完成 SSO 登录的功能
This commit is contained in:
parent
d18463866e
commit
668551350f
@ -14,7 +14,8 @@ public interface OAuth2ApproveMapper extends BaseMapperX<OAuth2ApproveDO> {
|
|||||||
return update(updateObj, new LambdaQueryWrapperX<OAuth2ApproveDO>()
|
return update(updateObj, new LambdaQueryWrapperX<OAuth2ApproveDO>()
|
||||||
.eq(OAuth2ApproveDO::getUserId, updateObj.getUserId())
|
.eq(OAuth2ApproveDO::getUserId, updateObj.getUserId())
|
||||||
.eq(OAuth2ApproveDO::getUserType, updateObj.getUserType())
|
.eq(OAuth2ApproveDO::getUserType, updateObj.getUserType())
|
||||||
.eq(OAuth2ApproveDO::getClientId, updateObj.getClientId()));
|
.eq(OAuth2ApproveDO::getClientId, updateObj.getClientId())
|
||||||
|
.eq(OAuth2ApproveDO::getScope, updateObj.getScope()));
|
||||||
}
|
}
|
||||||
|
|
||||||
default List<OAuth2ApproveDO> selectListByUserIdAndUserTypeAndClientId(Long userId, Integer userType, String clientId) {
|
default List<OAuth2ApproveDO> selectListByUserIdAndUserTypeAndClientId(Long userId, Integer userType, String clientId) {
|
||||||
|
@ -26,7 +26,7 @@ public class OAuth2ApproveServiceImpl implements OAuth2ApproveService {
|
|||||||
/**
|
/**
|
||||||
* 批准的过期时间,默认 30 天
|
* 批准的过期时间,默认 30 天
|
||||||
*/
|
*/
|
||||||
private static final Integer TIMEOUT = 30 * 24 * 60; // 单位:秒
|
private static final Integer TIMEOUT = 30 * 24 * 60 * 60; // 单位:秒
|
||||||
|
|
||||||
@Resource
|
@Resource
|
||||||
private OAuth2ClientService oauth2ClientService;
|
private OAuth2ClientService oauth2ClientService;
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
<!-- 表单 -->
|
<!-- 表单 -->
|
||||||
<div class="form-cont">
|
<div class="form-cont">
|
||||||
<el-tabs class="form" style=" float:none;" value="uname">
|
<el-tabs class="form" style=" float:none;" value="uname">
|
||||||
<el-tab-pane label="三方授权" name="uname">
|
<el-tab-pane :label="'三方授权(' + client.name + ')'" name="uname">
|
||||||
</el-tab-pane>
|
</el-tab-pane>
|
||||||
</el-tabs>
|
</el-tabs>
|
||||||
<div>
|
<div>
|
||||||
@ -25,35 +25,23 @@
|
|||||||
<svg-icon slot="prefix" icon-class="tree" class="el-input__icon input-icon"/>
|
<svg-icon slot="prefix" icon-class="tree" class="el-input__icon input-icon"/>
|
||||||
</el-input>
|
</el-input>
|
||||||
</el-form-item>
|
</el-form-item>
|
||||||
<!-- 账号密码登录 -->
|
<!-- 授权范围的选择 -->
|
||||||
<div v-if="loginForm.loginType === 'uname'">
|
此第三方应用请求获得以下权限:
|
||||||
<el-form-item prop="username">
|
<el-form-item prop="scopes">
|
||||||
<el-input v-model="loginForm.username" type="text" auto-complete="off" placeholder="账号">
|
<el-checkbox-group v-model="loginForm.scopes">
|
||||||
<svg-icon slot="prefix" icon-class="user" class="el-input__icon input-icon"/>
|
<el-checkbox v-for="scope in params.scopes" :label="scope" :key="scope"
|
||||||
</el-input>
|
style="display: block; margin-bottom: -10px;">{{formatScope(scope)}}</el-checkbox>
|
||||||
|
</el-checkbox-group>
|
||||||
</el-form-item>
|
</el-form-item>
|
||||||
<el-form-item prop="password">
|
|
||||||
<el-input v-model="loginForm.password" type="password" auto-complete="off" placeholder="密码"
|
|
||||||
@keyup.enter.native="handleLogin">
|
|
||||||
<svg-icon slot="prefix" icon-class="password" class="el-input__icon input-icon"/>
|
|
||||||
</el-input>
|
|
||||||
</el-form-item>
|
|
||||||
<el-form-item prop="code" v-if="captchaEnable">
|
|
||||||
<el-input v-model="loginForm.code" auto-complete="off" placeholder="验证码" style="width: 63%"
|
|
||||||
@keyup.enter.native="handleLogin">
|
|
||||||
<svg-icon slot="prefix" icon-class="validCode" class="el-input__icon input-icon"/>
|
|
||||||
</el-input>
|
|
||||||
</el-form-item>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
<!-- 下方的登录按钮 -->
|
<!-- 下方的登录按钮 -->
|
||||||
<el-form-item style="width:100%;">
|
<el-form-item style="width:100%;">
|
||||||
<el-button :loading="loading" size="medium" type="primary" style="width:60%;"
|
<el-button :loading="loading" size="medium" type="primary" style="width:60%;"
|
||||||
@click.native.prevent="handleLogin">
|
@click.native.prevent="handleAuthorize(true)">
|
||||||
