From 80329c249605205397973cbb8a2d619120b522fe Mon Sep 17 00:00:00 2001
From: "yadong.zhang"
Date: Fri, 28 Jun 2019 22:58:34 +0800
Subject: [PATCH] =?UTF-8?q?:sparkles:=20=E5=85=A8=E9=9D=A2=E5=BC=80?=
=?UTF-8?q?=E5=90=AFstate=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
README.md | 18 +--
.../java/me/zhyd/oauth/model/AuthUser.java | 8 +-
.../zhyd/oauth/request/AuthAlipayRequest.java | 6 +-
.../zhyd/oauth/request/AuthBaiduRequest.java | 2 +-
.../zhyd/oauth/request/AuthCodingRequest.java | 8 +-
.../zhyd/oauth/request/AuthCsdnRequest.java | 2 +-
.../oauth/request/AuthDingTalkRequest.java | 2 +-
.../zhyd/oauth/request/AuthDouyinRequest.java | 2 +-
.../oauth/request/AuthFacebookRequest.java | 14 +--
.../zhyd/oauth/request/AuthGoogleRequest.java | 18 +--
.../oauth/request/AuthLinkedinRequest.java | 2 +-
.../me/zhyd/oauth/request/AuthMiRequest.java | 24 ++--
.../oauth/request/AuthMicrosoftRequest.java | 16 +--
.../oauth/request/AuthOschinaRequest.java | 9 +-
.../me/zhyd/oauth/request/AuthQqRequest.java | 2 +-
.../zhyd/oauth/request/AuthTaobaoRequest.java | 22 ++--
.../request/AuthTencentCloudRequest.java | 14 ++-
.../oauth/request/AuthToutiaoRequest.java | 14 +--
.../zhyd/oauth/request/AuthWeChatRequest.java | 16 +--
.../zhyd/oauth/request/BaseAuthRequest.java | 2 +-
.../java/me/zhyd/oauth/utils/UrlBuilder.java | 107 +++++++++--------
.../java/me/zhyd/oauth/AuthRequestTest.java | 112 +++++++++++++++---
update.md | 2 +-
23 files changed, 265 insertions(+), 157 deletions(-)
diff --git a/README.md b/README.md
index e00b13e..169244e 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@
-
+
@@ -15,7 +15,7 @@
-
+
@@ -68,7 +68,7 @@ JustAuth,如你所见,它仅仅是一个**第三方授权登录**的**工具
me.zhyd.oauth
JustAuth
- 1.7.1
+ 1.8.0
```
- 调用api
@@ -81,10 +81,12 @@ AuthRequest authRequest = new AuthGiteeRequest(AuthConfig.builder()
.build());
// 生成授权页面
authRequest.authorize();
-// 授权登录后会返回一个code,用这个code进行登录
-authRequest.login("code");
+// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的参数
+authRequest.login(callback);
```
+注:`1.8.0`版本后,增加了`state`参数校验,用于防止[CSRF](https://zh.wikipedia.org/wiki/%E8%B7%A8%E7%AB%99%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0)。强烈建议,保证单次流程内`state`的唯一性,且每个`state`只可用一次。
+
**配套Demo**:[JustAuth-demo](https://gitee.com/yadong.zhang/JustAuth-demo)
具体的例子可以参考:
@@ -99,12 +101,12 @@ authRequest.login("code");
|
| [AuthGithubRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java) | 参考文档 |
|
| [AuthWeiboRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java) | 参考文档 |
|
| [AuthDingTalkRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java) | 参考文档 |
-|
| [AuthBaiduRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java) | 参考文档 |
+|
| [AuthBaiduRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java) | 参考文档 |
|
| [AuthCodingRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java) | 参考文档 |
|
| [AuthTencentCloudRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java) | 参考文档 |
-|
| [AuthOschinaRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java) | 参考文档 |
+|
| [AuthOschinaRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java) | 参考文档 |
|
| [AuthAlipayRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java) | 参考文档 |
-|
| [AuthQqRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java) | 参考文档 |
+|
| [AuthQqRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java) | 参考文档 |
|
| [AuthWeChatRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java) | 参考文档 |
|
| [AuthTaobaoRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java) | 参考文档 |
|
| [AuthGoogleRequest](https://gitee.com/yadong.zhang/JustAuth/blob/master/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java) | 参考文档 |
diff --git a/src/main/java/me/zhyd/oauth/model/AuthUser.java b/src/main/java/me/zhyd/oauth/model/AuthUser.java
index aca19f1..1db92ec 100644
--- a/src/main/java/me/zhyd/oauth/model/AuthUser.java
+++ b/src/main/java/me/zhyd/oauth/model/AuthUser.java
@@ -17,6 +17,10 @@ import me.zhyd.oauth.config.AuthSource;
@Setter
@Builder
public class AuthUser {
+ /**
+ * 用户第三方系统的唯一id。在调用方集成改组件时,可以用uuid + source唯一确定一个用户
+ */
+ private String uuid;
/**
* 用户名
*/
@@ -61,8 +65,4 @@ public class AuthUser {
* 用户授权的token信息
*/
private AuthToken token;
- /**
- * 用户第三方系统的唯一id。在调用方集成改组件时,可以用uuid + source唯一确定一个用户
- */
- private String uuid;
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
index 06196b0..fbcb952 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
@@ -38,12 +38,12 @@ public class AuthAlipayRequest extends BaseAuthRequest {
protected AuthToken getAccessToken(AuthCallback authCallback) {
AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest();
request.setGrantType("authorization_code");
- request.setCode(authCallback.getCode());
+ request.setCode(authCallback.getAuth_code());
AlipaySystemOauthTokenResponse response = null;
