Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
My_csdo
JustAuth
提交
55c4b391
J
JustAuth
项目概览
My_csdo
/
JustAuth
与 Fork 源项目一致
Fork自
justauth / JustAuth
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
JustAuth
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
提交
55c4b391
编写于
7月 25, 2019
作者:
智布道
👁
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
State优化第一步:去掉AuthState工具类
上级
7f725b57
变更
24
隐藏空白更改
内联
并排
Showing
24 changed file
with
199 addition
and
668 deletion
+199
-668
src/main/java/me/zhyd/oauth/config/AuthConfig.java
src/main/java/me/zhyd/oauth/config/AuthConfig.java
+1
-8
src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
+4
-3
src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
+4
-3
src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
+5
-4
src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java
src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java
+17
-4
src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
+4
-3
src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
+4
-3
src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java
src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java
+0
-8
src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
+4
-4
src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
+4
-3
src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
+4
-3
src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
...main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
+4
-3
src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java
...main/java/me/zhyd/oauth/request/AuthPinterestRequest.java
+8
-2
src/main/java/me/zhyd/oauth/request/AuthRequest.java
src/main/java/me/zhyd/oauth/request/AuthRequest.java
+11
-0
src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java
.../java/me/zhyd/oauth/request/AuthStackOverflowRequest.java
+8
-2
src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
+5
-4
src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
...n/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
+4
-3
src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
+4
-3
src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
+4
-3
src/main/java/me/zhyd/oauth/utils/AuthChecker.java
src/main/java/me/zhyd/oauth/utils/AuthChecker.java
+0
-21
src/main/java/me/zhyd/oauth/utils/AuthState.java
src/main/java/me/zhyd/oauth/utils/AuthState.java
+0
-230
src/test/java/me/zhyd/oauth/AuthRequestTest.java
src/test/java/me/zhyd/oauth/AuthRequestTest.java
+96
-114
src/test/java/me/zhyd/oauth/utils/AuthStateTest.java
src/test/java/me/zhyd/oauth/utils/AuthStateTest.java
+0
-231
src/test/java/me/zhyd/oauth/utils/UrlBuilderTest.java
src/test/java/me/zhyd/oauth/utils/UrlBuilderTest.java
+4
-6
未找到文件。
src/main/java/me/zhyd/oauth/config/AuthConfig.java
浏览文件 @
55c4b391
...
...
@@ -6,7 +6,7 @@ import lombok.*;
* JustAuth配置类
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @version 1.
0
* @version 1.
9.3
* @since 1.8
*/
@Getter
...
...
@@ -45,13 +45,6 @@ public class AuthConfig {
*/
private
boolean
unionId
;
/**
* 一个神奇的参数,最好使用随机的不可测的内容,可以用来防止CSRF攻击
* <p>
* 1.8.0版本新增参数
*/
private
String
state
;
/**
* Stack Overflow Key
* <p>
...
...
src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
浏览文件 @
55c4b391
...
...
@@ -86,17 +86,18 @@ public class AuthAlipayRequest extends AuthDefaultRequest {
}
/**
* 返回
认证url,可自行跳转页面
* 返回
带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"app_id"
,
config
.
getClientId
())
.
queryParam
(
"scope"
,
"auth_user"
)
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()
))
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
}
src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
浏览文件 @
55c4b391
...
...
@@ -79,18 +79,19 @@ public class AuthBaiduRequest extends AuthDefaultRequest {
}
/**
* 返回
认证url,可自行跳转页面
* 返回
带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_id"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"display"
,
"popup"
)
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()
))
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
...
...
src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
浏览文件 @
55c4b391
...
...
@@ -4,11 +4,11 @@ import cn.hutool.http.HttpResponse;
import
com.alibaba.fastjson.JSONObject
;
import
me.zhyd.oauth.config.AuthConfig
;
import
me.zhyd.oauth.config.AuthSource
;
import
me.zhyd.oauth.enums.AuthUserGender
;
import
me.zhyd.oauth.exception.AuthException
;
import
me.zhyd.oauth.model.AuthCallback
;
import
me.zhyd.oauth.model.AuthToken
;
import
me.zhyd.oauth.model.AuthUser
;
import
me.zhyd.oauth.enums.AuthUserGender
;
import
me.zhyd.oauth.utils.UrlBuilder
;
/**
...
...
@@ -71,18 +71,19 @@ public class AuthCodingRequest extends AuthDefaultRequest {
}
/**
* 返回
认证url,可自行跳转页面
* 返回
带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_id"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"scope"
,
"user"
)
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()
))
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
}
src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java
浏览文件 @
55c4b391
...
...
