From b94d06390216d645c61a27b77324a999ff1c11ef Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Sun, 8 Sep 2024 22:38:11 +0300 Subject: Clean up social login --- src/main/java/com/juick/config/SecurityConfig.java | 4 +- src/main/java/com/juick/service/UserService.java | 2 +- .../java/com/juick/service/UserServiceImpl.java | 14 +- src/main/java/com/juick/service/VKService.java | 8 +- .../java/com/juick/www/api/ApiSocialLogin.java | 299 --------------------- .../java/com/juick/www/api/webhooks/VkWebhook.java | 6 +- .../com/juick/www/controllers/SocialLogin.java | 82 +++--- 7 files changed, 71 insertions(+), 344 deletions(-) delete mode 100644 src/main/java/com/juick/www/api/ApiSocialLogin.java diff --git a/src/main/java/com/juick/config/SecurityConfig.java b/src/main/java/com/juick/config/SecurityConfig.java index 820ebf74..6e9afa42 100644 --- a/src/main/java/com/juick/config/SecurityConfig.java +++ b/src/main/java/com/juick/config/SecurityConfig.java @@ -202,9 +202,7 @@ public class SecurityConfig { "/api/messages/discussions", "/api/users", "/api/thread", "/api/tags", "/api/tlgmbtwbhk", "/api/fbwbhk", "/api/_patreon", "/api/_vk", - "/api/skypebotendpoint", "/api/_fblogin", - "/api/_vklogin", "/api/_tglogin", - "/api/_google", "/api/_applelogin", "/api/signup", + "/api/skypebotendpoint", "/api/signup", "/api/inbox", "/api/events", "/api/u/", "/u/**", "/n/**", "/api/info/**", "/api/v1/apps", "/api/v1/instance", diff --git a/src/main/java/com/juick/service/UserService.java b/src/main/java/com/juick/service/UserService.java index 6f7cb58f..3c7a3235 100644 --- a/src/main/java/com/juick/service/UserService.java +++ b/src/main/java/com/juick/service/UserService.java @@ -170,7 +170,7 @@ public interface UserService { boolean updateFacebookUser(long fbID, String token, String fbName); - int getUIDbyVKID(long vkID); + Optional getUserByVKID(long vkID); boolean createVKUser(long vkID, String loginhash, String token, String vkName, String vkLink); diff --git a/src/main/java/com/juick/service/UserServiceImpl.java b/src/main/java/com/juick/service/UserServiceImpl.java index 0bbeea91..a5ab8432 100644 --- a/src/main/java/com/juick/service/UserServiceImpl.java +++ b/src/main/java/com/juick/service/UserServiceImpl.java @@ -40,6 +40,7 @@ import org.springframework.jdbc.support.KeyHolder; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; +import java.lang.StackWalker.Option; import java.net.URI; import java.sql.*; import java.time.Instant; @@ -815,10 +816,15 @@ public class UserServiceImpl extends BaseJdbcService implements UserService { @Transactional(readOnly = true) @Override - public int getUIDbyVKID(long vkID) { - var users = getJdbcTemplate().queryForList(""" - SELECT user_id FROM vk WHERE vk_id=? AND user_id IS NOT NULL""", Integer.class, vkID); - return users.isEmpty() ? 0 : users.get(0); + public Optional getUserByVKID(long vkID) { + List list = getJdbcTemplate().query( + "SELECT DISTINCT u.id, u.nick, u.passw, u.banned, u.last_seen, " + + "COALESCE(f.fb_id, vk.vk_id, t.tg_id, e.user_id, 0) AS verified, premium " + + "FROM users u LEFT JOIN facebook f ON f.user_id = u.id " + + "LEFT JOIN vk ON u.id = vk.user_id LEFT JOIN telegram t ON u.id = t.user_id " + + "LEFT JOIN emails e ON e.user_id = u.id WHERE vk.vk_id = ?", new UserMapper(), vkID); + + return list.isEmpty() ? Optional.empty() : Optional.of(list.get(0)); } @Transactional diff --git a/src/main/java/com/juick/service/VKService.java b/src/main/java/com/juick/service/VKService.java index b9b2483f..7f6b2516 100644 --- a/src/main/java/com/juick/service/VKService.java +++ b/src/main/java/com/juick/service/VKService.java @@ -30,6 +30,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; +import org.springframework.web.util.UriComponentsBuilder; import jakarta.inject.Inject; @@ -40,7 +41,8 @@ public class VKService { private String VK_APPID; @Value("${vk_secret:secret}") private String VK_SECRET; - private static