From 990ca2bf911181c3af9cd6375534553b9355b3a2 Mon Sep 17 00:00:00 2001
From: Alexander Alexeev
Date: Fri, 9 Dec 2016 22:57:52 +0700
Subject: security settings

---
 .../com/juick/www/controllers/LoginController.java | 43 +++-------------------
 1 file changed, 6 insertions(+), 37 deletions(-)

(limited to 'juick-spring-www/src/main/java/com/juick/www/controllers/LoginController.java')

diff --git a/juick-spring-www/src/main/java/com/juick/www/controllers/LoginController.java b/juick-spring-www/src/main/java/com/juick/www/controllers/LoginController.java
index 8a474c9b..8827d948 100644
--- a/juick-spring-www/src/main/java/com/juick/www/controllers/LoginController.java
+++ b/juick-spring-www/src/main/java/com/juick/www/controllers/LoginController.java
@@ -1,23 +1,15 @@
 package com.juick.www.controllers;
 
 import com.juick.User;
-import com.juick.server.util.HttpBadRequestException;
-import com.juick.server.util.HttpForbiddenException;
 import com.juick.service.UserService;
 import com.juick.util.UserUtils;
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
 
 import javax.inject.Inject;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
-import java.net.URI;
 import java.security.Principal;
-import java.util.Optional;
 
 /**
  * Created by vitalyster on 09.12.2016.
@@ -25,41 +17,18 @@ import java.util.Optional;
 @Controller
 public class LoginController {
     @Inject
-    UserService userService;
+    private UserService userService;
     @Inject
-    Environment env;
+    private Environment env;
 
     @RequestMapping(value = "/login", method = RequestMethod.GET)
-    public String doGetLoginForm(Principal principal) {
+    public String getLoginForm(Principal principal) {
         String name = UserUtils.getUsername(principal, null);
         User visitor = userService.getUserByName(name);
-        if (visitor.getUid() > 0) {
+
+        if (visitor.getUid() > 0)
             return "redirect:/login";
-        }
-        return "views/login";
-    }
-    @RequestMapping(value = "/login", method = RequestMethod.POST)
-    protected String doPostLogin(
-            @RequestParam("username") Optional<String> username,
-            @RequestParam("password") Optional<String> password,
-            @RequestHeader("Referer") Optional<String> referer,
-            HttpServletResponse response) {
-        if (!username.isPresent() && password.isPresent()) {
-            throw new HttpBadRequestException();
-        }
 
-        int uid = userService.checkPassword(username.get(), password.get());
-        if (uid > 0) {
-            if (referer.isPresent()) {
-                URI refererURI = URI.create(referer.get());
-                if (refererURI.getHost().equals(env.getProperty("web_domain"))
-                        && !refererURI.getPath().equals("/login")) {
-                    return "redirect:" + referer.get();
-                } else {
-                    return "redirect:/";
-                }
-            }
-        }
-        throw new HttpForbiddenException();
+        return "views/login";
     }
 }
-- 
cgit v1.2.3