From 65daa0592a2e257837cd320ee962a1af638fb10b Mon Sep 17 00:00:00 2001 From: "yadong.zhang" Date: Wed, 19 Jun 2019 16:48:09 +0800 Subject: [PATCH] =?UTF-8?q?:ambulance:=20=E5=A2=9E=E5=8A=A0alipay=E6=8E=88?= =?UTF-8?q?=E6=9D=83=E5=8F=82=E6=95=B0=E7=9A=84=E9=AA=8C=E8=AF=81=EF=BC=8C?= =?UTF-8?q?=E4=BF=AE=E6=94=B9=E9=83=A8=E5=88=86=E5=91=BD=E5=90=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/me/zhyd/oauth/request/AuthDingTalkRequest.java | 6 +++--- src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java | 5 +++++ src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java | 9 +++++++-- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java index 3465b26..d4c2368 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java @@ -34,11 +34,11 @@ public class AuthDingTalkRequest extends BaseAuthRequest { protected AuthUser getUserInfo(AuthToken authToken) { String code = authToken.getAccessCode(); // 根据timestamp, appSecret计算签名值 - String stringToSign = System.currentTimeMillis() + ""; - String urlEncodeSignature = GlobalAuthUtil.generateDingTalkSignature(config.getClientSecret(), stringToSign); + String timestamp = System.currentTimeMillis() + ""; + String urlEncodeSignature = GlobalAuthUtil.generateDingTalkSignature(config.getClientSecret(), timestamp); JSONObject param = new JSONObject(); param.put("tmp_auth_code", code); - HttpResponse response = HttpRequest.post(UrlBuilder.getDingTalkUserInfoUrl(urlEncodeSignature, stringToSign, config.getClientId())) + HttpResponse response = HttpRequest.post(UrlBuilder.getDingTalkUserInfoUrl(urlEncodeSignature, timestamp, config.getClientId())) .body(param.toJSONString()) .execute(); String userInfo = response.body(); diff --git a/src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java b/src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java index ca2d425..c05b04e 100644 --- a/src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java +++ b/src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java @@ -40,8 +40,13 @@ public class AuthConfigChecker { if (!GlobalAuthUtil.isHttpProtocol(redirectUri) && !GlobalAuthUtil.isHttpsProtocol(redirectUri)) { throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI); } + // facebook的回调地址必须为https的链接 if (AuthSource.FACEBOOK == source && !GlobalAuthUtil.isHttpsProtocol(redirectUri)) { throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI); } + // 支付宝在创建回调地址时,不允许使用localhost或者127.0.0.1 + if (AuthSource.ALIPAY == source && GlobalAuthUtil.isLocalHost(redirectUri)) { + throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI); + } } } diff --git a/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java b/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java index 5bf697d..245f11a 100644 --- a/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java +++ b/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java @@ -25,9 +25,9 @@ public class GlobalAuthUtil { private static final String DEFAULT_ENCODING = "UTF-8"; private static final String ALGORITHM = "HmacSHA256"; - public static String generateDingTalkSignature(String canonicalString, String secret) { + public static String generateDingTalkSignature(String secretKey, String timestamp) { try { - byte[] signData = sign(canonicalString.getBytes(DEFAULT_ENCODING), secret.getBytes(DEFAULT_ENCODING)); + byte[] signData = sign(secretKey.getBytes(DEFAULT_ENCODING), timestamp.getBytes(DEFAULT_ENCODING)); return urlEncode(new String(Base64.encode(signData, false))); } catch (UnsupportedEncodingException ex) { throw new AuthException("Unsupported algorithm: " + DEFAULT_ENCODING, ex); @@ -98,4 +98,9 @@ public class GlobalAuthUtil { } return url.startsWith("https://"); } + + public static boolean isLocalHost(String url) { + return StringUtils.isEmpty(url) || url.contains("127.0.0.1") || url.contains("localhost"); + } + }