将待签名字符串使用SHA1算法处理, 结果作为signature(签名)的值
secret只在待签名字符串中使用,请求接口时,请勿带上secret参数
以JavaScript代码为例
<script src="https://cdn.bootcss.com/crypto-js/3.1.9-1/crypto-js.min.js"></script>
<script>
const iframe = document.querySelector('#test-iframe');
function getUnionLoginParams() {
const nonce = 'fb4706';
const opfid = '572115641423875';//开发者中心获取
const uid = '18576626619';
const secret = '92cba47a143a0c22ee7';//开发者中心获取
const timestamp = Date.now().toString();
const params = { opfid, secret, uid, nonce, timestamp };
const query = Object.keys(params)
.sort(
(key1, key2) => key1.charCodeAt(0) - key2.charCodeAt(0)
)
.reduce((str, key) => (str += `${key}=${params[key]}&`), '')
.slice(0, -1);
const signature = CryptoJS.SHA1(query).toString(CryptoJS.enc.Hex);
return { nonce, opfid, uid, timestamp, signature };
}
const params = getUnionLoginParams();
let loginUrl = 'https://open.rabbitpre.com/union-login.html';
loginUrl += `?nonce=${params.nonce}`;
loginUrl += `&opfid=${params.opfid}`;
loginUrl += `&uid=${params.uid}`;
loginUrl += `×tamp=${params.timestamp}`;
loginUrl += `&signature=${params.signature}`;
loginUrl += `&redirecturl=${encodeURIComponent('https://www.rabbitpre.com/template/multipage.html')}`;
iframe.setAttribute('src', loginUrl);
</script> |
Java代码参考示例
SortedMap<String, String> map = new TreeMap<String, String>();
map.put("opfid", opfid);
map.put("nonce", nonce);
map.put("timestamp", timestamp);
map.put("secret", secret);
map.put("uid", uid);
String signature = SHA1Util.createSHA1Sign(map);
System.err.println("--signature-->>" + signature);
companyId=1&nonce=123456&opfid=65499870709224111111&secret=2222222222222222×tamp=1625194549051&uid=1000010001
--signature→>c1e0401e25926f3d42de2f03fc989eec4f15b01d |
后续技术对接,首先执行联合登录接口。开放平台目前只支持HTML联合登录的方式(即浏览器访问如下示例)
https://testopen.rabbitpre.com/union-login.html?nonce=123456&opfid=65499870709224111111&uid=uidjj×tamp=1625194549051&signature=c1e0401e25926f3d42de2f03fc989eec4f15b01d&redirecturl=https://home.rabbitpre.com
第一步:填写参数
第二步:填写脚本
脚本:
/**
* 通过request.data获取body的内容,这个是postman内置变量
* 常用内置参数如下:
* request 获取请求的参数,包括头和请求体
* responseHeaders 返回值的header
* responseBody 返回值的body
* responseCode 返回值的http code
*/
var params = pm.request.url.query.members;
var map = new Map();
map.set("secret","89908acc57d64110b0b805977244d5c6")
var timestamp = Date.parse(new Date());
map.set("timestamp",timestamp)
for (var i=0; i<params.length; i++)
{
// console.log(params[i])
if(params[i].key=="signature"){
continue
}
if(params[i].key=="timestamp"){
// let time2 = new Date().getTime();
console.log("------------------")
// map.set(params[i].key,time2)
continue
}
map.set(params[i].key,params[i].value)
}
console.log(map)
var arrayObj=Array.from(map);
arrayObj.sort(function(a,b){return a[0].localeCompare(b[0])})
//字段重新组装拼接
var tmp='';
for(var i=0;i<arrayObj.length;i++){
tmp += arrayObj[i][0]+"="+arrayObj[i][1]+"&";
}
tmp = tmp.substring(0,tmp.lastIndexOf("&"))
console.log("tmp ---->" + tmp);
//生成签名串:这里使用SHA1算法并使用十六进制编码
//CryptoJS-为JavaScript提供了各种各样的加密算法
//作者:CryptoJS<>(https://code.google.com/p/crypto-js/)
// var signHmacSHA1=CryptoJS.SHA1(tmp).toString(CryptoJS.enc.Hex).toUpperCase();
var signHmacSHA1=CryptoJS.SHA1(tmp).toString(CryptoJS.enc.Hex);
console.log("sign ---->" + signHmacSHA1);
//放入环境变量
//pm.environment.set("sha1msg",signHmacSHA1)
postman.setGlobalVariable("signature", signHmacSHA1);
postman.setGlobalVariable("timestamp", timestamp); |
第三步:修改脚本,如下secret,填写正确的开放平台密钥
