From ac4ede74bf073b6902fe7224ef09cffd6ab822ad Mon Sep 17 00:00:00 2001 From: "yadong.zhang" Date: Thu, 27 Jun 2019 19:39:21 +0800 Subject: [PATCH] =?UTF-8?q?:alien:=20=E4=BF=AE=E6=94=B9login=E6=96=B9?= =?UTF-8?q?=E6=B3=95=E7=9A=84=E5=8F=82=E6=95=B0=E4=B8=BAAuthCallback?= =?UTF-8?q?=EF=BC=8C=E5=B0=81=E8=A3=85=E5=9B=9E=E8=B0=83=E8=BF=94=E5=9B=9E?= =?UTF-8?q?=E7=9A=84=E5=8F=82=E6=95=B0=E3=80=81=E6=94=AF=E6=8C=81state?= =?UTF-8?q?=E5=8F=82=E6=95=B0=E3=80=81=E5=A2=9E=E5=8A=A0code=E5=92=8Cstate?= =?UTF-8?q?=E5=8F=82=E6=95=B0=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pom.xml | 2 +- .../java/me/zhyd/oauth/config/AuthConfig.java | 9 +++++ .../me/zhyd/oauth/model/AuthCallback.java | 31 ++++++++++++++++ .../me/zhyd/oauth/model/AuthResponse.java | 6 ++-- .../java/me/zhyd/oauth/model/AuthToken.java | 5 ++- .../java/me/zhyd/oauth/model/AuthUser.java | 5 ++- .../zhyd/oauth/request/AuthAlipayRequest.java | 7 ++-- .../zhyd/oauth/request/AuthBaiduRequest.java | 4 +-- .../zhyd/oauth/request/AuthCodingRequest.java | 7 ++-- .../zhyd/oauth/request/AuthCsdnRequest.java | 7 ++-- .../oauth/request/AuthDingTalkRequest.java | 9 ++--- .../zhyd/oauth/request/AuthDouyinRequest.java | 9 ++--- .../oauth/request/AuthFacebookRequest.java | 7 ++-- .../zhyd/oauth/request/AuthGiteeRequest.java | 9 ++--- .../zhyd/oauth/request/AuthGithubRequest.java | 8 ++--- .../zhyd/oauth/request/AuthGoogleRequest.java | 5 +-- .../oauth/request/AuthLinkedinRequest.java | 9 ++--- .../me/zhyd/oauth/request/AuthMiRequest.java | 9 ++--- .../oauth/request/AuthMicrosoftRequest.java | 9 ++--- .../oauth/request/AuthOschinaRequest.java | 9 ++--- .../me/zhyd/oauth/request/AuthQqRequest.java | 9 ++--- .../me/zhyd/oauth/request/AuthRequest.java | 5 +-- .../zhyd/oauth/request/AuthTaobaoRequest.java | 5 +-- .../request/AuthTencentCloudRequest.java | 7 ++-- .../oauth/request/AuthToutiaoRequest.java | 9 ++--- .../zhyd/oauth/request/AuthWeChatRequest.java | 9 ++--- .../zhyd/oauth/request/AuthWeiboRequest.java | 9 ++--- .../zhyd/oauth/request/BaseAuthRequest.java | 16 +++++---- .../me/zhyd/oauth/request/ResponseStatus.java | 2 ++ ...uthConfigChecker.java => AuthChecker.java} | 36 +++++++++++++++++-- .../java/me/zhyd/oauth/utils/UrlBuilder.java | 21 ++++++----- 31 files changed, 187 insertions(+), 107 deletions(-) create mode 100644 src/main/java/me/zhyd/oauth/model/AuthCallback.java rename src/main/java/me/zhyd/oauth/utils/{AuthConfigChecker.java => AuthChecker.java} (58%) diff --git a/pom.xml b/pom.xml index 826a658..a445b72 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ me.zhyd.oauth JustAuth - 1.7.1 + 1.8.0 JustAuth https://gitee.com/yadong.zhang/JustAuth diff --git a/src/main/java/me/zhyd/oauth/config/AuthConfig.java b/src/main/java/me/zhyd/oauth/config/AuthConfig.java index 3ea5554..8b1f7da 100644 --- a/src/main/java/me/zhyd/oauth/config/AuthConfig.java +++ b/src/main/java/me/zhyd/oauth/config/AuthConfig.java @@ -40,6 +40,15 @@ public class AuthConfig { * 是否需要申请unionid,目前只针对qq登录 * 注:qq授权登录时,获取unionid需要单独发送邮件申请权限。如果个人开发者账号中申请了该权限,可以将该值置为true,在获取openId时就会同步获取unionId * 参考链接:http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D + *

+ * 1.7.1版本新增参数 */ private boolean unionId; + + /** + * 一个神奇的参数,最好使用随机的不可测的内容,可以用来防止CSRF攻击 + *

+ * 1.8.0版本新增参数 + */ + private String state; } diff --git a/src/main/java/me/zhyd/oauth/model/AuthCallback.java b/src/main/java/me/zhyd/oauth/model/AuthCallback.java new file mode 100644 index 0000000..fbc08ed --- /dev/null +++ b/src/main/java/me/zhyd/oauth/model/AuthCallback.java @@ -0,0 +1,31 @@ +package me.zhyd.oauth.model; + +import lombok.Getter; +import lombok.Setter; + +/** + * 授权回调时的参数类 + * + * @author yadong.zhang (yadong.zhang0415(a)gmail.com) + * @version 1.0 + * @since 1.8 + */ +@Getter +@Setter +public class AuthCallback { + + /** + * 访问AuthorizeUrl后回调时带的参数code + */ + private String code; + + /** + * 访问AuthorizeUrl后回调时带的参数auth_code,该参数目前只使用于支付宝登录 + */ + private String auth_code; + + /** + * 访问AuthorizeUrl后回调时带的参数state,用于和请求AuthorizeUrl前的state比较,防止CSRF攻击 + */ + private String state; +} diff --git