提交 ac4ede74 编写于 作者: 智布道's avatar 智布道 👁

👽 修改login方法的参数为AuthCallback,封装回调返回的参数、支持state参数、增加code和state参数校验

上级 9941ce7e
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
<groupId>me.zhyd.oauth</groupId> <groupId>me.zhyd.oauth</groupId>
<artifactId>JustAuth</artifactId> <artifactId>JustAuth</artifactId>
<version>1.7.1</version> <version>1.8.0</version>
<name>JustAuth</name> <name>JustAuth</name>
<url>https://gitee.com/yadong.zhang/JustAuth</url> <url>https://gitee.com/yadong.zhang/JustAuth</url>
......
...@@ -40,6 +40,15 @@ public class AuthConfig { ...@@ -40,6 +40,15 @@ public class AuthConfig {
* 是否需要申请unionid,目前只针对qq登录 * 是否需要申请unionid,目前只针对qq登录
* 注:qq授权登录时,获取unionid需要单独发送邮件申请权限。如果个人开发者账号中申请了该权限,可以将该值置为true,在获取openId时就会同步获取unionId * 注:qq授权登录时,获取unionid需要单独发送邮件申请权限。如果个人开发者账号中申请了该权限,可以将该值置为true,在获取openId时就会同步获取unionId
* 参考链接:http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D * 参考链接:http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D
* <p>
* 1.7.1版本新增参数
*/ */
private boolean unionId; private boolean unionId;
/**
* 一个神奇的参数,最好使用随机的不可测的内容,可以用来防止CSRF攻击
* <p>
* 1.8.0版本新增参数
*/
private String state;
} }
package me.zhyd.oauth.model;
import lombok.Getter;
import lombok.Setter;
/**
* 授权回调时的参数类
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @version 1.0
* @since 1.8
*/
@Getter
@Setter
public class AuthCallback {
/**
* 访问AuthorizeUrl后回调时带的参数code
*/
private String code;
/**
* 访问AuthorizeUrl后回调时带的参数auth_code,该参数目前只使用于支付宝登录
*/
private String auth_code;
/**
* 访问AuthorizeUrl后回调时带的参数state,用于和请求AuthorizeUrl前的state比较,防止CSRF攻击
*/
private String state;
}
package me.zhyd.oauth.model; package me.zhyd.oauth.model;
import lombok.Builder; import lombok.Builder;
import lombok.Data; import lombok.Getter;
import lombok.Setter;
import me.zhyd.oauth.request.ResponseStatus; import me.zhyd.oauth.request.ResponseStatus;
/** /**
...@@ -11,8 +12,9 @@ import me.zhyd.oauth.request.ResponseStatus; ...@@ -11,8 +12,9 @@ import me.zhyd.oauth.request.ResponseStatus;
* @version 1.0 * @version 1.0
* @since 1.8 * @since 1.8
*/ */
@Getter
@Setter
@Builder @Builder
@Data
public class AuthResponse<T> { public class AuthResponse<T> {
/** /**
* 授权响应状态码 * 授权响应状态码
......
...@@ -2,6 +2,8 @@ package me.zhyd.oauth.model; ...@@ -2,6 +2,8 @@ package me.zhyd.oauth.model;
import lombok.Builder; import lombok.Builder;
import lombok.Data; import lombok.Data;
import lombok.Getter;
import lombok.Setter;
/** /**
* 授权所需的token * 授权所需的token
...@@ -10,7 +12,8 @@ import lombok.Data; ...@@ -10,7 +12,8 @@ import lombok.Data;
* @version 1.0 * @version 1.0
* @since 1.8 * @since 1.8
*/ */
@Data @Getter
@Setter
@Builder @Builder
public class AuthToken { public class AuthToken {
private String accessToken; private String accessToken;
......
