From c6bd5d9e5d366fa6be9181ef825256cc0e13f925 Mon Sep 17 00:00:00 2001 From: "yadong.zhang" Date: Wed, 13 May 2020 00:58:03 +0800 Subject: [PATCH] =?UTF-8?q?:bookmark:=20=E5=8F=91=E5=B8=83=201.15.3-alpha?= =?UTF-8?q?=20=E8=A7=A3=E5=86=B3=E6=8E=A8=E7=89=B9=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E5=BC=82=E5=B8=B8=E7=9A=84BUG?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.en-US.md | 6 ++-- README.md | 6 ++-- bin/version.txt | 2 +- docs/README.md | 4 +-- docs/_coverpage.md | 2 +- pom.xml | 2 +- .../me/zhyd/oauth/model/AuthCallback.java | 5 +-- .../oauth/request/AuthTwitterRequest.java | 36 +++++++++++++------ .../java/me/zhyd/oauth/utils/AuthChecker.java | 8 +++++ .../zhyd/oauth/utils/GlobalAuthUtilsTest.java | 10 +++--- 10 files changed, 53 insertions(+), 28 deletions(-) diff --git a/README.en-US.md b/README.en-US.md index 8b74889..b494399 100644 --- a/README.en-US.md +++ b/README.en-US.md @@ -6,7 +6,7 @@

- + @@ -15,7 +15,7 @@ - + @@ -97,7 +97,7 @@ These artifacts are available from Maven Central: me.zhyd.oauth JustAuth - 1.15.2-alpha + 1.15.3-alpha ``` - Using JustAuth diff --git a/README.md b/README.md index 6d6decf..a2dc2da 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@

- + @@ -15,7 +15,7 @@ - + @@ -96,7 +96,7 @@ JustAuth,如你所见,它仅仅是一个**第三方授权登录**的**工具 me.zhyd.oauth JustAuth - 1.15.2-alpha + 1.15.3-alpha ``` - 调用api diff --git a/bin/version.txt b/bin/version.txt index a7b6ce4..f0c79df 100644 --- a/bin/version.txt +++ b/bin/version.txt @@ -1 +1 @@ -1.15.2-alpha +1.15.3-alpha diff --git a/docs/README.md b/docs/README.md index 4a9e695..b01cb0a 100644 --- a/docs/README.md +++ b/docs/README.md @@ -9,7 +9,7 @@

