package com.juick.www.controllers; import com.juick.User; import com.juick.server.util.HttpBadRequestException; import com.juick.server.util.HttpForbiddenException; import com.juick.service.UserService; import com.juick.util.UserUtils; import org.springframework.core.env.Environment; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestHeader; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import javax.inject.Inject; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletResponse; import java.net.URI; import java.security.Principal; import java.util.Optional; /** * Created by vitalyster on 09.12.2016. */ @Controller public class LoginController { @Inject UserService userService; @Inject Environment env; @RequestMapping(value = "/login", method = RequestMethod.GET) public String doGetLoginForm(Principal principal) { String name = UserUtils.getUsername(principal, null); User visitor = userService.getUserByName(name); if (visitor.getUid() > 0) { return "redirect:/login"; } return "views/login"; } @RequestMapping(value = "/login", method = RequestMethod.POST) protected String doPostLogin( @RequestParam("username") Optional username, @RequestParam("password") Optional password, @RequestHeader("Referer") Optional referer, HttpServletResponse response) { if (!username.isPresent() && password.isPresent()) { throw new HttpBadRequestException(); } int uid = userService.checkPassword(username.get(), password.get()); if (uid > 0) { if (referer.isPresent()) { URI refererURI = URI.create(referer.get()); if (refererURI.getHost().equals(env.getProperty("web_domain")) && !refererURI.getPath().equals("/login")) { return "redirect:" + referer.get(); } else { return "redirect:/"; } } } throw new HttpForbiddenException(); } }