Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
justauth
JustAuth
提交
78988555
J
JustAuth
项目概览
justauth
/
JustAuth
1 年多 前同步成功
通知
391
Star
15212
Fork
2708
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
JustAuth
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
提交
78988555
编写于
6月 28, 2019
作者:
智布道
👁
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
🍻
完善百度登录,增加gitee登录的state校验
上级
ac4ede74
变更
5
显示空白变更内容
内联
并排
Showing
5 changed file
with
35 addition
and
12 deletion
+35
-12
src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
+6
-1
src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java
src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java
+1
-1
src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java
src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java
+1
-1
src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
+18
-9
update.md
update.md
+9
-0
未找到文件。
src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
浏览文件 @
78988555
...
@@ -32,7 +32,12 @@ public class AuthBaiduRequest extends BaseAuthRequest {
...
@@ -32,7 +32,12 @@ public class AuthBaiduRequest extends BaseAuthRequest {
if
(
AuthBaiduErrorCode
.
OK
!=
errorCode
)
{
if
(
AuthBaiduErrorCode
.
OK
!=
errorCode
)
{
throw
new
AuthException
(
errorCode
.
getDesc
());
throw
new
AuthException
(
errorCode
.
getDesc
());
}
}
return
AuthToken
.
builder
().
accessToken
(
accessTokenObject
.
getString
(
"access_token"
)).
build
();
return
AuthToken
.
builder
()
.
accessToken
(
accessTokenObject
.
getString
(
"access_token"
))
.
refreshToken
(
accessTokenObject
.
getString
(
"refresh_token"
))
.
scope
(
accessTokenObject
.
getString
(
"scope"
))
.
expireIn
(
accessTokenObject
.
getIntValue
(
"expires_in"
))
.
build
();
}
}
@Override
@Override
...
...
src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java
浏览文件 @
78988555
...
@@ -66,6 +66,6 @@ public class AuthGiteeRequest extends BaseAuthRequest {
...
@@ -66,6 +66,6 @@ public class AuthGiteeRequest extends BaseAuthRequest {
*/
*/
@Override
@Override
public
String
authorize
()
{
public
String
authorize
()
{
return
UrlBuilder
.
getGiteeAuthorizeUrl
(
config
.
getClientId
(),
config
.
getRedirectUri
());
return
UrlBuilder
.
getGiteeAuthorizeUrl
(
config
.
getClientId
(),
config
.
getRedirectUri
()
,
config
.
getState
()
);
}
}
}
}
src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java
浏览文件 @
78988555
...
@@ -30,7 +30,7 @@ public class AuthGithubRequest extends BaseAuthRequest {
...
@@ -30,7 +30,7 @@ public class AuthGithubRequest extends BaseAuthRequest {
@Override
@Override
protected
AuthToken
getAccessToken
(
AuthCallback
authCallback
)
{
protected
AuthToken
getAccessToken
(
AuthCallback
authCallback
)
{
String
accessTokenUrl
=
UrlBuilder
.
getGithubAccessTokenUrl
(
config
.
getClientId
(),
config
.
getClientSecret
(),
authCallback
.
getCode
(),
config
.
getRedirectUri
()
,
config
.
getState
()
);
String
accessTokenUrl
=
UrlBuilder
.
getGithubAccessTokenUrl
(
config
.
getClientId
(),
config
.
getClientSecret
(),
authCallback
.
getCode
(),
config
.
getRedirectUri
());
HttpResponse
response
=
HttpRequest
.
post
(
accessTokenUrl
).
execute
();
HttpResponse
response
=
HttpRequest
.
post
(
accessTokenUrl
).
execute
();
Map
<
String
,
String
>
res
=
GlobalAuthUtil
.
parseStringToMap
(
response
.
body
());
Map
<
String
,
String
>
res
=
GlobalAuthUtil
.
parseStringToMap
(
response
.
body
());
if
(
res
.
containsKey
(
"error"
))
{
if
(
res
.
containsKey
(
"error"
))
{
...
...
src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
浏览文件 @
78988555
...
@@ -13,7 +13,7 @@ import java.text.MessageFormat;
...
@@ -13,7 +13,7 @@ import java.text.MessageFormat;
*/
*/
public
class
UrlBuilder
{
public
class
UrlBuilder
{
private
static
final
String
GITHUB_ACCESS_TOKEN_PATTERN
=
"{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}
&state={5}
"
;
private
static
final
String
GITHUB_ACCESS_TOKEN_PATTERN
=
"{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}"
;
private
static
final
String
GITHUB_USER_INFO_PATTERN
=
"{0}?access_token={1}"
;
private
static
final
String
GITHUB_USER_INFO_PATTERN
=
"{0}?access_token={1}"
;
private
static
final
String
GITHUB_AUTHORIZE_PATTERN
=
"{0}?client_id={1}&redirect_uri={2}&state={3}"
;
private
static
final
String
GITHUB_AUTHORIZE_PATTERN
=
"{0}?client_id={1}&redirect_uri={2}&state={3}"
;
...