...@@ -2,6 +2,8 @@ package me.zhyd.oauth.model; ...@@ -2,6 +2,8 @@ package me.zhyd.oauth.model;
import lombok.Builder; import lombok.Builder;
import lombok.Data; import lombok.Data;
import lombok.Getter;
import lombok.Setter;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
/** /**
...@@ -11,8 +13,9 @@ import me.zhyd.oauth.config.AuthSource; ...@@ -11,8 +13,9 @@ import me.zhyd.oauth.config.AuthSource;
* @version 1.0 * @version 1.0
* @since 1.8 * @since 1.8
*/ */
@Getter
@Setter
@Builder @Builder
@Data
public class AuthUser { public class AuthUser {
/** /**
* 用户名 * 用户名
......
...@@ -10,6 +10,7 @@ import com.alipay.api.response.AlipayUserInfoShareResponse; ...@@ -10,6 +10,7 @@ import com.alipay.api.response.AlipayUserInfoShareResponse;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender; import me.zhyd.oauth.model.AuthUserGender;
...@@ -34,15 +35,15 @@ public class AuthAlipayRequest extends BaseAuthRequest { ...@@ -34,15 +35,15 @@ public class AuthAlipayRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest(); AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest();
request.setGrantType("authorization_code"); request.setGrantType("authorization_code");
request.setCode(code); request.setCode(authCallback.getCode());
AlipaySystemOauthTokenResponse response = null; AlipaySystemOauthTokenResponse response = null;
try { try {
response = this.alipayClient.execute(request); response = this.alipayClient.execute(request);
} catch (Exception e) { } catch (Exception e) {
throw new AuthException("Unable to get token from alipay using code [" + code + "]", e); throw new AuthException("Unable to get token from alipay using code [" + authCallback.getCode() + "]", e);
} }
if (!response.isSuccess()) { if (!response.isSuccess()) {
throw new AuthException(response.getSubMsg()); throw new AuthException(response.getSubMsg());
......
...@@ -23,8 +23,8 @@ public class AuthBaiduRequest extends BaseAuthRequest { ...@@ -23,8 +23,8 @@ public class AuthBaiduRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getBaiduAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config String accessTokenUrl = UrlBuilder.getBaiduAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config
.getRedirectUri()); .getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
JSONObject accessTokenObject = JSONObject.parseObject(response.body()); JSONObject accessTokenObject = JSONObject.parseObject(response.body());
......
...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender; import me.zhyd.oauth.model.AuthUserGender;
...@@ -25,12 +26,12 @@ public class AuthCodingRequest extends BaseAuthRequest { ...@@ -25,12 +26,12 @@ public class AuthCodingRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getCodingAccessTokenUrl(config.getClientId(), config.getClientSecret(), code); String accessTokenUrl = UrlBuilder.getCodingAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
HttpResponse response = HttpRequest.get(accessTokenUrl).execute(); HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
JSONObject accessTokenObject = JSONObject.parseObject(response.body()); JSONObject accessTokenObject = JSONObject.parseObject(response.body());
if (accessTokenObject.getIntValue("code") != 0) { if (accessTokenObject.getIntValue("code") != 0) {
throw new AuthException("Unable to get token from coding using code [" + code + "]"); throw new AuthException("Unable to get token from coding using code [" + authCallback.getCode() + "]");
} }
return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build(); return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
} }
......
...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender; import me.zhyd.oauth.model.AuthUserGender;
...@@ -25,13 +26,13 @@ public class AuthCsdnRequest extends BaseAuthRequest { ...@@ -25,13 +26,13 @@ public class AuthCsdnRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getCsdnAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config String accessTokenUrl = UrlBuilder.getCsdnAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config
.getRedirectUri()); .getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
JSONObject accessTokenObject = JSONObject.parseObject(response.body()); JSONObject accessTokenObject = JSONObject.parseObject(response.body());
if (accessTokenObject.containsKey("error_code")) { if (accessTokenObject.containsKey("error_code")) {
throw new AuthException("Unable to get token from csdn using code [" + code + "]"); throw new AuthException("Unable to get token from csdn using code [" + authCallback.getCode() + "]");
} }
return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build(); return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
} }
......
