optimize: 优化 GitHubOAuth2LoginAuthenticationProvider

sanwenyukaochi · sanwenyukaochi · commit 99b7dc9716b3 · 2026-03-15T01:51:12.000+08:00
diff --git a/src/main/java/com/spring/security/authentication/handler/auth/LoginSuccessHandler.java b/src/main/java/com/spring/security/authentication/handler/auth/LoginSuccessHandler.java
@@ -24,6 +24,7 @@
 import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
+import tools.jackson.core.type.TypeReference;
 import tools.jackson.databind.json.JsonMapper;
 
 /**
@@ -59,10 +60,8 @@ public void onAuthenticationSuccess(
         JwtTokenUserLoginInfo jwtTokenUserLoginInfo =
                 new JwtTokenUserLoginInfo(currentUser.getSessionId(), currentUser.getUsername());
         // 一些特殊的登录参数。比如三方登录，需要额外返回一个字段是否需要跳转的绑定已有账号页面
-        @SuppressWarnings("unchecked")
         Map<String, Object> additionalInfo = Optional.ofNullable(authentication.getDetails())
-                .filter(Map.class::isInstance)
-                .map(Map.class::cast)
+                .map(details -> jsonMapper.convertValue(details, new TypeReference<Map<String, Object>>() {}))
                 .orElse(Map.of());
         boolean hasAccount =
                 authentication.getDetails() == null || Boolean.FALSE.equals(additionalInfo.get("isNewUser"));
diff --git a/src/main/java/com/spring/security/authentication/handler/auth/github/login/GitHubOAuth2LoginAuthenticationProvider.java b/src/main/java/com/spring/security/authentication/handler/auth/github/login/GitHubOAuth2LoginAuthenticationProvider.java
@@ -93,35 +93,41 @@ public Authentication authenticate(@NonNull Authentication authentication) throw
         Long providerUserId = extractProviderUserId(oauth2User);
 
         // 查询用户信息
-        User user = retrieveUser(providerUserId, oauth2User, authorizationCodeAuthenticationToken);
-        UserLoginInfo userLoginInfo = new UserLoginInfo(
-                UUID.randomUUID().toString(),
-                user != null ? user.getId() : null,
-                user != null ? user.getUsername() : oauth2User.getAttribute("login"),
-                user != null ? user.getPassword() : null,
-                user != null ? user.getPhone() : null,
-                user != null ? user.getEmail() : oauth2User.getAttribute("email"),
-                user != null ? user.getAccountNonLocked() : null,
-                user != null ? user.getAccountNonExpired() : null,
-                user != null ? user.getCredentialsNonExpired() : null,
-                user != null ? user.getEnabled() : null,
-                user != null ? user.getMfaSecret() : null,
-                user != null ? user.getMfaEnabled() : null,
-                user != null ? mappedAuthorities : null);
+        User loadedUser = retrieveUser(providerUserId);
 
         // 认证通过，使用 Authenticated 为 true 的构造函数
+        // 验证用户信息
+        // 构造成功结果
         GitHubOAuth2LoginAuthenticationToken result = new GitHubOAuth2LoginAuthenticationToken(
                 loginAuthenticationToken.getClientRegistration(),
                 loginAuthenticationToken.getAuthorizationExchange(),
-                userLoginInfo,
+                Optional.ofNullable(loadedUser)
+                        .map(user -> new UserLoginInfo(
+                                UUID.randomUUID().toString(),
+                                user.getId(),
+                                user.getUsername(),
+                                user.getPassword(),
+                                user.getPhone(),
+                                user.getEmail(),
+                                user.getAccountNonLocked(),
+                                user.getAccountNonExpired(),
+                                user.getCredentialsNonExpired(),
+                                user.getEnabled(),
+                                user.getMfaSecret(),
+                                user.getMfaEnabled(),
+                                authorities))
+                        .orElse(null),
                 mappedAuthorities,
-                loginAuthenticationToken.getAccessToken(),
-                loginAuthenticationToken.getRefreshToken());
-        // 必须转化成Map
-        result.setDetails(jsonMapper.convertValue(authentication.getDetails(), Map.class));
-        log.debug("用户名认证成功，用户: {}", userLoginInfo.getUsername());
-        // 验证用户信息
-        // 构造成功结果
+                authorizationCodeAuthenticationToken.getAccessToken(),
+                authorizationCodeAuthenticationToken.getRefreshToken());
+        result.setDetails(new GitHubOAuth2Meta(
+                UserIdentity.Provider.GITHUB,
+                providerUserId,
+                oauth2User.getAttribute("login"),
+                oauth2User.getAttribute("name"),
+                oauth2User.getAttribute("email"),
+                loadedUser == null ? Boolean.TRUE : Boolean.FALSE));
+        log.debug("用户名认证成功，用户: {}", Optional.ofNullable(oauth2User.getAttribute("login")));
         return result;
     }
 
