⚡ 优化认证提供商

2023-08-20 18:36:29 +08:00 · 2023-08-20 18:36:29 +08:00 · fdcea2f108
parent d79a22c88d
commit fdcea2f108
11 changed files with 57 additions and 33 deletions
--- a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderType.java
+++ b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderType.java
@ -110,7 +110,7 @@ public final class IdentityProviderType {
     * 支付宝认证
     */
    public static final IdentityProviderType ALIPAY_OAUTH      = new IdentityProviderType(
-            "alipay_oauth", "支付宝认证", "通过支付宝进行身份认证");
+        "alipay_oauth", "支付宝认证", "通过支付宝进行身份认证");

    private final String                     value;
    private final String                     name;
--- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java
+++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java
@ -25,6 +25,7 @@ import java.util.concurrent.TimeUnit;

 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -104,6 +105,10 @@ public class DingtalkOauthAuthenticationFilter extends AbstractIdpAuthentication
    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) throws AuthenticationException,
                                                                              IOException {
+        if (!REQUEST_MATCHER.matches(request)) {
+            throw new AuthenticationServiceException(
+                "Authentication method not supported: " + request.getMethod());
+        }
        OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
            response);
        TraceUtils.put(UUID.randomUUID().toString());
--- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java
+++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java
@ -25,6 +25,7 @@ import java.util.concurrent.TimeUnit;

 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -110,6 +111,10 @@ public class DingtalkScanCodeAuthenticationFilter extends
    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) throws AuthenticationException,
                                                                              IOException {
+        if (!REQUEST_MATCHER.matches(request)) {
+            throw new AuthenticationServiceException(
+                "Authentication method not supported: " + request.getMethod());
+        }
        //@formatter:off
        OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
            response);
--- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthorizationRequestGetFilter.java
+++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthorizationRequestGetFilter.java
@ -131,24 +131,9 @@ public class DingtalkScanCodeAuthorizationRequestGetFilter extends OncePerReques
                .state(DEFAULT_STATE_GENERATOR.generateKey())
                .attributes(attributes);
        builder.parameters(parameters -> {
-            HashMap<String, Object> linkedParameters = new LinkedHashMap<>();
-            parameters.forEach((key, value) -> {
-                if (OAuth2ParameterNames.CLIENT_ID.equals(key)) {
-                    linkedParameters.put(APP_ID, value);
-                }
-                if (OAuth2ParameterNames.SCOPE.equals(key)) {
-                    linkedParameters.put(OAuth2ParameterNames.SCOPE, value);
-                }
-                if (OAuth2ParameterNames.STATE.equals(key)) {
-                    linkedParameters.put(OAuth2ParameterNames.STATE, value);
-                }
-                if (OAuth2ParameterNames.REDIRECT_URI.equals(key)) {
-                    linkedParameters.put(OAuth2ParameterNames.REDIRECT_URI, value);
-                }
-            });
-            linkedParameters.put(RESPONSE_TYPE, CODE);
-            parameters.clear();
-            parameters.putAll(linkedParameters);
+            parameters.put(APP_ID, parameters.get(OAuth2ParameterNames.CLIENT_ID));
+            parameters.remove(OAuth2ParameterNames.CLIENT_ID);
+            parameters.put(RESPONSE_TYPE, CODE);
        });
        //@formatter:on
        this.writeForAuthorization(request, response, builder.build());
--- a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java
+++ b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java
@ -25,6 +25,7 @@ import java.util.Objects;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.http.message.BasicHeader;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -90,6 +91,10 @@ public class FeiShuLoginAuthenticationFilter extends AbstractIdpAuthenticationPr
    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) throws AuthenticationException,
                                                                              IOException {
+        if (!REQUEST_MATCHER.matches(request)) {
+            throw new AuthenticationServiceException(
+                "Authentication method not supported: " + request.getMethod());
+        }
        OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
            response);
        RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request);
--- a/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/filter/GiteeLoginAuthenticationFilter.java
+++ b/eiam-authentication/eiam-authentication-gitee/src/main/java/cn/topiam/employee/authentication/gitee/filter/GiteeLoginAuthenticationFilter.java
@ -24,6 +24,7 @@ import java.util.Objects;

 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -94,6 +95,10 @@ public class GiteeLoginAuthenticationFilter extends AbstractIdpAuthenticationPro
    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) throws AuthenticationException,
                                                                              IOException {
+        if (!REQUEST_MATCHER.matches(request)) {
+            throw new AuthenticationServiceException(
+                "Authentication method not supported: " + request.getMethod());
+        }
        OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
            response);
        RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request);
--- a/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/filter/GithubOAuth2LoginAuthenticationFilter.java
+++ b/eiam-authentication/eiam-authentication-github/src/main/java/cn/topiam/employee/authentication/github/filter/GithubOAuth2LoginAuthenticationFilter.java
@ -25,6 +25,7 @@ import java.util.UUID;

 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.*;
+import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -94,6 +95,10 @@ public class GithubOAuth2LoginAuthenticationFilter extends
    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) throws AuthenticationException,
                                                                              IOException {
+        if (!REQUEST_MATCHER.matches(request)) {
+            throw new AuthenticationServiceException(
+                "Authentication method not supported: " + request.getMethod());
+        }
        OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
            response);
        TraceUtils.put(UUID.randomUUID().toString());
--- a/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java
+++ b/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java
@ -25,6 +25,7 @@ import java.util.UUID;

 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -96,6 +97,10 @@ public class QqOAuth2LoginAuthenticationFilter extends AbstractIdpAuthentication
    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) throws AuthenticationException,
                                                                              IOException {
+        if (!REQUEST_MATCHER.matches(request)) {
+            throw new AuthenticationServiceException(
+                "Authentication method not supported: " + request.getMethod());
+        }
        OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
            response);
        TraceUtils.put(UUID.randomUUID().toString());
--- a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java
+++ b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java
@ -24,6 +24,7 @@ import java.util.Objects;

