🔖 发布 1.15.3-alpha 解决推特登录异常的BUG

skyinbj · May 12, 2020 · c6bd5d9 · c6bd5d9
1 parent d0ae0f2
commit c6bd5d9
Show file tree

Hide file tree

Showing 10 changed files with 53 additions and 28 deletions.
diff --git a/README.en-US.md b/README.en-US.md
@@ -6,7 +6,7 @@
 </p>
 <p align="center">
 	<a target="_blank" href="https://search.maven.org/search?q=JustAuth">
-		<img src="https://img.shields.io/badge/Maven%20Central--1.15.2-alpha-blue" ></img>
+		<img src="https://img.shields.io/badge/Maven%20Central--1.15.3-alpha-blue" ></img>
 	</a>
 	<a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE">
 		<img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img>
@@ -15,7 +15,7 @@
 		<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
 	</a>
 	<a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档">
-		<img src="https://img.shields.io/badge/Api%20Docs--1.15.2-alpha-latest-orange" ></img>
+		<img src="https://img.shields.io/badge/Api%20Docs--1.15.3-alpha-latest-orange" ></img>
 	</a>
 	<a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档">
 		<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>
@@ -97,7 +97,7 @@ These artifacts are available from Maven Central:
 <dependency>
     <groupId>me.zhyd.oauth</groupId>
     <artifactId>JustAuth</artifactId>
-    <version>1.15.2-alpha</version>
+    <version>1.15.3-alpha</version>
 </dependency>
 ```
 - Using JustAuth

diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
 </p>
 <p align="center">
 	<a target="_blank" href="https://search.maven.org/search?q=JustAuth">
-		<img src="https://img.shields.io/badge/Maven%20Central--1.15.2-alpha-blue" ></img>
+		<img src="https://img.shields.io/badge/Maven%20Central--1.15.3-alpha-blue" ></img>
 	</a>
 	<a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE">
 		<img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img>
@@ -15,7 +15,7 @@
 		<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
 	</a>
 	<a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档">
-		<img src="https://img.shields.io/badge/Api%20Docs--1.15.2-alpha-latest-orange" ></img>
+		<img src="https://img.shields.io/badge/Api%20Docs--1.15.3-alpha-latest-orange" ></img>
 	</a>
 	<a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档">
 		<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>
@@ -96,7 +96,7 @@ JustAuth，如你所见，它仅仅是一个**第三方授权登录**的**工具
 <dependency>
     <groupId>me.zhyd.oauth</groupId>
     <artifactId>JustAuth</artifactId>
-    <version>1.15.2-alpha</version>
+    <version>1.15.3-alpha</version>
 </dependency>
 ```
 - 调用api

diff --git a/bin/version.txt b/bin/version.txt
@@ -1 +1 @@
-1.15.2-alpha
+1.15.3-alpha
diff --git a/docs/README.md b/docs/README.md
@@ -9,7 +9,7 @@
 </p>
 <p align="center">
 	<a target="_blank" href="https://search.maven.org/search?q=JustAuth">
-		<img src="https://img.shields.io/badge/Maven%20Central--1.15.2-alpha-blue" ></img>
+		<img src="https://img.shields.io/badge/Maven%20Central--1.15.3-alpha-blue" ></img>
 	</a>
 	<a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE">
 		<img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img>
@@ -18,7 +18,7 @@
 		<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
 	</a>
 	<a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档">
-		<img src="https://img.shields.io/badge/Api%20Docs--1.15.2-alpha-latest-orange" ></img>
+		<img src="https://img.shields.io/badge/Api%20Docs--1.15.3-alpha-latest-orange" ></img>
 	</a>
 	<a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档">
 		<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>

diff --git a/docs/_coverpage.md b/docs/_coverpage.md
@@ -1,6 +1,6 @@
 
 ![](_media/justauth@0,25x.png)
-# JustAuth <small>1.15.2-alpha</small>
+# JustAuth <small>1.15.3-alpha</small>
 
 <strong>史上最全的整合第三方登录的开源库</strong>
 

diff --git a/pom.xml b/pom.xml
@@ -6,7 +6,7 @@
 
   <groupId>me.zhyd.oauth</groupId>
   <artifactId>JustAuth</artifactId>
-  <version>1.15.2-alpha</version>
+  <version>1.15.3-alpha</version>
 
   <name>JustAuth</name>
   <url>https://gitee.com/yadong.zhang/JustAuth</url>

diff --git a/src/main/java/me/zhyd/oauth/model/AuthCallback.java b/src/main/java/me/zhyd/oauth/model/AuthCallback.java
@@ -48,12 +48,13 @@ public class AuthCallback implements Serializable {
      *
      * @since 1.13.0
      */
-    private String oauthToken;
+    private String oauth_token;
 
     /**
      * Twitter回调后返回的oauth_verifier
      *
      * @since 1.13.0
      */
-    private String oauthVerifier;
+    private String oauth_verifier;
+
 }
diff --git a/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java b/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java
@@ -38,6 +38,21 @@ public AuthTwitterRequest(AuthConfig config, AuthStateCache authStateCache) {
         super(config, TWITTER, authStateCache);
     }
 
+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        AuthToken token  = this.getRequestToken();
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("oauth_token", token.getOauthToken())
+            .build();
+    }
+
     /**
      * Obtaining a request token
      * https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter
@@ -54,6 +69,9 @@ public AuthToken getRequestToken() {
 
         HttpHeader httpHeader = new HttpHeader();
         httpHeader.add("Authorization", header);
+        httpHeader.add("User-Agent", "themattharris' HTTP Client");
+        httpHeader.add("Host", "api.twitter.com");
+        httpHeader.add("Accept", "*/*");
         String requestToken = HttpUtil.post(baseUrl, null, httpHeader);
 