...@@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthDingTalkErrorCode; import me.zhyd.oauth.model.*;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
import me.zhyd.oauth.utils.GlobalAuthUtil; import me.zhyd.oauth.utils.GlobalAuthUtil;
import me.zhyd.oauth.utils.UrlBuilder; import me.zhyd.oauth.utils.UrlBuilder;
...@@ -28,8 +25,8 @@ public class AuthDingTalkRequest extends BaseAuthRequest { ...@@ -28,8 +25,8 @@ public class AuthDingTalkRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
return AuthToken.builder().accessCode(code).build(); return AuthToken.builder().accessCode(authCallback.getCode()).build();
} }
@Override @Override
......
...@@ -6,10 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,10 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthResponse; import me.zhyd.oauth.model.*;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
import me.zhyd.oauth.utils.UrlBuilder; import me.zhyd.oauth.utils.UrlBuilder;
...@@ -27,8 +24,8 @@ public class AuthDouyinRequest extends BaseAuthRequest { ...@@ -27,8 +24,8 @@ public class AuthDouyinRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getDouyinAccessTokenUrl(config.getClientId(), config.getClientSecret(), code); String accessTokenUrl = UrlBuilder.getDouyinAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
return this.getToken(accessTokenUrl); return this.getToken(accessTokenUrl);
} }
......
...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender; import me.zhyd.oauth.model.AuthUserGender;
...@@ -25,9 +26,9 @@ public class AuthFacebookRequest extends BaseAuthRequest { ...@@ -25,9 +26,9 @@ public class AuthFacebookRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getFacebookAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config String accessTokenUrl = UrlBuilder.getFacebookAccessTokenUrl(config.getClientId(), config.getClientSecret(),
.getRedirectUri()); authCallback.getCode(), config.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
JSONObject object = JSONObject.parseObject(response.body()); JSONObject object = JSONObject.parseObject(response.body());
......
...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender; import me.zhyd.oauth.model.AuthUserGender;
...@@ -25,13 +26,13 @@ public class AuthGiteeRequest extends BaseAuthRequest { ...@@ -25,13 +26,13 @@ public class AuthGiteeRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getGiteeAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config String accessTokenUrl = UrlBuilder.getGiteeAccessTokenUrl(config.getClientId(), config.getClientSecret(),
.getRedirectUri()); authCallback.getCode(), config.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
JSONObject accessTokenObject = JSONObject.parseObject(response.body()); JSONObject accessTokenObject = JSONObject.parseObject(response.body());
if (accessTokenObject.containsKey("error")) { if (accessTokenObject.containsKey("error")) {
throw new AuthException("Unable to get token from gitee using code [" + code + "]"); throw new AuthException("Unable to get token from gitee using code [" + authCallback.getCode() + "]");
} }
return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build(); return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
} }
......
...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender; import me.zhyd.oauth.model.AuthUserGender;
...@@ -28,9 +29,8 @@ public class AuthGithubRequest extends BaseAuthRequest { ...@@ -28,9 +29,8 @@ public class AuthGithubRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getGithubAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config String accessTokenUrl = UrlBuilder.getGithubAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config.getRedirectUri(), config.getState());
.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
Map<String, String> res = GlobalAuthUtil.parseStringToMap(response.body()); Map<String, String> res = GlobalAuthUtil.parseStringToMap(response.body());
if (res.containsKey("error")) { if (res.containsKey("error")) {
...@@ -68,6 +68,6 @@ public class AuthGithubRequest extends BaseAuthRequest { ...@@ -68,6 +68,6 @@ public class AuthGithubRequest extends BaseAuthRequest {
*/ */
@Override @Override
public String authorize() { public String authorize() {
return UrlBuilder.getGithubAuthorizeUrl(config.getClientId(), config.getRedirectUri()); return UrlBuilder.getGithubAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
} }
} }
...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender; import me.zhyd.oauth.model.AuthUserGender;
...@@ -25,8 +26,8 @@ public class AuthGoogleRequest extends BaseAuthRequest { ...@@ -25,8 +26,8 @@ public class AuthGoogleRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getGoogleAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config String accessTokenUrl = UrlBuilder.getGoogleAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config
.getRedirectUri()); .getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
JSONObject object = JSONObject.parseObject(response.body()); JSONObject object = JSONObject.parseObject(response.body());
......