try {
response = this.alipayClient.execute(request);
} catch (Exception e) {
- throw new AuthException("Unable to get token from alipay using code [" + authCallback.getCode() + "]", e);
+ throw new AuthException("Unable to get token from alipay using code [" + authCallback.getAuth_code() + "]", e);
}
if (!response.isSuccess()) {
throw new AuthException(response.getSubMsg());
@@ -93,6 +93,6 @@ public class AuthAlipayRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getAlipayAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getAlipayAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
index 06f36bf..a999428 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
@@ -67,7 +67,7 @@ public class AuthBaiduRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getBaiduAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getBaiduAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
@Override
diff --git a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
index 0ad822a..690a5ee 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
@@ -33,7 +33,11 @@ public class AuthCodingRequest extends BaseAuthRequest {
if (accessTokenObject.getIntValue("code") != 0) {
throw new AuthException("Unable to get token from coding using code [" + authCallback.getCode() + "]");
}
- return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
+ return AuthToken.builder()
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .refreshToken(accessTokenObject.getString("refresh_token"))
+ .build();
}
@Override
@@ -69,6 +73,6 @@ public class AuthCodingRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getCodingAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getCodingAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java
index 9cee9a4..43817c2 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java
@@ -63,6 +63,6 @@ public class AuthCsdnRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getCsdnAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getCsdnAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
index 15262d9..6bd6fa0 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
@@ -67,6 +67,6 @@ public class AuthDingTalkRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getDingTalkQrConnectUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getDingTalkQrConnectUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
index c48c402..cf29f19 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
@@ -58,7 +58,7 @@ public class AuthDouyinRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getDouyinAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getDouyinAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
@Override
diff --git a/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java b/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java
index 014137b..bc8fcac 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java
@@ -30,16 +30,16 @@ public class AuthFacebookRequest extends BaseAuthRequest {
String accessTokenUrl = UrlBuilder.getFacebookAccessTokenUrl(config.getClientId(), config.getClientSecret(),
authCallback.getCode(), config.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
- JSONObject object = JSONObject.parseObject(response.body());
+ JSONObject accessTokenObject = JSONObject.parseObject(response.body());
- if (object.containsKey("error")) {
- throw new AuthException(object.getJSONObject("error").getString("message"));
+ if (accessTokenObject.containsKey("error")) {
+ throw new AuthException(accessTokenObject.getJSONObject("error").getString("message"));
}
return AuthToken.builder()
- .accessToken(object.getString("access_token"))
- .expireIn(object.getIntValue("expires_in"))
- .tokenType(object.getString("token_type"))
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .tokenType(accessTokenObject.getString("token_type"))
.build();
}
@@ -80,6 +80,6 @@ public class AuthFacebookRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getFacebookAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getFacebookAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
index 1edcf91..dea8f54 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
@@ -30,19 +30,19 @@ public class AuthGoogleRequest extends BaseAuthRequest {
String accessTokenUrl = UrlBuilder.getGoogleAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config
.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
- JSONObject object = JSONObject.parseObject(response.body());
+ JSONObject accessTokenObject = JSONObject.parseObject(response.body());
- if (object.containsKey("error") || object.containsKey("error_description")) {
- throw new AuthException("get google access_token has error:[" + object.getString("error") + "], error_description:[" + object
+ if (accessTokenObject.containsKey("error") || accessTokenObject.containsKey("error_description")) {