@@ -2,7 +2,6 @@ package me.zhyd.oauth.request;
import
cn.hutool.http.HttpRequest
;
import
cn.hutool.http.HttpResponse
;
import
lombok.Data
;
import
lombok.extern.slf4j.Slf4j
;
import
me.zhyd.oauth.config.AuthConfig
;
import
me.zhyd.oauth.config.AuthSource
;
...
...
@@ -43,7 +42,6 @@ public abstract class AuthDefaultRequest implements AuthRequest {
public
AuthResponse
login
(
AuthCallback
authCallback
)
{
try
{
AuthChecker
.
checkCode
(
source
==
AuthSource
.
ALIPAY
?
authCallback
.
getAuth_code
()
:
authCallback
.
getCode
());
AuthChecker
.
checkState
(
authCallback
.
getState
(),
config
.
getState
());
AuthToken
authToken
=
this
.
getAccessToken
(
authCallback
);
AuthUser
user
=
this
.
getUserInfo
(
authToken
);
...
...
@@ -64,16 +62,31 @@ public abstract class AuthDefaultRequest implements AuthRequest {
/**
* 返回认证url,可自行跳转页面
* <p>
* 不建议使用该方式获取授权地址,不带{@code state}的授权地址,容易受到csrf攻击。
* 建议使用{@link AuthDefaultRequest#authorize(String)}方法生成授权地址,在回调方法中对{@code state}进行校验
*
* @return 返回授权地址
*/
@Deprecated
@Override
public
String
authorize
()
{
return
this
.
authorize
(
null
);
}
/**
* 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_id"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()
))
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
...
...
@@ -130,7 +143,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
}
/**
* 获取state,如果为空, 则默认
去
当前日期的时间戳
* 获取state,如果为空, 则默认
取
当前日期的时间戳
*
* @param state 原始的state
* @return 返回不为null的state
...
...
src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
浏览文件 @
55c4b391
...
...
@@ -58,18 +58,19 @@ public class AuthDingTalkRequest extends AuthDefaultRequest {
}
/**
* 返回
认证url,可自行跳转页面
* 返回
带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"appid"
,
config
.
getClientId
())
.
queryParam
(
"scope"
,
"snsapi_login"
)
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()
))
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
...
...
src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
浏览文件 @
55c4b391
...
...
@@ -89,18 +89,19 @@ public class AuthDouyinRequest extends AuthDefaultRequest {
}
/**
* 返回
认证url,可自行跳转页面
* 返回
带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_key"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()))
.
queryParam
(
"scope"
,
"user_info"
)
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
...
...
src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java
浏览文件 @
55c4b391
...
...
@@ -63,12 +63,4 @@ public class AuthGithubRequest extends AuthDefaultRequest {
.
build
();
}
/**
* 检查响应内容是否正确
*
* @param object 请求响应内容
*/
private
void
checkResponse
(
JSONObject
object
)
{
}
}
src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
浏览文件 @
55c4b391
...
...
@@ -61,19 +61,19 @@ public class AuthGoogleRequest extends AuthDefaultRequest {
}
/**
* 返回认证url,可自行跳转页面
* https://openidconnect.googleapis.com/v1/userinfo
* 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_id"
,
config
.
getClientId
())
.
queryParam
(
"scope"
,
"openid%20email%20profile"
)
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()
))
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
...
...
src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
浏览文件 @
55c4b391
...
...
@@ -182,18 +182,19 @@ public class AuthLinkedinRequest extends AuthDefaultRequest {
}
/**
* 返回
认证url,可自行跳转页面
* 返回
带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_id"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()))
.
queryParam
(
"scope"
,
"r_liteprofile%20r_emailaddress%20w_member_social"
)
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
...
...
src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
浏览文件 @
55c4b391
...
...
@@ -109,19 +109,20 @@ public class AuthMiRequest extends AuthDefaultRequest {
}
/**
* 返回
认证url,可自行跳转页面
* 返回
带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_id"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()))
.
queryParam
(
"scope"
,
"user/profile%20user/openIdV2%20user/phoneAndEmail"
)
.
queryParam
(
"skip_confirm"
,
"false"
)
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
...
...
src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
浏览文件 @
55c4b391
...
...
@@ -102,19 +102,20 @@ public class AuthMicrosoftRequest extends AuthDefaultRequest {
}
/**
* 返回
认证url,可自行跳转页面
* 返回
带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_id"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"response_mode"
,
"query"
)
.
queryParam
(
"scope"
,
"offline_access%20user.read%20mail.read"
)
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()
))
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
...
...
src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java
浏览文件 @
55c4b391
...
...
@@ -69,14 +69,20 @@ public class AuthPinterestRequest extends AuthDefaultRequest {
return
jsonObject
.
getJSONObject
(
"60x60"
).
getString
(
"url"
);
}
/**
* 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_id"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()))
.
queryParam
(
"scope"
,
"read_public"
)
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
...