a/src/main/java/me/zhyd/oauth/model/AuthResponse.java b/src/main/java/me/zhyd/oauth/model/AuthResponse.java index b985736..04f9ceb 100644 --- a/src/main/java/me/zhyd/oauth/model/AuthResponse.java +++ b/src/main/java/me/zhyd/oauth/model/AuthResponse.java @@ -1,7 +1,8 @@ package me.zhyd.oauth.model; import lombok.Builder; -import lombok.Data; +import lombok.Getter; +import lombok.Setter; import me.zhyd.oauth.request.ResponseStatus; /** @@ -11,8 +12,9 @@ import me.zhyd.oauth.request.ResponseStatus; * @version 1.0 * @since 1.8 */ +@Getter +@Setter @Builder -@Data public class AuthResponse { /** * 授权响应状态码 diff --git a/src/main/java/me/zhyd/oauth/model/AuthToken.java b/src/main/java/me/zhyd/oauth/model/AuthToken.java index 37dcfd4..472d3d6 100644 --- a/src/main/java/me/zhyd/oauth/model/AuthToken.java +++ b/src/main/java/me/zhyd/oauth/model/AuthToken.java @@ -2,6 +2,8 @@ package me.zhyd.oauth.model; import lombok.Builder; import lombok.Data; +import lombok.Getter; +import lombok.Setter; /** * 授权所需的token @@ -10,7 +12,8 @@ import lombok.Data; * @version 1.0 * @since 1.8 */ -@Data +@Getter +@Setter @Builder public class AuthToken { private String accessToken; diff --git a/src/main/java/me/zhyd/oauth/model/AuthUser.java b/src/main/java/me/zhyd/oauth/model/AuthUser.java index 35a5d02..aca19f1 100644 --- a/src/main/java/me/zhyd/oauth/model/AuthUser.java +++ b/src/main/java/me/zhyd/oauth/model/AuthUser.java @@ -2,6 +2,8 @@ package me.zhyd.oauth.model; import lombok.Builder; import lombok.Data; +import lombok.Getter; +import lombok.Setter; import me.zhyd.oauth.config.AuthSource; /** @@ -11,8 +13,9 @@ import me.zhyd.oauth.config.AuthSource; * @version 1.0 * @since 1.8 */ +@Getter +@Setter @Builder -@Data public class AuthUser { /** * 用户名 diff --git a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java index db414ae..06196b0 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java @@ -10,6 +10,7 @@ import com.alipay.api.response.AlipayUserInfoShareResponse; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUserGender; @@ -34,15 +35,15 @@ public class AuthAlipayRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { + protected AuthToken getAccessToken(AuthCallback authCallback) { AlipaySystemOauthTokenRequest request = new AlipaySystemOauthTokenRequest(); request.setGrantType("authorization_code"); - request.setCode(code); + request.setCode(authCallback.getCode()); AlipaySystemOauthTokenResponse response = null; try { response = this.alipayClient.execute(request); } catch (Exception e) { - throw new AuthException("Unable to get token from alipay using code [" + code + "]", e); + throw new AuthException("Unable to get token from alipay using code [" + authCallback.getCode() + "]", e); } if (!response.isSuccess()) { throw new AuthException(response.getSubMsg()); diff --git a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java index ff743d4..6eb936d 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java @@ -23,8 +23,8 @@ public class AuthBaiduRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getBaiduAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getBaiduAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config .getRedirectUri()); HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); JSONObject accessTokenObject = JSONObject.parseObject(response.body()); diff --git a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java index 66f7143..0ad822a 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java @@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUserGender; @@ -25,12 +26,12 @@ public class AuthCodingRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getCodingAccessTokenUrl(config.getClientId(), config.getClientSecret(), code); + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getCodingAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode()); HttpResponse response = HttpRequest.get(accessTokenUrl).execute(); JSONObject accessTokenObject = JSONObject.parseObject(response.body()); if (accessTokenObject.getIntValue("code") != 0) { - throw new