diff --git a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java index 6eb936d986ef2f8196ee9a7cc19a2fddff71533b..06f36bf7657a478cb7831ee40fc582fdbf9f6255 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java @@ -32,7 +32,12 @@ public class AuthBaiduRequest extends BaseAuthRequest { if (AuthBaiduErrorCode.OK != errorCode) { throw new AuthException(errorCode.getDesc()); } - return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build(); + return AuthToken.builder() + .accessToken(accessTokenObject.getString("access_token")) + .refreshToken(accessTokenObject.getString("refresh_token")) + .scope(accessTokenObject.getString("scope")) + .expireIn(accessTokenObject.getIntValue("expires_in")) + .build(); } @Override diff --git a/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java index 48333849a559c8c74010e4ce26034982254d1895..192f6842832d3b23ca5c922bbb34d8fc327718ac 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java @@ -66,6 +66,6 @@ public class AuthGiteeRequest extends BaseAuthRequest { */ @Override public String authorize() { - return UrlBuilder.getGiteeAuthorizeUrl(config.getClientId(), config.getRedirectUri()); + return UrlBuilder.getGiteeAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState()); } } diff --git a/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java index d7245a96059477033261e58a1a5ca2b11434e2a9..bd60e1afb67f76cf0c4c16491bbfd4587524381d 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java @@ -30,7 +30,7 @@ public class AuthGithubRequest extends BaseAuthRequest { @Override protected AuthToken getAccessToken(AuthCallback authCallback) { - String accessTokenUrl = UrlBuilder.getGithubAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config.getRedirectUri(), config.getState()); + String accessTokenUrl = UrlBuilder.getGithubAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config.getRedirectUri()); HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); Map res = GlobalAuthUtil.parseStringToMap(response.body()); if (res.containsKey("error")) { diff --git a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java index 8df5de44ceceddfb73914ff7fe2cb45f3f9480d6..2f0492b655dbba4466b50f6b8f3c4deed2caac9f 100644 --- a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java +++ b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java @@ -13,7 +13,7 @@ import java.text.MessageFormat; */ public class UrlBuilder { - private static final String GITHUB_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}&state={5}"; + private static final String GITHUB_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}"; private static final String GITHUB_USER_INFO_PATTERN = "{0}?access_token={1}"; private static final String GITHUB_AUTHORIZE_PATTERN = "{0}?client_id={1}&redirect_uri={2}&state={3}"; @@ -27,7 +27,7 @@ public class UrlBuilder { private static final String GITEE_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}"; private static final String GITEE_USER_INFO_PATTERN = "{0}?access_token={1}"; - private static final String GITEE_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}"; + private static final String GITEE_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&state={3}"; private static final String DING_TALK_QRCONNECT_PATTERN = "{0}?appid={1}&response_type=code&scope=snsapi_login&state=STATE&redirect_uri={2}"; private static final String DING_TALK_USER_INFO_PATTERN = "{0}?signature={1}×tamp={2}&accessKey={3}"; @@ -96,6 +96,15 @@ public class UrlBuilder { private static final String TOUTIAO_USER_INFO_PATTERN = "{0}?client_key={1}&access_token={2}"; private static final String TOUTIAO_AUTHORIZE_PATTERN = "{0}?client_key={1}&redirect_uri={2}&state={3}&response_type=code&auth_only=1&display=0"; + /** + * 获取state,如果为空, 则默认去当前日期的时间戳 + * + * @param state state + */ + private static Object getState(String state) { + return StringUtils.isEmpty(state) ? String.valueOf(System.currentTimeMillis()) : state; + } + /** * 获取githubtoken的接口地址 * @@ -103,11 +112,10 @@ public class UrlBuilder { * @param clientSecret github 应用的Client Secret * @param code github 授权前的code,用来换token * @param redirectUri 待跳转的页面 - * @param state 随机字符串,用于保持会话状态,防止CSRF攻击 * @return full url */ - public static String getGithubAccessTokenUrl(String clientId, String clientSecret, String code, String redirectUri, String state) { - return MessageFormat.format(GITHUB_ACCESS_TOKEN_PATTERN, AuthSource.GITHUB.accessToken(), clientId, clientSecret, code, redirectUri, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state); + public static String getGithubAccessTokenUrl(String clientId, String clientSecret, String code, String redirectUri) { + return MessageFormat.format(GITHUB_ACCESS_TOKEN_PATTERN, AuthSource.GITHUB.accessToken(), clientId, clientSecret, code, redirectUri); } /** @@ -129,7 +137,7 @@ public class UrlBuilder { * @return full url */ public static String getGithubAuthorizeUrl(String clientId, String redirectUrl, String state) { - return MessageFormat.format(GITHUB_AUTHORIZE_PATTERN, AuthSource.GITHUB.authorize(), clientId, redirectUrl, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state); + return MessageFormat.format(GITHUB_AUTHORIZE_PATTERN, AuthSource.GITHUB.authorize(), clientId, redirectUrl, getState(state)); } /** @@ -164,7 +172,7 @@ public class UrlBuilder { * @return full url */ public static String getWeiboAuthorizeUrl(String clientId, String redirectUrl, String state) { - return MessageFormat.format(WEIBO_AUTHORIZE_PATTERN, AuthSource.WEIBO.authorize(), clientId, redirectUrl, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state); + return MessageFormat.format(WEIBO_AUTHORIZE_PATTERN, AuthSource.WEIBO.authorize(), clientId, redirectUrl, getState(state)); } /** @@ -195,10 +203,11 @@ public class UrlBuilder { * * @param clientId gitee 应用的Client ID * @param redirectUrl gitee 应用授权成功后的回调地址 + * @param state 随机字符串,用于保持会话状态,防止CSRF攻击 * @return json */ - public static String getGiteeAuthorizeUrl(String clientId, String redirectUrl) { - return MessageFormat.format(GITEE_AUTHORIZE_PATTERN, AuthSource.GITEE.authorize(), clientId, redirectUrl); + public static String getGiteeAuthorizeUrl(String clientId, String redirectUrl, String state) { + return MessageFormat.format(GITEE_AUTHORIZE_PATTERN, AuthSource.GITEE.authorize(), clientId, redirectUrl, getState(state)); } /** diff --git a/update.md b/update.md index 3a37de9147be7893510fb84e5bc988ada338067b..785a3d7ab362401e1c906ebcffd72bd2cac9f29d 100644 --- a/update.md +++ b/update.md @@ -1,3 +1,12 @@ +### 2019/06/28 +1. 修复百度登录获取不到token失效时间的问题 +2. gitee增加state参数校验 + +### 2019/06/27 +1. 修改login方法的参数为AuthCallback,封装回调返回的参数 +2. 支持state参数 +3. 增加code和state参数校验 + ### 2019/06/25 qq授权登录时,需要获取`openId`作为`uuid`,在`1.6.1-beta`和`1.7.0`版本中,引入了`unionId`这一属性。获取`unionid`需要单独向qq团队**发送邮件**申请权限,鉴于这一申请权限的步骤比较麻烦(需要填写的内容比较多),所以在`AuthConfig`中增加了一个`unionId`属性,当为**true**时才会获取unionid,当为false时只获取openId。如果你需要该功能, 则在自行申请了相关权限后,将该属性置为true即可。关于unionId的参考链接:[UnionID介绍](http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D)