From 729017fa0267521cfa85279cbb36f23bd423adb0 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Fri, 4 May 2018 01:24:47 +0300
Subject: www: facebook login refactoring

---
 .../java/com/juick/www/controllers/SocialLogin.java   | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

(limited to 'juick-www/src/main/java/com/juick')

diff --git a/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java b/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java
index fdc2f6f2..522e9ab7 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/SocialLogin.java
@@ -108,13 +108,10 @@ public class SocialLogin {
     protected String doFacebookLogin(HttpServletRequest request,
                          @RequestParam(required = false) String code,
                          @RequestParam(required = false) String state,
-                         @CookieValue(required = false) String fbstate,
                          HttpServletResponse response) throws IOException, ExecutionException, InterruptedException {
         if (StringUtils.isBlank(code)) {
-            fbstate = UUID.randomUUID().toString();
-
-            Cookie c = new Cookie("fbstate", fbstate);
-            response.addCookie(c);
+            String fbstate = UUID.randomUUID().toString();
+            crosspostService.addFacebookState(fbstate);
             OAuth20Service facebookAuthService = facebookBuilder
                     .apiSecret(FACEBOOK_SECRET)
                     .callback(FACEBOOK_REDIRECT)
@@ -124,12 +121,9 @@ public class SocialLogin {
             return "redirect:" + facebookAuthService.getAuthorizationUrl();
         }
 
-        if (StringUtils.isBlank(fbstate) || !fbstate.equals(state)) {
+        if (!crosspostService.verifyFacebookState(state)) {
+            logger.error("state is missing");
             throw new HttpBadRequestException();
-        } else {
-            Cookie c = new Cookie("fbstate", "-");
-            c.setMaxAge(0);
-            response.addCookie(c);
         }
         OAuth20Service facebookService = facebookBuilder
                 .apiKey(FACEBOOK_APPID)
@@ -163,8 +157,7 @@ public class SocialLogin {
             response.addCookie(c);
             return Utils.getPreviousPageByRequest(request).orElse("redirect:/");
         } else if (fb.getVerified()) {
-            String loginhash = UUID.randomUUID().toString();
-            if (!crosspostService.createFacebookUser(fbID, loginhash, token.getAccessToken(), fb.getName(), fb.getLink())) {
+            if (!crosspostService.createFacebookUser(fbID, state, token.getAccessToken(), fb.getName(), fb.getLink())) {
                 if (StringUtils.isNotEmpty(fb.getEmail())) {
                     logger.info("found {} for facebook user {}", fb.getEmail(), fb.getLink());
                     Integer userId = crosspostService.getUIDbyFBID(fbID);
@@ -175,7 +168,7 @@ public class SocialLogin {
                 logger.info("email not found for facebook user {}", fb.getLink());
                 throw new HttpBadRequestException();
             }
-            return "redirect:/signup?type=fb&hash=" + loginhash;
+            return "redirect:/signup?type=fb&hash=" + state;
         } else {
             logger.error("Facebook account is not verified, id: {}", fbID);
             throw new HttpBadRequestException();
-- 
cgit v1.2.3