...@@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthResponse; import me.zhyd.oauth.model.*;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
import me.zhyd.oauth.utils.StringUtils; import me.zhyd.oauth.utils.StringUtils;
import me.zhyd.oauth.utils.UrlBuilder; import me.zhyd.oauth.utils.UrlBuilder;
...@@ -29,8 +26,8 @@ public class AuthLinkedinRequest extends BaseAuthRequest { ...@@ -29,8 +26,8 @@ public class AuthLinkedinRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getLinkedinAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config String accessTokenUrl = UrlBuilder.getLinkedinAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config
.getRedirectUri()); .getRedirectUri());
return this.getToken(accessTokenUrl); return this.getToken(accessTokenUrl);
} }
......
...@@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthResponse; import me.zhyd.oauth.model.*;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
import me.zhyd.oauth.utils.UrlBuilder; import me.zhyd.oauth.utils.UrlBuilder;
import java.text.MessageFormat; import java.text.MessageFormat;
...@@ -30,8 +27,8 @@ public class AuthMiRequest extends BaseAuthRequest { ...@@ -30,8 +27,8 @@ public class AuthMiRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getMiAccessTokenUrl(config.getClientId(), config.getClientSecret(), config.getRedirectUri(), code); String accessTokenUrl = UrlBuilder.getMiAccessTokenUrl(config.getClientId(), config.getClientSecret(), config.getRedirectUri(), authCallback.getCode());
return getToken(accessTokenUrl); return getToken(accessTokenUrl);
} }
......
...@@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthResponse; import me.zhyd.oauth.model.*;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
import me.zhyd.oauth.utils.UrlBuilder; import me.zhyd.oauth.utils.UrlBuilder;
import java.util.HashMap; import java.util.HashMap;
...@@ -29,9 +26,9 @@ public class AuthMicrosoftRequest extends BaseAuthRequest { ...@@ -29,9 +26,9 @@ public class AuthMicrosoftRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getMicrosoftAccessTokenUrl(config.getClientId(), config.getClientSecret(), config String accessTokenUrl = UrlBuilder.getMicrosoftAccessTokenUrl(config.getClientId(), config.getClientSecret(), config
.getRedirectUri(), code); .getRedirectUri(), authCallback.getCode());
return getToken(accessTokenUrl); return getToken(accessTokenUrl);
} }
......
...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender; import me.zhyd.oauth.model.AuthUserGender;
...@@ -25,13 +26,13 @@ public class AuthOschinaRequest extends BaseAuthRequest { ...@@ -25,13 +26,13 @@ public class AuthOschinaRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getOschinaAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config String accessTokenUrl = UrlBuilder.getOschinaAccessTokenUrl(config.getClientId(), config.getClientSecret(),
.getRedirectUri()); authCallback.getCode(), config.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
JSONObject accessTokenObject = JSONObject.parseObject(response.body()); JSONObject accessTokenObject = JSONObject.parseObject(response.body());
if (accessTokenObject.containsKey("error")) { if (accessTokenObject.containsKey("error")) {
throw new AuthException("Unable to get token from oschina using code [" + code + "]"); throw new AuthException("Unable to get token from oschina using code [" + authCallback.getCode() + "]");
} }
return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build(); return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build();
} }
......
...@@ -7,6 +7,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -7,6 +7,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender; import me.zhyd.oauth.model.AuthUserGender;
...@@ -30,13 +31,13 @@ public class AuthQqRequest extends BaseAuthRequest { ...@@ -30,13 +31,13 @@ public class AuthQqRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getQqAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config String accessTokenUrl = UrlBuilder.getQqAccessTokenUrl(config.getClientId(), config.getClientSecret(),
.getRedirectUri()); authCallback.getCode(), config.getRedirectUri());
HttpResponse response = HttpRequest.get(accessTokenUrl).execute(); HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
Map<String, String> accessTokenObject = GlobalAuthUtil.parseStringToMap(response.body()); Map<String, String> accessTokenObject = GlobalAuthUtil.parseStringToMap(response.body());
if (!accessTokenObject.containsKey("access_token")) { if (!accessTokenObject.containsKey("access_token")) {
throw new AuthException("Unable to get token from qq using code [" + code + "]"); throw new AuthException("Unable to get token from qq using code [" + authCallback.getCode() + "]");
} }
return AuthToken.builder() return AuthToken.builder()
.accessToken(accessTokenObject.get("access_token")) .accessToken(accessTokenObject.get("access_token"))
......
