Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ===================================================================
- --- src/main/java/ru/org/linux/auth/KingdomOfLorController.java (revision dcef3f47fbaf8978d9688110c639a7fb4ab7d844)
- +++ src/main/java/ru/org/linux/auth/KingdomOfLorController.java (revision dcef3f47fbaf8978d9688110c639a7fb4ab7d844)
- @@ -0,0 +1,72 @@
- +/*
- + * Copyright 1998-2016 Linux.org.ru
- + * Licensed under the Apache License, Version 2.0 (the "License");
- + * you may not use this file except in compliance with the License.
- + * You may obtain a copy of the License at
- + *
- + * http://www.apache.org/licenses/LICENSE-2.0
- + *
- + * Unless required by applicable law or agreed to in writing, software
- + * distributed under the License is distributed on an "AS IS" BASIS,
- + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- + * See the License for the specific language governing permissions and
- + * limitations under the License.
- + */
- +
- +package ru.org.linux.auth;
- +
- +import org.springframework.beans.factory.annotation.Autowired;
- +import org.springframework.security.crypto.password.PasswordEncoder;
- +import org.springframework.web.bind.annotation.*;
- +import ru.org.linux.site.PublicApi;
- +import ru.org.linux.site.Template;
- +import ru.org.linux.user.User;
- +import ru.org.linux.user.UserService;
- +
- +import javax.servlet.http.HttpServletRequest;
- +import javax.servlet.http.HttpServletResponse;
- +
- +@RestController
- +public class KingdomOfLorController {
- +
- + private PasswordEncoder passwordEncoder = new PasswordEncoderImpl();
- +
- + @Autowired
- + private UserService userService;
- +
- + @RequestMapping(value="/api/get-kol-token",method = RequestMethod.GET)
- + public String onGetAccessToken(HttpServletRequest request,HttpServletResponse response) throws Exception{
- + Template tmpl = Template.getTemplate(request);
- +
- + if (!tmpl.isSessionAuthorized()) {
- + throw new AccessViolationException("not authorized");
- + }
- +
- + response.setHeader("Cache-control", "no-cache");
- +
- + User user = tmpl.getCurrentUser();
- +
- + String secret = getUserSecret(user);
- +
- +
- + return passwordEncoder.encode(secret);
- + }
- +
- + @RequestMapping(value = "/api/check-kol-token",method = RequestMethod.GET)
- + @PublicApi
- + public String onCheckKolToken(@RequestParam String login,@RequestParam String token) throws Exception{
- + User user = userService.getUser(login);
- +
- + String secret = getUserSecret(user);
- +
- + if(passwordEncoder.matches(secret,token)){
- + return "ok";
- + }else{
- + throw new AccessViolationException("bad token");
- + }
- + }
- +
- + private String getUserSecret(User user){
- + return String.valueOf(user.getScore())+"_"+user.getPassword();
- + }
- +}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement