using JNPF.Extras.CollectiveOAuth.Cache; using JNPF.Extras.CollectiveOAuth.Config; using JNPF.Extras.CollectiveOAuth.Enums; using JNPF.Extras.CollectiveOAuth.Models; using JNPF.Extras.CollectiveOAuth.Utils; namespace JNPF.Extras.CollectiveOAuth.Request; public class WeChatEnterpriseAuthRequest : DefaultAuthRequest { public WeChatEnterpriseAuthRequest(ClientConfig config) : base(config, new WechatEnterpriseAuthSource()) { } public WeChatEnterpriseAuthRequest(ClientConfig config, IAuthStateCache authStateCache) : base(config, new WechatEnterpriseAuthSource(), authStateCache) { } /** * 微信的特殊性,此时返回的信息同时包含 openid 和 access_token * * @param authCallback 回调返回的参数 * @return 所有信息 */ protected override AuthToken getAccessToken(AuthCallback authCallback) { string response = doGetAuthorizationCode(accessTokenUrl(authCallback.code)); var jsonObj = response.parseObject(); this.checkResponse(jsonObj); var authToken = new AuthToken(); authToken.accessToken = jsonObj.getString("access_token"); authToken.expireIn = jsonObj.getInt32("expires_in"); authToken.code = authCallback.code; return authToken; } protected override AuthUser getUserInfo(AuthToken authToken) { string response = doGetUserInfo(authToken); var jsonObj = response.parseObject(); this.checkResponse(jsonObj); // 返回 OpenId 或其他,均代表非当前企业用户,不支持 if (!jsonObj.ContainsKey("UserId")) { throw new Exception(AuthResponseStatus.UNIDENTIFIED_PLATFORM.GetDesc()); } string userId = jsonObj.getString("UserId"); string userDetailResponse = getUserDetail(authToken.accessToken, userId); var userDetailObj = userDetailResponse.parseObject(); this.checkResponse(userDetailObj); var authUser = new AuthUser(); authUser.username = userDetailObj.getString("name"); authUser.nickname = userDetailObj.getString("alias"); authUser.avatar = userDetailObj.getString("avatar"); authUser.location = userDetailObj.getString("address"); authUser.email = userDetailObj.getString("email"); authUser.uuid = userDetailObj.getString("userId"); authUser.token = authToken; authUser.source = source.getName(); authUser.gender = GlobalAuthUtil.getWechatRealGender(userDetailObj.getString("gender")); authUser.originalUser = userDetailObj; authUser.originalUserStr = response; return authUser; } /** * 校验请求结果 * * @param response 请求结果 * @return 如果请求结果正常,则返回JSONObject */ private void checkResponse(Dictionary dic) { if (dic.ContainsKey("errcode") && dic.getInt32("errcode") != 0) { throw new Exception($"errcode: {dic.getString("errcode")}, errmsg: {dic.getString("errmsg")}"); } } /** * 返回带{@code state}参数的授权url,授权回调时会带上这个{@code state} * * @param state state 验证授权流程的参数,可以防止csrf * @return 返回授权地址 * @since 1.9.3 */ public override string authorize(string state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("appid", config.clientId) .queryParam("response_type", "code") .queryParam("redirect_uri", config.redirectUri) .queryParam("scope", config.scope.IsNullOrWhiteSpace() ? "snsapi_userinfo" : config.scope) .queryParam("state", getRealState(state) + "#wechat_redirect") .build(); } /** * 返回获取accessToken的url * * @param code 授权码 * @return 返回获取accessToken的url */ protected override string accessTokenUrl(String code) { return UrlBuilder.fromBaseUrl(source.accessToken()) .queryParam("corpid", config.clientId) .queryParam("corpsecret", config.clientSecret) .build(); } /** * 返回获取userInfo的url * * @param authToken 用户授权后的token * @return 返回获取userInfo的url */ protected override string userInfoUrl(AuthToken authToken) { return UrlBuilder.fromBaseUrl(source.userInfo()) .queryParam("access_token", authToken.accessToken) .queryParam("code", authToken.code) .build(); } /** * 用户详情 * * @param accessToken accessToken * @param userId 企业内用户id * @return 用户详情 */ private string getUserDetail(string accessToken, string userId) { string userDetailUrl = UrlBuilder.fromBaseUrl("https://qyapi.weixin.qq.com/cgi-bin/user/get") .queryParam("access_token", accessToken) .queryParam("userid", userId) .build(); return HttpUtils.RequestGet(userDetailUrl); } }