From d18463866ef0ede008eb8de1208a3feedea5396d Mon Sep 17 00:00:00 2001 From: YunaiV Date: Tue, 24 May 2022 00:01:30 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=20sso=20=E9=A1=B5=E9=9D=A2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../admin/oauth2/OAuth2OpenController.http | 9 +- .../admin/oauth2/OAuth2OpenController.java | 56 ++++----- .../oauth2/vo/client/OAuth2ClientBaseVO.java | 18 +-- .../vo/client/OAuth2ClientPageReqVO.java | 4 +- .../oauth2/vo/client/OAuth2ClientRespVO.java | 2 +- .../vo/client/OAuth2ClientUpdateReqVO.java | 2 +- .../open/OAuth2OpenAuthorizeInfoRespVO.java | 39 +++++++ .../convert/oauth2/OAuth2OpenConvert.java | 25 +++- .../dataobject/oauth2/OAuth2ApproveDO.java | 2 +- .../oauth2/OAuth2ClientServiceImpl.java | 2 +- yudao-ui-admin/src/api/login.js | 38 +++--- yudao-ui-admin/src/router/index.js | 4 +- .../src/views/{authorize.vue => sso.vue} | 109 +++++++++++++----- 13 files changed, 215 insertions(+), 95 deletions(-) create mode 100644 yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/open/OAuth2OpenAuthorizeInfoRespVO.java rename yudao-ui-admin/src/views/{authorize.vue => sso.vue} (59%) diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/OAuth2OpenController.http b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/OAuth2OpenController.http index 288f0f672..e11aee721 100644 --- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/OAuth2OpenController.http +++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/OAuth2OpenController.http @@ -1,10 +1,15 @@ +### 请求 /system/oauth2/authorize 接口 => 成功 +GET {{baseUrl}}/system/oauth2/authorize?clientId=default +Authorization: Bearer {{token}} +tenant-id: {{adminTenentId}} + ### 请求 /system/oauth2/authorize + token 接口 => 成功 POST {{baseUrl}}/system/oauth2/authorize Content-Type: application/x-www-form-urlencoded Authorization: Bearer {{token}} tenant-id: {{adminTenentId}} -response_type=token&client_id=default&scope={"user_info": true}&redirect_uri=https://www.iocoder.cn&auto_approve=true +response_type=token&client_id=default&scope={"user.read": true}&redirect_uri=https://www.iocoder.cn&auto_approve=true ### 请求 /system/oauth2/authorize + code 接口 => 成功 POST {{baseUrl}}/system/oauth2/authorize @@ -12,7 +17,7 @@ Content-Type: application/x-www-form-urlencoded Authorization: Bearer {{token}} tenant-id: {{adminTenentId}} -response_type=code&client_id=default&scope={"user.read": true}&redirect_uri=https://www.iocoder.cn&auto_approve=true +response_type=code&client_id=default&scope={"user.read": true}&redirect_uri=https://www.iocoder.cn&auto_approve=false ### 请求 /system/oauth2/token + code 接口 => 成功 POST {{baseUrl}}/system/oauth2/token diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/OAuth2OpenController.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/OAuth2OpenController.java index dfceb6320..6034c6096 100644 --- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/OAuth2OpenController.java +++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/OAuth2OpenController.java @@ -11,14 +11,16 @@ import cn.iocoder.yudao.framework.common.util.http.HttpUtils; import cn.iocoder.yudao.framework.common.util.json.JsonUtils; import cn.iocoder.yudao.framework.operatelog.core.annotations.OperateLog; import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.OAuth2OpenAccessTokenRespVO; +import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.OAuth2OpenAuthorizeInfoRespVO; import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.OAuth2OpenCheckTokenRespVO; import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.user.OAuth2OpenUserInfoRespVO; -import cn.iocoder.yudao.module.system.controller.admin.user.vo.profile.UserProfileUpdateReqVO; +import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.user.OAuth2OpenUserUpdateReqVO; import cn.iocoder.yudao.module.system.convert.oauth2.OAuth2OpenConvert; -import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO; -import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2ClientDO; import cn.iocoder.yudao.module.system.dal.dataobject.dept.DeptDO; import cn.iocoder.yudao.module.system.dal.dataobject.dept.PostDO; +import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO; +import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2ApproveDO; +import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2ClientDO; import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO; import