...
src/main/java/me/zhyd/oauth/request/AuthRequest.java
浏览文件 @
55c4b391
...
...
@@ -18,10 +18,21 @@ public interface AuthRequest {
*
* @return 返回授权地址
*/
@Deprecated
default
String
authorize
()
{
throw
new
AuthException
(
AuthResponseStatus
.
NOT_IMPLEMENTED
);
}
/**
* 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
default
String
authorize
(
String
state
)
{
throw
new
AuthException
(
AuthResponseStatus
.
NOT_IMPLEMENTED
);
}
/**
* 第三方登录
*
...
...
src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java
浏览文件 @
55c4b391
...
...
@@ -67,14 +67,20 @@ public class AuthStackOverflowRequest extends AuthDefaultRequest {
.
build
();
}
/**
* 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_id"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()))
.
queryParam
(
"scope"
,
"read_inbox"
)
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
...
...
src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
浏览文件 @
55c4b391
...
...
@@ -4,11 +4,11 @@ import cn.hutool.http.HttpResponse;
import
com.alibaba.fastjson.JSONObject
;
import
me.zhyd.oauth.config.AuthConfig
;
import
me.zhyd.oauth.config.AuthSource
;
import
me.zhyd.oauth.enums.AuthUserGender
;
import
me.zhyd.oauth.exception.AuthException
;
import
me.zhyd.oauth.model.AuthCallback
;
import
me.zhyd.oauth.model.AuthToken
;
import
me.zhyd.oauth.model.AuthUser
;
import
me.zhyd.oauth.enums.AuthUserGender
;
import
me.zhyd.oauth.utils.GlobalAuthUtil
;
import
me.zhyd.oauth.utils.UrlBuilder
;
...
...
@@ -55,18 +55,19 @@ public class AuthTaobaoRequest extends AuthDefaultRequest {
}
/**
* 返回
认证url,可自行跳转页面
* 返回
带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_id"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()))
.
queryParam
(
"view"
,
"web"
)
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
}
src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
浏览文件 @
55c4b391
...
...
@@ -71,18 +71,19 @@ public class AuthTencentCloudRequest extends AuthDefaultRequest {
}
/**
* 返回
认证url,可自行跳转页面
* 返回
带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_id"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"scope"
,
"user"
)
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()
))
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
}
src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
浏览文件 @
55c4b391
...
...
@@ -65,19 +65,20 @@ public class AuthToutiaoRequest extends AuthDefaultRequest {
}
/**
* 返回
认证url,可自行跳转页面
* 返回
带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"client_key"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()))
.
queryParam
(
"auth_only"
,
1
)
.
queryParam
(
"display"
,
0
)
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
...
...
src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
浏览文件 @
55c4b391
...
...
@@ -100,18 +100,19 @@ public class AuthWeChatRequest extends AuthDefaultRequest {
}
/**
* 返回
认证url,可自行跳转页面
* 返回
带{@code state}参数的认证url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
*/
@Override
public
String
authorize
()
{
public
String
authorize
(
String
state
)
{
return
UrlBuilder
.
fromBaseUrl
(
source
.
authorize
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"appid"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"scope"
,
"snsapi_login"
)
.
queryParam
(
"state"
,
getRealState
(
config
.
getState
()).
concat
(
"#wechat_redirect"
))
.
queryParam
(
"state"
,
getRealState
(
state
))
.
build
();
}
...
...
src/main/java/me/zhyd/oauth/utils/AuthChecker.java
浏览文件 @
55c4b391
...
...
@@ -63,25 +63,4 @@ public class AuthChecker {
throw
new
AuthException
(
AuthResponseStatus
.
ILLEGAL_CODE
);
}
}
/**
* 校验state的合法性防止被CSRF
*
* @param newState 新的state,一般为回调时传回的state(可能被篡改)
* @param originalState 原始的state,发起授权时向第三方平台传递的state
*/
public
static
void
checkState
(
String
newState
,
String
originalState
)
{
// 如果原始state为空,表示当前平台未使用state
if
(
StringUtils
.
isEmpty
(
originalState
))
{
return
;
}
// 如果授权之前使用了state,但是回调时未返回state,则表示当前请求为非法的请求,可能正在被CSRF攻击
if
(
StringUtils
.
isEmpty
(
newState
))
{
throw
new
AuthException
(
AuthResponseStatus
.
ILLEGAL_REQUEST
);
}
// 如果授权前后的state不一致,则表示当前请求为非法的请求,新的state可能为伪造
if
(!
newState
.
equals
(
originalState
))
{
throw
new
AuthException
(
AuthResponseStatus
.
