提交 c6bd5d9e 编写于 作者: 智布道's avatar 智布道 👁

🔖 发布 1.15.3-alpha 解决推特登录异常的BUG

上级 d0ae0f2c
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
</p> </p>
<p align="center"> <p align="center">
<a target="_blank" href="https://search.maven.org/search?q=JustAuth"> <a target="_blank" href="https://search.maven.org/search?q=JustAuth">
<img src="https://img.shields.io/badge/Maven%20Central--1.15.2-alpha-blue" ></img> <img src="https://img.shields.io/badge/Maven%20Central--1.15.3-alpha-blue" ></img>
</a> </a>
<a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE"> <a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE">
<img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img> <img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img>
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img> <img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
</a> </a>
<a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档"> <a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档">
<img src="https://img.shields.io/badge/Api%20Docs--1.15.2-alpha-latest-orange" ></img> <img src="https://img.shields.io/badge/Api%20Docs--1.15.3-alpha-latest-orange" ></img>
</a> </a>
<a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档"> <a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档">
<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img> <img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>
...@@ -97,7 +97,7 @@ These artifacts are available from Maven Central: ...@@ -97,7 +97,7 @@ These artifacts are available from Maven Central:
<dependency> <dependency>
<groupId>me.zhyd.oauth</groupId> <groupId>me.zhyd.oauth</groupId>
<artifactId>JustAuth</artifactId> <artifactId>JustAuth</artifactId>
<version>1.15.2-alpha</version> <version>1.15.3-alpha</version>
</dependency> </dependency>
``` ```
- Using JustAuth - Using JustAuth
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
</p> </p>
<p align="center"> <p align="center">
<a target="_blank" href="https://search.maven.org/search?q=JustAuth"> <a target="_blank" href="https://search.maven.org/search?q=JustAuth">
<img src="https://img.shields.io/badge/Maven%20Central--1.15.2-alpha-blue" ></img> <img src="https://img.shields.io/badge/Maven%20Central--1.15.3-alpha-blue" ></img>
</a> </a>
<a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE"> <a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE">
<img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img> <img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img>
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img> <img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
</a> </a>
<a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档"> <a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档">
<img src="https://img.shields.io/badge/Api%20Docs--1.15.2-alpha-latest-orange" ></img> <img src="https://img.shields.io/badge/Api%20Docs--1.15.3-alpha-latest-orange" ></img>
</a> </a>
<a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档"> <a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档">
<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img> <img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>
...@@ -96,7 +96,7 @@ JustAuth,如你所见,它仅仅是一个**第三方授权登录**的**工具 ...@@ -96,7 +96,7 @@ JustAuth,如你所见,它仅仅是一个**第三方授权登录**的**工具
<dependency> <dependency>
<groupId>me.zhyd.oauth</groupId> <groupId>me.zhyd.oauth</groupId>
<artifactId>JustAuth</artifactId> <artifactId>JustAuth</artifactId>
<version>1.15.2-alpha</version> <version>1.15.3-alpha</version>
</dependency> </dependency>
``` ```
- 调用api - 调用api
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
</p> </p>
<p align="center"> <p align="center">
<a target="_blank" href="https://search.maven.org/search?q=JustAuth"> <a target="_blank" href="https://search.maven.org/search?q=JustAuth">
<img src="https://img.shields.io/badge/Maven%20Central--1.15.2-alpha-blue" ></img> <img src="https://img.shields.io/badge/Maven%20Central--1.15.3-alpha-blue" ></img>
</a> </a>
<a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE"> <a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE">
<img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img> <img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img>
...@@ -18,7 +18,7 @@ ...@@ -18,7 +18,7 @@
<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img> <img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
</a> </a>
<a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档"> <a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档">
<img src="https://img.shields.io/badge/Api%20Docs--1.15.2-alpha-latest-orange" ></img> <img src="https://img.shields.io/badge/Api%20Docs--1.15.3-alpha-latest-orange" ></img>
</a> </a>
<a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档"> <a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档">
<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img> <img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>
......
![](_media/justauth@0,25x.png) ![](_media/justauth@0,25x.png)
# JustAuth <small>1.15.2-alpha</small> # JustAuth <small>1.15.3-alpha</small>
<strong>史上最全的整合第三方登录的开源库</strong> <strong>史上最全的整合第三方登录的开源库</strong>
......
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
<groupId>me.zhyd.oauth</groupId> <groupId>me.zhyd.oauth</groupId>
<artifactId>JustAuth</artifactId> <artifactId>JustAuth</artifactId>
<version>1.15.2-alpha</version> <version>1.15.3-alpha</version>
<name>JustAuth</name> <name>JustAuth</name>
<url>https://gitee.com/yadong.zhang/JustAuth</url> <url>https://gitee.com/yadong.zhang/JustAuth</url>
......