 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -94,6 +95,10 @@ public class WeChatScanCodeLoginAuthenticationFilter extends
    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) throws AuthenticationException,
                                                                              IOException {
+        if (!REQUEST_MATCHER.matches(request)) {
+            throw new AuthenticationServiceException(
+                "Authentication method not supported: " + request.getMethod());
+        }
        OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
            response);
        RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request);
--- a/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java
+++ b/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java
@ -26,6 +26,7 @@ import java.util.concurrent.TimeUnit;

 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@ -96,6 +97,10 @@ public class WeChatWorkScanCodeLoginAuthenticationFilter extends
    public Authentication attemptAuthentication(HttpServletRequest request,
                                                HttpServletResponse response) throws AuthenticationException,
                                                                              IOException {
+        if (!REQUEST_MATCHER.matches(request)) {
+            throw new AuthenticationServiceException(
+                "Authentication method not supported: " + request.getMethod());
+        }
        TraceUtils.put(UUID.randomUUID().toString());
        OAuth2AuthorizationRequest authorizationRequest = getOauth2AuthorizationRequest(request,
            response);
--- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/authn/IdentityProviderConverter.java
+++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/authn/IdentityProviderConverter.java
@ -58,7 +58,6 @@ import cn.topiam.employee.support.repository.page.domain.QueryDslRequest;
 import cn.topiam.employee.support.validation.ValidationUtils;

 import jakarta.validation.ConstraintViolationException;
-
 import static cn.topiam.employee.authentication.common.IdentityProviderType.*;

 /**
@ -114,16 +113,16 @@ public interface IdentityProviderConverter {
        }
        IdentityProviderCategory category = IdentityProviderCategory.getType(param.getCategory());
        if (!category.getProviders().stream().map(IdentityProviderType::value).toList()
-                .contains(param.getType())) {
+            .contains(param.getType())) {
            throw new TopIamException("认证源类型与认证源提供商不匹配");
        }
        try {
            IdentityProviderConfig identityProviderConfig = getIdentityProviderConfig(
-                    param.getType(), param.getConfig());
+                param.getType(), param.getConfig());
            ObjectMapper objectMapper = new ObjectMapper();
            // 指定序列化输入的类型
            objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(),
-                    ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
+                ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
            //封装数据
            IdentityProviderEntity entity = new IdentityProviderEntity();
            entity.setName(param.getName());
@ -161,15 +160,15 @@ public interface IdentityProviderConverter {
        result.setRemark(entity.getRemark());
        //回调地址
        result.setRedirectUri(ServerHelp.getPortalPublicBaseUrl()
-                + getIdentityProviderType(entity.getType()).getLoginPathPrefix() + "/"
-                + entity.getCode());
+                              + getIdentityProviderType(entity.getType()).getLoginPathPrefix() + "/"
+                              + entity.getCode());
        try {
            ObjectMapper objectMapper = new ObjectMapper();
            // 指定序列化输入的类型
            objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(),
-                    ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
+                ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
            IdentityProviderConfig config = objectMapper.readValue(entity.getConfig(),
-                    IdentityProviderConfig.class);
+                IdentityProviderConfig.class);
            result.setConfig(config);
        } catch (JsonProcessingException e) {
            throw new RuntimeException(e);
@ -189,7 +188,7 @@ public interface IdentityProviderConverter {
        QueryDslRequest request = new QueryDslRequest();
        QIdentityProviderEntity queryEntity = QIdentityProviderEntity.identityProviderEntity;
        Predicate predicate = ExpressionUtils.and(queryEntity.isNotNull(),
-                queryEntity.deleted.eq(Boolean.FALSE));
+            queryEntity.deleted.eq(Boolean.FALSE));
        //查询条件
        //@formatter:off
        predicate = Objects.isNull(query.getCategory()) ? predicate : ExpressionUtils.and(predicate, queryEntity.category.eq(query.getCategory()));
@ -198,7 +197,7 @@ public interface IdentityProviderConverter {
        request.setPredicate(predicate);
        //分页条件
        request.setPageRequest(QPageRequest.of(pageModel.getCurrent(), pageModel.getPageSize(),
-                queryEntity.updateTime.desc()));
+            queryEntity.updateTime.desc()));
        return request;
    }

@ -213,11 +212,11 @@ public interface IdentityProviderConverter {
            return null;
        }
        IdentityProviderConfig identityProviderConfig = getIdentityProviderConfig(param.getType(),
-                param.getConfig());
+            param.getConfig());
        ObjectMapper objectMapper = new ObjectMapper();
        // 指定序列化输入的类型
        objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(),
-                ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
+            ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY);
        try {
            //封装数据
            IdentityProviderEntity identityProviderEntity = new IdentityProviderEntity();
@ -227,7 +226,7 @@ public interface IdentityProviderConverter {
            identityProviderEntity.setRemark(param.getRemark());
            //配置
            identityProviderEntity
-                    .setConfig(objectMapper.writeValueAsString(identityProviderConfig));
+                .setConfig(objectMapper.writeValueAsString(identityProviderConfig));
            return identityProviderEntity;
        } catch (JsonProcessingException e) {
            throw new RuntimeException(e);
@ -280,7 +279,7 @@ public interface IdentityProviderConverter {
            throw new NullPointerException("提供商配置不能为空");
        }
        ValidationUtils.ValidationResult<?> validationResult = ValidationUtils
-                .validateEntity(identityProviderConfig);
+            .validateEntity(identityProviderConfig);
        if (validationResult.isHasErrors()) {
            throw new ConstraintViolationException(validationResult.getConstraintViolations());
        }