package me.zhyd.oauth.request; package me.zhyd.oauth.request;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse; import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
...@@ -23,10 +24,10 @@ public interface AuthRequest { ...@@ -23,10 +24,10 @@ public interface AuthRequest {
/** /**
* 第三方登录 * 第三方登录
* *
* @param code 通过authorize换回的code * @param authCallback 用于接收回调参数的实体
* @return 返回登录成功后的用户信息 * @return 返回登录成功后的用户信息
*/ */
default AuthResponse login(String code) { default AuthResponse login(AuthCallback authCallback) {
throw new AuthException(ResponseStatus.NOT_IMPLEMENTED); throw new AuthException(ResponseStatus.NOT_IMPLEMENTED);
} }
......
...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender; import me.zhyd.oauth.model.AuthUserGender;
...@@ -26,8 +27,8 @@ public class AuthTaobaoRequest extends BaseAuthRequest { ...@@ -26,8 +27,8 @@ public class AuthTaobaoRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
return AuthToken.builder().accessCode(code).build(); return AuthToken.builder().accessCode(authCallback.getCode()).build();
} }
@Override @Override
......
...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender; import me.zhyd.oauth.model.AuthUserGender;
...@@ -25,12 +26,12 @@ public class AuthTencentCloudRequest extends BaseAuthRequest { ...@@ -25,12 +26,12 @@ public class AuthTencentCloudRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getTencentCloudAccessTokenUrl(config.getClientId(), config.getClientSecret(), code); String accessTokenUrl = UrlBuilder.getTencentCloudAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
HttpResponse response = HttpRequest.get(accessTokenUrl).execute(); HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
JSONObject object = JSONObject.parseObject(response.body()); JSONObject object = JSONObject.parseObject(response.body());
if (object.getIntValue("code") != 0) { if (object.getIntValue("code") != 0) {
throw new AuthException("Unable to get token from tencent cloud using code [" + code + "]: " + object.get("msg")); throw new AuthException("Unable to get token from tencent cloud using code [" + authCallback.getCode() + "]: " + object.get("msg"));
} }
return AuthToken.builder().accessToken(object.getString("access_token")).build(); return AuthToken.builder().accessToken(object.getString("access_token")).build();
} }
......
...@@ -6,10 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,10 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.*;
import me.zhyd.oauth.model.AuthToutiaoErrorCode;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
import me.zhyd.oauth.utils.UrlBuilder; import me.zhyd.oauth.utils.UrlBuilder;
/** /**
...@@ -26,8 +23,8 @@ public class AuthToutiaoRequest extends BaseAuthRequest { ...@@ -26,8 +23,8 @@ public class AuthToutiaoRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getToutiaoAccessTokenUrl(config.getClientId(), config.getClientSecret(), code); String accessTokenUrl = UrlBuilder.getToutiaoAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
HttpResponse response = HttpRequest.get(accessTokenUrl).execute(); HttpResponse response = HttpRequest.get(accessTokenUrl).execute();
JSONObject object = JSONObject.parseObject(response.body()); JSONObject object = JSONObject.parseObject(response.body());
......
...@@ -6,10 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,10 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthResponse; import me.zhyd.oauth.model.*;
import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender;
import me.zhyd.oauth.utils.UrlBuilder; import me.zhyd.oauth.utils.UrlBuilder;
/** /**
...@@ -31,8 +28,8 @@ public class AuthWeChatRequest extends BaseAuthRequest { ...@@ -31,8 +28,8 @@ public class AuthWeChatRequest extends BaseAuthRequest {
* @return 所有信息 * @return 所有信息
*/ */
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getWeChatAccessTokenUrl(config.getClientId(), config.getClientSecret(), code); String accessTokenUrl = UrlBuilder.getWeChatAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode());
return this.getToken(accessTokenUrl); return this.getToken(accessTokenUrl);
} }
......
