feat：oauth2 增加密码模式 TencentBlueKing#10663

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt

@@ -1,17 +1,10 @@
 package com.tencent.devops.auth.pojo
 
+import com.tencent.devops.auth.pojo.enum.Oauth2GrantType
 import io.swagger.v3.oas.annotations.media.Schema
 
 @Schema(title = "oauth2获取token请求报文体")
-data class Oauth2AccessTokenRequest(
+open class Oauth2AccessTokenRequest(
     @get:Schema(title = "授权类型", required = true)
-    val grantType: String,
-    @get:Schema(title = "授权码,用于授权码模式", required = false)
-    val code: String? = null,
-    @get:Schema(title = "refreshToken,用于刷新授权码模式", required = false)
-    val refreshToken: String? = null,
-    @get:Schema(title = "账号名称，用于密码模式", required = false)
-    val userName: String? = null,
-    @get:Schema(title = "密码，用于密码模式", required = false)
-    val passWord: String? = null
+    open val grantType: Oauth2GrantType
 )

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AuthorizationCodeRequest.kt

@@ -0,0 +1,12 @@
+package com.tencent.devops.auth.pojo
+
+import com.tencent.devops.auth.pojo.enum.Oauth2GrantType
+import io.swagger.v3.oas.annotations.media.Schema
+
+@Schema(title = "授权码模式获取token请求报文体")
+data class Oauth2AuthorizationCodeRequest(
+    @get:Schema(title = "授权类型", required = true)
+    override val grantType: Oauth2GrantType,
+    @get:Schema(title = "授权码,用于授权码模式", required = false)
+    val code: String
+) : Oauth2AccessTokenRequest(grantType)

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2PassWordRequest.kt

@@ -0,0 +1,14 @@
+package com.tencent.devops.auth.pojo
+
+import com.tencent.devops.auth.pojo.enum.Oauth2GrantType
+import io.swagger.v3.oas.annotations.media.Schema
+
+@Schema(title = "密码模式获取token请求报文体")
+data class Oauth2PassWordRequest(
+    @get:Schema(title = "授权类型", required = true)
+    override val grantType: Oauth2GrantType,
+    @get:Schema(title = "账号名称，用于密码模式", required = false)
+    val userName: String? = null,
+    @get:Schema(title = "密码，用于密码模式", required = false)
+    val passWord: String? = null
+) : Oauth2AccessTokenRequest(grantType)

src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2RefreshTokenRequest.kt

@@ -0,0 +1,12 @@
+package com.tencent.devops.auth.pojo
+
+import com.tencent.devops.auth.pojo.enum.Oauth2GrantType
+import io.swagger.v3.oas.annotations.media.Schema
+
+@Schema(title = "客户端模式获取token请求报文体")
+data class Oauth2RefreshTokenRequest(
+    @get:Schema(title = "授权类型", required = true)
+    override val grantType: Oauth2GrantType,
+    @get:Schema(title = "刷新码,用于刷新授权码模式", required = false)
+    val refreshToken: String
+) : Oauth2AccessTokenRequest(grantType)

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt

@@ -8,7 +8,7 @@ import org.jooq.DSLContext
 import org.springframework.stereotype.Service
 
 @Service
-class Oauth2AccessTokenService constructor(
+class Oauth2AccessTokenService(
     private val oauth2AccessTokenDao: AuthOauth2AccessTokenDao,
     private val dslContext: DSLContext
 ) {

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt

@@ -6,14 +6,14 @@ import com.tencent.devops.auth.pojo.dto.Oauth2AuthorizationCodeDTO
 import com.tencent.devops.auth.pojo.enum.Oauth2GrantType
 import com.tencent.devops.auth.pojo.vo.Oauth2AccessTokenVo
 import com.tencent.devops.auth.pojo.vo.Oauth2AuthorizationInfoVo
+import com.tencent.devops.auth.service.oauth2.grant.Oauth2TokenGranterFactory
 import com.tencent.devops.auth.service.oauth2.grant.TokenGranter
 import com.tencent.devops.common.api.exception.ErrorCodeException
 import com.tencent.devops.common.api.util.UUIDUtil
 import com.tencent.devops.common.auth.utils.AuthUtils
 import org.slf4j.LoggerFactory
 
-class Oauth2EndpointService constructor(
-    private val tokenGranter: TokenGranter,
+class Oauth2EndpointService(
     private val clientService: Oauth2ClientService,
     private val codeService: Oauth2CodeService,
     private val scopeService: Oauth2ScopeService,
@@ -89,11 +89,11 @@ class Oauth2EndpointService constructor(
         clientService.verifyClientInformation(
             clientId = clientId,
             clientSecret = clientSecret,
-            grantType = grantType,
+            grantType = grantType.grantType,
             clientDetails = clientDetails
         )
-        return tokenGranter.grant(
-            grantType = grantType,
+        val granter = Oauth2TokenGranterFactory.getTokenGranter(grantType) as TokenGranter<Oauth2AccessTokenRequest>
+        return granter.grant(
             clientDetails = clientDetails,
             accessTokenRequest = accessTokenRequest
         )

