From 3799b41149c304721b63c7e36e509cd5865ca9fb Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Fri, 11 Oct 2019 14:13:57 +0300
Subject: Read Juick hash from Authorization header, drop unused code

---
 .../service/security/HashParamAuthenticationFilter.java  | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java')

diff --git a/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java b/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java
index 0a80a28c..3ce178f5 100644
--- a/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java
+++ b/src/main/java/com/juick/service/security/HashParamAuthenticationFilter.java
@@ -20,6 +20,7 @@ package com.juick.service.security;
 import com.juick.User;
 import com.juick.service.UserService;
 import com.juick.service.security.entities.JuickUser;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.RememberMeAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -92,10 +93,25 @@ public class HashParamAuthenticationFilter extends OncePerRequestFilter {
                 existingAuth instanceof AnonymousAuthenticationToken;
     }
 
+    private String hashFromAuthorizationHeader(HttpServletRequest request) {
+        String authorizationHeader = request.getHeader("Authorization");
+        if (StringUtils.isNotEmpty(authorizationHeader)) {
+            String[] parts = authorizationHeader.split(" ");
+            if ((parts.length == 2) && parts[0].equals("Juick")) {
+                return parts[1];
+            }
+        }
+        return StringUtils.EMPTY;
+    }
+
     private String getHashFromRequest(HttpServletRequest request) {
         String paramHash = request.getParameter(PARAM_NAME);
         Cookie cookieHash = WebUtils.getCookie(request, PARAM_NAME);
+        String headerHash = hashFromAuthorizationHeader(request);
 
+        if (StringUtils.isNotEmpty(headerHash)) {
+            return headerHash;
+        }
         if (paramHash == null && cookieHash != null) {
             return cookieHash.getValue();
         }
-- 
cgit v1.2.3