⚡ 增加忽略校验 redirectUri 的配置

wendongbao · Apr 9, 2021 · f44ceee · f44ceee
1 parent ec4c009
commit f44ceee
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/src/main/java/me/zhyd/oauth/config/AuthConfig.java b/src/main/java/me/zhyd/oauth/config/AuthConfig.java
@@ -155,6 +155,13 @@ public class AuthConfig {
      * @since 1.16.0
      */
     private String authServerId;
+    /**
+     * 忽略校验 {@code redirectUri} 参数，默认不开启。当 {@code ignoreCheckRedirectUri} 为 {@code true} 时，
+     * {@link me.zhyd.oauth.utils.AuthChecker#checkConfig(AuthConfig, AuthSource)} 将不会校验 {@code redirectUri} 的合法性。
+     *
+     * @since 1.16.1
+     */
+    private boolean ignoreCheckRedirectUri;
 
     /**
      * 适配 builder 模式 set 值的情况

diff --git a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
@@ -25,7 +25,8 @@ public class AuthChecker {
      * @since 1.6.1-beta
      */
     public static boolean isSupportedAuth(AuthConfig config, AuthSource source) {
-        boolean isSupported = StringUtils.isNotEmpty(config.getClientId()) && StringUtils.isNotEmpty(config.getClientSecret()) && StringUtils.isNotEmpty(config.getRedirectUri());
+        boolean isSupported = StringUtils.isNotEmpty(config.getClientId())
+            && StringUtils.isNotEmpty(config.getClientSecret());
         if (isSupported && AuthDefaultSource.ALIPAY == source) {
             isSupported = StringUtils.isNotEmpty(config.getAlipayPublicKey());
         }
@@ -56,6 +57,12 @@ public static boolean isSupportedAuth(AuthConfig config, AuthSource source) {
      */
     public static void checkConfig(AuthConfig config, AuthSource source) {
         String redirectUri = config.getRedirectUri();
+        if (config.isIgnoreCheckRedirectUri()) {
+            return;
+        }
+        if (StringUtils.isEmpty(redirectUri)) {
+            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
+        }
         if (!GlobalAuthUtils.isHttpProtocol(redirectUri) && !GlobalAuthUtils.isHttpsProtocol(redirectUri)) {
             throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
         }