@@ -27,7 +27,7 @@ public class UrlBuilder {
...
@@ -27,7 +27,7 @@ public class UrlBuilder {
private
static
final
String
GITEE_ACCESS_TOKEN_PATTERN
=
"{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}"
;
private
static
final
String
GITEE_ACCESS_TOKEN_PATTERN
=
"{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}"
;
private
static
final
String
GITEE_USER_INFO_PATTERN
=
"{0}?access_token={1}"
;
private
static
final
String
GITEE_USER_INFO_PATTERN
=
"{0}?access_token={1}"
;
private
static
final
String
GITEE_AUTHORIZE_PATTERN
=
"{0}?client_id={1}&response_type=code&redirect_uri={2}"
;
private
static
final
String
GITEE_AUTHORIZE_PATTERN
=
"{0}?client_id={1}&response_type=code&redirect_uri={2}
&state={3}
"
;
private
static
final
String
DING_TALK_QRCONNECT_PATTERN
=
"{0}?appid={1}&response_type=code&scope=snsapi_login&state=STATE&redirect_uri={2}"
;
private
static
final
String
DING_TALK_QRCONNECT_PATTERN
=
"{0}?appid={1}&response_type=code&scope=snsapi_login&state=STATE&redirect_uri={2}"
;
private
static
final
String
DING_TALK_USER_INFO_PATTERN
=
"{0}?signature={1}×tamp={2}&accessKey={3}"
;
private
static
final
String
DING_TALK_USER_INFO_PATTERN
=
"{0}?signature={1}×tamp={2}&accessKey={3}"
;
...
@@ -96,6 +96,15 @@ public class UrlBuilder {
...
@@ -96,6 +96,15 @@ public class UrlBuilder {
private
static
final
String
TOUTIAO_USER_INFO_PATTERN
=
"{0}?client_key={1}&access_token={2}"
;
private
static
final
String
TOUTIAO_USER_INFO_PATTERN
=
"{0}?client_key={1}&access_token={2}"
;
private
static
final
String
TOUTIAO_AUTHORIZE_PATTERN
=
"{0}?client_key={1}&redirect_uri={2}&state={3}&response_type=code&auth_only=1&display=0"
;
private
static
final
String
TOUTIAO_AUTHORIZE_PATTERN
=
"{0}?client_key={1}&redirect_uri={2}&state={3}&response_type=code&auth_only=1&display=0"
;
/**
* 获取state,如果为空, 则默认去当前日期的时间戳
*
* @param state state
*/
private
static
Object
getState
(
String
state
)
{
return
StringUtils
.
isEmpty
(
state
)
?
String
.
valueOf
(
System
.
currentTimeMillis
())
:
state
;
}
/**
/**
* 获取githubtoken的接口地址
* 获取githubtoken的接口地址
*
*
...
@@ -103,11 +112,10 @@ public class UrlBuilder {
...
@@ -103,11 +112,10 @@ public class UrlBuilder {
* @param clientSecret github 应用的Client Secret
* @param clientSecret github 应用的Client Secret
* @param code github 授权前的code,用来换token
* @param code github 授权前的code,用来换token
* @param redirectUri 待跳转的页面
* @param redirectUri 待跳转的页面
* @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url
* @return full url
*/
*/
public
static
String
getGithubAccessTokenUrl
(
String
clientId
,
String
clientSecret
,
String
code
,
String
redirectUri
,
String
state
)
{
public
static
String
getGithubAccessTokenUrl
(
String
clientId
,
String
clientSecret
,
String
code
,
String
redirectUri
)
{
return
MessageFormat
.
format
(
GITHUB_ACCESS_TOKEN_PATTERN
,
AuthSource
.
GITHUB
.
accessToken
(),
clientId
,
clientSecret
,
code
,
redirectUri
,
StringUtils
.
isEmpty
(
state
)
?
System
.
currentTimeMillis
()
:
state
);
return
MessageFormat
.
format
(
GITHUB_ACCESS_TOKEN_PATTERN
,
AuthSource
.
GITHUB
.
accessToken
(),
clientId
,
clientSecret
,
code
,
redirectUri
);
}
}
/**
/**
...
@@ -129,7 +137,7 @@ public class UrlBuilder {
...
