Permalink
Browse files

fix #107 csrf

  • Loading branch information...
zhou-hao committed Dec 29, 2018
1 parent b72a227 commit 40929e9b0d336a26281a5ed2e0e721d54dd8d2f2
@@ -57,6 +57,8 @@

USER_NOT_EXIST(4041),//客户端不存在

STATE_ERROR(4042), //stat错误

ACCESS_DENIED(503), //访问被拒绝

OTHER(5001), //其他错误 ;
@@ -20,12 +20,14 @@

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.hswebframework.web.BusinessException;
import org.hswebframework.web.WebUtil;
import org.hswebframework.web.authorization.oauth2.client.OAuth2RequestService;
import org.hswebframework.web.authorization.oauth2.client.listener.OAuth2CodeAuthBeforeEvent;
import org.hswebframework.web.controller.message.ResponseMessage;
import org.hswebframework.web.entity.oauth2.client.OAuth2ServerConfigEntity;
import org.hswebframework.web.id.IDGenerator;
import org.hswebframework.web.oauth2.core.ErrorType;
import org.hswebframework.web.oauth2.core.OAuth2Constants;
import org.hswebframework.web.service.oauth2.client.OAuth2ServerConfigService;
import org.springframework.beans.factory.annotation.Autowired;
@@ -104,7 +106,9 @@ public RedirectView callback(@RequestParam(defaultValue = "/") String redirect,
HttpSession session) throws UnsupportedEncodingException {
try {
String cachedState = (String) session.getAttribute(STATE_SESSION_KEY);
// if (!state.equals(cachedState)) throw new BusinessException("state error");
if (!state.equals(cachedState)) {
throw new BusinessException(ErrorType.STATE_ERROR.name());
}
oAuth2RequestService.doEvent(serverId, new OAuth2CodeAuthBeforeEvent(code, state, request::getParameter));
return new RedirectView(URLDecoder.decode(redirect, "UTF-8"));
} finally {

0 comments on commit 40929e9

Please sign in to comment.