From 55c4b391bc94126c0cd903863e1fb8fae96da7de Mon Sep 17 00:00:00 2001 From: "yadong.zhang" Date: Thu, 25 Jul 2019 22:32:55 +0800 Subject: [PATCH 1/6] =?UTF-8?q?State=E4=BC=98=E5=8C=96=E7=AC=AC=E4=B8=80?= =?UTF-8?q?=E6=AD=A5=EF=BC=9A=E5=8E=BB=E6=8E=89AuthState=E5=B7=A5=E5=85=B7?= =?UTF-8?q?=E7=B1=BB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/me/zhyd/oauth/config/AuthConfig.java | 9 +- .../zhyd/oauth/request/AuthAlipayRequest.java | 7 +- .../zhyd/oauth/request/AuthBaiduRequest.java | 7 +- .../zhyd/oauth/request/AuthCodingRequest.java | 9 +- .../oauth/request/AuthDefaultRequest.java | 21 +- .../oauth/request/AuthDingTalkRequest.java | 7 +- .../zhyd/oauth/request/AuthDouyinRequest.java | 7 +- .../zhyd/oauth/request/AuthGithubRequest.java | 8 - .../zhyd/oauth/request/AuthGoogleRequest.java | 8 +- .../oauth/request/AuthLinkedinRequest.java | 7 +- .../me/zhyd/oauth/request/AuthMiRequest.java | 7 +- .../oauth/request/AuthMicrosoftRequest.java | 7 +- .../oauth/request/AuthPinterestRequest.java | 10 +- .../me/zhyd/oauth/request/AuthRequest.java | 11 + .../request/AuthStackOverflowRequest.java | 10 +- .../zhyd/oauth/request/AuthTaobaoRequest.java | 9 +- .../request/AuthTencentCloudRequest.java | 7 +- .../oauth/request/AuthToutiaoRequest.java | 7 +- .../zhyd/oauth/request/AuthWeChatRequest.java | 7 +- .../java/me/zhyd/oauth/utils/AuthChecker.java | 21 -- .../java/me/zhyd/oauth/utils/AuthState.java | 230 ----------------- .../java/me/zhyd/oauth/AuthRequestTest.java | 210 ++++++++-------- .../me/zhyd/oauth/utils/AuthStateTest.java | 231 ------------------ .../me/zhyd/oauth/utils/UrlBuilderTest.java | 10 +- 24 files changed, 199 insertions(+), 668 deletions(-) delete mode 100644 src/main/java/me/zhyd/oauth/utils/AuthState.java delete mode 100644 src/test/java/me/zhyd/oauth/utils/AuthStateTest.java diff --git a/src/main/java/me/zhyd/oauth/config/AuthConfig.java b/src/main/java/me/zhyd/oauth/config/AuthConfig.java index 6e72e82..f0eb349 100644 --- a/src/main/java/me/zhyd/oauth/config/AuthConfig.java +++ b/src/main/java/me/zhyd/oauth/config/AuthConfig.java @@ -6,7 +6,7 @@ import lombok.*; * JustAuth配置类 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 + * @version 1.9.3 * @since 1.8 */ @Getter @@ -45,13 +45,6 @@ public class AuthConfig { */ private boolean unionId; - /** - * 一个神奇的参数,最好使用随机的不可测的内容,可以用来防止CSRF攻击 - *

- * 1.8.0版本新增参数 - */ - private String state; - /** * Stack Overflow Key *

diff --git a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java index 07ce7da..f0c6f90 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java @@ -86,17 +86,18 @@ public class AuthAlipayRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("app_id", config.getClientId()) .queryParam("scope", "auth_user") .queryParam("redirect_uri", config.getRedirectUri()) - .queryParam("state", getRealState(config.getState())) + .queryParam("state", getRealState(state)) .build(); } } diff --git a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java index 5ce2149..11492b5 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java @@ -79,18 +79,19 @@ public class AuthBaiduRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_id", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) .queryParam("display", "popup") - .queryParam("state", getRealState(config.getState())) + .queryParam("state", getRealState(state)) .build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java index 98e45bf..ae28769 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java @@ -4,11 +4,11 @@ import cn.hutool.http.HttpResponse; import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; +import me.zhyd.oauth.enums.AuthUserGender; import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; -import me.zhyd.oauth.enums.AuthUserGender; import me.zhyd.oauth.utils.UrlBuilder; /** @@ -71,18 +71,19 @@ public class AuthCodingRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_id", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) .queryParam("scope", "user") - .queryParam("state", getRealState(config.getState())) + .queryParam("state", getRealState(state)) .build(); } } diff --git a/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java index 1774a15..7a8848f 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java @@ -2,7 +2,6 @@ package me.zhyd.oauth.request; import cn.hutool.http.HttpRequest; import cn.hutool.http.HttpResponse; -import lombok.Data; import lombok.extern.slf4j.Slf4j; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; @@ -43,7 +42,6 @@ public abstract class AuthDefaultRequest implements AuthRequest { public AuthResponse login(AuthCallback authCallback) { try { AuthChecker.checkCode(source == AuthSource.ALIPAY ? authCallback.getAuth_code() : authCallback.getCode()); - AuthChecker.checkState(authCallback.getState(), config.getState()); AuthToken authToken = this.getAccessToken(authCallback); AuthUser user = this.getUserInfo(authToken); @@ -64,16 +62,31 @@ public abstract class AuthDefaultRequest implements AuthRequest { /** * 返回认证url,可自行跳转页面 + *

+ * 不建议使用该方式获取授权地址,不带{@code state}的授权地址,容易受到csrf攻击。 + * 建议使用{@link AuthDefaultRequest#authorize(String)}方法生成授权地址,在回调方法中对{@code state}进行校验 * * @return 返回授权地址 */ + @Deprecated @Override public String authorize() { + return this.authorize(null); + } + + /** + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * + * @param state state 验证授权流程的参数,可以防止csrf + * @return 返回授权地址 + */ + @Override + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_id", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) - .queryParam("state", getRealState(config.getState())) + .queryParam("state", getRealState(state)) .build(); } @@ -130,7 +143,7 @@ public abstract class AuthDefaultRequest implements AuthRequest { } /** - * 获取state,如果为空, 则默认去当前日期的时间戳 + * 获取state,如果为空, 则默认取当前日期的时间戳 * * @param state 原始的state * @return 返回不为null的state diff --git a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java index ce0f52f..ad29df0 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java @@ -58,18 +58,19 @@ public class AuthDingTalkRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("appid", config.getClientId()) .queryParam("scope", "snsapi_login") .queryParam("redirect_uri", config.getRedirectUri()) - .queryParam("state", getRealState(config.getState())) + .queryParam("state", getRealState(state)) .build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java index a68f232..db9582c 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java @@ -89,18 +89,19 @@ public class AuthDouyinRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_key", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) - .queryParam("state", getRealState(config.getState())) .queryParam("scope", "user_info") + .queryParam("state", getRealState(state)) .build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java index f71378c..fb4a64a 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java @@ -63,12 +63,4 @@ public class AuthGithubRequest extends AuthDefaultRequest { .build(); } - /** - * 检查响应内容是否正确 - * - * @param object 请求响应内容 - */ - private void checkResponse(JSONObject object) { - - } } diff --git a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java index 61b4f7f..a3033a1 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java @@ -61,19 +61,19 @@ public class AuthGoogleRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 - * https://openidconnect.googleapis.com/v1/userinfo + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_id", config.getClientId()) .queryParam("scope", "openid%20email%20profile") .queryParam("redirect_uri", config.getRedirectUri()) - .queryParam("state", getRealState(config.getState())) + .queryParam("state", getRealState(state)) .build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java index e22a741..3deefb7 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java @@ -182,18 +182,19 @@ public class AuthLinkedinRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_id", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) - .queryParam("state", getRealState(config.getState())) .queryParam("scope", "r_liteprofile%20r_emailaddress%20w_member_social") + .queryParam("state", getRealState(state)) .build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java index 0ac9e00..abdcb10 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java @@ -109,19 +109,20 @@ public class AuthMiRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_id", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) - .queryParam("state", getRealState(config.getState())) .queryParam("scope", "user/profile%20user/openIdV2%20user/phoneAndEmail") .queryParam("skip_confirm", "false") + .queryParam("state", getRealState(state)) .build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java index addd187..4716c15 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java @@ -102,19 +102,20 @@ public class AuthMicrosoftRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_id", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) .queryParam("response_mode", "query") .queryParam("scope", "offline_access%20user.read%20mail.read") - .queryParam("state", getRealState(config.getState())) + .queryParam("state", getRealState(state)) .build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java b/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java index a8f5c38..7c3f000 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java @@ -69,14 +69,20 @@ public class AuthPinterestRequest extends AuthDefaultRequest { return jsonObject.getJSONObject("60x60").getString("url"); } + /** + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * + * @param state state 验证授权流程的参数,可以防止csrf + * @return 返回授权地址 + */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_id", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) - .queryParam("state", getRealState(config.getState())) .queryParam("scope", "read_public") + .queryParam("state", getRealState(state)) .build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthRequest.java b/src/main/java/me/zhyd/oauth/request/AuthRequest.java index d06913c..7b838e7 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthRequest.java @@ -18,10 +18,21 @@ public interface AuthRequest { * * @return 返回授权地址 */ + @Deprecated default String authorize() { throw new AuthException(AuthResponseStatus.NOT_IMPLEMENTED); } + /** + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * + * @param state state 验证授权流程的参数,可以防止csrf + * @return 返回授权地址 + */ + default String authorize(String state) { + throw new AuthException(AuthResponseStatus.NOT_IMPLEMENTED); + } + /** * 第三方登录 * diff --git a/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java b/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java index c23439e..cf438c2 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java @@ -67,14 +67,20 @@ public class AuthStackOverflowRequest extends AuthDefaultRequest { .build(); } + /** + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * + * @param state state 验证授权流程的参数,可以防止csrf + * @return 返回授权地址 + */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_id", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) - .queryParam("state", getRealState(config.getState())) .queryParam("scope", "read_inbox") + .queryParam("state", getRealState(state)) .build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java index 7a3b522..f350ccd 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java @@ -4,11 +4,11 @@ import cn.hutool.http.HttpResponse; import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; +import me.zhyd.oauth.enums.AuthUserGender; import me.zhyd.oauth.exception.AuthException; import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; -import me.zhyd.oauth.enums.AuthUserGender; import me.zhyd.oauth.utils.GlobalAuthUtil; import me.zhyd.oauth.utils.UrlBuilder; @@ -55,18 +55,19 @@ public class AuthTaobaoRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_id", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) - .queryParam("state", getRealState(config.getState())) .queryParam("view", "web") + .queryParam("state", getRealState(state)) .build(); } } diff --git a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java index 7aaa77d..5930aeb 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java @@ -71,18 +71,19 @@ public class AuthTencentCloudRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_id", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) .queryParam("scope", "user") - .queryParam("state", getRealState(config.getState())) + .queryParam("state", getRealState(state)) .build(); } } diff --git a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java index 2a1c979..ab73d3a 