From 1587cd98d4c65812d6e40efb748cadd3ab2c257e Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 16 Jul 2024 16:17:47 +0800 Subject: [PATCH] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/pojo/Oauth2AccessTokenRequest.kt | 13 ++--- .../pojo/Oauth2AuthorizationCodeRequest.kt | 12 +++++ .../devops/auth/pojo/Oauth2PassWordRequest.kt | 14 ++++++ .../auth/pojo/Oauth2RefreshTokenRequest.kt | 12 +++++ .../oauth2/Oauth2AccessTokenService.kt | 2 +- .../auth/service/oauth2/Oauth2Config.kt | 47 ------------------- .../service/oauth2/Oauth2EndpointService.kt | 10 ++-- .../oauth2/Oauth2RefreshTokenService.kt | 2 +- .../oauth2/grant/AbstractTokenGranter.kt | 20 +++----- .../grant/AuthorizationCodeTokenGranter.kt | 15 +++--- .../grant/ClientCredentialsTokenGranter.kt | 18 ++++--- .../oauth2/grant/CompositeTokenGranter.kt | 23 --------- .../oauth2/grant/Oauth2TokenGranterFactory.kt | 21 +++++++++ .../oauth2/grant/PassWordTokenGranter.kt | 23 ++++----- .../oauth2/grant/RefreshTokenGranter.kt | 13 ++--- .../auth/service/oauth2/grant/TokenGranter.kt | 11 +++-- .../AuthorizationCodeTokenGranterTest.kt | 8 ++-- .../service/oauth2/RefreshTokenGranterTest.kt | 7 ++- 18 files changed, 126 insertions(+), 145 deletions(-) create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AuthorizationCodeRequest.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2PassWordRequest.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2RefreshTokenRequest.kt delete mode 100644 src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2Config.kt delete mode 100644 src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/CompositeTokenGranter.kt create mode 100644 src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/Oauth2TokenGranterFactory.kt diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt index 3b239f59bda..2224a6ca5fc 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt @@ -1,17 +1,10 @@ package com.tencent.devops.auth.pojo +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import io.swagger.v3.oas.annotations.media.Schema @Schema(title = "oauth2获取token请求报文体") -data class Oauth2AccessTokenRequest( +open class Oauth2AccessTokenRequest( @get:Schema(title = "授权类型", required = true) - val grantType: String, - @get:Schema(title = "授权码,用于授权码模式", required = false) - val code: String? = null, - @get:Schema(title = "refreshToken,用于刷新授权码模式", required = false) - val refreshToken: String? = null, - @get:Schema(title = "账号名称,用于密码模式", required = false) - val userName: String? = null, - @get:Schema(title = "密码,用于密码模式", required = false) - val passWord: String? = null + open val grantType: Oauth2GrantType ) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AuthorizationCodeRequest.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AuthorizationCodeRequest.kt new file mode 100644 index 00000000000..c32bbe77eeb --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AuthorizationCodeRequest.kt @@ -0,0 +1,12 @@ +package com.tencent.devops.auth.pojo + +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType +import io.swagger.v3.oas.annotations.media.Schema + +@Schema(title = "授权码模式获取token请求报文体") +data class Oauth2AuthorizationCodeRequest( + @get:Schema(title = "授权类型", required = true) + override val grantType: Oauth2GrantType, + @get:Schema(title = "授权码,用于授权码模式", required = false) + val code: String +) : Oauth2AccessTokenRequest(grantType) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2PassWordRequest.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2PassWordRequest.kt new file mode 100644 index 00000000000..95bd67bfae1 --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2PassWordRequest.kt @@ -0,0 +1,14 @@ +package com.tencent.devops.auth.pojo + +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType +import io.swagger.v3.oas.annotations.media.Schema + +@Schema(title = "密码模式获取token请求报文体") +data class Oauth2PassWordRequest( + @get:Schema(title = "授权类型", required = true) + override val grantType: Oauth2GrantType, + @get:Schema(title = "账号名称,用于密码模式", required = false) + val userName: String? = null, + @get:Schema(title = "密码,用于密码模式", required = false) + val passWord: String? = null +) : Oauth2AccessTokenRequest(grantType) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2RefreshTokenRequest.