AuthException("Unable to get token from coding using code [" + code + "]"); + throw new AuthException("Unable to get token from coding using code [" + authCallback.getCode() + "]"); } return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java index 858441b..9cee9a4 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java @@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUserGender; @@ -25,13 +26,13 @@ public class AuthCsdnRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getCsdnAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getCsdnAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config .getRedirectUri()); HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); JSONObject accessTokenObject = JSONObject.parseObject(response.body()); if (accessTokenObject.containsKey("error_code")) { - throw new AuthException("Unable to get token from csdn using code [" + code + "]"); + throw new AuthException("Unable to get token from csdn using code [" + authCallback.getCode() + "]"); } return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java index cf50b13..15262d9 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java @@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; -import me.zhyd.oauth.model.AuthDingTalkErrorCode; -import me.zhyd.oauth.model.AuthToken; -import me.zhyd.oauth.model.AuthUser; -import me.zhyd.oauth.model.AuthUserGender; +import me.zhyd.oauth.model.*; import me.zhyd.oauth.utils.GlobalAuthUtil; import me.zhyd.oauth.utils.UrlBuilder; @@ -28,8 +25,8 @@ public class AuthDingTalkRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - return AuthToken.builder().accessCode(code).build(); + protected AuthToken getAccessToken(AuthCallback authCallback) { + return AuthToken.builder().accessCode(authCallback.getCode()).build(); } @Override diff --git a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java index a3ae4ee..c48c402 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java @@ -6,10 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; -import me.zhyd.oauth.model.AuthResponse; -import me.zhyd.oauth.model.AuthToken; -import me.zhyd.oauth.model.AuthUser; -import me.zhyd.oauth.model.AuthUserGender; +import me.zhyd.oauth.model.*; import me.zhyd.oauth.utils.UrlBuilder; @@ -27,8 +24,8 @@ public class AuthDouyinRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getDouyinAccessTokenUrl(config.getClientId(), config.getClientSecret(), code); + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getDouyinAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode()); return this.getToken(accessTokenUrl); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java b/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java index 2f8e3c0..014137b 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java @@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUserGender; @@ -25,9 +26,9 @@ public class AuthFacebookRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getFacebookAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config - .getRedirectUri()); + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getFacebookAccessTokenUrl(config.getClientId(), config.getClientSecret(), + authCallback.getCode(), config.getRedirectUri()); HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); JSONObject object = JSONObject.parseObject(response.body()); diff --git a/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java index 1e3ae3b..4833384 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java @@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUserGender; @@ -25,13 +26,13 @@ public class AuthGiteeRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getGiteeAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config - .getRedirectUri()); + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getGiteeAccessTokenUrl(config.getClientId(), config.getClientSecret(), + authCallback.getCode(), config.getRedirectUri()); HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); JSONObject accessTokenObject = JSONObject.parseObject(response.body()); if (accessTokenObject.containsKey("error")) { - throw new AuthException("Unable to get token from gitee using code [" + code + "]"); + throw new AuthException("Unable to get token from gitee using code [" + authCallback.getCode() + "]"); } return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java index db7dcb2..d7245a9 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java @@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUserGender; @@ -28,9 +29,8 @@ public class AuthGithubRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getGithubAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config - .getRedirectUri()); + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getGithubAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config.getRedirectUri(), config.getState()); HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); Map res = GlobalAuthUtil.parseStringToMap(response.body()); if (res.containsKey("error")) { @@ -68,6 +68,6 @@ public class AuthGithubRequest extends BaseAuthRequest { */ @Override public String authorize() { - return UrlBuilder.getGithubAuthorizeUrl(config.getClientId(), config.getRedirectUri()); + return UrlBuilder.getGithubAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState()); } } diff --git a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java index 4e91761..1edcf91 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java @@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUserGender; @@ -25,8 +26,8 @@ public class AuthGoogleRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getGoogleAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getGoogleAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config .getRedirectUri()); HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); JSONObject object = JSONObject.parseObject(response.body()); diff --git a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java index acdb664..6115bda 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java @@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; -import me.zhyd.oauth.model.AuthResponse; -import me.zhyd.oauth.model.AuthToken; -import me.zhyd.oauth.model.AuthUser; -import me.zhyd.oauth.model.AuthUserGender; +import me.zhyd.oauth.model.*; import me.zhyd.oauth.utils.StringUtils; import me.zhyd.oauth.utils.UrlBuilder; @@ -29,8 +26,8 @@ public class AuthLinkedinRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getLinkedinAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getLinkedinAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config .getRedirectUri()); return this.getToken(accessTokenUrl); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java index 3686bee..b0be7f3 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java @@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; -import me.zhyd.oauth.model.AuthResponse; -import me.zhyd.oauth.model.AuthToken; -import me.zhyd.oauth.model.AuthUser; -import me.zhyd.oauth.model.AuthUserGender; +import me.zhyd.oauth.model.*; import me.zhyd.oauth.utils.UrlBuilder; import java.text.MessageFormat; @@ -30,8 +27,8 @@ public class AuthMiRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getMiAccessTokenUrl(config.getClientId(), config.getClientSecret(), config.getRedirectUri(), code); + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getMiAccessTokenUrl(config.getClientId(), config.getClientSecret(), config.getRedirectUri(), authCallback.getCode()); return getToken(accessTokenUrl); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java index 8902338..c394ff0 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java @@ -7,10 +7,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; -import me.zhyd.oauth.model.AuthResponse; -import me.zhyd.oauth.model.AuthToken; -import me.zhyd.oauth.model.AuthUser; -import me.zhyd.oauth.model.AuthUserGender; +import me.zhyd.oauth.model.