From 668551350f3d06b9d4bb28ee5fca1f14b4574fb3 Mon Sep 17 00:00:00 2001 From: YunaiV Date: Tue, 24 May 2022 00:48:35 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E6=88=90=20SSO=20=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E7=9A=84=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../dal/mysql/oauth2/OAuth2ApproveMapper.java | 3 +- .../oauth2/OAuth2ApproveServiceImpl.java | 2 +- yudao-ui-admin/src/views/sso.vue | 82 +++++++++++-------- 3 files changed, 52 insertions(+), 35 deletions(-) diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/dal/mysql/oauth2/OAuth2ApproveMapper.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/dal/mysql/oauth2/OAuth2ApproveMapper.java index e881bbd99..61a976ff9 100644 --- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/dal/mysql/oauth2/OAuth2ApproveMapper.java +++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/dal/mysql/oauth2/OAuth2ApproveMapper.java @@ -14,7 +14,8 @@ public interface OAuth2ApproveMapper extends BaseMapperX { return update(updateObj, new LambdaQueryWrapperX() .eq(OAuth2ApproveDO::getUserId, updateObj.getUserId()) .eq(OAuth2ApproveDO::getUserType, updateObj.getUserType()) - .eq(OAuth2ApproveDO::getClientId, updateObj.getClientId())); + .eq(OAuth2ApproveDO::getClientId, updateObj.getClientId()) + .eq(OAuth2ApproveDO::getScope, updateObj.getScope())); } default List selectListByUserIdAndUserTypeAndClientId(Long userId, Integer userType, String clientId) { diff --git a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/oauth2/OAuth2ApproveServiceImpl.java b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/oauth2/OAuth2ApproveServiceImpl.java index d21cec590..b830278c8 100644 --- a/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/oauth2/OAuth2ApproveServiceImpl.java +++ b/yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/oauth2/OAuth2ApproveServiceImpl.java @@ -26,7 +26,7 @@ public class OAuth2ApproveServiceImpl implements OAuth2ApproveService { /** * 批准的过期时间,默认 30 天 */ - private static final Integer TIMEOUT = 30 * 24 * 60; // 单位:秒 + private static final Integer TIMEOUT = 30 * 24 * 60 * 60; // 单位:秒 @Resource private OAuth2ClientService oauth2ClientService; diff --git a/yudao-ui-admin/src/views/sso.vue b/yudao-ui-admin/src/views/sso.vue index 8091ba49b..043010901 100644 --- a/yudao-ui-admin/src/views/sso.vue +++ b/yudao-ui-admin/src/views/sso.vue @@ -15,7 +15,7 @@
- +
@@ -25,35 +25,23 @@ - -
- - - - - - - - - - - - - - - -
- + + 此第三方应用请求获得以下权限: + + + {{formatScope(scope)}} + + - 同意授权 - 登 录 中... + @click.native.prevent="handleAuthorize(true)"> + 统一授权 + 授 权 中... - 拒绝 + 拒绝
@@ -80,6 +68,7 @@ export default { tenantEnable: true, loginForm: { tenantName: "芋道源码", + scopes: [], // 已选中的 scope 数组 }, params: { // URL 上的 client_id、scope 等参数 responseType: undefined, @@ -92,7 +81,6 @@ export default { name: '', logo: '', }, - checkedScopes: [], // 已选中的 scope 数组 LoginRules: { tenantName: [ {required: true, trigger: "blur", message: "租户不能为空"}, @@ -114,8 +102,7 @@ export default { } ] }, - loading: false, - // + loading: false }; }, created() { @@ -169,7 +156,7 @@ export default { // 生成已选中的 checkedScopes for (const scope of scopes) { if (scope.value) { - this.checkedScopes.push(scope.key) + this.loginForm.scopes.push(scope.key) } } }) @@ -178,21 +165,50 @@ export default { getCookie() { const tenantName = getTenantName(); this.loginForm = { + ...this.loginForm, tenantName: tenantName ? tenantName : this.loginForm.tenantName, }; }, - handleLogin() { + handleAuthorize(approved) { this.$refs.loginForm.validate(valid => { if (!valid) { return } - - + this.loading = true + // 计算 checkedScopes + uncheckedScopes + let checkedScopes; + let uncheckedScopes; + if (approved) { // 同意授权,按照用户的选择 + checkedScopes = this.loginForm.scopes + uncheckedScopes = this.params.scopes.filter(item => checkedScopes.indexOf(item) === -1) + } else { // 拒绝,则都是取消 + checkedScopes = [] + uncheckedScopes = this.params.scopes + } + // 提交授权的请求 + this.doAuthorize(false, checkedScopes, uncheckedScopes).then(res => { + const href = res.data + if (!href) { + return; + } + location.href = href + }).finally(() => { + this.loading = false + }) }) }, doAuthorize(autoApprove, checkedScopes, uncheckedScopes) { return authorize(this.params.responseType, this.params.clientId, this.params.redirectUri, this.params.state, autoApprove, checkedScopes, uncheckedScopes) + }, + formatScope(scope) { + // 格式化 scope 授权范围,方便用户理解。 + // 这里仅仅是一个 demo,可以考虑录入到字典数据中,例如说字典类型 "system_oauth2_scope",它的每个 scope 都是一条字典数据。 + switch (scope) { + case 'user.read': return '访问你的个人信息' + case 'user.write': return '修改你的个人信息' + default: return scope + } } } };