+ throw new AuthException("get google access_token has error:[" + accessTokenObject.getString("error") + "], error_description:[" + accessTokenObject
.getString("error_description") + "]");
}
return AuthToken.builder()
- .accessToken(object.getString("access_token"))
- .expireIn(object.getIntValue("expires_in"))
- .scope(object.getString("scope"))
- .tokenType(object.getString("token_type"))
- .idToken(object.getString("id_token"))
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .scope(accessTokenObject.getString("scope"))
+ .tokenType(accessTokenObject.getString("token_type"))
+ .idToken(accessTokenObject.getString("id_token"))
.build();
}
@@ -72,6 +72,6 @@ public class AuthGoogleRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getGoogleAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getGoogleAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
index 6115bda..23cfa6b 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
@@ -93,7 +93,7 @@ public class AuthLinkedinRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getLinkedinAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getLinkedinAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
private String getUserEmail(String accessToken) {
diff --git a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
index b0be7f3..6ca5403 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
@@ -35,21 +35,21 @@ public class AuthMiRequest extends BaseAuthRequest {
private AuthToken getToken(String accessTokenUrl) {
HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
String jsonStr = StrUtil.replace(response.body(), PREFIX, StrUtil.EMPTY);
- JSONObject object = JSONObject.parseObject(jsonStr);
+ JSONObject accessTokenObject = JSONObject.parseObject(jsonStr);
- if (object.containsKey("error")) {
- throw new AuthException(object.getString("error_description"));
+ if (accessTokenObject.containsKey("error")) {
+ throw new AuthException(accessTokenObject.getString("error_description"));
}
return AuthToken.builder()
- .accessToken(object.getString("access_token"))
- .expireIn(object.getIntValue("expires_in"))
- .scope(object.getString("scope"))
- .tokenType(object.getString("token_type"))
- .refreshToken(object.getString("refresh_token"))
- .openId(object.getString("openId"))
- .macAlgorithm(object.getString("mac_algorithm"))
- .macKey(object.getString("mac_key"))
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .scope(accessTokenObject.getString("scope"))
+ .tokenType(accessTokenObject.getString("token_type"))
+ .refreshToken(accessTokenObject.getString("refresh_token"))
+ .openId(accessTokenObject.getString("openId"))
+ .macAlgorithm(accessTokenObject.getString("mac_algorithm"))
+ .macKey(accessTokenObject.getString("mac_key"))
.build();
}
@@ -98,7 +98,7 @@ public class AuthMiRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getMiAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getMiAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
/**
diff --git a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
index c394ff0..cbf3252 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
@@ -48,16 +48,16 @@ public class AuthMicrosoftRequest extends BaseAuthRequest {
.form(paramMap)
.execute();
String accessTokenStr = response.body();
- JSONObject object = JSONObject.parseObject(accessTokenStr);
+ JSONObject accessTokenObject = JSONObject.parseObject(accessTokenStr);
- this.checkResponse(object);
+ this.checkResponse(accessTokenObject);
return AuthToken.builder()
- .accessToken(object.getString("access_token"))
- .expireIn(object.getIntValue("expires_in"))
- .scope(object.getString("scope"))
- .tokenType(object.getString("token_type"))
- .refreshToken(object.getString("refresh_token"))
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .scope(accessTokenObject.getString("scope"))
+ .tokenType(accessTokenObject.getString("token_type"))
+ .refreshToken(accessTokenObject.getString("refresh_token"))
.build();
}
@@ -96,7 +96,7 @@ public class AuthMicrosoftRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getMicrosoftAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getMicrosoftAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
/**
diff --git a/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java b/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java
index f81d1c4..fe0110d 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java
@@ -34,7 +34,12 @@ public class AuthOschinaRequest extends BaseAuthRequest {
if (accessTokenObject.containsKey("error")) {
throw new AuthException("Unable to get token from oschina using code [" + authCallback.getCode() + "]");
}
- return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
+ return AuthToken.builder()
+ .accessToken(accessTokenObject.getString("access_token"))
