From 7303d4d8401636e7bb15c7acb17b407bbfd0de3b Mon Sep 17 00:00:00 2001 From: vran Date: Wed, 2 Mar 2022 14:28:34 +0800 Subject: [PATCH] feat: add custom authentication exception --- .../oauth2/DatabasirOauth2LoginFilter.java | 9 ++++++++- ...DatabasirAuthenticationFailureHandler.java | 7 +++++++ .../databasir/core/domain/DomainErrors.java | 1 + .../oauth2/GithubOauthHandler.java | 11 ++++++++--- .../oauth2/OAuthAppService.java | 1 + .../DatabasirAuthenticationException.java | 19 +++++++++++++++++++ .../remote/github/GithubRemoteService.java | 2 +- 7 files changed, 45 insertions(+), 5 deletions(-) create mode 100644 core/src/main/java/com/databasir/core/infrastructure/oauth2/exception/DatabasirAuthenticationException.java diff --git a/api/src/main/java/com/databasir/api/config/oauth2/DatabasirOauth2LoginFilter.java b/api/src/main/java/com/databasir/api/config/oauth2/DatabasirOauth2LoginFilter.java index 30fa8b9..798b7b7 100644 --- a/api/src/main/java/com/databasir/api/config/oauth2/DatabasirOauth2LoginFilter.java +++ b/api/src/main/java/com/databasir/api/config/oauth2/DatabasirOauth2LoginFilter.java @@ -6,10 +6,12 @@ import com.databasir.core.infrastructure.oauth2.OAuthAppService; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.DisabledException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; +import org.springframework.security.web.authentication.AuthenticationFailureHandler; import org.springframework.stereotype.Component; import org.springframework.util.AntPathMatcher; @@ -32,9 +34,11 @@ public class DatabasirOauth2LoginFilter extends AbstractAuthenticationProcessing private DatabasirUserDetailService databasirUserDetailService; public DatabasirOauth2LoginFilter(AuthenticationManager authenticationManager, - OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler) { + OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler, + AuthenticationFailureHandler authenticationFailureHandler) { super(OAUTH_LOGIN_URI, authenticationManager); this.setAuthenticationSuccessHandler(oAuth2AuthenticationSuccessHandler); + this.setAuthenticationFailureHandler(authenticationFailureHandler); } @Override @@ -45,6 +49,9 @@ public class DatabasirOauth2LoginFilter extends AbstractAuthenticationProcessing UserDetailResponse userDetailResponse = oAuthAppService.oauthCallback(registrationId, params); UserDetails details = databasirUserDetailService.loadUserByUsername(userDetailResponse.getUsername()); DatabasirOAuth2Authentication authentication = new DatabasirOAuth2Authentication(details); + if (!userDetailResponse.getEnabled()) { + throw new DisabledException("账号已禁用"); + } authentication.setAuthenticated(true); if (log.isDebugEnabled()) { log.debug("login {} success", registrationId); diff --git a/api/src/main/java/com/databasir/api/config/security/DatabasirAuthenticationFailureHandler.java b/api/src/main/java/com/databasir/api/config/security/DatabasirAuthenticationFailureHandler.java index a4fdefb..dfd0554 100644 --- a/api/src/main/java/com/databasir/api/config/security/DatabasirAuthenticationFailureHandler.java +++ b/api/src/main/java/com/databasir/api/config/security/DatabasirAuthenticationFailureHandler.java @@ -1,5 +1,6 @@ package com.databasir.api.config.security; +import com.databasir.core.infrastructure.oauth2.exception.DatabasirAuthenticationException; import com.databasir.common.JsonData; import com.fasterxml.jackson.databind.ObjectMapper; import lombok.RequiredArgsConstructor; @@ -39,6 +40,12 @@ public class DatabasirAuthenticationFailureHandler implements AuthenticationFail String jsonString = objectMapper.writeValueAsString(data); response.setStatus(HttpStatus.OK.value()); response.getOutputStream().write(jsonString.getBytes(StandardCharsets.UTF_8)); + } else if (exception instanceof DatabasirAuthenticationException) { + DatabasirAuthenticationException bizException = (DatabasirAuthenticationException) exception; + JsonData data = JsonData.error("-1", bizException.getMessage()); + String jsonString = objectMapper.writeValueAsString(data); + response.setStatus(HttpStatus.OK.value()); + response.getOutputStream().write(jsonString.getBytes(StandardCharsets.UTF_8)); } else { JsonData data = JsonData.error("-1", "未登录或未授权用户"); String jsonString = objectMapper.writeValueAsString(data); diff --git a/core/src/main/java/com/databasir/core/domain/DomainErrors.java b/core/src/main/java/com/databasir/core/domain/DomainErrors.java index 40e6b61..decc75b 