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java @@ -65,19 +65,20 @@ public class AuthToutiaoRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("client_key", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) - .queryParam("state", getRealState(config.getState())) .queryParam("auth_only", 1) .queryParam("display", 0) + .queryParam("state", getRealState(state)) .build(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java index dbc029a..f22f354 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java @@ -100,18 +100,19 @@ public class AuthWeChatRequest extends AuthDefaultRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} * + * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 */ @Override - public String authorize() { + public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("response_type", "code") .queryParam("appid", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) .queryParam("scope", "snsapi_login") - .queryParam("state", getRealState(config.getState()).concat("#wechat_redirect")) + .queryParam("state", getRealState(state)) .build(); } diff --git a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java index 33b59c3..ddb70be 100644 --- a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java +++ b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java @@ -63,25 +63,4 @@ public class AuthChecker { throw new AuthException(AuthResponseStatus.ILLEGAL_CODE); } } - - /** - * 校验state的合法性防止被CSRF - * - * @param newState 新的state,一般为回调时传回的state(可能被篡改) - * @param originalState 原始的state,发起授权时向第三方平台传递的state - */ - public static void checkState(String newState, String originalState) { - // 如果原始state为空,表示当前平台未使用state - if (StringUtils.isEmpty(originalState)) { - return; - } - // 如果授权之前使用了state,但是回调时未返回state,则表示当前请求为非法的请求,可能正在被CSRF攻击 - if (StringUtils.isEmpty(newState)) { - throw new AuthException(AuthResponseStatus.ILLEGAL_REQUEST); - } - // 如果授权前后的state不一致,则表示当前请求为非法的请求,新的state可能为伪造 - if (!newState.equals(originalState)) { - throw new AuthException(AuthResponseStatus.ILLEGAL_REQUEST); - } - } } diff --git a/src/main/java/me/zhyd/oauth/utils/AuthState.java b/src/main/java/me/zhyd/oauth/utils/AuthState.java deleted file mode 100644 index 1ca1b70..0000000 --- a/src/main/java/me/zhyd/oauth/utils/AuthState.java +++ /dev/null @@ -1,230 +0,0 @@ -package me.zhyd.oauth.utils; - -import cn.hutool.core.codec.Base64; -import cn.hutool.core.util.RandomUtil; -import com.alibaba.fastjson.JSON; -import lombok.extern.slf4j.Slf4j; -import me.zhyd.oauth.config.AuthSource; -import me.zhyd.oauth.exception.AuthException; -import me.zhyd.oauth.model.AuthResponseStatus; - -import java.nio.charset.Charset; -import java.util.concurrent.ConcurrentHashMap; - -/** - * state工具,负责创建、获取和删除state - * - * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 - * @since 1.8 - */ -@Slf4j -public class AuthState { - - /** - * 空字符串 - */ - private static final String EMPTY_STR = ""; - - /** - * state存储器 - */ - private static ConcurrentHashMap stateBucket = new ConcurrentHashMap<>(); - - /** - * 生成随机的state - * - * @param source oauth平台 - * @return state - */ - public static String create(AuthSource source) { - return create(source.name()); - } - - /** - * 生成随机的state - * - * @param source oauth平台 - * @return state - */ - public static String create(String source) { - return create(source, RandomUtil.randomString(4)); - } - - /** - * 创建state - * - * @param source oauth平台 - * @param body 希望加密到state的消息体 - * @return state - */ - public static String create(AuthSource source, Object body) { - return create(source, JSON.toJSONString(body)); - } - - /** - * 创建state - * - * @param source oauth平台 - * @param body 希望加密到state的消息体 - * @return state - */ - public static String create(String source, Object body) { - return create(source, JSON.toJSONString(body)); - } - - /** - * 创建state - * - * @param source oauth平台 - * @param body 希望加密到state的消息体 - * @return state - */ - public static String create(AuthSource source, String body) { - return create(source.name(), body); - } - - /** - * 创建state - * - * @param source oauth平台 - * @param body 希望加密到state的消息体 - * @return state - */ - public static String create(String source, String body) { - String currentIp = getCurrentIp(); - String simpleKey = ((source + currentIp)); - String key = Base64.encode(simpleKey.getBytes(Charset.forName("UTF-8"))); - log.debug("Create the state: ip={}, platform={}, simpleKey={}, key={}, body={}", currentIp, source, simpleKey, key, body); - - if (stateBucket.containsKey(key)) { - log.debug("Get from bucket: {}", stateBucket.get(key)); - return stateBucket.get(key); - } - - String simpleState = source + "_" + currentIp + "_" + body; - String state = Base64.encode(simpleState.getBytes(Charset.forName("UTF-8"))); - log.debug("Create a new state: {}", state, simpleState); - stateBucket.put(key, state); - return state; - } - - /** - * 获取state - * - * @param source oauth平台 - * @return state - */ - public static String get(AuthSource source) { - return get(source.name()); - } - - /** - * 获取state - * - * @param source oauth平台 - * @return state - */ - public static String get(String source) { - String currentIp = getCurrentIp(); - String simpleKey = ((source + currentIp)); - String key = Base64.encode(simpleKey.getBytes(Charset.forName("UTF-8"))); - log.debug("Get state by the key[{}], current ip[{}]", key, currentIp); - return stateBucket.get(key); - } - - /** - * 获取state中保存的body内容 - * - * @param source oauth平台 - * @param state 加密后的state - * @param clazz body的实际类型 - * @param 需要转换的具体的class类型 - * @return state - */ - public static T getBody(AuthSource source, String state, Class clazz) { - return getBody(source.name(), state, clazz); - } - - /** - * 获取state中保存的body内容 - * - * @param source oauth平台 - * @param state 加密后的state - * @param clazz body的实际类型 - * @param 需要转换的具体的class类型 - * @return state - */ - public static T getBody(String source, String state, Class clazz) { - if (StringUtils.isEmpty(state) || null == clazz) { - return null; - } - log.debug("Get body from the state[{}] of the {} and convert it to {}", state, source, clazz.toString()); - String currentIp = getCurrentIp(); - String decodedState = Base64.decodeStr(state); - log.debug("The decoded state is [{}]", decodedState); - if (!decodedState.startsWith(source)) { - return null; - } - String noneSourceState = decodedState.substring(source.length() + 1); - if (!noneSourceState.startsWith(currentIp)) { - // ip不相同,可能为非法的请求 - throw new AuthException(AuthResponseStatus.ILLEGAL_REQUEST); - } - String body = noneSourceState.substring(currentIp.length() + 1); - log.debug("body is [{}]", body); - if (clazz == String.class) { - return (T) body; - } - if (clazz == Integer.class) { - return (T) Integer.valueOf(Integer.parseInt(body)); - } - if (clazz == Long.class) { - return (T) Long.valueOf(Long.parseLong(body)); - } - if (clazz == Short.class) { - return (T) Short.valueOf(Short.parseShort(body)); - } - if (clazz == Double.class) { - return (T) Double.valueOf(Double.parseDouble(body)); - } - if (clazz == Float.class) { - return (T) Float.valueOf(Float.parseFloat(body)); - } - if (clazz == Boolean.class) { - return (T) Boolean.valueOf(Boolean.parseBoolean(body)); - } - if (clazz == Byte.class) { - return (T) Byte.valueOf(Byte.parseByte(body)); - } - return JSON.parseObject(body, clazz); - } - - /** - * 登录成功后,清除state - * - * @param source oauth平台 - */ - public static void delete(String source) { - String currentIp = getCurrentIp(); - - String simpleKey = ((source + currentIp)); - String key = Base64.encode(simpleKey.getBytes(Charset.forName("UTF-8"))); - log.debug("Delete used state[{}] by the key[{}], current ip[{}]", stateBucket.get(key), key, currentIp); - stateBucket.remove(key); - } - - /** - * 登录成功后,清除state - * - * @param source oauth平台 - */ - public static void delete(AuthSource source) { - delete(source.name()); - } - - private static String getCurrentIp() { - String currentIp = IpUtils.getIp(); - return StringUtils.isEmpty(currentIp) ? EMPTY_STR : currentIp; - } -} diff --git a/src/test/java/me/zhyd/oauth/AuthRequestTest.java b/src/test/java/me/zhyd/oauth/AuthRequestTest.java index a4c4a31..3ec2c5d 100644 --- a/src/test/java/me/zhyd/oauth/AuthRequestTest.java +++ b/src/test/java/me/zhyd/oauth/AuthRequestTest.java @@ -16,13 +16,12 @@ public class AuthRequestTest { @Test public void giteeTest() { AuthRequest authRequest = new AuthGiteeRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 authRequest.login(new AuthCallback()); } @@ -30,13 +29,12 @@ public class AuthRequestTest { @Test public void githubTest() { AuthRequest authRequest = new AuthGithubRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 authRequest.login(new AuthCallback()); } @@ -44,12 +42,12 @@ public class AuthRequestTest { @Test public void weiboTest() { AuthRequest authRequest = new AuthWeiboRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 authRequest.login(new AuthCallback()); } @@ -57,13 +55,12 @@ public class AuthRequestTest { @Test public void dingdingTest() { AuthRequest authRequest = new AuthDingTalkRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 authRequest.login(new AuthCallback()); } @@ -71,13 +68,12 @@ public class AuthRequestTest { @Test public void baiduTest() { AuthRequest authRequest = new AuthBaiduRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 authRequest.login(new AuthCallback()); } @@ -85,13 +81,12 @@ public class AuthRequestTest { @Test public void codingTest() { AuthRequest authRequest = new AuthCodingRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 authRequest.login(new AuthCallback()); } @@ -99,13 +94,12 @@ public class AuthRequestTest { @Test public void tencentCloudTest() { AuthRequest authRequest = new AuthTencentCloudRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 authRequest.login(new AuthCallback()); } @@ -113,13 +107,12 @@ public class AuthRequestTest { @Test public void oschinaTest() { AuthRequest authRequest = new AuthOschinaRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 authRequest.login(new AuthCallback()); } @@ -127,14 +120,13 @@ public class AuthRequestTest { @Test public void alipayTest() { AuthRequest authRequest = new AuthAlipayRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .alipayPublicKey("publicKey") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .alipayPublicKey("publicKey") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 AuthResponse login = authRequest.login(new AuthCallback()); } @@ -142,13 +134,12 @@ public class AuthRequestTest { @Test public void qqTest() { AuthRequest authRequest = new AuthQqRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 AuthResponse login = authRequest.login(new AuthCallback()); } @@ -156,13 +147,12 @@ public class AuthRequestTest { @Test public void wechatTest() { AuthRequest authRequest = new AuthWeChatRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 AuthResponse login = authRequest.login(new AuthCallback()); } @@ -170,13 +160,12 @@ public class AuthRequestTest { @Test public void taobaoTest() { AuthRequest authRequest = new AuthTaobaoRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 AuthResponse login = authRequest.login(new AuthCallback()); } @@ -184,13 +173,12 @@ public class AuthRequestTest { @Test public void googleTest() { AuthRequest authRequest = new AuthGoogleRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 AuthResponse login = authRequest.login(new AuthCallback()); } @@ -198,13 +186,12 @@ public class AuthRequestTest { @Test public void facebookTest() { AuthRequest authRequest = new AuthFacebookRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 AuthResponse login = authRequest.login(new AuthCallback()); } @@ -212,13 +199,12 @@ public class AuthRequestTest { @Test public void douyinTest() { AuthRequest authRequest = new AuthDouyinRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 AuthResponse login = authRequest.login(new AuthCallback()); } @@ -226,13 +212,12 @@ public class AuthRequestTest { @Test public void linkedinTest() { AuthRequest authRequest = new AuthLinkedinRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 AuthResponse login = authRequest.login(new AuthCallback()); } @@ -240,13 +225,12 @@ public class AuthRequestTest { @Test public void microsoftTest() { AuthRequest authRequest = new AuthMicrosoftRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 AuthResponse login = authRequest.login(new AuthCallback()); } @@ -254,13 +238,12 @@ public class AuthRequestTest { @Test public void miTest() { AuthRequest authRequest = new AuthMiRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 AuthResponse login = authRequest.login(new AuthCallback()); } @@ -268,13 +251,12 @@ public class AuthRequestTest { @Test public void toutiaoTest() { AuthRequest authRequest = new AuthToutiaoRequest(AuthConfig.builder() - .clientId("clientId") - .clientSecret("clientSecret") - .redirectUri("redirectUri") - .state("state") - .build()); + .clientId("clientId") + .clientSecret("clientSecret") + .redirectUri("redirectUri") + .build()); // 返回授权页面,可自行跳转 - String url = authRequest.authorize(); + authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 AuthResponse login = authRequest.login(new AuthCallback()); } diff --git a/src/test/java/me/zhyd/oauth/utils/AuthStateTest.java b/src/test/java/me/zhyd/oauth/utils/AuthStateTest.java deleted file mode 100644 index d73489d..0000000 --- a/src/test/java/me/zhyd/oauth/utils/AuthStateTest.java +++ /dev/null @@ -1,231 +0,0 @@ -package me.zhyd.oauth.utils; - -import cn.hutool.core.date.DatePattern; -import cn.hutool.core.date.DateUtil; -import me.zhyd.oauth.config.AuthConfig; -import org.junit.Assert; -import org.junit.Test; - -import java.util.