From e1b912bdf6792807a026c09ff4ee9a4826f47a0e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 Jun 2022 02:05:50 +0000 Subject: [PATCH 1/3] :arrow_up: Bump fastjson from 1.2.78 to 1.2.83 Bumps [fastjson](https://github.com/alibaba/fastjson) from 1.2.78 to 1.2.83. - [Release notes](https://github.com/alibaba/fastjson/releases) - [Commits](https://github.com/alibaba/fastjson/compare/1.2.78...1.2.83) --- updated-dependencies: - dependency-name: com.alibaba:fastjson dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 30ceda3..e4ab741 100644 --- a/pom.xml +++ b/pom.xml @@ -60,7 +60,7 @@ 1.0.5 1.18.20 4.13.2 - 1.2.78 + 1.2.83 4.17.5.ALL 0.8.2 From f3a8cf675c9203aeabbe1faefb6216177ac28d0c Mon Sep 17 00:00:00 2001 From: marquis chen <838095230@qq.com> Date: Mon, 5 Sep 2022 16:42:51 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E4=BC=81=E4=B8=9A=E5=BE=AE=E4=BF=A1?= =?UTF-8?q?=E7=BD=91=E9=A1=B5=E7=99=BB=E5=BD=95=E5=A2=9E=E5=8A=A0AgentId?= =?UTF-8?q?=E5=8F=82=E6=95=B0=EF=BC=8C=E5=AF=B9=E9=87=8D=E5=AE=9A=E5=90=91?= =?UTF-8?q?=E5=9C=B0=E5=9D=80UrlEncode=EF=BC=8C=E8=8E=B7=E5=8F=96=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E6=95=8F=E6=84=9F=E4=BF=A1=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../AbstractAuthWeChatEnterpriseRequest.java | 29 +++++++++++++++---- .../AuthWeChatEnterpriseWebRequest.java | 4 ++- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/src/main/java/me/zhyd/oauth/request/AbstractAuthWeChatEnterpriseRequest.java b/src/main/java/me/zhyd/oauth/request/AbstractAuthWeChatEnterpriseRequest.java index 16ff639..a2105cf 100644 --- a/src/main/java/me/zhyd/oauth/request/AbstractAuthWeChatEnterpriseRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AbstractAuthWeChatEnterpriseRequest.java @@ -3,7 +3,6 @@ package me.zhyd.oauth.request; import com.alibaba.fastjson.JSONObject; import me.zhyd.oauth.cache.AuthStateCache; import me.zhyd.oauth.config.AuthConfig; -import me.zhyd.oauth.config.AuthDefaultSource; import me.zhyd.oauth.config.AuthSource; import me.zhyd.oauth.enums.AuthResponseStatus; import me.zhyd.oauth.enums.AuthUserGender; @@ -12,6 +11,7 @@ import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthToken; import me.zhyd.oauth.model.AuthUser; import me.zhyd.oauth.utils.HttpUtils; +import me.zhyd.oauth.utils.StringUtils; import me.zhyd.oauth.utils.UrlBuilder; /** @@ -56,8 +56,8 @@ public abstract class AbstractAuthWeChatEnterpriseRequest extends AuthDefaultReq throw new AuthException(AuthResponseStatus.UNIDENTIFIED_PLATFORM, source); } String userId = object.getString("UserId"); - String userDetailResponse = getUserDetail(authToken.getAccessToken(), userId); - JSONObject userDetail = this.checkResponse(userDetailResponse); + String userTicket = object.getString("user_ticket"); + JSONObject userDetail = getUserDetail(authToken.getAccessToken(), userId, userTicket); return AuthUser.builder() .rawUserInfo(userDetail) @@ -123,14 +123,31 @@ public abstract class AbstractAuthWeChatEnterpriseRequest extends AuthDefaultReq * * @param accessToken accessToken * @param userId 企业内用户id + * @param userTicket 成员票据,用于获取用户信息或敏感信息 * @return 用户详情 */ - private String getUserDetail(String accessToken, String userId) { - String userDetailUrl = UrlBuilder.fromBaseUrl("https://qyapi.weixin.qq.com/cgi-bin/user/get") + private JSONObject getUserDetail(String accessToken, String userId, String userTicket) { + // 用户基础信息 + String userInfoUrl = UrlBuilder.fromBaseUrl("https://qyapi.weixin.qq.com/cgi-bin/user/get") .queryParam("access_token", accessToken) .queryParam("userid", userId) .build(); - return new HttpUtils(config.getHttpConfig()).get(userDetailUrl).getBody(); + String userInfoResponse = new HttpUtils(config.getHttpConfig()).get(userInfoUrl).getBody(); + JSONObject userInfo = checkResponse(userInfoResponse); + + // 用户敏感信息 + if (StringUtils.isNotEmpty(userTicket)) { + String userDetailUrl = UrlBuilder.fromBaseUrl("https://qyapi.weixin.qq.com/cgi-bin/auth/getuserdetail") + .queryParam("access_token", accessToken) + .build(); + JSONObject param = new JSONObject(); + param.put("user_ticket", userTicket); + String userDetailResponse = new HttpUtils(config.getHttpConfig()).post(userDetailUrl, param.toJSONString()).getBody(); + JSONObject userDetail = checkResponse(userDetailResponse); + + userInfo.putAll(userDetail); + } + return userInfo; } } diff --git a/src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseWebRequest.java