<span v-if="!loading">同意授权</span>
|
<span v-if="!loading">统一授权</span>
|
||||||
<span v-else>登 录 中...</span>
|
<span v-else>授 权 中...</span>
|
||||||
</el-button>
|
</el-button>
|
||||||
<el-button size="medium" style="width:36%">拒绝</el-button>
|
<el-button size="medium" style="width:36%"
|
||||||
|
@click.native.prevent="handleAuthorize(false)">拒绝</el-button>
|
||||||
</el-form-item>
|
</el-form-item>
|
||||||
</el-form>
|
</el-form>
|
||||||
</div>
|
</div>
|
||||||
@ -80,6 +68,7 @@ export default {
|
|||||||
tenantEnable: true,
|
tenantEnable: true,
|
||||||
loginForm: {
|
loginForm: {
|
||||||
tenantName: "芋道源码",
|
tenantName: "芋道源码",
|
||||||
|
scopes: [], // 已选中的 scope 数组
|
||||||
},
|
},
|
||||||
params: { // URL 上的 client_id、scope 等参数
|
params: { // URL 上的 client_id、scope 等参数
|
||||||
responseType: undefined,
|
responseType: undefined,
|
||||||
@ -92,7 +81,6 @@ export default {
|
|||||||
name: '',
|
name: '',
|
||||||
logo: '',
|
logo: '',
|
||||||
},
|
},
|
||||||
checkedScopes: [], // 已选中的 scope 数组
|
|
||||||
LoginRules: {
|
LoginRules: {
|
||||||
tenantName: [
|
tenantName: [
|
||||||
{required: true, trigger: "blur", message: "租户不能为空"},
|
{required: true, trigger: "blur", message: "租户不能为空"},
|
||||||
@ -114,8 +102,7 @@ export default {
|
|||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
loading: false,
|
loading: false
|
||||||
//
|
|
||||||
};
|
};
|
||||||
},
|
},
|
||||||
created() {
|
created() {
|
||||||
@ -169,7 +156,7 @@ export default {
|
|||||||
// 生成已选中的 checkedScopes
|
// 生成已选中的 checkedScopes
|
||||||
for (const scope of scopes) {
|
for (const scope of scopes) {
|
||||||
if (scope.value) {
|
if (scope.value) {
|
||||||
this.checkedScopes.push(scope.key)
|
this.loginForm.scopes.push(scope.key)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
@ -178,21 +165,50 @@ export default {
|
|||||||
getCookie() {
|
getCookie() {
|
||||||
const tenantName = getTenantName();
|
const tenantName = getTenantName();
|
||||||
this.loginForm = {
|
this.loginForm = {
|
||||||
|
...this.loginForm,
|
||||||
tenantName: tenantName ? tenantName : this.loginForm.tenantName,
|
tenantName: tenantName ? tenantName : this.loginForm.tenantName,
|
||||||
};
|
};
|
||||||
},
|
},
|
||||||
handleLogin() {
|
handleAuthorize(approved) {
|
||||||
this.$refs.loginForm.validate(valid => {
|
this.$refs.loginForm.validate(valid => {
|
||||||
if (!valid) {
|
if (!valid) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
this.loading = true
|
||||||
|
// 计算 checkedScopes + uncheckedScopes
|
||||||
|
let checkedScopes;
|
||||||
|
let uncheckedScopes;
|
||||||
|
if (approved) { // 同意授权,按照用户的选择
|
||||||
|
checkedScopes = this.loginForm.scopes
|
||||||
|
uncheckedScopes = this.params.scopes.filter(item => checkedScopes.indexOf(item) === -1)
|
||||||
|
} else { // 拒绝,则都是取消
|
||||||
|
checkedScopes = []
|
||||||
|
uncheckedScopes = this.params.scopes
|
||||||
|
}
|
||||||
|
// 提交授权的请求
|
||||||
|
this.doAuthorize(false, checkedScopes, uncheckedScopes).then(res => {
|
||||||
|
const href = res.data
|
||||||
|
if (!href) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
location.href = href
|
||||||
|
}).finally(() => {
|
||||||
|
this.loading = false
|
||||||
|
})
|
||||||
})
|
})
|
||||||
},
|
},
|
||||||
doAuthorize(autoApprove, checkedScopes, uncheckedScopes) {
|
doAuthorize(autoApprove, checkedScopes, uncheckedScopes) {
|
||||||
return authorize(this.params.responseType, this.params.clientId, this.params.redirectUri, this.params.state,
|
return authorize(this.params.responseType, this.params.clientId, this.params.redirectUri, this.params.state,
|
||||||
autoApprove, checkedScopes, uncheckedScopes)
|
autoApprove, checkedScopes, uncheckedScopes)
|
||||||
|
},
|
||||||
|
formatScope(scope) {
|
||||||
|
// 格式化 scope 授权范围,方便用户理解。
|
||||||
|
// 这里仅仅是一个 demo,可以考虑录入到字典数据中,例如说字典类型 "system_oauth2_scope",它的每个 scope 都是一条字典数据。
|
||||||
|
switch (scope) {
|
||||||
|
case 'user.read': return '访问你的个人信息'
|
||||||
|
case 'user.write': return '修改你的个人信息'
|
||||||
|
default: return scope
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user