@RequestMapping(value = "login", method = RequestMethod.POST)
ResponseEntity<PageDto> login(
@Validated @RequestBody LoginDto loginDto,
HttpServletRequest request,
HttpServletResponse response) {
PageDto pageDto = userService.login(loginDto);
if (pageDto.getHeaderDto().isAuth()) {
CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
if (csrf != null) {
Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
String token = csrf.getToken();
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if ((cookie == null || token != null && !token.equals(cookie.getValue()))
&& (authentication != null && authentication.isAuthenticated())) {
cookie = new Cookie("XSRF-TOKEN", token);
cookie.setPath("/");
response.addCookie(cookie);
}
}
return new ResponseEntity<>(pageDto, null, HttpStatus.OK);
} else {
return new ResponseEntity<>(pageDto, null, HttpStatus.UNAUTHORIZED);
}
}
@RequestMapping(value = "auth", method = RequestMethod.GET)
ResponseEntity<PageDto> isAuth(@AuthenticationPrincipal BeadsanUserDetails userDetail) {
PageDto pageDto = new PageDto();
if (userDetail != null) {
UserInfo userInfo = userDetail.getUserInfo();
HeaderDto headerDto = mapper.map(userInfo, HeaderDto.class);
headerDto.setAuth(true);
LoginDto loginDto = mapper.map(userInfo, LoginDto.class);
pageDto.setHeaderDto(headerDto);
pageDto.setLoginDto(loginDto);
return new ResponseEntity<>(pageDto, null, HttpStatus.OK);
} else {
HeaderDto headerDto = new HeaderDto();
headerDto.setAuth(false);
pageDto.setHeaderDto(headerDto);
return new ResponseEntity<>(pageDto, null, HttpStatus.UNAUTHORIZED);
}
}