From fc39fff3d435957b53a546df006ba9bbda94eead Mon Sep 17 00:00:00 2001 From: rearcher <123781007@qq.com> Date: Fri, 8 Nov 2024 15:15:04 +0800 Subject: [PATCH] sync to master --- 0002-fix-the-router-redirect-error.patch | 49 +++++++++++ 0003-fix-logout-register-error.patch | 102 +++++++++++++++++++++++ 0004-supplementary-verify-token.patch | 38 +++++++++ authHub.spec | 18 +++- 4 files changed, 205 insertions(+), 2 deletions(-) create mode 100644 0002-fix-the-router-redirect-error.patch create mode 100644 0003-fix-logout-register-error.patch create mode 100644 0004-supplementary-verify-token.patch diff --git a/0002-fix-the-router-redirect-error.patch b/0002-fix-the-router-redirect-error.patch new file mode 100644 index 0000000..3a94d93 --- /dev/null +++ b/0002-fix-the-router-redirect-error.patch @@ -0,0 +1,49 @@ +From 75cf241f76913a8e1a7e81962225aa73b2314008 Mon Sep 17 00:00:00 2001 +From: hugang <18768366022@163.com> +Date: Sat, 14 Sep 2024 11:11:02 +0800 +Subject: [PATCH] fix the router redirect error + +--- + oauth2_web/deploy/authhub.nginx.conf | 4 ++-- + oauth2_web/src/api/request.ts | 3 ++- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/oauth2_web/deploy/authhub.nginx.conf b/oauth2_web/deploy/authhub.nginx.conf +index f9720c3..a38eb1f 100644 +--- a/oauth2_web/deploy/authhub.nginx.conf ++++ b/oauth2_web/deploy/authhub.nginx.conf +@@ -14,8 +14,8 @@ server { + root /opt/authhub/web/dist; + expires 30d; + } +- location /authhub { +- alias /opt/authhub/web/dist ++ location / { ++ root /opt/authhub/web/dist; + try_files $uri $uri/ /index.html; + if (!-e $request_filename){ + rewrite ^(.*)$ /index.html last; +diff --git a/oauth2_web/src/api/request.ts b/oauth2_web/src/api/request.ts +index 526323f..e50e308 100644 +--- a/oauth2_web/src/api/request.ts ++++ b/oauth2_web/src/api/request.ts +@@ -15,6 +15,7 @@ import type { + } from 'axios' + import axios from 'axios' + import { ElMessage, ElNotification } from 'element-plus' ++import router from '@/conf/router' + + + export interface Result { +@@ -62,7 +63,7 @@ request.interceptors.response.use( + message: response.data.message, + }) + setTimeout(() => { +- window.location.href = '/oauth/authorize/login' ++ router.replace('/oauth/authorize/login') + }, 1000) + break + default: +-- +2.43.0.windows.1 + diff --git a/0003-fix-logout-register-error.patch b/0003-fix-logout-register-error.patch new file mode 100644 index 0000000..85bf4f9 --- /dev/null +++ b/0003-fix-logout-register-error.patch @@ -0,0 +1,102 @@ +From 565b442fa56c93a706d5b2f5224763854b8f42cc Mon Sep 17 00:00:00 2001 +From: rearcher <123781007@qq.com> +Date: Fri, 20 Sep 2024 15:11:28 +0800 +Subject: [PATCH] fix logout error, fix register error + +--- + oauth2_provider/app/core/account.py | 43 ++++++++++------------------- + 1 file changed, 15 insertions(+), 28 deletions(-) + +diff --git a/oauth2_provider/app/core/account.py b/oauth2_provider/app/core/account.py +index 3259704..16038fd 100644 +--- a/oauth2_provider/app/core/account.py ++++ b/oauth2_provider/app/core/account.py +@@ -67,8 +67,8 @@ class UserProxy: + if not self._check_user_not_exist(username): + LOGGER.error(f"add user failed, username exists: {username}") + return DATA_EXIST +- self._add_user(username, password, email) +- callback_res = self._register_callback(username) ++ user_info = self._add_user(username, password, email) ++ callback_res = self._register_callback(user_info) + if callback_res != SUCCEED: + return callback_res + db.session.commit() +@@ -80,42 +80,25 @@ class UserProxy: + return DATABASE_INSERT_ERROR + return SUCCEED + +- def _register_callback(self, username: str) -> str: ++ def _register_callback(self, user) -> str: + res = SUCCEED + for client in db.session.query(OAuth2Client).distinct(OAuth2Client.client_id).all(): +- user_info = self._get_user_info(username, client.client_id) ++ scope = client.client_metadata["scope"].split() ++ user_info = dict() ++ if "username" in scope: ++ user_info["username"] = user.username ++ if "email" in scope: ++ user_info["email"] = user.email + for register_callback_uri in client.register_callback_uris: + response_data = BaseResponse.get_response( + method="Post", url=register_callback_uri, data=user_info, header=self.HEADERS + ) + response_status = response_data.get("label") + if response_status != SUCCEED: +- LOGGER.error(f"register redirect failed: {client.client_id}, {username}") ++ LOGGER.error(f"register redirect failed: {client.client_id}, {user.username}") + res = PARTIAL_SUCCEED + return