tsai
/
abp-next-admin
mirror of https://github.com/colinin/abp-next-admin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #421 from colinin/4.4.3 

fix(open-api): fix appSecret unsorted  causing a signature error
pull/426/head
yx lin 4 years ago
committed by GitHub
parent
5c84683fd0 42e615c3f3
commit
7da14faa71
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      aspnet-core/modules/open-api/LINGYUN.Abp.OpenApi.Authorization/LINGYUN/Abp/OpenApi/Authorization/OpenApiAuthorizationService.cs
  2. 13
      aspnet-core/modules/open-api/OpenApi.Sdk/OpenApi/ClientProxy.cs

12
aspnet-core/modules/open-api/LINGYUN.Abp.OpenApi.Authorization/LINGYUN/Abp/OpenApi/Authorization/OpenApiAuthorizationService.cs
View File

@ -131,7 +131,7 @@ namespace LINGYUN.Abp.OpenApi.Authorization
} }
var queryDictionary = new Dictionary<string, string>(); var queryDictionary = new Dictionary<string, string>();
var queryStringCollection = httpContext.Request.Query.OrderBy(q => q.Key); var queryStringCollection = httpContext.Request.Query;
foreach (var queryString in queryStringCollection) foreach (var queryString in queryStringCollection)
{ {
if (queryString.Key.Equals(AbpOpenApiConsts.SignatureFieldName)) if (queryString.Key.Equals(AbpOpenApiConsts.SignatureFieldName))
@ -140,8 +140,8 @@ namespace LINGYUN.Abp.OpenApi.Authorization
} }
queryDictionary.Add(queryString.Key, queryString.Value.ToString()); queryDictionary.Add(queryString.Key, queryString.Value.ToString());
} }
queryDictionary.TryAdd("appSecret", appDescriptor.AppSecret);
var requiredSign = CalculationSignature(httpContext.Request.Path.Value, appDescriptor.AppSecret, queryDictionary); var requiredSign = CalculationSignature(httpContext.Request.Path.Value, queryDictionary);
if (!string.Equals(requiredSign, sign.ToString())) if (!string.Equals(requiredSign, sign.ToString()))
{ {
exception = new BusinessException( exception = new BusinessException(
@ -205,10 +205,10 @@ namespace LINGYUN.Abp.OpenApi.Authorization
await context.Response.WriteAsync(errorInfo.Message); await context.Response.WriteAsync(errorInfo.Message);
} }
private static string CalculationSignature(string url, string appSecret, IDictionary<string, string> queryDictionary) private static string CalculationSignature(string url, IDictionary<string, string> queryDictionary)
{ {
var queryString = BuildQuery(queryDictionary); var queryString = BuildQuery(queryDictionary);
var encodeUrl = UrlEncode(string.Concat(url, "?", queryString, appSecret)); var encodeUrl = UrlEncode(string.Concat(url, "?", queryString));
return encodeUrl.ToMd5(); return encodeUrl.ToMd5();
} }
@ -216,7 +216,7 @@ namespace LINGYUN.Abp.OpenApi.Authorization
private static string BuildQuery(IDictionary<string, string> queryStringDictionary) private static string BuildQuery(IDictionary<string, string> queryStringDictionary)
{ {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
foreach (var queryString in queryStringDictionary) foreach (var queryString in queryStringDictionary.OrderBy(q => q.Key))
{ {
sb.Append(queryString.Key) sb.Append(queryString.Key)
.Append('=') .Append('=')

13
aspnet-core/modules/open-api/OpenApi.Sdk/OpenApi/ClientProxy.cs
View File

@ -68,8 +68,12 @@ namespace OpenApi
"&t=", "&t=",
timeStamp); timeStamp);
var quertString = ReverseQueryString(requestUrl); var quertString = ReverseQueryString(requestUrl);
// 密钥参与计算
quertString.Add("appSecret", appSecret);
// 对请求参数签名 // 对请求参数签名
var sign = CalculationSignature(baseUrl, appSecret, quertString); var sign = CalculationSignature(baseUrl, quertString);
// 移除密钥
quertString.Remove("appSecret");
// 签名随请求传递 // 签名随请求传递
quertString.Add("sign", sign); quertString.Add("sign", sign);
// 重新拼接请求参数 // 重新拼接请求参数
@ -125,14 +129,13 @@ namespace OpenApi
return queryDic; return queryDic;
} }
private static string CalculationSignature(string url, string appSecret, IDictionary<string, string> queryDictionary) private static string CalculationSignature(string url, IDictionary<string, string> queryDictionary)
{ {
var queryString = BuildQuery(queryDictionary); var queryString = BuildQuery(queryDictionary);
var requestUrl = string.Concat( var requestUrl = string.Concat(
url, url,
url.Contains('?') ? "" : "?", url.Contains('?') ? "" : "?",
queryString, queryString);
appSecret);
var encodeUrl = UrlEncode(requestUrl); var encodeUrl = UrlEncode(requestUrl);
return encodeUrl.ToMd5(); return encodeUrl.ToMd5();
} }
@ -140,7 +143,7 @@ namespace OpenApi
private static string BuildQuery(IDictionary<string, string> queryStringDictionary) private static string BuildQuery(IDictionary<string, string> queryStringDictionary)
{ {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
foreach (var queryString in queryStringDictionary) foreach (var queryString in queryStringDictionary.OrderBy(q => q.Key))
{ {
sb.Append(queryString.Key) sb.Append(queryString.Key)
.Append('=') .Append('=')

Write Preview
Loading…
Cancel
Save