添加微软中国(世纪华联)第三方登录,新增微软方式登录的redirectUri校验

2026-04-24 18:48:52 +08:00 · 2021-08-25 23:06:29 +08:00
parent 976b7d8b2b
commit 23b7bcf43d
6 changed files with 257 additions and 158 deletions
--- a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
+++ b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
@@ -76,6 +76,16 @@ public class AuthChecker {
            // The redirect uri of alipay is forbidden to use localhost or 127.0.0.1
            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
        }
+        // 微软的回调地址必须为https的链接或者localhost,不允许使用http
+        if(AuthDefaultSource.MICROSOFT== source && !GlobalAuthUtils.isHttpsProtocolOrLocalHost(redirectUri) ){
+            // Microsoft's redirect uri must use the HTTPS or localhost
+            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
+        }
+        // 微软中国的回调地址必须为https的链接或者localhost,不允许使用http
+        if(AuthDefaultSource.MICROSOFT_CN== source && !GlobalAuthUtils.isHttpsProtocolOrLocalHost(redirectUri) ){
+            // Microsoft's redirect uri must use the HTTPS or localhost
+            throw new AuthException(AuthResponseStatus.ILLEGAL_REDIRECT_URI, source);
+        }
    }

    /**
--- a/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtils.java
+++ b/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtils.java
@@ -175,6 +175,19 @@ public class GlobalAuthUtils {
        return StringUtils.isEmpty(url) || url.contains("127.0.0.1") || url.contains("localhost");
    }

+    /**
+     * 是否为https协议或本地主机（域名）
+     *
+     * @param url 待验证的url
+     * @return true: https协议或本地主机 false: 非https协议或本机主机
+     */
+    public static boolean isHttpsProtocolOrLocalHost(String url) {
+        if (StringUtils.isEmpty(url)) {
+            return false;
+        }
+        return isHttpsProtocol(url) || isLocalHost(url);
+    }
+

    /**
     * Generate nonce with given length