mirror of
https://github.com/certd/certd.git
synced 2026-05-15 04:27:31 +08:00
fix: 修复clogin登录丢失state问题
This commit is contained in:
xiaojunnuo
@@ -82,14 +82,22 @@ export class ConnectController extends BaseController {
|
||||
const bindUrl = installInfo?.bindUrl || "";
|
||||
//构造登录url
|
||||
const redirectUrl = `${bindUrl}api/oauth/callback/${body.type}`;
|
||||
|
||||
let stateObj = {
|
||||
forType: body.forType || 'login',
|
||||
}
|
||||
const state = utils.hash.base64(JSON.stringify(stateObj))
|
||||
const { loginUrl, ticketValue } = await oauthProvider.addon.buildLoginUrl({
|
||||
redirectUri: redirectUrl,
|
||||
forType: body.forType,
|
||||
from: body.from || "web",
|
||||
subtype: body.subtype,
|
||||
state,
|
||||
});
|
||||
|
||||
const ticket = this.codeService.setValidationValue({
|
||||
...ticketValue,
|
||||
state,
|
||||
subtype: body.subtype,
|
||||
})
|
||||
this.ctx.cookies.set("oauth_ticket", ticket, {
|
||||
|
||||
@@ -184,9 +184,9 @@ export class UserService extends BaseService<UserEntity> {
|
||||
}
|
||||
|
||||
async register(type: string, user: UserEntity, withTx?: (tx: EntityManager) => Promise<void>) {
|
||||
if (!user.password) {
|
||||
user.password = simpleNanoId();
|
||||
}
|
||||
// if (!user.password) {
|
||||
// user.password = simpleNanoId();
|
||||
// }
|
||||
|
||||
if (user.username) {
|
||||
const username = user.username;
|
||||
@@ -229,9 +229,11 @@ export class UserService extends BaseService<UserEntity> {
|
||||
passwordVersion: 2,
|
||||
});
|
||||
if (!newUser.password) {
|
||||
newUser.password = RandomUtil.randomStr(6);
|
||||
newUser.password = "changeme";
|
||||
}else{
|
||||
newUser.password = await this.genPassword(newUser.password, newUser.passwordVersion);
|
||||
}
|
||||
newUser.password = await this.genPassword(newUser.password, newUser.passwordVersion);
|
||||
|
||||
|
||||
await this.transaction(async txManager => {
|
||||
newUser = await txManager.save(newUser);
|
||||
|
||||
@@ -42,6 +42,7 @@ export type BuildLoginUrlReq = {
|
||||
forType?: string;
|
||||
from?:string;
|
||||
subtype?: string;
|
||||
state?: string;
|
||||
}
|
||||
|
||||
export type BuildLogoutUrlReq = {
|
||||
|
||||
@@ -94,16 +94,14 @@ export class CloginOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
// redirectUri = redirectUri.replace("localhost:3008", "certd.handfree.work")
|
||||
// }
|
||||
const res = await this.ctx.http.request({
|
||||
url: `${this.endpoint}/connect.php?act=login&appid=${this.appId}&appkey=${this.appKey}&type=${loginType}&redirect_uri=${redirectUri}`
|
||||
url: `${this.endpoint}/connect.php?act=login&appid=${this.appId}&appkey=${this.appKey}&type=${loginType}&redirect_uri=${redirectUri}&state=${params.state}`
|
||||
})
|
||||
|
||||
this.checkRes(res)
|
||||
|
||||
return {
|
||||
loginUrl: res.url,
|
||||
ticketValue: {
|
||||
state: "",
|
||||
},
|
||||
ticketValue: {},
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -79,19 +79,13 @@ gitee.userInfo = https://gitee.com/api/v5/user
|
||||
async buildLoginUrl(params: BuildLoginUrlReq) {
|
||||
|
||||
let scope = "user_info" // Scope of the access request
|
||||
let state:any = {
|
||||
forType: params.forType || 'login',
|
||||
}
|
||||
state = this.ctx.utils.hash.base64(JSON.stringify(state))
|
||||
|
||||
const authorizeEndpoint = "https://gitee.com/oauth/authorize"
|
||||
const redirectUrl = encodeURIComponent(params.redirectUri)
|
||||
// https://gitee.com/oauth/authorize?client_id=5bb5f4158af41c50c7a17b5d9068244e97d3ee572def6a57ed32fd8c9d760ad1&redirect_uri=http%3A%2F%2Fcasdoor.docmirror.cn%3A8000%2Fcallback&response_type=code
|
||||
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
|
||||
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${params.state}`
|
||||
return {
|
||||
loginUrl,
|
||||
ticketValue: {
|
||||
state,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
@@ -30,19 +30,12 @@ export class GithubOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
async buildLoginUrl(params: BuildLoginUrlReq) {
|
||||
|
||||
let scope = "user:email" // Scope of the access request
|
||||
let state:any = {
|
||||
forType: params.forType || 'login',
|
||||
}
|
||||
state = this.ctx.utils.hash.base64(JSON.stringify(state))
|
||||
|
||||
const authorizeEndpoint = "https://github.com/login/oauth/authorize"
|
||||
const redirectUrl = encodeURIComponent(params.redirectUri)
|
||||
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
|
||||
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${params.state}`
|
||||
return {
|
||||
loginUrl,
|
||||
ticketValue: {
|
||||
state,
|
||||
},
|
||||
ticketValue: { },
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -30,18 +30,13 @@ export class GoogleOauthProvider extends BaseAddon implements IOauthProvider {
|
||||
async buildLoginUrl(params: BuildLoginUrlReq) {
|
||||
|
||||
let scope = "email profile" // Scope of the access request
|
||||
let state:any = {
|
||||
forType: params.forType || 'login',
|
||||
}
|
||||
state = this.ctx.utils.hash.base64(JSON.stringify(state))
|
||||
|
||||
const authorizeEndpoint = "https://accounts.google.com/o/oauth2/auth"
|
||||
const redirectUrl = encodeURIComponent(params.redirectUri)
|
||||
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
|
||||
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${params.state}`
|
||||
return {
|
||||
loginUrl,
|
||||
ticketValue: {
|
||||
state,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
@@ -42,18 +42,12 @@ export class MicrosoftOauthProvider extends BaseAddon implements IOauthProvider
|
||||
async buildLoginUrl(params: BuildLoginUrlReq) {
|
||||
|
||||
let scope = "openid profile email User.Read" // Scope of the access request
|
||||
let state:any = {
|
||||
forType: params.forType || 'login',
|
||||
}
|
||||
state = this.ctx.utils.hash.base64(JSON.stringify(state))
|
||||
|
||||
const authorizeEndpoint = `https://login.microsoftonline.com/${this.tenantId}/oauth2/v2.0/authorize`
|
||||
const redirectUrl = encodeURIComponent(params.redirectUri)
|
||||
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
|
||||
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${params.state}`
|
||||
return {
|
||||
loginUrl,
|
||||
ticketValue: {
|
||||
state,
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user