From 69dec0e3ae80452ae7eaab7e3274bc9a9a745b9c Mon Sep 17 00:00:00 2001
From: shimingxy <shimingxy@qq.com>
Date: Mon, 2 Sep 2024 17:25:14 +0800
Subject: [PATCH] =?UTF-8?q?#IAO7WZ=20maxkey=E7=A4=BE=E5=8C=BA=E7=89=884.1.?=
 =?UTF-8?q?1=E8=AF=95=E7=94=A8=E6=8A=A5=E9=94=99=20oauth2=E8=B7=B3?=
 =?UTF-8?q?=E8=BD=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../authz/endpoint/AuthorizeEndpoint.java     |  4 +-
 .../endpoint/AuthorizationEndpoint.java       | 71 +++++++------------
 .../routes/dashboard/home/home.component.ts   | 10 +--
 .../src/environments/environment.ts           |  2 +-
 .../views/authorize/authorize_refused.ftl     |  4 +-
 5 files changed, 37 insertions(+), 54 deletions(-)

diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/dromara/maxkey/authz/endpoint/AuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/dromara/maxkey/authz/endpoint/AuthorizeEndpoint.java
index e0de42285..6370d3cc6 100644
--- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/dromara/maxkey/authz/endpoint/AuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/dromara/maxkey/authz/endpoint/AuthorizeEndpoint.java
@@ -91,7 +91,9 @@ public class AuthorizeEndpoint extends AuthorizeBaseEndpoint{
 	public ModelAndView refused(){
 		ModelAndView modelAndView = new ModelAndView("authorize/authorize_refused");
 		Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
-		app.transIconBase64();
+		if(app != null) {
+			app.transIconBase64();
+		}
 		modelAndView.addObject("model", app);
 		return modelAndView;
 	}
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
index 6b274ee1b..fd016dbfa 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/dromara/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
@@ -50,12 +50,10 @@ import org.dromara.maxkey.entity.Message;
 import org.dromara.maxkey.entity.apps.Apps;
 import org.dromara.maxkey.entity.apps.oauth2.provider.ClientDetails;
 import org.dromara.maxkey.entity.idm.UserInfo;
-import org.dromara.maxkey.util.HttpEncoder;
 import org.dromara.maxkey.web.WebConstants;
 import org.dromara.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -64,9 +62,8 @@ import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.support.SessionStatus;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.util.UriComponents;
@@ -239,16 +236,11 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
 	}
 
 	//approval must post
-	@PostMapping(value  = {OAuth2Constants.ENDPOINT.ENDPOINT_AUTHORIZE+"/approval"}, 
-					params = OAuth2Constants.PARAMETER.USER_OAUTH_APPROVAL)
-	public Message< Object> authorizeApproveOrDeny(
-	                @RequestParam Map<String, String> approvalParameters,
-	                @CurrentUser UserInfo currentUser,
-	                SessionStatus sessionStatus) {
-	    
+	@PostMapping(value  = {OAuth2Constants.ENDPOINT.ENDPOINT_AUTHORIZE+"/approval"}, params = OAuth2Constants.PARAMETER.USER_OAUTH_APPROVAL)
+	@ResponseBody
+	public Message< String> authorizeApproveOrDeny(@RequestParam Map<String, String> approvalParameters,@CurrentUser UserInfo currentUser) {
 		Principal principal = (Principal)AuthorizationUtils.getAuthentication();
 		if (!(principal instanceof Authentication)) {
-			sessionStatus.setComplete();
 			throw new InsufficientAuthenticationException(
 					"User must be authenticated with Spring Security before authorizing an access token.");
 		}
@@ -256,46 +248,35 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
 		AuthorizationRequest authorizationRequest = (AuthorizationRequest) momentaryService.get(currentUser.getSessionId(), "authorizationRequest");
 
 		if (authorizationRequest == null) {
-			sessionStatus.setComplete();
 			throw new InvalidRequestException("Cannot approve uninitialized authorization request.");
 		}
 
-		try {
-			Set<String> responseTypes = authorizationRequest.getResponseTypes();
+		Set<String> responseTypes = authorizationRequest.getResponseTypes();
 
-			authorizationRequest.setApprovalParameters(approvalParameters);
-			authorizationRequest = userApprovalHandler.updateAfterApproval(authorizationRequest,
-					(Authentication) principal);
-			boolean approved = userApprovalHandler.isApproved(authorizationRequest, (Authentication) principal);
-			authorizationRequest.setApproved(approved);
+		authorizationRequest.setApprovalParameters(approvalParameters);
+		authorizationRequest = userApprovalHandler.updateAfterApproval(authorizationRequest,(Authentication) principal);
+		boolean approved = userApprovalHandler.isApproved(authorizationRequest, (Authentication) principal);
+		authorizationRequest.setApproved(approved);
 
