Blog Documentation Book a Demo
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Embedded authorization issue

DanilDanil New
in Community Addons & Development

Hello community. I can`t authorize users from embedded forum. Can you help me with this issue?
I use Angular + Java.

My java code for generating the SSO string (slightly modified code from official jsConnect library (original don`t work)):
public static String SSOString(Map user, String timeStamp) throws InvalidKeyException {
if (!user.containsKey("client_id")) {
user.put("client_id", CLIENT_ID);
}
if (user.get("client_id") == null || user.get("client_id") == "") {
user.put("client_id", CLIENT_ID);
}

    String jsonBase64String = new String(DatatypeConverter.printBase64Binary(JsonEncode(user).getBytes()));
    String signature_string = Hex.encodeHexString(jsonBase64String.getBytes());

    StringBuilder signatureString = new StringBuilder();
    signatureString.append(signature_string);
    signatureString.append(" ");
    signatureString.append(timeStamp);

    Mac mac;
    byte[] result = null;

    SecretKeySpec keySpec = new SecretKeySpec(SECRET.getBytes(), "HmacSHA1");

    try {
        mac = Mac.getInstance("HmacSHA1");
        mac.init(keySpec);
        result = mac.doFinal(signatureString.toString().getBytes());

    } catch (NoSuchAlgorithmException ex) {
        log.debug(ex.getMessage());
    }

/* String usertext = jsonBase64String;
String timestamptext = timeStamp;*/
String hash = new String(hexEncode(result));

    String returnValue = signature_string + " " + hash + " " + timeStamp + " hmacsha1";

    return returnValue;
}

Front-End code of embedded forum with SSO string:
export class ForumPage implements OnInit {
constructor(private dataStorage: DataStorageService,
private auth: AuthService,
private profileStore: ProfileStore) {
}

public ngOnInit(): void {
if (!this.dataStorage.forumAuth) {
this.setForumSsoAndInit();
} else {
this.initForum();
}
}

private initForum() {
if ((window).vanilla_identifier) {
(window).vanilla_identifier = undefined;
(window).vanilla_title = undefined;
}
let forumScript = document.createElement('script');
forumScript.src = ${FORUM_PATH}js/embed.js;
let container = document.getElementById('forum-container');
let element = container.getElementsByClassName('scroll-content')[0];
element.insertBefore(forumScript, element.lastChild);
}

private setForumSsoAndInit() {
this.profileStore.profileData.subscribe(
(res) => {
this.auth.setForumSsoString(res.toJS().email);
this.initForum();
},
(err) => {
console.log(err);
}
)
}
}

Secret and client_id I get from jsConnect settings.
Do I need to modify something else or something wrong with the generating string?

Thank you.

Sign In or Register to comment.