新增 sso 页面
YunaiV
parent
ed847ac2ee
commit
d18463866e
|
|
@ -1,10 +1,15 @@
|
|||
### 请求 /system/oauth2/authorize 接口 => 成功
|
||||
GET {{baseUrl}}/system/oauth2/authorize?clientId=default
|
||||
Authorization: Bearer {{token}}
|
||||
tenant-id: {{adminTenentId}}
|
||||
|
||||
### 请求 /system/oauth2/authorize + token 接口 => 成功
|
||||
POST {{baseUrl}}/system/oauth2/authorize
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
Authorization: Bearer {{token}}
|
||||
tenant-id: {{adminTenentId}}
|
||||
|
||||
response_type=token&client_id=default&scope={"user_info": true}&redirect_uri=https://www.iocoder.cn&auto_approve=true
|
||||
response_type=token&client_id=default&scope={"user.read": true}&redirect_uri=https://www.iocoder.cn&auto_approve=true
|
||||
|
||||
### 请求 /system/oauth2/authorize + code 接口 => 成功
|
||||
POST {{baseUrl}}/system/oauth2/authorize
|
||||
|
|
@ -12,7 +17,7 @@ Content-Type: application/x-www-form-urlencoded
|
|||
Authorization: Bearer {{token}}
|
||||
tenant-id: {{adminTenentId}}
|
||||
|
||||
response_type=code&client_id=default&scope={"user.read": true}&redirect_uri=https://www.iocoder.cn&auto_approve=true
|
||||
response_type=code&client_id=default&scope={"user.read": true}&redirect_uri=https://www.iocoder.cn&auto_approve=false
|
||||
|
||||
### 请求 /system/oauth2/token + code 接口 => 成功
|
||||
POST {{baseUrl}}/system/oauth2/token
|
||||
|
|
|
|||
|
|
@ -11,14 +11,16 @@ import cn.iocoder.yudao.framework.common.util.http.HttpUtils;
|
|||
import cn.iocoder.yudao.framework.common.util.json.JsonUtils;
|
||||
import cn.iocoder.yudao.framework.operatelog.core.annotations.OperateLog;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.OAuth2OpenAccessTokenRespVO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.OAuth2OpenAuthorizeInfoRespVO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.OAuth2OpenCheckTokenRespVO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.user.OAuth2OpenUserInfoRespVO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.user.vo.profile.UserProfileUpdateReqVO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.user.OAuth2OpenUserUpdateReqVO;
|
||||
import cn.iocoder.yudao.module.system.convert.oauth2.OAuth2OpenConvert;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2ClientDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.dept.DeptDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.dept.PostDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2ApproveDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2ClientDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
|
||||
import cn.iocoder.yudao.module.system.enums.auth.OAuth2GrantTypeEnum;
|
||||
import cn.iocoder.yudao.module.system.service.dept.DeptService;
|
||||
|
|
@ -91,7 +93,7 @@ public class OAuth2OpenController {
|
|||
* 注意,默认需要传递 client_id + client_secret 参数
|
||||
*/
|
||||
@PostMapping("/token")
|
||||
@ApiOperation(value = "获得访问令牌", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 authorize.vue 单点登录界面被【获取】调用")
|
||||
@ApiOperation(value = "获得访问令牌", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 sso.vue 单点登录界面被【获取】调用")
|
||||
@ApiImplicitParams({
|
||||
@ApiImplicitParam(name = "grant_type", required = true, value = "授权类型", example = "code", dataTypeClass = String.class),
|
||||
