diff --git a/README.en-US.md b/README.en-US.md
index 8b74889249768289287511700153f70a7fd98899..b494399a304f3d17a897f4e80f288a2df9efbb8e 100644
--- a/README.en-US.md
+++ b/README.en-US.md
@@ -6,7 +6,7 @@
-
+
@@ -15,7 +15,7 @@
-
+
@@ -97,7 +97,7 @@ These artifacts are available from Maven Central:
me.zhyd.oauth
JustAuth
- 1.15.2-alpha
+ 1.15.3-alpha
```
- Using JustAuth
diff --git a/README.md b/README.md
index 6d6decfaf04f768fb8634d088f2d0fb3793b1100..a2dc2da0418453426c9946af0f195f4b5c1eb616 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@
-
+
@@ -15,7 +15,7 @@
-
+
@@ -96,7 +96,7 @@ JustAuth,如你所见,它仅仅是一个**第三方授权登录**的**工具
me.zhyd.oauth
JustAuth
- 1.15.2-alpha
+ 1.15.3-alpha
```
- 调用api
diff --git a/bin/version.txt b/bin/version.txt
index a7b6ce43f1c4ab61b38290e694b607777b87acaf..f0c79df16bcebeb13769edce7b8cf34f06cb5aca 100644
--- a/bin/version.txt
+++ b/bin/version.txt
@@ -1 +1 @@
-1.15.2-alpha
+1.15.3-alpha
diff --git a/docs/README.md b/docs/README.md
index 4a9e69580a15521e7d029647446da510e8431bba..b01cb0ae16c336996f13013679e1bce4a6f5a1da 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -9,7 +9,7 @@
-
+
@@ -18,7 +18,7 @@
-
+
diff --git a/docs/_coverpage.md b/docs/_coverpage.md
index a70f957d37e54e2199f47ee4050dc5ea73e87a47..d60917a12c17aa703493a51f48d87093cadad593 100644
--- a/docs/_coverpage.md
+++ b/docs/_coverpage.md
@@ -1,6 +1,6 @@
![](_media/justauth@0,25x.png)
-# JustAuth 1.15.2-alpha
+# JustAuth 1.15.3-alpha
史上最全的整合第三方登录的开源库
diff --git a/pom.xml b/pom.xml
index c875a775b77ed7dc65543b5a0d7bc94ff31747ef..434871f24acd4d5894b71517b03979d098bc25d6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
me.zhyd.oauth
JustAuth
- 1.15.2-alpha
+ 1.15.3-alpha
JustAuth
https://gitee.com/yadong.zhang/JustAuth
diff --git a/src/main/java/me/zhyd/oauth/model/AuthCallback.java b/src/main/java/me/zhyd/oauth/model/AuthCallback.java
index c2f3083b4eff7ce7310da066c45b5d9ae5130278..39c030b602fdda66045f20959818204e6496e064 100644
--- a/src/main/java/me/zhyd/oauth/model/AuthCallback.java
+++ b/src/main/java/me/zhyd/oauth/model/AuthCallback.java
@@ -48,12 +48,13 @@ public class AuthCallback implements Serializable {
*
* @since 1.13.0
*/
- private String oauthToken;
+ private String oauth_token;
/**
* Twitter回调后返回的oauth_verifier
*
* @since 1.13.0
*/
- private String oauthVerifier;
+ private String oauth_verifier;
+
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java
index 0e3d3a947ed5c311ebaaa6a3125e7bc1ee0f8321..3b29800897c36738f86b93ea1e81ba67912c0ff9 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java
@@ -38,6 +38,21 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
super(config, TWITTER, authStateCache);
}
+ /**
+ * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state}
+ *
+ * @param state state 验证授权流程的参数,可以防止csrf
+ * @return 返回授权地址
+ * @since 1.9.3
+ */
+ @Override
+ public String authorize(String state) {
+ AuthToken token = this.getRequestToken();
+ return UrlBuilder.fromBaseUrl(source.authorize())
+ .queryParam("oauth_token", token.getOauthToken())
+ .build();
+ }
+
/**
* Obtaining a request token
* https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter
@@ -54,6 +69,9 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
HttpHeader httpHeader = new HttpHeader();
httpHeader.add("Authorization", header);
+ httpHeader.add("User-Agent", "themattharris' HTTP Client");
+ httpHeader.add("Host", "api.twitter.com");
+ httpHeader.add("Accept", "*/*");
String requestToken = HttpUtil.post(baseUrl, null, httpHeader);
Map res = MapUtil.parseStringToMap(requestToken, false);
@@ -74,10 +92,10 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
@Override
protected AuthToken getAccessToken(AuthCallback authCallback) {
Map oauthParams = buildOauthParams();
- oauthParams.put("oauth_token", authCallback.getOauthToken());
- oauthParams.put("oauth_verifier", authCallback.getOauthVerifier());
+ oauthParams.put("oauth_token", authCallback.getOauth_token());
+ oauthParams.put("oauth_verifier", authCallback.getOauth_verifier());
oauthParams.put("oauth_signature", generateTwitterSignature(oauthParams, "POST", source.accessToken(), config.getClientSecret(), authCallback
- .getOauthToken()));
