From c1a3274460680f8795469a43a5509cca08889db3 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Fri, 20 Nov 2020 01:28:47 +0300 Subject: Process Referer header without javax.servlet reference * starting to remove javax.servlet dependency --- src/main/java/com/juick/util/WebUtils.java | 13 ----------- .../com/juick/www/controllers/SocialLogin.java | 27 +++++++++++----------- .../java/com/juick/server/tests/ServerTests.java | 2 -- 3 files changed, 14 insertions(+), 28 deletions(-) diff --git a/src/main/java/com/juick/util/WebUtils.java b/src/main/java/com/juick/util/WebUtils.java index 3a8c7620..a8e690ed 100644 --- a/src/main/java/com/juick/util/WebUtils.java +++ b/src/main/java/com/juick/util/WebUtils.java @@ -17,8 +17,6 @@ package com.juick.util; -import javax.servlet.http.HttpServletRequest; -import java.util.Optional; import java.util.regex.Pattern; /** @@ -65,15 +63,4 @@ public class WebUtils { .replaceAll("\\'", "\\\\'") .replaceAll("=", "\\\\\\\\="); } - /** - * Returns the viewName to return for coming back to the sender url - * - * @param request Instance of {@link HttpServletRequest} or use an injected instance - * @return Optional with the view name. Recomended to use an alternativa url with - * {@link Optional#orElse(java.lang.Object)} - */ - public static Optional getPreviousPageByRequest(HttpServletRequest request) - { - return Optional.ofNullable(request.getHeader("Referer")); - } } diff --git a/src/main/java/com/juick/www/controllers/SocialLogin.java b/src/main/java/com/juick/www/controllers/SocialLogin.java index 1f99efc1..6fcf9a3a 100644 --- a/src/main/java/com/juick/www/controllers/SocialLogin.java +++ b/src/main/java/com/juick/www/controllers/SocialLogin.java @@ -30,7 +30,6 @@ import com.juick.service.TelegramService; import com.juick.service.UserService; import com.juick.service.security.annotation.Visitor; import com.juick.util.HttpBadRequestException; -import com.juick.util.WebUtils; import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.codec.digest.HmacAlgorithms; import org.apache.commons.codec.digest.HmacUtils; @@ -44,6 +43,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.CookieValue; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestHeader; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.util.UriComponentsBuilder; @@ -55,6 +55,7 @@ import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.UUID; import java.util.concurrent.ExecutionException; import java.util.stream.Collectors; @@ -133,11 +134,12 @@ public class SocialLogin { protected String doFacebookLogin(HttpServletRequest request, @RequestParam(required = false) String code, @RequestParam(required = false) String state, + @RequestHeader(value = "referer", required = false) String referer, HttpServletResponse response) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { String fbstate = UUID.randomUUID().toString(); if (StringUtils.isBlank(state)) { - state = WebUtils.getPreviousPageByRequest(request).orElse("https://juick.com/"); + state = Optional.of(referer).orElse("https://juick.com/"); } crosspostService.addFacebookState(fbstate, state); return "redirect:" + facebookAuthService.getAuthorizationUrl(fbstate); @@ -239,11 +241,11 @@ public class SocialLogin { } } @GetMapping("/_vklogin") - protected String doVKLogin(HttpServletRequest request, - @RequestParam(required = false) String code, - @RequestParam(required = false) String state, - @CookieValue(required = false) String vkstate, - HttpServletResponse response) throws IOException, ExecutionException, InterruptedException { + protected String doVKLogin(@RequestParam(required = false) String code, + @RequestParam(required = false) String state, + @RequestHeader(value = "referer", required = false) String referer, + @CookieValue(required = false) String vkstate, + HttpServletResponse response) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { vkstate = UUID.randomUUID().toString(); Cookie c = new Cookie("vkstate", vkstate); @@ -279,7 +281,7 @@ public class SocialLogin { Cookie c = new Cookie("hash", userService.getHashByUID(uid)); c.setMaxAge(50 * 24 * 60 * 60); response.addCookie(c); - return "redirect:/" + WebUtils.getPreviousPageByRequest(request).orElse(StringUtils.EMPTY); + return "redirect:/" + Optional.of(referer).orElse(StringUtils.EMPTY); } else { String loginhash = UUID.randomUUID().toString(); if (!crosspostService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) { @@ -291,8 +293,8 @@ public class SocialLogin { } @GetMapping("/_tglogin") - public String doDurovLogin(HttpServletRequest request, - @RequestParam Map params, + public String doDurovLogin(@RequestParam Map params, + @RequestHeader(value = "referer", required = false) String referer, HttpServletResponse response) { String dataCheckString = params.entrySet().stream() .filter(p -> !p.getKey().equals("hash")) @@ -309,7 +311,7 @@ public class SocialLogin { Cookie c = new Cookie("hash", userService.getHashByUID(uid)); c.setMaxAge(50 * 24 * 60 * 60); response.addCookie(c); - return "redirect:/" + WebUtils.getPreviousPageByRequest(request).orElse(StringUtils.EMPTY); + return "redirect:/" + Optional.of(referer).orElse(StringUtils.EMPTY); } else { String username = StringUtils.defaultString(params.get("username"), params.get("first_name")); List chats = telegramService.getAnonymous(); @@ -326,8 +328,7 @@ public class SocialLogin { } @GetMapping("/_apple") - public String doAppleLogin(HttpServletRequest request, - @RequestParam(required = false) String code, + public String doAppleLogin(@RequestParam(required = false) String code, HttpServletResponse response) { if (StringUtils.isBlank(code)) { String state = UUID.randomUUID().toString(); diff --git a/src/test/java/com/juick/server/tests/ServerTests.java b/src/test/java/com/juick/server/tests/ServerTests.java index 3e883756..1a9944ca 100644 --- a/src/test/java/com/juick/server/tests/ServerTests.java +++ b/src/test/java/com/juick/server/tests/ServerTests.java @@ -91,7 +91,6 @@ import org.springframework.http.client.ClientHttpRequestFactory; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit.jupiter.SpringExtension; -import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.client.MockRestServiceServer; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; @@ -146,7 +145,6 @@ import static org.hamcrest.Matchers.*; import static org.junit.jupiter.api.Assertions.*; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic; import static org.springframework.test.util.AssertionErrors.assertNotEquals; -import static org.springframework.test.util.AssertionErrors.assertTrue; import static org.springframework.test.web.client.ExpectedCount.times; import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo; import static org.springframework.test.web.client.response.MockRestResponseCreators.withStatus; -- cgit v1.2.3