+ .refreshToken(accessTokenObject.getString("refresh_token"))
+ .uid(accessTokenObject.getString("uid"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .build();
}
@Override
@@ -66,6 +71,6 @@ public class AuthOschinaRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getOschinaAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getOschinaAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java b/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java
index 3472f29..e9bfffe 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java
@@ -81,7 +81,7 @@ public class AuthQqRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getQqAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getQqAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
private String getOpenId(AuthToken authToken) {
diff --git a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
index 0dadd39..8add7cd 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
@@ -36,19 +36,19 @@ public class AuthTaobaoRequest extends BaseAuthRequest {
String accessCode = authToken.getAccessCode();
HttpResponse response = HttpRequest.post(UrlBuilder.getTaobaoAccessTokenUrl(this.config.getClientId(), this.config
.getClientSecret(), accessCode, this.config.getRedirectUri())).execute();
- JSONObject object = JSONObject.parseObject(response.body());
- if (object.containsKey("error")) {
- throw new AuthException(ResponseStatus.FAILURE + ":" + object.getString("error_description"));
+ JSONObject accessTokenObject = JSONObject.parseObject(response.body());
+ if (accessTokenObject.containsKey("error")) {
+ throw new AuthException(ResponseStatus.FAILURE + ":" + accessTokenObject.getString("error_description"));
}
- authToken.setAccessToken(object.getString("access_token"));
- authToken.setRefreshToken(object.getString("refresh_token"));
- authToken.setExpireIn(object.getIntValue("expires_in"));
- authToken.setUid(object.getString("taobao_user_id"));
- authToken.setOpenId(object.getString("taobao_open_uid"));
+ authToken.setAccessToken(accessTokenObject.getString("access_token"));
+ authToken.setRefreshToken(accessTokenObject.getString("refresh_token"));
+ authToken.setExpireIn(accessTokenObject.getIntValue("expires_in"));
+ authToken.setUid(accessTokenObject.getString("taobao_user_id"));
+ authToken.setOpenId(accessTokenObject.getString("taobao_open_uid"));
- String nick = GlobalAuthUtil.urlDecode(object.getString("taobao_user_nick"));
+ String nick = GlobalAuthUtil.urlDecode(accessTokenObject.getString("taobao_user_nick"));
return AuthUser.builder()
- .uuid(object.getString("taobao_user_id"))
+ .uuid(accessTokenObject.getString("taobao_user_id"))
.username(nick)
.nickname(nick)
.gender(AuthUserGender.UNKNOW)
@@ -64,6 +64,6 @@ public class AuthTaobaoRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getTaobaoAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getTaobaoAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
index 5daf48f..4841115 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
@@ -29,11 +29,15 @@ public class AuthTencentCloudRequest extends BaseAuthRequest {
protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getTencentCloudAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
- JSONObject object = JSONObject.parseObject(response.body());
- if (object.getIntValue("code") != 0) {
- throw new AuthException("Unable to get token from tencent cloud using code [" + authCallback.getCode() + "]: " + object.get("msg"));
+ JSONObject accessTokenObject = JSONObject.parseObject(response.body());
+ if (accessTokenObject.getIntValue("code") != 0) {
+ throw new AuthException("Unable to get token from tencent cloud using code [" + authCallback.getCode() + "]: " + accessTokenObject.get("msg"));
}
- return AuthToken.builder().accessToken(object.getString("access_token")).build();
+ return AuthToken.builder()
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .refreshToken(accessTokenObject.getString("refresh_token"))
+ .build();
}
@Override
@@ -68,6 +72,6 @@ public class AuthTencentCloudRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getTencentCloudAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getTencentCloudAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
index 41d4c76..dd24abf 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
@@ -26,16 +26,16 @@ public class AuthToutiaoRequest extends BaseAuthRequest {
protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getToutiaoAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
- JSONObject object = JSONObject.parseObject(response.body());
+ JSONObject accessTokenObject = JSONObject.parseObject(response.body());
- if (object.containsKey("error_code")) {
- throw new AuthException(AuthToutiaoErrorCode.getErrorCode(object.getIntValue("error_code")).getDesc());
+ if (accessTokenObject.containsKey("error_code")) {
