From a02822d0b365d0b94250dc77548b163d683ef8aa Mon Sep 17 00:00:00 2001 From: MaxKey Date: Fri, 22 Apr 2022 11:08:38 +0800 Subject: [PATCH] resolve --- .../maxkey/web/contorller/ImageCaptchaEndpoint.java | 11 ++++------- .../authn/provider/NormalAuthenticationProvider.java | 9 ++++----- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java b/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java index b4d307008..0f88b4f62 100644 --- a/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java +++ b/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java @@ -18,8 +18,6 @@ package org.maxkey.web.contorller; import com.google.code.kaptcha.Producer; -import com.nimbusds.jwt.JWTClaimsSet; - import java.awt.image.BufferedImage; import java.io.ByteArrayOutputStream; import java.util.Base64; @@ -30,7 +28,6 @@ import org.apache.commons.lang3.StringUtils; import org.maxkey.authn.jwt.AuthJwtService; import org.maxkey.entity.Message; import org.maxkey.persistence.MomentaryService; -import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -87,11 +84,11 @@ public class ImageCaptchaEndpoint { if(StringUtils.isNotBlank(state) && !state.equalsIgnoreCase("state") && authJwtService.validateJwtToken(state)) { - JWTClaimsSet claim = authJwtService.resolve(state); - kaptchaKey = claim.getJWTID(); + //do nothing }else { - kaptchaKey = WebContext.genId(); + state = authJwtService.genJwt(); } + kaptchaKey = authJwtService.resolveTicket(state); _logger.trace("kaptchaKey {} , Captcha Text is {}" ,kaptchaKey, kaptchaValue); momentaryService.put("", kaptchaKey, kaptchaValue); @@ -108,7 +105,7 @@ public class ImageCaptchaEndpoint { stream.close(); return new Message( - new ImageCaptcha(kaptchaKey,b64Image) + new ImageCaptcha(state,b64Image) ).buildResponse(); } catch (Exception e) { _logger.error("captcha Producer Error " + e.getMessage()); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/NormalAuthenticationProvider.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/NormalAuthenticationProvider.java index ade0d21a1..dce20e233 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/NormalAuthenticationProvider.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/NormalAuthenticationProvider.java @@ -37,8 +37,6 @@ import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import com.nimbusds.jwt.JWTClaimsSet; - /** * database Authentication provider. @@ -136,16 +134,17 @@ public class NormalAuthenticationProvider extends AbstractAuthenticationProvider */ protected void captchaValid(String state ,String captcha) throws ParseException { // for basic - JWTClaimsSet claim = authJwtService.resolve(state); - if(claim == null) { + String ticket = authJwtService.resolveTicket(state); + if(ticket == null) { throw new BadCredentialsException(WebContext.getI18nValue("login.error.captcha")); } - Object momentaryCaptcha = momentaryService.get("", claim.getJWTID()); + Object momentaryCaptcha = momentaryService.get("", ticket); _logger.info("captcha : {} , momentary Captcha : {} " ,captcha, momentaryCaptcha); if (StringUtils.isBlank(captcha) || !captcha.equals(momentaryCaptcha.toString())) { _logger.debug("login captcha valid error."); throw new BadCredentialsException(WebContext.getI18nValue("login.error.captcha")); } + momentaryService.remove("", ticket); }