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2RefreshTokenRequest.kt new file mode 100644 index 00000000000..8f4906952f5 --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2RefreshTokenRequest.kt @@ -0,0 +1,12 @@ +package com.tencent.devops.auth.pojo + +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType +import io.swagger.v3.oas.annotations.media.Schema + +@Schema(title = "客户端模式获取token请求报文体") +data class Oauth2RefreshTokenRequest( + @get:Schema(title = "授权类型", required = true) + override val grantType: Oauth2GrantType, + @get:Schema(title = "刷新码,用于刷新授权码模式", required = false) + val refreshToken: String +) : Oauth2AccessTokenRequest(grantType) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt index 55168fd6c52..b215bc35dff 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt @@ -8,7 +8,7 @@ import org.jooq.DSLContext import org.springframework.stereotype.Service @Service -class Oauth2AccessTokenService constructor( +class Oauth2AccessTokenService( private val oauth2AccessTokenDao: AuthOauth2AccessTokenDao, private val dslContext: DSLContext ) { diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2Config.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2Config.kt deleted file mode 100644 index 1e3b730930e..00000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2Config.kt +++ /dev/null @@ -1,47 +0,0 @@ -package com.tencent.devops.auth.service.oauth2 - -import com.tencent.devops.auth.service.oauth2.grant.AuthorizationCodeTokenGranter -import com.tencent.devops.auth.service.oauth2.grant.ClientCredentialsTokenGranter -import com.tencent.devops.auth.service.oauth2.grant.CompositeTokenGranter -import com.tencent.devops.auth.service.oauth2.grant.RefreshTokenGranter -import com.tencent.devops.auth.service.oauth2.grant.TokenGranter -import org.springframework.context.annotation.Bean -import org.springframework.context.annotation.Configuration - -@Configuration -@Suppress("LongParameterList") -class Oauth2Config constructor( - private val oauth2ClientService: Oauth2ClientService, - private val codeService: Oauth2CodeService, - private val scopeService: Oauth2ScopeService, - private val accessTokenService: Oauth2AccessTokenService, - private val clientCredentialsTokenGranter: ClientCredentialsTokenGranter, - private val authorizationCodeTokenGranter: AuthorizationCodeTokenGranter, - private val refreshTokenGranter: RefreshTokenGranter, - private val scopeOperationService: Oauth2ScopeOperationService -) { - @Bean - fun oauth2EndpointService(): Oauth2EndpointService { - return Oauth2EndpointService( - tokenGranter = compositeTokenGranter(), - clientService = oauth2ClientService, - codeService = codeService, - scopeService = scopeService, - accessTokenService = accessTokenService, - scopeOperationService = scopeOperationService - ) - } - - @Bean - fun compositeTokenGranter(): TokenGranter { - return CompositeTokenGranter(getDefaultTokenGranters()) - } - - private fun getDefaultTokenGranters(): List { - val tokenGranters = mutableListOf() - tokenGranters.add(clientCredentialsTokenGranter) - tokenGranters.add(authorizationCodeTokenGranter) - tokenGranters.add(refreshTokenGranter) - return tokenGranters - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt index 79bc961aedf..856e47589e7 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt @@ -6,14 +6,14 @@ import com.tencent.devops.auth.pojo.dto.Oauth2AuthorizationCodeDTO import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.pojo.vo.Oauth2AccessTokenVo import com.tencent.devops.auth.pojo.vo.Oauth2AuthorizationInfoVo +import com.tencent.devops.auth.service.oauth2.grant.Oauth2TokenGranterFactory import com.tencent.devops.auth.service.oauth2.grant.TokenGranter import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.util.UUIDUtil import com.tencent.devops.common.auth.utils.AuthUtils import org.slf4j.LoggerFactory -class Oauth2EndpointService constructor( - private val tokenGranter: TokenGranter, +class Oauth2EndpointService( private val clientService: Oauth2ClientService, private val codeService: Oauth2CodeService, private val scopeService: Oauth2ScopeService, @@ -89,11 +89,11 @@ class Oauth2EndpointService constructor( clientService.verifyClientInformation( clientId = clientId, clientSecret = clientSecret, - grantType = grantType, + grantType = grantType.grantType, clientDetails = clientDetails ) - return tokenGranter.grant( - grantType = grantType, + val granter = Oauth2TokenGranterFactory.getTokenGranter(grantType) as TokenGranter + return granter.grant( clientDetails = clientDetails, accessTokenRequest = accessTokenRequest ) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2RefreshTokenService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2RefreshTokenService.kt index 34202e60230..4a69f38c147 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2RefreshTokenService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2RefreshTokenService.kt @@ -9,7 +9,7 @@ import org.jooq.DSLContext import org.springframework.stereotype.Service @Service -class Oauth2RefreshTokenService constructor( +class Oauth2RefreshTokenService( private