@ApiImplicitParam(name = "code", value = "授权范围", example = "userinfo.read", dataTypeClass = String.class),
|
||||
|
|
@ -173,7 +175,7 @@ public class OAuth2OpenController {
|
|||
@RequestParam("token") String token) {
|
||||
// 校验客户端
|
||||
String[] clientIdAndSecret = obtainBasicAuthorization(request);
|
||||
OAuth2ClientDO client = oauth2ClientService.validOAuthClientFromCache(clientIdAndSecret[0], clientIdAndSecret[1],
|
||||
oauth2ClientService.validOAuthClientFromCache(clientIdAndSecret[0], clientIdAndSecret[1],
|
||||
null, null, null);
|
||||
|
||||
// 校验令牌
|
||||
|
|
@ -182,46 +184,36 @@ public class OAuth2OpenController {
|
|||
return success(OAuth2OpenConvert.INSTANCE.convert2(accessTokenDO));
|
||||
}
|
||||
|
||||
// GET oauth/authorize AuthorizationEndpoint TODO
|
||||
/**
|
||||
* 对应 Spring Security OAuth 的 AuthorizationEndpoint 类的 authorize 方法
|
||||
*/
|
||||
@GetMapping("/authorize")
|
||||
@ApiOperation(value = "获得授权信息", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 authorize.vue 单点登录界面被【获取】调用")
|
||||
@ApiImplicitParams({
|
||||
@ApiImplicitParam(name = "response_type", required = true, value = "响应类型", example = "code", dataTypeClass = String.class),
|
||||
@ApiImplicitParam(name = "client_id", required = true, value = "客户端编号", example = "tudou", dataTypeClass = String.class),
|
||||
@ApiImplicitParam(name = "scope", value = "授权范围", example = "userinfo.read", dataTypeClass = String.class), // 多个使用空格分隔
|
||||
@ApiImplicitParam(name = "redirect_uri", required = true, value = "重定向 URI", example = "https://www.iocoder.cn", dataTypeClass = String.class),
|
||||
@ApiImplicitParam(name = "state", example = "123321", dataTypeClass = String.class)
|
||||
})
|
||||
public CommonResult<Object> authorize(@RequestParam("response_type") String responseType,
|
||||
@RequestParam("client_id") String clientId,
|
||||
@RequestParam(value = "scope", required = false) String scope,
|
||||
@RequestParam("redirect_uri") String redirectUri,
|
||||
@RequestParam(value = "state", required = false) String state) {
|
||||
List<String> scopes = StrUtil.split(scope, ' ');
|
||||
@ApiOperation(value = "获得授权信息", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 sso.vue 单点登录界面被【获取】调用")
|
||||
@ApiImplicitParam(name = "clientId", required = true, value = "客户端编号", example = "tudou", dataTypeClass = String.class)
|
||||
public CommonResult<OAuth2OpenAuthorizeInfoRespVO> authorize(@RequestParam("clientId") String clientId) {
|
||||
// 0. 校验用户已经登录。通过 Spring Security 实现
|
||||
|
||||
// 1.1 校验 responseType 是否满足 code 或者 token 值
|
||||
OAuth2GrantTypeEnum grantTypeEnum = getGrantTypeEnum(responseType);
|
||||
// 1.2 校验 redirectUri 重定向域名是否合法 + 校验 scope 是否在 Client 授权范围内
|
||||
oauth2ClientService.validOAuthClientFromCache(clientId, null,
|
||||
grantTypeEnum.getGrantType(), scopes, redirectUri);
|
||||
|
||||
// 3. 不满足自动授权,则返回授权相关的展示信息
|
||||
return null;
|
||||
// 1. 获得 Client 客户端的信息
|
||||
OAuth2ClientDO client = oauth2ClientService.validOAuthClientFromCache(clientId, null,
|
||||
null, null, null);
|
||||
// 2. 获得用户已经授权的信息
|
||||
List<OAuth2ApproveDO> approves = oauth2ApproveService.getApproveList(getLoginUserId(), getUserType(), clientId);
|
||||
// 拼接返回
|
||||
return success(OAuth2OpenConvert.INSTANCE.convert(client, approves));
|
||||
}
|
||||
|
||||
/**
|
||||