+ .getOauth_token()));
String header = buildHeader(oauthParams);
HttpHeader httpHeader = new HttpHeader();
@@ -85,7 +103,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded");
Map form = new HashMap<>(1);
- form.put("oauth_verifier", authCallback.getOauthVerifier());
+ form.put("oauth_verifier", authCallback.getOauth_verifier());
String response = HttpUtil.post(source.accessToken(), form, httpHeader, false);
Map requestToken = MapUtil.parseStringToMap(response, false);
@@ -127,6 +145,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
.avatar(userInfo.getString("profile_image_url_https"))
.blog(userInfo.getString("url"))
.location(userInfo.getString("location"))
+ .avatar(userInfo.getString("profile_image_url"))
.source(source.toString())
.token(authToken)
.build();
@@ -152,15 +171,12 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
}
private String buildHeader(Map oauthParams) {
- final StringBuilder sb = new StringBuilder(PREAMBLE);
+ final StringBuilder sb = new StringBuilder(PREAMBLE + " ");
for (Map.Entry param : oauthParams.entrySet()) {
- if (sb.length() > PREAMBLE.length()) {
- sb.append(", ");
- }
- sb.append(param.getKey()).append("=\"").append(urlEncode(param.getValue())).append('"');
+ sb.append(param.getKey()).append("=\"").append(urlEncode(param.getValue())).append('"').append(", ");
}
- return sb.toString();
+ return sb.deleteCharAt(sb.length() - 2).toString();
}
}
diff --git a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
index be24a5cbb48556f9557b2d44feb8f1f8f66baa7f..4761d2ce3c1f500fae14b5dd44a5e6f1eb08e540 100644
--- a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
+++ b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
@@ -72,6 +72,10 @@ public class AuthChecker {
* @since 1.8.0
*/
public static void checkCode(AuthSource source, AuthCallback callback) {
+ // 推特平台不支持回调 code 和 state
+ if (source == AuthDefaultSource.TWITTER) {
+ return;
+ }
String code = callback.getCode();
if (source == AuthDefaultSource.ALIPAY) {
code = callback.getAuth_code();
@@ -95,6 +99,10 @@ public class AuthChecker {
* @param authStateCache {@code authStateCache} state缓存实现
*/
public static void checkState(String state, AuthSource source, AuthStateCache authStateCache) {
+ // 推特平台不支持回调 code 和 state
+ if (source == AuthDefaultSource.TWITTER) {
+ return;
+ }
if (StringUtils.isEmpty(state) || !authStateCache.containsKey(state)) {
throw new AuthException(AuthResponseStatus.ILLEGAL_STATUS, source);
}
diff --git a/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilsTest.java b/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilsTest.java
index c6b071bb540519325f1a58c0edf9993f5817b187..3c002c5a559820343fccd52cefb984d8fe0eab29 100644
--- a/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilsTest.java
+++ b/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilsTest.java
@@ -92,20 +92,20 @@ public class GlobalAuthUtilsTest {
.clientSecret("0YX3RH2DnPiT77pgzLzFdfpMKX8ENLIWQKYQ7lG5TERuZNgXN5")
.build();
AuthCallback authCallback = AuthCallback.builder()
- .oauthToken("W_KLmAAAAAAAxq5LAAABbXxJeD0")
- .oauthVerifier("lYou4gxfA6S5KioUa8VF8HCShzA2nSxp")
+ .oauth_token("W_KLmAAAAAAAxq5LAAABbXxJeD0")
+ .oauth_verifier("lYou4gxfA6S5KioUa8VF8HCShzA2nSxp")
.build();
Map params = new HashMap<>();
params.put("oauth_consumer_key", config.getClientId());
params.put("oauth_nonce", "sTj7Ivg73u052eXstpoS1AWQCynuDEPN");
params.put("oauth_signature_method", "HMAC-SHA1");
params.put("oauth_timestamp", "1569751082");
- params.put("oauth_token", authCallback.getOauthToken());
- params.put("oauth_verifier", authCallback.getOauthVerifier());
+ params.put("oauth_token", authCallback.getOauth_token());
+ params.put("oauth_verifier", authCallback.getOauth_verifier());
params.put("oauth_version", "1.0");
params.put("oauth_signature", GlobalAuthUtils.generateTwitterSignature(params, "POST", TWITTER.accessToken(), config.getClientSecret(), authCallback
- .getOauthToken()));
+ .getOauth_token()));
params.forEach((k, v) -> params.put(k, "\"" + GlobalAuthUtils.urlEncode(v) + "\""));
String actual = "OAuth " + GlobalAuthUtils.parseMapToString(params, false).replaceAll("&", ", ");