From fdcea2f10856560acdbe7ad46541451a3a995c88 Mon Sep 17 00:00:00 2001 From: smallbun <2689170096@qq.com> Date: Sun, 20 Aug 2023 18:36:29 +0800 Subject: [PATCH] =?UTF-8?q?:zap:=20=E4=BC=98=E5=8C=96=E8=AE=A4=E8=AF=81?= =?UTF-8?q?=E6=8F=90=E4=BE=9B=E5=95=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/IdentityProviderType.java | 2 +- .../DingtalkOauthAuthenticationFilter.java | 5 ++++ .../DingtalkScanCodeAuthenticationFilter.java | 5 ++++ ...ScanCodeAuthorizationRequestGetFilter.java | 21 +++------------ .../FeiShuLoginAuthenticationFilter.java | 5 ++++ .../GiteeLoginAuthenticationFilter.java | 5 ++++ ...GithubOAuth2LoginAuthenticationFilter.java | 5 ++++ .../QqOAuth2LoginAuthenticationFilter.java | 5 ++++ ...ChatScanCodeLoginAuthenticationFilter.java | 5 ++++ ...WorkScanCodeLoginAuthenticationFilter.java | 5 ++++ .../authn/IdentityProviderConverter.java | 27 +++++++++---------- 11 files changed, 57 insertions(+), 33 deletions(-) diff --git a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderType.java b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderType.java index dc26ddf5..d41fb618 100644 --- a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderType.java +++ b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderType.java @@ -110,7 +110,7 @@ public final class IdentityProviderType { * 支付宝认证 */ public static final IdentityProviderType ALIPAY_OAUTH = new IdentityProviderType( - "alipay_oauth", "支付宝认证", "通过支付宝进行身份认证"); + "alipay_oauth", "支付宝认证", "通过支付宝进行身份认证"); private final String value; private final String name; diff --git a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java index 062d16bb..ac7cd9ac 100644 --- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java @@ -25,6 +25,7 @@ import java.util.concurrent.TimeUnit; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -104,6 +105,10 @@ public class DingtalkOauthAuthenticationFilter extends AbstractIdpAuthentication public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { + if (!REQUEST_MATCHER.matches(request)) { + throw new AuthenticationServiceException( + "Authentication method not supported: " + request.getMethod()); + } OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); TraceUtils.put(UUID.randomUUID().toString()); diff --git a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java index d734fccd..1bba4f4a 100644 --- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java @@ -25,6 +25,7 @@ import java.util.concurrent.TimeUnit; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -110,6 +111,10 @@ public class DingtalkScanCodeAuthenticationFilter extends public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { + if (!REQUEST_MATCHER.matches(request)) { + throw new AuthenticationServiceException( + "Authentication method not supported: " + request.getMethod()); + } //@formatter:off OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); diff --git a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthorizationRequestGetFilter.java b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthorizationRequestGetFilter.java index 8674a9d6..d0786508 100644 --- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthorizationRequestGetFilter.java +++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthorizationRequestGetFilter.java @@ -131,24 +131,9 @@ public class DingtalkScanCodeAuthorizationRequestGetFilter extends OncePerReques .state(DEFAULT_STATE_GENERATOR.generateKey()) .attributes(attributes); builder.parameters(parameters -> { - HashMap linkedParameters = new LinkedHashMap<>(); - parameters.forEach((key, value) -> { - if (OAuth2ParameterNames.CLIENT_ID.equals(key)) { - linkedParameters.put(APP_ID, value); - } - if (OAuth2ParameterNames.SCOPE.equals(key)) { - linkedParameters.put(OAuth2ParameterNames.SCOPE, value); - } - if (OAuth2ParameterNames.STATE.equals(key)) { - linkedParameters.put(OAuth2ParameterNames.STATE, value); - } - if (OAuth2ParameterNames.REDIRECT_URI.equals(key)) { - linkedParameters.put(OAuth2ParameterNames.REDIRECT_URI, value); - } - }); - linkedParameters.put(RESPONSE_TYPE, CODE); - parameters.clear(); - parameters.putAll(linkedParameters); + parameters.put(APP_ID, parameters.get(OAuth2ParameterNames.CLIENT_ID)); + parameters.remove(OAuth2ParameterNames.CLIENT_ID); + parameters.put(RESPONSE_TYPE, CODE); }); //@formatter:on this.writeForAuthorization(request, response, builder.build()); diff --git a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java index 8afaf126..133f5298 100644 --- a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java @@ -25,6 +25,7 @@ import java.util.Objects; import org.apache.commons.lang3.StringUtils; import org.apache.http.message.BasicHeader; import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -90,6 +91,10 @@ public class FeiShuLoginAuthenticationFilter extends AbstractIdpAuthenticationPr public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { + if (!REQUEST_MATCHER.matches(request)) { + throw new AuthenticationServiceException( + "Authentication method not supported: " + request.getMethod()); + } OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request); diff --git a/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/filter/GiteeLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/filter/GiteeLoginAuthenticationFilter.java index 38cce04a..b2d62740 100644 --- a/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/filter/GiteeLoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/filter/GiteeLoginAuthenticationFilter.java @@ -24,6 +24,7 @@ import java.util.Objects; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -94,6 +95,10 @@ public class GiteeLoginAuthenticationFilter extends AbstractIdpAuthenticationPro public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { + if (!REQUEST_MATCHER.matches(request)) { + throw new AuthenticationServiceException( + "Authentication method not supported: " + request.getMethod()); + } OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request); diff --git a/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/filter/GithubOAuth2LoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/filter/GithubOAuth2LoginAuthenticationFilter.java index ef9f0b74..95982b5e 100644 --- a/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/filter/GithubOAuth2LoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/filter/GithubOAuth2LoginAuthenticationFilter.java @@ -25,6 +25,7 @@ import java.util.UUID; import org.apache.commons.lang3.StringUtils; import org.springframework.http.*; +import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -94,6 +95,10 @@ public class GithubOAuth2LoginAuthenticationFilter extends public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { + if (!REQUEST_MATCHER.matches(request)) { + throw new AuthenticationServiceException( + "Authentication method not supported: " + request.getMethod()); + } OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); TraceUtils.put(UUID.randomUUID().toString()); diff --git a/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java index b43c85de..31f666ea 100644 --- a/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java @@ -25,6 +25,7 @@ import java.util.UUID; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -96,6 +97,10 @@ public class QqOAuth2LoginAuthenticationFilter extends AbstractIdpAuthentication public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { + if (!REQUEST_MATCHER.matches(request)) { + throw new AuthenticationServiceException( + "Authentication method not supported: " + request.getMethod()); + } OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); TraceUtils.put(UUID.randomUUID().toString()); diff --git a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java index e64c0b42..f45ccb37 100644 --- a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java @@ -24,6 +24,7 @@ import java.util.Objects; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -94,6 +95,10 @@ public class WeChatScanCodeLoginAuthenticationFilter extends public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { + if (!REQUEST_MATCHER.matches(request)) { + throw new AuthenticationServiceException( + "Authentication method not supported: " + request.getMethod()); + } OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request); diff --git a/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java index 44abd976..6c3943a1 100644 --- a/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java @@ -26,6 +26,7 @@ import java.util.concurrent.TimeUnit; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; +import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.core.OAuth2AuthenticationException; @@ -96,6 +97,10 @@ public class WeChatWorkScanCodeLoginAuthenticationFilter extends public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException { + if (!REQUEST_MATCHER.matches(request)) { + throw new AuthenticationServiceException( + "Authentication method not supported: " + request.getMethod()); + } TraceUtils.put(UUID.randomUUID().toString()); OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request, response); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/authn/IdentityProviderConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/authn/IdentityProviderConverter.java index 93dca881..945b7fac 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/authn/IdentityProviderConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/authn/IdentityProviderConverter.java @@ -58,7 +58,6 @@ import cn.topiam.employee.support.repository.page.domain.QueryDslRequest; import cn.topiam.employee.support.validation.ValidationUtils; import jakarta.validation.ConstraintViolationException; - import static cn.topiam.employee.authentication.common.IdentityProviderType.*; /** @@ -114,16 +113,16 @@ public interface IdentityProviderConverter { } IdentityProviderCategory category = IdentityProviderCategory.getType(param.getCategory()); if (!category.getProviders().stream().map(IdentityProviderType::value).toList() - .contains(param.getType())) { + .contains(param.getType())) { throw new TopIamException("认证源类型与认证源提供商不匹配"); } try { IdentityProviderConfig identityProviderConfig = getIdentityProviderConfig( - param.getType(), param.getConfig()); + param.getType(), param.getConfig()); ObjectMapper objectMapper = new ObjectMapper(); // 指定序列化输入的类型 objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(), - ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); + ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); //封装数据 IdentityProviderEntity entity = new IdentityProviderEntity(); entity.setName(param.getName()); @@ -161,15 +160,15 @@ public interface IdentityProviderConverter { result.setRemark(entity.getRemark()); //回调地址 result.setRedirectUri(ServerHelp.getPortalPublicBaseUrl() - + getIdentityProviderType(entity.getType()).getLoginPathPrefix() + "/" - + entity.getCode()); + + getIdentityProviderType(entity.getType()).getLoginPathPrefix() + "/" + + entity.getCode()); try { ObjectMapper objectMapper = new ObjectMapper(); // 指定序列化输入的类型 objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(), - ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); + ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); IdentityProviderConfig config = objectMapper.readValue(entity.getConfig(), - IdentityProviderConfig.class); + IdentityProviderConfig.class); result.setConfig(config); } catch (JsonProcessingException e) { throw new RuntimeException(e); @@ -189,7 +188,7 @@ public interface IdentityProviderConverter { QueryDslRequest request = new QueryDslRequest(); QIdentityProviderEntity queryEntity = QIdentityProviderEntity.identityProviderEntity; Predicate predicate = ExpressionUtils.and(queryEntity.isNotNull(), - queryEntity.deleted.eq(Boolean.FALSE)); + queryEntity.deleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off predicate = Objects.isNull(query.getCategory()) ? predicate : ExpressionUtils.and(predicate, queryEntity.category.eq(query.getCategory())); @@ -198,7 +197,7 @@ public interface IdentityProviderConverter { request.setPredicate(predicate); //分页条件 request.setPageRequest(QPageRequest.of(pageModel.getCurrent(), pageModel.getPageSize(), - queryEntity.updateTime.desc())); + queryEntity.updateTime.desc())); return request; } @@ -213,11 +212,11 @@ public interface IdentityProviderConverter { return null; } IdentityProviderConfig identityProviderConfig = getIdentityProviderConfig(param.getType(), - param.getConfig()); + param.getConfig()); ObjectMapper objectMapper = new ObjectMapper(); // 指定序列化输入的类型 objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(), - ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); + ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); try { //封装数据 IdentityProviderEntity identityProviderEntity = new IdentityProviderEntity(); @@ -227,7 +226,7 @@ public interface IdentityProviderConverter { identityProviderEntity.setRemark(param.getRemark()); //配置 identityProviderEntity - .setConfig(objectMapper.writeValueAsString(identityProviderConfig)); + .setConfig(objectMapper.writeValueAsString(identityProviderConfig)); return identityProviderEntity; } catch (JsonProcessingException e) { throw new RuntimeException(e); @@ -280,7 +279,7 @@ public interface IdentityProviderConverter { throw new NullPointerException("提供商配置不能为空"); } ValidationUtils.ValidationResult validationResult = ValidationUtils - .validateEntity(identityProviderConfig); + .validateEntity(identityProviderConfig); if (validationResult.isHasErrors()) { throw new ConstraintViolationException(validationResult.getConstraintViolations()); }