*; - -public class AuthStateTest { - - /** - * step1 生成state: 预期创建一个新的state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV9yM3ll - * - * step2 重复生成state: 预期从bucket中返回一个可用的state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV9yM3ll - * - * step3 获取state: 预期获取上面生成的state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV9yM3ll - * - * step4 删除state: 预期删除掉上面创建的state... - * - * step5 重新获取state: 预期返回null... - * null - */ - @Test - public void usage() { - String source = "github"; - System.out.println("\nstep1 生成state: 预期创建一个新的state..."); - String state = AuthState.create(source); - System.out.println(state); - - System.out.println("\nstep2 重复生成state: 预期从bucket中返回一个可用的state..."); - String recreateState = AuthState.create(source); - System.out.println(recreateState); - Assert.assertEquals(state, recreateState); - - System.out.println("\nstep3 获取state: 预期获取上面生成的state..."); - String stateByBucket = AuthState.get(source); - System.out.println(stateByBucket); - Assert.assertEquals(state, stateByBucket); - - System.out.println("\nstep4 删除state: 预期删除掉上面创建的state..."); - AuthState.delete(source); - - System.out.println("\nstep5 重新获取state: 预期返回null..."); - String deletedState = AuthState.get(source); - System.out.println(deletedState); - Assert.assertNull(deletedState); - } - - /** - * 通过随机字符串生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV9wdnAy - * - * 通过传入自定义的字符串生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV/ov5nmmK/kuIDkuKrlrZfnrKbkuLI= - * - * 通过传入数字生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV8xMTE= - * - * 通过传入日期生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV8xNTQ2MzE1OTMyMDAw - * - * 通过传入map生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV97InVzZXJUb2tlbiI6Inh4eHh4IiwidXNlcklkIjoxfQ== - * - * 通过传入List生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV9bInh4eHgiLCJ4eHh4eHh4eCJd - * - * 通过传入实体类生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV97ImNsaWVudElkIjoieHh4eHgiLCJjbGllbnRTZWNyZXQiOiJ4eHh4eCIsInVuaW9uSWQiOmZhbHNlfQ== - */ - @Test - public void create() { - String source = "github"; - System.out.println("\n通过随机字符串生成state..."); - String state = AuthState.create(source); - System.out.println(state); - AuthState.delete(source); - - System.out.println("\n通过传入自定义的字符串生成state..."); - String stringBody = "这是一个字符串"; - String stringState = AuthState.create(source, stringBody); - System.out.println(stringState); - AuthState.delete(source); - - System.out.println("\n通过传入数字生成state..."); - Integer numberBody = 111; - String numberState = AuthState.create(source, numberBody); - System.out.println(numberState); - AuthState.delete(source); - - System.out.println("\n通过传入日期生成state..."); - Date dateBody = DateUtil.parse("2019-01-01 12:12:12", DatePattern.NORM_DATETIME_PATTERN); - String dateState = AuthState.create(source, dateBody); - System.out.println(dateState); - AuthState.delete(source); - - System.out.println("\n通过传入map生成state..."); - Map mapBody = new HashMap<>(); - mapBody.put("userId", 1); - mapBody.put("userToken", "xxxxx"); - String mapState = AuthState.create(source, mapBody); - System.out.println(mapState); - AuthState.delete(source); - - System.out.println("\n通过传入List生成state..."); - List listBody = new ArrayList<>(); - listBody.add("xxxx"); - listBody.add("xxxxxxxx"); - String listState = AuthState.create(source, listBody); - System.out.println(listState); - AuthState.delete(source); - - System.out.println("\n通过传入实体类生成state..."); - AuthConfig entityBody = AuthConfig.builder() - .clientId("xxxxx") - .clientSecret("xxxxx") - .build(); - String entityState = AuthState.create(source, entityBody); - System.out.println(entityState); - AuthState.delete(source); - } - - /** - * 通过随机字符串生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV9kaWNn - * dicg - * - * 通过传入自定义的字符串生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV/ov5nmmK/kuIDkuKrlrZfnrKbkuLI= - * 这是一个字符串 - * - * 通过传入数字生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV8xMTE= - * 111 - * - * 通过传入日期生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV8xNTQ2MzE1OTMyMDAw - * Tue Jan 01 12:12:12 CST 2019 - * - * 通过传入map生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV97InVzZXJUb2tlbiI6Inh4eHh4IiwidXNlcklkIjoxfQ== - * {userToken=xxxxx, userId=1} - * - * 通过传入List生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV9bInh4eHgiLCJ4eHh4eHh4eCJd - * [xxxx, xxxxxxxx] - * - * 通过传入实体类生成state... - * Z2l0aHViXzE5Mi4xNjguMTkuMV97ImNsaWVudElkIjoieHh4eHgiLCJjbGllbnRTZWNyZXQiOiJ4eHh4eCIsInVuaW9uSWQiOmZhbHNlfQ== - * me.zhyd.oauth.config.AuthConfig@725bef66 - */ - @Test - public void getBody() { - String source = "github"; - System.out.println("\n通过随机字符串生成state..."); - String state = AuthState.create(source); - System.out.println(state); - String body = AuthState.getBody(source, state, String.class); - System.out.println(body); - AuthState.delete(source); - - System.out.println("\n通过传入自定义的字符串生成state..."); - String stringBody = "这是一个字符串"; - String stringState = AuthState.create(source, stringBody); - System.out.println(stringState); - stringBody = AuthState.getBody(source, stringState, String.class); - System.out.println(stringBody); - AuthState.delete(source); - - System.out.println("\n通过传入数字生成state..."); - Integer numberBody = 111; - String numberState = AuthState.create(source, numberBody); - System.out.println(numberState); - numberBody = AuthState.getBody(source, numberState, Integer.class); - System.out.println(numberBody); - AuthState.delete(source); - - System.out.println("\n通过传入日期生成state..."); - Date dateBody = DateUtil.parse("2019-01-01 12:12:12", DatePattern.NORM_DATETIME_PATTERN); - String dateState = AuthState.create(source, dateBody); - System.out.println(dateState); - dateBody = AuthState.getBody(source, dateState, Date.class); - System.out.println(dateBody); - AuthState.delete(source); - - System.out.println("\n通过传入map生成state..."); - Map mapBody = new HashMap<>(); - mapBody.put("userId", 1); - mapBody.put("userToken", "xxxxx"); - String mapState = AuthState.create(source, mapBody); - System.out.println(mapState); - mapBody = AuthState.getBody(source, mapState, Map.class); - System.out.println(mapBody); - AuthState.delete(source); - - System.out.println("\n通过传入List生成state..."); - List listBody = new ArrayList<>(); - listBody.add("xxxx"); - listBody.add("xxxxxxxx"); - String listState = AuthState.create(source, listBody); - System.out.println(listState); - listBody = AuthState.getBody(source, listState, List.class); - System.out.println(listBody); - AuthState.delete(source); - - System.out.println("\n通过传入实体类生成state..."); - AuthConfig entityBody = AuthConfig.builder() - .clientId("xxxxx") - .clientSecret("xxxxx") - .build(); - String entityState = AuthState.create(source, entityBody); - System.out.println(entityState); - entityBody = AuthState.getBody(source, entityState, AuthConfig.class); - System.out.println(entityBody); - AuthState.delete(source); - } - - @Test - public void getErrorStateBody() { - String source = "github"; - String state = "1111111111111111111111111111111"; - String body = AuthState.getBody(source, state, String.class); - System.out.println(body); - AuthState.delete(source); - } -} \ No newline at end of file diff --git a/src/test/java/me/zhyd/oauth/utils/UrlBuilderTest.java b/src/test/java/me/zhyd/oauth/utils/UrlBuilderTest.java index 161031e..065c59a 100644 --- a/src/test/java/me/zhyd/oauth/utils/UrlBuilderTest.java +++ b/src/test/java/me/zhyd/oauth/utils/UrlBuilderTest.java @@ -3,7 +3,6 @@ package me.zhyd.oauth.utils; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.request.AuthWeChatRequest; -import org.junit.Assert; import org.junit.Test; /** @@ -21,18 +20,17 @@ public class UrlBuilderTest { .clientId("appid-110110110") .clientSecret("secret-110110110") .redirectUri("https://xkcoding.com") - .state(AuthState.create(AuthSource.WECHAT)) .build(); String build = UrlBuilder.fromBaseUrl(AuthSource.WECHAT.authorize()) .queryParam("appid", config.getClientId()) .queryParam("redirect_uri", config.getRedirectUri()) .queryParam("response_type", "code") .queryParam("scope", "snsapi_login") - .queryParam("state", config.getState().concat("#wechat_redirect")) + .queryParam("state", "") .build(false); + System.out.println(build); AuthWeChatRequest request = new AuthWeChatRequest(config); - String authorize = request.authorize(); - Assert.assertEquals(build, authorize); - AuthState.delete(AuthSource.WECHAT); + String authorize = request.authorize("state"); + System.out.println(authorize); } } From ea1e1ba665a474ec23f32bf16b06bdc806508a63 Mon Sep 17 00:00:00 2001 From: "yadong.zhang" Date: Thu, 25 Jul 2019 22:33:24 +0800 Subject: [PATCH 2/6] =?UTF-8?q?State=E4=BC=98=E5=8C=96=E7=AC=AC=E4=B8=80?= =?UTF-8?q?=E6=AD=A5=EF=BC=9A=E5=8E=BB=E6=8E=89AuthState=E5=B7=A5=E5=85=B7?= =?UTF-8?q?=E7=B1=BB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/me/zhyd/oauth/request/AuthRequest.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/java/me/zhyd/oauth/request/AuthRequest.java b/src/main/java/me/zhyd/oauth/request/AuthRequest.java index 7b838e7..3d66f2c 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthRequest.java @@ -15,6 +15,9 @@ public interface AuthRequest { /** * 返回认证url,可自行跳转页面 + *

+ * 不建议使用该方式获取授权地址,不带{@code state}的授权地址,容易受到csrf攻击。 + * 建议使用{@link AuthDefaultRequest#authorize(String)}方法生成授权地址,在回调方法中对{@code state}进行校验 * * @return 返回授权地址 */ From 56c1e4ea3511fbb6692c710e22867ddcb3513c50 Mon Sep 17 00:00:00 2001 From: "yadong.zhang" Date: Thu, 25 Jul 2019 22:38:17 +0800 Subject: [PATCH 3/6] =?UTF-8?q?:memo:=20=E6=96=87=E6=A1=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- update.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/update.md b/update.md index 27ae1e5..ae21375 100644 --- a/update.md +++ b/update.md @@ -1,3 +1,9 @@ +### 2019/07/25 + +1. `AuthConfig`类中去掉state参数 +2. 删除`AuthState`类 +3. 增加`authorize(String)`方法,并且使用`@Deprecated`标记`authorize()`方法 + ### 2019/07/22 ([v1.9.2](https://gitee.com/yadong.zhang/JustAuth/releases/v1.9.2)) 1. 合并github上[@xkcoding](https://github.com/xkcoding) 的[pr#26](https://github.com/zhangyd-c/JustAuth/pull/26),AuthConfig类添加lombok注解,方便 [justauth-spring-boot-starter](https://github.com/xkcoding/justauth-spring-boot-starter) 直接使用 From 64aa1940e4b3bdcddf471141fb5d6f8780b596f4 Mon Sep 17 00:00:00 2001 From: "yadong.zhang" Date: Sat, 27 Jul 2019 07:34:01 +0800 Subject: [PATCH 4/6] =?UTF-8?q?:bulb:=20=E4=BC=98=E5=8C=96=E6=B3=A8?= =?UTF-8?q?