final String VK_REDIRECT = "https://juick.com/_vklogin"; + @Value("${ap_base_uri:http://localhost:8080/}") + private String baseUri; @Inject private ObjectMapper jsonMapper; @Inject @@ -49,10 +51,12 @@ public class VKService { @PostConstruct public void init() { + UriComponentsBuilder redirectBuilder = UriComponentsBuilder.fromUriString(baseUri); + String redirectUri = redirectBuilder.replacePath("/_vklogin").build().toUriString(); ServiceBuilder vkBuilder = new ServiceBuilder(VK_APPID); setVkAuthService(vkBuilder.apiSecret(VK_SECRET) .defaultScope("friends,wall,offline,groups") - .callback(VK_REDIRECT) + .callback(redirectUri) .build(VkontakteApi.instance())); } diff --git a/src/main/java/com/juick/www/api/ApiSocialLogin.java b/src/main/java/com/juick/www/api/ApiSocialLogin.java deleted file mode 100644 index 6ea1c89f..00000000 --- a/src/main/java/com/juick/www/api/ApiSocialLogin.java +++ /dev/null @@ -1,299 +0,0 @@ -/* - * Copyright (C) 2008-2020, Juick - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package com.juick.www.api; - -import com.fasterxml.jackson.databind.ObjectMapper; -import com.github.scribejava.apis.AppleClientSecretGenerator; -import com.github.scribejava.apis.AppleSignInApi; -import com.github.scribejava.apis.FacebookApi; -import com.github.scribejava.apis.GoogleTokenVerifier; -import com.github.scribejava.apis.VkontakteApi; -import com.github.scribejava.core.builder.ServiceBuilder; -import com.github.scribejava.core.model.OAuth2AccessToken; -import com.github.scribejava.core.model.OAuthRequest; -import com.github.scribejava.core.model.Verb; -import com.github.scribejava.core.oauth.OAuth20Service; -import com.juick.model.AuthResponse; -import com.juick.model.ext.facebook.User; -import com.juick.model.ext.vk.UsersResponse; -import com.juick.service.EmailService; -import com.juick.service.UserService; -import com.juick.util.HttpBadRequestException; -import com.juick.util.HttpForbiddenException; - -import org.apache.commons.lang3.RandomStringUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.commons.lang3.math.NumberUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.ResponseBody; -import org.springframework.web.util.UriComponentsBuilder; - -import jakarta.annotation.PostConstruct; -import jakarta.inject.Inject; -import java.io.IOException; -import java.util.Map; -import java.util.Optional; -import java.util.UUID; -import java.util.concurrent.ExecutionException; - -/** - * - * @author Ugnich Anton - */ -@Controller -public class ApiSocialLogin { - - private static final Logger logger = LoggerFactory.getLogger(ApiSocialLogin.class); - - @Value("${facebook_appid:appid}") - private String FACEBOOK_APPID; - @Value("${facebook_secret:secret}") - private String FACEBOOK_SECRET; - private static final String FACEBOOK_REDIRECT = "https://api.juick.com/_fblogin"; - private static final String VK_REDIRECT = "https://api.juick.com/_vklogin"; - @Inject - private ObjectMapper jsonMapper; - private OAuth20Service facebookAuthService, vkAuthService, appleSignInService; - - @Value("${twitter_consumer_key:appid}") - private String twitterConsumerKey; - @Value("${twitter_consumer_secret:secret}") - private String twitterConsumerSecret; - @Value("${vk_appid:appid}") - private String VK_APPID; - @Value("${vk_secret:secret}") - private String VK_SECRET; - @Value("${google_client_id:}") - private String googleClientId; - @Value("${apple_app_id:appid}") - private String appleApplicationId; - @Value("${ap_base_uri:http://localhost:8080/}") - private String baseUri; - - @Inject - private UserService userService; - @Inject - private EmailService emailService; - @Inject - private AppleClientSecretGenerator clientSecretGenerator; - @Inject - private Users users; - - @PostConstruct - public void init() { - ServiceBuilder facebookBuilder = new ServiceBuilder(FACEBOOK_APPID); - ServiceBuilder vkBuilder = new ServiceBuilder(VK_APPID); - facebookAuthService = facebookBuilder - .apiSecret(FACEBOOK_SECRET) - .callback(FACEBOOK_REDIRECT) - .defaultScope("email") - .build(FacebookApi.instance()); - vkAuthService = vkBuilder - .apiSecret(VK_SECRET) - .defaultScope("friends,wall,offline,groups") - .callback(VK_REDIRECT) - .build(VkontakteApi.instance()); - ServiceBuilder appleSignInBuilder = new ServiceBuilder(appleApplicationId); - UriComponentsBuilder redirectBuilder = UriComponentsBuilder.fromUriString(baseUri); - String appleSignInRedirectUri = redirectBuilder.replacePath("/api/_applelogin").build().toUriString(); - appleSignInService = appleSignInBuilder - .callback(appleSignInRedirectUri) - .defaultScope("email") - .build(new AppleSignInApi(clientSecretGenerator, appleApplicationId)); - } - - @GetMapping("/api/_fblogin") - protected String doFacebookLogin(@RequestParam(required = false) String code, - @RequestParam(required = false) String state) throws IOException, ExecutionException, InterruptedException { - if (StringUtils.isBlank(code)) { - String fbstate = UUID.randomUUID().toString(); - userService.addFacebookState(fbstate, state); - return "redirect:" + facebookAuthService.getAuthorizationUrl(fbstate); - } - - String redirectUrl = userService.verifyFacebookState(state); - - if (StringUtils.isEmpty(redirectUrl)) { - logger.error("state is missing"); - throw new HttpBadRequestException(); - } - OAuth2AccessToken token = facebookAuthService.getAccessToken(code); - final OAuthRequest meRequest = new OAuthRequest(Verb.GET, "https://graph.facebook.com/me?fields=id,name,email"); - facebookAuthService.signRequest(token, meRequest); - String graph = facebookAuthService.execute(meRequest).getBody(); - if (StringUtils.isBlank(graph)) { - logger.error("FACEBOOK GRAPH ERROR"); - throw new HttpBadRequestException(); - } - User fb = jsonMapper.readValue(graph, User.class); - long fbID = NumberUtils.toLong(fb.id(), 0); - if (fbID == 0 || StringUtils.isBlank(fb.name())) { - logger.error("Missing required fields, id: {}, name: {}", fbID, fb.name()); - throw new HttpBadRequestException(); - } - - Optional existingFacebookUser = userService.getUserByFacebookId(fbID); - if (existingFacebookUser.isPresent()) { - if (!userService.updateFacebookUser(fbID, token.getAccessToken(), fb.name())) { - logger.error("error updating facebook user, id: {}, token: {}", fbID, token.getAccessToken()); - throw new HttpBadRequestException(); - } - if (StringUtils.isNotEmpty(fb.email())) { - logger.info("found {} for facebook user {}", fb.email(), fb.name()); - Integer userId = existingFacebookUser.get().getUid(); - if (!emailService.getEmails(userId, false).contains(fb.email())) { - emailService.addEmail(userId, fb.email()); - } - } - UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl); - uriComponentsBuilder.queryParam("hash", userService.getHashByUID(existingFacebookUser.get().getUid())); - uriComponentsBuilder.queryParam("retpath", redirectUrl); - return "redirect:" + uriComponentsBuilder.build().toUriString(); - } else { - if (!userService.createFacebookUser(fbID, state, token.getAccessToken(), fb.name())) { - throw new HttpBadRequestException(); - } - return "redirect:/signup?type=fb&hash=" + state; - } - } - @GetMapping("/api/_vklogin") - protected String doVKLogin(@RequestParam(required = false) String code, - @RequestParam String state) throws IOException, ExecutionException, InterruptedException { - if (StringUtils.isBlank(code)) { - String vkstate = UUID.randomUUID().toString(); - userService.addVKState(vkstate, state); - return "redirect:" + vkAuthService.getAuthorizationUrl(vkstate); - } - - String redirectUrl = userService.verifyVKState(state); - if (StringUtils.isBlank(redirectUrl)) { - logger.error("state is missing"); - throw new HttpBadRequestException(); - } - OAuth2AccessToken token = vkAuthService.getAccessToken(code); - - OAuthRequest meRequest = new