@@ -143,34 +149,48 @@ public final void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMappe
     public boolean supports(@NonNull Class<?> authentication) {
         return GitHubOAuth2LoginAuthenticationToken.class.isAssignableFrom(authentication);
     }
-
-    protected User retrieveUser(
-            Long providerUserId, OAuth2User oauth2User, GitHubOAuth2AuthorizationCodeAuthenticationToken authentication)
-            throws AuthenticationException {
+    //    protected Authentication createSuccessAuthentication(
+    //            Authentication authentication, User loadedUser, Collection<GrantedAuthority> mappedAuthorities) {
+    //        GitHubOAuth2AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken =
+    //                (GitHubOAuth2AuthorizationCodeAuthenticationToken) authentication;
+    //        GitHubOAuth2LoginAuthenticationToken result = new GitHubOAuth2LoginAuthenticationToken(
+    //                authorizationCodeAuthenticationToken.getClientRegistration(),
+    //                authorizationCodeAuthenticationToken.getAuthorizationExchange(),
+    //                Optional.ofNullable(loadedUser)
+    //                        .map(user -> new UserLoginInfo(
+    //                                UUID.randomUUID().toString(),
+    //                                user.getId(),
+    //                                user.getUsername(),
+    //                                user.getPassword(),
+    //                                user.getPhone(),
+    //                                user.getEmail(),
+    //                                user.getAccountNonLocked(),
+    //                                user.getAccountNonExpired(),
+    //                                user.getCredentialsNonExpired(),
+    //                                user.getEnabled(),
+    //                                user.getMfaSecret(),
+    //                                user.getMfaEnabled(),
+    //                                authorities))
+    //                        .orElse(null),
+    //                mappedAuthorities,
+    //                authorizationCodeAuthenticationToken.getAccessToken(),
+    //                authorizationCodeAuthenticationToken.getRefreshToken());
+    //        result.setDetails(new GitHubOAuth2Meta(
+    //                UserIdentity.Provider.GITHUB,
+    //                providerUserId,
+    //                oauth2User.getAttribute("login"),
+    //                oauth2User.getAttribute("name"),
+    //                oauth2User.getAttribute("email"),
+    //                loadedUser == null ? Boolean.TRUE:Boolean.FALSE));
+    //        log.debug("用户名认证成功，用户: {}", Optional.ofNullable(oauth2User.getAttribute("login")));
+    //        return result;
+    //    }
+    protected User retrieveUser(Long providerUserId) throws AuthenticationException {
         log.debug("查询GitHub用户: providerUserId={}", providerUserId);
         return userIdentityRepository
                 .findByProviderUserIdAndProvider(providerUserId, UserIdentity.Provider.GITHUB)
                 .map(UserIdentity::getUserId)
                 .flatMap(userRepository::findById)
-                .map(user -> {
-                    authentication.setDetails(new GitHubOAuth2Meta(
-                            UserIdentity.Provider.GITHUB,
-                            providerUserId,
-                            oauth2User.getAttribute("login"),
-                            oauth2User.getAttribute("name"),
-                            oauth2User.getAttribute("email"),
-                            Boolean.FALSE));
-                    return user;
-                })
-                .orElseGet(() -> {
-                    authentication.setDetails(new GitHubOAuth2Meta(
-                            UserIdentity.Provider.GITHUB,
-                            providerUserId,
-                            oauth2User.getAttribute("login"),
-                            oauth2User.getAttribute("name"),
-                            oauth2User.getAttribute("email"),
-                            Boolean.TRUE));
-                    return null;
-                });
+                .orElse(null);
     }
 }