* 对应 Spring Security OAuth 的 AuthorizationEndpoint 类的 approveOrDeny 方法
|
||||
*
|
||||
* 场景一:【自动授权 autoApprove = true】
|
||||
* 刚进入 authorize.vue 界面,调用该接口,用户历史已经给该应用做过对应的授权,或者 OAuth2Client 支持该 scope 的自动授权
|
||||
* 刚进入 sso.vue 界面,调用该接口,用户历史已经给该应用做过对应的授权,或者 OAuth2Client 支持该 scope 的自动授权
|
||||
* 场景二:【手动授权 autoApprove = false】
|
||||
* 在 authorize.vue 界面,用户选择好 scope 授权范围,调用该接口,进行授权。此时,approved 为 true 或者 false
|
||||
* 在 sso.vue 界面,用户选择好 scope 授权范围,调用该接口,进行授权。此时,approved 为 true 或者 false
|
||||
*
|
||||
* 因为前后端分离,Axios 无法很好的处理 302 重定向,所以和 Spring Security OAuth 略有不同,返回结果是重定向的 URL,剩余交给前端处理
|
||||
*/
|
||||
@PostMapping("/authorize")
|
||||
@ApiOperation(value = "申请授权", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 authorize.vue 单点登录界面被【提交】调用")
|
||||
@ApiOperation(value = "申请授权", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 sso.vue 单点登录界面被【提交】调用")
|
||||
@ApiImplicitParams({
|
||||
@ApiImplicitParam(name = "response_type", required = true, value = "响应类型", example = "code", dataTypeClass = String.class),
|
||||
@ApiImplicitParam(name = "client_id", required = true, value = "客户端编号", example = "tudou", dataTypeClass = String.class),
|
||||
|
|
@ -346,7 +338,7 @@ public class OAuth2OpenController {
|
|||
@PutMapping("/user/update")
|
||||
@ApiOperation("更新用户基本信息")
|
||||
@PreAuthorize("@ss.hasScope('user.write')")
|
||||
public CommonResult<Boolean> updateUserInfo(@Valid @RequestBody UserProfileUpdateReqVO reqVO) {
|
||||
public CommonResult<Boolean> updateUserInfo(@Valid @RequestBody OAuth2OpenUserUpdateReqVO reqVO) {
|
||||
// 这里将 UserProfileUpdateReqVO =》UserProfileUpdateReqVO 对象,实现接口的复用。
|
||||
// 主要是,AdminUserService 没有自己的 BO 对象,所以复用只能这么做
|
||||
userService.updateUserProfile(getLoginUserId(), OAuth2OpenConvert.INSTANCE.convert(reqVO));
|
||||
|
|
|
|||
|
|
@ -18,39 +18,39 @@ import java.util.List;
|
|||
@Data
|
||||
public class OAuth2ClientBaseVO {
|
||||
|
||||
@ApiModelProperty(value = "客户端编号", required = true)
|
||||
@ApiModelProperty(value = "客户端编号", required = true, example = "tudou")
|
||||
@NotNull(message = "客户端编号不能为空")
|
||||
private String clientId;
|
||||
|
||||
@ApiModelProperty(value = "客户端密钥", required = true)
|
||||
@ApiModelProperty(value = "客户端密钥", required = true, example = "fan")
|
||||
@NotNull(message = "客户端密钥不能为空")
|
||||
private String secret;
|
||||
|
||||
@ApiModelProperty(value = "应用名", required = true)
|
||||
@ApiModelProperty(value = "应用名", required = true, example = "土豆")
|
||||
@NotNull(message = "应用名不能为空")
|
||||
private String name;
|
||||
|
||||
@ApiModelProperty(value = "应用图标", required = true)
|
||||
@ApiModelProperty(value = "应用图标", required = true, example = "https://www.iocoder.cn/xx.png")
|
||||
@NotNull(message = "应用图标不能为空")
|
||||
@URL(message = "应用图标的地址不正确")
|
||||
private String logo;
|
||||
|
||||
@ApiModelProperty(value = "应用描述")
|
||||
@ApiModelProperty(value = "应用描述", example = "我是一个应用")
|
||||
private String description;
|
||||
|
||||
@ApiModelProperty(value = "状态", required = true)
|
||||
@ApiModelProperty(value = "状态", required = true, example = "1", notes = "参见 CommonStatusEnum 枚举")
|
||||
@NotNull(message = "状态不能为空")
|
||||
private Integer status;
|
||||
|
||||
@ApiModelProperty(value = "访问令牌的有效期", required = true)
|
||||
@ApiModelProperty(value = "访问令牌的有效期", required = true, example = "8640")
|
||||