100644 --- a/core/src/main/java/com/databasir/core/domain/DomainErrors.java +++ b/core/src/main/java/com/databasir/core/domain/DomainErrors.java @@ -10,6 +10,7 @@ import lombok.RequiredArgsConstructor; public enum DomainErrors implements DatabasirErrors { REFRESH_TOKEN_EXPIRED("X_0001", "refresh token expired"), INVALID_REFRESH_TOKEN_OPERATION("X_0002", "invalid refresh token operation"), + NETWORK_ERROR("X_0003", "网络似乎不稳定,请稍后再试"), NOT_SUPPORT_DATABASE_TYPE("A_10000", "不支持的数据库类型, 请检查项目配置"), PROJECT_NOT_FOUND("A_10001", "项目不存在"), diff --git a/core/src/main/java/com/databasir/core/infrastructure/oauth2/GithubOauthHandler.java b/core/src/main/java/com/databasir/core/infrastructure/oauth2/GithubOauthHandler.java index 974618a..25460a9 100644 --- a/core/src/main/java/com/databasir/core/infrastructure/oauth2/GithubOauthHandler.java +++ b/core/src/main/java/com/databasir/core/infrastructure/oauth2/GithubOauthHandler.java @@ -1,6 +1,8 @@ package com.databasir.core.infrastructure.oauth2; +import com.databasir.core.domain.DomainErrors; +import com.databasir.core.infrastructure.oauth2.exception.DatabasirAuthenticationException; import com.databasir.core.infrastructure.remote.github.GithubRemoteService; import com.databasir.dao.enums.OAuthAppType; import com.databasir.dao.impl.OAuthAppDao; @@ -51,9 +53,12 @@ public class GithubOauthHandler implements OAuthHandler { Map params = context.getCallbackParameters(); String code = params.get("code")[0]; - String accessToken = githubRemoteService.getToken(baseUrl, clientId, clientSecret, code) - .get("access_token") - .asText(); + JsonNode tokenNode = githubRemoteService.getToken(baseUrl, clientId, clientSecret, code) + .get("access_token"); + if (tokenNode == null) { + throw new DatabasirAuthenticationException(DomainErrors.NETWORK_ERROR.exception()); + } + String accessToken = tokenNode.asText(); if (StringUtils.isBlank(accessToken)) { throw new CredentialsExpiredException("授权失效,请重新登陆"); } diff --git a/core/src/main/java/com/databasir/core/infrastructure/oauth2/OAuthAppService.java b/core/src/main/java/com/databasir/core/infrastructure/oauth2/OAuthAppService.java index 6796723..8acfe44 100644 --- a/core/src/main/java/com/databasir/core/infrastructure/oauth2/OAuthAppService.java +++ b/core/src/main/java/com/databasir/core/infrastructure/oauth2/OAuthAppService.java @@ -52,6 +52,7 @@ public class OAuthAppService { user.setNickname(result.getNickname()); user.setEmail(result.getEmail()); user.setAvatar(result.getAvatar()); + user.setEnabled(true); user.setPassword(UUID.randomUUID().toString().substring(0, 6)); Integer id = userService.create(user); return userService.get(id); diff --git a/core/src/main/java/com/databasir/core/infrastructure/oauth2/exception/DatabasirAuthenticationException.java b/core/src/main/java/com/databasir/core/infrastructure/oauth2/exception/DatabasirAuthenticationException.java new file mode 100644 index 0000000..5ba8e05 --- /dev/null +++ b/core/src/main/java/com/databasir/core/infrastructure/oauth2/exception/DatabasirAuthenticationException.java @@ -0,0 +1,19 @@ +package com.databasir.core.infrastructure.oauth2.exception; + +import com.databasir.common.DatabasirException; +import org.springframework.security.core.AuthenticationException; + +public class DatabasirAuthenticationException extends AuthenticationException { + + public DatabasirAuthenticationException(DatabasirException databasirException) { + super(databasirException.getErrMessage(), databasirException); + } + + public DatabasirAuthenticationException(String msg) { + super(msg); + } + + public DatabasirAuthenticationException(String msg, Throwable cause) { + super(msg, cause); + } +} diff --git a/core/src/main/java/com/databasir/core/infrastructure/remote/github/GithubRemoteService.java b/core/src/main/java/com/databasir/core/infrastructure/remote/github/GithubRemoteService.java index 9dcac8c..df77b59 100644 --- a/core/src/main/java/com/databasir/core/infrastructure/remote/github/GithubRemoteService.java +++ b/core/src/main/java/com/databasir/core/infrastructure/remote/github/GithubRemoteService.java @@ -61,7 +61,7 @@ public class GithubRemoteService { try { Response response = call.execute(); if (!response.isSuccessful()) { - log.error("request error: " + call.request()); + log.error("request error: " + call.request() + ", response = " + response); throw new SystemException("Call Remote Error"); } else { T body = response.body();