同步24.09分支至openEuler-24.03-LTS-SP1

2024-11-18 10:54:48 +08:00 · 2024-11-18 10:54:48 +08:00 · b79a13050b
commit b79a13050b
parent 2adf2657cf
4 changed files with 205 additions and 2 deletions
--- a/0002-fix-the-router-redirect-error.patch
+++ b/0002-fix-the-router-redirect-error.patch
@ -0,0 +1,49 @@
 From 75cf241f76913a8e1a7e81962225aa73b2314008 Mon Sep 17 00:00:00 2001
 From: hugang <18768366022@163.com>
 Date: Sat, 14 Sep 2024 11:11:02 +0800
 Subject: [PATCH] fix the router redirect error
 ---
 oauth2_web/deploy/authhub.nginx.conf | 4 ++--
 oauth2_web/src/api/request.ts        | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)
 diff --git a/oauth2_web/deploy/authhub.nginx.conf b/oauth2_web/deploy/authhub.nginx.conf
 index f9720c3..a38eb1f 100644
 --- a/oauth2_web/deploy/authhub.nginx.conf
 +++ b/oauth2_web/deploy/authhub.nginx.conf
@@ -14,8 +14,8 @@ server {
         root /opt/authhub/web/dist;
         expires 30d;
     }
 -    location /authhub {
 -      alias /opt/authhub/web/dist
 +    location / {
 +      root /opt/authhub/web/dist;
       try_files $uri $uri/ /index.html;
       if (!-e $request_filename){
           rewrite ^(.*)$ /index.html last;
 diff --git a/oauth2_web/src/api/request.ts b/oauth2_web/src/api/request.ts
 index 526323f..e50e308 100644
 --- a/oauth2_web/src/api/request.ts
 +++ b/oauth2_web/src/api/request.ts
@@ -15,6 +15,7 @@ import type {
 } from 'axios'
 import axios from 'axios'
 import { ElMessage, ElNotification } from 'element-plus'
 +import router from '@/conf/router'
 export interface Result<T = any> {
@@ -62,7 +63,7 @@ request.interceptors.response.use(
             message: response.data.message,
           })
           setTimeout(() => {
 -            window.location.href = '/oauth/authorize/login'
 +            router.replace('/oauth/authorize/login')
           }, 1000)
           break
         default:
 -- 
 2.43.0.windows.1
--- a/0003-fix-logout-register-error.patch
+++ b/0003-fix-logout-register-error.patch
@ -0,0 +1,102 @@
 From 565b442fa56c93a706d5b2f5224763854b8f42cc Mon Sep 17 00:00:00 2001
 From: rearcher <123781007@qq.com>
 Date: Fri, 20 Sep 2024 15:11:28 +0800
 Subject: [PATCH] fix logout error, fix register error
 ---
 oauth2_provider/app/core/account.py | 43 ++++++++++-------------------
 1 file changed, 15 insertions(+), 28 deletions(-)
 diff --git a/oauth2_provider/app/core/account.py b/oauth2_provider/app/core/account.py
 index 3259704..16038fd 100644
 --- a/oauth2_provider/app/core/account.py
 +++ b/oauth2_provider/app/core/account.py
@@ -67,8 +67,8 @@ class UserProxy:
             if not self._check_user_not_exist(username):
                 LOGGER.error(f"add user failed, username exists: {username}")
                 return DATA_EXIST
 -            self._add_user(username, password, email)
 -            callback_res = self._register_callback(username)
 +            user_info = self._add_user(username, password, email)
 +            callback_res = self._register_callback(user_info)
             if callback_res != SUCCEED:
                 return callback_res
             db.session.commit()
@@ -80,42 +80,25 @@ class UserProxy:
             return DATABASE_INSERT_ERROR
         return SUCCEED
 -    def _register_callback(self, username: str) -> str:
 +    def _register_callback(self, user) -> str:
         res = SUCCEED
         for client in db.session.query(OAuth2Client).distinct(OAuth2Client.client_id).all():
 -            user_info = self._get_user_info(username, client.client_id)
 +            scope = client.client_metadata["scope"].split()
 +            user_info = dict()
 +            if "username" in scope:
 +                user_info["username"] = user.username
 +            if "email" in scope:
 +                user_info["email"] = user.email
             for register_callback_uri in client.register_callback_uris:
                 response_data = BaseResponse.get_response(
                     method="Post", url=register_callback_uri, data=user_info, header=self.HEADERS
                 )
                 response_status = response_data.get("label")
                 if response_status != SUCCEED:
 -                    LOGGER.error(f"register redirect failed: {client.client_id}, {username}")
 +                    LOGGER.error(f"register redirect failed: {client.client_id}, {user.username}")
                     res = PARTIAL_SUCCEED
         return res
 -    def _get_user_info(self, username: str, client_id: str) -> dict:
 -        """
 -        Get user info.