cn.iocoder.yudao.module.system.enums.auth.OAuth2GrantTypeEnum; import cn.iocoder.yudao.module.system.service.dept.DeptService; @@ -91,7 +93,7 @@ public class OAuth2OpenController { * 注意,默认需要传递 client_id + client_secret 参数 */ @PostMapping("/token") - @ApiOperation(value = "获得访问令牌", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 authorize.vue 单点登录界面被【获取】调用") + @ApiOperation(value = "获得访问令牌", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 sso.vue 单点登录界面被【获取】调用") @ApiImplicitParams({ @ApiImplicitParam(name = "grant_type", required = true, value = "授权类型", example = "code", dataTypeClass = String.class), @ApiImplicitParam(name = "code", value = "授权范围", example = "userinfo.read", dataTypeClass = String.class), @@ -173,7 +175,7 @@ public class OAuth2OpenController { @RequestParam("token") String token) { // 校验客户端 String[] clientIdAndSecret = obtainBasicAuthorization(request); - OAuth2ClientDO client = oauth2ClientService.validOAuthClientFromCache(clientIdAndSecret[0], clientIdAndSecret[1], + oauth2ClientService.validOAuthClientFromCache(clientIdAndSecret[0], clientIdAndSecret[1], null, null, null); // 校验令牌 @@ -182,46 +184,36 @@ public class OAuth2OpenController { return success(OAuth2OpenConvert.INSTANCE.convert2(accessTokenDO)); } - // GET oauth/authorize AuthorizationEndpoint TODO + /** + * 对应 Spring Security OAuth 的 AuthorizationEndpoint 类的 authorize 方法 + */ @GetMapping("/authorize") - @ApiOperation(value = "获得授权信息", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 authorize.vue 单点登录界面被【获取】调用") - @ApiImplicitParams({ - @ApiImplicitParam(name = "response_type", required = true, value = "响应类型", example = "code", dataTypeClass = String.class), - @ApiImplicitParam(name = "client_id", required = true, value = "客户端编号", example = "tudou", dataTypeClass = String.class), - @ApiImplicitParam(name = "scope", value = "授权范围", example = "userinfo.read", dataTypeClass = String.class), // 多个使用空格分隔 - @ApiImplicitParam(name = "redirect_uri", required = true, value = "重定向 URI", example = "https://www.iocoder.cn", dataTypeClass = String.class), - @ApiImplicitParam(name = "state", example = "123321", dataTypeClass = String.class) - }) - public CommonResult authorize(@RequestParam("response_type") String responseType, - @RequestParam("client_id") String clientId, - @RequestParam(value = "scope", required = false) String scope, - @RequestParam("redirect_uri") String redirectUri, - @RequestParam(value = "state", required = false) String state) { - List scopes = StrUtil.split(scope, ' '); + @ApiOperation(value = "获得授权信息", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 sso.vue 单点登录界面被【获取】调用") + @ApiImplicitParam(name = "clientId", required = true, value = "客户端编号", example = "tudou", dataTypeClass = String.class) + public CommonResult authorize(@RequestParam("clientId") String clientId) { // 0. 校验用户已经登录。通过 Spring Security 实现 - // 1.1 校验 responseType 是否满足 code 或者 token 值 - OAuth2GrantTypeEnum grantTypeEnum = getGrantTypeEnum(responseType); - // 1.2 校验 redirectUri 重定向域名是否合法 + 校验 scope 是否在 Client 授权范围内 - oauth2ClientService.validOAuthClientFromCache(clientId, null, - grantTypeEnum.getGrantType(), scopes, redirectUri); - - // 3. 不满足自动授权,则返回授权相关的展示信息 - return null; + // 1. 获得 Client 客户端的信息 + OAuth2ClientDO client = oauth2ClientService.validOAuthClientFromCache(clientId, null, + null, null, null); + // 2. 获得用户已经授权的信息 + List approves = oauth2ApproveService.getApproveList(getLoginUserId(), getUserType(), clientId); + // 拼接返回 + return success(OAuth2OpenConvert.INSTANCE.convert(client, approves)); } /** * 对应 Spring Security OAuth 的 AuthorizationEndpoint 类的 approveOrDeny 方法 * * 场景一:【自动授权 autoApprove = true】 - * 刚进入 authorize.vue 界面,调用该接口,用户历史已经给该应用做过对应的授权,或者 OAuth2Client 支持该 scope 的自动授权 + * 刚进入 sso.vue 界面,调用该接口,用户历史已经给该应用做过对应的授权,或者 OAuth2Client 支持该 scope 的自动授权 * 场景二:【手动授权 autoApprove = false】 - * 在 authorize.vue 界面,用户选择好 scope 授权范围,调用该接口,进行授权。此时,approved 为 true 或者 false + * 在 sso.vue 界面,用户选择好 scope 授权范围,调用该接口,进行授权。