From 8aa11c92f36a5fd2fbed24e8423c8b9e14efda5f Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Mon, 5 Feb 2018 14:55:50 +0300
Subject: www: fb and vk logins using hash redirects

---
 .../main/java/com/juick/www/controllers/FacebookLogin.java |  5 +----
 .../java/com/juick/www/controllers/VKontakteLogin.java     |  5 +----
 juick-www/src/main/webapp/WEB-INF/layouts/content.html     |  2 +-
 juick-www/src/test/java/com/juick/www/WebAppTests.java     | 14 ++++++++------
 4 files changed, 11 insertions(+), 15 deletions(-)

(limited to 'juick-www/src')

diff --git a/juick-www/src/main/java/com/juick/www/controllers/FacebookLogin.java b/juick-www/src/main/java/com/juick/www/controllers/FacebookLogin.java
index 6e8d6864..2b2a89b2 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/FacebookLogin.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/FacebookLogin.java
@@ -130,10 +130,7 @@ public class FacebookLogin {
             if (!crosspostService.updateFacebookUser(fbID, token.getAccessToken(), fb.getName(), fb.getLink())) {
                 throw new HttpBadRequestException();
             }
-            Cookie c = new Cookie("hash", userService.getHashByUID(uid));
-            c.setMaxAge(50 * 24 * 60 * 60);
-            response.addCookie(c);
-            return Utils.getPreviousPageByRequest(request).orElse("redirect:/");
+            return "redirect:/?hash=" + userService.getHashByUID(uid);
         } else if (fb.getVerified()) {
             String loginhash = UUID.randomUUID().toString();
             if (!crosspostService.createFacebookUser(fbID, loginhash, token.getAccessToken(), fb.getName(), fb.getLink())) {
diff --git a/juick-www/src/main/java/com/juick/www/controllers/VKontakteLogin.java b/juick-www/src/main/java/com/juick/www/controllers/VKontakteLogin.java
index 382c3194..23cbedff 100644
--- a/juick-www/src/main/java/com/juick/www/controllers/VKontakteLogin.java
+++ b/juick-www/src/main/java/com/juick/www/controllers/VKontakteLogin.java
@@ -123,10 +123,7 @@ public class VKontakteLogin {
         Long vkID = NumberUtils.toLong(jsonUser.getUid(), 0);
         int uid = crosspostService.getUIDbyVKID(vkID);
         if (uid > 0) {
-            Cookie c = new Cookie("hash", userService.getHashByUID(uid));
-            c.setMaxAge(50 * 24 * 60 * 60);
-            response.addCookie(c);
-            return Utils.getPreviousPageByRequest(request).orElse("redirect:/");
+            return "redirect:/?hash=" + userService.getHashByUID(uid);
         } else {
             String loginhash = UUID.randomUUID().toString();
             if (!crosspostService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) {
diff --git a/juick-www/src/main/webapp/WEB-INF/layouts/content.html b/juick-www/src/main/webapp/WEB-INF/layouts/content.html
index f4ca0d84..78d79eb0 100644
--- a/juick-www/src/main/webapp/WEB-INF/layouts/content.html
+++ b/juick-www/src/main/webapp/WEB-INF/layouts/content.html
@@ -43,7 +43,7 @@
 }
     </script>
 </head>
-<body id="body" {% if visitor.uid > 0 %}data-hash="{{visitor.authHash}}"{% endif %}>
+<body id="body" data-hash="{{ visitor.authHash | default('') }}">
 {% include "views/partial/navigation" %}
 <div id="wrapper">
     {% if visitor.uid == 0 %}
diff --git a/juick-www/src/test/java/com/juick/www/WebAppTests.java b/juick-www/src/test/java/com/juick/www/WebAppTests.java
index c663ff6d..ef33506c 100644
--- a/juick-www/src/test/java/com/juick/www/WebAppTests.java
+++ b/juick-www/src/test/java/com/juick/www/WebAppTests.java
@@ -75,14 +75,12 @@ import java.util.stream.IntStream;
 import java.util.stream.StreamSupport;
 
 import static org.hamcrest.MatcherAssert.assertThat;
-import static org.hamcrest.Matchers.equalTo;
-import static org.hamcrest.Matchers.startsWith;
+import static org.hamcrest.Matchers.*;
 import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.multipart;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
 
 /**
  * Created by vitalyster on 12.01.2017.
@@ -316,7 +314,11 @@ public class WebAppTests {
                 .param("username", ugnichName)
                 .param("password", ugnichPassword)).andReturn();
         Cookie rememberMeFromForm = formLoginResult.getResponse().getCookie("juick-remember-me");
-        mockMvc.perform(get("/?show=my").cookie(rememberMeFromForm)).andExpect(status().isOk());
-        mockMvc.perform(get("/?show=my").cookie(rememberMeFromHash)).andExpect(status().isOk());
+        mockMvc.perform(get("/?show=my").cookie(rememberMeFromForm)).andExpect(status().isOk())
+                .andExpect(model().attribute("visitor", hasProperty("authHash", equalTo(hash))))
+                .andExpect(content().string(containsString(hash)));
+        mockMvc.perform(get("/?show=my").cookie(rememberMeFromHash)).andExpect(status().isOk())
+                .andExpect(model().attribute("visitor", hasProperty("authHash", equalTo(hash))))
+                .andExpect(content().string(containsString(hash)));
     }
 }
-- 
cgit v1.2.3