@NotNull(message = "访问令牌的有效期不能为空")
|
||||
private Integer accessTokenValiditySeconds;
|
||||
|
||||
@ApiModelProperty(value = "刷新令牌的有效期", required = true)
|
||||
@ApiModelProperty(value = "刷新令牌的有效期", required = true, example = "8640000")
|
||||
@NotNull(message = "刷新令牌的有效期不能为空")
|
||||
private Integer refreshTokenValiditySeconds;
|
||||
|
||||
@ApiModelProperty(value = "可重定向的 URI 地址", required = true)
|
||||
@ApiModelProperty(value = "可重定向的 URI 地址", required = true, example = "https://www.iocoder.cn")
|
||||
@NotNull(message = "可重定向的 URI 地址不能为空")
|
||||
private List<@NotEmpty(message = "重定向的 URI 不能为空")
|
||||
@URL(message = "重定向的 URI 格式不正确") String> redirectUris;
|
||||
|
|
|
|||
|
|
@ -10,10 +10,10 @@ import cn.iocoder.yudao.framework.common.pojo.PageParam;
|
|||
@ToString(callSuper = true)
|
||||
public class OAuth2ClientPageReqVO extends PageParam {
|
||||
|
||||
@ApiModelProperty(value = "应用名")
|
||||
@ApiModelProperty(value = "应用名", example = "土豆", notes = "模糊匹配")
|
||||
private String name;
|
||||
|
||||
@ApiModelProperty(value = "状态")
|
||||
@ApiModelProperty(value = "状态", example = "1", notes = "参见 CommonStatusEnum 枚举")
|
||||
private Integer status;
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ import java.util.Date;
|
|||
@ToString(callSuper = true)
|
||||
public class OAuth2ClientRespVO extends OAuth2ClientBaseVO {
|
||||
|
||||
@ApiModelProperty(value = "编号", required = true)
|
||||
@ApiModelProperty(value = "编号", required = true, example = "1024")
|
||||
private Long id;
|
||||
|
||||
@ApiModelProperty(value = "创建时间", required = true)
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ import javax.validation.constraints.NotNull;
|
|||
@ToString(callSuper = true)
|
||||
public class OAuth2ClientUpdateReqVO extends OAuth2ClientBaseVO {
|
||||
|
||||
@ApiModelProperty(value = "编号", required = true)
|
||||
@ApiModelProperty(value = "编号", required = true, example = "1024")
|
||||
@NotNull(message = "编号不能为空")
|
||||
private Long id;
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,39 @@
|
|||
package cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open;
|
||||
|
||||
import cn.iocoder.yudao.framework.common.core.KeyValue;
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
@ApiModel("管理后台 - 授权页的信息 Response VO")
|
||||
@Data
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public class OAuth2OpenAuthorizeInfoRespVO {
|
||||
|
||||
/**
|
||||
* 客户端
|
||||
*/
|
||||
private Client client;
|
||||
|
||||
@ApiModelProperty(value = "scope 的选中信息", required = true, notes = "使用 List 保证有序性,Key 是 scope,Value 为是否选中")
|
||||
private List<KeyValue<String, Boolean>> scopes;
|
||||
|
||||
@Data
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
public static class Client {
|
||||
|
||||
@ApiModelProperty(value = "应用名", required = true, example = "土豆")
|
||||
private String name;
|
||||
|
||||
@ApiModelProperty(value = "应用图标", required = true, example = "https://www.iocoder.cn/xx.png")
|
||||
private String logo;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,20 +1,28 @@
|
|||
package cn.iocoder.yudao.module.system.convert.oauth2;
|
||||
|
||||
import cn.iocoder.yudao.framework.common.core.KeyValue;
|
||||
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
|
||||
import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
|
||||