b/src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseWebRequest.java index 3a9747f..1a139cf 100644 --- a/src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseWebRequest.java +++ b/src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseWebRequest.java @@ -5,6 +5,7 @@ import me.zhyd.oauth.config.AuthConfig; import me.zhyd.oauth.config.AuthDefaultSource; import me.zhyd.oauth.enums.scope.AuthWeChatEnterpriseWebScope; import me.zhyd.oauth.utils.AuthScopeUtils; +import me.zhyd.oauth.utils.GlobalAuthUtils; import me.zhyd.oauth.utils.UrlBuilder; /** @@ -28,7 +29,8 @@ public class AuthWeChatEnterpriseWebRequest extends AbstractAuthWeChatEnterprise public String authorize(String state) { return UrlBuilder.fromBaseUrl(source.authorize()) .queryParam("appid", config.getClientId()) - .queryParam("redirect_uri", config.getRedirectUri()) + .queryParam("agentid", config.getAgentId()) + .queryParam("redirect_uri", GlobalAuthUtils.urlEncode(config.getRedirectUri())) .queryParam("response_type", "code") .queryParam("scope", this.getScopes(",", false, AuthScopeUtils.getDefaultScopes(AuthWeChatEnterpriseWebScope.values()))) .queryParam("state", getRealState(state).concat("#wechat_redirect")) From 7a9d602499894df1977d87d7e3c74e032bc8941b Mon Sep 17 00:00:00 2001 From: chengpengxiang <15503679582@163.com> Date: Mon, 3 Oct 2022 13:17:28 +0800 Subject: [PATCH 3/3] =?UTF-8?q?test:=E6=B7=BB=E5=8A=A0=E9=A3=9E=E4=B9=A6?= =?UTF-8?q?=E5=8D=95=E5=85=83=E6=B5=8B=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../oauth/request/AuthFeiShuRequestTest.java | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 src/test/java/me/zhyd/oauth/request/AuthFeiShuRequestTest.java diff --git a/src/test/java/me/zhyd/oauth/request/AuthFeiShuRequestTest.java b/src/test/java/me/zhyd/oauth/request/AuthFeiShuRequestTest.java new file mode 100644 index 0000000..f6e653b --- /dev/null +++ b/src/test/java/me/zhyd/oauth/request/AuthFeiShuRequestTest.java @@ -0,0 +1,84 @@ +package me.zhyd.oauth.request; + +import com.alibaba.fastjson.JSON; +import me.zhyd.oauth.config.AuthConfig; +import me.zhyd.oauth.model.AuthCallback; +import me.zhyd.oauth.model.AuthResponse; +import me.zhyd.oauth.model.AuthToken; +import me.zhyd.oauth.model.AuthUser; +import me.zhyd.oauth.utils.AuthStateUtils; +import org.junit.Assert; +import org.junit.Test; + +/** + * @ClassName AuthFeiShuRequestTest + * @Author jackcheng(chen781142032@gamil.com) + * @version 1.0 + * @since 1.16.5 + * @Date 2022/10/1 11:23 + * @Description 飞书第三方登录测试类 先执行authorize()方法获取state以及authorizeUrl, + * 然后在浏览器中打开authorizeUrl,登录成功后会跳转到redirectUri,并且会携带code和state参数 + **/ +public class AuthFeiShuRequestTest { + + @Test + public void authorize() { + AuthRequest request = new AuthFeishuRequest(AuthConfig.builder() + .clientId("your App ID") + .clientSecret("your App Secret") + .redirectUri("you set redirect uri") + .build()); + String state = AuthStateUtils.createState(); + System.out.println("state==" + state); + String authorize = request.authorize(state); + System.out.println("authorize==" + authorize); + Assert.assertNotNull(authorize); + } + + @Test + public void getAccessTokenAndUserInfo() { + AuthRequest request = new AuthFeishuRequest(AuthConfig.builder() + .clientId("your App ID") + .clientSecret("your App Secret") + .redirectUri("you set redirect uri") + .build()); + + String state = "your state"; + + AuthCallback callback = AuthCallback.builder() + .code("your code") + .state(state) + .build(); + AuthToken accessToken = ((AuthFeishuRequest) request).getAccessToken(callback); + Assert.assertNotNull(accessToken); + System.out.println("token==" + accessToken.getAccessToken()); + + AuthUser userInfo = ((AuthFeishuRequest) request).getUserInfo(accessToken); + Assert.assertNotNull(userInfo); + System.out.println("userInfo==" + JSON.toJSONString(userInfo)); + + } + + @Test + public void login() { + AuthRequest request = new AuthFeishuRequest(AuthConfig.builder() + .clientId("your App ID") + .clientSecret("your App Secret") + .redirectUri("you set redirect uri") + .build()); + + String state = "your state"; + request.authorize(state); + AuthCallback callback = AuthCallback.builder() + .code("your code") + .state(state) + .build(); + AuthResponse response = request.login(callback); + Assert.assertNotNull(response); + AuthUser user = (AuthUser) response.getData(); + Assert.assertNotNull(user); + System.out.println(JSON.toJSONString(user)); + } + +} +