=E9=87=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/me/zhyd/oauth/config/AuthConfig.java | 1 - src/main/java/me/zhyd/oauth/config/AuthSource.java | 1 - src/main/java/me/zhyd/oauth/enums/AuthToutiaoErrorCode.java | 1 - src/main/java/me/zhyd/oauth/enums/AuthUserGender.java | 1 - src/main/java/me/zhyd/oauth/exception/AuthException.java | 1 - src/main/java/me/zhyd/oauth/model/AuthCallback.java | 1 - src/main/java/me/zhyd/oauth/model/AuthResponse.java | 1 - src/main/java/me/zhyd/oauth/model/AuthResponseStatus.java | 1 - src/main/java/me/zhyd/oauth/model/AuthToken.java | 1 - src/main/java/me/zhyd/oauth/model/AuthUser.java | 1 - src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java | 1 - src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java | 6 +++++- .../java/me/zhyd/oauth/request/AuthDingTalkRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthFacebookRequest.java | 1 - src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java | 1 - src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java | 1 - src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthLinkedinRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthMiRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthMicrosoftRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java | 1 - .../java/me/zhyd/oauth/request/AuthPinterestRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthQqRequest.java | 1 - src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java | 1 - src/main/java/me/zhyd/oauth/request/AuthRequest.java | 1 - .../me/zhyd/oauth/request/AuthStackOverflowRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthTeambitionRequest.java | 1 - .../java/me/zhyd/oauth/request/AuthTencentCloudRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java | 3 +-- src/main/java/me/zhyd/oauth/utils/AuthChecker.java | 1 - src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java | 1 - src/main/java/me/zhyd/oauth/utils/IpUtils.java | 5 ++--- src/main/java/me/zhyd/oauth/utils/UrlBuilder.java | 1 - src/test/java/me/zhyd/oauth/AuthRequestTest.java | 1 - src/test/java/me/zhyd/oauth/utils/CustomTest.java | 3 --- update.md | 5 +++++ 43 files changed, 28 insertions(+), 47 deletions(-) diff --git a/src/main/java/me/zhyd/oauth/config/AuthConfig.java b/src/main/java/me/zhyd/oauth/config/AuthConfig.java index f0eb349..deada89 100644 --- a/src/main/java/me/zhyd/oauth/config/AuthConfig.java +++ b/src/main/java/me/zhyd/oauth/config/AuthConfig.java @@ -6,7 +6,6 @@ import lombok.*; * JustAuth配置类 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.9.3 * @since 1.8 */ @Getter diff --git a/src/main/java/me/zhyd/oauth/config/AuthSource.java b/src/main/java/me/zhyd/oauth/config/AuthSource.java index 1ea6704..a9a0a61 100644 --- a/src/main/java/me/zhyd/oauth/config/AuthSource.java +++ b/src/main/java/me/zhyd/oauth/config/AuthSource.java @@ -7,7 +7,6 @@ import me.zhyd.oauth.model.AuthResponseStatus; * 各api需要的url, 用枚举类分平台类型管理 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.0 */ public enum AuthSource { diff --git a/src/main/java/me/zhyd/oauth/enums/AuthToutiaoErrorCode.java b/src/main/java/me/zhyd/oauth/enums/AuthToutiaoErrorCode.java index 11007b2..18df6ee 100644 --- a/src/main/java/me/zhyd/oauth/enums/AuthToutiaoErrorCode.java +++ b/src/main/java/me/zhyd/oauth/enums/AuthToutiaoErrorCode.java @@ -7,7 +7,6 @@ import lombok.Getter; * 今日头条授权登录时的异常状态码 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ @Getter diff --git a/src/main/java/me/zhyd/oauth/enums/AuthUserGender.java b/src/main/java/me/zhyd/oauth/enums/AuthUserGender.java index 3e39e3d..4a4d402 100644 --- a/src/main/java/me/zhyd/oauth/enums/AuthUserGender.java +++ b/src/main/java/me/zhyd/oauth/enums/AuthUserGender.java @@ -9,7 +9,6 @@ import java.util.Arrays; * 用户性别 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ @Getter diff --git a/src/main/java/me/zhyd/oauth/exception/AuthException.java b/src/main/java/me/zhyd/oauth/exception/AuthException.java index f4f7473..c64b0f8 100644 --- a/src/main/java/me/zhyd/oauth/exception/AuthException.java +++ b/src/main/java/me/zhyd/oauth/exception/AuthException.java @@ -4,7 +4,6 @@ import me.zhyd.oauth.model.AuthResponseStatus; /** * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthException extends RuntimeException { diff --git a/src/main/java/me/zhyd/oauth/model/AuthCallback.java b/src/main/java/me/zhyd/oauth/model/AuthCallback.java index fbc08ed..332c190 100644 --- a/src/main/java/me/zhyd/oauth/model/AuthCallback.java +++ b/src/main/java/me/zhyd/oauth/model/AuthCallback.java @@ -7,7 +7,6 @@ import lombok.Setter; * 授权回调时的参数类 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ @Getter diff --git a/src/main/java/me/zhyd/oauth/model/AuthResponse.java b/src/main/java/me/zhyd/oauth/model/AuthResponse.java index 484a743..3d682d5 100644 --- a/src/main/java/me/zhyd/oauth/model/AuthResponse.java +++ b/src/main/java/me/zhyd/oauth/model/AuthResponse.java @@ -8,7 +8,6 @@ import lombok.Setter; * JustAuth统一授权响应类 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ @Getter diff --git a/src/main/java/me/zhyd/oauth/model/AuthResponseStatus.java b/src/main/java/me/zhyd/oauth/model/AuthResponseStatus.java index 21ca6f6..28247f9 100644 --- a/src/main/java/me/zhyd/oauth/model/AuthResponseStatus.java +++ b/src/main/java/me/zhyd/oauth/model/AuthResponseStatus.java @@ -5,7 +5,6 @@ import lombok.Getter; /** * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ @Getter diff --git a/src/main/java/me/zhyd/oauth/model/AuthToken.java b/src/main/java/me/zhyd/oauth/model/AuthToken.java index 472d3d6..805a196 100644 --- a/src/main/java/me/zhyd/oauth/model/AuthToken.java +++ b/src/main/java/me/zhyd/oauth/model/AuthToken.java @@ -9,7 +9,6 @@ import lombok.Setter; * 授权所需的token * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ @Getter diff --git a/src/main/java/me/zhyd/oauth/model/AuthUser.java b/src/main/java/me/zhyd/oauth/model/AuthUser.java index ad64129..2652652 100644 --- a/src/main/java/me/zhyd/oauth/model/AuthUser.java +++ b/src/main/java/me/zhyd/oauth/model/AuthUser.java @@ -10,7 +10,6 @@ import me.zhyd.oauth.enums.AuthUserGender; * 授权成功后的用户信息,根据授权平台的不同,获取的数据完整性也不同 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ @Getter diff --git a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java index f0c6f90..9a6041d 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java @@ -21,7 +21,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * 支付宝登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthAlipayRequest extends AuthDefaultRequest { @@ -90,6 +89,7 @@ public class AuthAlipayRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java index 11492b5..cec929a 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java @@ -15,7 +15,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * 百度账号登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthBaiduRequest extends AuthDefaultRequest { @@ -83,6 +82,7 @@ public class AuthBaiduRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java index ae28769..772aafa 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java @@ -15,7 +15,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * Cooding登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthCodingRequest extends AuthDefaultRequest { @@ -75,6 +74,7 @@ public class AuthCodingRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java index 3a72d37..74d6976 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java @@ -14,7 +14,6 @@ import me.zhyd.oauth.model.AuthUser; * CSDN登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ @Deprecated diff --git a/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java index 7a8848f..ee9ce49 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java @@ -16,7 +16,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) * @author yangkai.shen (https://xkcoding.com) - * @version 1.0 * @since 1.8 */ @Slf4j @@ -67,6 +66,7 @@ public abstract class AuthDefaultRequest implements AuthRequest { * 建议使用{@link AuthDefaultRequest#authorize(String)}方法生成授权地址,在回调方法中对{@code state}进行校验 * * @return 返回授权地址 + * @see AuthDefaultRequest#authorize(String) */ @Deprecated @Override @@ -79,6 +79,7 @@ public abstract class AuthDefaultRequest implements AuthRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { @@ -178,6 +179,7 @@ public abstract class AuthDefaultRequest implements AuthRequest { * @param authToken token封装 * @return HttpResponse */ + @Deprecated protected HttpResponse doPostUserInfo(AuthToken authToken) { return HttpRequest.post(userInfoUrl(authToken)).execute(); } @@ -197,7 +199,9 @@ public abstract class AuthDefaultRequest implements AuthRequest { * * @param authToken token封装 * @return HttpResponse + * @since */ + @Deprecated protected HttpResponse doPostRevoke(AuthToken authToken) { return HttpRequest.post(revokeUrl(authToken)).execute(); } diff --git a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java index ad29df0..4d01e7e 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java @@ -18,7 +18,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * 钉钉登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthDingTalkRequest extends AuthDefaultRequest { @@ -62,6 +61,7 @@ public class AuthDingTalkRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java index db9582c..fb51a68 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java @@ -15,7 +15,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * 抖音登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthDouyinRequest extends AuthDefaultRequest { @@ -93,6 +92,7 @@ public class AuthDouyinRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java b/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java index 6d7cc2b..5f23fa2 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java @@ -15,7 +15,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * Facebook登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthFacebookRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java index e32c124..b599e92 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java @@ -14,7 +14,6 @@ import me.zhyd.oauth.model.AuthUser; * Gitee登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthGiteeRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java index fb4a64a..ad33f11 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java @@ -17,7 +17,6 @@ import java.util.Map; * Github登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthGithubRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java index a3033a1..8b165d3 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java @@ -16,7 +16,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * Google登录 * * @author yangkai.shen (https://xkcoding.com) - * @version 1.3 * @since 1.3 */ public class AuthGoogleRequest extends AuthDefaultRequest { @@ -65,6 +64,7 @@ public class AuthGoogleRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java index 3deefb7..b1e400c 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java @@ -18,7 +18,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * 领英登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthLinkedinRequest extends AuthDefaultRequest { @@ -186,6 +185,7 @@ public class AuthLinkedinRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java index abdcb10..b85b006 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java @@ -18,7 +18,6 @@ import java.text.MessageFormat; * 小米登录 * * @author yangkai.shen (https://xkcoding.com) - * @version 1.5 * @since 1.5 */ @Slf4j @@ -113,6 +112,7 @@ public class AuthMiRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java index 4716c15..691251e 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java @@ -16,7 +16,6 @@ import static me.zhyd.oauth.utils.GlobalAuthUtil.parseQueryToMap; * 微软登录 * * @author yangkai.shen (https://xkcoding.com) - * @version 1.5 * @since 1.5 */ public class AuthMicrosoftRequest extends AuthDefaultRequest { @@ -106,6 +105,7 @@ public class AuthMicrosoftRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java b/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java index 58cc743..396efd0 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java @@ -15,7 +15,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * oschina登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthOschinaRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java b/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java index 7c3f000..af192cc 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java @@ -19,7 +19,6 @@ import static me.zhyd.oauth.config.AuthSource.PINTEREST; * Pinterest登录 * * @author hongwei.peng (pengisgood(at)gmail(dot)com) - * @version 1.9.0 * @since 1.8 */ public class AuthPinterestRequest extends AuthDefaultRequest { @@ -74,6 +73,7 @@ public class AuthPinterestRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java b/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java index 1b8d6f9..78b8b61 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java @@ -20,7 +20,6 @@ import java.util.Map; * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) * @author yangkai.shen (https://xkcoding.com) - * @version 1.0 * @since 1.8 */ public class AuthQqRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java b/src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java index 6888764..da7f169 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java @@ -19,7 +19,6 @@ import static me.zhyd.oauth.model.AuthResponseStatus.SUCCESS; * 人人登录 * * @author hongwei.peng (pengisgood(at)gmail(dot)com) - * @version 1.9.0 * @since 1.8 */ public class AuthRenrenRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthRequest.java b/src/main/java/me/zhyd/oauth/request/AuthRequest.java index 3d66f2c..4445389 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthRequest.java @@ -8,7 +8,6 @@ import me.zhyd.oauth.model.AuthToken; /** * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public interface AuthRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java b/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java index cf438c2..ebcf133 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java @@ -18,7 +18,6 @@ import static me.zhyd.oauth.utils.GlobalAuthUtil.parseQueryToMap; * Stack Overflow登录 * * @author hongwei.peng (pengisgood(at)gmail(dot)com) - * @version 1.9.0 * @since 1.8 */ public class AuthStackOverflowRequest extends AuthDefaultRequest { @@ -72,6 +71,7 @@ public class AuthStackOverflowRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java index f350ccd..7d14813 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java @@ -16,7 +16,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * 淘宝登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthTaobaoRequest extends AuthDefaultRequest { @@ -59,6 +58,7 @@ public class AuthTaobaoRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthTeambitionRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTeambitionRequest.java index d8e79f6..f909970 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTeambitionRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTeambitionRequest.java @@ -13,7 +13,6 @@ import me.zhyd.oauth.model.