mirror of
https://github.com/certd/certd.git
synced 2026-05-15 04:27:31 +08:00
fix: 修复clogin登录丢失state问题
This commit is contained in:
xiaojunnuo
@@ -82,14 +82,22 @@ export class ConnectController extends BaseController {
|
|||||||
const bindUrl = installInfo?.bindUrl || "";
|
const bindUrl = installInfo?.bindUrl || "";
|
||||||
//构造登录url
|
//构造登录url
|
||||||
const redirectUrl = `${bindUrl}api/oauth/callback/${body.type}`;
|
const redirectUrl = `${bindUrl}api/oauth/callback/${body.type}`;
|
||||||
|
|
||||||
|
let stateObj = {
|
||||||
|
forType: body.forType || 'login',
|
||||||
|
}
|
||||||
|
const state = utils.hash.base64(JSON.stringify(stateObj))
|
||||||
const { loginUrl, ticketValue } = await oauthProvider.addon.buildLoginUrl({
|
const { loginUrl, ticketValue } = await oauthProvider.addon.buildLoginUrl({
|
||||||
redirectUri: redirectUrl,
|
redirectUri: redirectUrl,
|
||||||
forType: body.forType,
|
forType: body.forType,
|
||||||
from: body.from || "web",
|
from: body.from || "web",
|
||||||
subtype: body.subtype,
|
subtype: body.subtype,
|
||||||
|
state,
|
||||||
});
|
});
|
||||||
|
|
||||||
const ticket = this.codeService.setValidationValue({
|
const ticket = this.codeService.setValidationValue({
|
||||||
...ticketValue,
|
...ticketValue,
|
||||||
|
state,
|
||||||
subtype: body.subtype,
|
subtype: body.subtype,
|
||||||
})
|
})
|
||||||
this.ctx.cookies.set("oauth_ticket", ticket, {
|
this.ctx.cookies.set("oauth_ticket", ticket, {
|
||||||
|
|||||||
@@ -184,9 +184,9 @@ export class UserService extends BaseService<UserEntity> {
|
|||||||
}
|
}
|
||||||
|
|
||||||
async register(type: string, user: UserEntity, withTx?: (tx: EntityManager) => Promise<void>) {
|
async register(type: string, user: UserEntity, withTx?: (tx: EntityManager) => Promise<void>) {
|
||||||
if (!user.password) {
|
// if (!user.password) {
|
||||||
user.password = simpleNanoId();
|
// user.password = simpleNanoId();
|
||||||
}
|
// }
|
||||||
|
|
||||||
if (user.username) {
|
if (user.username) {
|
||||||
const username = user.username;
|
const username = user.username;
|
||||||
@@ -229,9 +229,11 @@ export class UserService extends BaseService<UserEntity> {
|
|||||||
passwordVersion: 2,
|
passwordVersion: 2,
|
||||||
});
|
});
|
||||||
if (!newUser.password) {
|
if (!newUser.password) {
|
||||||
newUser.password = RandomUtil.randomStr(6);
|
newUser.password = "changeme";
|
||||||
|
}else{
|
||||||
|
newUser.password = await this.genPassword(newUser.password, newUser.passwordVersion);
|
||||||
}
|
}
|
||||||
newUser.password = await this.genPassword(newUser.password, newUser.passwordVersion);
|
|
||||||
|
|
||||||
await this.transaction(async txManager => {
|
await this.transaction(async txManager => {
|
||||||
newUser = await txManager.save(newUser);
|
newUser = await txManager.save(newUser);
|
||||||
|
|||||||
@@ -42,6 +42,7 @@ export type BuildLoginUrlReq = {
|
|||||||
forType?: string;
|
forType?: string;
|
||||||
from?:string;
|
from?:string;
|
||||||
subtype?: string;
|
subtype?: string;
|
||||||
|
state?: string;
|
||||||
}
|
}
|
||||||
|
|
||||||
export type BuildLogoutUrlReq = {
|
export type BuildLogoutUrlReq = {
|
||||||
|
|||||||
@@ -94,16 +94,14 @@ export class CloginOauthProvider extends BaseAddon implements IOauthProvider {
|
|||||||
// redirectUri = redirectUri.replace("localhost:3008", "certd.handfree.work")
|
// redirectUri = redirectUri.replace("localhost:3008", "certd.handfree.work")
|
||||||
// }
|
// }
|
||||||
const res = await this.ctx.http.request({
|
const res = await this.ctx.http.request({
|
||||||
url: `${this.endpoint}/connect.php?act=login&appid=${this.appId}&appkey=${this.appKey}&type=${loginType}&redirect_uri=${redirectUri}`
|
url: `${this.endpoint}/connect.php?act=login&appid=${this.appId}&appkey=${this.appKey}&type=${loginType}&redirect_uri=${redirectUri}&state=${params.state}`
|
||||||
})
|
})
|
||||||
|
|
||||||
this.checkRes(res)
|
this.checkRes(res)
|
||||||
|
|
||||||
return {
|
return {
|
||||||
loginUrl: res.url,
|
loginUrl: res.url,
|
||||||
ticketValue: {
|
ticketValue: {},
|
||||||
state: "",
|
|
||||||
},
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -79,19 +79,13 @@ gitee.userInfo = https://gitee.com/api/v5/user
|
|||||||
async buildLoginUrl(params: BuildLoginUrlReq) {
|
async buildLoginUrl(params: BuildLoginUrlReq) {
|
||||||
|
|
||||||
let scope = "user_info" // Scope of the access request
|
let scope = "user_info" // Scope of the access request
|
||||||
let state:any = {
|
|
||||||
forType: params.forType || 'login',
|
|
||||||
}
|
