From 63ead138664a6477460884d266d4f93011ec134a Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Sat, 14 Jan 2023 08:20:59 +0300 Subject: Minor updates for Telegram Login and bot --- src/main/java/com/juick/www/controllers/SocialLogin.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/main/java/com/juick/www/controllers') diff --git a/src/main/java/com/juick/www/controllers/SocialLogin.java b/src/main/java/com/juick/www/controllers/SocialLogin.java index b43b65c6..1ab0a139 100644 --- a/src/main/java/com/juick/www/controllers/SocialLogin.java +++ b/src/main/java/com/juick/www/controllers/SocialLogin.java @@ -299,12 +299,12 @@ public class SocialLogin { @GetMapping("/_tglogin") public String doDurovLogin(@RequestParam Map params, + @RequestParam String hash, @RequestHeader(value = "referer", required = false) String referer, HttpServletRequest request, HttpServletResponse response) { String dataCheckString = params.entrySet().stream().filter(p -> !p.getKey().equals("hash")) .sorted(Map.Entry.comparingByKey()).map(p -> p.getKey() + "=" + p.getValue()) .collect(Collectors.joining("\n")); - String hash = params.get("hash"); byte[] secretKey = DigestUtils.sha256(telegramToken); String resultString = new HmacUtils(HmacAlgorithms.HMAC_SHA_256, secretKey).hmacHex(dataCheckString); if (hash.equals(resultString)) { -- cgit v1.2.3