*; * Teambition授权登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthTeambitionRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java index 5930aeb..23596c3 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java @@ -15,7 +15,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * 腾讯云登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthTencentCloudRequest extends AuthDefaultRequest { @@ -75,6 +74,7 @@ public class AuthTencentCloudRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java index ab73d3a..7b6e47c 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java @@ -16,7 +16,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * 今日头条登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.5 * @since 1.5 */ public class AuthToutiaoRequest extends AuthDefaultRequest { @@ -69,6 +68,7 @@ public class AuthToutiaoRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java index f22f354..c859f4d 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java @@ -14,7 +14,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * 微信登录 * * @author yangkai.shen (https://xkcoding.com) - * @version 1.0 * @since 1.8 */ public class AuthWeChatRequest extends AuthDefaultRequest { @@ -104,6 +103,7 @@ public class AuthWeChatRequest extends AuthDefaultRequest { * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 + * @since 1.9.3 */ @Override public String authorize(String state) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java index cf1df17..cd2868a 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java @@ -19,7 +19,6 @@ import me.zhyd.oauth.utils.UrlBuilder; * 微博登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthWeiboRequest extends AuthDefaultRequest { @@ -51,7 +50,7 @@ public class AuthWeiboRequest extends AuthDefaultRequest { String oauthParam = String.format("uid=%s&access_token=%s", uid, accessToken); HttpResponse response = HttpRequest.get(userInfoUrl(authToken)) .header("Authorization", "OAuth2 " + oauthParam) - .header("API-RemoteIP", IpUtils.getIp()) + .header("API-RemoteIP", IpUtils.getLocalIp()) .execute(); String userInfo = response.body(); JSONObject object = JSONObject.parseObject(userInfo); diff --git a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java index ddb70be..c01a76c 100644 --- a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java +++ b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java @@ -9,7 +9,6 @@ import me.zhyd.oauth.model.AuthResponseStatus; * 授权配置类的校验器 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthChecker { diff --git a/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java b/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java index 88928c1..9e5c787 100644 --- a/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java +++ b/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java @@ -21,7 +21,6 @@ import java.util.*; * 全局的工具类 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class GlobalAuthUtil { diff --git a/src/main/java/me/zhyd/oauth/utils/IpUtils.java b/src/main/java/me/zhyd/oauth/utils/IpUtils.java index 9da2bcb..a03a37d 100644 --- a/src/main/java/me/zhyd/oauth/utils/IpUtils.java +++ b/src/main/java/me/zhyd/oauth/utils/IpUtils.java @@ -7,7 +7,6 @@ import java.net.UnknownHostException; * 获取IP的工具类 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.0 */ public class IpUtils { @@ -17,7 +16,7 @@ public class IpUtils { * * @return ip */ - public static String getIp() { + public static String getLocalIp() { try { return InetAddress.getLocalHost().getHostAddress(); } catch (UnknownHostException e) { @@ -25,4 +24,4 @@ public class IpUtils { return null; } } -} \ No newline at end of file +} diff --git a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java index e392f05..cd790fc 100644 --- a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java +++ b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java @@ -14,7 +14,6 @@ import java.util.Map; *

* * @author yangkai.shen (https://xkcoding.com) - * @version 1.0 * @since 1.8 */ @Setter diff --git a/src/test/java/me/zhyd/oauth/AuthRequestTest.java b/src/test/java/me/zhyd/oauth/AuthRequestTest.java index 3ec2c5d..f003b5e 100644 --- a/src/test/java/me/zhyd/oauth/AuthRequestTest.java +++ b/src/test/java/me/zhyd/oauth/AuthRequestTest.java @@ -8,7 +8,6 @@ import org.junit.Test; /** * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 * @since 1.8 */ public class AuthRequestTest { diff --git a/src/test/java/me/zhyd/oauth/utils/CustomTest.java b/src/test/java/me/zhyd/oauth/utils/CustomTest.java index b7a7c65..cd3b7a4 100644 --- a/src/test/java/me/zhyd/oauth/utils/CustomTest.java +++ b/src/test/java/me/zhyd/oauth/utils/CustomTest.java @@ -13,9 +13,6 @@ import java.util.Map; /** * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 - * @website https://www.zhyd.me - * @date 2019/7/19 15:52 * @since 1.8 */ public class CustomTest { diff --git a/update.md b/update.md index ae21375..629e092 100644 --- a/update.md +++ b/update.md @@ -1,3 +1,8 @@ +### 2019/07/27 + +1. `IpUtils.getIp`改名为`IpUtils.getLocalIp` +2. 规范注释 + ### 2019/07/25 1. `AuthConfig`类中去掉state参数 From a2d6dfe707e93e0d63d41d76df3a032b42852e08 Mon Sep 17 00:00:00 2001 From: "yadong.zhang" Date: Sat, 27 Jul 2019 07:55:52 +0800 Subject: [PATCH 5/6] =?UTF-8?q?:bulb:=20=E8=A7=84=E8=8C=83=E6=B3=A8?= =?UTF-8?q?=E9=87=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/me/zhyd/oauth/model/AuthCallback.java | 2 +- src/main/java/me/zhyd/oauth/model/AuthUser.java | 2 ++ .../java/me/zhyd/oauth/request/AuthAlipayRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthBaiduRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthCodingRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthDefaultRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthDingTalkRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthDouyinRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthFacebookRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthGiteeRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthGithubRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthGoogleRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthLinkedinRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthMiRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthMicrosoftRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthOschinaRequest.java | 4 ++-- .../java/me/zhyd/oauth/request/AuthPinterestRequest.java | 2 +- src/main/java/me/zhyd/oauth/request/AuthQqRequest.java | 9 ++++++++- .../java/me/zhyd/oauth/request/AuthRenrenRequest.java | 2 +- .../me/zhyd/oauth/request/AuthStackOverflowRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthTaobaoRequest.java | 2 +- .../me/zhyd/oauth/request/AuthTeambitionRequest.java | 2 +- .../me/zhyd/oauth/request/AuthTencentCloudRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthToutiaoRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthWeChatRequest.java | 2 +- .../java/me/zhyd/oauth/request/AuthWeiboRequest.java | 2 +- src/main/java/me/zhyd/oauth/utils/AuthChecker.java | 5 ++++- src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java | 2 +- src/main/java/me/zhyd/oauth/utils/IpUtils.java | 2 +- src/main/java/me/zhyd/oauth/utils/UrlBuilder.java | 2 +- src/test/java/me/zhyd/oauth/AuthRequestTest.java | 1 - src/test/java/me/zhyd/oauth/utils/CustomTest.java | 6 +++--- update.md | 2 +- 34 files changed, 47 insertions(+), 36 deletions(-) diff --git a/src/main/java/me/zhyd/oauth/model/AuthCallback.java b/src/main/java/me/zhyd/oauth/model/AuthCallback.java index 332c190..810ebea 100644 --- a/src/main/java/me/zhyd/oauth/model/AuthCallback.java +++ b/src/main/java/me/zhyd/oauth/model/AuthCallback.java @@ -7,7 +7,7 @@ import lombok.Setter; * 授权回调时的参数类 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.8.0 */ @Getter @Setter diff --git a/src/main/java/me/zhyd/oauth/model/AuthUser.java b/src/main/java/me/zhyd/oauth/model/AuthUser.java index 2652652..d98e727 100644 --- a/src/main/java/me/zhyd/oauth/model/AuthUser.java +++ b/src/main/java/me/zhyd/oauth/model/AuthUser.java @@ -18,6 +18,8 @@ import me.zhyd.oauth.enums.AuthUserGender; public class AuthUser { /** * 用户第三方系统的唯一id。在调用方集成改组件时,可以用uuid + source唯一确定一个用户 + * + * @since 1.3.3 */ private String uuid; /** diff --git a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java index 9a6041d..f3bc002 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java @@ -21,7 +21,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * 支付宝登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.0.1 */ public class AuthAlipayRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java index cec929a..49bc962 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java @@ -15,7 +15,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * 百度账号登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.0.0 */ public class AuthBaiduRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java index 772aafa..cea24f9 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java @@ -15,7 +15,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * Cooding登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.0.0 */ public class AuthCodingRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java index 74d6976..a6c3776 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthCsdnRequest.java @@ -14,7 +14,7 @@ import me.zhyd.oauth.model.AuthUser; * CSDN登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.0.0 */ @Deprecated public class AuthCsdnRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java index ee9ce49..8663c20 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java @@ -16,7 +16,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) * @author yangkai.shen (https://xkcoding.com) - * @since 1.8 + * @since 1.0.0 */ @Slf4j public abstract class AuthDefaultRequest implements AuthRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java index 4d01e7e..6f93286 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java @@ -18,7 +18,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * 钉钉登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.0.0 */ public class AuthDingTalkRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java index fb51a68..618e683 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java @@ -15,7 +15,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * 抖音登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.4.0 */ public class AuthDouyinRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java b/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java index 5f23fa2..96e0463 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthFacebookRequest.java @@ -15,7 +15,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * Facebook登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.3.0 */ public class AuthFacebookRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java index b599e92..819e96c 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGiteeRequest.java @@ -14,7 +14,7 @@ import me.zhyd.oauth.model.AuthUser; * Gitee登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.0.0 */ public class AuthGiteeRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java index ad33f11..00d9879 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGithubRequest.java @@ -17,7 +17,7 @@ import java.util.Map; * Github登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.0.0 */ public class AuthGithubRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java index 8b165d3..f5e8941 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java @@ -16,7 +16,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * Google登录 * * @author yangkai.shen (https://xkcoding.com) - * @since 1.3 + * @since 1.3.0 */ public class AuthGoogleRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java index b1e400c..933e2f3 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java @@ -18,7 +18,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * 领英登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.4.0 */ public class AuthLinkedinRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java index b85b006..1d8c60b 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java @@ -18,7 +18,7 @@ import java.text.MessageFormat; * 小米登录 * * @author yangkai.shen (https://xkcoding.com) - * @since 1.5 + * @since 1.5.0 */ @Slf4j public class AuthMiRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java index 691251e..03b8fe7 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java @@ -16,7 +16,7 @@ import static me.zhyd.oauth.utils.GlobalAuthUtil.parseQueryToMap; * 微软登录 * * @author yangkai.shen (https://xkcoding.com) - * @since 1.5 + * @since 1.5.0 */ public class AuthMicrosoftRequest extends AuthDefaultRequest { public AuthMicrosoftRequest(AuthConfig config) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java b/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java index 396efd0..c67819d 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthOschinaRequest.java @@ -15,7 +15,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * oschina登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.0.0 */ public class AuthOschinaRequest extends AuthDefaultRequest { @@ -58,7 +58,7 @@ public class AuthOschinaRequest extends AuthDefaultRequest { /** * 返回获取accessToken的url * - * @param code + * @param code 授权回调时带回的授权码 * @return 返回获取accessToken的url */ @Override diff --git a/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java b/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java index af192cc..be73c7d 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java @@ -19,7 +19,7 @@ import static me.zhyd.oauth.config.AuthSource.PINTEREST; * Pinterest登录 * * @author hongwei.peng (pengisgood(at)gmail(dot)com) - * @since 1.8 + * @since 1.9.0 */ public class AuthPinterestRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java b/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java index 78b8b61..274ccc2 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthQqRequest.java @@ -20,7 +20,7 @@ import java.util.Map; * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) * @author yangkai.shen (https://xkcoding.com) - * @since 1.8 + * @since 1.1.0 */ public class AuthQqRequest extends AuthDefaultRequest { public AuthQqRequest(AuthConfig config) { @@ -68,6 +68,13 @@ public class AuthQqRequest extends AuthDefaultRequest { .build(); } + /** + * 获取QQ用户的OpenId,支持自定义是否启用查询unionid的功能,如果启用查询unionid的功能, + * 那就需要调用者先通过邮件申请unionid功能,参考链接 {@see http://wiki.connect.qq.com/unionid%E4%BB%8B%E7%BB%8D} + * + * @param authToken 通过{@link AuthQqRequest#getAccessToken(AuthCallback)}获取到的{@code authToken} + * @return openId + */ private String getOpenId(AuthToken authToken) { HttpResponse response = HttpRequest.get(UrlBuilder.fromBaseUrl("https://graph.qq.com/oauth2.0/me") .queryParam("access_token", authToken.getAccessToken()) diff --git a/src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java b/src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java index da7f169..4b1186f 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthRenrenRequest.java @@ -19,7 +19,7 @@ import static me.zhyd.oauth.model.AuthResponseStatus.SUCCESS; * 人人登录 * * @author hongwei.peng (pengisgood(at)gmail(dot)com) - * @since 1.8 + * @since 1.9.0 */ public class AuthRenrenRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java b/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java index ebcf133..a2791c9 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java @@ -18,7 +18,7 @@ import static me.zhyd.oauth.utils.GlobalAuthUtil.parseQueryToMap; * Stack Overflow登录 * * @author hongwei.peng (pengisgood(at)gmail(dot)com) - * @since 1.8 + * @since 1.9.0 */ public class AuthStackOverflowRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java index 7d14813..6468920 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java @@ -16,7 +16,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * 淘宝登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.1.0 */ public class AuthTaobaoRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthTeambitionRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTeambitionRequest.java index f909970..50c1b7f 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTeambitionRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTeambitionRequest.java @@ -13,7 +13,7 @@ import me.zhyd.oauth.model.*; * Teambition授权登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.9.0 */ public class AuthTeambitionRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java index 23596c3..bedd8a3 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java @@ -15,7 +15,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * 腾讯云登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.0.0 */ public class AuthTencentCloudRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java index 7b6e47c..3aea926 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java @@ -16,7 +16,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * 今日头条登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.5 + * @since 1.6.0-beta */ public class AuthToutiaoRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java index c859f4d..913fd64 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java @@ -14,7 +14,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * 微信登录 * * @author yangkai.shen (https://xkcoding.com) - * @since 1.8 + * @since 1.1.0 */ public class AuthWeChatRequest extends AuthDefaultRequest { public AuthWeChatRequest(AuthConfig config) { diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java index cd2868a..9f226d8 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthWeiboRequest.java @@ -19,7 +19,7 @@ import me.zhyd.oauth.utils.UrlBuilder; * 微博登录 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.0.0 */ public class AuthWeiboRequest extends AuthDefaultRequest { diff --git a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java index c01a76c..3cbd6ad 100644 --- a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java +++ b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java @@ -9,7 +9,7 @@ import me.zhyd.oauth.model.AuthResponseStatus; * 授权配置类的校验器 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.6.1-beta */ public class AuthChecker { @@ -19,6 +19,7 @@ public class AuthChecker { * @param config config * @param source source * @return true or false + * @since 1.6.1-beta */ public static boolean isSupportedAuth(AuthConfig config, AuthSource source) { boolean isSupported = StringUtils.isNotEmpty(config.getClientId()) && StringUtils.isNotEmpty(config.getClientSecret()) && StringUtils.isNotEmpty(config.getRedirectUri()); @@ -36,6 +37,7 @@ public class AuthChecker { * * @param config config * @param source source + * @since 1.6.1-beta */ public static void checkConfig(AuthConfig config, AuthSource source) { String redirectUri = config.getRedirectUri(); @@ -56,6 +58,7 @@ public class AuthChecker { * 校验回调传回的code * * @param code 回调时传回的code + * @since 1.8.0 */ public static void checkCode(String code) { if (StringUtils.isEmpty(code)) { diff --git a/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java b/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java index 9e5c787..e1aad50 100644 --- a/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java +++ b/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java @@ -21,7 +21,7 @@ import java.util.*; * 全局的工具类 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 + * @since 1.0.0 */ public class GlobalAuthUtil { private static final Charset DEFAULT_ENCODING = StandardCharsets.UTF_8; diff --git a/src/main/java/me/zhyd/oauth/utils/IpUtils.java b/src/main/java/me/zhyd/oauth/utils/IpUtils.java index a03a37d..fb797cf 100644 --- a/src/main/java/me/zhyd/oauth/utils/IpUtils.java +++ b/src/main/java/me/zhyd/oauth/utils/IpUtils.java @@ -7,7 +7,7 @@ import java.net.UnknownHostException; * 获取IP的工具类 * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.0 + * @since 1.0.0 */ public class IpUtils { diff --git a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java index cd790fc..54faead 100644 --- a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java +++ b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java @@ -14,7 +14,7 @@ import java.util.Map; *

* * @author yangkai.shen (https://xkcoding.com) - * @since 1.8 + * @since 1.9.0 */ @Setter public class UrlBuilder { diff --git a/src/test/java/me/zhyd/oauth/AuthRequestTest.java b/src/test/java/me/zhyd/oauth/AuthRequestTest.java index f003b5e..f5d26ed 100644 --- a/src/test/java/me/zhyd/oauth/AuthRequestTest.java +++ b/src/test/java/me/zhyd/oauth/AuthRequestTest.java @@ -8,7 +8,6 @@ import org.junit.Test; /** * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 */ public class AuthRequestTest { diff --git a/src/test/java/me/zhyd/oauth/utils/CustomTest.java b/src/test/java/me/zhyd/oauth/utils/CustomTest.java index cd3b7a4..ccab7d2 100644 --- a/src/test/java/me/zhyd/oauth/utils/CustomTest.java +++ b/src/test/java/me/zhyd/oauth/utils/CustomTest.java @@ -1,7 +1,6 @@ package me.zhyd.oauth.utils; import com.alibaba.fastjson.JSON; -import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson.JSONPath; import org.junit.Test; @@ -12,8 +11,9 @@ import java.util.List; import java.util.Map; /** + * 其他测试方法 + * * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @since 1.8 */ public class CustomTest { @@ -68,7 +68,7 @@ public class CustomTest { } @Test - public void jsonpath(){ + public void jsonpath() { List>> list = new ArrayList<>(); Map> map = new HashMap<>(); diff --git a/update.md b/update.md index 629e092..cc70316 100644 --- a/update.md +++ b/update.md @@ -45,7 +45,7 @@ 2. 将CSDN相关的类置为`Deprecated`,后续可能会删除,也可能一直保留。毕竟CSDN的openAPI已经不对外开放了。 3. `BaseAuthRequest` 改名为 `AuthDefaultRequest` 4. `ResponseStatus` 改名为 `AuthResponseStatus` 并且移动到 `me.zhyd.oauth.model` -5. 合并github上[@xkcoding](https://github.com/xkcoding) 的[pr#18](https://github.com/zhangyd-c/JustAuth/pull/18),修复小米回调错误问题 同时 支持微信获取 +5. 合并github上[@xkcoding](https://github.com/xkcoding) 的[pr#18](https://github.com/zhangyd-c/JustAuth/pull/18),修复小米回调错误问题 同时 支持微信获取unionId ### 2019/07/15 ([v1.8.1](https://gitee.com/yadong.zhang/JustAuth/releases/v1.8.1)) 1. 新增 `AuthState` 类,内置默认的state生成规则和校验规则 From 33076971fe449fdf4c0b6f6d37c2004d000baf21 Mon Sep 17 00:00:00 2001 From: "yadong.zhang" Date: Tue, 30 Jul 2019 09:12:28 +0800 Subject: [PATCH 6/6] =?UTF-8?q?:bookmark:=20v1.9.3,=E8=AF=A6=E7=BB=86?= =?UTF-8?q?=E6=9B=B4=E6=96=B0=E5=86=85=E5=AE=B9=E5=8F=82=E8=80=83update.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 17 ++- pom.xml | 2 +- .../java/me/zhyd/oauth/cache/AuthCache.java | 50 ++++++ .../zhyd/oauth/cache/AuthCacheScheduler.java | 39 +++++ .../me/zhyd/oauth/cache/AuthDefaultCache.java | 144 ++++++++++++++++++ .../me/zhyd/oauth/cache/AuthStateCache.java | 51 +++++++ .../me/zhyd/oauth/model/AuthCallback.java | 11 ++ .../zhyd/oauth/request/AuthAlipayRequest.java | 2 +- .../zhyd/oauth/request/AuthBaiduRequest.java | 2 +- .../zhyd/oauth/request/AuthCodingRequest.java | 2 +- .../oauth/request/AuthDefaultRequest.java | 13 +- .../oauth/request/AuthDingTalkRequest.java | 2 +- .../zhyd/oauth/request/AuthDouyinRequest.java | 2 +- .../zhyd/oauth/request/AuthGoogleRequest.java | 2 +- .../oauth/request/AuthLinkedinRequest.java | 2 +- .../me/zhyd/oauth/request/AuthMiRequest.java | 2 +- .../oauth/request/AuthMicrosoftRequest.java | 2 +- .../oauth/request/AuthPinterestRequest.java | 2 +- .../me/zhyd/oauth/request/AuthRequest.java | 4 +- .../request/AuthStackOverflowRequest.java | 2 +- .../zhyd/oauth/request/AuthTaobaoRequest.java | 2 +- .../request/AuthTencentCloudRequest.java | 2 +- .../oauth/request/AuthToutiaoRequest.java | 2 +- .../zhyd/oauth/request/AuthWeChatRequest.java | 2 +- .../me/zhyd/oauth/utils/AuthStateUtils.java | 19 +++ .../java/me/zhyd/oauth/utils/StringUtils.java | 26 +++- .../java/me/zhyd/oauth/utils/UrlBuilder.java | 2 +- .../java/me/zhyd/oauth/utils/UuidUtils.java | 65 ++++++++ .../java/me/zhyd/oauth/AuthRequestTest.java | 38 +++++ .../zhyd/oauth/cache/AuthStateCacheTest.java | 32 ++++ .../me/zhyd/oauth/utils/UrlBuilderTest.java | 27 ++++ .../me/zhyd/oauth/utils/UuidUtilsTest.java | 13 ++ update.md | 8 + 33 files changed, 561 insertions(+), 30 deletions(-) create mode 100644 src/main/java/me/zhyd/oauth/cache/AuthCache.java create mode 100644 src/main/java/me/zhyd/oauth/cache/AuthCacheScheduler.java create mode 100644 src/main/java/me/zhyd/oauth/cache/AuthDefaultCache.java create mode 100644 src/main/java/me/zhyd/oauth/cache/AuthStateCache.java create mode 100644 src/main/java/me/zhyd/oauth/utils/AuthStateUtils.java create mode 100644 src/main/java/me/zhyd/oauth/utils/UuidUtils.java create mode 100644 src/test/java/me/zhyd/oauth/cache/AuthStateCacheTest.java create mode 100644 src/test/java/me/zhyd/oauth/utils/UuidUtilsTest.java diff --git a/README.md b/README.md index 8e51b9f..9e563f8 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@

