AuthTwitterRequest.java 7.2 KB
Newer Older
H
Hongwei Peng 已提交
1 2 3
package me.zhyd.oauth.request;

import com.alibaba.fastjson.JSONObject;
4 5 6 7
import com.xkcoding.http.HttpUtil;
import com.xkcoding.http.constants.Constants;
import com.xkcoding.http.support.HttpHeader;
import com.xkcoding.http.util.MapUtil;
H
Hongwei Peng 已提交
8 9 10 11 12
import me.zhyd.oauth.cache.AuthStateCache;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
13
import me.zhyd.oauth.utils.GlobalAuthUtils;
H
Hongwei Peng 已提交
14 15 16 17 18 19
import me.zhyd.oauth.utils.UrlBuilder;

import java.util.HashMap;
import java.util.Map;

import static me.zhyd.oauth.config.AuthDefaultSource.TWITTER;
20 21
import static me.zhyd.oauth.utils.GlobalAuthUtils.generateTwitterSignature;
import static me.zhyd.oauth.utils.GlobalAuthUtils.urlEncode;
H
Hongwei Peng 已提交
22 23 24 25 26

/**
 * Twitter登录
 *
 * @author hongwei.peng (pengisgood(at)gmail(dot)com)
智布道's avatar
智布道 已提交
27
 * @since 1.13.0
H
Hongwei Peng 已提交
28 29 30
 */
public class AuthTwitterRequest extends AuthDefaultRequest {

H
Hongwei Peng 已提交
31 32
    private static final String PREAMBLE = "OAuth";

H
Hongwei Peng 已提交
33 34 35 36 37 38 39 40
    public AuthTwitterRequest(AuthConfig config) {
        super(config, TWITTER);
    }

    public AuthTwitterRequest(AuthConfig config, AuthStateCache authStateCache) {
        super(config, TWITTER, authStateCache);
    }

41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
    /**
     * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state}
     *
     * @param state state 验证授权流程的参数,可以防止csrf
     * @return 返回授权地址
     * @since 1.9.3
     */
    @Override
    public String authorize(String state) {
        AuthToken token  = this.getRequestToken();
        return UrlBuilder.fromBaseUrl(source.authorize())
            .queryParam("oauth_token", token.getOauthToken())
            .build();
    }

H
Hongwei Peng 已提交
56 57 58 59 60 61 62 63 64
    /**
     * Obtaining a request token
     * https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter
     *
     * @return request token
     */
    public AuthToken getRequestToken() {
        String baseUrl = "https://api.twitter.com/oauth/request_token";

65
        Map<String, String> oauthParams = buildOauthParams();
H
Hongwei Peng 已提交
66 67
        oauthParams.put("oauth_callback", config.getRedirectUri());
        oauthParams.put("oauth_signature", generateTwitterSignature(oauthParams, "POST", baseUrl, config.getClientSecret(), null));
H
Hongwei Peng 已提交
68
        String header = buildHeader(oauthParams);
H
Hongwei Peng 已提交
69

70 71
        HttpHeader httpHeader = new HttpHeader();
        httpHeader.add("Authorization", header);
72 73 74
        httpHeader.add("User-Agent", "themattharris' HTTP Client");
        httpHeader.add("Host", "api.twitter.com");
        httpHeader.add("Accept", "*/*");
75 76 77
        String requestToken = HttpUtil.post(baseUrl, null, httpHeader);

        Map<String, String> res = MapUtil.parseStringToMap(requestToken, false);
H
Hongwei Peng 已提交
78 79

        return AuthToken.builder()
80 81 82
            .oauthToken(res.get("oauth_token"))
            .oauthTokenSecret(res.get("oauth_token_secret"))
            .oauthCallbackConfirmed(Boolean.valueOf(res.get("oauth_callback_confirmed")))
H
Hongwei Peng 已提交
83 84 85 86 87 88 89 90 91 92 93
            .build();
    }

    /**
     * Convert request token to access token
     * https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter
     *
     * @return access token
     */
    @Override
    protected AuthToken getAccessToken(AuthCallback authCallback) {
94
        Map<String, String> oauthParams = buildOauthParams();
95 96
        oauthParams.put("oauth_token", authCallback.getOauth_token());
        oauthParams.put("oauth_verifier", authCallback.getOauth_verifier());
97
        oauthParams.put("oauth_signature", generateTwitterSignature(oauthParams, "POST", source.accessToken(), config.getClientSecret(), authCallback
98
            .getOauth_token()));
H
Hongwei Peng 已提交
99
        String header = buildHeader(oauthParams);
H
Hongwei Peng 已提交
100