ILLEGAL_REQUEST
);
}
}
}
src/main/java/me/zhyd/oauth/utils/AuthState.java
已删除
100644 → 0
浏览文件 @
7f725b57
package
me.zhyd.oauth.utils
;
import
cn.hutool.core.codec.Base64
;
import
cn.hutool.core.util.RandomUtil
;
import
com.alibaba.fastjson.JSON
;
import
lombok.extern.slf4j.Slf4j
;
import
me.zhyd.oauth.config.AuthSource
;
import
me.zhyd.oauth.exception.AuthException
;
import
me.zhyd.oauth.model.AuthResponseStatus
;
import
java.nio.charset.Charset
;
import
java.util.concurrent.ConcurrentHashMap
;
/**
* state工具,负责创建、获取和删除state
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @version 1.0
* @since 1.8
*/
@Slf4j
public
class
AuthState
{
/**
* 空字符串
*/
private
static
final
String
EMPTY_STR
=
""
;
/**
* state存储器
*/
private
static
ConcurrentHashMap
<
String
,
String
>
stateBucket
=
new
ConcurrentHashMap
<>();
/**
* 生成随机的state
*
* @param source oauth平台
* @return state
*/
public
static
String
create
(
AuthSource
source
)
{
return
create
(
source
.
name
());
}
/**
* 生成随机的state
*
* @param source oauth平台
* @return state
*/
public
static
String
create
(
String
source
)
{
return
create
(
source
,
RandomUtil
.
randomString
(
4
));
}
/**
* 创建state
*
* @param source oauth平台
* @param body 希望加密到state的消息体
* @return state
*/
public
static
String
create
(
AuthSource
source
,
Object
body
)
{
return
create
(
source
,
JSON
.
toJSONString
(
body
));
}
/**
* 创建state
*
* @param source oauth平台
* @param body 希望加密到state的消息体
* @return state
*/
public
static
String
create
(
String
source
,
Object
body
)
{
return
create
(
source
,
JSON
.
toJSONString
(
body
));
}
/**
* 创建state
*
* @param source oauth平台
* @param body 希望加密到state的消息体
* @return state
*/
public
static
String
create
(
AuthSource
source
,
String
body
)
{
return
create
(
source
.
name
(),
body
);
}
/**
* 创建state
*
* @param source oauth平台
* @param body 希望加密到state的消息体
* @return state
*/
public
static
String
create
(
String
source
,
String
body
)
{
String
currentIp
=
getCurrentIp
();
String
simpleKey
=
((
source
+
currentIp
));
String
key
=
Base64
.
encode
(
simpleKey
.
getBytes
(
Charset
.
forName
(
"UTF-8"
)));
log
.
debug
(
"Create the state: ip={}, platform={}, simpleKey={}, key={}, body={}"
,
currentIp
,
source
,
simpleKey
,
key
,
body
);
if
(
stateBucket
.
containsKey
(
key
))
{
log
.
debug
(
"Get from bucket: {}"
,
stateBucket
.
get
(
key
));
return
stateBucket
.
get
(
key
);
}
String
simpleState
=
source
+
"_"
+
currentIp
+
"_"
+
body
;
String
state
=
Base64
.
encode
(
simpleState
.
getBytes
(
Charset
.
forName
(
"UTF-8"
)));
log
.
debug
(
"Create a new state: {}"
,
state
,
simpleState
);
stateBucket
.
put
(
key
,
state
);
return
state
;
}
/**
* 获取state
*
* @param source oauth平台
* @return state
*/
public
static
String
get
(
AuthSource
source
)
{
return
get
(
source
.
name
());
}
/**
* 获取state
*
* @param source oauth平台
* @return state
*/
public
static
String
get
(
String
source
)
{
String
currentIp
=
getCurrentIp
();
String
simpleKey
=
((
source
+
currentIp
));
String
key
=
Base64
.
encode
(
simpleKey
.
getBytes
(
Charset
.
forName
(
"UTF-8"
)));
log
.
debug
(
"Get state by the key[{}], current ip[{}]"
,
key
,
currentIp
);
return
stateBucket
.
get
(
key
);
}
/**
* 获取state中保存的body内容
*
* @param source oauth平台
* @param state 加密后的state
* @param clazz body的实际类型
* @param <T> 需要转换的具体的class类型
* @return state
*/
public
static
<
T
>
T
getBody
(
AuthSource
source
,
String
state
,
Class
<
T
>
clazz
)
{
return
getBody
(
source
.
name
(),
state
,
clazz
);
}
/**
* 获取state中保存的body内容
*
* @param source oauth平台
* @param state 加密后的state
* @param clazz body的实际类型
* @param <T> 需要转换的具体的class类型
* @return state
*/
public
static
<
T
>
T
getBody
(
String
source
,
String
state
,
Class
<
T
>
clazz
)
{
if
(
StringUtils
.
