♻️ 修改部分代码

2026-01-07 19:31:48 +08:00 · 2019-07-30 18:41:34 +08:00 · 2019-07-30 18:41:34 +08:00 · fcaef297ff
commit fcaef297ff
parent 33076971fe
4 changed files with 18 additions and 3 deletions
--- a/pom.xml
+++ b/pom.xml
@ -54,7 +54,7 @@
    <maven-source.version>2.2.1</maven-source.version>
    <maven-compiler.version>3.7.0</maven-compiler.version>
    <maven.test.skip>true</maven.test.skip>
-    <hutool-version>4.6.0</hutool-version>
+    <hutool-version>4.6.1</hutool-version>
    <lombok-version>1.18.4</lombok-version>
    <junit-version>4.11</junit-version>
    <fastjson-version>1.2.58</fastjson-version>
@ -89,7 +89,7 @@
      <groupId>com.alipay.sdk</groupId>
      <artifactId>alipay-sdk-java</artifactId>
      <version>${alipay-sdk-version}</version>
-      <scope>compile</scope>
+      <scope>provided</scope>
    </dependency>
    <dependency>
      <groupId>org.slf4j</groupId>
--- a/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java
@ -43,6 +43,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
    public AuthResponse login(AuthCallback authCallback) {
        try {
            AuthChecker.checkCode(source == AuthSource.ALIPAY ? authCallback.getAuth_code() : authCallback.getCode());
+            AuthChecker.checkState(authCallback);

            AuthToken authToken = this.getAccessToken(authCallback);
            AuthUser user = this.getUserInfo(authToken);
--- a/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java
@ -92,6 +92,7 @@ public class AuthPinterestRequest extends AuthDefaultRequest {
     * @param authToken token
     * @return 返回获取userInfo的url
     */
+    @Override
    protected String userInfoUrl(AuthToken authToken) {
        return UrlBuilder.fromBaseUrl(source.userInfo())
            .queryParam("access_token", authToken.getAccessToken())
--- a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
+++ b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
@ -3,6 +3,7 @@ package me.zhyd.oauth.utils;
 import me.zhyd.oauth.config.AuthConfig;
 import me.zhyd.oauth.config.AuthSource;
 import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthResponseStatus;

 /**
@ -22,7 +23,8 @@ public class AuthChecker {
     * @since 1.6.1-beta
     */
    public static boolean isSupportedAuth(AuthConfig config, AuthSource source) {
-        boolean isSupported = StringUtils.isNotEmpty(config.getClientId()) && StringUtils.isNotEmpty(config.getClientSecret()) && StringUtils.isNotEmpty(config.getRedirectUri());
+        boolean isSupported = StringUtils.isNotEmpty(config.getClientId()) && StringUtils.isNotEmpty(config.getClientSecret()) && StringUtils
+            .isNotEmpty(config.getRedirectUri());
        if (isSupported && AuthSource.ALIPAY == source) {
            isSupported = StringUtils.isNotEmpty(config.getAlipayPublicKey());
        }
@ -65,4 +67,15 @@ public class AuthChecker {
            throw new AuthException(AuthResponseStatus.ILLEGAL_CODE);
        }
    }
+
+    /**
+     * 校验回调传回的state
+     *
+     * @param authCallback 回调
+     */
+    public static void checkState(AuthCallback authCallback) {
+        if (!authCallback.checkState()) {
+            throw new AuthException(AuthResponseStatus.ILLEGAL_REQUEST);
+        }
+    }
 }