From 3890570bf190a63f8f34c47a7fd21e780a61b6b0 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Tue, 17 Jan 2017 11:57:50 +0300
Subject: juick-www: Facebook and VK login using scribejava

---
 .../com/juick/www/controllers/FacebookLogin.java   | 125 ++++++++++-----------
 1 file changed, 61 insertions(+), 64 deletions(-)

(limited to 'juick-www/src/main/java/com/juick/www/controllers/FacebookLogin.java')

diff --git a/juick-www/src/main/java/com/juick/www/controllers/FacebookLogin.java b/juick-www/src/main/java/com/juick/www/controllers/FacebookLogin.java
index cc11f99a..b1d275b6 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/FacebookLogin.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/FacebookLogin.java
@@ -19,27 +19,35 @@ package com.juick.www.controllers;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.github.scribejava.apis.FacebookApi;
+import com.github.scribejava.core.builder.ServiceBuilder;
+import com.github.scribejava.core.model.OAuth2AccessToken;
+import com.github.scribejava.core.model.OAuthRequest;
+import com.github.scribejava.core.model.Verb;
+import com.github.scribejava.core.oauth.OAuth20Service;
+import com.juick.server.util.HttpBadRequestException;
 import com.juick.service.CrosspostService;
 import com.juick.service.UserService;
 import com.juick.www.Utils;
-import com.juick.www.facebook.Graph;
-import org.apache.commons.lang3.CharEncoding;
+import com.juick.www.facebook.User;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.math.NumberUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.CookieValue;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
 
 import javax.inject.Inject;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
+import java.io.IOException;
 import java.util.UUID;
+import java.util.concurrent.ExecutionException;
 
 /**
  *
@@ -54,6 +62,7 @@ public class FacebookLogin {
     private final String FACEBOOK_SECRET;
     private final String FACEBOOK_REDIRECT = "http://juick.com/_fblogin";
     private final ObjectMapper mapper;
+    private ServiceBuilder serviceBuilder;
 
     @Inject
     CrosspostService crosspostService;
@@ -64,7 +73,7 @@ public class FacebookLogin {
     public FacebookLogin(Environment env) {
         FACEBOOK_APPID = env.getProperty("facebook_appid");
         FACEBOOK_SECRET = env.getProperty("facebook_secret");
-
+        serviceBuilder = new ServiceBuilder();
         mapper = new ObjectMapper();
         mapper.setSerializationInclusion(JsonInclude.Include.NON_EMPTY);
         mapper.setSerializationInclusion(JsonInclude.Include.NON_NULL);
@@ -72,82 +81,70 @@ public class FacebookLogin {
     }
 
     @RequestMapping(value = "/_fblogin", method = RequestMethod.GET)
-    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws UnsupportedEncodingException {
-        String fbstate;
-
-        String code = request.getParameter("code");
+    protected String doGet(HttpServletRequest request,
+                         @RequestParam(required = false) String code,
+                         @RequestParam(required = false) String state,
+                         @CookieValue(required = false) String fbstate,
+                         HttpServletResponse response) throws IOException, ExecutionException, InterruptedException {
         if (StringUtils.isBlank(code)) {
             fbstate = UUID.randomUUID().toString();
 
             Cookie c = new Cookie("fbstate", fbstate);
             response.addCookie(c);
-
-            response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
-            response.setHeader("Location", "https://www.facebook.com/dialog/oauth?scope=publish_stream&client_id=" + FACEBOOK_APPID + "&redirect_uri=" + URLEncoder.encode(FACEBOOK_REDIRECT, CharEncoding.UTF_8) + "&state=" + fbstate);
-            return;
+            OAuth20Service facebookAuthService = serviceBuilder
+                    .apiKey(FACEBOOK_APPID)
+                    .apiSecret(FACEBOOK_SECRET)
+                    .callback(FACEBOOK_REDIRECT)
+                    .scope("publish_actions")
+                    .state(fbstate)
+                    .build(FacebookApi.instance());
+            return "redirect:" + facebookAuthService.getAuthorizationUrl();
         }
 
