From 205cbc117d1a0f4358603701bb2d3e96096d400d Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 16 Jul 2024 12:06:05 +0800 Subject: [PATCH 01/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/pojo/Oauth2AccessTokenRequest.kt | 25 +++++++--- .../pojo/Oauth2AuthorizationCodeRequest.kt | 16 +++++++ .../devops/auth/pojo/Oauth2PassWordRequest.kt | 18 +++++++ .../auth/pojo/Oauth2RefreshTokenRequest.kt | 16 +++++++ .../auth/pojo/dto/Oauth2AccessTokenDTO.kt | 2 + .../devops/auth/pojo/enum/Oauth2GrantType.kt | 3 ++ .../auth/dao/AuthOauth2AccessTokenDao.kt | 5 ++ .../oauth2/Oauth2AccessTokenService.kt | 6 ++- .../auth/service/oauth2/Oauth2Config.kt | 47 ------------------- .../service/oauth2/Oauth2EndpointService.kt | 12 +++-- .../oauth2/Oauth2RefreshTokenService.kt | 2 +- .../oauth2/grant/AbstractTokenGranter.kt | 21 ++++----- .../grant/AuthorizationCodeTokenGranter.kt | 15 +++--- .../grant/ClientCredentialsTokenGranter.kt | 18 ++++--- .../oauth2/grant/CompositeTokenGranter.kt | 23 --------- .../oauth2/grant/Oauth2TokenGranterFactory.kt | 22 +++++++++ .../oauth2/grant/PassWordTokenGranter.kt | 42 +++++++++++++++++ .../oauth2/grant/RefreshTokenGranter.kt | 13 ++--- .../auth/service/oauth2/grant/TokenGranter.kt | 11 +++-- .../AuthorizationCodeTokenGranterTest.kt | 8 ++-- .../service/oauth2/RefreshTokenGranterTest.kt | 7 ++- support-files/sql/1001_ci_auth_ddl_mysql.sql | 1 + .../2020_ci_auth-update_v2.0_mysql.sql | 8 ++++ 23 files changed, 212 insertions(+), 129 deletions(-) create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AuthorizationCodeRequest.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2PassWordRequest.kt create mode 100644 src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2RefreshTokenRequest.kt delete mode 100644 src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2Config.kt delete mode 100644 src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/CompositeTokenGranter.kt create mode 100644 src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/Oauth2TokenGranterFactory.kt create mode 100644 src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/PassWordTokenGranter.kt diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt index 44c0f99d406..caf04611d3c 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt @@ -1,13 +1,24 @@ package com.tencent.devops.auth.pojo +import com.fasterxml.jackson.annotation.JsonSubTypes +import com.fasterxml.jackson.annotation.JsonTypeInfo +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import io.swagger.v3.oas.annotations.media.Schema @Schema(title = "oauth2获取token请求报文体") -data class Oauth2AccessTokenRequest( - @get:Schema(title = "授权类型", required = true) - val grantType: String, - @get:Schema(title = "授权码,用于授权码模式", required = false) - val code: String? = null, - @get:Schema(title = "refreshToken,用于刷新授权码模式", required = false) - val refreshToken: String? = null +@JsonTypeInfo( + use = JsonTypeInfo.Id.NAME, + include = JsonTypeInfo.As.EXISTING_PROPERTY, + property = "grantType", + visible = true, + defaultImpl = Oauth2AccessTokenRequest::class +) +@JsonSubTypes( + JsonSubTypes.Type(value = Oauth2AuthorizationCodeRequest::class, name = Oauth2AuthorizationCodeRequest.TYPE), + JsonSubTypes.Type(value = Oauth2PassWordRequest::class, name = Oauth2PassWordRequest.TYPE), + JsonSubTypes.Type(value = Oauth2RefreshTokenRequest::class, name = Oauth2RefreshTokenRequest.TYPE), ) +interface Oauth2AccessTokenRequest { + @get:Schema(title = "授权类型", required = true) + open val grantType: Oauth2GrantType +} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AuthorizationCodeRequest.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AuthorizationCodeRequest.kt new file mode 100644 index 00000000000..11ddb3a443f --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AuthorizationCodeRequest.kt @@ -0,0 +1,16 @@ +package com.tencent.devops.auth.pojo + +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType +import io.swagger.v3.oas.annotations.media.Schema + +@Schema(title = "授权码模式获取token请求报文体") +data class Oauth2AuthorizationCodeRequest( + @get:Schema(title = "授权类型", required = true) + override val grantType: Oauth2GrantType, + @get:Schema(title = "授权码,用于授权码模式", required = false) + val code: String +) : Oauth2AccessTokenRequest { + companion object { + const val TYPE = "AUTHORIZATION_CODE" + } +} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2PassWordRequest.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2PassWordRequest.kt new file mode 100644 index 00000000000..2a99f34fa02 --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2PassWordRequest.kt @@ -0,0 +1,18 @@ +package com.tencent.devops.auth.pojo + +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType +import io.swagger.v3.oas.annotations.media.Schema + +@Schema(title = "密码模式获取token请求报文体") +data class Oauth2PassWordRequest( + @get:Schema(title = "授权类型", required = true) + override val grantType: Oauth2GrantType, + @get:Schema(title = "账号名称,用于密码模式", required = false) + val userName: String? = null, + @get:Schema(title = "密码,用于密码模式", required = false) + val passWord: String? = null +) : Oauth2AccessTokenRequest { + companion object { + const val TYPE = "PASS_WORD" + } +} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2RefreshTokenRequest.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2RefreshTokenRequest.kt new file mode 100644 index 00000000000..4cae3bb0b7a --- /dev/null +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2RefreshTokenRequest.kt @@ -0,0 +1,16 @@ +package com.tencent.devops.auth.pojo + +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType +import io.swagger.v3.oas.annotations.media.Schema + +@Schema(title = "客户端模式获取token请求报文体") +data class Oauth2RefreshTokenRequest( + @get:Schema(title = "授权类型", required = true) + override val grantType: Oauth2GrantType, + @get:Schema(title = "刷新码,用于刷新授权码模式", required = false) + val refreshToken: String +) : Oauth2AccessTokenRequest { + companion object { + const val TYPE = "REFRESH_TOKEN" + } +} diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/Oauth2AccessTokenDTO.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/Oauth2AccessTokenDTO.kt index 1e932e47054..eb533880b26 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/Oauth2AccessTokenDTO.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/Oauth2AccessTokenDTO.kt @@ -12,6 +12,8 @@ data class Oauth2AccessTokenDTO( val expiredTime: Long? = null, @get:Schema(title = "accessToken绑定的用户名称", required = true) val userName: String? = null, + @get:Schema(title = "accessToken绑定的密码", required = true) + val passWord: String? = null, @get:Schema(title = "授权范围Id", required = true) val scopeId: Int ) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/Oauth2GrantType.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/Oauth2GrantType.kt index 73fa82bcd28..18567753935 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/Oauth2GrantType.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/enum/Oauth2GrantType.kt @@ -35,6 +35,9 @@ enum class Oauth2GrantType(val grantType: String) { // 客户端模式 CLIENT_CREDENTIALS("client_credentials"), + // 密码模式 + PASS_WORD("pass_word"), + // 刷新token模式 REFRESH_TOKEN("refresh_token"); } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthOauth2AccessTokenDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthOauth2AccessTokenDao.kt index 9ec35bd5e19..179f40d2667 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthOauth2AccessTokenDao.