isEmpty
(
state
)
||
null
==
clazz
)
{
return
null
;
}
log
.
debug
(
"Get body from the state[{}] of the {} and convert it to {}"
,
state
,
source
,
clazz
.
toString
());
String
currentIp
=
getCurrentIp
();
String
decodedState
=
Base64
.
decodeStr
(
state
);
log
.
debug
(
"The decoded state is [{}]"
,
decodedState
);
if
(!
decodedState
.
startsWith
(
source
))
{
return
null
;
}
String
noneSourceState
=
decodedState
.
substring
(
source
.
length
()
+
1
);
if
(!
noneSourceState
.
startsWith
(
currentIp
))
{
// ip不相同,可能为非法的请求
throw
new
AuthException
(
AuthResponseStatus
.
ILLEGAL_REQUEST
);
}
String
body
=
noneSourceState
.
substring
(
currentIp
.
length
()
+
1
);
log
.
debug
(
"body is [{}]"
,
body
);
if
(
clazz
==
String
.
class
)
{
return
(
T
)
body
;
}
if
(
clazz
==
Integer
.
class
)
{
return
(
T
)
Integer
.
valueOf
(
Integer
.
parseInt
(
body
));
}
if
(
clazz
==
Long
.
class
)
{
return
(
T
)
Long
.
valueOf
(
Long
.
parseLong
(
body
));
}
if
(
clazz
==
Short
.
class
)
{
return
(
T
)
Short
.
valueOf
(
Short
.
parseShort
(
body
));
}
if
(
clazz
==
Double
.
class
)
{
return
(
T
)
Double
.
valueOf
(
Double
.
parseDouble
(
body
));
}
if
(
clazz
==
Float
.
class
)
{
return
(
T
)
Float
.
valueOf
(
Float
.
parseFloat
(
body
));
}
if
(
clazz
==
Boolean
.
class
)
{
return
(
T
)
Boolean
.
valueOf
(
Boolean
.
parseBoolean
(
body
));
}
if
(
clazz
==
Byte
.
class
)
{
return
(
T
)
Byte
.
valueOf
(
Byte
.
parseByte
(
body
));
}
return
JSON
.
parseObject
(
body
,
clazz
);
}
/**
* 登录成功后,清除state
*
* @param source oauth平台
*/
public
static
void
delete
(
String
source
)
{
String
currentIp
=
getCurrentIp
();
String
simpleKey
=
((
source
+
currentIp
));
String
key
=
Base64
.
encode
(
simpleKey
.
getBytes
(
Charset
.
forName
(
"UTF-8"
)));
log
.
debug
(
"Delete used state[{}] by the key[{}], current ip[{}]"
,
stateBucket
.
get
(
key
),
key
,
currentIp
);
stateBucket
.
remove
(
key
);
}
/**
* 登录成功后,清除state
*
* @param source oauth平台
*/
public
static
void
delete
(
AuthSource
source
)
{
delete
(
source
.
name
());
}
private
static
String
getCurrentIp
()
{
String
currentIp
=
IpUtils
.
getIp
();
return
StringUtils
.
isEmpty
(
currentIp
)
?
EMPTY_STR
:
currentIp
;
}
}
src/test/java/me/zhyd/oauth/AuthRequestTest.java
浏览文件 @
55c4b391
...
...
@@ -16,13 +16,12 @@ public class AuthRequestTest {
@Test
public
void
giteeTest
()
{
AuthRequest
authRequest
=
new
AuthGiteeRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
authRequest
.
authorize
();
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -30,13 +29,12 @@ public class AuthRequestTest {
@Test
public
void
githubTest
()
{
AuthRequest
authRequest
=
new
AuthGithubRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
authRequest
.
authorize
();
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -44,12 +42,12 @@ public class AuthRequestTest {
@Test
public
void
weiboTest
()
{
AuthRequest
authRequest
=
new
AuthWeiboRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
authRequest
.
