From bf6b381d3ffab233503be6ffe84954d00b02a1ae Mon Sep 17 00:00:00 2001
From: smallbun <2689170096@qq.com>
Date: Sun, 13 Aug 2023 22:00:45 +0800
Subject: [PATCH] =?UTF-8?q?:zap:=20=E5=AE=8C=E5=96=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...ChatScanCodeLoginAuthenticationFilter.java | 26 +++++++--------
 .../ConsoleAuthenticationEntryPoint.java      | 14 ++++----
 .../AccessTokenAuthenticationEntryPoint.java  | 11 +++++--
 .../PortalAuthenticationEntryPoint.java       | 16 ++++-----
 .../UnauthorizedAuthenticationEntryPoint.java | 33 +++++++++----------
 5 files changed, 50 insertions(+), 50 deletions(-)

diff --git a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java
index 8dcae7d4..0e6e0425 100644
--- a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java
+++ b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java
@@ -30,7 +30,6 @@ import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
-import org.springframework.security.oauth2.core.oidc.OidcScopes;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
@@ -41,6 +40,7 @@ import cn.topiam.employee.authentication.common.authentication.IdpUserDetails;
 import cn.topiam.employee.authentication.common.filter.AbstractIdpAuthenticationProcessingFilter;
 import cn.topiam.employee.authentication.common.service.UserIdpService;
 import cn.topiam.employee.authentication.wechat.WeChatIdpScanCodeConfig;
+import cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants;
 import cn.topiam.employee.common.entity.authn.IdentityProviderEntity;
 import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository;
 import cn.topiam.employee.core.help.ServerHelp;
@@ -51,10 +51,8 @@ import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import static org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE;
 
-import static cn.topiam.employee.authentication.common.IdentityProviderType.WECHAT_QR;
-import static cn.topiam.employee.authentication.common.IdentityProviderType.WECHAT_WORK_QR;
+import static cn.topiam.employee.authentication.common.IdentityProviderType.*;
 import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.*;
-import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.QrConnect.*;
 
 /**
  * 微信扫码登录过滤器
@@ -132,12 +130,13 @@ public class WeChatScanCodeLoginAuthenticationFilter extends
         }
         //获取access token
         HashMap<String, String> param = new HashMap<>(16);
-        param.put(APP_ID, config.getAppId());
-        param.put(SECRET, config.getAppSecret());
+        param.put(WeChatAuthenticationConstants.QrConnect.APP_ID, config.getAppId());
+        param.put(WeChatAuthenticationConstants.QrConnect.SECRET, config.getAppSecret());
         param.put(OAuth2ParameterNames.CODE, code);
         param.put(OAuth2ParameterNames.GRANT_TYPE, AUTHORIZATION_CODE.getValue());
-        JSONObject result = JSON.parseObject(HttpClientUtils.get(ACCESS_TOKEN, param));
-        if (result.containsKey(ERROR_CODE)) {
+        JSONObject result = JSON.parseObject(
+            HttpClientUtils.get(WeChatAuthenticationConstants.QrConnect.ACCESS_TOKEN, param));
+        if (result.containsKey(WeChatAuthenticationConstants.QrConnect.ERROR_CODE)) {
             logger.error("获取access_token发生错误:  " + result.toJSONString());
             throw new TopIamException("获取access_token发生错误:  " + result.toJSONString());
         }
@@ -145,16 +144,15 @@ public class WeChatScanCodeLoginAuthenticationFilter extends
         param = new HashMap<>(16);
         param.put(OAuth2ParameterNames.ACCESS_TOKEN,
             result.getString(OAuth2ParameterNames.ACCESS_TOKEN));
-        param.put(OidcScopes.OPENID, result.getString(OidcScopes.OPENID));
-        result = JSON.parseObject(HttpClientUtils.get(USER_INFO, param));
-        if (result.containsKey(ERROR_CODE)) {
+        result = JSON.parseObject(
+            HttpClientUtils.get(WeChatAuthenticationConstants.QrConnect.USER_INFO, param));
+        if (result.containsKey(WeChatAuthenticationConstants.QrConnect.ERROR_CODE)) {
             logger.error("获取微信用户个人信息发生错误:  " + result.toJSONString());
             throw new TopIamException("获取微信用户个人信息发生错误:  " + result.toJSONString());
         }
         // 返回
-        IdpUserDetails idpUserDetails = IdpUserDetails.builder()
-            .openId(param.get(OidcScopes.OPENID)).providerCode(providerCode).providerId(providerId)
-            .providerType(WECHAT_WORK_QR).build();
+        IdpUserDetails idpUserDetails = IdpUserDetails.builder().openId(param.get("id"))
+            .providerCode(providerCode).providerId(providerId).providerType(GITEE_OAUTH).build();
         return attemptAuthentication(request, response, idpUserDetails);
     }
 
diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/handler/ConsoleAuthenticationEntryPoint.java b/eiam-console/src/main/java/cn/topiam/employee/console/handler/ConsoleAuthenticationEntryPoint.java
index fed5e362..b519c488 100644
--- a/eiam-console/src/main/java/cn/topiam/employee/console/handler/ConsoleAuthenticationEntryPoint.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/handler/ConsoleAuthenticationEntryPoint.java
@@ -17,15 +17,18 @@
  */
 package cn.topiam.employee.console.handler;
 
+import java.io.IOException;
+
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.AuthenticationEntryPoint;
 
 import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint;
 import cn.topiam.employee.support.util.HttpResponseUtils;
 
+import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import static org.springframework.http.HttpStatus.UNAUTHORIZED;
@@ -36,7 +39,7 @@ import static org.springframework.http.HttpStatus.UNAUTHORIZED;
  * @author TopIAM
  * Created by support@topiam.cn on 2020/9/2 22:11
  */
-public class ConsoleAuthenticationEntryPoint implements AuthenticationEntryPoint {
+public class ConsoleAuthenticationEntryPoint extends AbstractAuthenticationEntryPoint {
     /**
      * 日志
      */
@@ -59,14 +62,13 @@ public class ConsoleAuthenticationEntryPoint implements AuthenticationEntryPoint
      */
     @Override
     public void commence(HttpServletRequest request, HttpServletResponse response,
-                         AuthenticationException authException) {
-        logger.info("----------------------------------------------------------");
-        logger.info("未登录，或登录过期");
+                         AuthenticationException authException) throws IOException,
+                                                                ServletException {
+        super.commence(request, response, authException);
         ApiRestResult<Object> result = ApiRestResult.builder()
             .status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils
                 .defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase()))
             .build();
         HttpResponseUtils.flushResponseJson(response, UNAUTHORIZED.value(), result);
-        logger.info("----------------------------------------------------------");
     }
 }
diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/authorization/AccessTokenAuthenticationEntryPoint.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/authorization/AccessTokenAuthenticationEntryPoint.java
index 36601bc1..348c9a4c 100644
--- a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/authorization/AccessTokenAuthenticationEntryPoint.java
+++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/authorization/AccessTokenAuthenticationEntryPoint.java
@@ -17,19 +17,22 @@
  */
 package cn.topiam.employee.openapi.authorization;
 
+import java.io.IOException;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.AuthenticationEntryPoint;
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import cn.topiam.employee.openapi.constants.OpenApiStatus;
+import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint;
 import cn.topiam.employee.support.util.HttpResponseUtils;
 
 import lombok.Data;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
@@ -38,7 +41,7 @@ import jakarta.servlet.http.HttpServletResponse;
  * @author TopIAM
  * Created by support@topiam.cn on  2023/6/25 21:55
  */
-public final class AccessTokenAuthenticationEntryPoint implements AuthenticationEntryPoint {
+public final class AccessTokenAuthenticationEntryPoint extends AbstractAuthenticationEntryPoint {
 
     /**
      * Collect error details from the provided parameters and format according to RFC
@@ -50,7 +53,9 @@ public final class AccessTokenAuthenticationEntryPoint implements Authentication
      */
     @Override
     public void commence(HttpServletRequest request, HttpServletResponse httpServletResponse,
-                         AuthenticationException authException) {
+                         AuthenticationException authException) throws ServletException,
+                                                                IOException {
+        super.commence(request, httpServletResponse, authException);
         Response response = new Response();
         response.setCode(OpenApiStatus.INVALID_ACCESS_TOKEN.getCode());
         response.setMsg(OpenApiStatus.INVALID_ACCESS_TOKEN.getDesc());
diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java
index 9aeb1a9c..9d126647 100644
--- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java
+++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java
@@ -26,8 +26,10 @@ import org.springframework.security.core.AuthenticationException;
 
 import cn.topiam.employee.core.help.ServerHelp;
 import cn.topiam.employee.support.result.ApiRestResult;
+import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint;
 import cn.topiam.employee.support.util.HttpResponseUtils;
 