import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.OAuth2OpenAccessTokenRespVO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.OAuth2OpenAuthorizeInfoRespVO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.OAuth2OpenCheckTokenRespVO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.user.OAuth2OpenUserInfoRespVO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.oauth2.vo.open.user.OAuth2OpenUserUpdateReqVO;
|
||||
import cn.iocoder.yudao.module.system.controller.admin.user.vo.profile.UserProfileUpdateReqVO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.dept.DeptDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.dept.PostDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2ApproveDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.oauth2.OAuth2ClientDO;
|
||||
import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
|
||||
import cn.iocoder.yudao.module.system.util.oauth2.OAuth2Utils;
|
||||
import org.mapstruct.Mapper;
|
||||
import org.mapstruct.factory.Mappers;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@Mapper
|
||||
public interface OAuth2OpenConvert {
|
||||
|
|
@ -44,6 +52,19 @@ public interface OAuth2OpenConvert {
|
|||
OAuth2OpenUserInfoRespVO.Dept convert(DeptDO dept);
|
||||
List<OAuth2OpenUserInfoRespVO.Post> convertList(List<PostDO> list);
|
||||
|
||||
UserProfileUpdateReqVO convert(UserProfileUpdateReqVO bean);
|
||||
UserProfileUpdateReqVO convert(OAuth2OpenUserUpdateReqVO bean);
|
||||
|
||||
default OAuth2OpenAuthorizeInfoRespVO convert(OAuth2ClientDO client, List<OAuth2ApproveDO> approves) {
|
||||
// 构建 scopes
|
||||
List<KeyValue<String, Boolean>> scopes = new ArrayList<>(client.getScopes().size());
|
||||
Map<String, OAuth2ApproveDO> approveMap = CollectionUtils.convertMap(approves, OAuth2ApproveDO::getScope);
|
||||
client.getScopes().forEach(scope -> {
|
||||
OAuth2ApproveDO approve = approveMap.get(scope);
|
||||
scopes.add(new KeyValue<>(scope, approve != null ? approve.getApproved() : false));
|
||||
});
|
||||
// 拼接返回
|
||||
return new OAuth2OpenAuthorizeInfoRespVO(
|
||||
new OAuth2OpenAuthorizeInfoRespVO.Client(client.getName(), client.getLogo()), scopes);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ import java.util.Date;
|
|||
/**
|
||||
* OAuth2 批准 DO
|
||||
*
|
||||
* 用户在 authorize.vue 界面时,记录接受的 scope 列表
|
||||
* 用户在 sso.vue 界面时,记录接受的 scope 列表
|
||||
*
|
||||
* @author 芋道源码
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -181,7 +181,7 @@ public class OAuth2ClientServiceImpl implements OAuth2ClientService {
|
|||
// 校验客户端存在、且开启
|
||||
OAuth2ClientDO client = clientCache.get(clientId);
|
||||
if (client == null) {
|
||||
throw exception(OAUTH2_CLIENT_EXISTS);
|
||||
throw exception(OAUTH2_CLIENT_NOT_EXISTS);
|
||||
}
|
||||
if (ObjectUtil.notEqual(client.getStatus(), CommonStatusEnum.ENABLE.getStatus())) {
|
||||
throw exception(OAUTH2_CLIENT_DISABLE);
|
||||
|
|
|
|||
|
|
@ -111,25 +111,37 @@ export function refreshToken() {
|
|||
}
|
||||
|
||||
// ========== OAUTH 2.0 相关 ==========
|
||||
export function authorize() {
|
||||
|
||||
export function getAuthorize(clientId) {
|
||||
return request({
|
||||
url: '/system/oauth2/authorize?clientId=' + clientId,
|
||||
method: 'get'
|
||||
})
|
||||
}
|
||||
|
||||
export function authorize(responseType, clientId, redirectUri, state,