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2RefreshTokenService.kt

@@ -9,7 +9,7 @@ import org.jooq.DSLContext
 import org.springframework.stereotype.Service
 
 @Service
-class Oauth2RefreshTokenService constructor(
+class Oauth2RefreshTokenService(
     private val authOauth2RefreshTokenDao: AuthOauth2RefreshTokenDao,
     private val dslContext: DSLContext
 ) {

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt

@@ -8,32 +8,26 @@ import com.tencent.devops.auth.service.oauth2.Oauth2AccessTokenService
 import com.tencent.devops.common.api.util.DateTimeUtil
 import com.tencent.devops.common.api.util.UUIDUtil
 import com.tencent.devops.common.auth.utils.AuthUtils
+import org.springframework.beans.factory.annotation.Autowired
 
-abstract class AbstractTokenGranter(
-    private val grantType: String,
-    private val accessTokenService: Oauth2AccessTokenService
-) : TokenGranter {
+abstract class AbstractTokenGranter<T : Oauth2AccessTokenRequest>(
+    val accessTokenService: Oauth2AccessTokenService
+) : TokenGranter<T> {
     override fun grant(
-        grantType: String,
         clientDetails: ClientDetailsInfo,
-        accessTokenRequest: Oauth2AccessTokenRequest
+        accessTokenRequest: T
     ): Oauth2AccessTokenVo? {
-        if (this.grantType != grantType) {
-            return null
-        }
         val accessTokenDTO = getAccessToken(
             accessTokenRequest = accessTokenRequest,
             clientDetails = clientDetails
         )
         return handleAccessToken(
-            accessTokenRequest = accessTokenRequest,
             accessTokenDTO = accessTokenDTO,
             clientDetails = clientDetails
         )
     }
 
     private fun handleAccessToken(
-        accessTokenRequest: Oauth2AccessTokenRequest,
         accessTokenDTO: Oauth2AccessTokenDTO,
         clientDetails: ClientDetailsInfo
     ): Oauth2AccessTokenVo {
@@ -54,7 +48,7 @@ abstract class AbstractTokenGranter(
                 clientId = clientId,
                 userName = accessTokenDTO.userName,
                 passWord = accessTokenDTO.passWord,
-                grantType = grantType,
+                grantType = type().grantType,
                 accessToken = newAccessToken,
                 refreshToken = refreshToken,
                 expiredTime = accessTokenExpiredTime,
@@ -73,7 +67,7 @@ abstract class AbstractTokenGranter(
     }
 
     abstract fun getAccessToken(
-        accessTokenRequest: Oauth2AccessTokenRequest,
+        accessTokenRequest: T,
         clientDetails: ClientDetailsInfo
     ): Oauth2AccessTokenDTO
 }

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AuthorizationCodeTokenGranter.kt

@@ -1,7 +1,7 @@
 package com.tencent.devops.auth.service.oauth2.grant
 
 import com.tencent.devops.auth.pojo.ClientDetailsInfo
-import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest
+import com.tencent.devops.auth.pojo.Oauth2AuthorizationCodeRequest
 import com.tencent.devops.auth.pojo.dto.Oauth2AccessTokenDTO
 import com.tencent.devops.auth.pojo.enum.Oauth2GrantType
 import com.tencent.devops.auth.service.oauth2.Oauth2AccessTokenService
@@ -15,16 +15,15 @@ import com.tencent.devops.model.auth.tables.records.TAuthOauth2CodeRecord
 import org.springframework.stereotype.Service
 
 @Service
-class AuthorizationCodeTokenGranter constructor(
+class AuthorizationCodeTokenGranter(
     private val codeService: Oauth2CodeService,
-    private val accessTokenService: Oauth2AccessTokenService,
-    private val refreshTokenService: Oauth2RefreshTokenService
-) : AbstractTokenGranter(
-    grantType = Oauth2GrantType.AUTHORIZATION_CODE.grantType,
+    private val refreshTokenService: Oauth2RefreshTokenService,
+    accessTokenService: Oauth2AccessTokenService
+) : AbstractTokenGranter<Oauth2AuthorizationCodeRequest>(
     accessTokenService = accessTokenService
 ) {
     override fun getAccessToken(
-        accessTokenRequest: Oauth2AccessTokenRequest,
+        accessTokenRequest: Oauth2AuthorizationCodeRequest,
         clientDetails: ClientDetailsInfo
     ): Oauth2AccessTokenDTO {
         val clientId = clientDetails.clientId
@@ -92,4 +91,6 @@ class AuthorizationCodeTokenGranter constructor(
             newRefreshToken
         }
     }
+
+    override fun type(): Oauth2GrantType = Oauth2GrantType.AUTHORIZATION_CODE
 }

