Merge pull request #417 from colinin/4.4.2

fix(open-api): URL编码之后转换大写,签名校验失败返回403状态码
4 years ago · 6d8e5a7f92
1 changed files with 3 additions and 4 deletions
--- a/aspnet-core/modules/open-api/LINGYUN.Abp.OpenApi.Authorization/LINGYUN/Abp/OpenApi/Authorization/OpenApiAuthorizationService.cs
+++ b/aspnet-core/modules/open-api/LINGYUN.Abp.OpenApi.Authorization/LINGYUN/Abp/OpenApi/Authorization/OpenApiAuthorizationService.cs
@ -201,15 +201,14 @@ namespace LINGYUN.Abp.OpenApi.Authorization
                return;
            }

-            context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
+            context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
            await context.Response.WriteAsync(errorInfo.Message);
        }

        private static string CalculationSignature(string url, string appSecret, IDictionary<string, string> queryDictionary)
        {
-            queryDictionary.TryAdd("appSecret", appSecret);
            var queryString = BuildQuery(queryDictionary);
-            var encodeUrl = UrlEncode(string.Concat(url, "?", queryString));
+            var encodeUrl = UrlEncode(string.Concat(url, "?", queryString, appSecret));

            return encodeUrl.ToMd5();
        }
@ -217,7 +216,7 @@ namespace LINGYUN.Abp.OpenApi.Authorization
        private static string BuildQuery(IDictionary<string, string> queryStringDictionary)
        {
            StringBuilder sb = new StringBuilder();
-            foreach (var queryString in queryStringDictionary.OrderBy(q => q.Key))
+            foreach (var queryString in queryStringDictionary)
            {
                sb.Append(queryString.Key)
                  .Append('=')