...@@ -48,12 +48,13 @@ public class AuthCallback implements Serializable { ...@@ -48,12 +48,13 @@ public class AuthCallback implements Serializable {
* *
* @since 1.13.0 * @since 1.13.0
*/ */
private String oauthToken; private String oauth_token;
/** /**
* Twitter回调后返回的oauth_verifier * Twitter回调后返回的oauth_verifier
* *
* @since 1.13.0 * @since 1.13.0
*/ */
private String oauthVerifier; private String oauth_verifier;
} }
...@@ -38,6 +38,21 @@ public class AuthTwitterRequest extends AuthDefaultRequest { ...@@ -38,6 +38,21 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
super(config, TWITTER, authStateCache); super(config, TWITTER, authStateCache);
} }
/**
* 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数,可以防止csrf
* @return 返回授权地址
* @since 1.9.3
*/
@Override
public String authorize(String state) {
AuthToken token = this.getRequestToken();
return UrlBuilder.fromBaseUrl(source.authorize())
.queryParam("oauth_token", token.getOauthToken())
.build();
}
/** /**
* Obtaining a request token * Obtaining a request token
* https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter * https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter
...@@ -54,6 +69,9 @@ public class AuthTwitterRequest extends AuthDefaultRequest { ...@@ -54,6 +69,9 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
HttpHeader httpHeader = new HttpHeader(); HttpHeader httpHeader = new HttpHeader();
httpHeader.add("Authorization", header); httpHeader.add("Authorization", header);
httpHeader.add("User-Agent", "themattharris' HTTP Client");
httpHeader.add("Host", "api.twitter.com");
httpHeader.add("Accept", "*/*");
String requestToken = HttpUtil.post(baseUrl, null, httpHeader); String requestToken = HttpUtil.post(baseUrl, null, httpHeader);
Map<String, String> res = MapUtil.parseStringToMap(requestToken, false); Map<String, String> res = MapUtil.parseStringToMap(requestToken, false);
...@@ -74,10 +92,10 @@ public class AuthTwitterRequest extends AuthDefaultRequest { ...@@ -74,10 +92,10 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
@Override @Override
protected AuthToken getAccessToken(AuthCallback authCallback) { protected AuthToken getAccessToken(AuthCallback authCallback) {
Map<String, String> oauthParams = buildOauthParams(); Map<String, String> oauthParams = buildOauthParams();
oauthParams.put("oauth_token", authCallback.getOauthToken()); oauthParams.put("oauth_token", authCallback.getOauth_token());
oauthParams.put("oauth_verifier", authCallback.getOauthVerifier()); oauthParams.put("oauth_verifier", authCallback.getOauth_verifier());
oauthParams.put("oauth_signature", generateTwitterSignature(oauthParams, "POST", source.accessToken(), config.getClientSecret(), authCallback oauthParams.put("oauth_signature", generateTwitterSignature(oauthParams, "POST", source.accessToken(), config.getClientSecret(), authCallback
.getOauthToken())); .getOauth_token()));
String header = buildHeader(oauthParams); String header = buildHeader(oauthParams);
HttpHeader httpHeader = new HttpHeader(); HttpHeader httpHeader = new HttpHeader();
...@@ -85,7 +103,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest { ...@@ -85,7 +103,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded"); httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded");
Map<String, String> form = new HashMap<>(1); Map<String, String> form = new HashMap<>(1);
form.put("oauth_verifier", authCallback.getOauthVerifier()); form.put("oauth_verifier", authCallback.getOauth_verifier());
String response = HttpUtil.post(source.accessToken(), form, httpHeader, false); String response = HttpUtil.post(source.accessToken(), form, httpHeader, false);
Map<String, String> requestToken = MapUtil.parseStringToMap(response, false); Map<String, String> requestToken = MapUtil.parseStringToMap(response, false);
...@@ -127,6 +145,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest { ...@@ -127,6 +145,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
.avatar(userInfo.getString("profile_image_url_https")) .avatar(userInfo.getString("profile_image_url_https"))
.blog(userInfo.getString("url")) .blog(userInfo.getString("url"))
.location(userInfo.getString("location")) .location(userInfo.getString("location"))
.avatar(userInfo.getString("profile_image_url"))
.source(source.toString()) .source(source.toString())
.token(authToken) .token(authToken)
.build(); .build();