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthOauth2AccessTokenDao.kt @@ -14,6 +14,7 @@ class AuthOauth2AccessTokenDao { accessToken: String? = null, refreshToken: String? = null, userName: String? = null, + passWord: String? = null, grantType: String? = null ): TAuthOauth2AccessTokenRecord? { return with(TAuthOauth2AccessToken.T_AUTH_OAUTH2_ACCESS_TOKEN) { @@ -21,6 +22,7 @@ class AuthOauth2AccessTokenDao { .where(CLIENT_ID.eq(clientId)) .apply { accessToken?.let { and(ACCESS_TOKEN.eq(it)) } } .apply { userName?.let { and(USER_NAME.eq(it)) } } + .apply { passWord?.let { and(PASS_WORD.eq(it)) } } .apply { grantType?.let { and(GRANT_TYPE.eq(it)) } } .apply { refreshToken?.let { and(REFRESH_TOKEN.eq(it)) } } .fetchOne() @@ -43,6 +45,7 @@ class AuthOauth2AccessTokenDao { dslContext: DSLContext, clientId: String, userName: String?, + passWord: String?, grantType: String, accessToken: String, refreshToken: String? = null, @@ -54,6 +57,7 @@ class AuthOauth2AccessTokenDao { this, CLIENT_ID, USER_NAME, + PASS_WORD, GRANT_TYPE, ACCESS_TOKEN, REFRESH_TOKEN, @@ -62,6 +66,7 @@ class AuthOauth2AccessTokenDao { ).values( clientId, userName, + passWord, grantType, accessToken, refreshToken, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt index 89aad1d245e..b215bc35dff 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt @@ -8,7 +8,7 @@ import org.jooq.DSLContext import org.springframework.stereotype.Service @Service -class Oauth2AccessTokenService constructor( +class Oauth2AccessTokenService( private val oauth2AccessTokenDao: AuthOauth2AccessTokenDao, private val dslContext: DSLContext ) { @@ -31,6 +31,7 @@ class Oauth2AccessTokenService constructor( clientId: String, refreshToken: String? = null, userName: String? = null, + passWord: String? = null, grantType: String? = null ): TAuthOauth2AccessTokenRecord? { return oauth2AccessTokenDao.get( @@ -38,6 +39,7 @@ class Oauth2AccessTokenService constructor( clientId = clientId, refreshToken = refreshToken, userName = userName, + passWord = passWord, grantType = grantType ) } @@ -46,6 +48,7 @@ class Oauth2AccessTokenService constructor( fun create( clientId: String, userName: String?, + passWord: String?, grantType: String, accessToken: String, refreshToken: String?, @@ -56,6 +59,7 @@ class Oauth2AccessTokenService constructor( dslContext = dslContext, clientId = clientId, userName = userName, + passWord = passWord, grantType = grantType, accessToken = accessToken, refreshToken = refreshToken, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2Config.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2Config.kt deleted file mode 100644 index 1e3b730930e..00000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2Config.kt +++ /dev/null @@ -1,47 +0,0 @@ -package com.tencent.devops.auth.service.oauth2 - -import com.tencent.devops.auth.service.oauth2.grant.AuthorizationCodeTokenGranter -import com.tencent.devops.auth.service.oauth2.grant.ClientCredentialsTokenGranter -import com.tencent.devops.auth.service.oauth2.grant.CompositeTokenGranter -import com.tencent.devops.auth.service.oauth2.grant.RefreshTokenGranter -import com.tencent.devops.auth.service.oauth2.grant.TokenGranter -import org.springframework.context.annotation.Bean -import org.springframework.context.annotation.Configuration - -@Configuration -@Suppress("LongParameterList") -class Oauth2Config constructor( - private val oauth2ClientService: Oauth2ClientService, - private val codeService: Oauth2CodeService, - private val scopeService: Oauth2ScopeService, - private val accessTokenService: Oauth2AccessTokenService, - private val clientCredentialsTokenGranter: ClientCredentialsTokenGranter, - private val authorizationCodeTokenGranter: AuthorizationCodeTokenGranter, - private val refreshTokenGranter: RefreshTokenGranter, - private val scopeOperationService: Oauth2ScopeOperationService -) { - @Bean - fun oauth2EndpointService(): Oauth2EndpointService { - return Oauth2EndpointService( - tokenGranter = compositeTokenGranter(), - clientService = oauth2ClientService, - codeService = codeService, - scopeService = scopeService, - accessTokenService = accessTokenService, - scopeOperationService = scopeOperationService - ) - } - - @Bean - fun compositeTokenGranter(): TokenGranter { - return CompositeTokenGranter(getDefaultTokenGranters()) - } - - private fun getDefaultTokenGranters(): List { - val tokenGranters = mutableListOf() - tokenGranters.add(clientCredentialsTokenGranter) - tokenGranters.add(authorizationCodeTokenGranter) - tokenGranters.add(refreshTokenGranter) - return tokenGranters - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt index 79bc961aedf..da3022e4601 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt @@ -6,14 +6,16 @@ import com.tencent.devops.auth.pojo.dto.Oauth2AuthorizationCodeDTO import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.pojo.vo.Oauth2AccessTokenVo import com.tencent.devops.auth.pojo.vo.Oauth2AuthorizationInfoVo +import com.tencent.devops.auth.service.oauth2.grant.Oauth2TokenGranterFactory import com.tencent.devops.auth.service.oauth2.grant.TokenGranter import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.util.UUIDUtil import com.tencent.devops.common.auth.utils.AuthUtils import org.slf4j.LoggerFactory +import org.springframework.stereotype.Service -class Oauth2EndpointService constructor( - private val tokenGranter: TokenGranter, +@Service +class Oauth2EndpointService( private val clientService: Oauth2ClientService, private val codeService: Oauth2CodeService, private val scopeService: Oauth2ScopeService, @@ -89,11 +91,11 @@ class Oauth2EndpointService constructor( clientService.verifyClientInformation( clientId = clientId, clientSecret = clientSecret, - grantType = grantType, + grantType = grantType.grantType, clientDetails = clientDetails ) - return tokenGranter.grant( - grantType = grantType, + val granter = Oauth2TokenGranterFactory.getTokenGranter(accessTokenRequest) + return granter.grant( clientDetails = clientDetails, accessTokenRequest = accessTokenRequest ) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2RefreshTokenService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2RefreshTokenService.kt index 34202e60230..4a69f38c147 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2RefreshTokenService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2RefreshTokenService.kt @@ -9,7 +9,7 @@ import org.jooq.DSLContext import org.springframework.stereotype.Service @Service -class Oauth2RefreshTokenService constructor( +class Oauth2RefreshTokenService( private val authOauth2RefreshTokenDao: AuthOauth2RefreshTokenDao, private val dslContext: DSLContext ) { diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt index 2b453afddb4..61c0e05be30 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt @@ -8,32 +8,26 @@ import com.tencent.devops.auth.service.oauth2.Oauth2AccessTokenService import com.tencent.devops.common.api.util.DateTimeUtil import com.tencent.devops.common.api.util.UUIDUtil import com.tencent.devops.common.auth.utils.AuthUtils +import org.springframework.beans.factory.annotation.Autowired -abstract class AbstractTokenGranter( - private val grantType: String, - private val accessTokenService: Oauth2AccessTokenService -) : TokenGranter { +abstract class AbstractTokenGranter( + val accessTokenService: Oauth2AccessTokenService +) : TokenGranter { override fun grant( - grantType: String, clientDetails: ClientDetailsInfo, - accessTokenRequest: Oauth2AccessTokenRequest + accessTokenRequest: T ): Oauth2AccessTokenVo? { - if (this.grantType != grantType) { - return null - } val accessTokenDTO = getAccessToken( accessTokenRequest = accessTokenRequest, clientDetails = clientDetails ) return handleAccessToken( - accessTokenRequest = accessTokenRequest, accessTokenDTO = accessTokenDTO, clientDetails = clientDetails ) } private fun handleAccessToken( - accessTokenRequest: Oauth2AccessTokenRequest, accessTokenDTO: Oauth2AccessTokenDTO, clientDetails: ClientDetailsInfo ): Oauth2AccessTokenVo { @@ -53,7 +47,8 @@ abstract class AbstractTokenGranter( accessTokenService.create( clientId = clientId, userName = accessTokenDTO.userName, - grantType = grantType, + passWord = accessTokenDTO.passWord, + grantType = type().grantType, accessToken = newAccessToken, refreshToken = refreshToken, expiredTime = accessTokenExpiredTime, @@ -72,7 +67,7 @@ abstract class AbstractTokenGranter( } abstract fun getAccessToken( - accessTokenRequest: Oauth2AccessTokenRequest, + accessTokenRequest: T, clientDetails: ClientDetailsInfo ): Oauth2AccessTokenDTO } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AuthorizationCodeTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AuthorizationCodeTokenGranter.kt index 8e080517c77..5b03d05c1b6 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AuthorizationCodeTokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AuthorizationCodeTokenGranter.kt @@ -1,7 +1,7 @@ package com.tencent.devops.auth.service.oauth2.grant import com.tencent.devops.auth.pojo.ClientDetailsInfo -import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.Oauth2AuthorizationCodeRequest import com.tencent.devops.auth.pojo.dto.Oauth2AccessTokenDTO import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.service.oauth2.Oauth2AccessTokenService @@ -15,16 +15,15 @@ import com.tencent.devops.model.auth.tables.records.TAuthOauth2CodeRecord import org.springframework.stereotype.Service @Service -class AuthorizationCodeTokenGranter constructor( +class AuthorizationCodeTokenGranter( private val codeService: Oauth2CodeService, - private val accessTokenService: Oauth2AccessTokenService, - private val refreshTokenService: Oauth2RefreshTokenService -) : AbstractTokenGranter( - grantType = Oauth2GrantType.AUTHORIZATION_CODE.grantType, + private val refreshTokenService: Oauth2RefreshTokenService, + accessTokenService: Oauth2AccessTokenService +) : AbstractTokenGranter( accessTokenService = accessTokenService ) { override fun getAccessToken( - accessTokenRequest: Oauth2AccessTokenRequest, + accessTokenRequest: Oauth2AuthorizationCodeRequest, clientDetails: ClientDetailsInfo ): Oauth2AccessTokenDTO { val clientId = clientDetails.clientId @@ -92,4 +91,6 @@ class AuthorizationCodeTokenGranter constructor( newRefreshToken } } + + override fun type(): Oauth2GrantType = Oauth2GrantType.AUTHORIZATION_CODE } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt index 93305a34fae..9884b4b5a30 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt @@ -9,16 +9,12 @@ import com.tencent.devops.auth.service.oauth2.Oauth2ScopeService import org.springframework.stereotype.Service @Service -class ClientCredentialsTokenGranter constructor( - private val accessTokenService: Oauth2AccessTokenService, - private val oauth2ScopeService: Oauth2ScopeService -) : AbstractTokenGranter( - grantType = GRANT_TYPE, - accessTokenService = accessTokenService +class ClientCredentialsTokenGranter( + private val oauth2ScopeService: Oauth2ScopeService, + accessTokenService: Oauth2AccessTokenService +) : AbstractTokenGranter( + accessTokenService = accessTokenService ) { - companion object { - private val GRANT_TYPE = Oauth2GrantType.CLIENT_CREDENTIALS.grantType - } override fun getAccessToken( accessTokenRequest: Oauth2AccessTokenRequest, @@ -26,7 +22,7 @@ class ClientCredentialsTokenGranter constructor( ): Oauth2AccessTokenDTO { val accessTokenInfo = accessTokenService.get( clientId = clientDetails.clientId, - grantType = GRANT_TYPE + grantType = type().grantType ) val scopeId = oauth2ScopeService.create( scope = clientDetails.scope @@ -38,4 +34,6 @@ class ClientCredentialsTokenGranter constructor( scopeId = scopeId ) } + + override fun type(): Oauth2GrantType = Oauth2GrantType.CLIENT_CREDENTIALS } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/CompositeTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/CompositeTokenGranter.kt deleted file mode 100644 index ca2565d512c..00000000000 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/CompositeTokenGranter.kt +++ /dev/null @@ -1,23 +0,0 @@ -package com.tencent.devops.auth.service.oauth2.grant - -import com.tencent.devops.auth.pojo.ClientDetailsInfo -import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest -import com.tencent.devops.auth.pojo.vo.Oauth2AccessTokenVo - -class CompositeTokenGranter constructor( - private val tokenGranters: List -) : TokenGranter { - override fun grant( - grantType: String, - clientDetails: ClientDetailsInfo, - accessTokenRequest: Oauth2AccessTokenRequest - ): Oauth2AccessTokenVo? { - for (granter in tokenGranters) { - val grant = granter.grant(grantType, clientDetails, accessTokenRequest) - if (grant != null) { - return grant - } - } - return null - } -} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/Oauth2TokenGranterFactory.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/Oauth2TokenGranterFactory.kt new file mode 100644 index 00000000000..3d36cd35c9c --- /dev/null +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/Oauth2TokenGranterFactory.kt @@ -0,0 +1,22 @@ +package com.tencent.devops.auth.service.oauth2.grant + +import com.tencent.devops.auth.constant.AuthMessageCode +import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.common.api.exception.ErrorCodeException +import com.tencent.devops.common.service.utils.SpringContextUtil + +object Oauth2TokenGranterFactory { + fun getTokenGranter(accessTokenRequest: T): TokenGranter { + val tokenGranters = SpringContextUtil.getBeansWithClass(TokenGranter::class.java) + val grantType = accessTokenRequest.grantType + for (tokenGranter in tokenGranters) { + if (grantType == tokenGranter.type()) { + return (tokenGranter as TokenGranter) + } + } + throw ErrorCodeException( + errorCode = AuthMessageCode.INVALID_AUTHORIZATION_TYPE, + defaultMessage = "The client does not support $grantType type" + ) + } +} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/PassWordTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/PassWordTokenGranter.kt new file mode 100644 index 00000000000..4b29f5f251d --- /dev/null +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/PassWordTokenGranter.kt @@ -0,0 +1,42 @@ +package com.tencent.devops.auth.service.oauth2.grant + +import com.tencent.devops.auth.pojo.ClientDetailsInfo +import com.tencent.devops.auth.pojo.Oauth2PassWordRequest +import com.tencent.devops.auth.pojo.dto.Oauth2AccessTokenDTO +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType +import com.tencent.devops.auth.service.oauth2.Oauth2AccessTokenService +import com.tencent.devops.auth.service.oauth2.Oauth2ScopeService +import org.springframework.stereotype.Service + +@Service +class PassWordTokenGranter( + private val oauth2ScopeService: Oauth2ScopeService, + accessTokenService: Oauth2AccessTokenService +) : AbstractTokenGranter( + accessTokenService = accessTokenService +) { + override fun getAccessToken( + accessTokenRequest: Oauth2PassWordRequest, + clientDetails: ClientDetailsInfo + ): Oauth2AccessTokenDTO { + val accessTokenInfo = accessTokenService.get( + clientId = clientDetails.clientId, + userName = accessTokenRequest.userName, + passWord = accessTokenRequest.passWord, + grantType = type().grantType + ) + val scopeId = oauth2ScopeService.create( + scope = clientDetails.scope + ) + + return Oauth2AccessTokenDTO( + userName = accessTokenRequest.userName, + passWord = accessTokenRequest.passWord, + accessToken = accessTokenInfo?.accessToken, + expiredTime = accessTokenInfo?.expiredTime, + scopeId = scopeId + ) + } + + override fun type(): Oauth2GrantType = Oauth2GrantType.PASS_WORD +} diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/RefreshTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/RefreshTokenGranter.kt index 9ab95d12c51..63c5dceb45f 