- + @@ -15,7 +15,7 @@ - +

@@ -76,7 +76,7 @@ JustAuth,如你所见,它仅仅是一个**第三方授权登录**的**工具 me.zhyd.oauth JustAuth - 1.9.2 + 1.9.3 ``` - 调用api @@ -91,14 +91,19 @@ AuthRequest authRequest = new AuthGiteeRequest(AuthConfig.builder() // 生成授权页面 authRequest.authorize(); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的参数 +// 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 +// 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state authRequest.login(callback); ``` -注:`1.8.0`版本后,增加了`state`参数校验,用于防止[CSRF](https://zh.wikipedia.org/wiki/%E8%B7%A8%E7%AB%99%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0)。强烈建议,保证单次流程内`state`的唯一性,且每个`state`只可用一次。 - **配套Demo**: - [Springboot版](https://gitee.com/yadong.zhang/JustAuth-demo) -- [jFinal版](https://github.com/zhangyd-c/jfinal-justauth-demo) +- [jFinal版](https://github.com/xkcoding/jfinal-justauth-demo) +- [ActFramework版](https://github.com/xkcoding/act-justauth-demo) + +**扩展工具** + +- [justauth-spring-boot-starter](https://github.com/xkcoding/justauth-spring-boot-starter): Spring Boot 集成 JustAuth 的最佳实践 具体的例子可以参考: diff --git a/pom.xml b/pom.xml index 9752151..e466e7d 100644 --- a/pom.xml +++ b/pom.xml @@ -54,7 +54,7 @@ 2.2.1 3.7.0 true - 4.5.15 + 4.6.0 1.18.4 4.11 1.2.58 diff --git a/src/main/java/me/zhyd/oauth/cache/AuthCache.java b/src/main/java/me/zhyd/oauth/cache/AuthCache.java new file mode 100644 index 0000000..73de599 --- /dev/null +++ b/src/main/java/me/zhyd/oauth/cache/AuthCache.java @@ -0,0 +1,50 @@ +package me.zhyd.oauth.cache; + +/** + * JustAuth缓存,用来缓存State + * + * @author yadong.zhang (yadong.zhang0415(a)gmail.com) + * @since 1.9.3 + */ +public interface AuthCache { + + /** + * 设置缓存 + * + * @param key 缓存KEY + * @param value 缓存内容 + */ + void set(String key, String value); + + /** + * 设置缓存,指定过期时间 + * + * @param key 缓存KEY + * @param value 缓存内容 + * @param timeout 指定缓存过期时间(毫秒) + */ + void set(String key, String value, long timeout); + + /** + * 获取缓存 + * + * @param key 缓存KEY + * @return 缓存内容 + */ + String get(String key); + + /** + * 是否存在key,如果对应key的value值已过期,也返回false + * + * @param key 缓存KEY + * @return true:存在key,并且value没过期;false:key不存在或者已过期 + */ + boolean containsKey(String key); + + /** + * 清理过期的缓存 + */ + default void pruneCache() { + } + +} diff --git a/src/main/java/me/zhyd/oauth/cache/AuthCacheScheduler.java b/src/main/java/me/zhyd/oauth/cache/AuthCacheScheduler.java new file mode 100644 index 0000000..fbdfa88 --- /dev/null +++ b/src/main/java/me/zhyd/oauth/cache/AuthCacheScheduler.java @@ -0,0 +1,39 @@ +package me.zhyd.oauth.cache; + +import java.util.concurrent.ScheduledExecutorService; +import java.util.concurrent.ScheduledThreadPoolExecutor; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicInteger; + +/** + * 缓存调度器 + * + * @author yadong.zhang (yadong.zhang0415(a)gmail.com) + * @since 1.9.3 + */ +public enum AuthCacheScheduler { + + INSTANCE; + + private AtomicInteger cacheTaskNumber = new AtomicInteger(1); + private ScheduledExecutorService scheduler; + + AuthCacheScheduler() { + create(); + } + + private void create() { + this.shutdown(); + this.scheduler = new ScheduledThreadPoolExecutor(10, r -> new Thread(r, String.format("JustAuth-Task-%s", cacheTaskNumber.getAndIncrement()))); + } + + private void shutdown() { + if (null != scheduler) { + this.scheduler.shutdown(); + } + } + + public void schedule(Runnable task, long delay) { + this.scheduler.scheduleAtFixedRate(task, delay, delay, TimeUnit.MILLISECONDS); + } +} diff --git a/src/main/java/me/zhyd/oauth/cache/AuthDefaultCache.java b/src/main/java/me/zhyd/oauth/cache/AuthDefaultCache.java new file mode 100644 index 0000000..6da6695 --- /dev/null +++ b/src/main/java/me/zhyd/oauth/cache/AuthDefaultCache.java @@ -0,0 +1,144 @@ +package me.zhyd.oauth.cache; + +import lombok.Getter; +import lombok.Setter; + +import java.io.Serializable; +import java.util.Iterator; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.locks.Lock; +import java.util.concurrent.locks.ReentrantReadWriteLock; + +/** + * 默认的缓存实现 + * + * @author yadong.zhang (yadong.zhang0415(a)gmail.com) + * @since 1.9.3 + */ +public class AuthDefaultCache implements AuthCache { + + /** + * 默认缓存过期时间:3分钟 + * 鉴于授权过程中,根据个人的操作习惯,或者授权平台的不同(google等),每个授权流程的耗时也有差异,不过单个授权流程一般不会太长 + * 本缓存工具默认的过期时间设置为3分钟,即程序默认认为3分钟内的授权有效,超过3分钟则默认失效,失效后删除 + */ + private static final long DEF_TIMEOUT = 3 * 60 * 1000; + /** + * state cache + */ + private static Map stateCache = new ConcurrentHashMap<>(); + private final ReentrantReadWriteLock cacheLock = new ReentrantReadWriteLock(true); + private final Lock writeLock = cacheLock.writeLock(); + private final Lock readLock = cacheLock.readLock(); + + public AuthDefaultCache() { + this.schedulePrune(DEF_TIMEOUT); + } + + /** + * 设置缓存 + * + * @param key 缓存KEY + * @param value 缓存内容 + */ + @Override + public void set(String key, String value) { + set(key, value, DEF_TIMEOUT); + } + + /** + * 设置缓存 + * + * @param key 缓存KEY + * @param value 缓存内容 + * @param timeout 指定缓存过期时间(毫秒) + */ + @Override + public void set(String key, String value, long timeout) { + writeLock.lock(); + try { + stateCache.put(key, new CacheState(value, timeout)); + } finally { + writeLock.unlock(); + } + } + + /** + * 获取缓存 + * + * @param key 缓存KEY + * @return 缓存内容 + */ + @Override + public String get(String key) { + readLock.lock(); + try { + CacheState cacheState = stateCache.get(key); + if (null == cacheState || cacheState.isExpired()) { + return null; + } + return cacheState.getState(); + } finally { + readLock.unlock(); + } + } + + /** + * 是否存在key,如果对应key的value值已过期,也返回false + * + * @param key 缓存KEY + * @return true:存在key,并且value没过期;false:key不存在或者已过期 + */ + @Override + public boolean containsKey(String key) { + readLock.lock(); + try { + CacheState cacheState = stateCache.get(key); + return null != cacheState && !cacheState.isExpired(); + } finally { + readLock.unlock(); + } + } + + /** + * 清理过期的缓存 + */ + @Override + public void pruneCache() { + Iterator values = stateCache.values().iterator(); + CacheState cacheState; + while (values.hasNext()) { + cacheState = values.next(); + if (cacheState.isExpired()) { + values.remove(); + } + } + } + + /** + * 定时清理 + * + * @param delay 间隔时长,单位毫秒 + */ + public void schedulePrune(long delay) { + AuthCacheScheduler.INSTANCE.schedule(this::pruneCache, delay); + } + + @Getter + @Setter + private class CacheState implements Serializable { + private String state; + private long expire; + + CacheState(String state, long expire) { + this.state = state; + // 实际过期时间等于当前时间加上有效期 + this.expire = System.currentTimeMillis() + expire; + } + + boolean isExpired() { + return System.currentTimeMillis() > this.expire; + } + } +} diff --git a/src/main/java/me/zhyd/oauth/cache/AuthStateCache.java b/src/main/java/me/zhyd/oauth/cache/AuthStateCache.java new file mode 100644 index 0000000..e667829 --- /dev/null +++ b/src/main/java/me/zhyd/oauth/cache/AuthStateCache.java @@ -0,0 +1,51 @@ +package me.zhyd.oauth.cache; + +/** + * @author yadong.zhang (yadong.zhang0415(a)gmail.com) + * @version 1.0 + * @since 1.8 + */ +public class AuthStateCache { + private static AuthCache authCache = new AuthDefaultCache(); + + /** + * 存入缓存 + * + * @param key 缓存key + * @param value 缓存内容 + */ + public static void cache(String key, String value) { + authCache.set(key, value); + } + + /** + * 存入缓存 + * + * @param key 缓存key + * @param value 缓存内容 + * @param timeout 指定缓存过期时间(毫秒) + */ + public static void cache(String key, String value, long timeout) { + authCache.set(key, value, timeout); + } + + /** + * 获取缓存内容 + * + * @param key 缓存key + * @return 缓存内容 + */ + public static String get(String key) { + return authCache.get(key); + } + + /** + * 是否存在key,如果对应key的value值已过期,也返回false + * + * @param key 缓存key + * @return true:存在key,并且value没过期;false:key不存在或者已过期 + */ + public static boolean containsKey(String key) { + return authCache.containsKey(key); + } +} diff --git a/src/main/java/me/zhyd/oauth/model/AuthCallback.java b/src/main/java/me/zhyd/oauth/model/AuthCallback.java index 810ebea..4a6fbee 100644 --- a/src/main/java/me/zhyd/oauth/model/AuthCallback.java +++ b/src/main/java/me/zhyd/oauth/model/AuthCallback.java @@ -2,6 +2,7 @@ package me.zhyd.oauth.model; import lombok.Getter; import lombok.Setter; +import me.zhyd.oauth.cache.AuthStateCache; /** * 授权回调时的参数类 @@ -27,4 +28,14 @@ public class AuthCallback { * 访问AuthorizeUrl后回调时带的参数state,用于和请求AuthorizeUrl前的state比较,防止CSRF攻击 */ private String state; + + /** + * 内置的检验state合法性的方法 + * + * @return true: state正常;false:state不正常,可能授权时间过长导致state失效 + * @since 1.9.3 + */ + public boolean checkState() { + return AuthStateCache.containsKey(this.state); + } } diff --git a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java index f3bc002..5f8fbbf 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java @@ -85,7 +85,7 @@ public class AuthAlipayRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java index 49bc962..43796fe 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java @@ -78,7 +78,7 @@ public class AuthBaiduRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java index cea24f9..0ff5241 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java @@ -70,7 +70,7 @@ public class AuthCodingRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java index 8663c20..354e3c5 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java @@ -3,6 +3,7 @@ package me.zhyd.oauth.request; import cn.hutool.http.HttpRequest; import cn.hutool.http.HttpResponse; import lombok.extern.slf4j.Slf4j; +import me.zhyd.oauth.cache.AuthStateCache; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.exception.AuthException; @@ -10,6 +11,7 @@ import me.zhyd.oauth.model.*; import me.zhyd.oauth.utils.AuthChecker; import me.zhyd.oauth.utils.StringUtils; import me.zhyd.oauth.utils.UrlBuilder; +import me.zhyd.oauth.utils.UuidUtils; /** * 默认的request处理类 @@ -60,7 +62,7 @@ public abstract class AuthDefaultRequest implements AuthRequest { } /** - * 返回认证url,可自行跳转页面 + * 返回授权url,可自行跳转页面 *

* 不建议使用该方式获取授权地址,不带{@code state}的授权地址,容易受到csrf攻击。 * 建议使用{@link AuthDefaultRequest#authorize(String)}方法生成授权地址,在回调方法中对{@code state}进行校验 @@ -75,7 +77,7 @@ public abstract class AuthDefaultRequest implements AuthRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 @@ -150,7 +152,12 @@ public abstract class AuthDefaultRequest implements AuthRequest { * @return 返回不为null的state */ protected String getRealState(String state) { - return StringUtils.isEmpty(state) ? String.valueOf(System.currentTimeMillis()) : state; + if (StringUtils.isEmpty(state)) { + state = UuidUtils.getUUID(); + } + // 缓存state + AuthStateCache.cache(state, state); + return state; } /** diff --git a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java index 6f93286..b01eea5 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java @@ -57,7 +57,7 @@ public class AuthDingTalkRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java index 618e683..cdab6ae 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java @@ -88,7 +88,7 @@ public class AuthDouyinRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java index f5e8941..8af2c41 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java @@ -60,7 +60,7 @@ public class AuthGoogleRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java index 933e2f3..adbb7e6 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java @@ -181,7 +181,7 @@ public class AuthLinkedinRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java index 1d8c60b..3b241e9 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthMiRequest.java @@ -108,7 +108,7 @@ public class AuthMiRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java index 03b8fe7..55227af 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java @@ -101,7 +101,7 @@ public class AuthMicrosoftRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java b/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java index be73c7d..31151d5 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java @@ -69,7 +69,7 @@ public class AuthPinterestRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthRequest.java b/src/main/java/me/zhyd/oauth/request/AuthRequest.java index 4445389..6ceca1e 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthRequest.java @@ -13,7 +13,7 @@ import me.zhyd.oauth.model.AuthToken; public interface AuthRequest { /** - * 返回认证url,可自行跳转页面 + * 返回授权url,可自行跳转页面 *

