feat: 对用户登录可以自定义额外的 Checker #67
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a mechanism for custom authentication validation during user login through the IExtraAuthChecker interface, allowing applications to add additional authentication checks beyond standard username/password verification.
- Added
IExtraAuthCheckerinterface for custom authentication validation - Integrated checker execution into the login flow via CDI
Instanceinjection - Added comprehensive test coverage with two test checker implementations
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| SsoController.java | Injects and executes extra authentication checkers after successful password validation |
| IExtraAuthChecker.java | Defines the interface for custom authentication validation logic |
| TestLogin.java | Adds test cases verifying that custom checkers can block user login and includes two example checker implementations |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| void check(IRuntimeUser runtimeUser); | ||
| } |
There was a problem hiding this comment.
The check method lacks documentation explaining its contract. Add a JavaDoc comment describing: (1) the method's purpose in the authentication flow, (2) the expected behavior when validation fails (e.g., throwing an exception), and (3) the parameter's meaning.
| void check(IRuntimeUser runtimeUser); | |
| } | |
| /** | |
| * Performs additional authentication checks on the provided runtime user. | |
| * <p> | |
| * This method is intended to be called during the authentication flow to validate | |
| * extra conditions or requirements for the user. If the validation fails, | |
| * an exception should be thrown to indicate authentication failure. | |
| * | |
| * @param runtimeUser the user to be validated by extra authentication checks | |
| * @throws RuntimeException if the user fails the extra authentication checks | |
| */ | |
| void check(IRuntimeUser runtimeUser); |
| .header("userID", config.superUserId()) | ||
| .contentType("application/json") | ||
| .body(Map.of( | ||
| "v_name", "222" |
There was a problem hiding this comment.
[nitpick] Using magic string '222' for user name. Consider using a descriptive constant like 'TEST_USER_2_NAME' to improve test readability and maintainability.
| .header("userID", config.superUserId()) | ||
| .contentType("application/json") | ||
| .body(Map.of( | ||
| "v_name", "333" |
There was a problem hiding this comment.
[nitpick] Using magic string '333' for user name. Consider using a descriptive constant like 'TEST_USER_3_NAME' to improve test readability and maintainability.
|
两个想法:
|
done
在 javadoc 还有方法签名上 throws 要求抛出,比如说 MuYunException?这个 checker 我想的使用场景是比如说 2FA 的情况下,错误具体信息需要被用户所看到 |
gtn1024
force-pushed
the
gtn1024/auth-extra-checker
branch
from
b23e266 to
7f6fc42
Compare
| import net.ximatai.muyun.model.IRuntimeUser; | ||
|
|
||
| public interface IExtraLoginChecker { | ||
| void check(IRuntimeUser runtimeUser); |
There was a problem hiding this comment.
要不要声明抛出异常,这样平台会强制捕获,然后再次包装成 muyunException 出去?
gtn1024
force-pushed
the
gtn1024/auth-extra-checker
branch
from
7f6fc42 to
ec49de0
Compare
No description provided.