From f148f16ac82815f65f0b4ff44e1b2184ec0da0b0 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Mon, 29 Apr 2019 16:25:38 +0300
Subject: Refactoring

---
 .../java/com/juick/server/api/ApiSocialLogin.java  |  9 ++--
 .../com/juick/server/www/controllers/SignUp.java   | 48 ++++++++++------------
 2 files changed, 25 insertions(+), 32 deletions(-)

(limited to 'src/main/java/com/juick/server')

diff --git a/src/main/java/com/juick/server/api/ApiSocialLogin.java b/src/main/java/com/juick/server/api/ApiSocialLogin.java
index fe5f2069..2d0a5c7e 100644
--- a/src/main/java/com/juick/server/api/ApiSocialLogin.java
+++ b/src/main/java/com/juick/server/api/ApiSocialLogin.java
@@ -302,13 +302,10 @@ public class ApiSocialLogin {
 
         String verifiedEmail = emailService.getEmailByAuthCode(verificationCode);
         if (StringUtils.isNotEmpty(verifiedEmail)) {
-            int uid = userService.createUser(username, password);
-            if (uid <= 0) {
-                throw new HttpBadRequestException();
-            }
-            emailService.addEmail(uid, verifiedEmail);
+            com.juick.User newUser = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new);
+            emailService.addEmail(newUser.getUid(), verifiedEmail);
             emailService.deleteAuthCode(verificationCode);
-            return ResponseEntity.ok(userService.getUserByUID(uid).orElseThrow(IllegalStateException::new));
+            return ResponseEntity.ok(newUser);
         } else {
             return ResponseEntity.status(HttpStatus.FORBIDDEN).body(null);
         }
diff --git a/src/main/java/com/juick/server/www/controllers/SignUp.java b/src/main/java/com/juick/server/www/controllers/SignUp.java
index 8793478a..5fce2d35 100644
--- a/src/main/java/com/juick/server/www/controllers/SignUp.java
+++ b/src/main/java/com/juick/server/www/controllers/SignUp.java
@@ -17,6 +17,7 @@
 package com.juick.server.www.controllers;
 
 import com.juick.User;
+import com.juick.model.AnonymousUser;
 import com.juick.server.util.HttpBadRequestException;
 import com.juick.server.util.HttpForbiddenException;
 import com.juick.server.www.WebApp;
@@ -24,6 +25,9 @@ import com.juick.service.CrosspostService;
 import com.juick.service.EmailService;
 import com.juick.service.UserService;
 import com.juick.service.security.annotation.Visitor;
+import com.juick.service.security.entities.JuickUser;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -31,8 +35,6 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 
 import javax.inject.Inject;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletResponse;
 
 /**
  *
@@ -93,14 +95,13 @@ public class SignUp {
     @PostMapping("/signup")
     protected String doPost(
             @Visitor User visitor,
-            HttpServletResponse response,
             @RequestParam String type,
             @RequestParam String hash,
             @RequestParam String action,
             @RequestParam(required = false) String username,
             @RequestParam(required = false) String password,
             ModelMap modelMap) {
-        int uid = 0;
+        User current;
 
         if (hash.length() > 36 || !type.matches("^[a-zA-Z0-9\\-]+$") || !hash.matches("^[a-zA-Z0-9\\-]+$")) {
             throw new HttpBadRequestException();
@@ -112,22 +113,23 @@ public class SignUp {
                 if (username.length() > 32) {
                     throw new HttpBadRequestException();
                 }
-                uid = userService.checkPassword(username, password);
+                current = userService.checkPassword(username, password).orElseThrow(HttpForbiddenException::new);
             } else {
-                uid = visitor.getUid();
+                current = visitor;
             }
 
-            if (uid <= 0) {
+            if (current.getUid() <= 0) {
                 throw new HttpForbiddenException();
             }
 
-            if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid))
-                    && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid))
-                    && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid))
-                    && !(type.charAt(0) == 'x' && userService.getAllJIDs(visitor).size() > 0 && crosspostService.setJIDUser(hash, uid))) {
+            if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid()))
+                    && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid()))
+                    && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid()))
+                    && !(type.charAt(0) == 'x' && userService.getAllJIDs(visitor).size() > 0
+                    && crosspostService.setJIDUser(hash, current.getUid()))) {
                 if (type.equals("email")) {
                     String email = emailService.getEmailByAuthCode(hash);
-                    emailService.addEmail(uid, email);
+                    emailService.addEmail(current.getUid(), email);
                     emailService.deleteAuthCode(hash);
                 } else {
                     if (type.equals("xmpp")) {
@@ -144,19 +146,14 @@ public class SignUp {
                 throw new HttpBadRequestException();
             }
 
-            // CHECK USERNAME
+            current = userService.createUser(username, password).orElseThrow(HttpBadRequestException::new);
 
-            uid = userService.createUser(username, password);
-            if (uid <= 0) {
-                throw new HttpBadRequestException();
-            }
-
-            if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, uid))
-                    && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, uid))
-                    && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, uid))) {
+            if (!(type.charAt(0) == 'f' && crosspostService.setFacebookUser(hash, current.getUid()))
+                    && !(type.charAt(0) == 'v' && crosspostService.setVKUser(hash, current.getUid()))
+                    && !(type.charAt(0) == 'd' && crosspostService.setTelegramUser(hash, current.getUid()))) {
                 if (type.equals("email")) {
                     String email = emailService.getEmailByAuthCode(hash);
-                    emailService.addEmail(uid, email);
+                    emailService.addEmail(current.getUid(), email);
                     emailService.deleteAuthCode(hash);
                 } else {
                     if (type.equals("xmpp")) {
@@ -170,10 +167,9 @@ public class SignUp {
         }
 
         if (visitor.isAnonymous()) {
-            hash = userService.getHashByUID(uid);
-            Cookie c = new Cookie("hash", hash);
-            c.setMaxAge(365 * 24 * 60 * 60);
-            response.addCookie(c);
+            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
+                    new UsernamePasswordAuthenticationToken(new JuickUser(current), password, JuickUser.USER_AUTHORITY);
+            SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
         }
         return "redirect:/";
     }
-- 
cgit v1.2.3