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/RefreshTokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/RefreshTokenGranter.kt @@ -3,7 +3,7 @@ package com.tencent.devops.auth.service.oauth2.grant import com.tencent.devops.auth.constant.AuthMessageCode import com.tencent.devops.auth.constant.AuthMessageCode.ERROR_REFRESH_TOKEN_EXPIRED import com.tencent.devops.auth.pojo.ClientDetailsInfo -import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.Oauth2RefreshTokenRequest import com.tencent.devops.auth.pojo.dto.Oauth2AccessTokenDTO import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.service.oauth2.Oauth2AccessTokenService @@ -14,14 +14,13 @@ import org.springframework.stereotype.Service @Service class RefreshTokenGranter( - private val accessTokenService: Oauth2AccessTokenService, - private val refreshTokenService: Oauth2RefreshTokenService -) : AbstractTokenGranter( - grantType = Oauth2GrantType.REFRESH_TOKEN.grantType, + private val refreshTokenService: Oauth2RefreshTokenService, + accessTokenService: Oauth2AccessTokenService +) : AbstractTokenGranter( accessTokenService = accessTokenService ) { override fun getAccessToken( - accessTokenRequest: Oauth2AccessTokenRequest, + accessTokenRequest: Oauth2RefreshTokenRequest, clientDetails: ClientDetailsInfo ): Oauth2AccessTokenDTO { val refreshToken = accessTokenRequest.refreshToken @@ -63,4 +62,6 @@ class RefreshTokenGranter( scopeId = accessTokenInfo.scopeId ) } + + override fun type(): Oauth2GrantType = Oauth2GrantType.REFRESH_TOKEN } diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/TokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/TokenGranter.kt index 0d798547f39..74fb029c04a 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/TokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/TokenGranter.kt @@ -2,12 +2,17 @@ package com.tencent.devops.auth.service.oauth2.grant import com.tencent.devops.auth.pojo.ClientDetailsInfo import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.pojo.vo.Oauth2AccessTokenVo -interface TokenGranter { +interface TokenGranter { fun grant( - grantType: String, clientDetails: ClientDetailsInfo, - accessTokenRequest: Oauth2AccessTokenRequest + accessTokenRequest: T ): Oauth2AccessTokenVo? + + /** + * 支持类型 + */ + fun type(): Oauth2GrantType } diff --git a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt index 0c8e1bdb6f9..cca6cb3722d 100644 --- a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt +++ b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt @@ -18,16 +18,14 @@ import java.time.LocalDateTime class AuthorizationCodeTokenGranterTest : BkCiAbstractTest() { private val codeService = mockk() - private val accessTokenService = mockk() - private val refreshTokenService = mockk() private val self: AuthorizationCodeTokenGranter = spyk( AuthorizationCodeTokenGranter( codeService = codeService, - accessTokenService = accessTokenService, - refreshTokenService = refreshTokenService + refreshTokenService = refreshTokenService, + accessTokenService = accessTokenService ), recordPrivateCalls = true ) @@ -49,6 +47,7 @@ class AuthorizationCodeTokenGranterTest : BkCiAbstractTest() { "testAccessToken", "testClientId", "testUserName", + "", "testGrantType", System.currentTimeMillis() / 1000 + 1000, "testRefreshToken", @@ -72,6 +71,7 @@ class AuthorizationCodeTokenGranterTest : BkCiAbstractTest() { "testAccessToken", "testClientId", "testUserName", + "", "testGrantType", System.currentTimeMillis() / 1000 - 1000, "testRefreshToken", diff --git a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt index 9ad9ac1b2b2..1ff3ecb094f 100644 --- a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt +++ b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt @@ -3,6 +3,8 @@ package com.tencent.devops.auth.service.oauth2 import com.tencent.devops.auth.constant.AuthMessageCode.ERROR_REFRESH_TOKEN_EXPIRED import com.tencent.devops.auth.pojo.ClientDetailsInfo import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.Oauth2RefreshTokenRequest +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.service.oauth2.grant.RefreshTokenGranter import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.test.BkCiAbstractTest @@ -45,6 +47,7 @@ class RefreshTokenGranterTest : BkCiAbstractTest() { "testAccessToken", "testClientId", "testUserName", + "", "testGrantType", System.currentTimeMillis() / 1000 + 1000, "testRefreshToken", @@ -52,9 +55,9 @@ class RefreshTokenGranterTest : BkCiAbstractTest() { LocalDateTime.now() ) - private val accessTokenRequest = Oauth2AccessTokenRequest( + private val accessTokenRequest = Oauth2RefreshTokenRequest( refreshToken = "testRefreshToken", - grantType = "testGrantType" + grantType = Oauth2GrantType.REFRESH_TOKEN ) @Test diff --git a/support-files/sql/1001_ci_auth_ddl_mysql.sql b/support-files/sql/1001_ci_auth_ddl_mysql.sql index fb123c9b6cd..b516f7c1f0c 100644 --- a/support-files/sql/1001_ci_auth_ddl_mysql.sql +++ b/support-files/sql/1001_ci_auth_ddl_mysql.sql @@ -328,6 +328,7 @@ CREATE TABLE IF NOT EXISTS `T_AUTH_OAUTH2_ACCESS_TOKEN` ( `ACCESS_TOKEN` VARCHAR(64) NOT NULL COMMENT 'ACCESS_TOKEN', `CLIENT_ID` VARCHAR(32) NOT NULL COMMENT '客户端ID', `USER_NAME` VARCHAR(32) DEFAULT NULL COMMENT '登录的用户名,客户端模式该值为空', + `PASS_WORD` VARCHAR(64) DEFAULT NULL COMMENT '用于密码模式', `GRANT_TYPE` VARCHAR(32) NOT NULL COMMENT '授权模式', `EXPIRED_TIME` BIGINT(20) NOT NULL COMMENT '过期时间', `REFRESH_TOKEN` VARCHAR(64) DEFAULT NULL COMMENT 'REFRESH_TOKEN,客户端模式该值为空', diff --git a/support-files/sql/2003_v2.x/2020_ci_auth-update_v2.0_mysql.sql b/support-files/sql/2003_v2.x/2020_ci_auth-update_v2.0_mysql.sql index ea2d14f8ee6..25ed241e107 100644 --- a/support-files/sql/2003_v2.x/2020_ci_auth-update_v2.0_mysql.sql +++ b/support-files/sql/2003_v2.x/2020_ci_auth-update_v2.0_mysql.sql @@ -84,6 +84,14 @@ BEGIN ALTER TABLE T_AUTH_RESOURCE_GROUP_CONFIG ADD COLUMN `GROUP_TYPE` Int(2) NOT NULL DEFAULT 0 COMMENT '用户组类型 0-默认组 1-自定义组' AFTER `CREATE_MODE`; END IF; + IF NOT EXISTS(SELECT 1 + FROM information_schema.COLUMNS + WHERE TABLE_SCHEMA = db + AND TABLE_NAME = 'T_AUTH_OAUTH2_ACCESS_TOKEN' + AND COLUMN_NAME = 'PASS_WORD') THEN + ALTER TABLE T_AUTH_OAUTH2_ACCESS_TOKEN ADD COLUMN `PASS_WORD` VARCHAR(64) DEFAULT NULL COMMENT '用于密码模式' AFTER `USER_NAME`; + END IF; + COMMIT; END DELIMITER ; From 805db251ba4d597c0a9618df8583ee1e1c89bb75 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 16 Jul 2024 19:53:55 +0800 Subject: [PATCH 02/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../oauth2/Oauth2ServiceEndpointResource.kt | 21 ++++++++++++++++++- .../devops/auth/pojo/dto/ClientDetailsDTO.kt | 3 ++- .../auth/dao/AuthOauth2ClientDetailsDao.kt | 2 +- .../Oauth2ServiceEndpointResourceImpl.kt | 21 +++++++++++++++++-- 4 files changed, 42 insertions(+), 5 deletions(-) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/oauth2/Oauth2ServiceEndpointResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/oauth2/Oauth2ServiceEndpointResource.kt index b0645636536..d4b89000fc6 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/oauth2/Oauth2ServiceEndpointResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/oauth2/Oauth2ServiceEndpointResource.kt @@ -1,6 +1,7 @@ package com.tencent.devops.auth.api.oauth2 import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.dto.ClientDetailsDTO import com.tencent.devops.auth.pojo.dto.Oauth2AuthorizationCodeDTO import com.tencent.devops.auth.pojo.vo.Oauth2AccessTokenVo import com.tencent.devops.auth.pojo.vo.Oauth2AuthorizationInfoVo @@ -13,6 +14,7 @@ import io.swagger.v3.oas.annotations.tags.Tag import io.swagger.v3.oas.annotations.Operation import io.swagger.v3.oas.annotations.Parameter import javax.ws.rs.Consumes +import javax.ws.rs.DELETE import javax.ws.rs.GET import javax.ws.rs.HeaderParam import javax.ws.rs.POST @@ -72,7 +74,7 @@ interface Oauth2ServiceEndpointResource { accessTokenRequest: Oauth2AccessTokenRequest ): Result - @POST + @GET @Path("/verifyAccessToken") @Operation(summary = "校验accessToken") fun verifyAccessToken( @@ -86,4 +88,21 @@ interface Oauth2ServiceEndpointResource { @Parameter(description = "access token", required = true) accessToken: String ): Result + + @POST + @Path("/createClientDetails") + @Operation(summary = "新增Oauth2客户端信息") + fun createClientDetails( + @Parameter(description = "Oauth2客户端请求实体", required = true) + clientDetailsDTO: ClientDetailsDTO + ): Result + + @DELETE + @Path("/deleteClientDetails") + @Operation(summary = "删除Oauth2客户端信息") + fun deleteClientDetails( + @Parameter(description = "客户端ID", required = true) + @QueryParam("clientId") + clientId: String + ): Result } diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ClientDetailsDTO.