🔖 发布 1.15.3-alpha 解决推特登录异常的BUG

c6bd5d9e · 智布道 · d0ae0f2c · c6bd5d9e · c6bd5d9e · c6bd5d9e
10 changed file
--- a/README.en-US.md
+++ b/README.en-US.md
@@ -6,7 +6,7 @@
 </p>
 <p align="center">
 	<a target="_blank" href="https://search.maven.org/search?q=JustAuth">
-		<img src="https://img.shields.io/badge/Maven%20Central--1.15.2-alpha-blue" ></img>
+		<img src="https://img.shields.io/badge/Maven%20Central--1.15.3-alpha-blue" ></img>
 	</a>
 	<a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE">
 		<img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img>
@@ -15,7 +15,7 @@
 		<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
 	</a>
 	<a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档">
-		<img src="https://img.shields.io/badge/Api%20Docs--1.15.2-alpha-latest-orange" ></img>
+		<img src="https://img.shields.io/badge/Api%20Docs--1.15.3-alpha-latest-orange" ></img>
 	</a>
 	<a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档">
 		<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>
@@ -97,7 +97,7 @@ These artifacts are available from Maven Central:
 <dependency>
    <groupId>me.zhyd.oauth</groupId>
    <artifactId>JustAuth</artifactId>
-    <version>1.15.2-alpha</version>
+    <version>1.15.3-alpha</version>
 </dependency>
 ```
 - Using JustAuth

--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@
 </p>
 <p align="center">
 	<a target="_blank" href="https://search.maven.org/search?q=JustAuth">
-		<img src="https://img.shields.io/badge/Maven%20Central--1.15.2-alpha-blue" ></img>
+		<img src="https://img.shields.io/badge/Maven%20Central--1.15.3-alpha-blue" ></img>
 	</a>
 	<a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE">
 		<img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img>
@@ -15,7 +15,7 @@
 		<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
 	</a>
 	<a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档">
-		<img src="https://img.shields.io/badge/Api%20Docs--1.15.2-alpha-latest-orange" ></img>
+		<img src="https://img.shields.io/badge/Api%20Docs--1.15.3-alpha-latest-orange" ></img>
 	</a>
 	<a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档">
 		<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>
@@ -96,7 +96,7 @@ JustAuth，如你所见，它仅仅是一个**第三方授权登录**的**工具
 <dependency>
    <groupId>me.zhyd.oauth</groupId>
    <artifactId>JustAuth</artifactId>
-    <version>1.15.2-alpha</version>
+    <version>1.15.3-alpha</version>
 </dependency>
 ```
 - 调用api

--- a/bin/version.txt
+++ b/bin/version.txt
-1.15.2-alpha
+1.15.3-alpha
--- a/docs/README.md
+++ b/docs/README.md
@@ -9,7 +9,7 @@
 </p>
 <p align="center">
 	<a target="_blank" href="https://search.maven.org/search?q=JustAuth">
-		<img src="https://img.shields.io/badge/Maven%20Central--1.15.2-alpha-blue" ></img>
+		<img src="https://img.shields.io/badge/Maven%20Central--1.15.3-alpha-blue" ></img>
 	</a>
 	<a target="_blank" href="https://gitee.com/yadong.zhang/JustAuth/blob/master/LICENSE">
 		<img src="https://img.shields.io/apm/l/vim-mode.svg?color=yellow" ></img>
@@ -18,7 +18,7 @@
 		<img src="https://img.shields.io/badge/JDK-1.8+-green.svg" ></img>
 	</a>
 	<a target="_blank" href="https://apidoc.gitee.com/yadong.zhang/JustAuth/" title="API文档">
-		<img src="https://img.shields.io/badge/Api%20Docs--1.15.2-alpha-latest-orange" ></img>
+		<img src="https://img.shields.io/badge/Api%20Docs--1.15.3-alpha-latest-orange" ></img>
 	</a>
 	<a target="_blank" href="https://docs.justauth.whnb.wang" title="参考文档">
 		<img src="https://img.shields.io/badge/Docs-latest-blueviolet.svg" ></img>

