/**
* Most of the code in the Qalingo project is copyrighted Hoteia and licensed
* under the Apache License Version 2.0 (release version 0.8.0)
* http://www.apache.org/licenses/LICENSE-2.0
*
* Copyright (c) Hoteia, 2012-2014
* http://www.hoteia.com - http://twitter.com/hoteia - contact@hoteia.com
*
*/
package org.hoteia.qalingo.core.web.mvc.controller.oauth;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import org.hoteia.qalingo.core.Constants;
import org.hoteia.qalingo.core.service.AttributeService;
import org.hoteia.qalingo.core.service.CustomerService;
import org.hoteia.qalingo.core.service.WebManagementService;
import org.hoteia.qalingo.core.service.openid.OpenIdException;
import org.hoteia.qalingo.core.web.mvc.controller.AbstractFrontofficeQalingoController;
import org.scribe.model.Token;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
/**
*
* <p>
* <a href="AbstractOpenIdFrontofficeController.java.html"><i>View Source</i></a>
* </p>
*
* @author Denis Gosset <a href="http://www.hoteia.com"><i>Hoteia.com</i></a>
*
*/
public abstract class AbstractOAuthFrontofficeController extends AbstractFrontofficeQalingoController {
protected final Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
protected CustomerService customerService;
@Autowired
protected WebManagementService webManagementService;
@Autowired
protected AttributeService attributeService;
protected static final Token EMPTY_TOKEN = null;
// TODO : denis : 20130822 : move this in properties or database config
protected static final String LIVE_ME_URL = "https://apis.live.net/v5.0/me";
protected static final String FACEBOOK_ME_URL = "https://graph.facebook.com/me";
protected static final String TWITTER_URL = "http://api.twitter.com/1.1/account/verify_credentials.json";
protected static final String GOOGLE_ME_URL = "https://www.googleapis.com/plus/v1/people/me";
protected static final String TWITTER_OAUTH_REQUEST_TOKEN = "TWITTER_OAUTH_REQUEST_TOKEN";
protected static final String YAHOO_OAUTH_REQUEST_TOKEN = "YAHOO_OAUTH_REQUEST_TOKEN";
protected static final String REQUEST_PARAM_OAUTH_VERIFIER = "oauth_verifier";
void checkNonce(String nonce) {
// check response_nonce to prevent replay-attack:
if (nonce==null || nonce.length()<20){
throw new OpenIdException("Verify failed.");
}
// make sure the time of server is correct:
long nonceTime = getNonceTime(nonce);
long diff = Math.abs(System.currentTimeMillis() - nonceTime);
if (diff > Constants.ONE_HOUR){
throw new OpenIdException("Bad nonce time.");
}
}
long getNonceTime(String nonce) {
try {
return new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")
.parse(nonce.substring(0, 19) + "+0000")
.getTime();
}
catch(ParseException e) {
throw new OpenIdException("Bad nonce time.");
}
}
}