OAuthRequest(Verb.GET, "https://api.vk.com/method/users.get?fields=screen_name&v=5.131"); - vkAuthService.signRequest(token, meRequest); - String graph = vkAuthService.execute(meRequest).getBody(); - - com.juick.model.ext.vk.User jsonUser = jsonMapper.readValue(graph, UsersResponse.class).users().get(0); - String vkName = jsonUser.firstName() + " " + jsonUser.lastName(); - String vkLink = jsonUser.screenName(); - - if (vkName.length() == 1 || StringUtils.isBlank(vkLink)) { - logger.error("vk user error"); - throw new HttpBadRequestException(); - } - - long vkID = NumberUtils.toLong(jsonUser.id(), 0); - int uid = userService.getUIDbyVKID(vkID); - if (uid > 0) { - UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl); - uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid)); - uriComponentsBuilder.queryParam("retpath", redirectUrl); - return "redirect:" + uriComponentsBuilder.build().toUriString(); - } else { - String loginhash = UUID.randomUUID().toString(); - if (!userService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) { - logger.error("create vk user error"); - throw new HttpBadRequestException(); - } - return "redirect:/signup?type=vk&hash=" + loginhash; - } - } - @ResponseBody - @PostMapping("/api/_google") - public AuthResponse googleSignIn(@RequestParam(name = "idToken") String idTokenString) { - logger.info("Token: {}", idTokenString); - logger.info("Client: {}", googleClientId); - Optional verifiedEmail = GoogleTokenVerifier.validateToken(googleClientId, idTokenString); - if (verifiedEmail.isPresent()) { - String email = verifiedEmail.get(); - com.juick.model.User visitor = userService.getUserByEmail(email); - if (visitor.isAnonymous()) { - String verificationCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase(); - emailService.addVerificationCode(null, email, verificationCode); - return new AuthResponse(null, email, verificationCode); - } else { - return new AuthResponse(users.getMe(visitor), null, null); - } - } - throw new HttpForbiddenException(); - } - @ResponseBody - @PostMapping("/api/signup") - public com.juick.model.User signupWithEmail(String username, String password, String verificationCode) { - if (username.length() < 2 || username.length() > 16 || !username.matches("^[a-zA-Z0-9\\-]+$") - || password.length() < 6 || password.length() > 32) { - throw new HttpBadRequestException(); - } - - String verifiedEmail = emailService.getEmailByAuthCode(verificationCode); - if (StringUtils.isNotEmpty(verifiedEmail)) { - com.juick.model.User newUser = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new); - emailService.addEmail(newUser.getUid(), verifiedEmail); - emailService.deleteAuthCode(verificationCode); - return newUser; - } else { - throw new HttpForbiddenException(); - } - } - @GetMapping("/api/_applelogin") - public String doAppleLogin(@RequestParam(required = false) String code, @RequestParam String state) { - if (StringUtils.isBlank(code)) { - String astate = UUID.randomUUID().toString(); - userService.addVKState(astate, state); - return "redirect:" + appleSignInService.getAuthorizationUrl(astate); - } - throw new HttpBadRequestException(); - } - @PostMapping("/api/_applelogin") - public String doVerifyAppleResponse(@RequestParam Map body) throws InterruptedException, ExecutionException, IOException { - OAuth2AccessToken token = appleSignInService.getAccessToken(body.get("code")); - var jsonNode = jsonMapper.readTree(token.getRawResponse()); - var idToken = jsonNode.get("id_token").textValue(); - logger.info("Token: {}", idToken); - AppleSignInApi api = (AppleSignInApi) appleSignInService.getApi(); - var email = api.validateToken(idToken); - - if (email.isPresent()) { - com.juick.model.User user = userService.getUserByEmail(email.get()); - if (!user.isAnonymous()) { - String redirectUrl = userService.verifyVKState(body.get("state")); - if (StringUtils.isBlank(redirectUrl)) { - logger.error("state is missing"); - throw new