--- a/docs/_coverpage.md
+++ b/docs/_coverpage.md

 ![](_media/justauth@0,25x.png)
-# JustAuth <small>1.15.2-alpha</small>
+# JustAuth <small>1.15.3-alpha</small>

 <strong>史上最全的整合第三方登录的开源库</strong>


--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@

  <groupId>me.zhyd.oauth</groupId>
  <artifactId>JustAuth</artifactId>
-  <version>1.15.2-alpha</version>
+  <version>1.15.3-alpha</version>

  <name>JustAuth</name>
  <url>https://gitee.com/yadong.zhang/JustAuth</url>

--- a/src/main/java/me/zhyd/oauth/model/AuthCallback.java
+++ b/src/main/java/me/zhyd/oauth/model/AuthCallback.java
@@ -48,12 +48,13 @@ public class AuthCallback implements Serializable {
     *
     * @since 1.13.0
     */
-    private String oauthToken;
+    private String oauth_token;

    /**
     * Twitter回调后返回的oauth_verifier
     *
     * @since 1.13.0
     */
-    private String oauthVerifier;
+    private String oauth_verifier;
+
 }
--- a/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthTwitterRequest.java
@@ -38,6 +38,21 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
        super(config, TWITTER, authStateCache);
    }

+    /**
+     * 返回带{@code state}参数的授权url，授权回调时会带上这个{@code state}
+     *
+     * @param state state 验证授权流程的参数，可以防止csrf
+     * @return 返回授权地址
+     * @since 1.9.3
+     */
+    @Override
+    public String authorize(String state) {
+        AuthToken token  = this.getRequestToken();
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("oauth_token", token.getOauthToken())
+            .build();
+    }
+
    /**
     * Obtaining a request token
     * https://developer.twitter.com/en/docs/twitter-for-websites/log-in-with-twitter/guides/implementing-sign-in-with-twitter
@@ -54,6 +69,9 @@ public class AuthTwitterRequest extends AuthDefaultRequest {

        HttpHeader httpHeader = new HttpHeader();
        httpHeader.add("Authorization", header);
+        httpHeader.add("User-Agent", "themattharris' HTTP Client");
+        httpHeader.add("Host", "api.twitter.com");
+        httpHeader.add("Accept", "*/*");
        String requestToken = HttpUtil.post(baseUrl, null, httpHeader);

        Map<String, String> res = MapUtil.parseStringToMap(requestToken, false);
@@ -74,10 +92,10 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
    @Override
    protected AuthToken getAccessToken(AuthCallback authCallback) {
        Map<String, String> oauthParams = buildOauthParams();
-        oauthParams.put("oauth_token", authCallback.getOauthToken());
-        oauthParams.put("oauth_verifier", authCallback.getOauthVerifier());
+        oauthParams.put("oauth_token", authCallback.getOauth_token());
+        oauthParams.put("oauth_verifier", authCallback.getOauth_verifier());
        oauthParams.put("oauth_signature", generateTwitterSignature(oauthParams, "POST", source.accessToken(), config.getClientSecret(), authCallback
-            .getOauthToken()));
+            .getOauth_token()));
        String header = buildHeader(oauthParams);

        HttpHeader httpHeader = new HttpHeader();
@@ -85,7 +103,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
        httpHeader.add(Constants.CONTENT_TYPE, "application/x-www-form-urlencoded");

        Map<String, String> form = new HashMap<>(1);
-        form.put("oauth_verifier", authCallback.getOauthVerifier());
+        form.put("oauth_verifier", authCallback.getOauth_verifier());
        String response = HttpUtil.post(source.accessToken(), form, httpHeader, false);