+ throw new AuthException(AuthToutiaoErrorCode.getErrorCode(accessTokenObject.getIntValue("error_code")).getDesc());
}
return AuthToken.builder()
- .accessToken(object.getString("access_token"))
- .expireIn(object.getIntValue("expires_in"))
- .openId(object.getString("open_id"))
+ .accessToken(accessTokenObject.getString("access_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .openId(accessTokenObject.getString("open_id"))
.build();
}
@@ -73,6 +73,6 @@ public class AuthToutiaoRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getToutiaoAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getToutiaoAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
index 6fc9b7a..e7ae78e 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
@@ -24,7 +24,7 @@ public class AuthWeChatRequest extends BaseAuthRequest {
/**
* 微信的特殊性,此时返回的信息同时包含 openid 和 access_token
*
- * @param code 授权码
+ * @param authCallback 回调返回的参数
* @return 所有信息
*/
@Override
@@ -63,7 +63,7 @@ public class AuthWeChatRequest extends BaseAuthRequest {
*/
@Override
public String authorize() {
- return UrlBuilder.getWeChatAuthorizeUrl(config.getClientId(), config.getRedirectUri());
+ return UrlBuilder.getWeChatAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
}
@Override
@@ -94,15 +94,15 @@ public class AuthWeChatRequest extends BaseAuthRequest {
*/
private AuthToken getToken(String accessTokenUrl) {
HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
- JSONObject object = JSONObject.parseObject(response.body());
+ JSONObject accessTokenObject = JSONObject.parseObject(response.body());
- this.checkResponse(object);
+ this.checkResponse(accessTokenObject);
return AuthToken.builder()
- .accessToken(object.getString("access_token"))
- .refreshToken(object.getString("refresh_token"))
- .expireIn(object.getIntValue("expires_in"))
- .openId(object.getString("openid"))
+ .accessToken(accessTokenObject.getString("access_token"))
+ .refreshToken(accessTokenObject.getString("refresh_token"))
+ .expireIn(accessTokenObject.getIntValue("expires_in"))
+ .openId(accessTokenObject.getString("openid"))
.build();
}
}
diff --git a/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java b/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java
index 52e1254..8cf1fb1 100644
--- a/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java
@@ -37,7 +37,7 @@ public abstract class BaseAuthRequest implements AuthRequest {
@Override
public AuthResponse login(AuthCallback authCallback) {
try {
- AuthChecker.checkCode(authCallback.getCode());
+ AuthChecker.checkCode(source == AuthSource.ALIPAY ? authCallback.getAuth_code() : authCallback.getCode());
AuthChecker.checkState(authCallback.getState(), config.getState());
AuthToken authToken = this.getAccessToken(authCallback);
diff --git a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
index 2f0492b..70d8db7 100644
--- a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
+++ b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
@@ -29,31 +29,31 @@ public class UrlBuilder {
private static final String GITEE_USER_INFO_PATTERN = "{0}?access_token={1}";
private static final String GITEE_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&state={3}";
- private static final String DING_TALK_QRCONNECT_PATTERN = "{0}?appid={1}&response_type=code&scope=snsapi_login&state=STATE&redirect_uri={2}";
+ private static final String DING_TALK_QRCONNECT_PATTERN = "{0}?appid={1}&response_type=code&scope=snsapi_login&redirect_uri={2}&state={3}";
private static final String DING_TALK_USER_INFO_PATTERN = "{0}?signature={1}×tamp={2}&accessKey={3}";
private static final String BAIDU_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}";
private static final String BAIDU_USER_INFO_PATTERN = "{0}?access_token={1}";
- private static final String BAIDU_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&display=popup";
+ private static final String BAIDU_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&display=popup&state={3}";
private static final String BAIDU_REVOKE_PATTERN = "{0}?access_token={1}";
private static final String CSDN_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}";
private static final String CSDN_USER_INFO_PATTERN = "{0}?access_token={1}";
- private static final String CSDN_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}";
+ private static final String CSDN_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&state={3}";
private static final String CODING_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}";
private static final String CODING_USER_INFO_PATTERN = "{0}?access_token={1}";
- private static final String CODING_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&scope=user";
+ private static final String CODING_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&scope=user&state={3}";