 -
 -        Args:
 -            username(str): username,
 -            client_id(str): client id
 -
 -        Returns:
 -            dict: user info
 -        """
 -        client_scopes = db.session.query(OAuth2ClientScopes).filter_by(username=username, client_id=client_id).one()
 -        user = db.session.query(User).filter_by(username=username).one()
 -        user_info = dict()
 -        # user scope, e.g. ["email","username","openid","offline_access"]
 -        scopes = client_scopes.scopes.split()
 -        if "username" in scopes:
 -            user_info["username"] = user.username
 -        if "email" in scopes:
 -            user_info["email"] = user.email
 -        return user_info
 -
     def _check_user_not_exist(self, username: str) -> bool:
         query_res = db.session.query(User).filter_by(username=username).count()
         if query_res != 0:
@@ -133,10 +116,14 @@ class UserProxy:
                     "password": "xxx",
                     "email": "xxx@xxx.com"
                 }
 +
 +        Returns:
 +            user: user
         """
         password_hash = User.hash_password(password)
         user = User(username=username, password=password_hash, email=email)
         db.session.add(user)
 +        return user
     def manager_login(self, data) -> Tuple[str, str]:
         """
@@ -283,7 +270,7 @@ class UserProxy:
             encrypted_data = encrypted_data.encode('utf-8')
             encoded_data = base64.b64encode(encrypted_data)
             encrypted_string = encoded_data.decode('utf-8')
 -            logout_callback_uris = login_record.logout_url.split(",")
 +            logout_callback_uris = list(filter(None, login_record.logout_url.split(',')))
             for logout_callback_uri in logout_callback_uris:
                 response_data = BaseResponse.get_response(
                     method="Post",
 -- 
 Gitee
--- a/0004-supplementary-verify-token.patch
+++ b/0004-supplementary-verify-token.patch
@ -0,0 +1,38 @@
 From 9b6c793d4a9e6fb7acc55d2da645560cc5ae9ead Mon Sep 17 00:00:00 2001
 From: rearcher <123781007@qq.com>
 Date: Tue, 24 Sep 2024 17:23:18 +0800
 Subject: [PATCH] =?UTF-8?q?=E8=A1=A5=E5=85=85=E6=A0=A1=E9=AA=8Ctoken?=
 =?UTF-8?q?=E9=80=BB=E8=BE=91?=
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 ---
 oauth2_provider/app/views/oauth2.py | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/oauth2_provider/app/views/oauth2.py b/oauth2_provider/app/views/oauth2.py
 index 8e7bb98..f9e2812 100644
 --- a/oauth2_provider/app/views/oauth2.py
 +++ b/oauth2_provider/app/views/oauth2.py
@@ -31,6 +31,7 @@ from vulcanus.restful.resp import state
 from vulcanus.restful.response import BaseResponse
 from werkzeug.utils import cached_property, import_string
 +from oauth2_provider.app import cache
 from oauth2_provider.app.constant import secret
 from oauth2_provider.app.core.token import jwt_token
 from oauth2_provider.app.serialize.oauth2 import OauthTokenIntrospectSchema, OauthTokenSchema, RefreshTokenSchema
@@ -100,6 +101,9 @@ class OauthorizeView(BaseResponse, OAuth2):
         try:
             token_info = jwt_token.decode(token=token, secret=secret)
             g.username = token_info["sub"]
 +            cache_token = cache.get(token_info["sub"] + "-token")
 +            if token != cache_token:
 +                raise ValueError
             return True
         except ExpiredSignatureError as error:
             LOGGER.error("Signature has expired: %s" % token)
 -- 
 Gitee
--- a/authHub.spec
+++ b/authHub.spec
@ -1,15 +1,18 @@
 Name:		authHub
 Version:	v1.0.0
-Release:	2
+Release:	5
 Summary:	Authentication authority based on oauth2
 License:	MulanPSL2
 URL:		https://gitee.com/openeuler/%{name}
 Source0:	%{name}-%{version}.tar.gz
 Source1:	node_modules.tar.gz
 Patch0001:	0001-change-authhub-web-service-file-directory.patch
 Patch0002:	0002-fix-the-router-redirect-error.patch
 Patch0003:	0003-fix-logout-register-error.patch
 Patch0004:	0004-supplementary-verify-token.patch
 BuildRequires:  python3-setuptools
-Requires:  aops-vulcanus >= v2.1.0 python3-Authlib aops-zeus >= v2.1.0
+Requires:  aops-vulcanus >= v2.1.0 python3-Authlib aops-zeus >= v2.1.0 python3-Flask-SQLAlchemy
 Provides:  authhub
 %description
@ -63,6 +66,17 @@ popd
 %attr(0755,root,root) %{_sysconfdir}/nginx/conf.d/*
 %changelog
 * Tue Sep 24 2024 luxuexian<luxuexian@huawei.com> - v1.0.0-5
 - Supplementary verify token
 * Fri Sep 20 2024 luxuexian<luxuexian@huawei.com> - v1.0.0-4
 - Fix logout error
 - Fix register error
 * Thu Sep 19 2024 luxuexian<luxuexian@huawei.com> - v1.0.0-3
 - Fix the router redirect error
 - Add python3-FLask-SQLAlchemy requires
 * Mon Sep 9 2024 luxuexian<luxuexian@huawei.com> - v1.0.0-2
 - change authhub-web.service file directory