCode", "123456")).andExpect(status().isOk()).andReturn(); + com.juick.User testuser = jsonMapper.readValue(result.getResponse().getContentAsString(), User.class); + assertThat(testuser.getName(), is("testuser")); + } } -- cgit v1.2.3