        Map<String, String> requestToken = MapUtil.parseStringToMap(response, false);
@@ -127,6 +145,7 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
            .avatar(userInfo.getString("profile_image_url_https"))
            .blog(userInfo.getString("url"))
            .location(userInfo.getString("location"))
+            .avatar(userInfo.getString("profile_image_url"))
            .source(source.toString())
            .token(authToken)
            .build();
@@ -152,15 +171,12 @@ public class AuthTwitterRequest extends AuthDefaultRequest {
    }

    private String buildHeader(Map<String, String> oauthParams) {
-        final StringBuilder sb = new StringBuilder(PREAMBLE);
+        final StringBuilder sb = new StringBuilder(PREAMBLE + " ");

        for (Map.Entry<String, String> param : oauthParams.entrySet()) {
-            if (sb.length() > PREAMBLE.length()) {
-                sb.append(", ");
-            }
-            sb.append(param.getKey()).append("=\"").append(urlEncode(param.getValue())).append('"');
+            sb.append(param.getKey()).append("=\"").append(urlEncode(param.getValue())).append('"').append(", ");
        }

-        return sb.toString();
+        return sb.deleteCharAt(sb.length() - 2).toString();
    }
 }
--- a/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
+++ b/src/main/java/me/zhyd/oauth/utils/AuthChecker.java
@@ -72,6 +72,10 @@ public class AuthChecker {
     * @since 1.8.0
     */
    public static void checkCode(AuthSource source, AuthCallback callback) {
+        // 推特平台不支持回调 code 和 state
+        if (source == AuthDefaultSource.TWITTER) {
+            return;
+        }
        String code = callback.getCode();
        if (source == AuthDefaultSource.ALIPAY) {
            code = callback.getAuth_code();
@@ -95,6 +99,10 @@ public class AuthChecker {
     * @param authStateCache {@code authStateCache} state缓存实现
     */
    public static void checkState(String state, AuthSource source, AuthStateCache authStateCache) {
+        // 推特平台不支持回调 code 和 state
+        if (source == AuthDefaultSource.TWITTER) {
+            return;
+        }
        if (StringUtils.isEmpty(state) || !authStateCache.containsKey(state)) {
            throw new AuthException(AuthResponseStatus.ILLEGAL_STATUS, source);
        }

--- a/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilsTest.java
+++ b/src/test/java/me/zhyd/oauth/utils/GlobalAuthUtilsTest.java
@@ -92,20 +92,20 @@ public class GlobalAuthUtilsTest {
            .clientSecret("0YX3RH2DnPiT77pgzLzFdfpMKX8ENLIWQKYQ7lG5TERuZNgXN5")
            .build();
        AuthCallback authCallback = AuthCallback.builder()
-            .oauthToken("W_KLmAAAAAAAxq5LAAABbXxJeD0")
-            .oauthVerifier("lYou4gxfA6S5KioUa8VF8HCShzA2nSxp")
+            .oauth_token("W_KLmAAAAAAAxq5LAAABbXxJeD0")
+            .oauth_verifier("lYou4gxfA6S5KioUa8VF8HCShzA2nSxp")
            .build();
        Map<String, String> params = new HashMap<>();
        params.put("oauth_consumer_key", config.getClientId());
        params.put("oauth_nonce", "sTj7Ivg73u052eXstpoS1AWQCynuDEPN");
        params.put("oauth_signature_method", "HMAC-SHA1");
        params.put("oauth_timestamp", "1569751082");
-        params.put("oauth_token", authCallback.getOauthToken());
-        params.put("oauth_verifier", authCallback.getOauthVerifier());
+        params.put("oauth_token", authCallback.getOauth_token());
+        params.put("oauth_verifier", authCallback.getOauth_verifier());
        params.put("oauth_version", "1.0");

        params.put("oauth_signature", GlobalAuthUtils.generateTwitterSignature(params, "POST", TWITTER.accessToken(), config.getClientSecret(), authCallback
-            .getOauthToken()));
+            .getOauth_token()));

        params.forEach((k, v) -> params.put(k, "\"" + GlobalAuthUtils.urlEncode(v) + "\""));
        String actual = "OAuth " + GlobalAuthUtils.parseMapToString(params, false).replaceAll("&", ", ");