- + @@ -18,7 +18,7 @@ - + diff --git a/docs/_coverpage.md b/docs/_coverpage.md index a70f957..d60917a 100644 --- a/docs/_coverpage.md +++ b/docs/_coverpage.md @@ -1,6 +1,6 @@ ![](_media/justauth@0,25x.png) -# JustAuth 1.15.2-alpha +# JustAuth 1.15.3-alpha 史上最全的整合第三方登录的开源库 diff --git a/pom.xml b/pom.xml index c875a77..434871f 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ me.zhyd.oauth JustAuth - 1.15.2-alpha + 1.15.3-alpha JustAuth https://gitee.com/yadong.zhang/JustAuth diff --git a/src/main/java/me/zhyd/oauth/model/AuthCallback.java b/src/main/java/me/zhyd/oauth/model/AuthCallback.java index c2f3083..39c030b 100644 --- a/src/main/java/me/zhyd/oauth/model/AuthCallback.java +++ b/src/main/java/me/zhyd/oauth/model/AuthCallback.java @@ -48,12 +48,13 @@ public class AuthCallback implements Serializable { * * @since 1.13.0 */ - private String oauthToken; + private String oauth_token; /** * Twitter回调后返回的oauth_verifier * * @since 1.13.0 */ - private String oauthVerifier; + private String oauth_verifier; + } diff --git a/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java index 0e3d3a9..3b29800 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java @@ -38,6 +38,21 @@ public class AuthTwitterRequest extends AuthDefaultRequest { super(config, TWITTER, authStateCache); } + /** + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} + * + * @param state state 验证授权流程的参数,可以防止csrf + * @return 返回授权地址 + * @since 1.9.3 + */ + @Override + public String authorize(String state) { + AuthToken token = this.getRequestToken(); + return UrlBuilder.fromBaseUrl(source.authorize()) + .queryParam("oauth_token", token.getOauthToken()) + .build(); + } + /** * Obtaining a request token * https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter @@ -54,6 +69,9 @@ public class AuthTwitterRequest extends AuthDefaultRequest { HttpHeader httpHeader = new HttpHeader(); httpHeader.add("Authorization", header); + httpHeader.add("User-Agent", "themattharris' HTTP Client"); + httpHeader.add("Host", "api.twitter.com"); + httpHeader.add("Accept", "*/*"); String requestToken = HttpUtil.post(baseUrl, null, httpHeader); Map res = MapUtil.parseStringToMap(requestToken, false); @@ -74,10 +92,10 @@ public class AuthTwitterRequest extends AuthDefaultRequest { @Override protected AuthToken getAccessToken(AuthCallback authCallback) { Map oauthParams = buildOauthParams(); - oauthParams.put("oauth_token", authCallback.getOauthToken()); - oauthParams.put("oauth_verifier", authCallback.getOauthVerifier()); + oauthParams.put("oauth_token", authCallback.getOauth_token()); + oauthParams.put("oauth_verifier", authCallback.getOauth_verifier()); oauthParams.put("oauth_signature", generateTwitterSignature(oauthParams, "POST", source.accessToken(), config.getClientSecret(), authCallback - .getOauthToken())); + .getOauth_token())); String header = buildHeader(oauthParams); HttpHeader httpHeader = new HttpHeader(); @@ -85,7 +103,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest { httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded"); Map form = new HashMap<>(1); - form.put("oauth_verifier", authCallback.getOauthVerifier()); + form.put("oauth_verifier", authCallback.getOauth_verifier()); String response = HttpUtil.post(source.accessToken(), form, httpHeader, false); Map requestToken = MapUtil.parseStringToMap(response, false); @@ -127,6 +145,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest { .avatar(userInfo.getString("profile_image_url_https")) .blog(userInfo.getString("url")) .location(userInfo.getString("location")) + .avatar(userInfo.getString("profile_image_url")) .source(source.toString()) .token(authToken) .build(); @@ -152,15 +171,12 @@ public class AuthTwitterRequest extends AuthDefaultRequest { } private String buildHeader(Map oauthParams) { - final StringBuilder sb = new StringBuilder(PREAMBLE); + final StringBuilder sb = new StringBuilder(PREAMBLE + " "); for (Map.Entry param : oauthParams.entrySet()) { - if (sb.length() > PREAMBLE.length()) { - sb.append(", "); - } - sb.append(param.getKey()).append("=\"").append(urlEncode(param.getValue())).append('"'); + sb.append(param.getKey()).append("=\"").append(urlEncode(param.getValue())).append('"').append(", "); } - return sb.toString(); + return sb.deleteCharAt(sb.length() - 2).toString(); } } diff --git a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java index be24a5c..4761d2c 100644 --- a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java +++ b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java @@ -72,6 +72,10 @@ public class AuthChecker { * @since 1.8.0 */ public static void checkCode(AuthSource source, AuthCallback callback) { + // 推特平台不支持回调 code 和 state + if (source == AuthDefaultSource.TWITTER) { + return; + } String code = callback.getCode(); if (source == AuthDefaultSource.ALIPAY) { code = callback.getAuth_code(); @@ -95,6 +99,10 @@ public class AuthChecker { * @param authStateCache {@code authStateCache} state缓存实现 */ public static void checkState(String state, AuthSource source, AuthStateCache authStateCache) { + // 推特平台不支持回调 code 和 state + if (source == AuthDefaultSource.TWITTER) { + return; + } if (StringUtils.isEmpty(state) || !authStateCache.containsKey(state)) { throw new AuthException(AuthResponseStatus.ILLEGAL_STATUS, source); } diff --git a/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilsTest.java b/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilsTest.java index c6b071b..3c002c5 100644 --- a/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilsTest.java +++ b/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilsTest.java @@ -92,20 +92,20 @@ public class GlobalAuthUtilsTest { .clientSecret("0YX3RH2DnPiT77pgzLzFdfpMKX8ENLIWQKYQ7lG5TERuZNgXN5") .build(); AuthCallback authCallback = AuthCallback.builder() - .oauthToken("W_KLmAAAAAAAxq5LAAABbXxJeD0") - .oauthVerifier("lYou4gxfA6S5KioUa8VF8HCShzA2nSxp") + .oauth_token("W_KLmAAAAAAAxq5LAAABbXxJeD0") + .oauth_verifier("lYou4gxfA6S5KioUa8VF8HCShzA2nSxp") .build(); Map params = new HashMap<>(); params.put("oauth_consumer_key", config.getClientId()); params.put("oauth_nonce", "sTj7Ivg73u052eXstpoS1AWQCynuDEPN"); params.put("oauth_signature_method", "HMAC-SHA1"); params.put("oauth_timestamp", "1569751082"); - params.put("oauth_token", authCallback.getOauthToken()); - params.put("oauth_verifier", authCallback.getOauthVerifier()); + params.put("oauth_token", authCallback.getOauth_token()); + params.put("oauth_verifier", authCallback.getOauth_verifier()); params.put("oauth_version", "1.0"); params.put("oauth_signature", GlobalAuthUtils.generateTwitterSignature(params, "POST", TWITTER.accessToken(), config.getClientSecret(), authCallback - .getOauthToken())); + .getOauth_token())); params.forEach((k, v) -> params.put(k, "\"" + GlobalAuthUtils.urlEncode(v) + "\"")); String actual = "OAuth " + GlobalAuthUtils.parseMapToString(params, false).replaceAll("&", ", "); -- GitLab