packages/authHub
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

同步24.09分支至openEuler-24.03-LTS-SP1

Browse Source
This commit is contained in:
gongzt 2024-11-18 10:54:48 +08:00
parent 2adf2657cf
commit b79a13050b
4 changed files with 205 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
0002-fix-the-router-redirect-error.patch Normal file
View File

@ -0,0 +1,49 @@
From 75cf241f76913a8e1a7e81962225aa73b2314008 Mon Sep 17 00:00:00 2001
From: hugang <18768366022@163.com>
Date: Sat, 14 Sep 2024 11:11:02 +0800
Subject: [PATCH] fix the router redirect error
---
oauth2_web/deploy/authhub.nginx.conf | 4 ++--
oauth2_web/src/api/request.ts | 3 ++-
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/oauth2_web/deploy/authhub.nginx.conf b/oauth2_web/deploy/authhub.nginx.conf
index f9720c3..a38eb1f 100644
--- a/oauth2_web/deploy/authhub.nginx.conf
+++ b/oauth2_web/deploy/authhub.nginx.conf
@@ -14,8 +14,8 @@ server {
root /opt/authhub/web/dist;
expires 30d;
}
- location /authhub {
- alias /opt/authhub/web/dist
+ location / {
+ root /opt/authhub/web/dist;
try_files $uri $uri/ /index.html;
if (!-e $request_filename){
rewrite ^(.*)$ /index.html last;
diff --git a/oauth2_web/src/api/request.ts b/oauth2_web/src/api/request.ts
index 526323f..e50e308 100644
--- a/oauth2_web/src/api/request.ts
+++ b/oauth2_web/src/api/request.ts
@@ -15,6 +15,7 @@ import type {
} from 'axios'
import axios from 'axios'
import { ElMessage, ElNotification } from 'element-plus'
+import router from '@/conf/router'
export interface Result<T = any> {
@@ -62,7 +63,7 @@ request.interceptors.response.use(
message: response.data.message,
})
setTimeout(() => {
- window.location.href = '/oauth/authorize/login'
+ router.replace('/oauth/authorize/login')
}, 1000)
break
default:
--
2.43.0.windows.1

102
0003-fix-logout-register-error.patch Normal file
View File

@ -0,0 +1,102 @@
From 565b442fa56c93a706d5b2f5224763854b8f42cc Mon Sep 17 00:00:00 2001
From: rearcher <123781007@qq.com>
Date: Fri, 20 Sep 2024 15:11:28 +0800
Subject: [PATCH] fix logout error, fix register error
---
oauth2_provider/app/core/account.py | 43 ++++++++++-------------------
1 file changed, 15 insertions(+), 28 deletions(-)
diff --git a/oauth2_provider/app/core/account.py b/oauth2_provider/app/core/account.py
index 3259704..16038fd 100644
--- a/oauth2_provider/app/core/account.py
+++ b/oauth2_provider/app/core/account.py
@@ -67,8 +67,8 @@ class UserProxy:
if not self._check_user_not_exist(username):
LOGGER.error(f"add user failed, username exists: {username}")
return DATA_EXIST
- self._add_user(username, password, email)
- callback_res = self._register_callback(username)
+ user_info = self._add_user(username, password, email)
+ callback_res = self._register_callback(user_info)
if callback_res != SUCCEED:
return callback_res
db.session.commit()
@@ -80,42 +80,25 @@ class UserProxy:
return DATABASE_INSERT_ERROR
return SUCCEED
- def _register_callback(self, username: str) -> str:
+ def _register_callback(self, user) -> str:
res = SUCCEED
for client in db.session.query(OAuth2Client).distinct(OAuth2Client.client_id).all():
- user_info = self._get_user_info(username, client.client_id)
+ scope = client.client_metadata["scope"].split()
+ user_info = dict()
+ if "username" in scope:
+ user_info["username"] = user.username
+ if "email" in scope:
+ user_info["email"] = user.email
for register_callback_uri in client.register_callback_uris:
response_data = BaseResponse.get_response(
method="Post", url=register_callback_uri, data=user_info, header=self.HEADERS
)
response_status = response_data.get("label")
if response_status != SUCCEED:
- LOGGER.error(f"register redirect failed: {client.client_id}, {username}")
+ LOGGER.error(f"register redirect failed: {client.client_id}, {user.username}")
res = PARTIAL_SUCCEED
return res
- def _get_user_info(self, username: str, client_id: str) -> dict:
- """
- Get user info.
-
- Args:
- username(str): username,
- client_id(str): client id
-
- Returns:
- dict: user info
- """
- client_scopes = db.session.query(OAuth2ClientScopes).filter_by(username=username, client_id=client_id).one()
- user = db.session.query(User).filter_by(username=username).one()
- user_info = dict()
- # user scope, e.g. ["email","username","openid","offline_access"]
- scopes = client_scopes.scopes.split()
- if "username" in scopes:
- user_info["username"] = user.username
- if "email" in scopes:
- user_info["email"] = user.email
- return user_info
-
def _check_user_not_exist(self, username: str) -> bool:
query_res = db.session.query(User).filter_by(username=username).count()
if query_res != 0:
@@ -133,10 +116,14 @@ class UserProxy:
"password": "xxx",
"email": "xxx@xxx.com"
}
+
+ Returns:
+ user: user
"""
password_hash = User.hash_password(password)
user = User(username=username, password=password_hash, email=email)
db.session.add(user)
+ return user
def manager_login(self, data) -> Tuple[str, str]:
"""
@@ -283,7 +270,7 @@ class UserProxy:
encrypted_data = encrypted_data.encode('utf-8')
encoded_data = base64.b64encode(encrypted_data)
encrypted_string = encoded_data.decode('utf-8')
- logout_callback_uris = login_record.logout_url.split(",")
+ logout_callback_uris = list(filter(None, login_record.logout_url.split(',')))
for logout_callback_uri in logout_callback_uris:
response_data = BaseResponse.get_response(
method="Post",
--
Gitee