authorize
();
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -57,13 +55,12 @@ public class AuthRequestTest {
@Test
public
void
dingdingTest
()
{
AuthRequest
authRequest
=
new
AuthDingTalkRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -71,13 +68,12 @@ public class AuthRequestTest {
@Test
public
void
baiduTest
()
{
AuthRequest
authRequest
=
new
AuthBaiduRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -85,13 +81,12 @@ public class AuthRequestTest {
@Test
public
void
codingTest
()
{
AuthRequest
authRequest
=
new
AuthCodingRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -99,13 +94,12 @@ public class AuthRequestTest {
@Test
public
void
tencentCloudTest
()
{
AuthRequest
authRequest
=
new
AuthTencentCloudRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -113,13 +107,12 @@ public class AuthRequestTest {
@Test
public
void
oschinaTest
()
{
AuthRequest
authRequest
=
new
AuthOschinaRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -127,14 +120,13 @@ public class AuthRequestTest {
@Test
public
void
alipayTest
()
{
AuthRequest
authRequest
=
new
AuthAlipayRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
alipayPublicKey
(
"publicKey"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
alipayPublicKey
(
"publicKey"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
AuthResponse
login
=
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -142,13 +134,12 @@ public class AuthRequestTest {
@Test
public
void
qqTest
()
{
AuthRequest
authRequest
=
new
AuthQqRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
AuthResponse
login
=
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -156,13 +147,12 @@ public class AuthRequestTest {
@Test
public
void
wechatTest
()
{
AuthRequest
authRequest
=
new
AuthWeChatRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
AuthResponse
login
=
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -170,13 +160,12 @@ public class AuthRequestTest {
@Test
public
void
taobaoTest
()
{
AuthRequest
authRequest
=
new
AuthTaobaoRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
AuthResponse
login
=
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -184,13 +173,12 @@ public class AuthRequestTest {
@Test
public
void
googleTest
()
{
AuthRequest
authRequest
=
new
AuthGoogleRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
AuthResponse
login
=
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -198,13 +186,12 @@ public class AuthRequestTest {
@Test
public
void
facebookTest
()
{
AuthRequest
authRequest
=
new
AuthFacebookRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
AuthResponse
login
=
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -212,13 +199,12 @@ public class AuthRequestTest {
@Test
public
void
douyinTest
()
{
AuthRequest
authRequest
=
new
AuthDouyinRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
AuthResponse
login
=
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -226,13 +212,12 @@ public class AuthRequestTest {
@Test
public
void
linkedinTest
()
{
AuthRequest
authRequest
=
new
AuthLinkedinRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
AuthResponse
login
=
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -240,13 +225,12 @@ public class AuthRequestTest {
@Test
public
void
microsoftTest
()
{
AuthRequest
authRequest
=
new
AuthMicrosoftRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
AuthResponse
login
=
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -254,13 +238,12 @@ public class AuthRequestTest {
@Test
public
void
miTest
()
{
AuthRequest
authRequest
=
new
AuthMiRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
AuthResponse
login
=
authRequest
.
login
(
new
AuthCallback
());
}
...
...
@@ -268,13 +251,12 @@ public class AuthRequestTest {
@Test
public
void
toutiaoTest
()
{
AuthRequest
authRequest
=
new
AuthToutiaoRequest
(
AuthConfig
.
builder
()
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
state
(
"state"
)
.
build
());
.
clientId
(
"clientId"
)
.
clientSecret
(
"clientSecret"
)
.
redirectUri
(
"redirectUri"
)
.
build
());
// 返回授权页面,可自行跳转
String
url
=
authRequest
.
authorize
(
);
authRequest
.
authorize
(
"state"
);
// 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参
AuthResponse
login
=
authRequest
.
login
(
new
AuthCallback
());
}
...
...
src/test/java/me/zhyd/oauth/utils/AuthStateTest.java
已删除
100644 → 0
浏览文件 @
7f725b57
package
me.zhyd.oauth.utils
;
import
cn.hutool.core.date.DatePattern
;
import
cn.hutool.core.date.DateUtil
;
import
me.zhyd.oauth.config.AuthConfig
;
import
org.junit.Assert
;
import
org.junit.Test
;
import
java.util.*
;
public
class
AuthStateTest
{
/**
* step1 生成state: 预期创建一个新的state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV9yM3ll
*
* step2 重复生成state: 预期从bucket中返回一个可用的state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV9yM3ll
*
* step3 获取state: 预期获取上面生成的state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV9yM3ll
*
* step4 删除state: 预期删除掉上面创建的state...
*
* step5 重新获取state: 预期返回null...
* null
*/
@Test
public
void
usage
()
{
String
source
=
"github"
;
System
.
out
.
println
(
"\nstep1 生成state: 预期创建一个新的state..."
);
String
state
=
AuthState
.
create
(
source
);
System
.
out
.
println
(
state
);
System
.
out
.
println
(
"\nstep2 重复生成state: 预期从bucket中返回一个可用的state..."
);
String
recreateState
=
AuthState
.
create
(
source
);
System
.
out
.
println
(
recreateState
);
Assert
.
assertEquals
(
state
,
recreateState
);
System
.
out
.
println
(
"\nstep3 获取state: 预期获取上面生成的state..."
);
String
stateByBucket
=
AuthState
.
get
(
source
);
System
.
out
.
println
(
stateByBucket
);
Assert
.
assertEquals
(
state
,
stateByBucket
);
System
.
out
.
println
(
"\nstep4 删除state: 预期删除掉上面创建的state..."