* 不建议使用该方式获取授权地址,不带{@code state}的授权地址,容易受到csrf攻击。 * 建议使用{@link AuthDefaultRequest#authorize(String)}方法生成授权地址,在回调方法中对{@code state}进行校验 @@ -26,7 +26,7 @@ public interface AuthRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java b/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java index a2791c9..ab48453 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java @@ -67,7 +67,7 @@ public class AuthStackOverflowRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java index 6468920..3fcdfdf 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java @@ -54,7 +54,7 @@ public class AuthTaobaoRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java index bedd8a3..7401df8 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java @@ -70,7 +70,7 @@ public class AuthTencentCloudRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java index 3aea926..89926f3 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java @@ -64,7 +64,7 @@ public class AuthToutiaoRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java index 913fd64..cf87013 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java @@ -99,7 +99,7 @@ public class AuthWeChatRequest extends AuthDefaultRequest { } /** - * 返回带{@code state}参数的认证url,授权回调时会带上这个{@code state} + * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 diff --git a/src/main/java/me/zhyd/oauth/utils/AuthStateUtils.java b/src/main/java/me/zhyd/oauth/utils/AuthStateUtils.java new file mode 100644 index 0000000..4570d7b --- /dev/null +++ b/src/main/java/me/zhyd/oauth/utils/AuthStateUtils.java @@ -0,0 +1,19 @@ +package me.zhyd.oauth.utils; + +/** + * AuthState工具类,默认只提供一个创建随机uuid的方法 + * + * @author yadong.zhang (yadong.zhang0415(a)gmail.com) + * @since 1.9.3 + */ +public class AuthStateUtils { + + /** + * 生成随机state,采用{@see https://github.com/lets-mica/mica}的UUID工具 + * + * @return 随机的state字符串 + */ + public static String createState() { + return UuidUtils.getUUID(); + } +} diff --git a/src/main/java/me/zhyd/oauth/utils/StringUtils.java b/src/main/java/me/zhyd/oauth/utils/StringUtils.java index de22a43..b144bdb 100644 --- a/src/main/java/me/zhyd/oauth/utils/StringUtils.java +++ b/src/main/java/me/zhyd/oauth/utils/StringUtils.java @@ -1,9 +1,11 @@ package me.zhyd.oauth.utils; +import java.nio.charset.StandardCharsets; +import java.util.concurrent.ThreadLocalRandom; + /** * @author yadong.zhang (yadong.zhang0415(a)gmail.com) - * @version 1.0 - * @since 1.8 + * @since 1.0.0 */ public class StringUtils { @@ -14,4 +16,24 @@ public class StringUtils { public static boolean isNotEmpty(String str) { return !isEmpty(str); } + + /** + * 如果给定字符串{@code str}中不包含{@code appendStr},则在{@code str}后追加{@code appendStr}; + * 如果已包含{@code appendStr},则在{@code str}后追加{@code otherwise} + * + * @param str 给定的字符串 + * @param appendStr 需要追加的内容 + * @param otherwise 当{@code appendStr}不满足时追加到{@code str}后的内容 + * @return 追加后的字符串 + */ + public static String appendIfNotContain(String str, String appendStr, String otherwise) { + if (isEmpty(str) || isEmpty(appendStr)) { + return str; + } + if (str.contains(appendStr)) { + return str.concat(otherwise); + } + return str.concat(appendStr); + } + } diff --git a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java index 54faead..c16ea0c 100644 --- a/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java +++ b/src/main/java/me/zhyd/oauth/utils/UrlBuilder.java @@ -71,7 +71,7 @@ public class UrlBuilder { if (MapUtil.isEmpty(this.params)) { return this.baseUrl; } - String baseUrl = StrUtil.addSuffixIfNot(this.baseUrl, "?"); + String baseUrl = StringUtils.appendIfNotContain(this.baseUrl, "?", "&"); String paramString = GlobalAuthUtil.parseMapToString(this.params, encode); return baseUrl + paramString; } diff --git a/src/main/java/me/zhyd/oauth/utils/UuidUtils.java b/src/main/java/me/zhyd/oauth/utils/UuidUtils.java new file mode 100644 index 0000000..2782750 --- /dev/null +++ b/src/main/java/me/zhyd/oauth/utils/UuidUtils.java @@ -0,0 +1,65 @@ +package me.zhyd.oauth.utils; + +import java.nio.charset.StandardCharsets; +import java.util.concurrent.ThreadLocalRandom; + +/** + * 高性能的创建UUID的工具类,{@see https://github.com/lets-mica/mica} + * + * @author yadong.zhang (yadong.zhang0415(a)gmail.com) + * @since 1.9.3 + */ +public class UuidUtils { + + /** + * All possible chars for representing a number as a String + * copy from mica:https://github.com/lets-mica/mica/blob/master/mica-core/src/main/java/net/dreamlu/mica/core/utils/NumberUtil.java#L113 + */ + private final static byte[] DIGITS = { + '0', '1', '2', '3', '4', '5', + '6', '7', '8', '9', 'a', 'b', + 'c', 'd', 'e', 'f', 'g', 'h', + 'i', 'j', 'k', 'l', 'm', 'n', + 'o', 'p', 'q', 'r', 's', 't', + 'u', 'v', 'w', 'x', 'y', 'z', + 'A', 'B', 'C', 'D', 'E', 'F', + 'G', 'H', 'I', 'J', 'K', 'L', + 'M', 'N', 'O', 'P', 'Q', 'R', + 'S', 'T', 'U', 'V', 'W', 'X', + 'Y', 'Z' + }; + + /** + * 生成uuid,采用 jdk 9 的形式,优化性能 + * copy from mica:https://github.com/lets-mica/mica/blob/master/mica-core/src/main/java/net/dreamlu/mica/core/utils/StringUtil.java#L335 + *

+ * 关于mica uuid生成方式的压测结果,可以参考:https://github.com/lets-mica/mica-jmh/wiki/uuid + * + * @return UUID + */ + public static String getUUID() { + ThreadLocalRandom random = ThreadLocalRandom.current(); + long lsb = random.nextLong(); + long msb = random.nextLong(); + byte[] buf = new byte[32]; + formatUnsignedLong(lsb, buf, 20, 12); + formatUnsignedLong(lsb >>> 48, buf, 16, 4); + formatUnsignedLong(msb, buf, 12, 4); + formatUnsignedLong(msb >>> 16, buf, 8, 4); + formatUnsignedLong(msb >>> 32, buf, 0, 8); + return new String(buf, StandardCharsets.UTF_8); + } + + /** + * copy from mica:https://github.com/lets-mica/mica/blob/master/mica-core/src/main/java/net/dreamlu/mica/core/utils/StringUtil.java#L348 + */ + private static void formatUnsignedLong(long val, byte[] buf, int offset, int len) { + int charPos = offset + len; + int radix = 1 << 4; + int mask = radix - 1; + do { + buf[--charPos] = DIGITS[((int) val) & mask]; + val >>>= 4; + } while (charPos > offset); + } +} diff --git a/src/test/java/me/zhyd/oauth/AuthRequestTest.java b/src/test/java/me/zhyd/oauth/AuthRequestTest.java index f5d26ed..9b50f53 100644 --- a/src/test/java/me/zhyd/oauth/AuthRequestTest.java +++ b/src/test/java/me/zhyd/oauth/AuthRequestTest.java @@ -21,6 +21,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state authRequest.login(new AuthCallback()); } @@ -34,6 +36,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state authRequest.login(new AuthCallback()); } @@ -47,6 +51,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state authRequest.login(new AuthCallback()); } @@ -60,6 +66,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state authRequest.login(new AuthCallback()); } @@ -73,6 +81,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state authRequest.login(new AuthCallback()); } @@ -86,6 +96,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state authRequest.login(new AuthCallback()); } @@ -99,6 +111,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state authRequest.login(new AuthCallback()); } @@ -112,6 +126,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state authRequest.login(new AuthCallback()); } @@ -126,6 +142,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state AuthResponse login = authRequest.login(new AuthCallback()); } @@ -139,6 +157,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state AuthResponse login = authRequest.login(new AuthCallback()); } @@ -152,6 +172,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state AuthResponse login = authRequest.login(new AuthCallback()); } @@ -165,6 +187,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state AuthResponse login = authRequest.login(new AuthCallback()); } @@ -178,6 +202,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state AuthResponse login = authRequest.login(new AuthCallback()); } @@ -191,6 +217,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state AuthResponse login = authRequest.login(new AuthCallback()); } @@ -204,6 +232,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state AuthResponse login = authRequest.login(new AuthCallback()); } @@ -217,6 +247,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state AuthResponse login = authRequest.login(new AuthCallback()); } @@ -230,6 +262,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state AuthResponse login = authRequest.login(new AuthCallback()); } @@ -243,6 +277,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state AuthResponse login = authRequest.login(new AuthCallback()); } @@ -256,6 +292,8 @@ public class AuthRequestTest { // 返回授权页面,可自行跳转 authRequest.authorize("state"); // 授权登录后会返回code(auth_code(仅限支付宝))、state,1.8.0版本后,可以用AuthCallback类作为回调接口的入参 + // 1.9.3版本后 如果需要验证state,可以在login之前调用{@see AuthCallback#checkState}方法校验state合法性 + // 注:JustAuth默认保存state的时效为3分钟,3分钟内未使用则会自动清除过期的state AuthResponse login = authRequest.login(new AuthCallback()); } } diff --git a/src/test/java/me/zhyd/oauth/cache/AuthStateCacheTest.java b/src/test/java/me/zhyd/oauth/cache/AuthStateCacheTest.java new file mode 100644 index 0000000..9c6e1e0 --- /dev/null +++ b/src/test/java/me/zhyd/oauth/cache/AuthStateCacheTest.java @@ -0,0 +1,32 @@ +package me.zhyd.oauth.cache; + +import org.junit.Assert; +import org.junit.Test; + +import java.util.concurrent.TimeUnit; + +public class AuthStateCacheTest { + + @Test + public void cache1() throws InterruptedException { + AuthStateCache.cache("key", "value"); + Assert.assertEquals(AuthStateCache.get("key"), "value"); + + TimeUnit.MILLISECONDS.sleep(4); + Assert.assertEquals(AuthStateCache.get("key"), "value"); + } + + @Test + public void cache2() throws InterruptedException { + AuthStateCache.cache("key", "value", 10); + Assert.assertEquals(AuthStateCache.get("key"), "value"); + + // 没过期 + TimeUnit.MILLISECONDS.sleep(5); + Assert.assertEquals(AuthStateCache.get("key"), "value"); + + // 过期 + TimeUnit.MILLISECONDS.sleep(6); + Assert.assertNull(AuthStateCache.get("key")); + } +} diff --git a/src/test/java/me/zhyd/oauth/utils/UrlBuilderTest.java b/src/test/java/me/zhyd/oauth/utils/UrlBuilderTest.java index 065c59a..62a4239 100644 --- a/src/test/java/me/zhyd/oauth/utils/UrlBuilderTest.java +++ b/src/test/java/me/zhyd/oauth/utils/UrlBuilderTest.java @@ -3,6 +3,7 @@ package me.zhyd.oauth.utils; import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.request.AuthWeChatRequest; +import org.junit.Assert; import org.junit.Test; /** @@ -33,4 +34,30 @@ public class UrlBuilderTest { String authorize = request.authorize("state"); System.out.println(authorize); } + + @Test + public void build() { + String url = UrlBuilder.fromBaseUrl("https://www.zhyd.me") + .queryParam("name", "yadong.zhang") + .build(); + Assert.assertEquals(url, "https://www.zhyd.me?name=yadong.zhang"); + + url = UrlBuilder.fromBaseUrl(url) + .queryParam("github", "https://github.com/zhangyd-c") + .build(); + Assert.assertEquals(url, "https://www.zhyd.me?name=yadong.zhang&github=https://github.com/zhangyd-c"); + } + + @Test + public void build1() { + String url = UrlBuilder.fromBaseUrl("https://www.zhyd.me") + .queryParam("name", "yadong.zhang") + .build(true); + Assert.assertEquals(url, "https://www.zhyd.me?name=yadong.zhang"); + + url = UrlBuilder.fromBaseUrl(url) + .queryParam("github", "https://github.com/zhangyd-c") + .build(true); + Assert.assertEquals(url, "https://www.zhyd.me?name=yadong.zhang&github=https%3A%2F%2Fgithub.com%2Fzhangyd-c"); + } } diff --git a/src/test/java/me/zhyd/oauth/utils/UuidUtilsTest.java b/src/test/java/me/zhyd/oauth/utils/UuidUtilsTest.java new file mode 100644 index 0000000..27b8664 --- /dev/null +++ b/src/test/java/me/zhyd/oauth/utils/UuidUtilsTest.java @@ -0,0 +1,13 @@ +package me.zhyd.oauth.utils; + +import org.junit.Test; + +public class UuidUtilsTest { + + @Test + public void getUUID() { + + String uuid = UuidUtils.getUUID(); + System.out.println(uuid); + } +} diff --git a/update.md b/update.md index cc70316..bffbea0 100644 --- a/update.md +++ b/update.md @@ -1,3 +1,11 @@ +### 2019/07/30 ([v1.9.3](https://gitee.com/yadong.zhang/JustAuth/releases/v1.9.3)) + +1. 规范注释 +2. 增加State缓存,`AuthCallback`中增加默认的校验state的方法 +3. 增加默认的state生成方法,参考`AuthStateUtils.java`和`UuidUtils.java` +4. 升级`hutool-http`版本到`v4.6.0` +5. 修复其他一些问题 + ### 2019/07/27 1. `IpUtils.getIp`改名为`IpUtils.getLocalIp`