private static final String TENCENT_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}";
private static final String TENCENT_USER_INFO_PATTERN = "{0}?access_token={1}";
- private static final String TENCENT_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&scope=user";
+ private static final String TENCENT_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&scope=user&state={3}";
private static final String OSCHINA_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}&dataType=json";
private static final String OSCHINA_USER_INFO_PATTERN = "{0}?access_token={1}&dataType=json";
- private static final String OSCHINA_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}";
+ private static final String OSCHINA_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&state={3}";
- private static final String ALIPAY_AUTHORIZE_PATTERN = "{0}?app_id={1}&scope=auth_user&redirect_uri={2}&state=init";
+ private static final String ALIPAY_AUTHORIZE_PATTERN = "{0}?app_id={1}&scope=auth_user&redirect_uri={2}&state={3}";
private static final String QQ_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}";
private static final String QQ_USER_INFO_PATTERN = "{0}?oauth_consumer_key={1}&access_token={2}&openid={3}";
@@ -215,10 +215,11 @@ public class UrlBuilder {
*
* @param clientId 钉钉 应用的App Id
* @param redirectUrl 钉钉 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getDingTalkQrConnectUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(DING_TALK_QRCONNECT_PATTERN, AuthSource.DINGTALK.authorize(), clientId, redirectUrl);
+ public static String getDingTalkQrConnectUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(DING_TALK_QRCONNECT_PATTERN, AuthSource.DINGTALK.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -261,10 +262,11 @@ public class UrlBuilder {
*
* @param clientId baidu 应用的API Key
* @param redirectUrl baidu 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return json
*/
- public static String getBaiduAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(BAIDU_AUTHORIZE_PATTERN, AuthSource.BAIDU.authorize(), clientId, redirectUrl);
+ public static String getBaiduAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(BAIDU_AUTHORIZE_PATTERN, AuthSource.BAIDU.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -305,10 +307,11 @@ public class UrlBuilder {
*
* @param clientId csdn 应用的Client ID
* @param redirectUrl csdn 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getCsdnAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(CSDN_AUTHORIZE_PATTERN, AuthSource.CSDN.authorize(), clientId, redirectUrl);
+ public static String getCsdnAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(CSDN_AUTHORIZE_PATTERN, AuthSource.CSDN.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -338,10 +341,11 @@ public class UrlBuilder {
*
* @param clientId coding 应用的Client ID
* @param redirectUrl coding 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getCodingAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(CODING_AUTHORIZE_PATTERN, AuthSource.CODING.authorize(), clientId, redirectUrl);
+ public static String getCodingAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(CODING_AUTHORIZE_PATTERN, AuthSource.CODING.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -371,10 +375,11 @@ public class UrlBuilder {
*
* @param clientId coding 应用的Client ID
* @param redirectUrl coding 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getTencentCloudAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(TENCENT_AUTHORIZE_PATTERN, AuthSource.TENCENT_CLOUD.authorize(), clientId, redirectUrl);
+ public static String getTencentCloudAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(TENCENT_AUTHORIZE_PATTERN, AuthSource.TENCENT_CLOUD.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -405,10 +410,11 @@ public class UrlBuilder {
*
* @param clientId oschina 应用的Client ID
* @param redirectUrl oschina 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getOschinaAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(OSCHINA_AUTHORIZE_PATTERN, AuthSource.OSCHINA.authorize(), clientId, redirectUrl);
+ public static String getOschinaAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(OSCHINA_AUTHORIZE_PATTERN, AuthSource.OSCHINA.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -441,10 +447,11 @@ public class UrlBuilder {
*
* @param clientId qq 应用的Client ID
* @param redirectUrl qq 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getQqAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(QQ_AUTHORIZE_PATTERN, AuthSource.QQ.authorize(), clientId, redirectUrl, System.currentTimeMillis());
+ public static String getQqAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(QQ_AUTHORIZE_PATTERN, AuthSource.QQ.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -464,10 +471,11 @@ public class UrlBuilder {
*
