From bc36cb2b0316c962f5192c85a78992e3700cd0a0 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Sat, 29 Mar 2025 16:14:12 +0800
Subject: [PATCH] Handling Swagger OAuth2 callbacks in a new way.

---
 .../Volo.Abp.Swashbuckle.csproj               |  2 +
 .../wwwroot/swagger/oauth2-redirect.html      | 39 +++++++++++++
 .../wwwroot/swagger/ui/abp.swagger.js         | 58 +++++++++++++++++--
 3 files changed, 95 insertions(+), 4 deletions(-)
 create mode 100644 framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/oauth2-redirect.html

diff --git a/framework/src/Volo.Abp.Swashbuckle/Volo.Abp.Swashbuckle.csproj b/framework/src/Volo.Abp.Swashbuckle/Volo.Abp.Swashbuckle.csproj
index 58c2dc3693..d62ba9c65d 100644
--- a/framework/src/Volo.Abp.Swashbuckle/Volo.Abp.Swashbuckle.csproj
+++ b/framework/src/Volo.Abp.Swashbuckle/Volo.Abp.Swashbuckle.csproj
@@ -30,6 +30,8 @@
       <EmbeddedResource Include="wwwroot\swagger\ui\abp.swagger.js" />
       <None Remove="wwwroot\swagger\ui\abp.js" />
       <EmbeddedResource Include="wwwroot\swagger\ui\abp.js" />
+      <None Remove="wwwroot\swagger\oauth2-redirect.html" />
+      <EmbeddedResource Include="wwwroot\swagger\oauth2-redirect.html" />
     </ItemGroup>
 
 </Project>
diff --git a/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/oauth2-redirect.html b/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/oauth2-redirect.html
new file mode 100644
index 0000000000..ef47009856
--- /dev/null
+++ b/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/oauth2-redirect.html
@@ -0,0 +1,39 @@
+<!doctype html>
+<html lang="en-US">
+<head>
+    <title>Swagger UI: OAuth2 Redirect</title>
+</head>
+<body>
+<script>
+    'use strict';
+    function run () {
+        var qp, arr;
+
+        if (/code|token|error/.test(window.location.hash)) {
+            qp = window.location.hash.substring(1).replace('?', '&');
+        } else {
+            qp = location.search.substring(1);
+        }
+
+        arr = qp.split("&");
+        arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';});
+        qp = qp ? JSON.parse('{' + arr.join() + '}',
+                function (key, value) {
+                    return key === "" ? value : decodeURIComponent(value);
+                }
+        ) : {};
+
+        localStorage.setItem("abp_swagger_oauth2", JSON.stringify(qp));
+        window.close();
+    }
+
+    if (document.readyState !== 'loading') {
+        run();
+    } else {
+        document.addEventListener('DOMContentLoaded', function () {
+            run();
+        });
+    }
+</script>
+</body>
+</html>
diff --git a/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/ui/abp.swagger.js b/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/ui/abp.swagger.js
index b8abb0df25..db054056d1 100644
--- a/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/ui/abp.swagger.js
+++ b/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/ui/abp.swagger.js
@@ -1,9 +1,9 @@
 var abp = abp || {};
 
 (function () {
-    
+
     var oldSwaggerUIBundle = SwaggerUIBundle;
-    
+
     SwaggerUIBundle = function (configObject) {
         var excludeUrl = ["swagger.json", "connect/token"]
         var firstRequest = true;
@@ -112,7 +112,57 @@ var abp = abp || {};
 
         return oldSwaggerUIBundle(configObject);
     }
-    
+
     SwaggerUIBundle = Object.assign(SwaggerUIBundle, oldSwaggerUIBundle);
-    
+
+    window.addEventListener("storage", function (event) {
+        if (event.key !== "abp_swagger_oauth2" || !event.newValue) {
+            return;
+        }
+
+        var qp = JSON.parse(event.newValue || "{}");
+        localStorage.removeItem("abp_swagger_oauth2");
+        var oauth2 = window.swaggerUIRedirectOauth2;
+        var sentState = oauth2.state;
+        var redirectUrl = oauth2.redirectUrl;
+        var isValid = qp.state === sentState;
+
+        if ((
+          oauth2.auth.schema.get("flow") === "accessCode" ||
+          oauth2.auth.schema.get("flow") === "authorizationCode" ||
+          oauth2.auth.schema.get("flow") === "authorization_code"
+        ) && !oauth2.auth.code) {
+            if (!isValid) {
+                oauth2.errCb({
+                    authId: oauth2.auth.name,
+                    source: "auth",
+                    level: "warning",
+                    message: "Authorization may be unsafe, passed state was changed in server. The passed state wasn't returned from auth server."
+                });
+            }
+
+            if (qp.code) {
+                delete oauth2.state;
+                oauth2.auth.code = qp.code;
+                oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
+            } else {
+                let oauthErrorMsg;
+                if (qp.error) {
+                    oauthErrorMsg = "["+qp.error+"]: " +
+                        (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
+                        (qp.error_uri ? "More info: "+qp.error_uri : "");
+                }
+
+                oauth2.errCb({
+                    authId: oauth2.auth.name,
+                    source: "auth",
+                    level: "error",
+                    message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server."
+                });
+            }
+        } else {
+            oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
+        }
+    });
+
 })();