+import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import static org.springframework.http.HttpStatus.UNAUTHORIZED;
@@ -42,8 +44,7 @@ import static cn.topiam.employee.support.context.ServletContextHelp.isHtmlReques
  * Created by support@topiam.cn on 2020/9/2 22:11
  */
 @SuppressWarnings("DuplicatedCode")
-public class PortalAuthenticationEntryPoint implements
-                                            org.springframework.security.web.AuthenticationEntryPoint {
+public class PortalAuthenticationEntryPoint extends AbstractAuthenticationEntryPoint {
     /**
      * 日志
      */
@@ -66,13 +67,11 @@ public class PortalAuthenticationEntryPoint implements
      */
     @Override
     public void commence(HttpServletRequest request, HttpServletResponse response,
-                         AuthenticationException authException) throws IOException {
-        logger.info("----------------------------------------------------------");
-        logger.info("未登录, 或登录过期");
-        //判断请求
-        boolean isHtmlRequest = isHtmlRequest(request);
+                         AuthenticationException authException) throws IOException,
+                                                                ServletException {
+        super.commence(request, response, authException);
         //JSON
-        if (!isHtmlRequest) {
+        if (!isHtmlRequest(request)) {
             ApiRestResult<Object> result = ApiRestResult.builder()
                 .status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils
                     .defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase()))
@@ -84,6 +83,5 @@ public class PortalAuthenticationEntryPoint implements
             //跳转前端SESSION过期路由
             response.sendRedirect(ServerHelp.getPortalPublicBaseUrl() + FE_LOGIN);
         }
-        logger.info("----------------------------------------------------------");
     }
 }
diff --git a/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/code/UnauthorizedAuthenticationEntryPoint.java b/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/code/UnauthorizedAuthenticationEntryPoint.java
index 7fff722d..4996c7d4 100644
--- a/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/code/UnauthorizedAuthenticationEntryPoint.java
+++ b/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/code/UnauthorizedAuthenticationEntryPoint.java
@@ -28,8 +28,10 @@ import cn.topiam.employee.core.help.ServerHelp;
 import cn.topiam.employee.support.result.ApiRestResult;
 import cn.topiam.employee.support.security.savedredirect.HttpSessionRedirectCache;
 import cn.topiam.employee.support.security.savedredirect.RedirectCache;
+import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint;
 import cn.topiam.employee.support.util.HttpResponseUtils;
 
+import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import static org.springframework.http.HttpStatus.UNAUTHORIZED;
@@ -42,33 +44,28 @@ import static cn.topiam.employee.support.context.ServletContextHelp.isHtmlReques
  * @author TopIAM
  * Created by support@topiam.cn on  2023/7/5 21:24
  */
-public class UnauthorizedAuthenticationEntryPoint implements
-                                                  org.springframework.security.web.AuthenticationEntryPoint {
+public class UnauthorizedAuthenticationEntryPoint extends AbstractAuthenticationEntryPoint {
     private final Logger        logger        = LoggerFactory.getLogger(this.getClass());
     private final RedirectCache redirectCache = new HttpSessionRedirectCache();
 
     @Override
     public void commence(HttpServletRequest request, HttpServletResponse response,
-                         AuthenticationException authException) throws IOException {
-        logger.info("----------------------------------------------------------");
-        logger.info("未登录, 或登录过期");
+                         AuthenticationException authException) throws IOException,
+                                                                ServletException {
+
+        super.commence(request, response, authException);
         //记录
         redirectCache.saveRedirect(request, response, RedirectCache.RedirectType.REQUEST);
-        //判断请求
-        boolean isHtmlRequest = isHtmlRequest(request);
-        //JSON
-        if (!isHtmlRequest) {
-            ApiRestResult<Object> result = ApiRestResult.builder()
-                .status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils
-                    .defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase()))
-                .build();
-            HttpResponseUtils.flushResponseJson(response, UNAUTHORIZED.value(), result);
-        }
-        // HTML
-        else {
+        //HTML
+        if (isHtmlRequest(request)) {
             //跳转前端SESSION过期路由
             response.sendRedirect(ServerHelp.getPortalPublicBaseUrl() + FE_LOGIN);
         }
-        logger.info("----------------------------------------------------------");
+        // JSON
+        ApiRestResult<Object> result = ApiRestResult.builder()
+            .status(String.valueOf(UNAUTHORIZED.value())).message(StringUtils
+                .defaultString(authException.getMessage(), UNAUTHORIZED.getReasonPhrase()))
+            .build();
+        HttpResponseUtils.flushResponseJson(response, UNAUTHORIZED.value(), result);
     }
 }