feat: add custom authentication exception

2022-03-02 14:28:34 +08:00 · 2022-03-02 14:28:34 +08:00 · 7303d4d840
parent e09dcfe37e
commit 7303d4d840
7 changed files with 45 additions and 5 deletions
--- a/api/src/main/java/com/databasir/api/config/oauth2/DatabasirOauth2LoginFilter.java
+++ b/api/src/main/java/com/databasir/api/config/oauth2/DatabasirOauth2LoginFilter.java
@ -6,10 +6,12 @@ import com.databasir.core.infrastructure.oauth2.OAuthAppService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.stereotype.Component;
 import org.springframework.util.AntPathMatcher;

@ -32,9 +34,11 @@ public class DatabasirOauth2LoginFilter extends AbstractAuthenticationProcessing
    private DatabasirUserDetailService databasirUserDetailService;

    public DatabasirOauth2LoginFilter(AuthenticationManager authenticationManager,
-                                      OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler) {
+                                      OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler,
+                                      AuthenticationFailureHandler authenticationFailureHandler) {
        super(OAUTH_LOGIN_URI, authenticationManager);
        this.setAuthenticationSuccessHandler(oAuth2AuthenticationSuccessHandler);
+        this.setAuthenticationFailureHandler(authenticationFailureHandler);
    }

    @Override
@ -45,6 +49,9 @@ public class DatabasirOauth2LoginFilter extends AbstractAuthenticationProcessing
        UserDetailResponse userDetailResponse = oAuthAppService.oauthCallback(registrationId, params);
        UserDetails details = databasirUserDetailService.loadUserByUsername(userDetailResponse.getUsername());
        DatabasirOAuth2Authentication authentication = new DatabasirOAuth2Authentication(details);
+        if (!userDetailResponse.getEnabled()) {
+            throw new DisabledException("账号已禁用");
+        }
        authentication.setAuthenticated(true);
        if (log.isDebugEnabled()) {
            log.debug("login {} success", registrationId);
--- a/api/src/main/java/com/databasir/api/config/security/DatabasirAuthenticationFailureHandler.java
+++ b/api/src/main/java/com/databasir/api/config/security/DatabasirAuthenticationFailureHandler.java
@ -1,5 +1,6 @@
 package com.databasir.api.config.security;

+import com.databasir.core.infrastructure.oauth2.exception.DatabasirAuthenticationException;
 import com.databasir.common.JsonData;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.RequiredArgsConstructor;
@ -39,6 +40,12 @@ public class DatabasirAuthenticationFailureHandler implements AuthenticationFail
            String jsonString = objectMapper.writeValueAsString(data);
            response.setStatus(HttpStatus.OK.value());
            response.getOutputStream().write(jsonString.getBytes(StandardCharsets.UTF_8));
+        } else if (exception instanceof DatabasirAuthenticationException) {
+            DatabasirAuthenticationException bizException = (DatabasirAuthenticationException) exception;
+            JsonData<Void> data = JsonData.error("-1", bizException.getMessage());
+            String jsonString = objectMapper.writeValueAsString(data);
+            response.setStatus(HttpStatus.OK.value());
+            response.getOutputStream().write(jsonString.getBytes(StandardCharsets.UTF_8));
        } else {
            JsonData<Void> data = JsonData.error("-1", "未登录或未授权用户");
            String jsonString = objectMapper.writeValueAsString(data);
--- a/core/src/main/java/com/databasir/core/domain/DomainErrors.java
+++ b/core/src/main/java/com/databasir/core/domain/DomainErrors.java
@ -10,6 +10,7 @@ import lombok.RequiredArgsConstructor;
 public enum DomainErrors implements DatabasirErrors {
    REFRESH_TOKEN_EXPIRED("X_0001", "refresh token expired"),
    INVALID_REFRESH_TOKEN_OPERATION("X_0002", "invalid refresh token operation"),
+    NETWORK_ERROR("X_0003", "网络似乎不稳定，请稍后再试"),

    NOT_SUPPORT_DATABASE_TYPE("A_10000", "不支持的数据库类型, 请检查项目配置"),
    PROJECT_NOT_FOUND("A_10001", "项目不存在"),
--- a/core/src/main/java/com/databasir/core/infrastructure/oauth2/GithubOauthHandler.java
+++ b/core/src/main/java/com/databasir/core/infrastructure/oauth2/GithubOauthHandler.java
@ -1,6 +1,8 @@
 package com.databasir.core.infrastructure.oauth2;


+import com.databasir.core.domain.DomainErrors;
+import com.databasir.core.infrastructure.oauth2.exception.DatabasirAuthenticationException;
 import com.databasir.core.infrastructure.remote.github.GithubRemoteService;
 import com.databasir.dao.enums.OAuthAppType;
 import com.databasir.dao.impl.OAuthAppDao;
@ -51,9 +53,12 @@ public class GithubOauthHandler implements OAuthHandler {

        Map<String, String[]> params = context.getCallbackParameters();
        String code = params.get("code")[0];
-        String accessToken = githubRemoteService.getToken(baseUrl, clientId, clientSecret, code)
-                .get("access_token")
-                .asText();
+        JsonNode tokenNode = githubRemoteService.getToken(baseUrl, clientId, clientSecret, code)
+                .get("access_token");
+        if (tokenNode == null) {
+            throw new DatabasirAuthenticationException(DomainErrors.NETWORK_ERROR.exception());
+        }
+        String accessToken = tokenNode.asText();
        if (StringUtils.isBlank(accessToken)) {
            throw new CredentialsExpiredException("授权失效，请重新登陆");
        }
--- a/core/src/main/java/com/databasir/core/infrastructure/oauth2/OAuthAppService.java
+++ b/core/src/main/java/com/databasir/core/infrastructure/oauth2/OAuthAppService.java
@ -52,6 +52,7 @@ public class OAuthAppService {
                    user.setNickname(result.getNickname());
                    user.setEmail(result.getEmail());
                    user.setAvatar(result.getAvatar());
+                    user.setEnabled(true);
                    user.setPassword(UUID.randomUUID().toString().substring(0, 6));
                    Integer id = userService.create(user);
                    return userService.get(id);
--- a/core/src/main/java/com/databasir/core/infrastructure/oauth2/exception/DatabasirAuthenticationException.java
+++ b/core/src/main/java/com/databasir/core/infrastructure/oauth2/exception/DatabasirAuthenticationException.java
@ -0,0 +1,19 @@
+package com.databasir.core.infrastructure.oauth2.exception;
+
+import com.databasir.common.DatabasirException;
+import org.springframework.security.core.AuthenticationException;
+
+public class DatabasirAuthenticationException extends AuthenticationException {
+
+    public DatabasirAuthenticationException(DatabasirException databasirException) {
+        super(databasirException.getErrMessage(), databasirException);
+    }
+
+    public DatabasirAuthenticationException(String msg) {
+        super(msg);
+    }
+
+    public DatabasirAuthenticationException(String msg, Throwable cause) {
+        super(msg, cause);
+    }
+}
--- a/core/src/main/java/com/databasir/core/infrastructure/remote/github/GithubRemoteService.java
+++ b/core/src/main/java/com/databasir/core/infrastructure/remote/github/GithubRemoteService.java
@ -61,7 +61,7 @@ public class GithubRemoteService {
        try {
            Response<T> response = call.execute();
            if (!response.isSuccessful()) {
-                log.error("request error: " + call.request());
+                log.error("request error: " + call.request() + ", response = " + response);
                throw new SystemException("Call Remote Error");
            } else {
                T body = response.body();