🐛 Fix #12813

800f34cd · Liang Ding · 6cc32623 · 800f34cd · 800f34cd
Commit 800f34cd authored Jul 13, 2019 by Liang Ding
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 12 deletions

pom.xml pom.xml +1 -1

src/main/java/org/b3log/solo/processor/OAuthProcessor.java src/main/java/org/b3log/solo/processor/OAuthProcessor.java +9 -11

No files found.
--- a/pom.xml
+++ b/pom.xml
@@ -73,7 +73,7 @@
    </scm>
    <properties>
-        <org.b3log.latke.version>2.5.0</org.b3log.latke.version>
+        <org.b3log.latke.version>2.5.1</org.b3log.latke.version>
        <slf4j.version>1.7.5</slf4j.version>
        <jsoup.version>1.9.1</jsoup.version>

--- a/src/main/java/org/b3log/solo/processor/OAuthProcessor.java
+++ b/src/main/java/org/b3log/solo/processor/OAuthProcessor.java
@@ -43,7 +43,7 @@ import org.json.JSONObject;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 /**
@@ -54,7 +54,7 @@ import java.util.concurrent.ConcurrentHashMap;
 * </ul>
 *
 * @author <a href="http://88250.b3log.org">Liang Ding</a>
- * @version 1.0.0.8, Mar 27, 2019
+ * @version 1.0.1.0, Jul 13, 2019
 * @since 2.9.5
 */
 @RequestProcessor
@@ -68,7 +68,7 @@ public class OAuthProcessor {
    /**
     * OAuth parameters - state.
     */
-    private static final Map<String, String> STATES = new ConcurrentHashMap<>();
+    private static final Set<String> STATES = ConcurrentHashMap.newKeySet();
    /**
     * Option query service.
@@ -138,11 +138,10 @@ public class OAuthProcessor {
            referer = Latkes.getServePath();
        }
        final String cb = Latkes.getServePath() + "/oauth/github";
-        final String state = referer + ":::" + RandomStringUtils.randomAlphanumeric(16) + ":::cb=" + cb + ":::";
+        String state = referer + ":::" + RandomStringUtils.randomAlphanumeric(16) + ":::cb=" + cb + ":::";
-        STATES.put(state, URLs.encode(state));
+        STATES.add(state);
-        final String path = loginAuthURL + "?client_id=" + clientId + "&state=" + state
+        final String path = loginAuthURL + "?client_id=" + clientId + "&state=" + URLs.encode(state) + "&scope=public_repo,read:user,user:follow";
-                + "&scope=public_repo,read:user,user:follow";
        context.sendRedirect(path);
    }
@@ -154,15 +153,14 @@ public class OAuthProcessor {
     */
    @RequestProcessing(value = "/oauth/github", method = HttpMethod.GET)
    public synchronized void authCallback(final RequestContext context) {
-        final String state = context.param("state");
+        String state = context.param("state");
-        String referer = STATES.get(state);
+        if (!STATES.contains(state)) {
-        if (StringUtils.isBlank(referer)) {
            context.sendError(HttpServletResponse.SC_BAD_REQUEST);
            return;
        }
        STATES.remove(state);
-        referer = URLs.decode(referer);
+        final String referer = URLs.decode(state);
        final String accessToken = context.param("ak");
        final JSONObject userInfo = GitHubs.getGitHubUserInfo(accessToken);
        if (null == userInfo) {