in src/main/java/org/apache/sling/auth/xing/login/impl/DefaultXingLoginUserManager.java [150:198]
protected User storeUser(Credentials credentials) {
final String givenHash = XingLoginUtil.getHash(credentials);
final String json = XingLoginUtil.getUser(credentials);
if (givenHash == null || json == null) {
logger.debug("unable to get hash and/or user data from given credentials");
return null;
}
// validate user data with hash
try {
final String computedHash = XingLoginUtil.hash(json, secretKey, XingLogin.HASH_ALGORITHM);
final boolean match = givenHash.equals(computedHash);
if (!match) {
logger.warn("invalid hash or user data given, aborting");
return null;
}
} catch (Exception e) {
logger.error(e.getMessage(), e);
return null;
}
try {
final XingUser xingUser = XingLoginUtil.fromJson(json);
final String userId = xingUser.getId(); // TODO make configurable
User user = getUser(userId);
if (user == null) {
logger.debug("creating a new user with id '{}'", userId);
final Session session = getSession();
final UserManager userManager = getUserManager(session);
user = userManager.createUser(userId, null);
} else {
logger.debug("updating an existing user with id '{}'", userId);
}
// TODO disable user on create?
final ValueFactory valueFactory = getSession().getValueFactory();
final Value dataValue = valueFactory.createValue(json);
final Value hashValue = valueFactory.createValue(givenHash);
user.setProperty(userDataProperty, dataValue);
user.setProperty(userHashProperty, hashValue);
session.save();
return user;
} catch (Exception e) {
logger.error(e.getMessage(), e);
return null;
}
}