From b94d06390216d645c61a27b77324a999ff1c11ef Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Sun, 8 Sep 2024 22:38:11 +0300 Subject: Clean up social login --- .../com/juick/www/controllers/SocialLogin.java | 82 +++++++++++++--------- 1 file changed, 50 insertions(+), 32 deletions(-) (limited to 'src/main/java/com/juick/www/controllers') diff --git a/src/main/java/com/juick/www/controllers/SocialLogin.java b/src/main/java/com/juick/www/controllers/SocialLogin.java index 7f8d5f73..510c7d62 100644 --- a/src/main/java/com/juick/www/controllers/SocialLogin.java +++ b/src/main/java/com/juick/www/controllers/SocialLogin.java @@ -58,6 +58,7 @@ import jakarta.inject.Inject; import java.io.IOException; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.Optional; import java.util.UUID; import java.util.concurrent.ExecutionException; @@ -70,7 +71,7 @@ import java.util.stream.Collectors; @Controller public class SocialLogin { - private static final Logger logger = LoggerFactory.getLogger(SocialLogin.class); + private static final Logger logger = LoggerFactory.getLogger("Social"); public static final String AUTH_ERROR = "SocialLogin.AuthenticationError"; @@ -124,12 +125,12 @@ public class SocialLogin { @GetMapping("/_fblogin") protected String doFacebookLogin(HttpServletRequest request, @RequestParam(required = false) String code, @RequestParam(required = false) String state, - @RequestHeader(value = "referer", required = false) String referer, HttpServletResponse response, + HttpServletResponse response, HttpSession session) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { String fbstate = UUID.randomUUID().toString(); if (StringUtils.isBlank(state)) { - state = Optional.ofNullable(referer).orElse("https://juick.com/"); + state = UUID.randomUUID().toString(); } userService.addFacebookState(fbstate, state); return "redirect:" + facebookAuthService.getAuthorizationUrl(fbstate); @@ -170,10 +171,12 @@ public class SocialLogin { } } if (!existingFacebookUser.get().isBanned()) { - Cookie c = new Cookie("hash", userService.getHashByUID(existingFacebookUser.get().getUid())); - c.setMaxAge(50 * 24 * 60 * 60); - response.addCookie(c); - return "redirect:" + redirectUrl; + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(existingFacebookUser.get()), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); + return "redirect:/"; } else { session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled"); return "redirect:/login"; @@ -188,9 +191,9 @@ public class SocialLogin { @GetMapping("/_twitter") protected String doTwitterLogin(@RequestParam(required = false) String code, - @RequestParam(required = false) String state, - com.juick.model.User user, - HttpServletRequest request) + @RequestParam(required = false) String state, + com.juick.model.User user, + HttpServletRequest request) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { @@ -229,14 +232,17 @@ public class SocialLogin { @GetMapping("/_vklogin") protected String doVKLogin(@RequestParam(required = false) String code, @RequestParam(required = false) String state, - @RequestHeader(value = "referer", required = false) String referer, - @CookieValue(required = false) String vkstate, HttpServletResponse response) + @CookieValue(required = false) String vkstate, + HttpServletRequest request, + HttpServletResponse response, + HttpSession session) throws IOException, ExecutionException, InterruptedException { if (StringUtils.isBlank(code)) { vkstate = UUID.randomUUID().toString(); Cookie c = new Cookie("vkstate", vkstate); response.addCookie(c); - return "redirect:" + vkService.getVkAuthService().getAuthorizationUrl(vkstate); + var redirect = "redirect:" + vkService.getVkAuthService().getAuthorizationUrl(vkstate); + return redirect; } if (StringUtils.isBlank(vkstate) || !vkstate.equals(state)) { @@ -265,13 +271,19 @@ public class SocialLogin { } long vkID = NumberUtils.toLong(jsonUser.id(), 0); - int uid = userService.getUIDbyVKID(vkID); - if (uid > 0) { - userService.updateVkUser(vkID, token.getAccessToken(), vkName, vkLink); - Cookie c = new Cookie("hash", userService.getHashByUID(uid)); - c.setMaxAge(50 * 24 * 60 * 60); - response.addCookie(c); - return "redirect:/" + Optional.ofNullable(referer).orElse(StringUtils.EMPTY); + var user = userService.getUserByVKID(vkID); + if (user.isPresent()) { + if (!user.get().isBanned()) { + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(user.get()), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); + return "redirect:/"; + } else { + session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled"); + return "redirect:/login"; + } } else { String loginhash = UUID.randomUUID().toString(); if (!userService.createVKUser(vkID, loginhash, token.getAccessToken(), vkName, vkLink)) { @@ -290,8 +302,7 @@ public class SocialLogin { @GetMapping("/_tglogin") public String doDurovLogin(@RequestParam Map params, @RequestParam String hash, - @RequestHeader(value = "referer", required = false) String referer, - HttpServletRequest request, HttpServletResponse response) { + HttpServletRequest request, HttpServletResponse response, HttpSession session) { String dataCheckString = params.entrySet().stream().filter(p -> !p.getKey().equals("hash")) .sorted(Map.Entry.comparingByKey()).map(p -> p.getKey() + "=" + p.getValue()) .collect(Collectors.joining("\n")); @@ -301,14 +312,19 @@ public class SocialLogin { long tgUser = Long.parseLong(params.get("id")); var user = userService.getUserByTelegramId(tgUser); if (user.isPresent()) { - var authentication = new RememberMeAuthenticationToken( - ((AbstractRememberMeServices) rememberMeServices).getKey(), - new JuickUser(user.get()), JuickUser.USER_AUTHORITY); - SecurityContextHolder.getContext().setAuthentication(authentication); - rememberMeServices.loginSuccess(request, response, authentication); - return "redirect:" + Optional.ofNullable(referer).orElse(StringUtils.EMPTY); + if (!user.get().isBanned()) { + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(user.get()), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); + return "redirect:/"; + } else { + session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled"); + return "redirect:/login"; + } } else { - String username = StringUtils.defaultString(params.get("username"), params.get("first_name")); + String username = Objects.toString(params.get("username"), params.get("first_name")); List chats = telegramService.getAnonymous(); if (!chats.contains(tgUser)) { logger.info("added chat with {}", username); @@ -347,9 +363,11 @@ public class SocialLogin { com.juick.model.User user = userService.getUserByEmail(email.get()); if (!user.isAnonymous()) { if (!user.isBanned()) { - Cookie c = new Cookie("hash", userService.getHashByUID(user.getUid())); - c.setMaxAge(50 * 24 * 60 * 60); - response.addCookie(c); + var authentication = new RememberMeAuthenticationToken( + ((AbstractRememberMeServices) rememberMeServices).getKey(), + new JuickUser(user), JuickUser.USER_AUTHORITY); + SecurityContextHolder.getContext().setAuthentication(authentication); + rememberMeServices.loginSuccess(request, response, authentication); return "redirect:/"; } else { session.setAttribute(SocialLogin.AUTH_ERROR, "User is disabled"); -- cgit v1.2.3