*; import me.zhyd.oauth.utils.UrlBuilder; import java.util.HashMap; @@ -29,9 +26,9 @@ public class AuthMicrosoftRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { + protected AuthToken getAccessToken(AuthCallback authCallback) { String accessTokenUrl = UrlBuilder.getMicrosoftAccessTokenUrl(config.getClientId(), config.getClientSecret(), config - .getRedirectUri(), code); + .getRedirectUri(), authCallback.getCode()); return getToken(accessTokenUrl); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java b/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java index 0a4d934..f81d1c4 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java @@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUserGender; @@ -25,13 +26,13 @@ public class AuthOschinaRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getOschinaAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config - .getRedirectUri()); + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getOschinaAccessTokenUrl(config.getClientId(), config.getClientSecret(), + authCallback.getCode(), config.getRedirectUri()); HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); JSONObject accessTokenObject = JSONObject.parseObject(response.body()); if (accessTokenObject.containsKey("error")) { - throw new AuthException("Unable to get token from oschina using code [" + code + "]"); + throw new AuthException("Unable to get token from oschina using code [" + authCallback.getCode() + "]"); } return AuthToken.builder().accessToken(accessTokenObject.getString("access_token")).build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java b/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java index b0e2915..3472f29 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java @@ -7,6 +7,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUserGender; @@ -30,13 +31,13 @@ public class AuthQqRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getQqAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config - .getRedirectUri()); + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getQqAccessTokenUrl(config.getClientId(), config.getClientSecret(), + authCallback.getCode(), config.getRedirectUri()); HttpResponse response = HttpRequest.get(accessTokenUrl).execute(); Map accessTokenObject = GlobalAuthUtil.parseStringToMap(response.body()); if (!accessTokenObject.containsKey("access_token")) { - throw new AuthException("Unable to get token from qq using code [" + code + "]"); + throw new AuthException("Unable to get token from qq using code [" + authCallback.getCode() + "]"); } return AuthToken.builder() .accessToken(accessTokenObject.get("access_token")) diff --git a/src/main/java/me/zhyd/oauth/request/AuthRequest.java b/src/main/java/me/zhyd/oauth/request/AuthRequest.java index 38f3dd5..d75651e 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthRequest.java @@ -1,6 +1,7 @@ package me.zhyd.oauth.request; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthResponse; import me.zhyd.oauth.model.AuthToken; @@ -23,10 +24,10 @@ public interface AuthRequest { /** * 第三方登录 * - * @param code 通过authorize换回的code + * @param authCallback 用于接收回调参数的实体 * @return 返回登录成功后的用户信息 */ - default AuthResponse login(String code) { + default AuthResponse login(AuthCallback authCallback) { throw new AuthException(ResponseStatus.NOT_IMPLEMENTED); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java index 4558597..0dadd39 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java @@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUserGender; @@ -26,8 +27,8 @@ public class AuthTaobaoRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - return AuthToken.builder().accessCode(code).build(); + protected AuthToken getAccessToken(AuthCallback authCallback) { + return AuthToken.builder().accessCode(authCallback.getCode()).build(); } @Override diff --git a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java index db4458b..5daf48f 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java @@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUserGender; @@ -25,12 +26,12 @@ public class AuthTencentCloudRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getTencentCloudAccessTokenUrl(config.getClientId(), config.getClientSecret(), code); + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getTencentCloudAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode()); HttpResponse