val authOauth2RefreshTokenDao: AuthOauth2RefreshTokenDao, private val dslContext: DSLContext ) { diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt index cd6022a7504..61c0e05be30 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt @@ -8,32 +8,26 @@ import com.tencent.devops.auth.service.oauth2.Oauth2AccessTokenService import com.tencent.devops.common.api.util.DateTimeUtil import com.tencent.devops.common.api.util.UUIDUtil import com.tencent.devops.common.auth.utils.AuthUtils +import org.springframework.beans.factory.annotation.Autowired -abstract class AbstractTokenGranter( - private val grantType: String, - private val accessTokenService: Oauth2AccessTokenService -) : TokenGranter { +abstract class AbstractTokenGranter( + val accessTokenService: Oauth2AccessTokenService +) : TokenGranter { override fun grant( - grantType: String, clientDetails: ClientDetailsInfo, - accessTokenRequest: Oauth2AccessTokenRequest + accessTokenRequest: T ): Oauth2AccessTokenVo? { - if (this.grantType != grantType) { - return null - } val accessTokenDTO = getAccessToken( accessTokenRequest = accessTokenRequest, clientDetails = clientDetails ) return handleAccessToken( - accessTokenRequest = accessTokenRequest, accessTokenDTO = accessTokenDTO, clientDetails = clientDetails ) } private fun handleAccessToken( - accessTokenRequest: Oauth2AccessTokenRequest, accessTokenDTO: Oauth2AccessTokenDTO, clientDetails: ClientDetailsInfo ): Oauth2AccessTokenVo { @@ -54,7 +48,7 @@ abstract class AbstractTokenGranter( clientId = clientId, userName = accessTokenDTO.userName, passWord = accessTokenDTO.passWord, - grantType = grantType, + grantType = type().grantType, accessToken = newAccessToken, refreshToken = refreshToken, expiredTime = accessTokenExpiredTime, @@ -73,7 +67,7 @@ abstract class AbstractTokenGranter( } abstract fun getAccessToken( - accessTokenRequest: Oauth2AccessTokenRequest, + accessTokenRequest: T, clientDetails: ClientDetailsInfo ): Oauth2AccessTokenDTO } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AuthorizationCodeTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AuthorizationCodeTokenGranter.kt index 8e080517c77..5b03d05c1b6 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AuthorizationCodeTokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AuthorizationCodeTokenGranter.kt @@ -1,7 +1,7 @@ package com.tencent.devops.auth.service.oauth2.grant import com.tencent.devops.auth.pojo.ClientDetailsInfo -import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.Oauth2AuthorizationCodeRequest import com.tencent.devops.auth.pojo.dto.Oauth2AccessTokenDTO import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.service.oauth2.Oauth2AccessTokenService @@ -15,16 +15,15 @@ import com.tencent.devops.model.auth.tables.records.TAuthOauth2CodeRecord import org.springframework.stereotype.Service @Service -class AuthorizationCodeTokenGranter constructor( +class AuthorizationCodeTokenGranter( private val codeService: Oauth2CodeService, - private val accessTokenService: Oauth2AccessTokenService, - private val refreshTokenService: Oauth2RefreshTokenService -) : AbstractTokenGranter( - grantType = Oauth2GrantType.AUTHORIZATION_CODE.grantType, + private val refreshTokenService: Oauth2RefreshTokenService, + accessTokenService: Oauth2AccessTokenService +) : AbstractTokenGranter( accessTokenService = accessTokenService ) { override fun getAccessToken( - accessTokenRequest: Oauth2AccessTokenRequest, + accessTokenRequest: Oauth2AuthorizationCodeRequest, clientDetails: ClientDetailsInfo ): Oauth2AccessTokenDTO { val clientId = clientDetails.clientId @@ -92,4 +91,6 @@ class AuthorizationCodeTokenGranter constructor( newRefreshToken } } + + override fun type(): Oauth2GrantType = Oauth2GrantType.AUTHORIZATION_CODE } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt index 93305a34fae..9884b4b5a30 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt @@ -9,16 +9,12 @@ import com.tencent.devops.auth.service.oauth2.Oauth2ScopeService import org.springframework.stereotype.Service @Service -class ClientCredentialsTokenGranter constructor( - private val accessTokenService: Oauth2AccessTokenService, - private val oauth2ScopeService: Oauth2ScopeService -) : AbstractTokenGranter( - grantType = GRANT_TYPE, - accessTokenService = accessTokenService +class ClientCredentialsTokenGranter( + private val oauth2ScopeService: Oauth2ScopeService, + accessTokenService: Oauth2AccessTokenService +) : AbstractTokenGranter( + accessTokenService = accessTokenService ) { - companion object { - private val GRANT_TYPE = Oauth2GrantType.CLIENT_CREDENTIALS.grantType - } override fun getAccessToken( accessTokenRequest: Oauth2AccessTokenRequest, @@ -26,7 +22,7 @@ class ClientCredentialsTokenGranter constructor( ): Oauth2AccessTokenDTO { val accessTokenInfo = accessTokenService.get( clientId = clientDetails.clientId, - grantType = GRANT_TYPE + grantType = type().grantType ) val scopeId = oauth2ScopeService.create( scope = clientDetails.scope @@ -38,4 +34,6 @@ class ClientCredentialsTokenGranter constructor( scopeId = scopeId ) } + + override fun type(): Oauth2GrantType = Oauth2GrantType.CLIENT_CREDENTIALS } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/CompositeTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/CompositeTokenGranter.kt deleted file mode 100644 index ca2565d512c..00000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/CompositeTokenGranter.kt +++ /dev/null @@ -1,23 +0,0 @@ -package com.tencent.devops.auth.service.oauth2.grant - -import com.tencent.devops.auth.pojo.ClientDetailsInfo -import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest -import com.tencent.devops.auth.pojo.vo.Oauth2AccessTokenVo - -class CompositeTokenGranter constructor( - private val tokenGranters: List -) : TokenGranter { - override fun grant( - grantType: String, - clientDetails: ClientDetailsInfo, - accessTokenRequest: Oauth2AccessTokenRequest - ): Oauth2AccessTokenVo? { - for (granter in tokenGranters) { - val grant = granter.grant(grantType, clientDetails, accessTokenRequest) - if (grant != null) { - return grant - } - } - return null - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/Oauth2TokenGranterFactory.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/Oauth2TokenGranterFactory.kt new file mode 100644 index 00000000000..46b927f6e60 --- /dev/null +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/Oauth2TokenGranterFactory.kt @@ -0,0 +1,21 @@ +package com.tencent.devops.auth.service.oauth2.grant + +import com.tencent.devops.auth.constant.AuthMessageCode +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType +import com.tencent.devops.common.api.exception.ErrorCodeException +import com.tencent.devops.common.service.utils.SpringContextUtil + +object Oauth2TokenGranterFactory { + fun getTokenGranter(grantType: Oauth2GrantType): TokenGranter<*> { + val tokenGranters = SpringContextUtil.getBeansWithClass(TokenGranter::class.java) + for (tokenGranter in tokenGranters) { + if (grantType == tokenGranter.type()) { + return tokenGranter + } + } + throw ErrorCodeException( + errorCode = AuthMessageCode.INVALID_AUTHORIZATION_TYPE, + defaultMessage = "The client does not support $grantType type" + ) + } +} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/PassWordTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/PassWordTokenGranter.kt index 68e2bf2adc7..4b29f5f251d 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/PassWordTokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/PassWordTokenGranter.kt @@ -1,7 +1,7 @@ package com.tencent.devops.auth.service.oauth2.grant import com.tencent.devops.auth.pojo.ClientDetailsInfo -import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.Oauth2PassWordRequest import com.tencent.devops.auth.pojo.dto.Oauth2AccessTokenDTO import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.service.oauth2.Oauth2AccessTokenService @@ -10,25 +10,20 @@ import org.springframework.stereotype.Service @Service class PassWordTokenGranter( - private val accessTokenService: Oauth2AccessTokenService, - private val oauth2ScopeService: Oauth2ScopeService -) : AbstractTokenGranter( - grantType = GRANT_TYPE, + private val oauth2ScopeService: Oauth2ScopeService, + accessTokenService: Oauth2AccessTokenService +) : AbstractTokenGranter( accessTokenService = accessTokenService ) { - companion object { - private val GRANT_TYPE = Oauth2GrantType.PASS_WORD.grantType - } - override fun getAccessToken( - accessTokenRequest: Oauth2AccessTokenRequest, + accessTokenRequest: Oauth2PassWordRequest, clientDetails: ClientDetailsInfo ): Oauth2AccessTokenDTO { val accessTokenInfo = accessTokenService.get( clientId = clientDetails.clientId, - userName = accessTokenRequest.userName!!, - passWord = accessTokenRequest.passWord!!, - grantType = GRANT_TYPE + userName = accessTokenRequest.userName, + passWord = accessTokenRequest.passWord, + grantType = type().grantType ) val scopeId = oauth2ScopeService.create( scope = clientDetails.scope @@ -42,4 +37,6 @@ class PassWordTokenGranter( scopeId = scopeId ) } + + override fun type(): Oauth2GrantType = Oauth2GrantType.PASS_WORD } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/RefreshTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/RefreshTokenGranter.kt index 9ab95d12c51..63c5dceb45f 