|
||||
autoApprove, checkedScopes, uncheckedScopes) {
|
||||
// 构建 scopes
|
||||
const scopes = {};
|
||||
for (const scope of checkedScopes) {
|
||||
scopes[scope] = true;
|
||||
}
|
||||
for (const scope of uncheckedScopes) {
|
||||
scopes[scope] = false;
|
||||
}
|
||||
// 发起请求
|
||||
return service({
|
||||
url: '/system/oauth2/authorize',
|
||||
headers:{
|
||||
'Content-type': 'application/x-www-form-urlencoded',
|
||||
"Access-Control-Allow-Origin": "*"
|
||||
},
|
||||
params: {
|
||||
response_type: 'code',
|
||||
client_id: 'test',
|
||||
redirect_uri: 'https://www.iocoder.cn',
|
||||
// scopes: {
|
||||
// read: true,
|
||||
// write: false
|
||||
// }
|
||||
scope: {
|
||||
read: true,
|
||||
write: false
|
||||
}
|
||||
response_type: responseType,
|
||||
client_id: clientId,
|
||||
redirect_uri: redirectUri,
|
||||
state: state,
|
||||
auto_approve: autoApprove,
|
||||
scope: JSON.stringify(scopes)
|
||||
},
|
||||
method: 'post'
|
||||
})
|
||||
|
|
|
|||
|
|
@ -43,8 +43,8 @@ export const constantRoutes = [
|
|||
hidden: true
|
||||
},
|
||||
{
|
||||
path: '/authorize',
|
||||
component: (resolve) => require(['@/views/authorize'], resolve),
|
||||
path: '/sso',
|
||||
component: (resolve) => require(['@/views/sso'], resolve),
|
||||
hidden: true
|
||||
},
|
||||
{
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
<!-- 表单 -->
|
||||
<div class="form-cont">
|
||||
<el-tabs class="form" style=" float:none;">
|
||||
<el-tabs class="form" style=" float:none;" value="uname">
|
||||
<el-tab-pane label="三方授权" name="uname">
|
||||
</el-tab-pane>
|
||||
</el-tabs>
|
||||
|
|
@ -53,7 +53,7 @@
|
|||
<span v-if="!loading">同意授权</span>
|
||||
<span v-else>登 录 中...</span>
|
||||
</el-button>
|
||||
<el-button size="medium" style="width:37%">拒绝</el-button>
|
||||
<el-button size="medium" style="width:36%">拒绝</el-button>
|
||||
</el-form-item>
|
||||
</el-form>
|
||||
</div>
|
||||
|
|
@ -69,10 +69,9 @@
|
|||
|
||||
<script>
|
||||
import {getTenantIdByName} from "@/api/system/tenant";
|
||||
import Cookies from "js-cookie";
|
||||
import {SystemUserSocialTypeEnum} from "@/utils/constants";
|
||||
import {getTenantEnable} from "@/utils/ruoyi";
|
||||
import {authorize} from "@/api/login";
|
||||
import {authorize, getAuthorize} from "@/api/login";
|
||||
import {getTenantName, setTenantId} from "@/utils/auth";
|
||||
|
||||
export default {
|
||||
name: "Login",
|
||||
|
|
@ -82,6 +81,18 @@ export default {
|
|||
loginForm: {
|
||||
tenantName: "芋道源码",
|
||||
},
|
||||
params: { // URL 上的 client_id、scope 等参数
|
||||
responseType: undefined,
|
||||
clientId: undefined,
|
||||
redirectUri: undefined,
|
||||
state: undefined,
|
||||
scopes: [], // 优先从 query 参数获取;如果未传递,从后端获取
|
||||
},
|
||||
client: { // 客户端信息
|
||||
name: '',
|
||||
logo: '',
|
||||
},
|
||||
checkedScopes: [], // 已选中的 scope 数组
|
||||
LoginRules: {
|
||||
tenantName: [
|
||||
{required: true, trigger: "blur", message: "租户不能为空"},
|
||||
|
|
@ -92,7 +103,7 @@ export default {
|
|||
const tenantId = res.data;
|
||||
if (tenantId && tenantId >= 0) {
|
||||
// 设置租户
|
||||
Cookies.set("tenantId", tenantId);
|
||||
setTenantId(tenantId)
|
||||
callback();
|
||||
} else {
|
||||
callback('租户不存在');
|
||||
|
|
@ -104,44 +115,84 @@ export default {
|
|||
]
|
||||
},
