From df812aa75aac92ff4685dcf052b9ac4ed8d12fe6 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Wed, 25 Dec 2019 16:17:43 +0300
Subject: Cleanup SocialLogin

---
 .../juick/server/www/controllers/SocialLogin.java  | 40 +++-------------------
 1 file changed, 5 insertions(+), 35 deletions(-)

(limited to 'src/main/java/com/juick/server/www/controllers/SocialLogin.java')

diff --git a/src/main/java/com/juick/server/www/controllers/SocialLogin.java b/src/main/java/com/juick/server/www/controllers/SocialLogin.java
index eb1e3cfe..2985e42f 100644
--- a/src/main/java/com/juick/server/www/controllers/SocialLogin.java
+++ b/src/main/java/com/juick/server/www/controllers/SocialLogin.java
@@ -360,40 +360,10 @@ public class SocialLogin {
         OAuth2AccessToken token = appleSignInService.getAccessToken(body.get("code"));
         var jsonNode = jsonMapper.readTree(token.getRawResponse());
         var idToken = jsonNode.get("id_token").textValue();
-
-// Create a JWT processor for the access tokens
-        ConfigurableJWTProcessor<SecurityContext> jwtProcessor =
-                new DefaultJWTProcessor<>();
-
-// The public RSA keys to validate the signatures will be sourced from the
-// OAuth 2.0 server's JWK set, published at a well-known URL. The RemoteJWKSet
-// object caches the retrieved keys to speed up subsequent look-ups and can
-// also handle key-rollover
-        JWKSource<SecurityContext> keySource =
-                new RemoteJWKSet<>(new URL("https://appleid.apple.com/auth/keys"));
-
-// The expected JWS algorithm of the access tokens (agreed out-of-band)
-        JWSAlgorithm expectedJWSAlg = JWSAlgorithm.RS256;
-
-// Configure the JWT processor with a key selector to feed matching public
-// RSA keys sourced from the JWK set URL
-        JWSKeySelector<SecurityContext> keySelector =
-                new JWSVerificationKeySelector<>(expectedJWSAlg, keySource);
-
-        jwtProcessor.setJWSKeySelector(keySelector);
-
-// Set the required JWT claims for access tokens issued by the Connect2id
-// server, may differ with other servers
-        jwtProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier<>());
-
-// Process the token
-        JSONObject claimsSet = jwtProcessor.process(idToken, null).toJSONObject();
-
-        var email = claimsSet.getAsString("email");
-        var verified = claimsSet.getAsString("email_verified").equals("true");
-
-        if (verified) {
-            com.juick.User user = userService.getUserByEmail(email);
+        AppleSignInApi api = (AppleSignInApi) appleSignInService.getApi();
+        var email = api.validateToken(idToken);
+        if (email.isPresent()) {
+            com.juick.User user = userService.getUserByEmail(email.get());
             if (!user.isAnonymous()) {
                 Cookie c = new Cookie("hash", userService.getHashByUID(user.getUid()));
                 c.setMaxAge(50 * 24 * 60 * 60);
@@ -401,7 +371,7 @@ public class SocialLogin {
                 return "redirect:/";
             } else {
                 String verificationCode = RandomStringUtils.randomAlphanumeric(8).toUpperCase();
-                emailService.addVerificationCode(null, email, verificationCode);
+                emailService.addVerificationCode(null, email.get(), verificationCode);
                 return "redirect:/signup?type=email&hash=" + verificationCode;
             }
         }
-- 
cgit v1.2.3