* @param clientId alipay 应用的Client ID
* @param redirectUrl alipay 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getAlipayAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(ALIPAY_AUTHORIZE_PATTERN, AuthSource.ALIPAY.authorize(), clientId, redirectUrl);
+ public static String getAlipayAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(ALIPAY_AUTHORIZE_PATTERN, AuthSource.ALIPAY.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -475,11 +483,11 @@ public class UrlBuilder {
*
* @param clientId 微信 应用的appid
* @param redirectUrl 微信 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getWeChatAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(WECHAT_AUTHORIZE_PATTERN, AuthSource.WECHAT.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getWeChatAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(WECHAT_AUTHORIZE_PATTERN, AuthSource.WECHAT.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -534,11 +542,11 @@ public class UrlBuilder {
*
* @param clientId Taobao 应用的Client ID
* @param redirectUrl Taobao 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getTaobaoAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(TAOBAO_AUTHORIZE_PATTERN, AuthSource.TAOBAO.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getTaobaoAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(TAOBAO_AUTHORIZE_PATTERN, AuthSource.TAOBAO.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -546,11 +554,11 @@ public class UrlBuilder {
*
* @param clientId google 应用的Client ID
* @param redirectUrl google 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getGoogleAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(GOOGLE_AUTHORIZE_PATTERN, AuthSource.GOOGLE.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getGoogleAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(GOOGLE_AUTHORIZE_PATTERN, AuthSource.GOOGLE.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -581,11 +589,11 @@ public class UrlBuilder {
*
* @param clientId Facebook 应用的Client ID
* @param redirectUrl Facebook 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getFacebookAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(FACEBOOK_AUTHORIZE_PATTERN, AuthSource.FACEBOOK.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getFacebookAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(FACEBOOK_AUTHORIZE_PATTERN, AuthSource.FACEBOOK.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -616,11 +624,11 @@ public class UrlBuilder {
*
* @param clientId Douyin 应用的Client ID
* @param redirectUrl Douyin 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getDouyinAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(DOUYIN_AUTHORIZE_PATTERN, AuthSource.DOUYIN.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getDouyinAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(DOUYIN_AUTHORIZE_PATTERN, AuthSource.DOUYIN.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -662,11 +670,11 @@ public class UrlBuilder {
*
* @param clientId Linkedin 应用的Client ID
* @param redirectUrl Linkedin 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getLinkedinAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(LINKEDIN_AUTHORIZE_PATTERN, AuthSource.LINKEDIN.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getLinkedinAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(LINKEDIN_AUTHORIZE_PATTERN, AuthSource.LINKEDIN.authorize(), clientId, redirectUrl, state);
}
/**
@@ -708,11 +716,11 @@ public class UrlBuilder {
*
* @param clientId 微软 应用的Client ID
* @param redirectUrl 微软 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getMicrosoftAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(MICROSOFT_AUTHORIZE_PATTERN, AuthSource.MICROSOFT.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getMicrosoftAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(MICROSOFT_AUTHORIZE_PATTERN, AuthSource.MICROSOFT.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -755,10 +763,11 @@ public class UrlBuilder {
*
* @param clientId 小米 应用的Client ID
* @param redirectUrl 小米 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getMiAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(MI_AUTHORIZE_PATTERN, AuthSource.MI.authorize(), clientId, redirectUrl, System.currentTimeMillis());
+ public static String getMiAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(MI_AUTHORIZE_PATTERN, AuthSource.MI.authorize(), clientId, redirectUrl, getState(state));
}
/**
@@ -803,11 +812,11 @@ public class UrlBuilder {
*
* @param clientId 今日头条 应用的Client ID
* @param redirectUrl 今日头条 应用授权成功后的回调地址
+ * @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
*/
- public static String getToutiaoAuthorizeUrl(String clientId, String redirectUrl) {
- return MessageFormat.format(TOUTIAO_AUTHORIZE_PATTERN, AuthSource.TOUTIAO.authorize(), clientId, redirectUrl, System
- .currentTimeMillis());
