From 881a546bf7a56550eec1e38ce839f47a1cb1a750 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Tue, 24 Oct 2017 19:12:19 +0300
Subject: www: fix twitter auth flow

---
 .../main/java/com/juick/www/configuration/WebSecurityConfig.java   | 2 +-
 juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java | 7 ++-----
 2 files changed, 3 insertions(+), 6 deletions(-)

(limited to 'juick-www/src')

diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
index 23bec18b..d19ad37d 100644
--- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
+++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java
@@ -70,7 +70,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         http.addFilterAfter(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class);
         http
                 .authorizeRequests()
-                .antMatchers("/settings", "/pm/**", "/**/bl").authenticated()
+                .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter").authenticated()
                 .anyRequest().permitAll()
                 .and()
                 .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY)
diff --git a/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java b/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java
index fddcd355..43252495 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java
@@ -25,6 +25,7 @@ import com.github.scribejava.core.model.OAuth1RequestToken;
 import com.github.scribejava.core.model.OAuthRequest;
 import com.github.scribejava.core.model.Verb;
 import com.github.scribejava.core.oauth.OAuth10aService;
+import com.juick.server.util.UserUtils;
 import com.juick.service.UserService;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Value;
@@ -82,11 +83,7 @@ public class TwitterAuth {
                 request_token_secret = cookie.getValue();
             }
         }
-        com.juick.User user = userService.getUserByHash(hash);
-        if ( user == null || user.getUid() == 0) {
-            response.sendError(HttpServletResponse.SC_FORBIDDEN);
-            return;
-        }
+        com.juick.User user = UserUtils.getCurrentUser();
         OAuth10aService oAuthService = serviceBuilder
                 .apiSecret(consumerSecret)
                 .callback("http://juick.com/_twitter")
-- 
cgit v1.2.3