-        fbstate = Utils.getCookie(request, "fbstate");
-        if (fbstate == null || fbstate.isEmpty() || !fbstate.equals(request.getParameter("state"))) {
-            response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
-            return;
+        if (StringUtils.isBlank(fbstate) || !fbstate.equals(state)) {
+            throw new HttpBadRequestException();
         } else {
             Cookie c = new Cookie("fbstate", "-");
             c.setMaxAge(0);
             response.addCookie(c);
         }
-
-        String token = Utils.fetchURL("https://graph.facebook.com/oauth/access_token?client_id=" + FACEBOOK_APPID + "&redirect_uri=" + URLEncoder.encode(FACEBOOK_REDIRECT, CharEncoding.UTF_8) + "&client_secret=" + FACEBOOK_SECRET + "&code=" + URLEncoder.encode(code, CharEncoding.UTF_8));
-        if (token == null || token.isEmpty() || !token.startsWith("access_token=")) {
-            logger.error("FACEBOOK TOKEN ERROR: {}", token);
-            response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-            return;
-        }
-        token = token.substring(13); // access_token=...
-        int tokenamp = token.indexOf('&'); // &expires=
-        if (tokenamp > 0) {
-            token = token.substring(0, tokenamp);
-        }
-
-        String graph = Utils.fetchURL("https://graph.facebook.com/me?access_token=" + token);
-        if (graph == null || graph.isEmpty()) {
+        OAuth20Service facebookService = serviceBuilder
+                .apiKey(FACEBOOK_APPID)
+                .apiSecret(FACEBOOK_SECRET)
+                .callback(FACEBOOK_REDIRECT)
+                .state(state)
+                .build(FacebookApi.instance());
+        OAuth2AccessToken token = facebookService.getAccessToken(code);
+        final OAuthRequest meRequest = new OAuthRequest(Verb.GET, "https://graph.facebook.com/v2.8/me?fields=id,name,link,verified");
+        facebookService.signRequest(token, meRequest);
+        String graph = facebookService.execute(meRequest).getBody();
+        if (StringUtils.isBlank(graph)) {
             logger.error("FACEBOOK GRAPH ERROR");
-            response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-            return;
+            throw new HttpBadRequestException();
+        }
+        User fb = mapper.readValue(graph, User.class);
+        long fbID = NumberUtils.toLong(fb.getId(), 0);
+        if (fbID == 0 || StringUtils.isBlank(fb.getName()) || StringUtils.isBlank(fb.getLink())) {
+            throw new HttpBadRequestException();
         }
 
-        try {
-            Graph fb = mapper.readValue(graph, Graph.class);
-
-            long fbID = NumberUtils.toLong(fb.getId(), 0);
-            if (fbID == 0 || StringUtils.isBlank(fb.getName()) || StringUtils.isBlank(fb.getLink())) {
-                throw new Exception();
+        int uid = crosspostService.getUIDbyFBID(fbID);
+        if (uid > 0) {
+            if (!crosspostService.updateFacebookUser(fbID, token.getAccessToken(), fb.getName(), fb.getLink())) {
+                throw new HttpBadRequestException();
             }
-
-            int uid = crosspostService.getUIDbyFBID(fbID);
-            if (uid > 0) {
-                if (!crosspostService.updateFacebookUser(fbID, token, fb.getName(), fb.getLink())) {
-                    throw new Exception();
-                }
-                Cookie c = new Cookie("hash", userService.getHashByUID(uid));
-                c.setMaxAge(50 * 24 * 60 * 60);
-                response.addCookie(c);
-                response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
-                response.setHeader("Location", "/");
-            } else if (fb.getVerified()) {
-                String loginhash = UUID.randomUUID().toString();
-                if (!crosspostService.createFacebookUser(fbID, loginhash, token, fb.getName(), fb.getLink())) {
-                    throw new Exception();
-                }
-                response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
-                response.setHeader("Location", "/signup?type=fb&hash=" + loginhash);
-            } else {
-                throw new Exception();
+            Cookie c = new Cookie("hash", userService.getHashByUID(uid));
+            c.setMaxAge(50 * 24 * 60 * 60);
+            response.addCookie(c);
+            return Utils.getPreviousPageByRequest(request).orElse("/");
+        } else if (fb.getVerified()) {
+            String loginhash = UUID.randomUUID().toString();
+            if (!crosspostService.createFacebookUser(fbID, loginhash, token.getAccessToken(), fb.getName(), fb.getLink())) {
+                throw new HttpBadRequestException();
             }
-        } catch (Exception e) {
-            logger.error("fb error", e);
-            response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-            return;
+            return "redirect:/signup?type=fb&hash=" + loginhash;
+        } else {
+            throw new HttpBadRequestException();
         }
     }
 }
-- 
cgit v1.2.3