From 4b75aae5fdfe1612cf1fae7a526ac4afd60a16c5 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Thu, 21 Jun 2018 22:49:13 +0300 Subject: fix facebook login redirect --- .../src/main/java/com/juick/server/api/SocialLogin.java | 10 ++++++---- .../main/java/com/juick/service/CrosspostServiceImpl.java | 12 ++++++------ 2 files changed, 12 insertions(+), 10 deletions(-) (limited to 'juick-server/src/main/java/com') diff --git a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java index 9ca0c6be..691f9803 100644 --- a/juick-server/src/main/java/com/juick/server/api/SocialLogin.java +++ b/juick-server/src/main/java/com/juick/server/api/SocialLogin.java @@ -58,7 +58,7 @@ public class SocialLogin { private String FACEBOOK_APPID; @Value("${facebook_secret:secret}") private String FACEBOOK_SECRET; - private static final String FACEBOOK_REDIRECT = "https://juick.com/_fblogin"; + private static final String FACEBOOK_REDIRECT = "https://api.juick.com/_fblogin"; private static final String VK_REDIRECT = "http://juick.com/_vklogin"; private static final String TWITTER_VERIFY_URL = "https://api.twitter.com/1.1/account/verify_credentials.json"; @Inject @@ -97,7 +97,7 @@ public class SocialLogin { @RequestParam(required = false) String state) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { String fbstate = UUID.randomUUID().toString(); - crosspostService.addFacebookState(fbstate); + crosspostService.addFacebookState(fbstate, state); OAuth20Service facebookAuthService = facebookBuilder .apiSecret(FACEBOOK_SECRET) .callback(FACEBOOK_REDIRECT) @@ -107,7 +107,9 @@ public class SocialLogin { return "redirect:" + facebookAuthService.getAuthorizationUrl(); } - if (!crosspostService.verifyFacebookState(state)) { + String redirectUrl = crosspostService.verifyFacebookState(state); + + if (StringUtils.isEmpty(redirectUrl)) { logger.error("state is missing"); throw new HttpBadRequestException(); } @@ -139,7 +141,7 @@ public class SocialLogin { logger.error("error updating facebook user, id: {}, token: {}", fbID, token.getAccessToken()); throw new HttpBadRequestException(); } - UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(state); + UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(redirectUrl); uriComponentsBuilder.queryParam("hash", userService.getHashByUID(uid)); return "redirect:" + uriComponentsBuilder.build().toUriString(); } else if (fb.getVerified()) { diff --git a/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java b/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java index 0bd5fe66..e1c59e65 100644 --- a/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java +++ b/juick-server/src/main/java/com/juick/service/CrosspostServiceImpl.java @@ -55,17 +55,17 @@ public class CrosspostServiceImpl extends BaseJdbcService implements CrosspostSe } @Override - public void addFacebookState(String state) { - jdbcTemplate.update("INSERT INTO facebook(loginhash) VALUES(?)", state); + public void addFacebookState(String state, String redirectUri) { + jdbcTemplate.update("INSERT INTO facebook(loginhash, fb_link) VALUES(?, ?)", state, redirectUri); } @Override - public boolean verifyFacebookState(String state) { + public String verifyFacebookState(String state) { try { - return jdbcTemplate.queryForObject("SELECT COUNT(loginhash) FROM facebook WHERE loginhash=?", - Integer.class, state) == 1; + return jdbcTemplate.queryForObject("SELECT fb_link FROM facebook WHERE loginhash=?", + String.class, state); } catch (EmptyResultDataAccessException e) { - return false; + return StringUtils.EMPTY; } } -- cgit v1.2.3