...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; ...@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.model.AuthUserGender; import me.zhyd.oauth.model.AuthUserGender;
...@@ -28,14 +29,14 @@ public class AuthWeiboRequest extends BaseAuthRequest { ...@@ -28,14 +29,14 @@ public class AuthWeiboRequest extends BaseAuthRequest {
} }
@Override @Override
protected AuthToken getAccessToken(String code) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getWeiboAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config String accessTokenUrl = UrlBuilder.getWeiboAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config
.getRedirectUri()); .getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
String accessTokenStr = response.body(); String accessTokenStr = response.body();
JSONObject accessTokenObject = JSONObject.parseObject(accessTokenStr); JSONObject accessTokenObject = JSONObject.parseObject(accessTokenStr);
if (accessTokenObject.containsKey("error")) { if (accessTokenObject.containsKey("error")) {
throw new AuthException("Unable to get token from weibo using code [" + code + "]:" + accessTokenObject.getString("error_description")); throw new AuthException("Unable to get token from weibo using code [" + authCallback.getCode() + "]:" + accessTokenObject.getString("error_description"));
} }
return AuthToken.builder() return AuthToken.builder()
.accessToken(accessTokenObject.getString("access_token")) .accessToken(accessTokenObject.getString("access_token"))
...@@ -81,6 +82,6 @@ public class AuthWeiboRequest extends BaseAuthRequest { ...@@ -81,6 +82,6 @@ public class AuthWeiboRequest extends BaseAuthRequest {
*/ */
@Override @Override
public String authorize() { public String authorize() {
return UrlBuilder.getWeiboAuthorizeUrl(config.getClientId(), config.getRedirectUri()); return UrlBuilder.getWeiboAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
} }
} }
...@@ -4,10 +4,11 @@ import lombok.Data; ...@@ -4,10 +4,11 @@ import lombok.Data;
import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthResponse; import me.zhyd.oauth.model.AuthResponse;
import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthToken;
import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUser;
import me.zhyd.oauth.utils.AuthConfigChecker; import me.zhyd.oauth.utils.AuthChecker;
/** /**
* @author yadong.zhang (yadong.zhang0415(a)gmail.com) * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
...@@ -22,21 +23,24 @@ public abstract class BaseAuthRequest implements AuthRequest { ...@@ -22,21 +23,24 @@ public abstract class BaseAuthRequest implements AuthRequest {
public BaseAuthRequest(AuthConfig config, AuthSource source) { public BaseAuthRequest(AuthConfig config, AuthSource source) {
this.config = config; this.config = config;
this.source = source; this.source = source;
if (!AuthConfigChecker.isSupportedAuth(config, source)) { if (!AuthChecker.isSupportedAuth(config, source)) {
throw new AuthException(ResponseStatus.PARAMETER_INCOMPLETE); throw new AuthException(ResponseStatus.PARAMETER_INCOMPLETE);
} }
// 校验配置合法性 // 校验配置合法性
AuthConfigChecker.check(config, source); AuthChecker.checkConfig(config, source);
} }
protected abstract AuthToken getAccessToken(String code); protected abstract AuthToken getAccessToken(AuthCallback authCallback);
protected abstract AuthUser getUserInfo(AuthToken authToken); protected abstract AuthUser getUserInfo(AuthToken authToken);
@Override @Override
public AuthResponse login(String code) { public AuthResponse login(AuthCallback authCallback) {
try { try {
AuthToken authToken = this.getAccessToken(code); AuthChecker.checkCode(authCallback.getCode());
AuthChecker.checkState(authCallback.getState(), config.getState());
AuthToken authToken = this.getAccessToken(authCallback);
AuthUser user = this.getUserInfo(authToken); AuthUser user = this.getUserInfo(authToken);
return AuthResponse.builder().code(ResponseStatus.SUCCESS.getCode()).data(user).build(); return AuthResponse.builder().code(ResponseStatus.SUCCESS.getCode()).data(user).build();
} catch (Exception e) { } catch (Exception e) {
......