HttpBadRequestException(); - } - UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl); - uriComponentsBuilder.queryParam("hash", userService.getHashByUID(user.getUid())); - uriComponentsBuilder.queryParam("retpath", redirectUrl); - return "redirect:" + uriComponentsBuilder.build().toUriString(); - } else { - String verificationCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase(); - emailService.addVerificationCode(null, email.get(), verificationCode); - return "redirect:/signup?type=email&hash=" + verificationCode; - } - } - throw new HttpBadRequestException(); - } -} diff --git a/src/main/java/com/juick/www/api/webhooks/VkWebhook.java b/src/main/java/com/juick/www/api/webhooks/VkWebhook.java index 45e20d3f..d69d00be 100644 --- a/src/main/java/com/juick/www/api/webhooks/VkWebhook.java +++ b/src/main/java/com/juick/www/api/webhooks/VkWebhook.java @@ -62,9 +62,9 @@ public class VkWebhook { if (secretKey.equals(secret)) { if (type.startsWith("donut_")) { var vkId = json.get("object").get("user_id").asLong(0); - var userId = userService.getUIDbyVKID(vkId); - if (userId > 0) { - vkService.updatePremiumStatus(userId); + var user = userService.getUserByVKID(vkId); + if (user.isPresent()) { + vkService.updatePremiumStatus(user.get().getUid()); } } return "ok"; diff --git a/src/main/java/com/juick/www/controllers/SocialLogin.java b/src/main/java/com/juick/www/controllers/SocialLogin.java index 7f8d5f73..510c7d62 100644 --- a/src/main/java/com/juick/www/controllers/SocialLogin.java +++ b/src/main/java/com/juick/www/controllers/SocialLogin.java @@ -58,6 +58,7 @@ import jakarta.inject.Inject; import java.io.IOException; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.Optional; import java.util.UUID; import java.util.concurrent.ExecutionException; @@ -70,7 +71,7 @@ import java.util.stream.Collectors; @Controller public class SocialLogin { - private static final Logger logger = LoggerFactory.getLogger(SocialLogin.class); + private static final Logger logger = LoggerFactory.getLogger("Social"); public static final String AUTH_ERROR = "SocialLogin.AuthenticationError"; @@ -124,12 +125,12 @@ public class SocialLogin { @GetMapping("/_fblogin") protected String doFacebookLogin(HttpServletRequest request, @RequestParam(required = false) String code, @RequestParam(required = false) String state, - @RequestHeader(value = "referer", required = false) String referer, HttpServletResponse response, + HttpServletResponse response, HttpSession session) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { String fbstate = UUID.randomUUID().toString(); if (StringUtils.isBlank(state)) { - state = Optional.ofNullable(referer).orElse("https://juick.com/"); + state = UUID.randomUUID().toString(); } userService.addFacebookState(fbstate, state); return "redirect:" + facebookAuthService.getAuthorizationUrl(fbstate); @@ -170,10 +171,12 @@ public class SocialLogin { } } if (!existingFacebookUser.get().isBanned()) { - Cookie c = new Cookie("hash", userService.getHashByUID(existingFacebookUser.get().getUid())); - c.setMaxAge(50 * 24 * 60 * 60); - response.addCookie(c); - return "redirect:" + redirectUrl; + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(existingFacebookUser.get()), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); + return "redirect:/"; } else { session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled"); return "redirect:/login"; @@ -188,9 +191,9 @@ public class SocialLogin { @GetMapping("/_twitter") protected String doTwitterLogin(@RequestParam(required = false) String code, - @RequestParam(required = false) String state, - com.juick.model.User user, - HttpServletRequest request) + @RequestParam(required = false) String state, + com.juick.model.User user, + HttpServletRequest request) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { @@ -229,14 +232,17 @@ public class SocialLogin { @GetMapping("/_vklogin") protected String doVKLogin(@RequestParam(required = false) String code, @RequestParam(required = false) String state, - @RequestHeader(value = "referer", required = false) String referer, - @CookieValue(required = false) String vkstate, HttpServletResponse response) + @CookieValue(required = false) String vkstate, + HttpServletRequest request, + HttpServletResponse response, + HttpSession session) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { vkstate = UUID.randomUUID().toString(); Cookie c = new Cookie("vkstate", vkstate); response.addCookie(c); - return "redirect:" + vkService.getVkAuthService().getAuthorizationUrl(vkstate); + var redirect = "redirect:" + vkService.getVkAuthService().getAuthorizationUrl(vkstate); + return redirect; } if (StringUtils.isBlank(vkstate) || !vkstate.equals(state)) { @@ -265,13 +271,19 @@ public class SocialLogin { } long vkID = NumberUtils.toLong(jsonUser.id(), 0); - int uid = userService.getUIDbyVKID(vkID); - if (uid > 0) { - userService.updateVkUser(vkID, token.getAccessToken(), vkName, vkLink); - Cookie c = new Cookie("hash", userService.getHashByUID(uid)); - c.setMaxAge(50 * 24 * 60 * 60); - response.addCookie(c); - return "redirect:/" + Optional.ofNullable(referer).orElse(StringUtils.EMPTY); + var user = userService.getUserByVKID(vkID); + if (user.isPresent()) { + if (!user.get().isBanned()) { + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(user.get()), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); + return "redirect:/"; + } else { + session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled"); + return "redirect:/login"; + } } else { String loginhash = UUID.randomUUID().toString(); if (!userService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) { @@ -290,8 +302,7 @@ public class SocialLogin { @GetMapping("/_tglogin") public String doDurovLogin(@RequestParam Map params, @RequestParam String hash, - @RequestHeader(value = "referer", required = false) String referer, - HttpServletRequest request, HttpServletResponse response) { + HttpServletRequest request, HttpServletResponse response, HttpSession session) { String dataCheckString = params.entrySet().stream().filter(p -> !p.getKey().equals("hash")) .sorted(Map.Entry.comparingByKey()).map(p -> p.getKey() + "=" + p.getValue()) .collect(Collectors.joining("\n")); @@ -301,14 +312,19 @@ public class SocialLogin { long tgUser = Long.parseLong(params.get("id")); var user = userService.getUserByTelegramId(tgUser); if (user.isPresent()) { - var authentication = new RememberMeAuthenticationToken( - ((AbstractRememberMeServices) rememberMeServices).getKey(), - new JuickUser(user.get()), JuickUser.USER_AUTHORITY); - SecurityContextHolder.getContext().setAuthentication(authentication); - rememberMeServices.loginSuccess(request, response, authentication); - return "redirect:" + Optional.ofNullable(referer).orElse(StringUtils.EMPTY); + if (!user.get().isBanned()) { + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(user.get()), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); + return "redirect:/"; + } else { + session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled"); + return "redirect:/login"; + } } else { - String username = StringUtils.defaultString(params.get("username"), params.get("first_name")); + String username = Objects.toString(params.get("username"), params.get("first_name")); List chats = telegramService.getAnonymous(); if (!chats.contains(tgUser)) { logger.info("added chat with {}", username); @@ -347,9 +363,11 @@ public class SocialLogin { com.juick.model.User user = userService.getUserByEmail(email.get()); if (!user.isAnonymous()) { if (!user.isBanned()) { - Cookie c = new Cookie("hash", userService.getHashByUID(user.getUid())); - c.setMaxAge(50 * 24 * 60 * 60); - response.addCookie(c); + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(user), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); return "redirect:/"; } else { session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled"); -- cgit v1.2.3