@@ -129,7 +137,7 @@ public class UrlBuilder {
* @return full url
* @return full url
*/
*/
public
static
String
getGithubAuthorizeUrl
(
String
clientId
,
String
redirectUrl
,
String
state
)
{
public
static
String
getGithubAuthorizeUrl
(
String
clientId
,
String
redirectUrl
,
String
state
)
{
return
MessageFormat
.
format
(
GITHUB_AUTHORIZE_PATTERN
,
AuthSource
.
GITHUB
.
authorize
(),
clientId
,
redirectUrl
,
StringUtils
.
isEmpty
(
state
)
?
System
.
currentTimeMillis
()
:
state
);
return
MessageFormat
.
format
(
GITHUB_AUTHORIZE_PATTERN
,
AuthSource
.
GITHUB
.
authorize
(),
clientId
,
redirectUrl
,
getState
(
state
)
);
}
}
/**
/**
...
@@ -164,7 +172,7 @@ public class UrlBuilder {
...
@@ -164,7 +172,7 @@ public class UrlBuilder {
* @return full url
* @return full url
*/
*/
public
static
String
getWeiboAuthorizeUrl
(
String
clientId
,
String
redirectUrl
,
String
state
)
{
public
static
String
getWeiboAuthorizeUrl
(
String
clientId
,
String
redirectUrl
,
String
state
)
{
return
MessageFormat
.
format
(
WEIBO_AUTHORIZE_PATTERN
,
AuthSource
.
WEIBO
.
authorize
(),
clientId
,
redirectUrl
,
StringUtils
.
isEmpty
(
state
)
?
System
.
currentTimeMillis
()
:
state
);
return
MessageFormat
.
format
(
WEIBO_AUTHORIZE_PATTERN
,
AuthSource
.
WEIBO
.
authorize
(),
clientId
,
redirectUrl
,
getState
(
state
)
);
}
}
/**
/**
...
@@ -195,10 +203,11 @@ public class UrlBuilder {
...
@@ -195,10 +203,11 @@ public class UrlBuilder {
*
*
* @param clientId gitee 应用的Client ID
* @param clientId gitee 应用的Client ID
* @param redirectUrl gitee 应用授权成功后的回调地址
* @param redirectUrl gitee 应用授权成功后的回调地址
* @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return json
* @return json
*/
*/
public
static
String
getGiteeAuthorizeUrl
(
String
clientId
,
String
redirectUrl
)
{
public
static
String
getGiteeAuthorizeUrl
(
String
clientId
,
String
redirectUrl
,
String
state
)
{
return
MessageFormat
.
format
(
GITEE_AUTHORIZE_PATTERN
,
AuthSource
.
GITEE
.
authorize
(),
clientId
,
redirectUrl
);
return
MessageFormat
.
format
(
GITEE_AUTHORIZE_PATTERN
,
AuthSource
.
GITEE
.
authorize
(),
clientId
,
redirectUrl
,
getState
(
state
)
);
}
}
/**
/**
...
...
update.md
浏览文件 @
78988555
### 2019/06/28
1.
修复百度登录获取不到token失效时间的问题
2.
gitee增加state参数校验
### 2019/06/27
1.
修改login方法的参数为AuthCallback,封装回调返回的参数
2.
支持state参数
3.
增加code和state参数校验
### 2019/06/25
### 2019/06/25
qq授权登录时,需要获取
`openId`
作为
`uuid`
,在
`1.6.1-beta`
和
`1.7.0`
版本中,引入了
`unionId`
这一属性。获取
`unionid`
需要单独向qq团队
**发送邮件**
申请权限,鉴于这一申请权限的步骤比较麻烦(需要填写的内容比较多),所以在
`AuthConfig`
中增加了一个
`unionId`
属性,当为
**true**
时才会获取unionid,当为false时只获取openId。如果你需要该功能, 则在自行申请了相关权限后,将该属性置为true即可。关于unionId的参考链接:
[
UnionID介绍
](
http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D
)
qq授权登录时,需要获取
`openId`
作为
`uuid`
,在
`1.6.1-beta`
和
`1.7.0`
版本中,引入了
`unionId`
这一属性。获取
`unionid`
需要单独向qq团队
**发送邮件**
申请权限,鉴于这一申请权限的步骤比较麻烦(需要填写的内容比较多),所以在
`AuthConfig`
中增加了一个
`unionId`
属性,当为
**true**
时才会获取unionid,当为false时只获取openId。如果你需要该功能, 则在自行申请了相关权限后,将该属性置为true即可。关于unionId的参考链接:
[
UnionID介绍
](
http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录