...@@ -14,6 +14,8 @@ public enum ResponseStatus { ...@@ -14,6 +14,8 @@ public enum ResponseStatus {
NO_AUTH_SOURCE(5004, "AuthSource cannot be null"), NO_AUTH_SOURCE(5004, "AuthSource cannot be null"),
UNIDENTIFIED_PLATFORM(5005, "Unidentified platform"), UNIDENTIFIED_PLATFORM(5005, "Unidentified platform"),
ILLEGAL_REDIRECT_URI(5006, "Illegal redirect uri"), ILLEGAL_REDIRECT_URI(5006, "Illegal redirect uri"),
ILLEGAL_REQUEST(5007, "Illegal request"),
ILLEGAL_CODE(5008, "Illegal code"),
; ;
private int code; private int code;
......
...@@ -12,7 +12,7 @@ import me.zhyd.oauth.request.ResponseStatus; ...@@ -12,7 +12,7 @@ import me.zhyd.oauth.request.ResponseStatus;
* @version 1.0 * @version 1.0
* @since 1.8 * @since 1.8
*/ */
public class AuthConfigChecker { public class AuthChecker {
/** /**
* 是否支持第三方登录 * 是否支持第三方登录
...@@ -35,7 +35,7 @@ public class AuthConfigChecker { ...@@ -35,7 +35,7 @@ public class AuthConfigChecker {
* @param config config * @param config config
* @param source source * @param source source
*/ */
public static void check(AuthConfig config, AuthSource source) { public static void checkConfig(AuthConfig config, AuthSource source) {
String redirectUri = config.getRedirectUri(); String redirectUri = config.getRedirectUri();
if (!GlobalAuthUtil.isHttpProtocol(redirectUri) && !GlobalAuthUtil.isHttpsProtocol(redirectUri)) { if (!GlobalAuthUtil.isHttpProtocol(redirectUri) && !GlobalAuthUtil.isHttpsProtocol(redirectUri)) {
throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI); throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI);
...@@ -49,4 +49,36 @@ public class AuthConfigChecker { ...@@ -49,4 +49,36 @@ public class AuthConfigChecker {
throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI); throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI);
} }
} }
/**
* 校验回调传回的code
*
* @param code 回调时传回的code
*/
public static void checkCode(String code) {
if (StringUtils.isEmpty(code)) {
throw new AuthException(ResponseStatus.ILLEGAL_CODE);
}
}
/**
* 校验state的合法性防止被CSRF
*
* @param newState 新的state,一般为回调时传回的state(可能被篡改)
* @param originalState 原始的state,发起授权时向第三方平台传递的state
*/
public static void checkState(String newState, String originalState) {
// 如果原始state为空,表示当前平台未使用state
if (StringUtils.isEmpty(originalState)) {
return;
}
// 如果授权之前使用了state,但是回调时未返回state,则表示当前请求为非法的请求,可能正在被CSRF攻击
if (StringUtils.isEmpty(newState)) {
throw new AuthException(ResponseStatus.ILLEGAL_REQUEST);
}
// 如果授权前后的state不一致,则表示当前请求为非法的请求,新的state可能为伪造
if (!newState.equals(originalState)) {
throw new AuthException(ResponseStatus.ILLEGAL_REQUEST);
}
}
} }
...@@ -13,9 +13,9 @@ import java.text.MessageFormat; ...@@ -13,9 +13,9 @@ import java.text.MessageFormat;
*/ */
public class UrlBuilder { public class UrlBuilder {
private static final String GITHUB_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}"; private static final String GITHUB_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}&state={5}";
private static final String GITHUB_USER_INFO_PATTERN = "{0}?access_token={1}"; private static final String GITHUB_USER_INFO_PATTERN = "{0}?access_token={1}";
private static final String GITHUB_AUTHORIZE_PATTERN = "{0}?client_id={1}&state=1&redirect_uri={2}"; private static final String GITHUB_AUTHORIZE_PATTERN = "{0}?client_id={1}&redirect_uri={2}&state={3}";
private static final String GOOGLE_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&scope=openid%20email%20profile&redirect_uri={2}&state={3}"; private static final String GOOGLE_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&scope=openid%20email%20profile&redirect_uri={2}&state={3}";
private static final String GOOGLE_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}&grant_type=authorization_code"; private static final String GOOGLE_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}&grant_type=authorization_code";