         Map<String, String> res = MapUtil.parseStringToMap(requestToken, false);
@@ -74,18 +92,18 @@ public AuthToken getRequestToken() {
     @Override
     protected AuthToken getAccessToken(AuthCallback authCallback) {
         Map<String, String> oauthParams = buildOauthParams();
-        oauthParams.put("oauth_token", authCallback.getOauthToken());
-        oauthParams.put("oauth_verifier", authCallback.getOauthVerifier());
+        oauthParams.put("oauth_token", authCallback.getOauth_token());
+        oauthParams.put("oauth_verifier", authCallback.getOauth_verifier());
         oauthParams.put("oauth_signature", generateTwitterSignature(oauthParams, "POST", source.accessToken(), config.getClientSecret(), authCallback
-            .getOauthToken()));
+            .getOauth_token()));
         String header = buildHeader(oauthParams);
 
         HttpHeader httpHeader = new HttpHeader();
         httpHeader.add("Authorization", header);
         httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded");
 
         Map<String, String> form = new HashMap<>(1);
-        form.put("oauth_verifier", authCallback.getOauthVerifier());
+        form.put("oauth_verifier", authCallback.getOauth_verifier());
         String response = HttpUtil.post(source.accessToken(), form, httpHeader, false);
 
         Map<String, String> requestToken = MapUtil.parseStringToMap(response, false);
@@ -127,6 +145,7 @@ protected AuthUser getUserInfo(AuthToken authToken) {
             .avatar(userInfo.getString("profile_image_url_https"))
             .blog(userInfo.getString("url"))
             .location(userInfo.getString("location"))
+            .avatar(userInfo.getString("profile_image_url"))
             .source(source.toString())
             .token(authToken)
             .build();
@@ -152,15 +171,12 @@ private Map<String, String> buildOauthParams() {
     }
 
     private String buildHeader(Map<String, String> oauthParams) {
-        final StringBuilder sb = new StringBuilder(PREAMBLE);
+        final StringBuilder sb = new StringBuilder(PREAMBLE + " ");
 
         for (Map.Entry<String, String> param : oauthParams.entrySet()) {
-            if (sb.length() > PREAMBLE.length()) {
-                sb.append(", ");
-            }
-            sb.append(param.getKey()).append("=\"").append(urlEncode(param.getValue())).append('"');
+            sb.append(param.getKey()).append("=\"").append(urlEncode(param.getValue())).append('"').append(", ");
         }
 
-        return sb.toString();
+        return sb.deleteCharAt(sb.length() - 2).toString();
     }
 }
diff --git a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
@@ -72,6 +72,10 @@ public static void checkConfig(AuthConfig config, AuthSource source) {
      * @since 1.8.0
      */
     public static void checkCode(AuthSource source, AuthCallback callback) {
+        // 推特平台不支持回调 code 和 state
+        if (source == AuthDefaultSource.TWITTER) {
+            return;
+        }
         String code = callback.getCode();
         if (source == AuthDefaultSource.ALIPAY) {
             code = callback.getAuth_code();
@@ -95,6 +99,10 @@ public static void checkCode(AuthSource source, AuthCallback callback) {
      * @param authStateCache {@code authStateCache} state缓存实现
      */
     public static void checkState(String state, AuthSource source, AuthStateCache authStateCache) {
+        // 推特平台不支持回调 code 和 state
+        if (source == AuthDefaultSource.TWITTER) {
+            return;
+        }
         if (StringUtils.isEmpty(state) || !authStateCache.containsKey(state)) {
             throw new AuthException(AuthResponseStatus.ILLEGAL_STATUS, source);
         }

diff --git a/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilsTest.java b/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilsTest.java
@@ -92,20 +92,20 @@ public void testGenerateTwitterSignatureForAccessToken() {
             .clientSecret("0YX3RH2DnPiT77pgzLzFdfpMKX8ENLIWQKYQ7lG5TERuZNgXN5")
             .build();
         AuthCallback authCallback = AuthCallback.builder()
-            .oauthToken("W_KLmAAAAAAAxq5LAAABbXxJeD0")
-            .oauthVerifier("lYou4gxfA6S5KioUa8VF8HCShzA2nSxp")
+            .oauth_token("W_KLmAAAAAAAxq5LAAABbXxJeD0")
+            .oauth_verifier("lYou4gxfA6S5KioUa8VF8HCShzA2nSxp")
             .build();
         Map<String, String> params = new HashMap<>();
         params.put("oauth_consumer_key", config.getClientId());
         params.put("oauth_nonce", "sTj7Ivg73u052eXstpoS1AWQCynuDEPN");
         params.put("oauth_signature_method", "HMAC-SHA1");
         params.put("oauth_timestamp", "1569751082");
-        params.put("oauth_token", authCallback.getOauthToken());
-        params.put("oauth_verifier", authCallback.getOauthVerifier());
+        params.put("oauth_token", authCallback.getOauth_token());
+        params.put("oauth_verifier", authCallback.getOauth_verifier());
         params.put("oauth_version", "1.0");
 
         params.put("oauth_signature", GlobalAuthUtils.generateTwitterSignature(params, "POST", TWITTER.accessToken(), config.getClientSecret(), authCallback
-            .getOauthToken()));
+            .getOauth_token()));
 
         params.forEach((k, v) -> params.put(k, "\"" + GlobalAuthUtils.urlEncode(v) + "\""));
         String actual = "OAuth " + GlobalAuthUtils.parseMapToString(params, false).replaceAll("&", ", ");