From fcaef297ffcb1ec1547049dfcf7b2d7835d4a76c Mon Sep 17 00:00:00 2001
From: "Yangkai.Shen" <237497819@qq.com>
Date: Tue, 30 Jul 2019 18:41:34 +0800
Subject: [PATCH] =?UTF-8?q?:recycle:=20=E4=BF=AE=E6=94=B9=E9=83=A8?=
 =?UTF-8?q?=E5=88=86=E4=BB=A3=E7=A0=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pom.xml                                           |  4 ++--
 .../me/zhyd/oauth/request/AuthDefaultRequest.java |  1 +
 .../zhyd/oauth/request/AuthPinterestRequest.java  |  1 +
 .../java/me/zhyd/oauth/utils/AuthChecker.java     | 15 ++++++++++++++-
 4 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index e466e7d..a6293af 100644
--- a/pom.xml
+++ b/pom.xml
@@ -54,7 +54,7 @@
     <maven-source.version>2.2.1</maven-source.version>
     <maven-compiler.version>3.7.0</maven-compiler.version>
     <maven.test.skip>true</maven.test.skip>
-    <hutool-version>4.6.0</hutool-version>
+    <hutool-version>4.6.1</hutool-version>
     <lombok-version>1.18.4</lombok-version>
     <junit-version>4.11</junit-version>
     <fastjson-version>1.2.58</fastjson-version>
@@ -89,7 +89,7 @@
       <groupId>com.alipay.sdk</groupId>
       <artifactId>alipay-sdk-java</artifactId>
       <version>${alipay-sdk-version}</version>
-      <scope>compile</scope>
+      <scope>provided</scope>
     </dependency>
     <dependency>
       <groupId>org.slf4j</groupId>
diff --git a/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java
index 354e3c5..a8e8eb5 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java
@@ -43,6 +43,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
     public AuthResponse login(AuthCallback authCallback) {
         try {
             AuthChecker.checkCode(source == AuthSource.ALIPAY ? authCallback.getAuth_code() : authCallback.getCode());
+            AuthChecker.checkState(authCallback);
 
             AuthToken authToken = this.getAccessToken(authCallback);
             AuthUser user = this.getUserInfo(authToken);
diff --git a/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java b/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java
index 31151d5..c537cff 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java
@@ -92,6 +92,7 @@ public class AuthPinterestRequest extends AuthDefaultRequest {
      * @param authToken token
      * @return 返回获取userInfo的url
      */
+    @Override
     protected String userInfoUrl(AuthToken authToken) {
         return UrlBuilder.fromBaseUrl(source.userInfo())
             .queryParam("access_token", authToken.getAccessToken())
diff --git a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
index 3cbd6ad..e9df0da 100644
--- a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
+++ b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
@@ -3,6 +3,7 @@ package me.zhyd.oauth.utils;
 import me.zhyd.oauth.config.AuthConfig;
 import me.zhyd.oauth.config.AuthSource;
 import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthResponseStatus;
 
 /**
@@ -22,7 +23,8 @@ public class AuthChecker {
      * @since 1.6.1-beta
      */
     public static boolean isSupportedAuth(AuthConfig config, AuthSource source) {
-        boolean isSupported = StringUtils.isNotEmpty(config.getClientId()) && StringUtils.isNotEmpty(config.getClientSecret()) && StringUtils.isNotEmpty(config.getRedirectUri());
+        boolean isSupported = StringUtils.isNotEmpty(config.getClientId()) && StringUtils.isNotEmpty(config.getClientSecret()) && StringUtils
+            .isNotEmpty(config.getRedirectUri());
         if (isSupported && AuthSource.ALIPAY == source) {
             isSupported = StringUtils.isNotEmpty(config.getAlipayPublicKey());
         }
@@ -65,4 +67,15 @@ public class AuthChecker {
             throw new AuthException(AuthResponseStatus.ILLEGAL_CODE);
         }
     }
+
+    /**
+     * 校验回调传回的state
+     *
+     * @param authCallback 回调
+     */
+    public static void checkState(AuthCallback authCallback) {
+        if (!authCallback.checkState()) {
+            throw new AuthException(AuthResponseStatus.ILLEGAL_REQUEST);
+        }
+    }
 }
-- 
GitLab