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ClientDetailsDTO.kt index 5cfbdc400ba..e13423ef2b1 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ClientDetailsDTO.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ClientDetailsDTO.kt @@ -1,5 +1,6 @@ package com.tencent.devops.auth.pojo.dto +import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import io.swagger.v3.oas.annotations.media.Schema @Schema(title = "Oauth2客户端请求实体") @@ -15,7 +16,7 @@ data class ClientDetailsDTO( @get:Schema(title = "图标") val icon: String, @get:Schema(title = "授权模式") - val authorizedGrantTypes: String, + val authorizedGrantTypes: List, @get:Schema(title = "跳转链接") val webServerRedirectUri: String, @get:Schema(title = "access_token有效时间") diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthOauth2ClientDetailsDao.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthOauth2ClientDetailsDao.kt index 0a5d0e6b0c9..c1aa8191f28 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthOauth2ClientDetailsDao.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/dao/AuthOauth2ClientDetailsDao.kt @@ -42,7 +42,7 @@ class AuthOauth2ClientDetailsDao { clientDetailsDTO.clientName, clientDetailsDTO.scope, clientDetailsDTO.icon, - clientDetailsDTO.authorizedGrantTypes, + clientDetailsDTO.authorizedGrantTypes.map { it.grantType }.joinToString { "," }, clientDetailsDTO.webServerRedirectUri, clientDetailsDTO.accessTokenValidity, clientDetailsDTO.refreshTokenValidity, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt index 724017f236f..8452d5d3631 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt @@ -2,16 +2,19 @@ package com.tencent.devops.auth.resources import com.tencent.devops.auth.api.oauth2.Oauth2ServiceEndpointResource import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.dto.ClientDetailsDTO import com.tencent.devops.auth.pojo.dto.Oauth2AuthorizationCodeDTO import com.tencent.devops.auth.pojo.vo.Oauth2AccessTokenVo import com.tencent.devops.auth.pojo.vo.Oauth2AuthorizationInfoVo +import com.tencent.devops.auth.service.oauth2.Oauth2ClientService import com.tencent.devops.auth.service.oauth2.Oauth2EndpointService import com.tencent.devops.common.api.pojo.Result import com.tencent.devops.common.web.RestResource @RestResource -class Oauth2ServiceEndpointResourceImpl constructor( - private val endpointService: Oauth2EndpointService +class Oauth2ServiceEndpointResourceImpl( + private val endpointService: Oauth2EndpointService, + private val clientService: Oauth2ClientService, ) : Oauth2ServiceEndpointResource { override fun getAuthorizationInformation( userId: String, @@ -70,4 +73,18 @@ class Oauth2ServiceEndpointResourceImpl constructor( ) ) } + + override fun createClientDetails(clientDetailsDTO: ClientDetailsDTO): Result { + return Result( + clientService.createClientDetails( + clientDetailsDTO = clientDetailsDTO + ) + ) + } + + override fun deleteClientDetails(clientId: String): Result { + return Result( + clientService.deleteClientDetails(clientId = clientId) + ) + } } From 9f80edff3418d29fa4d121dfd21a1c7b59a8072d Mon Sep 17 00:00:00 2001 From: greysonfang Date: Wed, 17 Jul 2024 10:12:08 +0800 Subject: [PATCH 03/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../project/service/impl/AbsProjectServiceImpl.kt | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/backend/ci/core/project/biz-project/src/main/kotlin/com/tencent/devops/project/service/impl/AbsProjectServiceImpl.kt b/src/backend/ci/core/project/biz-project/src/main/kotlin/com/tencent/devops/project/service/impl/AbsProjectServiceImpl.kt index fe51f2933fe..5e1e0cdf8d7 100644 --- a/src/backend/ci/core/project/biz-project/src/main/kotlin/com/tencent/devops/project/service/impl/AbsProjectServiceImpl.kt +++ b/src/backend/ci/core/project/biz-project/src/main/kotlin/com/tencent/devops/project/service/impl/AbsProjectServiceImpl.kt @@ -559,8 +559,8 @@ abstract class AbsProjectServiceImpl @Autowired constructor( originalProjectName = projectInfo.projectName, modifiedProjectName = projectUpdateInfo.projectName, finalNeedApproval = finalNeedApproval, - beforeSubjectScopesStr = projectInfo.subjectScopes, - afterSubjectScopesStr = subjectScopesStr + beforeSubjectScopes = JsonUtil.to(projectInfo.subjectScopes, object : TypeReference>() {}), + afterSubjectScopes = subjectScopes, )) { modifyProjectAuthResource(resourceUpdateInfo) } @@ -693,11 +693,15 @@ abstract class AbsProjectServiceImpl @Autowired constructor( originalProjectName: String, modifiedProjectName: String, finalNeedApproval: Boolean, - beforeSubjectScopesStr: String, - afterSubjectScopesStr: String + beforeSubjectScopes: List, + afterSubjectScopes: List ): Boolean { + val isSubjectScopesChange = isSubjectScopesChange( + beforeSubjectScopes = beforeSubjectScopes, + afterSubjectScopes = afterSubjectScopes + ) return originalProjectName != modifiedProjectName || finalNeedApproval || - beforeSubjectScopesStr != afterSubjectScopesStr + isSubjectScopesChange } private fun getUpdateApprovalStatus( From c8e48a398a3a554a2f0758b510c8b4645506da6d Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 23 Jul 2024 10:21:24 +0800 Subject: [PATCH 04/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/auth/api/oauth2/Oauth2ServiceEndpointResource.kt | 2 +- .../com/tencent/devops/auth/pojo/dto/ClientDetailsDTO.kt | 4 ++-- .../auth/resources/Oauth2ServiceEndpointResourceImpl.kt | 2 +- .../devops/auth/service/oauth2/Oauth2EndpointService.kt | 2 +- .../devops/auth/service/oauth2/grant/AbstractTokenGranter.kt | 2 +- .../tencent/devops/auth/service/oauth2/grant/TokenGranter.kt | 2 +- .../openapi/api/apigw/v4/ApigwOauth2EndpointResourceV4.kt | 2 +- .../resources/apigw/v4/ApigwOauth2EndpointResourceV4Impl.kt | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/oauth2/Oauth2ServiceEndpointResource.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/oauth2/Oauth2ServiceEndpointResource.kt index d4b89000fc6..549dcae2b82 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/oauth2/Oauth2ServiceEndpointResource.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/api/oauth2/Oauth2ServiceEndpointResource.kt @@ -72,7 +72,7 @@ interface Oauth2ServiceEndpointResource { clientSecret: String, @Parameter(description = "oauth2获取token请求报文体", required = true) accessTokenRequest: Oauth2AccessTokenRequest - ): Result + ): Result @GET @Path("/verifyAccessToken") diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ClientDetailsDTO.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ClientDetailsDTO.kt index e13423ef2b1..135c55ec6a9 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ClientDetailsDTO.