From 22f5cfcfd8462ca74128329eefb3f48b3ee0b7ea Mon Sep 17 00:00:00 2001 From: xiaojunnuo Date: Thu, 14 May 2026 23:44:04 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8Dclogin=E7=99=BB?= =?UTF-8?q?=E5=BD=95=E4=B8=A2=E5=A4=B1state=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/controller/basic/login/oauth-controller.ts | 8 ++++++++ .../modules/sys/authority/service/user-service.ts | 12 +++++++----- .../ui/certd-server/src/plugins/plugin-oauth/api.ts | 1 + .../src/plugins/plugin-oauth/oauth2/plugin-clogin.ts | 6 ++---- .../src/plugins/plugin-oauth/oauth2/plugin-gitee.ts | 8 +------- .../src/plugins/plugin-oauth/oauth2/plugin-github.ts | 11 ++--------- .../src/plugins/plugin-oauth/oauth2/plugin-google.ts | 7 +------ .../plugins/plugin-oauth/oauth2/plugin-microsoft.ts | 8 +------- 8 files changed, 23 insertions(+), 38 deletions(-) diff --git a/packages/ui/certd-server/src/controller/basic/login/oauth-controller.ts b/packages/ui/certd-server/src/controller/basic/login/oauth-controller.ts index 86201ac4f..f312a1847 100644 --- a/packages/ui/certd-server/src/controller/basic/login/oauth-controller.ts +++ b/packages/ui/certd-server/src/controller/basic/login/oauth-controller.ts @@ -82,14 +82,22 @@ export class ConnectController extends BaseController { const bindUrl = installInfo?.bindUrl || ""; //构造登录url const redirectUrl = `${bindUrl}api/oauth/callback/${body.type}`; + + let stateObj = { + forType: body.forType || 'login', + } + const state = utils.hash.base64(JSON.stringify(stateObj)) const { loginUrl, ticketValue } = await oauthProvider.addon.buildLoginUrl({ redirectUri: redirectUrl, forType: body.forType, from: body.from || "web", subtype: body.subtype, + state, }); + const ticket = this.codeService.setValidationValue({ ...ticketValue, + state, subtype: body.subtype, }) this.ctx.cookies.set("oauth_ticket", ticket, { diff --git a/packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts b/packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts index 750f2d769..311c4948c 100644 --- a/packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts +++ b/packages/ui/certd-server/src/modules/sys/authority/service/user-service.ts @@ -184,9 +184,9 @@ export class UserService extends BaseService { } async register(type: string, user: UserEntity, withTx?: (tx: EntityManager) => Promise) { - if (!user.password) { - user.password = simpleNanoId(); - } + // if (!user.password) { + // user.password = simpleNanoId(); + // } if (user.username) { const username = user.username; @@ -229,9 +229,11 @@ export class UserService extends BaseService { passwordVersion: 2, }); if (!newUser.password) { - newUser.password = RandomUtil.randomStr(6); + newUser.password = "changeme"; + }else{ + newUser.password = await this.genPassword(newUser.password, newUser.passwordVersion); } - newUser.password = await this.genPassword(newUser.password, newUser.passwordVersion); + await this.transaction(async txManager => { newUser = await txManager.save(newUser); diff --git a/packages/ui/certd-server/src/plugins/plugin-oauth/api.ts b/packages/ui/certd-server/src/plugins/plugin-oauth/api.ts index be97b6a5d..89ee026d7 100644 --- a/packages/ui/certd-server/src/plugins/plugin-oauth/api.ts +++ b/packages/ui/certd-server/src/plugins/plugin-oauth/api.ts @@ -42,6 +42,7 @@ export type BuildLoginUrlReq = { forType?: string; from?:string; subtype?: string; + state?: string; } export type BuildLogoutUrlReq = { diff --git a/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-clogin.ts b/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-clogin.ts index 8499a2e8d..165fd84a3 100644 --- a/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-clogin.ts +++ b/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-clogin.ts @@ -94,16 +94,14 @@ export class CloginOauthProvider extends BaseAddon implements IOauthProvider { // redirectUri = redirectUri.replace("localhost:3008", "certd.handfree.work") // } const res = await this.ctx.http.request({ - url: `${this.endpoint}/connect.php?act=login&appid=${this.appId}&appkey=${this.appKey}&type=${loginType}&redirect_uri=${redirectUri}` + url: `${this.endpoint}/connect.php?act=login&appid=${this.appId}&appkey=${this.appKey}&type=${loginType}&redirect_uri=${redirectUri}&state=${params.state}` }) this.checkRes(res) return { loginUrl: res.url, - ticketValue: { - state: "", - }, + ticketValue: {}, }; } diff --git a/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-gitee.ts b/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-gitee.ts index c93745ae7..0f5a61961 100644 --- a/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-gitee.ts +++ b/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-gitee.ts @@ -79,19 +79,13 @@ gitee.userInfo = https://gitee.com/api/v5/user async buildLoginUrl(params: BuildLoginUrlReq) { let scope = "user_info" // Scope of the access request - let state:any = { - forType: params.forType || 'login', - } - state = this.ctx.utils.hash.base64(JSON.stringify(state)) - const authorizeEndpoint = "https://gitee.com/oauth/authorize" const redirectUrl = encodeURIComponent(params.redirectUri) // https://gitee.com/oauth/authorize?client_id=5bb5f4158af41c50c7a17b5d9068244e97d3ee572def6a57ed32fd8c9d760ad1&redirect_uri=http%3A%2F%2Fcasdoor.docmirror.cn%3A8000%2Fcallback&response_type=code - const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}` + const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${params.state}` return { loginUrl, ticketValue: { - state, }, }; } diff --git a/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-github.ts b/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-github.ts index 0cf9958d3..019b6dc70 100644 --- a/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-github.ts +++ b/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-github.ts @@ -30,19 +30,12 @@ export class GithubOauthProvider extends BaseAddon implements IOauthProvider { async buildLoginUrl(params: BuildLoginUrlReq) { let scope = "user:email" // Scope of the access request - let state:any = { - forType: params.forType || 'login', - } - state = this.ctx.utils.hash.base64(JSON.stringify(state)) - const authorizeEndpoint = "https://github.com/login/oauth/authorize" const redirectUrl = encodeURIComponent(params.redirectUri) - const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}` + const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${params.state}` return { loginUrl, - ticketValue: { - state, - }, + ticketValue: { }, }; } diff --git a/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-google.ts b/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-google.ts index 6d1c12241..59aea2ad6 100644 --- a/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-google.ts +++ b/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-google.ts @@ -30,18 +30,13 @@ export class GoogleOauthProvider extends BaseAddon implements IOauthProvider { async buildLoginUrl(params: BuildLoginUrlReq) { let scope = "email profile" // Scope of the access request - let state:any = { - forType: params.forType || 'login', - } - state = this.ctx.utils.hash.base64(JSON.stringify(state)) const authorizeEndpoint = "https://accounts.google.com/o/oauth2/auth" const redirectUrl = encodeURIComponent(params.redirectUri) - const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}` + const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${params.state}` return { loginUrl, ticketValue: { - state, }, }; } diff --git a/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-microsoft.ts b/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-microsoft.ts index a5773cf95..63a39c877 100644 --- a/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-microsoft.ts +++ b/packages/ui/certd-server/src/plugins/plugin-oauth/oauth2/plugin-microsoft.ts @@ -42,18 +42,12 @@ export class MicrosoftOauthProvider extends BaseAddon implements IOauthProvider async buildLoginUrl(params: BuildLoginUrlReq) { let scope = "openid profile email User.Read" // Scope of the access request - let state:any = { - forType: params.forType || 'login', - } - state = this.ctx.utils.hash.base64(JSON.stringify(state)) - const authorizeEndpoint = `https://login.microsoftonline.com/${this.tenantId}/oauth2/v2.0/authorize` const redirectUrl = encodeURIComponent(params.redirectUri) - const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}` + const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${params.state}` return { loginUrl, ticketValue: { - state, }, }; }