38
0004-supplementary-verify-token.patch Normal file
View File

@ -0,0 +1,38 @@
From 9b6c793d4a9e6fb7acc55d2da645560cc5ae9ead Mon Sep 17 00:00:00 2001
From: rearcher <123781007@qq.com>
Date: Tue, 24 Sep 2024 17:23:18 +0800
Subject: [PATCH] =?UTF-8?q?=E8=A1=A5=E5=85=85=E6=A0=A1=E9=AA=8Ctoken?=
=?UTF-8?q?=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
oauth2_provider/app/views/oauth2.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/oauth2_provider/app/views/oauth2.py b/oauth2_provider/app/views/oauth2.py
index 8e7bb98..f9e2812 100644
--- a/oauth2_provider/app/views/oauth2.py
+++ b/oauth2_provider/app/views/oauth2.py
@@ -31,6 +31,7 @@ from vulcanus.restful.resp import state
from vulcanus.restful.response import BaseResponse
from werkzeug.utils import cached_property, import_string
+from oauth2_provider.app import cache
from oauth2_provider.app.constant import secret
from oauth2_provider.app.core.token import jwt_token
from oauth2_provider.app.serialize.oauth2 import OauthTokenIntrospectSchema, OauthTokenSchema, RefreshTokenSchema
@@ -100,6 +101,9 @@ class OauthorizeView(BaseResponse, OAuth2):
try:
token_info = jwt_token.decode(token=token, secret=secret)
g.username = token_info["sub"]
+ cache_token = cache.get(token_info["sub"] + "-token")
+ if token != cache_token:
+ raise ValueError
return True
except ExpiredSignatureError as error:
LOGGER.error("Signature has expired: %s" % token)
--
Gitee

18
authHub.spec
View File

@ -1,15 +1,18 @@
Name: authHub
Version: v1.0.0
Release: 2
Release: 5
Summary: Authentication authority based on oauth2
License: MulanPSL2
URL: https://gitee.com/openeuler/%{name}
Source0: %{name}-%{version}.tar.gz
Source1: node_modules.tar.gz
Patch0001: 0001-change-authhub-web-service-file-directory.patch
Patch0002: 0002-fix-the-router-redirect-error.patch
Patch0003: 0003-fix-logout-register-error.patch
Patch0004: 0004-supplementary-verify-token.patch
BuildRequires: python3-setuptools
Requires: aops-vulcanus >= v2.1.0 python3-Authlib aops-zeus >= v2.1.0
Requires: aops-vulcanus >= v2.1.0 python3-Authlib aops-zeus >= v2.1.0 python3-Flask-SQLAlchemy
Provides: authhub
%description
@ -63,6 +66,17 @@ popd
%attr(0755,root,root) %{_sysconfdir}/nginx/conf.d/*
%changelog
* Tue Sep 24 2024 luxuexian<luxuexian@huawei.com> - v1.0.0-5
- Supplementary verify token
* Fri Sep 20 2024 luxuexian<luxuexian@huawei.com> - v1.0.0-4
- Fix logout error
- Fix register error
* Thu Sep 19 2024 luxuexian<luxuexian@huawei.com> - v1.0.0-3
- Fix the router redirect error
- Add python3-FLask-SQLAlchemy requires
* Mon Sep 9 2024 luxuexian<luxuexian@huawei.com> - v1.0.0-2
- change authhub-web.service file directory