101 102 103 104 105
        HttpHeader httpHeader = new HttpHeader();
        httpHeader.add("Authorization", header);
        httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded");

        Map<String, String> form = new HashMap<>(1);
106
        form.put("oauth_verifier", authCallback.getOauth_verifier());
107 108 109
        String response = HttpUtil.post(source.accessToken(), form, httpHeader, false);

        Map<String, String> requestToken = MapUtil.parseStringToMap(response, false);
H
Hongwei Peng 已提交
110 111

        return AuthToken.builder()
112 113 114 115
            .oauthToken(requestToken.get("oauth_token"))
            .oauthTokenSecret(requestToken.get("oauth_token_secret"))
            .userId(requestToken.get("user_id"))
            .screenName(requestToken.get("screen_name"))
H
Hongwei Peng 已提交
116 117 118 119 120
            .build();
    }

    @Override
    protected AuthUser getUserInfo(AuthToken authToken) {
121
        Map<String, String> queryParams = new HashMap<>();
H
Hongwei Peng 已提交
122 123
        queryParams.put("user_id", authToken.getUserId());
        queryParams.put("screen_name", authToken.getScreenName());
124
        queryParams.put("include_entities", Boolean.toString(true));
H
Hongwei Peng 已提交
125

126
        Map<String, String> oauthParams = buildOauthParams();
H
Hongwei Peng 已提交
127 128
        oauthParams.put("oauth_token", authToken.getOauthToken());

129
        Map<String, String> params = new HashMap<>(oauthParams);
H
Hongwei Peng 已提交
130
        params.putAll(queryParams);
131 132
        oauthParams.put("oauth_signature", generateTwitterSignature(params, "GET", source.userInfo(), config.getClientSecret(), authToken
            .getOauthTokenSecret()));
H
Hongwei Peng 已提交
133
        String header = buildHeader(oauthParams);
134 135 136 137 138

        HttpHeader httpHeader = new HttpHeader();
        httpHeader.add("Authorization", header);
        String response = HttpUtil.get(userInfoUrl(authToken), null, httpHeader, false);
        JSONObject userInfo = JSONObject.parseObject(response);
H
Hongwei Peng 已提交
139 140 141 142 143 144 145 146 147

        return AuthUser.builder()
            .uuid(userInfo.getString("id_str"))
            .username(userInfo.getString("screen_name"))
            .nickname(userInfo.getString("name"))
            .remark(userInfo.getString("description"))
            .avatar(userInfo.getString("profile_image_url_https"))
            .blog(userInfo.getString("url"))
            .location(userInfo.getString("location"))
148
            .avatar(userInfo.getString("profile_image_url"))
H
Hongwei Peng 已提交
149 150 151 152 153 154 155 156 157 158 159 160 161 162
            .source(source.toString())
            .token(authToken)
            .build();
    }

    @Override
    protected String userInfoUrl(AuthToken authToken) {
        return UrlBuilder.fromBaseUrl(source.userInfo())
            .queryParam("user_id", authToken.getUserId())
            .queryParam("screen_name", authToken.getScreenName())
            .queryParam("include_entities", true)
            .build();
    }

163 164
    private Map<String, String> buildOauthParams() {
        Map<String, String> params = new HashMap<>(5);
H
Hongwei Peng 已提交
165
        params.put("oauth_consumer_key", config.getClientId());
166
        params.put("oauth_nonce", GlobalAuthUtils.generateNonce(32));
H
Hongwei Peng 已提交
167
        params.put("oauth_signature_method", "HMAC-SHA1");
168
        params.put("oauth_timestamp", GlobalAuthUtils.getTimestamp());
H
Hongwei Peng 已提交
169 170 171 172
        params.put("oauth_version", "1.0");
        return params;
    }

173
    private String buildHeader(Map<String, String> oauthParams) {
174
        final StringBuilder sb = new StringBuilder(PREAMBLE + " ");
H
Hongwei Peng 已提交
175

176
        for (Map.Entry<String, String> param : oauthParams.entrySet()) {
177
            sb.append(param.getKey()).append("=\"").append(urlEncode(param.getValue())).append('"').append(", ");
H
Hongwei Peng 已提交
178 179
        }

180
        return sb.deleteCharAt(sb.length() - 2).toString();
H
Hongwei Peng 已提交
181
    }
H
Hongwei Peng 已提交
182
}