response = HttpRequest.get(accessTokenUrl).execute(); JSONObject object = JSONObject.parseObject(response.body()); if (object.getIntValue("code") != 0) { - throw new AuthException("Unable to get token from tencent cloud using code [" + code + "]: " + object.get("msg")); + throw new AuthException("Unable to get token from tencent cloud using code [" + authCallback.getCode() + "]: " + object.get("msg")); } return AuthToken.builder().accessToken(object.getString("access_token")).build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java index 423595c..41d4c76 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java @@ -6,10 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; -import me.zhyd.oauth.model.AuthToken; -import me.zhyd.oauth.model.AuthToutiaoErrorCode; -import me.zhyd.oauth.model.AuthUser; -import me.zhyd.oauth.model.AuthUserGender; +import me.zhyd.oauth.model.*; import me.zhyd.oauth.utils.UrlBuilder; /** @@ -26,8 +23,8 @@ public class AuthToutiaoRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getToutiaoAccessTokenUrl(config.getClientId(), config.getClientSecret(), code); + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getToutiaoAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode()); HttpResponse response = HttpRequest.get(accessTokenUrl).execute(); JSONObject object = JSONObject.parseObject(response.body()); diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java index 3d9fb7c..6fc9b7a 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java @@ -6,10 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; -import me.zhyd.oauth.model.AuthResponse; -import me.zhyd.oauth.model.AuthToken; -import me.zhyd.oauth.model.AuthUser; -import me.zhyd.oauth.model.AuthUserGender; +import me.zhyd.oauth.model.*; import me.zhyd.oauth.utils.UrlBuilder; /** @@ -31,8 +28,8 @@ public class AuthWeChatRequest extends BaseAuthRequest { * @return 所有信息 */ @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getWeChatAccessTokenUrl(config.getClientId(), config.getClientSecret(), code); + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getWeChatAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode()); return this.getToken(accessTokenUrl); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java index 246ebd3..366ee22 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java @@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.model.AuthUserGender; @@ -28,14 +29,14 @@ public class AuthWeiboRequest extends BaseAuthRequest { } @Override - protected AuthToken getAccessToken(String code) { - String accessTokenUrl = UrlBuilder.getWeiboAccessTokenUrl(config.getClientId(), config.getClientSecret(), code, config + protected AuthToken getAccessToken(AuthCallback authCallback) { + String accessTokenUrl = UrlBuilder.getWeiboAccessTokenUrl(config.getClientId(), config.getClientSecret(), authCallback.getCode(), config .getRedirectUri()); HttpResponse response = HttpRequest.post(accessTokenUrl).execute(); String accessTokenStr = response.body(); JSONObject accessTokenObject = JSONObject.parseObject(accessTokenStr); if (accessTokenObject.containsKey("error")) { - throw new AuthException("Unable to get token from weibo using code [" + code + "]:" + accessTokenObject.getString("error_description")); + throw new AuthException("Unable to get token from weibo using code [" + authCallback.getCode() + "]:" + accessTokenObject.getString("error_description")); } return AuthToken.builder() .accessToken(accessTokenObject.getString("access_token")) @@ -81,6 +82,6 @@ public class AuthWeiboRequest extends BaseAuthRequest { */ @Override public String authorize() { - return UrlBuilder.getWeiboAuthorizeUrl(config.getClientId(), config.getRedirectUri()); + return UrlBuilder.getWeiboAuthorizeUrl(config.getClientId(), config.getRedirectUri(), config.getState()); } } diff --git a/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java b/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java