-			if (authorizationRequest.getRedirectUri() == null) {
-				sessionStatus.setComplete();
-				throw new InvalidRequestException("Cannot approve request when no redirect URI is provided.");
-			}
-
-			if (!authorizationRequest.isApproved()) {
-				return new Message< Object>(Message.FAIL,(Object)
-						getUnsuccessfulRedirect(
-					            authorizationRequest,
-					            new UserDeniedAuthorizationException("User denied access"), 
-					            responseTypes.contains(OAuth2Constants.PARAMETER.TOKEN)
-					        )
-						);
-			}
-
-			if (responseTypes.contains(OAuth2Constants.PARAMETER.TOKEN)) {
-				return new Message< Object>((Object)
-						getImplicitGrantResponse(authorizationRequest));
-			}
-
-			return new Message< Object>((Object)
-					getAuthorizationCodeResponse(authorizationRequest, (Authentication) principal));
-		}
-		finally {
-			sessionStatus.setComplete();
+		if (authorizationRequest.getRedirectUri() == null) {
+			throw new InvalidRequestException("Cannot approve request when no redirect URI is provided.");
 		}
 
+		if (!authorizationRequest.isApproved()) {
+			return new Message<>(Message.FAIL,
+					getUnsuccessfulRedirect(
+				            authorizationRequest,
+				            new UserDeniedAuthorizationException("User denied access"), 
+				            responseTypes.contains(OAuth2Constants.PARAMETER.TOKEN)
+				        )
+					);
+		}
+
+		if (responseTypes.contains(OAuth2Constants.PARAMETER.TOKEN)) {
+			return new Message<>(getImplicitGrantResponse(authorizationRequest));
+		}
+
+		return new Message<>(getAuthorizationCodeResponse(authorizationRequest, (Authentication) principal));
 	}
 
 	// We need explicit approval from the user.
diff --git a/maxkey-web-frontend/maxkey-web-app/src/app/routes/dashboard/home/home.component.ts b/maxkey-web-frontend/maxkey-web-app/src/app/routes/dashboard/home/home.component.ts
index ba2abd4de..60576b300 100644
--- a/maxkey-web-frontend/maxkey-web-app/src/app/routes/dashboard/home/home.component.ts
+++ b/maxkey-web-frontend/maxkey-web-app/src/app/routes/dashboard/home/home.component.ts
@@ -89,7 +89,7 @@ export class HomeComponent implements OnInit {
         return;
       }
     }
-    window.open(`${this.baseUrl}/authz/${appId}`);
+    window.open(`${this.baseUrl}authz/${appId}`);
   }
   setAccount(appId: string): void {
     const modal = this.modal.create({
@@ -105,11 +105,11 @@ export class HomeComponent implements OnInit {
 
   ngOnInit(): void {
     this.appCategoryList = this.appCategoryService.list();
-    if (environment.api.baseUrl.endsWith('/')) {
-      this.baseUrl = environment.api.baseUrl.substring(0, environment.api.baseUrl.length - 1);
-    } else {
-      this.baseUrl = environment.api.baseUrl;
+    this.baseUrl = environment.api.baseUrl;
+    if (!this.baseUrl.endsWith('/')) {
+      this.baseUrl = `${this.baseUrl}/`;
     }
+    console.log(`baseUrl : ${this.baseUrl}`);
     this.appListService.appList().subscribe(res => {
       //console.log(res.data);
       this.appList = res.data;
diff --git a/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts b/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts
index 44f5f1cd8..19f85f6ea 100644
--- a/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts
+++ b/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts
@@ -27,7 +27,7 @@ export const environment = {
   production: false,
   useHash: true,
   api: {
-    baseUrl: 'http://localhost:9527/sign/',
+    baseUrl: '/sign/',
     refreshTokenEnabled: true,
     refreshTokenType: 're-request'
   },
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_refused.ftl b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_refused.ftl
index 1b136f657..37dade566 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_refused.ftl
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_refused.ftl
@@ -14,10 +14,10 @@
 				<td colspan='2'><@locale code="login.authz.refuse" /></td>
 			</tr>
 			<tr>
-				<td><img src="${model.iconBase64}"/></td><td>${model.appName}</td>
+				<td><img src="${model.iconBase64!}"/></td><td>${model.appName!}</td>
 			</tr>
 			<tr style="display:none">
-				<td>${model.id}</td>
+				<td>${model.id!}</td>
 			</tr>
 		</table>
 	</form>