...@@ -152,15 +171,12 @@ public class AuthTwitterRequest extends AuthDefaultRequest { ...@@ -152,15 +171,12 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
} }
private String buildHeader(Map<String, String> oauthParams) { private String buildHeader(Map<String, String> oauthParams) {
final StringBuilder sb = new StringBuilder(PREAMBLE); final StringBuilder sb = new StringBuilder(PREAMBLE + " ");
for (Map.Entry<String, String> param : oauthParams.entrySet()) { for (Map.Entry<String, String> param : oauthParams.entrySet()) {
if (sb.length() > PREAMBLE.length()) { sb.append(param.getKey()).append("=\"").append(urlEncode(param.getValue())).append('"').append(", ");
sb.append(", ");
}
sb.append(param.getKey()).append("=\"").append(urlEncode(param.getValue())).append('"');
} }
return sb.toString(); return sb.deleteCharAt(sb.length() - 2).toString();
} }
} }
...@@ -72,6 +72,10 @@ public class AuthChecker { ...@@ -72,6 +72,10 @@ public class AuthChecker {
* @since 1.8.0 * @since 1.8.0
*/ */
public static void checkCode(AuthSource source, AuthCallback callback) { public static void checkCode(AuthSource source, AuthCallback callback) {
// 推特平台不支持回调 code 和 state
if (source == AuthDefaultSource.TWITTER) {
return;
}
String code = callback.getCode(); String code = callback.getCode();
if (source == AuthDefaultSource.ALIPAY) { if (source == AuthDefaultSource.ALIPAY) {
code = callback.getAuth_code(); code = callback.getAuth_code();
...@@ -95,6 +99,10 @@ public class AuthChecker { ...@@ -95,6 +99,10 @@ public class AuthChecker {
* @param authStateCache {@code authStateCache} state缓存实现 * @param authStateCache {@code authStateCache} state缓存实现
*/ */
public static void checkState(String state, AuthSource source, AuthStateCache authStateCache) { public static void checkState(String state, AuthSource source, AuthStateCache authStateCache) {
// 推特平台不支持回调 code 和 state
if (source == AuthDefaultSource.TWITTER) {
return;
}
if (StringUtils.isEmpty(state) || !authStateCache.containsKey(state)) { if (StringUtils.isEmpty(state) || !authStateCache.containsKey(state)) {
throw new AuthException(AuthResponseStatus.ILLEGAL_STATUS, source); throw new AuthException(AuthResponseStatus.ILLEGAL_STATUS, source);
} }
......
...@@ -92,20 +92,20 @@ public class GlobalAuthUtilsTest { ...@@ -92,20 +92,20 @@ public class GlobalAuthUtilsTest {
.clientSecret("0YX3RH2DnPiT77pgzLzFdfpMKX8ENLIWQKYQ7lG5TERuZNgXN5") .clientSecret("0YX3RH2DnPiT77pgzLzFdfpMKX8ENLIWQKYQ7lG5TERuZNgXN5")
.build(); .build();
AuthCallback authCallback = AuthCallback.builder() AuthCallback authCallback = AuthCallback.builder()
.oauthToken("W_KLmAAAAAAAxq5LAAABbXxJeD0") .oauth_token("W_KLmAAAAAAAxq5LAAABbXxJeD0")
.oauthVerifier("lYou4gxfA6S5KioUa8VF8HCShzA2nSxp") .oauth_verifier("lYou4gxfA6S5KioUa8VF8HCShzA2nSxp")
.build(); .build();
Map<String, String> params = new HashMap<>(); Map<String, String> params = new HashMap<>();
params.put("oauth_consumer_key", config.getClientId()); params.put("oauth_consumer_key", config.getClientId());
params.put("oauth_nonce", "sTj7Ivg73u052eXstpoS1AWQCynuDEPN"); params.put("oauth_nonce", "sTj7Ivg73u052eXstpoS1AWQCynuDEPN");
params.put("oauth_signature_method", "HMAC-SHA1"); params.put("oauth_signature_method", "HMAC-SHA1");
params.put("oauth_timestamp", "1569751082"); params.put("oauth_timestamp", "1569751082");
params.put("oauth_token", authCallback.getOauthToken()); params.put("oauth_token", authCallback.getOauth_token());
params.put("oauth_verifier", authCallback.getOauthVerifier()); params.put("oauth_verifier", authCallback.getOauth_verifier());
params.put("oauth_version", "1.0"); params.put("oauth_version", "1.0");
params.put("oauth_signature", GlobalAuthUtils.generateTwitterSignature(params, "POST", TWITTER.accessToken(), config.getClientSecret(), authCallback params.put("oauth_signature", GlobalAuthUtils.generateTwitterSignature(params, "POST", TWITTER.accessToken(), config.getClientSecret(), authCallback
.getOauthToken())); .getOauth_token()));
params.forEach((k, v) -> params.put(k, "\"" + GlobalAuthUtils.urlEncode(v) + "\"")); params.forEach((k, v) -> params.put(k, "\"" + GlobalAuthUtils.urlEncode(v) + "\""));
String actual = "OAuth " + GlobalAuthUtils.parseMapToString(params, false).replaceAll("&", ", "); String actual = "OAuth " + GlobalAuthUtils.parseMapToString(params, false).replaceAll("&", ", ");
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册