index 4fa29c3..52e1254 100644 --- a/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java +++ b/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java @@ -4,10 +4,11 @@ import lombok.Data; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; +import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthResponse; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; -import me.zhyd.oauth.utils.AuthConfigChecker; +import me.zhyd.oauth.utils.AuthChecker; /** * @author yadong.zhang (yadong.zhang0415(a)gmail.com) @@ -22,21 +23,24 @@ public abstract class BaseAuthRequest implements AuthRequest { public BaseAuthRequest(AuthConfig config, AuthSource source) { this.config = config; this.source = source; - if (!AuthConfigChecker.isSupportedAuth(config, source)) { + if (!AuthChecker.isSupportedAuth(config, source)) { throw new AuthException(ResponseStatus.PARAMETER_INCOMPLETE); } // 校验配置合法性 - AuthConfigChecker.check(config, source); + AuthChecker.checkConfig(config, source); } - protected abstract AuthToken getAccessToken(String code); + protected abstract AuthToken getAccessToken(AuthCallback authCallback); protected abstract AuthUser getUserInfo(AuthToken authToken); @Override - public AuthResponse login(String code) { + public AuthResponse login(AuthCallback authCallback) { try { - AuthToken authToken = this.getAccessToken(code); + AuthChecker.checkCode(authCallback.getCode()); + AuthChecker.checkState(authCallback.getState(), config.getState()); + + AuthToken authToken = this.getAccessToken(authCallback); AuthUser user = this.getUserInfo(authToken); return AuthResponse.builder().code(ResponseStatus.SUCCESS.getCode()).data(user).build(); } catch (Exception e) { diff --git a/src/main/java/me/zhyd/oauth/request/ResponseStatus.java b/src/main/java/me/zhyd/oauth/request/ResponseStatus.java index 41052ab..82a78c4 100644 --- a/src/main/java/me/zhyd/oauth/request/ResponseStatus.java +++ b/src/main/java/me/zhyd/oauth/request/ResponseStatus.java @@ -14,6 +14,8 @@ public enum ResponseStatus { NO_AUTH_SOURCE(5004, "AuthSource cannot be null"), UNIDENTIFIED_PLATFORM(5005, "Unidentified platform"), ILLEGAL_REDIRECT_URI(5006, "Illegal redirect uri"), + ILLEGAL_REQUEST(5007, "Illegal request"), + ILLEGAL_CODE(5008, "Illegal code"), ; private int code; diff --git a/src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java similarity index 58% rename from src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java rename to src/main/java/me/zhyd/oauth/utils/AuthChecker.java index 5451d48..994424b 100644 --- a/src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java +++ b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java @@ -12,7 +12,7 @@ import me.zhyd.oauth.request.ResponseStatus; * @version 1.0 * @since 1.8 */ -public class AuthConfigChecker { +public class AuthChecker { /** * 是否支持第三方登录 @@ -35,7 +35,7 @@ public class AuthConfigChecker { * @param config config * @param source source */ - public static void check(AuthConfig config, AuthSource source) { + public static void checkConfig(AuthConfig config, AuthSource source) { String redirectUri = config.getRedirectUri(); if (!GlobalAuthUtil.isHttpProtocol(redirectUri) && !GlobalAuthUtil.isHttpsProtocol(redirectUri)) { throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI); @@ -49,4 +49,36 @@ public class AuthConfigChecker { throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI); } } + + /** + * 校验回调传回的code + * + * @param code 回调时传回的code + */ + public static void checkCode(String code) { + if (StringUtils.isEmpty(code)) { + throw new AuthException(ResponseStatus.ILLEGAL_CODE); + } + } + + /** + * 校验state的合法性防止被CSRF + * + * @param newState 新的state,一般为回调时传回的state(可能被篡改) + * @param originalState 原始的state,发起授权时向第三方平台传递的state + */ + public static void checkState(String newState, String originalState) { + // 如果原始state为空,表示当前平台未使用state + if (StringUtils.isEmpty(originalState)) { + return; + } + // 如果授权之前使用了state,但是回调时未返回state,则表示当前请求为非法的请求,可能正在被CSRF攻击 + if (StringUtils.isEmpty(newState)) { + throw new