res + +- def _get_user_info(self, username: str, client_id: str) -> dict: +- """ +- Get user info. +- +- Args: +- username(str): username, +- client_id(str): client id +- +- Returns: +- dict: user info +- """ +- client_scopes = db.session.query(OAuth2ClientScopes).filter_by(username=username, client_id=client_id).one() +- user = db.session.query(User).filter_by(username=username).one() +- user_info = dict() +- # user scope, e.g. ["email","username","openid","offline_access"] +- scopes = client_scopes.scopes.split() +- if "username" in scopes: +- user_info["username"] = user.username +- if "email" in scopes: +- user_info["email"] = user.email +- return user_info +- + def _check_user_not_exist(self, username: str) -> bool: + query_res = db.session.query(User).filter_by(username=username).count() + if query_res != 0: +@@ -133,10 +116,14 @@ class UserProxy: + "password": "xxx", + "email": "xxx@xxx.com" + } ++ ++ Returns: ++ user: user + """ + password_hash = User.hash_password(password) + user = User(username=username, password=password_hash, email=email) + db.session.add(user) ++ return user + + def manager_login(self, data) -> Tuple[str, str]: + """ +@@ -283,7 +270,7 @@ class UserProxy: + encrypted_data = encrypted_data.encode('utf-8') + encoded_data = base64.b64encode(encrypted_data) + encrypted_string = encoded_data.decode('utf-8') +- logout_callback_uris = login_record.logout_url.split(",") ++ logout_callback_uris = list(filter(None, login_record.logout_url.split(','))) + for logout_callback_uri in logout_callback_uris: + response_data = BaseResponse.get_response( + method="Post", +-- +Gitee + diff --git a/0004-supplementary-verify-token.patch b/0004-supplementary-verify-token.patch new file mode 100644 index 0000000..ea0f48f --- /dev/null +++ b/0004-supplementary-verify-token.patch @@ -0,0 +1,38 @@ +From 9b6c793d4a9e6fb7acc55d2da645560cc5ae9ead Mon Sep 17 00:00:00 2001 +From: rearcher <123781007@qq.com> +Date: Tue, 24 Sep 2024 17:23:18 +0800 +Subject: [PATCH] =?UTF-8?q?=E8=A1=A5=E5=85=85=E6=A0=A1=E9=AA=8Ctoken?= + =?UTF-8?q?=E9=80=BB=E8=BE=91?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--- + oauth2_provider/app/views/oauth2.py | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/oauth2_provider/app/views/oauth2.py b/oauth2_provider/app/views/oauth2.py +index 8e7bb98..f9e2812 100644 +--- a/oauth2_provider/app/views/oauth2.py ++++ b/oauth2_provider/app/views/oauth2.py +@@ -31,6 +31,7 @@ from vulcanus.restful.resp import state + from vulcanus.restful.response import BaseResponse + from werkzeug.utils import cached_property, import_string + ++from oauth2_provider.app import cache + from oauth2_provider.app.constant import secret + from oauth2_provider.app.core.token import jwt_token + from oauth2_provider.app.serialize.oauth2 import OauthTokenIntrospectSchema, OauthTokenSchema, RefreshTokenSchema +@@ -100,6 +101,9 @@ class OauthorizeView(BaseResponse, OAuth2): + try: + token_info = jwt_token.decode(token=token, secret=secret) + g.username = token_info["sub"] ++ cache_token = cache.get(token_info["sub"] + "-token") ++ if token != cache_token: ++ raise ValueError + return True + except ExpiredSignatureError as error: + LOGGER.error("Signature has expired: %s" % token) +-- +Gitee + diff --git a/authHub.spec b/authHub.spec index ced9469..5c829b2 100644 --- a/authHub.spec +++ b/authHub.spec @@ -1,15 +1,18 @@ Name: authHub Version: v1.0.0 -Release: 2 +Release: 5 Summary: Authentication authority based on oauth2 License: MulanPSL2 URL: https://gitee.com/openeuler/%{name} Source0: %{name}-%{version}.tar.gz Source1: node_modules.tar.gz Patch0001: 0001-change-authhub-web-service-file-directory.patch +Patch0002: 0002-fix-the-router-redirect-error.patch +Patch0003: 0003-fix-logout-register-error.patch +Patch0004: 0004-supplementary-verify-token.patch BuildRequires: python3-setuptools -Requires: aops-vulcanus >= v2.1.0 python3-Authlib aops-zeus >= v2.1.0 +Requires: aops-vulcanus >= v2.1.0 python3-Authlib aops-zeus >= v2.1.0 python3-Flask-SQLAlchemy Provides: authhub %description @@ -63,6 +66,17 @@ popd %attr(0755,root,root) %{_sysconfdir}/nginx/conf.d/* %changelog +* Fri nov 08 2024 luxuexian - v1.0.0-5 +- Supplementary verify token + +* Fri nov 08 2024 luxuexian - v1.0.0-4 +- Fix logout error +- Fix register error + +* Fri nov 08 2024 luxuexian - v1.0.0-3 +- Fix the router redirect error +- Add python3-FLask-SQLAlchemy requires + * Mon Sep 9 2024 luxuexian - v1.0.0-2 - change authhub-web.service file directory -- Gitee