此时,approved 为 true 或者 false * * 因为前后端分离,Axios 无法很好的处理 302 重定向,所以和 Spring Security OAuth 略有不同,返回结果是重定向的 URL,剩余交给前端处理 */ @PostMapping("/authorize") - @ApiOperation(value = "申请授权", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 authorize.vue 单点登录界面被【提交】调用") + @ApiOperation(value = "申请授权", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 sso.vue 单点登录界面被【提交】调用") @ApiImplicitParams({ @ApiImplicitParam(name = "response_type", required = true, value = "响应类型", example = "code", dataTypeClass = String.class), @ApiImplicitParam(name = "client_id", required = true, value = "客户端编号", example = "tudou", dataTypeClass = String.class), @@ -346,7 +338,7 @@ public class OAuth2OpenController { @PutMapping("/user/update") @ApiOperation("更新用户基本信息") @PreAuthorize("@ss.hasScope('user.write')") - public CommonResult updateUserInfo(@Valid @RequestBody UserProfileUpdateReqVO reqVO) { + public CommonResult updateUserInfo(@Valid @RequestBody OAuth2OpenUserUpdateReqVO reqVO) { // 这里将 UserProfileUpdateReqVO =》UserProfileUpdateReqVO 对象,实现接口的复用。 // 主要是,AdminUserService 没有自己的 BO 对象,所以复用只能这么做 userService.updateUserProfile(getLoginUserId(), OAuth2OpenConvert.INSTANCE.convert(reqVO)); diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientBaseVO.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientBaseVO.java index 786bc5267..dbd74e552 100755 --- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientBaseVO.java +++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientBaseVO.java @@ -18,39 +18,39 @@ import java.util.List; @Data public class OAuth2ClientBaseVO { - @ApiModelProperty(value = "客户端编号", required = true) + @ApiModelProperty(value = "客户端编号", required = true, example = "tudou") @NotNull(message = "客户端编号不能为空") private String clientId; - @ApiModelProperty(value = "客户端密钥", required = true) + @ApiModelProperty(value = "客户端密钥", required = true, example = "fan") @NotNull(message = "客户端密钥不能为空") private String secret; - @ApiModelProperty(value = "应用名", required = true) + @ApiModelProperty(value = "应用名", required = true, example = "土豆") @NotNull(message = "应用名不能为空") private String name; - @ApiModelProperty(value = "应用图标", required = true) + @ApiModelProperty(value = "应用图标", required = true, example = "https://www.iocoder.cn/xx.png") @NotNull(message = "应用图标不能为空") @URL(message = "应用图标的地址不正确") private String logo; - @ApiModelProperty(value = "应用描述") + @ApiModelProperty(value = "应用描述", example = "我是一个应用") private String description; - @ApiModelProperty(value = "状态", required = true) + @ApiModelProperty(value = "状态", required = true, example = "1", notes = "参见 CommonStatusEnum 枚举") @NotNull(message = "状态不能为空") private Integer status; - @ApiModelProperty(value = "访问令牌的有效期", required = true) + @ApiModelProperty(value = "访问令牌的有效期", required = true, example = "8640") @NotNull(message = "访问令牌的有效期不能为空") private Integer accessTokenValiditySeconds; - @ApiModelProperty(value = "刷新令牌的有效期", required = true) + @ApiModelProperty(value = "刷新令牌的有效期", required = true, example = "8640000") @NotNull(message = "刷新令牌的有效期不能为空") private Integer refreshTokenValiditySeconds; - @ApiModelProperty(value = "可重定向的 URI 地址", required = true) + @ApiModelProperty(value = "可重定向的 URI 地址", required = true, example = "https://www.iocoder.cn") @NotNull(message = "可重定向的 URI 地址不能为空") private List<@NotEmpty(message = "重定向的 URI 不能为空") @URL(message = "重定向的 URI 格式不正确") String> redirectUris; diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientPageReqVO.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientPageReqVO.java index b6d2a2172..286fc73ac 100755 --- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientPageReqVO.java +++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientPageReqVO.java @@ -10,10 +10,10 @@ import cn.iocoder.yudao.framework.common.pojo.PageParam; @ToString(callSuper = true) public class OAuth2ClientPageReqVO extends PageParam { - @ApiModelProperty(value = "应用名") + @ApiModelProperty(value = "应用名", example = "土豆", notes = "模糊匹配") private String name; - @ApiModelProperty(value = "状态") + @ApiModelProperty(value = "状态", example = "1", notes = "参见 CommonStatusEnum 枚举") private Integer status; } diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientRespVO.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientRespVO.java index e0df90f3d..37800c2dc 100755 --- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientRespVO.java +++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientRespVO.java @@ -14,7 +14,7 @@ import java.util.Date; @ToString(callSuper = true) public class OAuth2ClientRespVO extends OAuth2ClientBaseVO { - @ApiModelProperty(value = "编号", required = true) + @ApiModelProperty(value = "编号", required = true, example = "1024") private Long id; @ApiModelProperty(value = "创建时间", required = true) diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientUpdateReqVO.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientUpdateReqVO.java index 3b1d2a0f3..024a1511f 100755 --- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientUpdateReqVO.java +++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/client/OAuth2ClientUpdateReqVO.java @@ -14,7 +14,7 @@ import javax.validation.constraints.NotNull; @ToString(callSuper = true) public class OAuth2ClientUpdateReqVO extends OAuth2ClientBaseVO { - @ApiModelProperty(value = "编号", required = true) + @ApiModelProperty(value = "编号", required = true, example = "1024") @NotNull(message = "编号不能为空") private Long id; diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/open/OAuth2OpenAuthorizeInfoRespVO.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/open/OAuth2OpenAuthorizeInfoRespVO.java new file mode 100644 index 000000000..d2a7bb36e --- /dev/null +++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/oauth2/vo/open/OAuth2OpenAuthorizeInfoRespVO.java @@ -0,0 +1,39 @@ +package cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open; + +import cn.iocoder.yudao.framework.common.core.KeyValue; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +import java.util.List; + +@ApiModel("管理后台 - 授权页的信息 Response VO") +@Data +@NoArgsConstructor +@AllArgsConstructor +public class OAuth2OpenAuthorizeInfoRespVO { + + /** + * 客户端 + */ + private Client client; + + @ApiModelProperty(value = "scope 的选中信息", required = true, notes = "使用 List 保证有序性,Key 是 scope,Value 为是否选中") + private List> scopes; + + @Data + @NoArgsConstructor + @AllArgsConstructor + public static class Client { + + @ApiModelProperty(value = "应用名", required = true, example = "土豆") + private String name; + + @ApiModelProperty(value = "应用图标", required = true, example = "https://www.iocoder.cn/xx.png") + private String logo; + + } + +} diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/convert/oauth2/OAuth2OpenConvert.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/convert/oauth2/OAuth2OpenConvert.java index 0972670a2..90907d606 100644 --- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/convert/oauth2/OAuth2OpenConvert.java +++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/convert/oauth2/OAuth2OpenConvert.java @@ -1,20 +1,28 @@ package cn.iocoder.yudao.module.system.convert.oauth2; +import cn.iocoder.yudao.framework.common.core.KeyValue; import cn.iocoder.yudao.framework.common.enums.UserTypeEnum; +import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils; import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils; import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.OAuth2OpenAccessTokenRespVO; +import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.OAuth2OpenAuthorizeInfoRespVO; import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.OAuth2OpenCheckTokenRespVO; import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.user.OAuth2OpenUserInfoRespVO; +import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.user.OAuth2OpenUserUpdateReqVO; import cn.iocoder.yudao.module.system.controller.admin.user.vo.profile.UserProfileUpdateReqVO; -import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO; import cn.iocoder.yudao.module.system.dal.dataobject.dept.DeptDO; import cn.iocoder.yudao.module.system.dal.dataobject.dept.PostDO; +import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO; +import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2ApproveDO; +import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2ClientDO; import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO; import cn.iocoder.yudao.module.system.util.oauth2.OAuth2Utils; import org.mapstruct.Mapper; import org.mapstruct.factory.Mappers; +import java.util.ArrayList; import java.util.List; +import java.util.Map; @Mapper public interface OAuth2OpenConvert { @@ -44,6 +52,19 @@ public interface OAuth2OpenConvert { OAuth2OpenUserInfoRespVO.Dept convert(DeptDO