提交 78988555 编写于 作者: 智布道's avatar 智布道 👁

🍻 完善百度登录,增加gitee登录的state校验

上级 ac4ede74
...@@ -32,7 +32,12 @@ public class AuthBaiduRequest extends BaseAuthRequest { ...@@ -32,7 +32,12 @@ public class AuthBaiduRequest extends BaseAuthRequest {
if (AuthBaiduErrorCode.OK != errorCode) { if (AuthBaiduErrorCode.OK != errorCode) {
throw new AuthException(errorCode.getDesc()); throw new AuthException(errorCode.getDesc());
} }
return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build(); return AuthToken.builder()
.accessToken(accessTokenObject.getString("access_token"))
.refreshToken(accessTokenObject.getString("refresh_token"))
.scope(accessTokenObject.getString("scope"))
.expireIn(accessTokenObject.getIntValue("expires_in"))
.build();
} }
@Override @Override
......
...@@ -66,6 +66,6 @@ public class AuthGiteeRequest extends BaseAuthRequest { ...@@ -66,6 +66,6 @@ public class AuthGiteeRequest extends BaseAuthRequest {
*/ */
@Override @Override
public String authorize() { public String authorize() {
return UrlBuilder.getGiteeAuthorizeUrl(config.getClientId(), config.getRedirectUri()); return UrlBuilder.getGiteeAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState());
} }
} }
...@@ -30,7 +30,7 @@ public class AuthGithubRequest extends BaseAuthRequest { ...@@ -30,7 +30,7 @@ public class AuthGithubRequest extends BaseAuthRequest {
@Override @Override
protected AuthToken getAccessToken(AuthCallback authCallback) { protected AuthToken getAccessToken(AuthCallback authCallback) {
String accessTokenUrl = UrlBuilder.getGithubAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config.getRedirectUri(), config.getState()); String accessTokenUrl = UrlBuilder.getGithubAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config.getRedirectUri());
HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); HttpResponse response = HttpRequest.post(accessTokenUrl).execute();
Map<String, String> res = GlobalAuthUtil.parseStringToMap(response.body()); Map<String, String> res = GlobalAuthUtil.parseStringToMap(response.body());
if (res.containsKey("error")) { if (res.containsKey("error")) {
......
...@@ -13,7 +13,7 @@ import java.text.MessageFormat; ...@@ -13,7 +13,7 @@ import java.text.MessageFormat;
*/ */
public class UrlBuilder { public class UrlBuilder {
private static final String GITHUB_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}&state={5}"; private static final String GITHUB_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}";
private static final String GITHUB_USER_INFO_PATTERN = "{0}?access_token={1}"; private static final String GITHUB_USER_INFO_PATTERN = "{0}?access_token={1}";
private static final String GITHUB_AUTHORIZE_PATTERN = "{0}?client_id={1}&redirect_uri={2}&state={3}"; private static final String GITHUB_AUTHORIZE_PATTERN = "{0}?client_id={1}&redirect_uri={2}&state={3}";
...@@ -27,7 +27,7 @@ public class UrlBuilder { ...@@ -27,7 +27,7 @@ public class UrlBuilder {
private static final String GITEE_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}"; private static final String GITEE_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}";
private static final String GITEE_USER_INFO_PATTERN = "{0}?access_token={1}"; private static final String GITEE_USER_INFO_PATTERN = "{0}?access_token={1}";
private static final String GITEE_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}"; private static final String GITEE_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&state={3}";
private static final String DING_TALK_QRCONNECT_PATTERN = "{0}?appid={1}&response_type=code&scope=snsapi_login&state=STATE&redirect_uri={2}"; private static final String DING_TALK_QRCONNECT_PATTERN = "{0}?appid={1}&response_type=code&scope=snsapi_login&state=STATE&redirect_uri={2}";
private static final String DING_TALK_USER_INFO_PATTERN = "{0}?signature={1}&timestamp={2}&accessKey={3}"; private static final String DING_TALK_USER_INFO_PATTERN = "{0}?signature={1}&timestamp={2}&accessKey={3}";
...@@ -96,6 +96,15 @@ public class UrlBuilder { ...@@ -96,6 +96,15 @@ public class UrlBuilder {
private static final String TOUTIAO_USER_INFO_PATTERN = "{0}?client_key={1}&access_token={2}"; private static final String TOUTIAO_USER_INFO_PATTERN = "{0}?client_key={1}&access_token={2}";