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/dto/ClientDetailsDTO.kt @@ -24,7 +24,7 @@ data class ClientDetailsDTO( @get:Schema(title = "refresh_token有效时间") val refreshTokenValidity: Long, @get:Schema(title = "创建人") - val createUser: String? = null, + val createUser: String = "system", @get:Schema(title = "更新人") - val updateUser: String? = null + val updateUser: String = "system" ) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt index 8452d5d3631..3fd6bcc6163 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt @@ -50,7 +50,7 @@ class Oauth2ServiceEndpointResourceImpl( clientId: String, clientSecret: String, accessTokenRequest: Oauth2AccessTokenRequest - ): Result { + ): Result { return Result( endpointService.getAccessToken( clientId = clientId, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt index da3022e4601..a4b8d3bb41b 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt @@ -82,7 +82,7 @@ class Oauth2EndpointService( clientId: String, clientSecret: String, accessTokenRequest: Oauth2AccessTokenRequest - ): Oauth2AccessTokenVo? { + ): Oauth2AccessTokenVo { val grantType = accessTokenRequest.grantType logger.info("get access token:$clientId|$grantType|$accessTokenRequest") val clientDetails = clientService.getClientDetails( diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt index 61c0e05be30..42e5808ed2a 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt @@ -16,7 +16,7 @@ abstract class AbstractTokenGranter( override fun grant( clientDetails: ClientDetailsInfo, accessTokenRequest: T - ): Oauth2AccessTokenVo? { + ): Oauth2AccessTokenVo { val accessTokenDTO = getAccessToken( accessTokenRequest = accessTokenRequest, clientDetails = clientDetails diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/TokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/TokenGranter.kt index 74fb029c04a..984bae4d7ad 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/TokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/TokenGranter.kt @@ -9,7 +9,7 @@ interface TokenGranter { fun grant( clientDetails: ClientDetailsInfo, accessTokenRequest: T - ): Oauth2AccessTokenVo? + ): Oauth2AccessTokenVo /** * 支持类型 diff --git a/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwOauth2EndpointResourceV4.kt b/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwOauth2EndpointResourceV4.kt index 9957658c005..3f4cae50322 100644 --- a/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwOauth2EndpointResourceV4.kt +++ b/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwOauth2EndpointResourceV4.kt @@ -43,5 +43,5 @@ interface ApigwOauth2EndpointResourceV4 { clientSecret: String, @Parameter(description = "oauth2获取token请求报文体", required = true) accessTokenRequest: Oauth2AccessTokenRequest - ): Result + ): Result } diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwOauth2EndpointResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwOauth2EndpointResourceV4Impl.kt index 49d28aefd80..2d715078cde 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwOauth2EndpointResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwOauth2EndpointResourceV4Impl.kt @@ -22,7 +22,7 @@ class ApigwOauth2EndpointResourceV4Impl @Autowired constructor( clientId: String, clientSecret: String, accessTokenRequest: Oauth2AccessTokenRequest - ): Result { + ): Result { logger.info("OPENAPI_OAUTH2_ACCESS_TOKEN_V4|$appCode|$clientId") return try { client.get(Oauth2ServiceEndpointResource::class).getAccessToken( From 6f4caec4ff98f284e4e9e504d48b5c2cba6fe12a Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 23 Jul 2024 10:26:38 +0800 Subject: [PATCH 05/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt | 2 +- .../devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt | 2 +- .../tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt | 1 - .../devops/auth/service/oauth2/grant/AbstractTokenGranter.kt | 1 - .../auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt | 2 +- .../devops/auth/service/oauth2/RefreshTokenGranterTest.kt | 1 - .../devops/project/service/impl/AbsProjectServiceImpl.kt | 2 +- 7 files changed, 4 insertions(+), 7 deletions(-) diff --git a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt index caf04611d3c..e710da9ea97 100644 --- a/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt +++ b/src/backend/ci/core/auth/api-auth/src/main/kotlin/com/tencent/devops/auth/pojo/Oauth2AccessTokenRequest.kt @@ -16,7 +16,7 @@ import io.swagger.v3.oas.annotations.media.Schema @JsonSubTypes( JsonSubTypes.Type(value = Oauth2AuthorizationCodeRequest::class, name = Oauth2AuthorizationCodeRequest.TYPE), JsonSubTypes.Type(value = Oauth2PassWordRequest::class, name = Oauth2PassWordRequest.TYPE), - JsonSubTypes.Type(value = Oauth2RefreshTokenRequest::class, name = Oauth2RefreshTokenRequest.TYPE), + JsonSubTypes.Type(value = Oauth2RefreshTokenRequest::class, name = Oauth2RefreshTokenRequest.TYPE) ) interface Oauth2AccessTokenRequest { @get:Schema(title = "授权类型", required = true) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt index 3fd6bcc6163..a4620163561 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/resources/Oauth2ServiceEndpointResourceImpl.kt @@ -14,7 +14,7 @@ import com.tencent.devops.common.web.RestResource @RestResource class Oauth2ServiceEndpointResourceImpl( private val endpointService: Oauth2EndpointService, - private val clientService: Oauth2ClientService, + private val clientService: Oauth2ClientService ) : Oauth2ServiceEndpointResource { override fun getAuthorizationInformation( userId: String, diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt index a4b8d3bb41b..1f3e5a3f928 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2EndpointService.kt @@ -7,7 +7,6 @@ import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.pojo.vo.Oauth2AccessTokenVo import com.tencent.devops.auth.pojo.vo.Oauth2AuthorizationInfoVo import com.tencent.devops.auth.service.oauth2.grant.Oauth2TokenGranterFactory -import com.tencent.devops.auth.service.oauth2.grant.TokenGranter import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.util.UUIDUtil import com.tencent.devops.common.auth.utils.AuthUtils diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt index 42e5808ed2a..d844962d313 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/AbstractTokenGranter.kt @@ -8,7 +8,6 @@ import com.tencent.devops.auth.service.oauth2.Oauth2AccessTokenService import com.tencent.devops.common.api.util.DateTimeUtil import com.tencent.devops.common.api.util.UUIDUtil import com.tencent.devops.common.auth.utils.AuthUtils -import org.springframework.beans.factory.annotation.Autowired abstract class AbstractTokenGranter( val accessTokenService: Oauth2AccessTokenService diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt index 9884b4b5a30..74ca94fd80a 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/grant/ClientCredentialsTokenGranter.kt @@ -13,7 +13,7 @@ class ClientCredentialsTokenGranter( private val oauth2ScopeService: Oauth2ScopeService, accessTokenService: Oauth2AccessTokenService ) : AbstractTokenGranter( - accessTokenService = accessTokenService + accessTokenService = accessTokenService ) { override fun getAccessToken( diff --git a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt index 1ff3ecb094f..fcf5cd0103e 100644 --- a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt +++ b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt @@ -2,7 +2,6 @@ package com.tencent.devops.auth.service.oauth2 import com.tencent.devops.auth.constant.AuthMessageCode.ERROR_REFRESH_TOKEN_EXPIRED import com.tencent.devops.auth.pojo.ClientDetailsInfo -import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest import com.tencent.devops.auth.pojo.Oauth2RefreshTokenRequest import com.tencent.devops.auth.pojo.enum.Oauth2GrantType import com.tencent.devops.auth.service.oauth2.grant.RefreshTokenGranter diff --git a/src/backend/ci/core/project/biz-project/src/main/kotlin/com/tencent/devops/project/service/impl/AbsProjectServiceImpl.kt