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt

@@ -9,24 +9,20 @@ import com.tencent.devops.auth.service.oauth2.Oauth2ScopeService
 import org.springframework.stereotype.Service
 
 @Service
-class ClientCredentialsTokenGranter constructor(
-    private val accessTokenService: Oauth2AccessTokenService,
-    private val oauth2ScopeService: Oauth2ScopeService
-) : AbstractTokenGranter(
-    grantType = GRANT_TYPE,
-    accessTokenService = accessTokenService
+class ClientCredentialsTokenGranter(
+    private val oauth2ScopeService: Oauth2ScopeService,
+    accessTokenService: Oauth2AccessTokenService
+) : AbstractTokenGranter<Oauth2AccessTokenRequest>(
+    accessTokenService =  accessTokenService
 ) {
-    companion object {
-        private val GRANT_TYPE = Oauth2GrantType.CLIENT_CREDENTIALS.grantType
-    }
 
     override fun getAccessToken(
         accessTokenRequest: Oauth2AccessTokenRequest,
         clientDetails: ClientDetailsInfo
     ): Oauth2AccessTokenDTO {
         val accessTokenInfo = accessTokenService.get(
             clientId = clientDetails.clientId,
-            grantType = GRANT_TYPE
+            grantType = type().grantType
         )
         val scopeId = oauth2ScopeService.create(
             scope = clientDetails.scope
@@ -38,4 +34,6 @@ class ClientCredentialsTokenGranter constructor(
             scopeId = scopeId
         )
     }
+
+    override fun type(): Oauth2GrantType = Oauth2GrantType.CLIENT_CREDENTIALS
 }

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/Oauth2TokenGranterFactory.kt

@@ -0,0 +1,21 @@
+package com.tencent.devops.auth.service.oauth2.grant
+
+import com.tencent.devops.auth.constant.AuthMessageCode
+import com.tencent.devops.auth.pojo.enum.Oauth2GrantType
+import com.tencent.devops.common.api.exception.ErrorCodeException
+import com.tencent.devops.common.service.utils.SpringContextUtil
+
+object Oauth2TokenGranterFactory {
+    fun getTokenGranter(grantType: Oauth2GrantType): TokenGranter<*> {
+        val tokenGranters = SpringContextUtil.getBeansWithClass(TokenGranter::class.java)
+        for (tokenGranter in tokenGranters) {
+            if (grantType == tokenGranter.type()) {
+                return tokenGranter
+            }
+        }
+        throw ErrorCodeException(
+            errorCode = AuthMessageCode.INVALID_AUTHORIZATION_TYPE,
+            defaultMessage = "The client does not support $grantType type"
+        )
+    }
+}

src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/PassWordTokenGranter.kt

@@ -1,7 +1,7 @@
 package com.tencent.devops.auth.service.oauth2.grant
 
 import com.tencent.devops.auth.pojo.ClientDetailsInfo
-import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest
+import com.tencent.devops.auth.pojo.Oauth2PassWordRequest
 import com.tencent.devops.auth.pojo.dto.Oauth2AccessTokenDTO
 import com.tencent.devops.auth.pojo.enum.Oauth2GrantType
 import com.tencent.devops.auth.service.oauth2.Oauth2AccessTokenService
@@ -10,25 +10,20 @@ import org.springframework.stereotype.Service
 
 @Service
 class PassWordTokenGranter(
-    private val accessTokenService: Oauth2AccessTokenService,
-    private val oauth2ScopeService: Oauth2ScopeService
-) : AbstractTokenGranter(
-    grantType = GRANT_TYPE,
+    private val oauth2ScopeService: Oauth2ScopeService,
+    accessTokenService: Oauth2AccessTokenService
+) : AbstractTokenGranter<Oauth2PassWordRequest>(
     accessTokenService = accessTokenService
 ) {
-    companion object {
-        private val GRANT_TYPE = Oauth2GrantType.PASS_WORD.grantType
-    }
-
     override fun getAccessToken(
-        accessTokenRequest: Oauth2AccessTokenRequest,
+        accessTokenRequest: Oauth2PassWordRequest,
         clientDetails: ClientDetailsInfo
     ): Oauth2AccessTokenDTO {
         val accessTokenInfo = accessTokenService.get(
             clientId = clientDetails.clientId,
-            userName = accessTokenRequest.userName!!,
-            passWord = accessTokenRequest.passWord!!,
-            grantType = GRANT_TYPE
+            userName = accessTokenRequest.userName,
+            passWord = accessTokenRequest.passWord,
+            grantType = type().grantType
         )
         val scopeId = oauth2ScopeService.create(
             scope = clientDetails.scope
@@ -42,4 +37,6 @@ class PassWordTokenGranter(
             scopeId = scopeId
         )
     }
+
+    override fun type(): Oauth2GrantType = Oauth2GrantType.PASS_WORD
 }