|
||||||
state = this.ctx.utils.hash.base64(JSON.stringify(state))
|
|
||||||
|
|
||||||
const authorizeEndpoint = "https://gitee.com/oauth/authorize"
|
const authorizeEndpoint = "https://gitee.com/oauth/authorize"
|
||||||
const redirectUrl = encodeURIComponent(params.redirectUri)
|
const redirectUrl = encodeURIComponent(params.redirectUri)
|
||||||
// https://gitee.com/oauth/authorize?client_id=5bb5f4158af41c50c7a17b5d9068244e97d3ee572def6a57ed32fd8c9d760ad1&redirect_uri=http%3A%2F%2Fcasdoor.docmirror.cn%3A8000%2Fcallback&response_type=code
|
// https://gitee.com/oauth/authorize?client_id=5bb5f4158af41c50c7a17b5d9068244e97d3ee572def6a57ed32fd8c9d760ad1&redirect_uri=http%3A%2F%2Fcasdoor.docmirror.cn%3A8000%2Fcallback&response_type=code
|
||||||
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
|
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${params.state}`
|
||||||
return {
|
return {
|
||||||
loginUrl,
|
loginUrl,
|
||||||
ticketValue: {
|
ticketValue: {
|
||||||
state,
|
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -30,19 +30,12 @@ export class GithubOauthProvider extends BaseAddon implements IOauthProvider {
|
|||||||
async buildLoginUrl(params: BuildLoginUrlReq) {
|
async buildLoginUrl(params: BuildLoginUrlReq) {
|
||||||
|
|
||||||
let scope = "user:email" // Scope of the access request
|
let scope = "user:email" // Scope of the access request
|
||||||
let state:any = {
|
|
||||||
forType: params.forType || 'login',
|
|
||||||
}
|
|
||||||
state = this.ctx.utils.hash.base64(JSON.stringify(state))
|
|
||||||
|
|
||||||
const authorizeEndpoint = "https://github.com/login/oauth/authorize"
|
const authorizeEndpoint = "https://github.com/login/oauth/authorize"
|
||||||
const redirectUrl = encodeURIComponent(params.redirectUri)
|
const redirectUrl = encodeURIComponent(params.redirectUri)
|
||||||
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
|
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${params.state}`
|
||||||
return {
|
return {
|
||||||
loginUrl,
|
loginUrl,
|
||||||
ticketValue: {
|
ticketValue: { },
|
||||||
state,
|
|
||||||
},
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -30,18 +30,13 @@ export class GoogleOauthProvider extends BaseAddon implements IOauthProvider {
|
|||||||
async buildLoginUrl(params: BuildLoginUrlReq) {
|
async buildLoginUrl(params: BuildLoginUrlReq) {
|
||||||
|
|
||||||
let scope = "email profile" // Scope of the access request
|
let scope = "email profile" // Scope of the access request
|
||||||
let state:any = {
|
|
||||||
forType: params.forType || 'login',
|
|
||||||
}
|
|
||||||
state = this.ctx.utils.hash.base64(JSON.stringify(state))
|
|
||||||
|
|
||||||
const authorizeEndpoint = "https://accounts.google.com/o/oauth2/auth"
|
const authorizeEndpoint = "https://accounts.google.com/o/oauth2/auth"
|
||||||
const redirectUrl = encodeURIComponent(params.redirectUri)
|
const redirectUrl = encodeURIComponent(params.redirectUri)
|
||||||
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
|
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${params.state}`
|
||||||
return {
|
return {
|
||||||
loginUrl,
|
loginUrl,
|
||||||
ticketValue: {
|
ticketValue: {
|
||||||
state,
|
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -42,18 +42,12 @@ export class MicrosoftOauthProvider extends BaseAddon implements IOauthProvider
|
|||||||
async buildLoginUrl(params: BuildLoginUrlReq) {
|
async buildLoginUrl(params: BuildLoginUrlReq) {
|
||||||
|
|
||||||
let scope = "openid profile email User.Read" // Scope of the access request
|
let scope = "openid profile email User.Read" // Scope of the access request
|
||||||
let state:any = {
|
|
||||||
forType: params.forType || 'login',
|
|
||||||
}
|
|
||||||
state = this.ctx.utils.hash.base64(JSON.stringify(state))
|
|
||||||
|
|
||||||
const authorizeEndpoint = `https://login.microsoftonline.com/${this.tenantId}/oauth2/v2.0/authorize`
|
const authorizeEndpoint = `https://login.microsoftonline.com/${this.tenantId}/oauth2/v2.0/authorize`
|
||||||
const redirectUrl = encodeURIComponent(params.redirectUri)
|
const redirectUrl = encodeURIComponent(params.redirectUri)
|
||||||
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${state}`
|
const loginUrl = `${authorizeEndpoint}?client_id=${this.clientId}&redirect_uri=${redirectUrl}&response_type=code&scope=${scope}&state=${params.state}`
|
||||||
return {
|
return {
|
||||||
loginUrl,
|
loginUrl,
|
||||||
ticketValue: {
|
ticketValue: {
|
||||||
state,
|
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user