AuthException(ResponseStatus.ILLEGAL_REQUEST); + } + // 如果授权前后的state不一致,则表示当前请求为非法的请求,新的state可能为伪造 + if (!newState.equals(originalState)) { + throw new AuthException(ResponseStatus.ILLEGAL_REQUEST); + } + } } diff --git a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java index 7c8ed1e..8df5de4 100644 --- a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java +++ b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java @@ -13,9 +13,9 @@ import java.text.MessageFormat; */ public class UrlBuilder { - private static final String GITHUB_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}"; + private static final String GITHUB_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}&state={5}"; private static final String GITHUB_USER_INFO_PATTERN = "{0}?access_token={1}"; - private static final String GITHUB_AUTHORIZE_PATTERN = "{0}?client_id={1}&state=1&redirect_uri={2}"; + private static final String GITHUB_AUTHORIZE_PATTERN = "{0}?client_id={1}&redirect_uri={2}&state={3}"; private static final String GOOGLE_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&scope=openid%20email%20profile&redirect_uri={2}&state={3}"; private static final String GOOGLE_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&code={3}&redirect_uri={4}&grant_type=authorization_code"; @@ -23,7 +23,7 @@ public class UrlBuilder { private static final String WEIBO_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}"; private static final String WEIBO_USER_INFO_PATTERN = "{0}?{1}"; - private static final String WEIBO_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}"; + private static final String WEIBO_AUTHORIZE_PATTERN = "{0}?client_id={1}&response_type=code&redirect_uri={2}&state={3}"; private static final String GITEE_ACCESS_TOKEN_PATTERN = "{0}?client_id={1}&client_secret={2}&grant_type=authorization_code&code={3}&redirect_uri={4}"; private static final String GITEE_USER_INFO_PATTERN = "{0}?access_token={1}"; @@ -103,10 +103,11 @@ public class UrlBuilder { * @param clientSecret github 应用的Client Secret * @param code github 授权前的code,用来换token * @param redirectUri 待跳转的页面 + * @param state 随机字符串,用于保持会话状态,防止CSRF攻击 * @return full url */ - public static String getGithubAccessTokenUrl(String clientId, String clientSecret, String code, String redirectUri) { - return MessageFormat.format(GITHUB_ACCESS_TOKEN_PATTERN, AuthSource.GITHUB.accessToken(), clientId, clientSecret, code, redirectUri); + public static String getGithubAccessTokenUrl(String clientId, String clientSecret, String code, String redirectUri, String state) { + return MessageFormat.format(GITHUB_ACCESS_TOKEN_PATTERN, AuthSource.GITHUB.accessToken(), clientId, clientSecret, code, redirectUri, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state); } /** @@ -124,10 +125,11 @@ public class UrlBuilder { * * @param clientId github 应用的Client ID * @param redirectUrl github 应用授权成功后的回调地址 + * @param state 随机字符串,用于保持会话状态,防止CSRF攻击 * @return full url */ - public static String getGithubAuthorizeUrl(String clientId, String redirectUrl) { - return MessageFormat.format(GITHUB_AUTHORIZE_PATTERN, AuthSource.GITHUB.authorize(), clientId, redirectUrl); + public static String getGithubAuthorizeUrl(String clientId, String redirectUrl, String state) { + return MessageFormat.format(GITHUB_AUTHORIZE_PATTERN, AuthSource.GITHUB.authorize(), clientId, redirectUrl, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state); } /** @@ -158,10 +160,11 @@ public class UrlBuilder { * * @param clientId weibo 应用的Client ID * @param redirectUrl weibo 应用授权成功后的回调地址 + * @param state 随机字符串,用于保持会话状态,防止CSRF攻击 * @return full url */ - public static String getWeiboAuthorizeUrl(String clientId, String redirectUrl) { - return MessageFormat.format(WEIBO_AUTHORIZE_PATTERN, AuthSource.WEIBO.authorize(), clientId, redirectUrl); + public static String getWeiboAuthorizeUrl(String clientId, String redirectUrl, String state) { + return MessageFormat.format(WEIBO_AUTHORIZE_PATTERN, AuthSource.WEIBO.authorize(), clientId, redirectUrl, StringUtils.isEmpty(state) ? System.currentTimeMillis() : state); } /** -- GitLab