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\nstep5 重新获取state: 预期返回null..."
);
String
deletedState
=
AuthState
.
get
(
source
);
System
.
out
.
println
(
deletedState
);
Assert
.
assertNull
(
deletedState
);
}
/**
* 通过随机字符串生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV9wdnAy
*
* 通过传入自定义的字符串生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV/ov5nmmK/kuIDkuKrlrZfnrKbkuLI=
*
* 通过传入数字生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV8xMTE=
*
* 通过传入日期生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV8xNTQ2MzE1OTMyMDAw
*
* 通过传入map生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV97InVzZXJUb2tlbiI6Inh4eHh4IiwidXNlcklkIjoxfQ==
*
* 通过传入List生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV9bInh4eHgiLCJ4eHh4eHh4eCJd
*
* 通过传入实体类生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV97ImNsaWVudElkIjoieHh4eHgiLCJjbGllbnRTZWNyZXQiOiJ4eHh4eCIsInVuaW9uSWQiOmZhbHNlfQ==
*/
@Test
public
void
create
()
{
String
source
=
"github"
;
System
.
out
.
println
(
"\n通过随机字符串生成state..."
);
String
state
=
AuthState
.
create
(
source
);
System
.
out
.
println
(
state
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\n通过传入自定义的字符串生成state..."
);
String
stringBody
=
"这是一个字符串"
;
String
stringState
=
AuthState
.
create
(
source
,
stringBody
);
System
.
out
.
println
(
stringState
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\n通过传入数字生成state..."
);
Integer
numberBody
=
111
;
String
numberState
=
AuthState
.
create
(
source
,
numberBody
);
System
.
out
.
println
(
numberState
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\n通过传入日期生成state..."
);
Date
dateBody
=
DateUtil
.
parse
(
"2019-01-01 12:12:12"
,
DatePattern
.
NORM_DATETIME_PATTERN
);
String
dateState
=
AuthState
.
create
(
source
,
dateBody
);
System
.
out
.
println
(
dateState
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\n通过传入map生成state..."
);
Map
<
String
,
Object
>
mapBody
=
new
HashMap
<>();
mapBody
.
put
(
"userId"
,
1
);
mapBody
.
put
(
"userToken"
,
"xxxxx"
);
String
mapState
=
AuthState
.
create
(
source
,
mapBody
);
System
.
out
.
println
(
mapState
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\n通过传入List生成state..."
);
List
<
String
>
listBody
=
new
ArrayList
<>();
listBody
.
add
(
"xxxx"
);
listBody
.
add
(
"xxxxxxxx"
);
String
listState
=
AuthState
.
create
(
source
,
listBody
);
System
.
out
.
println
(
listState
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\n通过传入实体类生成state..."
);
AuthConfig
entityBody
=
AuthConfig
.
builder
()
.
clientId
(
"xxxxx"
)
.
clientSecret
(
"xxxxx"
)
.
build
();
String
entityState
=
AuthState
.
create
(
source
,
entityBody
);
System
.
out
.
println
(
entityState
);
AuthState
.
delete
(
source
);
}
/**
* 通过随机字符串生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV9kaWNn
* dicg
*
* 通过传入自定义的字符串生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV/ov5nmmK/kuIDkuKrlrZfnrKbkuLI=
* 这是一个字符串
*
* 通过传入数字生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV8xMTE=
* 111
*
* 通过传入日期生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV8xNTQ2MzE1OTMyMDAw
* Tue Jan 01 12:12:12 CST 2019
*
* 通过传入map生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV97InVzZXJUb2tlbiI6Inh4eHh4IiwidXNlcklkIjoxfQ==
* {userToken=xxxxx, userId=1}
*
* 通过传入List生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV9bInh4eHgiLCJ4eHh4eHh4eCJd
* [xxxx, xxxxxxxx]
*
* 通过传入实体类生成state...
* Z2l0aHViXzE5Mi4xNjguMTkuMV97ImNsaWVudElkIjoieHh4eHgiLCJjbGllbnRTZWNyZXQiOiJ4eHh4eCIsInVuaW9uSWQiOmZhbHNlfQ==
* me.zhyd.oauth.config.AuthConfig@725bef66
*/
@Test
public
void
getBody
()
{
String
source
=
"github"
;
System
.
out
.
println
(
"\n通过随机字符串生成state..."
);
String
state
=
AuthState
.
create
(
source
);
System
.
out
.
println
(
state
);
String
body
=
AuthState
.
getBody
(
source
,
state
,
String
.
class
);
System
.
out
.
println
(
body
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\n通过传入自定义的字符串生成state..."