|
||||
loading: false,
|
||||
redirect: undefined,
|
||||
// 枚举
|
||||
SysUserSocialTypeEnum: SystemUserSocialTypeEnum,
|
||||
//
|
||||
};
|
||||
},
|
||||
created() {
|
||||
// 租户开关
|
||||
this.tenantEnable = getTenantEnable();
|
||||
// 重定向地址
|
||||
this.redirect = this.$route.query.redirect;
|
||||
this.getCookie();
|
||||
|
||||
// 解析参数
|
||||
// 例如说【自动授权不通过】:client_id=default&redirect_uri=https%3A%2F%2Fwww.iocoder.cn&response_type=code&scope=user.read%20user.write
|
||||
// 例如说【自动授权通过】:client_id=default&redirect_uri=https%3A%2F%2Fwww.iocoder.cn&response_type=code&scope=user.read
|
||||
this.params.responseType = this.$route.query.response_type
|
||||
this.params.clientId = this.$route.query.client_id
|
||||
this.params.redirectUri = this.$route.query.redirect_uri
|
||||
this.params.state = this.$route.query.state
|
||||
if (this.$route.query.scope) {
|
||||
this.params.scopes = this.$route.query.scope.split(' ')
|
||||
}
|
||||
|
||||
// 如果有 scope 参数,先执行一次自动授权,看看是否之前都授权过了。
|
||||
if (this.params.scopes.length > 0) {
|
||||
this.doAuthorize(true, this.params.scopes, []).then(res => {
|
||||
const href = res.data
|
||||
if (!href) {
|
||||
console.log('自动授权未通过!')
|
||||
return;
|
||||
}
|
||||
location.href = href
|
||||
})
|
||||
}
|
||||
|
||||
// 获取授权页的基本信息
|
||||
getAuthorize(this.params.clientId).then(res => {
|
||||
this.client = res.data.client
|
||||
// 解析 scope
|
||||
let scopes
|
||||
// 1.1 如果 params.scope 非空,则过滤下返回的 scopes
|
||||
if (this.params.scopes.length > 0) {
|
||||
scopes = []
|
||||
for (const scope of res.data.scopes) {
|
||||
if (this.params.scopes.indexOf(scope.key) >= 0) {
|
||||
scopes.push(scope)
|
||||
}
|
||||
}
|
||||
// 1.2 如果 params.scope 为空,则使用返回的 scopes 设置它
|
||||
} else {
|
||||
scopes = res.data.scopes
|
||||
for (const scope of scopes) {
|
||||
this.params.scopes.push(scope.key)
|
||||
}
|
||||
}
|
||||
// 生成已选中的 checkedScopes
|
||||
for (const scope of scopes) {
|
||||
if (scope.value) {
|
||||
this.checkedScopes.push(scope.key)
|
||||
}
|
||||
}
|
||||
})
|
||||
},
|
||||
methods: {
|
||||
getCookie() {
|
||||
const tenantName = Cookies.get('tenantName');
|
||||
const tenantName = getTenantName();
|
||||
this.loginForm = {
|
||||
tenantName: tenantName === undefined ? this.loginForm.tenantName : tenantName
|
||||
tenantName: tenantName ? tenantName : this.loginForm.tenantName,
|
||||
};
|
||||
},
|
||||
handleLogin() {
|
||||
if (true) {
|
||||
authorize()
|
||||
return;
|
||||
}
|
||||
this.$refs.loginForm.validate(valid => {
|
||||
if (valid) {
|
||||
this.loading = true;
|
||||
// 发起登陆
|
||||
console.log("发起登录", this.loginForm);
|
||||
this.$store.dispatch(this.loginForm.loginType === "sms" ? "SmsLogin" : "Login", this.loginForm).then(() => {
|
||||
this.$router.push({path: this.redirect || "/"}).catch(() => {
|
||||
});
|
||||
}).catch(() => {
|
||||
this.loading = false;
|
||||
this.getCode();
|
||||
});
|
||||
if (!valid) {
|
||||
return
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
})
|
||||
},
|
||||
doAuthorize(autoApprove, checkedScopes, uncheckedScopes) {
|
||||
return authorize(this.params.responseType, this.params.clientId, this.params.redirectUri, this.params.state,
|
||||
autoApprove, checkedScopes, uncheckedScopes)
|
||||
}
|
||||
}
|
||||
};
|
||||
Loading…
Reference in New Issue