fix: fix failure of introspection (#682)

* fix: fix failure of introspection * Update token.go Co-authored-by: Yang Luo <hsluoyz@qq.com>
2025-05-23 02:35:49 +08:00 · 2022-04-22 22:45:52 +08:00 · 2022-04-22 22:45:52 +08:00 · b0b3eb0805
commit b0b3eb0805
parent 73bd9dd517
3 changed files with 13 additions and 12 deletions
--- a/authz/authz.go
+++ b/authz/authz.go
@ -80,9 +80,7 @@ p, *, *, GET, /api/get-app-login, *, *
 p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/userinfo, *, *
-p, *, *, POST, /api/login/oauth/access_token, *, *
+p, *, *, *, /api/login/oauth, *, *
 p, *, *, POST, /api/login/oauth/refresh_token, *, *
 p, *, *, GET, /api/login/oauth/logout, *, *
 p, *, *, GET, /api/get-application, *, *
 p, *, *, GET, /api/get-user, *, *
 p, *, *, GET, /api/get-user-application, *, *
--- a/controllers/token.go
+++ b/controllers/token.go
@ -275,21 +275,20 @@ func (c *ApiController) IntrospectToken() {
 	tokenValue := c.Input().Get("token")
 	clientId, clientSecret, ok := c.Ctx.Request.BasicAuth()
 	if !ok {
-		util.LogWarning(c.Ctx, "Basic Authorization parses failed")
+		clientId = c.Input().Get("client_id")
-		c.Data["json"] = Response{Status: "error", Msg: "Unauthorized operation"}
+		clientSecret = c.Input().Get("client_secret")
-		c.ServeJSON()
+		if clientId == "" || clientSecret == "" {
-		return
+			c.ResponseError("empty clientId or clientSecret")
 			return
 		}
 	}
 	application := object.GetApplicationByClientId(clientId)
 	if application == nil || application.ClientSecret != clientSecret {
-		util.LogWarning(c.Ctx, "Basic Authorization failed")
+		c.ResponseError("invalid application or wrong clientSecret")
 		c.Data["json"] = Response{Status: "error", Msg: "Unauthorized operation"}
 		c.ServeJSON()
 		return
 	}
 	token := object.GetTokenByTokenAndApplication(tokenValue, application.Name)
 	if token == nil {
 		util.LogWarning(c.Ctx, "application: %s can not find token", application.Name)
 		c.Data["json"] = &object.IntrospectionResponse{Active: false}
 		c.ServeJSON()
 		return
@ -299,7 +298,6 @@ func (c *ApiController) IntrospectToken() {
 		// and token revoked case. but we not implement
 		// TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs.
 		// refs: https://tools.ietf.org/html/rfc7009
 		util.LogWarning(c.Ctx, "token invalid")
 		c.Data["json"] = &object.IntrospectionResponse{Active: false}
 		c.ServeJSON()
 		return
--- a/routers/authz_filter.go
+++ b/routers/authz_filter.go
@ -104,6 +104,11 @@ func getUrlPath(urlPath string) string {
 	if strings.HasPrefix(urlPath, "/cas") && (strings.HasSuffix(urlPath, "/serviceValidate") || strings.HasSuffix(urlPath, "/proxy") || strings.HasSuffix(urlPath, "/proxyValidate") || strings.HasSuffix(urlPath, "/validate") || strings.HasSuffix(urlPath, "/p3/serviceValidate") || strings.HasSuffix(urlPath, "/p3/proxyValidate") || strings.HasSuffix(urlPath, "/samlValidate")) {
 		return "/cas"
 	}
 	if strings.HasPrefix(urlPath, "/api/login/oauth") {
 		return "/api/login/oauth"
 	}
 	return urlPath
 }