tsai
/
abp-next-admin
mirror of https://github.com/colinin/abp-next-admin.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #421 from colinin/4.4.3 

fix(open-api): fix appSecret unsorted  causing a signature error
pull/426/head
yx lin 4 years ago
committed by GitHub
parent
5c84683fd0 42e615c3f3
commit
7da14faa71
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      aspnet-core/modules/open-api/LINGYUN.Abp.OpenApi.Authorization/LINGYUN/Abp/OpenApi/Authorization/OpenApiAuthorizationService.cs
  2. 13
      aspnet-core/modules/open-api/OpenApi.Sdk/OpenApi/ClientProxy.cs

12
aspnet-core/modules/open-api/LINGYUN.Abp.OpenApi.Authorization/LINGYUN/Abp/OpenApi/Authorization/OpenApiAuthorizationService.cs
View File

@ -131,7 +131,7 @@ namespace LINGYUN.Abp.OpenApi.Authorization
}
var queryDictionary = new Dictionary<string, string>();
var queryStringCollection = httpContext.Request.Query.OrderBy(q => q.Key);
var queryStringCollection = httpContext.Request.Query;
foreach (var queryString in queryStringCollection)
{
if (queryString.Key.Equals(AbpOpenApiConsts.SignatureFieldName))
@ -140,8 +140,8 @@ namespace LINGYUN.Abp.OpenApi.Authorization
}
queryDictionary.Add(queryString.Key, queryString.Value.ToString());
}
var requiredSign = CalculationSignature(httpContext.Request.Path.Value, appDescriptor.AppSecret, queryDictionary);
queryDictionary.TryAdd("appSecret", appDescriptor.AppSecret);
var requiredSign = CalculationSignature(httpContext.Request.Path.Value, queryDictionary);
if (!string.Equals(requiredSign, sign.ToString()))
{
exception = new BusinessException(
@ -205,10 +205,10 @@ namespace LINGYUN.Abp.OpenApi.Authorization
await context.Response.WriteAsync(errorInfo.Message);
}
private static string CalculationSignature(string url, string appSecret, IDictionary<string, string> queryDictionary)
private static string CalculationSignature(string url, IDictionary<string, string> queryDictionary)
{
var queryString = BuildQuery(queryDictionary);
var encodeUrl = UrlEncode(string.Concat(url, "?", queryString, appSecret));
var encodeUrl = UrlEncode(string.Concat(url, "?", queryString));
return encodeUrl.ToMd5();
}
@ -216,7 +216,7 @@ namespace LINGYUN.Abp.OpenApi.Authorization
private static string BuildQuery(IDictionary<string, string> queryStringDictionary)
{
StringBuilder sb = new StringBuilder();
foreach (var queryString in queryStringDictionary)
foreach (var queryString in queryStringDictionary.OrderBy(q => q.Key))
{
sb.Append(queryString.Key)
.Append('=')

13
aspnet-core/modules/open-api/OpenApi.Sdk/OpenApi/ClientProxy.cs
View File

@ -68,8 +68,12 @@ namespace OpenApi
"&t=",
timeStamp);
var quertString = ReverseQueryString(requestUrl);
// 密钥参与计算
quertString.Add("appSecret", appSecret);
// 对请求参数签名
var sign = CalculationSignature(baseUrl, appSecret, quertString);
var sign = CalculationSignature(baseUrl, quertString);
// 移除密钥
quertString.Remove("appSecret");
// 签名随请求传递
quertString.Add("sign", sign);
// 重新拼接请求参数
@ -125,14 +129,13 @@ namespace OpenApi
return queryDic;
}
private static string CalculationSignature(string url, string appSecret, IDictionary<string, string> queryDictionary)
private static string CalculationSignature(string url, IDictionary<string, string> queryDictionary)
{
var queryString = BuildQuery(queryDictionary);
var requestUrl = string.Concat(
url,
url.Contains('?') ? "" : "?",
queryString,
appSecret);
queryString);
var encodeUrl = UrlEncode(requestUrl);
return encodeUrl.ToMd5();
}
@ -140,7 +143,7 @@ namespace OpenApi
private static string BuildQuery(IDictionary<string, string> queryStringDictionary)
{
StringBuilder sb = new StringBuilder();
foreach (var queryString in queryStringDictionary)
foreach (var queryString in queryStringDictionary.OrderBy(q => q.Key))
{
sb.Append(queryString.Key)
.Append('=')

Write Preview
Loading…
Cancel
Save