+ public static String getToutiaoAuthorizeUrl(String clientId, String redirectUrl, String state) {
+ return MessageFormat.format(TOUTIAO_AUTHORIZE_PATTERN, AuthSource.TOUTIAO.authorize(), clientId, redirectUrl, getState(state));
}
/**
diff --git a/src/test/java/me/zhyd/oauth/AuthRequestTest.java b/src/test/java/me/zhyd/oauth/AuthRequestTest.java
index 0bd0df6..713210e 100644
--- a/src/test/java/me/zhyd/oauth/AuthRequestTest.java
+++ b/src/test/java/me/zhyd/oauth/AuthRequestTest.java
@@ -1,6 +1,7 @@
package me.zhyd.oauth;
import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.request.*;
import org.junit.Test;
@@ -18,11 +19,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -31,11 +33,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -48,7 +51,7 @@ public class AuthRequestTest {
// 返回授权页面,可自行调整
authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -57,11 +60,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -70,11 +74,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -83,11 +88,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -96,11 +102,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
}
@Test
@@ -109,11 +116,26 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- authRequest.login("code");
+ authRequest.login(new AuthCallback());
+ }
+
+ @Test
+ public void alipayTest() {
+ AuthRequest authRequest = new AuthAlipayRequest(AuthConfig.builder()
+ .clientId("clientId")
+ .clientSecret("clientSecret")
+ .redirectUri("redirectUri")
+ .state("state")
+ .build());
+ // 返回授权页面,可自行调整
+ String url = authRequest.authorize();
+ // 授权登录后会返回一个code,用这个code进行登录
+ AuthResponse login = authRequest.login(new AuthCallback());
}
@Test
@@ -122,11 +144,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- AuthResponse login = authRequest.login("code");
+ AuthResponse login = authRequest.login(new AuthCallback());
}
@Test
@@ -135,11 +158,26 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- AuthResponse login = authRequest.login("code");
+ AuthResponse login = authRequest.login(new AuthCallback());
+ }
+
+ @Test
+ public void taobaoTest() {
+ AuthRequest authRequest = new AuthTaobaoRequest(AuthConfig.builder()
+ .clientId("clientId")
+ .clientSecret("clientSecret")
+ .redirectUri("redirectUri")
+ .state("state")
+ .build());
+ // 返回授权页面,可自行调整
+ String url = authRequest.authorize();
+ // 授权登录后会返回一个code,用这个code进行登录
+ AuthResponse login = authRequest.login(new AuthCallback());
}
@Test
@@ -148,11 +186,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- AuthResponse login = authRequest.login("code");
+ AuthResponse login = authRequest.login(new AuthCallback());
}
@Test
@@ -161,11 +200,40 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
+ .build());
+ // 返回授权页面,可自行调整
+ String url = authRequest.authorize();
+ // 授权登录后会返回一个code,用这个code进行登录
+ AuthResponse login = authRequest.login(new AuthCallback());
+ }
+
+ @Test
+ public void douyinTest() {
+ AuthRequest authRequest = new AuthDouyinRequest(AuthConfig.builder()
+ .clientId("clientId")
+ .clientSecret("clientSecret")
+ .redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- AuthResponse login = authRequest.login("code");
+ AuthResponse login = authRequest.login(new AuthCallback());
+ }
+
+ @Test
+ public void linkedinTest() {
+ AuthRequest authRequest = new AuthLinkedinRequest(AuthConfig.builder()
+ .clientId("clientId")
+ .clientSecret("clientSecret")
+ .redirectUri("redirectUri")
+ .state("state")
+ .build());
+ // 返回授权页面,可自行调整
+ String url = authRequest.authorize();
+ // 授权登录后会返回一个code,用这个code进行登录
+ AuthResponse login = authRequest.login(new AuthCallback());
}
@Test
@@ -174,11 +242,12 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- AuthResponse login = authRequest.login("code");
+ AuthResponse login = authRequest.login(new AuthCallback());
}
@Test
@@ -187,10 +256,25 @@ public class AuthRequestTest {
.clientId("clientId")
.clientSecret("clientSecret")
.redirectUri("redirectUri")
+ .state("state")
+ .build());
+ // 返回授权页面,可自行调整
+ String url = authRequest.authorize();
+ // 授权登录后会返回一个code,用这个code进行登录
+ AuthResponse login = authRequest.login(new AuthCallback());
+ }
+
+ @Test
+ public void toutiaoTest() {
+ AuthRequest authRequest = new AuthToutiaoRequest(AuthConfig.builder()
+ .clientId("clientId")
+ .clientSecret("clientSecret")
+ .redirectUri("redirectUri")
+ .state("state")
.build());
// 返回授权页面,可自行调整
String url = authRequest.authorize();
// 授权登录后会返回一个code,用这个code进行登录
- AuthResponse login = authRequest.login("code");
+ AuthResponse login = authRequest.login(new AuthCallback());
}
}
diff --git a/update.md b/update.md
index 785a3d7..f875c77 100644
--- a/update.md
+++ b/update.md
@@ -1,6 +1,6 @@
### 2019/06/28
1. 修复百度登录获取不到token失效时间的问题
-2. gitee增加state参数校验
+2. 增加state参数校验,预防CSRF。强烈建议启用state!
### 2019/06/27
1. 修改login方法的参数为AuthCallback,封装回调返回的参数
--
GitLab