...@@ -23,7 +23,7 @@ public class UrlBuilder { ...@@ -23,7 +23,7 @@ public class UrlBuilder {
private static final String WEIBO_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}"; private static final String WEIBO_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}";
private static final String WEIBO_USER_INFO_PATTERN = "{0}?{1}"; private static final String WEIBO_USER_INFO_PATTERN = "{0}?{1}";
private static final String WEIBO_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}"; private static final String WEIBO_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&state={3}";
private static final String GITEE_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}"; private static final String GITEE_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}";
private static final String GITEE_USER_INFO_PATTERN = "{0}?access_token={1}"; private static final String GITEE_USER_INFO_PATTERN = "{0}?access_token={1}";
...@@ -103,10 +103,11 @@ public class UrlBuilder { ...@@ -103,10 +103,11 @@ public class UrlBuilder {
* @param clientSecret github 应用的Client Secret * @param clientSecret github 应用的Client Secret
* @param code github 授权前的code,用来换token * @param code github 授权前的code,用来换token
* @param redirectUri 待跳转的页面 * @param redirectUri 待跳转的页面
* @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url * @return full url
*/ */
public static String getGithubAccessTokenUrl(String clientId, String clientSecret, String code, String redirectUri) { public static String getGithubAccessTokenUrl(String clientId, String clientSecret, String code, String redirectUri, String state) {
return MessageFormat.format(GITHUB_ACCESS_TOKEN_PATTERN, AuthSource.GITHUB.accessToken(), clientId, clientSecret, code, redirectUri); return MessageFormat.format(GITHUB_ACCESS_TOKEN_PATTERN, AuthSource.GITHUB.accessToken(), clientId, clientSecret, code, redirectUri, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state);
} }
/** /**
...@@ -124,10 +125,11 @@ public class UrlBuilder { ...@@ -124,10 +125,11 @@ public class UrlBuilder {
* *
* @param clientId github 应用的Client ID * @param clientId github 应用的Client ID
* @param redirectUrl github 应用授权成功后的回调地址 * @param redirectUrl github 应用授权成功后的回调地址
* @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url * @return full url
*/ */
public static String getGithubAuthorizeUrl(String clientId, String redirectUrl) { public static String getGithubAuthorizeUrl(String clientId, String redirectUrl, String state) {
return MessageFormat.format(GITHUB_AUTHORIZE_PATTERN, AuthSource.GITHUB.authorize(), clientId, redirectUrl); return MessageFormat.format(GITHUB_AUTHORIZE_PATTERN, AuthSource.GITHUB.authorize(), clientId, redirectUrl, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state);
} }
/** /**
...@@ -158,10 +160,11 @@ public class UrlBuilder { ...@@ -158,10 +160,11 @@ public class UrlBuilder {
* *
* @param clientId weibo 应用的Client ID * @param clientId weibo 应用的Client ID
* @param redirectUrl weibo 应用授权成功后的回调地址 * @param redirectUrl weibo 应用授权成功后的回调地址
* @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url * @return full url
*/ */
public static String getWeiboAuthorizeUrl(String clientId, String redirectUrl) { public static String getWeiboAuthorizeUrl(String clientId, String redirectUrl, String state) {
return MessageFormat.format(WEIBO_AUTHORIZE_PATTERN, AuthSource.WEIBO.authorize(), clientId, redirectUrl); return MessageFormat.format(WEIBO_AUTHORIZE_PATTERN, AuthSource.WEIBO.authorize(), clientId, redirectUrl, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state);
} }
/** /**
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册