API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 24th, 2016
171
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Java 2.42 KB | None | 0 0
raw download clone embed print report
  1. /*
  2.  * Copyright 1998-2016 Linux.org.ru
  3.  *    Licensed under the Apache License, Version 2.0 (the "License");
  4.  *    you may not use this file except in compliance with the License.
  5.  *    You may obtain a copy of the License at
  6.  *
  7.  *        http://www.apache.org/licenses/LICENSE-2.0
  8.  *
  9.  *    Unless required by applicable law or agreed to in writing, software
  10.  *    distributed under the License is distributed on an "AS IS" BASIS,
  11.  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12.  *    See the License for the specific language governing permissions and
  13.  *    limitations under the License.
  14.  */
  15.  
  16. package ru.org.linux.auth;
  17.  
  18. import org.springframework.beans.factory.annotation.Autowired;
  19. import org.springframework.security.crypto.password.PasswordEncoder;
  20. import org.springframework.web.bind.annotation.*;
  21. import ru.org.linux.site.PublicApi;
  22. import ru.org.linux.site.Template;
  23. import ru.org.linux.user.User;
  24. import ru.org.linux.user.UserService;
  25.  
  26. import javax.servlet.http.HttpServletRequest;
  27. import javax.servlet.http.HttpServletResponse;
  28.  
  29. @RestController
  30. public class KingdomOfLorController {
  31.  
  32.     private PasswordEncoder passwordEncoder = new PasswordEncoderImpl();
  33.  
  34.     @Autowired
  35.     private UserService userService;
  36.  
  37.     @RequestMapping(value="/api/get-kol-token",method = RequestMethod.GET)
  38.     public String onGetAccessToken(HttpServletRequest request,HttpServletResponse response) throws Exception{
  39.         Template tmpl = Template.getTemplate(request);
  40.  
  41.         if (!tmpl.isSessionAuthorized()) {
  42.             throw new AccessViolationException("not authorized");
  43.         }
  44.  
  45.         response.setHeader("Cache-control", "no-cache");
  46.  
  47.         User user = tmpl.getCurrentUser();
  48.  
  49.         String secret = getUserSecret(user);
  50.  
  51.  
  52.         return passwordEncoder.encode(secret);
  53.     }
  54.  
  55.     @RequestMapping(value = "/api/check-kol-token",method = RequestMethod.GET)
  56.     @PublicApi
  57.     public String onCheckKolToken(@RequestParam String login,@RequestParam String token) throws Exception{
  58.         User user = userService.getUser(login);
  59.  
  60.         String secret = getUserSecret(user);
  61.  
  62.         if(passwordEncoder.matches(secret,token)){
  63.             return "ok";
  64.         }else{
  65.             throw new AccessViolationException("bad token");
  66.         }
  67.     }
  68.  
  69.     private String getUserSecret(User user){
  70.         return String.valueOf(user.getScore())+"_"+user.getPassword();
  71.     }
  72. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!