);
String
stringBody
=
"这是一个字符串"
;
String
stringState
=
AuthState
.
create
(
source
,
stringBody
);
System
.
out
.
println
(
stringState
);
stringBody
=
AuthState
.
getBody
(
source
,
stringState
,
String
.
class
);
System
.
out
.
println
(
stringBody
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\n通过传入数字生成state..."
);
Integer
numberBody
=
111
;
String
numberState
=
AuthState
.
create
(
source
,
numberBody
);
System
.
out
.
println
(
numberState
);
numberBody
=
AuthState
.
getBody
(
source
,
numberState
,
Integer
.
class
);
System
.
out
.
println
(
numberBody
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\n通过传入日期生成state..."
);
Date
dateBody
=
DateUtil
.
parse
(
"2019-01-01 12:12:12"
,
DatePattern
.
NORM_DATETIME_PATTERN
);
String
dateState
=
AuthState
.
create
(
source
,
dateBody
);
System
.
out
.
println
(
dateState
);
dateBody
=
AuthState
.
getBody
(
source
,
dateState
,
Date
.
class
);
System
.
out
.
println
(
dateBody
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\n通过传入map生成state..."
);
Map
<
String
,
Object
>
mapBody
=
new
HashMap
<>();
mapBody
.
put
(
"userId"
,
1
);
mapBody
.
put
(
"userToken"
,
"xxxxx"
);
String
mapState
=
AuthState
.
create
(
source
,
mapBody
);
System
.
out
.
println
(
mapState
);
mapBody
=
AuthState
.
getBody
(
source
,
mapState
,
Map
.
class
);
System
.
out
.
println
(
mapBody
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\n通过传入List生成state..."
);
List
<
String
>
listBody
=
new
ArrayList
<>();
listBody
.
add
(
"xxxx"
);
listBody
.
add
(
"xxxxxxxx"
);
String
listState
=
AuthState
.
create
(
source
,
listBody
);
System
.
out
.
println
(
listState
);
listBody
=
AuthState
.
getBody
(
source
,
listState
,
List
.
class
);
System
.
out
.
println
(
listBody
);
AuthState
.
delete
(
source
);
System
.
out
.
println
(
"\n通过传入实体类生成state..."
);
AuthConfig
entityBody
=
AuthConfig
.
builder
()
.
clientId
(
"xxxxx"
)
.
clientSecret
(
"xxxxx"
)
.
build
();
String
entityState
=
AuthState
.
create
(
source
,
entityBody
);
System
.
out
.
println
(
entityState
);
entityBody
=
AuthState
.
getBody
(
source
,
entityState
,
AuthConfig
.
class
);
System
.
out
.
println
(
entityBody
);
AuthState
.
delete
(
source
);
}
@Test
public
void
getErrorStateBody
()
{
String
source
=
"github"
;
String
state
=
"1111111111111111111111111111111"
;
String
body
=
AuthState
.
getBody
(
source
,
state
,
String
.
class
);
System
.
out
.
println
(
body
);
AuthState
.
delete
(
source
);
}
}
\ No newline at end of file
src/test/java/me/zhyd/oauth/utils/UrlBuilderTest.java
浏览文件 @
55c4b391
...
...
@@ -3,7 +3,6 @@ package me.zhyd.oauth.utils;
import
me.zhyd.oauth.config.AuthConfig
;
import
me.zhyd.oauth.config.AuthSource
;
import
me.zhyd.oauth.request.AuthWeChatRequest
;
import
org.junit.Assert
;
import
org.junit.Test
;
/**
...
...
@@ -21,18 +20,17 @@ public class UrlBuilderTest {
.
clientId
(
"appid-110110110"
)
.
clientSecret
(
"secret-110110110"
)
.
redirectUri
(
"https://xkcoding.com"
)
.
state
(
AuthState
.
create
(
AuthSource
.
WECHAT
))
.
build
();
String
build
=
UrlBuilder
.
fromBaseUrl
(
AuthSource
.
WECHAT
.
authorize
())
.
queryParam
(
"appid"
,
config
.
getClientId
())
.
queryParam
(
"redirect_uri"
,
config
.
getRedirectUri
())
.
queryParam
(
"response_type"
,
"code"
)
.
queryParam
(
"scope"
,
"snsapi_login"
)
.
queryParam
(
"state"
,
config
.
getState
().
concat
(
"#wechat_redirect"
)
)
.
queryParam
(
"state"
,
""
)
.
build
(
false
);
System
.
out
.
println
(
build
);
AuthWeChatRequest
request
=
new
AuthWeChatRequest
(
config
);
String
authorize
=
request
.
authorize
();
Assert
.
assertEquals
(
build
,
authorize
);
AuthState
.
delete
(
AuthSource
.
WECHAT
);
String
authorize
=
request
.
authorize
(
"state"
);
System
.
out
.
println
(
authorize
);
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录