From a27e1d85b61c192f8558336924de51309d9ac31f Mon Sep 17 00:00:00 2001
From: click33 <2393584716@qq.com>
Date: Sat, 10 May 2025 03:21:40 +0800
Subject: [PATCH] =?UTF-8?q?feat(oauth2):=20SaClientModel=20=E6=96=B0?=
 =?UTF-8?q?=E5=A2=9E=20isAutoConfirm=20=E9=85=8D=E7=BD=AE=E9=A1=B9?=
 =?UTF-8?q?=EF=BC=8C=E7=94=A8=E4=BA=8E=E5=86=B3=E5=AE=9A=E6=98=AF=E5=90=A6?=
 =?UTF-8?q?=E5=85=81=E8=AE=B8=E5=BA=94=E7=94=A8=E5=8F=AF=E4=BB=A5=E8=87=AA?=
 =?UTF-8?q?=E5=8A=A8=E7=A1=AE=E8=AE=A4=E6=8E=88=E6=9D=83?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../SaOAuth2DataConverterDefaultImpl.java     |  6 ++---
 .../data/model/loader/SaClientModel.java      | 27 +++++++++++++++++--
 .../processor/SaOAuth2ServerProcessor.java    |  5 +++-
 3 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/convert/SaOAuth2DataConverterDefaultImpl.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/convert/SaOAuth2DataConverterDefaultImpl.java
index 3eadd4cb..0baac953 100644
--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/convert/SaOAuth2DataConverterDefaultImpl.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/convert/SaOAuth2DataConverterDefaultImpl.java
@@ -46,9 +46,9 @@ public class SaOAuth2DataConverterDefaultImpl implements SaOAuth2DataConverter {
             return new ArrayList<>();
         }
         // 兼容以下三种分隔符：空格、逗号、%20、加号
-        scopeString = scopeString.replaceAll(" ", ",");
-        scopeString = scopeString.replaceAll("%20", ",");
-        scopeString = scopeString.replaceAll("+", ",");
+        scopeString = scopeString.replace(" ", ",");
+        scopeString = scopeString.replace("%20", ",");
+        scopeString = scopeString.replace("+", ",");
         return SaFoxUtil.convertStringToList(scopeString);
     }
 
diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/model/loader/SaClientModel.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/model/loader/SaClientModel.java
index f81d7e38..31778c59 100644
--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/model/loader/SaClientModel.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/data/model/loader/SaClientModel.java
@@ -78,6 +78,9 @@ public class SaClientModel implements Serializable {
 	/** 单独配置此Client：Lower-Client-Token 保存的时间(单位：秒) [默认取全局配置] */
 	public long lowerClientTokenTimeout;
 
+	/** 是否允许此应用自动确认授权（高危配置，禁止向不被信任的第三方开启此选项） */
+	public Boolean isAutoConfirm = false;
+
 	
 	public SaClientModel() {
 		SaOAuth2ServerConfig config = SaOAuth2Manager.getServerConfig();
@@ -88,7 +91,7 @@ public class SaClientModel implements Serializable {
 		this.lowerClientTokenTimeout = config.getLowerClientTokenTimeout();
 	}
 	public SaClientModel(String clientId, String clientSecret, List<String> contractScopes, List<String> allowRedirectUris) {
-		super();
+		this();
 		this.clientId = clientId;
 		this.clientSecret = clientSecret;
 		this.contractScopes = contractScopes;
@@ -274,7 +277,26 @@ public class SaClientModel implements Serializable {
 		this.lowerClientTokenTimeout = lowerClientTokenTimeout;
 		return this;
 	}
-	
+
+	/**
+	 * 获取 是否允许此应用自动确认授权（高危配置，禁止向不被信任的第三方开启此选项）
+	 *
+	 * @return /
+	 */
+	public Boolean getIsAutoConfirm() {
+		return this.isAutoConfirm;
+	}
+
+	/**
+	 * 设置 是否允许此应用自动确认授权（高危配置，禁止向不被信任的第三方开启此选项）
+	 *
+	 * @param isAutoConfirm /
+	 * @return 对象自身
+	 */
+	public SaClientModel setIsAutoConfirm(Boolean isAutoConfirm) {
+		this.isAutoConfirm = isAutoConfirm;
+		return this;
+	}
 	//
 
 	@Override
@@ -291,6 +313,7 @@ public class SaClientModel implements Serializable {
 				", refreshTokenTimeout=" + refreshTokenTimeout +
 				", clientTokenTimeout=" + clientTokenTimeout +
 				", lowerClientTokenTimeout=" + lowerClientTokenTimeout +
+				", isAutoConfirm=" + isAutoConfirm +
 				'}';
 	}
 
diff --git a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/processor/SaOAuth2ServerProcessor.java b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/processor/SaOAuth2ServerProcessor.java
index edef23d5..b48e00a0 100644
--- a/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/processor/SaOAuth2ServerProcessor.java
+++ b/sa-token-plugin/sa-token-oauth2/src/main/java/cn/dev33/satoken/oauth2/processor/SaOAuth2ServerProcessor.java
@@ -138,7 +138,10 @@ public class SaOAuth2ServerProcessor {
 		// 6、判断：如果此次申请的Scope，该用户尚未授权，则转到授权页面
 		boolean isNeedCarefulConfirm = oauth2Template.isNeedCarefulConfirm(ra.loginId, ra.clientId, ra.scopes);
 		if(isNeedCarefulConfirm) {
-			return cfg.confirmView.apply(ra.clientId, ra.scopes);
+			SaClientModel cm = oauth2Template.checkClientModel(ra.clientId);
+			if( ! cm.getIsAutoConfirm()) {
+				return cfg.confirmView.apply(ra.clientId, ra.scopes);
+			}
 		}
 
 		// 7、判断授权类型，重定向到不同地址