private static final String TOUTIAO_AUTHORIZE_PATTERN = "{0}?client_key={1}&redirect_uri={2}&state={3}&response_type=code&auth_only=1&display=0"; private static final String TOUTIAO_AUTHORIZE_PATTERN = "{0}?client_key={1}&redirect_uri={2}&state={3}&response_type=code&auth_only=1&display=0";
/**
* 获取state,如果为空, 则默认去当前日期的时间戳
*
* @param state state
*/
private static Object getState(String state) {
return StringUtils.isEmpty(state) ? String.valueOf(System.currentTimeMillis()) : state;
}
/** /**
* 获取githubtoken的接口地址 * 获取githubtoken的接口地址
* *
...@@ -103,11 +112,10 @@ public class UrlBuilder { ...@@ -103,11 +112,10 @@ public class UrlBuilder {
* @param clientSecret github 应用的Client Secret * @param clientSecret github 应用的Client Secret
* @param code github 授权前的code,用来换token * @param code github 授权前的code,用来换token
* @param redirectUri 待跳转的页面 * @param redirectUri 待跳转的页面
* @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return full url * @return full url
*/ */
public static String getGithubAccessTokenUrl(String clientId, String clientSecret, String code, String redirectUri, String state) { public static String getGithubAccessTokenUrl(String clientId, String clientSecret, String code, String redirectUri) {
return MessageFormat.format(GITHUB_ACCESS_TOKEN_PATTERN, AuthSource.GITHUB.accessToken(), clientId, clientSecret, code, redirectUri, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state); return MessageFormat.format(GITHUB_ACCESS_TOKEN_PATTERN, AuthSource.GITHUB.accessToken(), clientId, clientSecret, code, redirectUri);
} }
/** /**
...@@ -129,7 +137,7 @@ public class UrlBuilder { ...@@ -129,7 +137,7 @@ public class UrlBuilder {
* @return full url * @return full url
*/ */
public static String getGithubAuthorizeUrl(String clientId, String redirectUrl, String state) { public static String getGithubAuthorizeUrl(String clientId, String redirectUrl, String state) {
return MessageFormat.format(GITHUB_AUTHORIZE_PATTERN, AuthSource.GITHUB.authorize(), clientId, redirectUrl, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state); return MessageFormat.format(GITHUB_AUTHORIZE_PATTERN, AuthSource.GITHUB.authorize(), clientId, redirectUrl, getState(state));
} }
/** /**
...@@ -164,7 +172,7 @@ public class UrlBuilder { ...@@ -164,7 +172,7 @@ public class UrlBuilder {
* @return full url * @return full url
*/ */
public static String getWeiboAuthorizeUrl(String clientId, String redirectUrl, String state) { public static String getWeiboAuthorizeUrl(String clientId, String redirectUrl, String state) {
return MessageFormat.format(WEIBO_AUTHORIZE_PATTERN, AuthSource.WEIBO.authorize(), clientId, redirectUrl, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state); return MessageFormat.format(WEIBO_AUTHORIZE_PATTERN, AuthSource.WEIBO.authorize(), clientId, redirectUrl, getState(state));
} }
/** /**
...@@ -195,10 +203,11 @@ public class UrlBuilder { ...@@ -195,10 +203,11 @@ public class UrlBuilder {
* *
* @param clientId gitee 应用的Client ID * @param clientId gitee 应用的Client ID
* @param redirectUrl gitee 应用授权成功后的回调地址 * @param redirectUrl gitee 应用授权成功后的回调地址
* @param state 随机字符串,用于保持会话状态,防止CSRF攻击
* @return json * @return json
*/ */
public static String getGiteeAuthorizeUrl(String clientId, String redirectUrl) { public static String getGiteeAuthorizeUrl(String clientId, String redirectUrl, String state) {
return MessageFormat.format(GITEE_AUTHORIZE_PATTERN, AuthSource.GITEE.authorize(), clientId, redirectUrl); return MessageFormat.format(GITEE_AUTHORIZE_PATTERN, AuthSource.GITEE.authorize(), clientId, redirectUrl, getState(state));
} }
/** /**
......
### 2019/06/28
1. 修复百度登录获取不到token失效时间的问题
2. gitee增加state参数校验
### 2019/06/27
1. 修改login方法的参数为AuthCallback,封装回调返回的参数
2. 支持state参数
3. 增加code和state参数校验
### 2019/06/25 ### 2019/06/25
qq授权登录时,需要获取`openId`作为`uuid`,在`1.6.1-beta``1.7.0`版本中,引入了`unionId`这一属性。获取`unionid`需要单独向qq团队**发送邮件**申请权限,鉴于这一申请权限的步骤比较麻烦(需要填写的内容比较多),所以在`AuthConfig`中增加了一个`unionId`属性,当为**true**时才会获取unionid,当为false时只获取openId。如果你需要该功能, 则在自行申请了相关权限后,将该属性置为true即可。关于unionId的参考链接:[UnionID介绍](http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D) qq授权登录时,需要获取`openId`作为`uuid`,在`1.6.1-beta``1.7.0`版本中,引入了`unionId`这一属性。获取`unionid`需要单独向qq团队**发送邮件**申请权限,鉴于这一申请权限的步骤比较麻烦(需要填写的内容比较多),所以在`AuthConfig`中增加了一个`unionId`属性,当为**true**时才会获取unionid,当为false时只获取openId。如果你需要该功能, 则在自行申请了相关权限后,将该属性置为true即可。关于unionId的参考链接:[UnionID介绍](http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册