From d20c0cf8ebaff4d0d5f704b99b2f4115a13e2317 Mon Sep 17 00:00:00 2001
From: "Crystal.Sea" <shimingxy@163.com>
Date: Tue, 2 Nov 2021 19:15:49 +0800
Subject: [PATCH] OAuth App is null

---
 .../endpoint/OAuth20AccessConfirmationEndpoint.java    |  7 +------
 .../oauth2/provider/endpoint/AbstractEndpoint.java     |  5 +++++
 .../provider/endpoint/AuthorizationEndpoint.java       | 10 +++++++++-
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java
index e3c01682..ff798155 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java
@@ -85,12 +85,7 @@ public class OAuth20AccessConfirmationEndpoint {
 	                (AuthorizationRequest) WebContext.getAttribute("authorizationRequest");
 	        ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
 	        Apps  app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
-	        //session中为空或者id不一致重新加载
-	        if (app == null || !app.getId().equalsIgnoreCase(clientAuth.getClientId())) {
-	            app = appsService.get(clientAuth.getClientId()); 
-	            WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
-	            WebContext.setAttribute(app.getId(), app.getIcon());
-	        }
+	        WebContext.setAttribute(app.getId(), app.getIcon());
 	       
 	        model.put("auth_request", clientAuth);
 	        model.put("client", client);
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AbstractEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AbstractEndpoint.java
index e6decbdf..40ccfe1b 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AbstractEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AbstractEndpoint.java
@@ -35,6 +35,7 @@ import org.maxkey.authz.oauth2.provider.refresh.RefreshTokenGranter;
 import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestFactory;
 import org.maxkey.authz.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.maxkey.configuration.ApplicationConfig;
+import org.maxkey.persistence.service.AppsService;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -75,6 +76,10 @@ public class AbstractEndpoint implements InitializingBean {
     @Qualifier("oauth20UserAuthenticationManager")
 	AuthenticationManager authenticationManager;
 	
+	@Autowired
+    @Qualifier("appsService")
+    protected AppsService appsService;
+	
 	@Autowired 
     @Qualifier("applicationConfig")
     protected ApplicationConfig applicationConfig;
diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
index 00511c7d..91bdd3f2 100644
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
@@ -43,7 +43,9 @@ import org.maxkey.authz.oauth2.provider.code.AuthorizationCodeServices;
 import org.maxkey.authz.oauth2.provider.implicit.ImplicitTokenRequest;
 import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestValidator;
 import org.maxkey.util.HttpEncoder;
+import org.maxkey.entity.apps.Apps;
 import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
+import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -200,7 +202,13 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
 							(Authentication) principal));
 				}
 			}
-
+			Apps  app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
+			//session中为空或者id不一致重新加载
+            if (app == null || !app.getId().equalsIgnoreCase(authorizationRequest.getClientId())) {
+                app = appsService.get(authorizationRequest.getClientId()); 
+                WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
+            }
+            
 			// Place auth request into the model so that it is stored in the session
 			// for approveOrDeny to use. That way we make sure that auth request comes from the session,
 			// so any auth request parameters passed to approveOrDeny will be ignored and retrieved from the session.