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/RefreshTokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/RefreshTokenGranter.kt @@ -3,7 +3,7 @@ package com.tencent.devops.auth.service.oauth2.grant import com.tencent.devops.auth.constant.AuthMessageCode import com.tencent.devops.auth.constant.AuthMessageCode.ERROR_REFRESH_TOKEN_EXPIRED import com.tencent.devops.auth.pojo.ClientDetailsInfo -import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.Oauth2RefreshTokenRequest import com.tencent.devops.auth.pojo.dto.Oauth2AccessTokenDTO import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.service.oauth2.Oauth2AccessTokenService @@ -14,14 +14,13 @@ import org.springframework.stereotype.Service @Service class RefreshTokenGranter( - private val accessTokenService: Oauth2AccessTokenService, - private val refreshTokenService: Oauth2RefreshTokenService -) : AbstractTokenGranter( - grantType = Oauth2GrantType.REFRESH_TOKEN.grantType, + private val refreshTokenService: Oauth2RefreshTokenService, + accessTokenService: Oauth2AccessTokenService +) : AbstractTokenGranter( accessTokenService = accessTokenService ) { override fun getAccessToken( - accessTokenRequest: Oauth2AccessTokenRequest, + accessTokenRequest: Oauth2RefreshTokenRequest, clientDetails: ClientDetailsInfo ): Oauth2AccessTokenDTO { val refreshToken = accessTokenRequest.refreshToken @@ -63,4 +62,6 @@ class RefreshTokenGranter( scopeId = accessTokenInfo.scopeId ) } + + override fun type(): Oauth2GrantType = Oauth2GrantType.REFRESH_TOKEN } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/TokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/TokenGranter.kt index 0d798547f39..74fb029c04a 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/TokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/TokenGranter.kt @@ -2,12 +2,17 @@ package com.tencent.devops.auth.service.oauth2.grant import com.tencent.devops.auth.pojo.ClientDetailsInfo import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.pojo.vo.Oauth2AccessTokenVo -interface TokenGranter { +interface TokenGranter { fun grant( - grantType: String, clientDetails: ClientDetailsInfo, - accessTokenRequest: Oauth2AccessTokenRequest + accessTokenRequest: T ): Oauth2AccessTokenVo? + + /** + * 支持类型 + */ + fun type(): Oauth2GrantType } diff --git a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt index 0c8e1bdb6f9..cca6cb3722d 100644 --- a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt +++ b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt @@ -18,16 +18,14 @@ import java.time.LocalDateTime class AuthorizationCodeTokenGranterTest : BkCiAbstractTest() { private val codeService = mockk() - private val accessTokenService = mockk() - private val refreshTokenService = mockk() private val self: AuthorizationCodeTokenGranter = spyk( AuthorizationCodeTokenGranter( codeService = codeService, - accessTokenService = accessTokenService, - refreshTokenService = refreshTokenService + refreshTokenService = refreshTokenService, + accessTokenService = accessTokenService ), recordPrivateCalls = true ) @@ -49,6 +47,7 @@ class AuthorizationCodeTokenGranterTest : BkCiAbstractTest() { "testAccessToken", "testClientId", "testUserName", + "", "testGrantType", System.currentTimeMillis() / 1000 + 1000, "testRefreshToken", @@ -72,6 +71,7 @@ class AuthorizationCodeTokenGranterTest : BkCiAbstractTest() { "testAccessToken", "testClientId", "testUserName", + "", "testGrantType", System.currentTimeMillis() / 1000 - 1000, "testRefreshToken", diff --git a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt index 9ad9ac1b2b2..1ff3ecb094f 100644 --- a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt +++ b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt @@ -3,6 +3,8 @@ package com.tencent.devops.auth.service.oauth2 import com.tencent.devops.auth.constant.AuthMessageCode.ERROR_REFRESH_TOKEN_EXPIRED import com.tencent.devops.auth.pojo.ClientDetailsInfo import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.Oauth2RefreshTokenRequest +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.service.oauth2.grant.RefreshTokenGranter import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.test.BkCiAbstractTest @@ -45,6 +47,7 @@ class RefreshTokenGranterTest : BkCiAbstractTest() { "testAccessToken", "testClientId", "testUserName", + "", "testGrantType", System.currentTimeMillis() / 1000 + 1000, "testRefreshToken", @@ -52,9 +55,9 @@ class RefreshTokenGranterTest : BkCiAbstractTest() { LocalDateTime.now() ) - private val accessTokenRequest = Oauth2AccessTokenRequest( + private val accessTokenRequest = Oauth2RefreshTokenRequest( refreshToken = "testRefreshToken", - grantType = "testGrantType" + grantType = Oauth2GrantType.REFRESH_TOKEN ) @Test