dept); List convertList(List list); - UserProfileUpdateReqVO convert(UserProfileUpdateReqVO bean); + UserProfileUpdateReqVO convert(OAuth2OpenUserUpdateReqVO bean); + + default OAuth2OpenAuthorizeInfoRespVO convert(OAuth2ClientDO client, List approves) { + // 构建 scopes + List> scopes = new ArrayList<>(client.getScopes().size()); + Map approveMap = CollectionUtils.convertMap(approves, OAuth2ApproveDO::getScope); + client.getScopes().forEach(scope -> { + OAuth2ApproveDO approve = approveMap.get(scope); + scopes.add(new KeyValue<>(scope, approve != null ? approve.getApproved() : false)); + }); + // 拼接返回 + return new OAuth2OpenAuthorizeInfoRespVO( + new OAuth2OpenAuthorizeInfoRespVO.Client(client.getName(), client.getLogo()), scopes); + } } diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/dal/dataobject/oauth2/OAuth2ApproveDO.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/dal/dataobject/oauth2/OAuth2ApproveDO.java index ac1bed923..501b799f0 100644 --- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/dal/dataobject/oauth2/OAuth2ApproveDO.java +++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/dal/dataobject/oauth2/OAuth2ApproveDO.java @@ -13,7 +13,7 @@ import java.util.Date; /** * OAuth2 批准 DO * - * 用户在 authorize.vue 界面时,记录接受的 scope 列表 + * 用户在 sso.vue 界面时,记录接受的 scope 列表 * * @author 芋道源码 */ diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/oauth2/OAuth2ClientServiceImpl.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/oauth2/OAuth2ClientServiceImpl.java index 7743e9069..390282c47 100644 --- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/oauth2/OAuth2ClientServiceImpl.java +++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/oauth2/OAuth2ClientServiceImpl.java @@ -181,7 +181,7 @@ public class OAuth2ClientServiceImpl implements OAuth2ClientService { // 校验客户端存在、且开启 OAuth2ClientDO client = clientCache.get(clientId); if (client == null) { - throw exception(OAUTH2_CLIENT_EXISTS); + throw exception(OAUTH2_CLIENT_NOT_EXISTS); } if (ObjectUtil.notEqual(client.getStatus(), CommonStatusEnum.ENABLE.getStatus())) { throw exception(OAUTH2_CLIENT_DISABLE); diff --git a/yudao-ui-admin/src/api/login.js b/yudao-ui-admin/src/api/login.js index ef667fc6b..a76decf17 100644 --- a/yudao-ui-admin/src/api/login.js +++ b/yudao-ui-admin/src/api/login.js @@ -111,25 +111,37 @@ export function refreshToken() { } // ========== OAUTH 2.0 相关 ========== -export function authorize() { + +export function getAuthorize(clientId) { + return request({ + url: '/system/oauth2/authorize?clientId=' + clientId, + method: 'get' + }) +} + +export function authorize(responseType, clientId, redirectUri, state, + autoApprove, checkedScopes, uncheckedScopes) { + // 构建 scopes + const scopes = {}; + for (const scope of checkedScopes) { + scopes[scope] = true; + } + for (const scope of uncheckedScopes) { + scopes[scope] = false; + } + // 发起请求 return service({ url: '/system/oauth2/authorize', headers:{ 'Content-type': 'application/x-www-form-urlencoded', - "Access-Control-Allow-Origin": "*" }, params: { - response_type: 'code', - client_id: 'test', - redirect_uri: 'https://www.iocoder.cn', - // scopes: { - // read: true, - // write: false - // } - scope: { - read: true, - write: false - } + response_type: responseType, + client_id: clientId, + redirect_uri: redirectUri, + state: state, + auto_approve: autoApprove, + scope: JSON.stringify(scopes) }, method: 'post' }) diff --git a/yudao-ui-admin/src/router/index.js b/yudao-ui-admin/src/router/index.js index e6b3d6e01..7446a2f2b 100644 --- a/yudao-ui-admin/src/router/index.js +++ b/yudao-ui-admin/src/router/index.js @@ -43,8 +43,8 @@ export const constantRoutes = [ hidden: true }, { - path: '/authorize', - component: (resolve) => require(['@/views/authorize'], resolve), + path: '/sso', + component: (resolve) => require(['@/views/sso'], resolve), hidden: true }, { diff --git a/yudao-ui-admin/src/views/authorize.vue b/yudao-ui-admin/src/views/sso.vue similarity index 59% rename from yudao-ui-admin/src/views/authorize.vue rename to yudao-ui-admin/src/views/sso.vue index 37bba7aa2..8091ba49b 100644 --- a/yudao-ui-admin/src/views/authorize.vue +++ b/yudao-ui-admin/src/views/sso.vue @@ -14,7 +14,7 @@
- + @@ -53,7 +53,7 @@ 同意授权 登 录 中... - 拒绝 + 拒绝
@@ -69,10 +69,9 @@