From 881a546bf7a56550eec1e38ce839f47a1cb1a750 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Tue, 24 Oct 2017 19:12:19 +0300 Subject: www: fix twitter auth flow --- .../main/java/com/juick/www/configuration/WebSecurityConfig.java | 2 +- juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java | 7 ++----- 2 files changed, 3 insertions(+), 6 deletions(-) (limited to 'juick-www') diff --git a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java index 23bec18b..d19ad37d 100644 --- a/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java +++ b/juick-www/src/main/java/com/juick/www/configuration/WebSecurityConfig.java @@ -70,7 +70,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { http.addFilterAfter(hashParamAuthenticationFilter(), BasicAuthenticationFilter.class); http .authorizeRequests() - .antMatchers("/settings", "/pm/**", "/**/bl").authenticated() + .antMatchers("/settings", "/pm/**", "/**/bl", "/_twitter").authenticated() .anyRequest().permitAll() .and() .anonymous().principal(JuickUser.ANONYMOUS_USER).authorities(JuickUser.ANONYMOUS_AUTHORITY) diff --git a/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java b/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java index fddcd355..43252495 100644 --- a/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java +++ b/juick-www/src/main/java/com/juick/www/controllers/TwitterAuth.java @@ -25,6 +25,7 @@ import com.github.scribejava.core.model.OAuth1RequestToken; import com.github.scribejava.core.model.OAuthRequest; import com.github.scribejava.core.model.Verb; import com.github.scribejava.core.oauth.OAuth10aService; +import com.juick.server.util.UserUtils; import com.juick.service.UserService; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Value; @@ -82,11 +83,7 @@ public class TwitterAuth { request_token_secret = cookie.getValue(); } } - com.juick.User user = userService.getUserByHash(hash); - if ( user == null || user.getUid() == 0) { - response.sendError(HttpServletResponse.SC_FORBIDDEN); - return; - } + com.juick.User user = UserUtils.getCurrentUser(); OAuth10aService oAuthService = serviceBuilder .apiSecret(consumerSecret) .callback("http://juick.com/_twitter") -- cgit v1.2.3