b/src/backend/ci/core/project/biz-project/src/main/kotlin/com/tencent/devops/project/service/impl/AbsProjectServiceImpl.kt index 5e1e0cdf8d7..c8f39833c1a 100644 --- a/src/backend/ci/core/project/biz-project/src/main/kotlin/com/tencent/devops/project/service/impl/AbsProjectServiceImpl.kt +++ b/src/backend/ci/core/project/biz-project/src/main/kotlin/com/tencent/devops/project/service/impl/AbsProjectServiceImpl.kt @@ -560,7 +560,7 @@ abstract class AbsProjectServiceImpl @Autowired constructor( modifiedProjectName = projectUpdateInfo.projectName, finalNeedApproval = finalNeedApproval, beforeSubjectScopes = JsonUtil.to(projectInfo.subjectScopes, object : TypeReference>() {}), - afterSubjectScopes = subjectScopes, + afterSubjectScopes = subjectScopes )) { modifyProjectAuthResource(resourceUpdateInfo) } From 8ce080d4c83b895ce14b8dad55152be5aa42808a Mon Sep 17 00:00:00 2001 From: greysonfang Date: Tue, 23 Jul 2024 10:51:17 +0800 Subject: [PATCH 06/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/auth/enums/Oauth2ScopeOperation.kt | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/enums/Oauth2ScopeOperation.kt diff --git a/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/enums/Oauth2ScopeOperation.kt b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/enums/Oauth2ScopeOperation.kt new file mode 100644 index 00000000000..23140503aa3 --- /dev/null +++ b/src/backend/ci/core/common/common-auth/common-auth-api/src/main/kotlin/com/tencent/devops/common/auth/enums/Oauth2ScopeOperation.kt @@ -0,0 +1,42 @@ +/* + * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available. + * + * Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved. + * + * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license. + * + * A copy of the MIT License is included in this file. + * + * + * Terms of the MIT License: + * --------------------------------------------------- + * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated + * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all copies or substantial portions of + * the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT + * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN + * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + */ + +package com.tencent.devops.common.auth.enums + +/** + * 权限中心类型 + */ +enum class Oauth2ScopeOperation(val id: String, val value: String) { + PROJECT_VISIT("project_visit", "获取你有权限的项目列表"), + + PIPELINE_LIST("pipeline_list", "获取你有权限的流水线列表"), + + PIPELINE_DOWNLOAD("pipeline_download", "下载你有权限的制品"), + + USERINFO_READ("userinfo_read", "获取你的用户信息") +} From 06a3dd3d07ac5d72ec2b7cb3d4ac76e86ce05351 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 20 Sep 2024 10:22:26 +0800 Subject: [PATCH 07/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt index 81c86d2f8fa..9e85bf66d1c 100644 --- a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt +++ b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt @@ -50,8 +50,7 @@ class AuthorizationCodeTokenGranterTest : BkCiAbstractTest() { accessTokenInfo.accessToken = "testAccessToken" accessTokenInfo.clientId = "testClientId" accessTokenInfo.userName = "testUserName" - accessTokenInfo.grantType = "", - "testGrantType" + accessTokenInfo.grantType = "testGrantType" accessTokenInfo.expiredTime = System.currentTimeMillis() / 1000 + 1000 accessTokenInfo.refreshToken = "testRefreshToken" accessTokenInfo.scopeId = 1 @@ -74,7 +73,7 @@ class AuthorizationCodeTokenGranterTest : BkCiAbstractTest() { expiredAccessTokenInfo.clientId = "testClientId" expiredAccessTokenInfo.userName = "testUserName" expiredAccessTokenInfo.grantType = "", - "testGrantType" + "testGrantType" expiredAccessTokenInfo.expiredTime = System.currentTimeMillis() / 1000 - 1000 expiredAccessTokenInfo.refreshToken = "testRefreshToken" expiredAccessTokenInfo.scopeId = 1 From b65c4f7e0fdfbfa3e368dc780e3044e5aad9a2a5 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 20 Sep 2024 10:27:52 +0800 Subject: [PATCH 08/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt index 9e85bf66d1c..3d6276973c4 100644 --- a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt +++ b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/AuthorizationCodeTokenGranterTest.kt @@ -72,8 +72,7 @@ class AuthorizationCodeTokenGranterTest : BkCiAbstractTest() { expiredAccessTokenInfo.accessToken = "testAccessToken" expiredAccessTokenInfo.clientId = "testClientId" expiredAccessTokenInfo.userName = "testUserName" - expiredAccessTokenInfo.grantType = "", - "testGrantType" + expiredAccessTokenInfo.grantType = "testGrantType" expiredAccessTokenInfo.expiredTime = System.currentTimeMillis() / 1000 - 1000 expiredAccessTokenInfo.refreshToken = "testRefreshToken" expiredAccessTokenInfo.scopeId = 1 From 5b6b4f5781f908714a765899a9bc99c47ae3798a Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 20 Sep 2024 10:29:15 +0800 Subject: [PATCH 09/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/auth/service/oauth2/RefreshTokenGranterTest.kt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt index 4e404118851..92fafa9be40 100644 --- a/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt +++ b/src/backend/ci/core/auth/biz-auth/src/test/kotlin/com/tencent/devops/auth/service/oauth2/RefreshTokenGranterTest.kt @@ -48,8 +48,7 @@ class RefreshTokenGranterTest : BkCiAbstractTest() { accessToken = "testAccessToken" clientId = "testClientId" userName = "testUserName" - grantType = "", - "testGrantType" + grantType = "testGrantType" expiredTime = System.currentTimeMillis() / 1000 + 1000 refreshToken = "testRefreshToken" scopeId = 1 From 1bdc23c35d3e5e217dcea9e5e09823a4099a4a65 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 20 Sep 2024 15:37:07 +0800 Subject: [PATCH 10/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../sql/2003_v2.x/2020_ci_auth-update_v2.0_mysql.sql | 9 --------- .../sql/2004_v3.x/2030_ci_auth-update_v3.0_mysql.sql | 8 ++++++++ 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/support-files/sql/2003_v2.x/2020_ci_auth-update_v2.0_mysql.sql b/support-files/sql/2003_v2.x/2020_ci_auth-update_v2.0_mysql.sql index 25ed241e107..b45050d3ff5 100644 --- a/support-files/sql/2003_v2.x/2020_ci_auth-update_v2.0_mysql.sql +++ b/support-files/sql/2003_v2.x/2020_ci_auth-update_v2.0_mysql.sql @@ -83,15 +83,6 @@ BEGIN AND COLUMN_NAME = 'GROUP_TYPE') THEN ALTER TABLE T_AUTH_RESOURCE_GROUP_CONFIG ADD COLUMN `GROUP_TYPE` Int(2) NOT NULL DEFAULT 0 COMMENT '用户组类型 0-默认组 1-自定义组' AFTER `CREATE_MODE`; END IF; - - IF NOT EXISTS(SELECT 1 - FROM information_schema.COLUMNS - WHERE TABLE_SCHEMA = db - AND TABLE_NAME = 'T_AUTH_OAUTH2_ACCESS_TOKEN' - AND COLUMN_NAME = 'PASS_WORD') THEN - ALTER TABLE T_AUTH_OAUTH2_ACCESS_TOKEN ADD COLUMN `PASS_WORD` VARCHAR(64) DEFAULT NULL COMMENT '用于密码模式' AFTER `USER_NAME`; - END IF; - COMMIT; END DELIMITER ; diff --git a/support-files/sql/2004_v3.x/2030_ci_auth-update_v3.0_mysql.sql b/support-files/sql/2004_v3.x/2030_ci_auth-update_v3.0_mysql.sql index 1b26f5c6463..dd612f62c83 100644 --- a/support-files/sql/2004_v3.x/2030_ci_auth-update_v3.0_mysql.sql +++ b/support-files/sql/2004_v3.x/2030_ci_auth-update_v3.0_mysql.sql @@ -30,6 +30,14 @@ BEGIN ADD COLUMN `IAM_TEMPLATE_ID` int(20) DEFAULT NULL COMMENT '人员模板ID'; END IF; + IF NOT EXISTS(SELECT 1 + FROM information_schema.COLUMNS + WHERE TABLE_SCHEMA = db + AND TABLE_NAME = 'T_AUTH_OAUTH2_ACCESS_TOKEN' + AND COLUMN_NAME = 'PASS_WORD') THEN + ALTER TABLE T_AUTH_OAUTH2_ACCESS_TOKEN ADD COLUMN `PASS_WORD` VARCHAR(64) DEFAULT NULL COMMENT '用于密码模式' AFTER `USER_NAME`; + END IF; + COMMIT; END DELIMITER ; From a9894b9d2100cb54b6e8b280e3ca60dec05520b6 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Fri, 20 Sep 2024 16:15:14 +0800 Subject: [PATCH 