|
package com.mycompany.myapp.web.rest; |
|
|
|
import com.mycompany.myapp.config.Constants; |
|
import com.mycompany.myapp.service.SocialService; |
|
import org.slf4j.Logger; |
|
import org.slf4j.LoggerFactory; |
|
import org.springframework.http.ResponseEntity; |
|
import org.springframework.social.connect.Connection; |
|
import org.springframework.social.connect.ConnectionFactoryLocator; |
|
import org.springframework.social.connect.UserProfile; |
|
import org.springframework.social.connect.web.ProviderSignInUtils; |
|
import org.springframework.social.facebook.api.Facebook; |
|
import org.springframework.social.facebook.connect.FacebookConnectionFactory; |
|
import org.springframework.social.google.api.Google; |
|
import org.springframework.social.google.connect.GoogleConnectionFactory; |
|
import org.springframework.social.oauth1.OAuthToken; |
|
import org.springframework.social.oauth2.AccessGrant; |
|
import org.springframework.social.support.URIBuilder; |
|
import org.springframework.social.twitter.api.Twitter; |
|
import org.springframework.social.twitter.connect.TwitterConnectionFactory; |
|
import org.springframework.web.bind.annotation.*; |
|
import org.springframework.web.context.request.WebRequest; |
|
import org.springframework.web.servlet.view.RedirectView; |
|
|
|
@RestController |
|
@RequestMapping("/social") |
|
public class SocialController { |
|
|
|
private final Logger log = LoggerFactory.getLogger(SocialController.class); |
|
|
|
private final SocialService socialService; |
|
|
|
private final ProviderSignInUtils providerSignInUtils; |
|
|
|
private final ConnectionFactoryLocator connectionFactoryLocator; |
|
|
|
public SocialController(SocialService socialService, ProviderSignInUtils providerSignInUtils, ConnectionFactoryLocator connectionFactoryLocator) { |
|
this.socialService = socialService; |
|
this.providerSignInUtils = providerSignInUtils; |
|
this.connectionFactoryLocator = connectionFactoryLocator; |
|
} |
|
|
|
@GetMapping("/signup") |
|
public RedirectView signUp(WebRequest webRequest, @CookieValue(name = "NG_TRANSLATE_LANG_KEY", required = false, defaultValue = Constants.DEFAULT_LANGUAGE) String langKey) { |
|
try { |
|
Connection<?> connection = providerSignInUtils.getConnectionFromSession(webRequest); |
|
socialService.createSocialUser(connection, langKey.replace("\"", "")); |
|
return new RedirectView(URIBuilder.fromUri("/#/social-register/" + connection.getKey().getProviderId()) |
|
.queryParam("success", "true") |
|
.build().toString(), true); |
|
} catch (Exception e) { |
|
log.error("Exception creating social user: ", e); |
|
return new RedirectView(URIBuilder.fromUri("/#/social-register/no-provider") |
|
.queryParam("success", "false") |
|
.build().toString(), true); |
|
} |
|
} |
|
|
|
@PostMapping(value = "/token") |
|
public ResponseEntity loadConnectionFromToken(@RequestParam String token, @RequestParam String secret, @RequestParam String provider) { |
|
log.info("Provider: {}", provider); |
|
log.info("Token: {}", token); |
|
log.info("Secret: {}", secret); |
|
|
|
UserProfile userProfile = null; |
|
if ("facebook".equals(provider)) { |
|
AccessGrant accessGrant = new AccessGrant(token); |
|
Connection<Facebook> connection = ((FacebookConnectionFactory)connectionFactoryLocator.getConnectionFactory(provider)).createConnection(accessGrant); |
|
userProfile = connection.fetchUserProfile(); |
|
log.info(String.valueOf(userProfile)); |
|
} else if ("twitter".equals(provider)) { |
|
OAuthToken oAuthToken = new OAuthToken(token, secret); |
|
Connection<Twitter> connection = ((TwitterConnectionFactory)connectionFactoryLocator.getConnectionFactory("twitter")).createConnection(oAuthToken); |
|
userProfile = connection.fetchUserProfile(); |
|
log.info(String.valueOf(userProfile)); |
|
} else if ("google".equals(provider)) { |
|
AccessGrant accessGrant = new AccessGrant(token); |
|
Connection<Google> connection = ((GoogleConnectionFactory)connectionFactoryLocator.getConnectionFactory(provider)).createConnection(accessGrant); |
|
userProfile = connection.fetchUserProfile(); |
|
log.info(String.valueOf(userProfile)); |
|
} |
|
|
|
// TODO SAVE THE CONNECTION |
|
|
|
return ResponseEntity.ok().body(userProfile); |
|
} |
|
} |
Hi @ruddell, was wondering that if RequestParam secret, which is passed to /token api on line 60 can be stored in Jhipster server application.yml only instead of passing it over network?
Was worried about security and exposing the client secret to anyone.
What are your thoughts?