11/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../openapi/api/apigw/v4/ApigwOauth2EndpointResourceV4.kt | 3 ++- .../resources/apigw/v4/ApigwOauth2EndpointResourceV4Impl.kt | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwOauth2EndpointResourceV4.kt b/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwOauth2EndpointResourceV4.kt index 3f4cae50322..c7d7b4f5ea1 100644 --- a/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwOauth2EndpointResourceV4.kt +++ b/src/backend/ci/core/openapi/api-openapi/src/main/kotlin/com/tencent/devops/openapi/api/apigw/v4/ApigwOauth2EndpointResourceV4.kt @@ -1,6 +1,7 @@ package com.tencent.devops.openapi.api.apigw.v4 import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.vo.Oauth2AccessTokenVo import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_APP_CODE import com.tencent.devops.common.api.auth.AUTH_HEADER_DEVOPS_APP_CODE_DEFAULT_VALUE import com.tencent.devops.common.api.auth.AUTH_HEADER_OAUTH2_CLIENT_ID @@ -43,5 +44,5 @@ interface ApigwOauth2EndpointResourceV4 { clientSecret: String, @Parameter(description = "oauth2获取token请求报文体", required = true) accessTokenRequest: Oauth2AccessTokenRequest - ): Result + ): Result } diff --git a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwOauth2EndpointResourceV4Impl.kt b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwOauth2EndpointResourceV4Impl.kt index 2d715078cde..f1d7eb523a5 100644 --- a/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwOauth2EndpointResourceV4Impl.kt +++ b/src/backend/ci/core/openapi/biz-openapi/src/main/kotlin/com/tencent/devops/openapi/resources/apigw/v4/ApigwOauth2EndpointResourceV4Impl.kt @@ -2,6 +2,7 @@ package com.tencent.devops.openapi.resources.apigw.v4 import com.tencent.devops.auth.api.oauth2.Oauth2ServiceEndpointResource import com.tencent.devops.auth.pojo.Oauth2AccessTokenRequest +import com.tencent.devops.auth.pojo.vo.Oauth2AccessTokenVo import com.tencent.devops.common.api.exception.ErrorCodeException import com.tencent.devops.common.api.exception.RemoteServiceException import com.tencent.devops.common.api.pojo.Result @@ -22,7 +23,7 @@ class ApigwOauth2EndpointResourceV4Impl @Autowired constructor( clientId: String, clientSecret: String, accessTokenRequest: Oauth2AccessTokenRequest - ): Result { + ): Result { logger.info("OPENAPI_OAUTH2_ACCESS_TOKEN_V4|$appCode|$clientId") return try { client.get(Oauth2ServiceEndpointResource::class).getAccessToken( From aefcb657e87429213c52acc86694536a0bd566b4 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Mon, 23 Sep 2024 11:16:25 +0800 Subject: [PATCH 12/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/bkenv.properties | 10 +++------- .../auth/service/oauth2/Oauth2AccessTokenService.kt | 9 +++++++-- support-files/templates/#etc#ci#application-auth.yml | 4 ++++ 3 files changed, 14 insertions(+), 9 deletions(-) diff --git a/scripts/bkenv.properties b/scripts/bkenv.properties index ce84d67efb1..a73ba0b7251 100644 --- a/scripts/bkenv.properties +++ b/scripts/bkenv.properties @@ -1,5 +1,4 @@ # ci.env template, generated at 2021-09-09 16:40:32 - ########## # 0-依赖声明 ########## @@ -75,7 +74,8 @@ BK_CI_MONITOR_REGISTER=false BK_CI_MONITOR_URL= # BK_CI_MONITOR_URL 监控对接权限中心SYSTEM_ID,无默认值. 无需修改. 声明依赖, 蓝鲸环境下会自动填充. 其他环境无需填写. BK_CI_MONITOR_IAM_SYSTEM= - +# BK_CI_AUTH_AES_AUTH_KEY 加密Key值,初始值为I4U1SzSNRaDYufbE,若用到oauth2密码模式,最好对该值进行修改。 +BK_CI_AUTH_AES_AUTH_KEY=I4U1SzSNRaDYufbE ########## # 1-基础配置 ########## @@ -149,7 +149,6 @@ BK_ESB_HOST= BK_CI_PUBLIC_PATH="" # BK_CI_FRONTEND_INDEX BK_CI_FRONTEND_INDEX="rewrite .* /\$subsystem/index.html break" - ########## # 2-公共依赖 ########## @@ -231,7 +230,6 @@ BK_CI_KUBERNETES_WEBCONSOLE_PROXY= BK_CI_SM4_KEY=s31^dDjd!3k # BK_CI_SM4_ENABLED BK_CI_SM4_ENABLED=false - ########## # 3-微服务配置 ########## @@ -310,7 +308,7 @@ BK_CI_PROJECT_ROUTER_TAG=$BK_CI_CONSUL_DISCOVERY_TAG # BK_CI_STREAM_URL stream独立页面地址 BK_CI_STREAM_URL= # BK_CI_GIT_GITHUB_URL stream当前对接的Git源的类型如 CODE_GIT GITHUB 等,参考代码中的ScmType -BK_CI_STREAM_SCM_TYPE= CODE_GIT +BK_CI_STREAM_SCM_TYPE=CODE_GIT # BK_CI_GIT_GITCODE_URL stream跳转时用到的git url地址 BK_CI_STREAM_GIT_URL= # BK_CI_STREAM_REPORT_PREFIX stream展示报告时的前置链接 @@ -363,7 +361,6 @@ BK_CI_OPENAPI_VERIFY_PROJECT=false BK_CI_AUDIT_ENABLED=false # 是否开启构建记录清理 BK_CI_BUILD_DATA_CLEAR_SWITCH=false - ########## # 4-微服务依赖 ########## @@ -473,7 +470,6 @@ BK_CI_API_TOKEN_EXPIRED_MILLISECOND=86400000 BK_CI_DISPATCH_KUBERNETES_NS=default # BK_CI_DISPATCH_THIRD_AGENT_WORKER_ERROR_TEMPLATE dispatch服务发送worker启动失败的模板名称,无需修改 BK_CI_DISPATCH_THIRD_AGENT_WORKER_ERROR_TEMPLATE=THIRD_AGENT_WORKER_ERROR - ########## # 5-api port ########## diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt index b215bc35dff..05a1779b57c 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt @@ -3,8 +3,10 @@ package com.tencent.devops.auth.service.oauth2 import com.tencent.devops.auth.constant.AuthMessageCode import com.tencent.devops.auth.dao.AuthOauth2AccessTokenDao import com.tencent.devops.common.api.exception.ErrorCodeException +import com.tencent.devops.common.api.util.AESUtil import com.tencent.devops.model.auth.tables.records.TAuthOauth2AccessTokenRecord import org.jooq.DSLContext +import org.springframework.beans.factory.annotation.Value import org.springframework.stereotype.Service @Service @@ -12,6 +14,9 @@ class Oauth2AccessTokenService( private val oauth2AccessTokenDao: AuthOauth2AccessTokenDao, private val dslContext: DSLContext ) { + @Value("\${aes.auth:#{null}}") + private val aesKey = "" + fun get( clientId: String, accessToken: String @@ -39,7 +44,7 @@ class Oauth2AccessTokenService( clientId = clientId, refreshToken = refreshToken, userName = userName, - passWord = passWord, + passWord = passWord?.apply { AESUtil.encrypt(aesKey, passWord) }, grantType = grantType ) } @@ -59,7 +64,7 @@ class Oauth2AccessTokenService( dslContext = dslContext, clientId = clientId, userName = userName, - passWord = passWord, + passWord = passWord?.apply { AESUtil.encrypt(aesKey, passWord) }, grantType = grantType, accessToken = accessToken, refreshToken = refreshToken, diff --git a/support-files/templates/#etc#ci#application-auth.yml b/support-files/templates/#etc#ci#application-auth.yml index 1d56123264a..5e5ebdcc433 100644 --- a/support-files/templates/#etc#ci#application-auth.yml +++ b/support-files/templates/#etc#ci#application-auth.yml @@ -35,3 +35,7 @@ monitor: register: __BK_CI_MONITOR_REGISTER__ url: __BK_CI_MONITOR_URL__ iamSystem: __BK_CI_MONITOR_IAM_SYSTEM__ + +# auth 服务加密,可修改 +aes: + auth: __BK_CI_AUTH_AES_AUTH_KEY__ From 970b8159aea1bd2969faf468513f35d2b38f9d33 Mon Sep 17 00:00:00 2001 From: greysonfang Date: Thu, 26 Sep 2024 10:02:13 +0800 Subject: [PATCH 13/13] =?UTF-8?q?feat=EF=BC=9Aoauth2=20=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A8=A1=E5=BC=8F=20#10663?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../devops/auth/service/oauth2/Oauth2AccessTokenService.kt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt index 05a1779b57c..a8ea0debeaa 100644 --- a/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt +++ b/src/backend/ci/core/auth/biz-auth/src/main/kotlin/com/tencent/devops/auth/service/oauth2/Oauth2AccessTokenService.kt @@ -44,7 +44,7 @@ class Oauth2AccessTokenService( clientId = clientId, refreshToken = refreshToken, userName = userName, - passWord = passWord?.apply { AESUtil.encrypt(aesKey, passWord) }, + passWord = passWord?.let { AESUtil.encrypt(aesKey, passWord) }, grantType = grantType ) } @@ -64,7 +64,7 @@ class Oauth2AccessTokenService( dslContext = dslContext, clientId = clientId, userName = userName, - passWord = passWord?.apply { AESUtil.encrypt(aesKey, passWord) }, + passWord = passWord?.let { AESUtil.encrypt(aesKey, passWord) }, grantType = grantType, accessToken = accessToken, refreshToken = refreshToken,