⬆️ Merge branch 'dev'

pom.xml

@@ -60,7 +60,7 @@
     <simple-http.version>1.0.5</simple-http.version>
     <lombok-version>1.18.20</lombok-version>
     <junit-version>4.13.2</junit-version>
-    <fastjson-version>1.2.78</fastjson-version>
+    <fastjson-version>1.2.83</fastjson-version>
     <alipay-sdk-version>4.17.5.ALL</alipay-sdk-version>
     <jacoco-version>0.8.2</jacoco-version>
   </properties>

src/main/java/me/zhyd/oauth/request/AbstractAuthWeChatEnterpriseRequest.java

@@ -3,7 +3,6 @@ package me.zhyd.oauth.request;
 import com.alibaba.fastjson.JSONObject;
 import me.zhyd.oauth.cache.AuthStateCache;
 import me.zhyd.oauth.config.AuthConfig;
-import me.zhyd.oauth.config.AuthDefaultSource;
 import me.zhyd.oauth.config.AuthSource;
 import me.zhyd.oauth.enums.AuthResponseStatus;
 import me.zhyd.oauth.enums.AuthUserGender;
@@ -12,6 +11,7 @@ import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthToken;
 import me.zhyd.oauth.model.AuthUser;
 import me.zhyd.oauth.utils.HttpUtils;
+import me.zhyd.oauth.utils.StringUtils;
 import me.zhyd.oauth.utils.UrlBuilder;
 
 /**
@@ -56,8 +56,8 @@ public abstract class AbstractAuthWeChatEnterpriseRequest extends AuthDefaultReq
             throw new AuthException(AuthResponseStatus.UNIDENTIFIED_PLATFORM, source);
         }
         String userId = object.getString("UserId");
-        String userDetailResponse = getUserDetail(authToken.getAccessToken(), userId);
+        String userTicket = object.getString("user_ticket");
-        JSONObject userDetail = this.checkResponse(userDetailResponse);
+        JSONObject userDetail = getUserDetail(authToken.getAccessToken(), userId, userTicket);
 
         return AuthUser.builder()
             .rawUserInfo(userDetail)
@@ -123,14 +123,31 @@ public abstract class AbstractAuthWeChatEnterpriseRequest extends AuthDefaultReq
      *
      * @param accessToken accessToken
      * @param userId      企业内用户id
+     * @param userTicket  成员票据，用于获取用户信息或敏感信息
      * @return 用户详情
      */
-    private String getUserDetail(String accessToken, String userId) {
+    private JSONObject getUserDetail(String accessToken, String userId, String userTicket) {
-        String userDetailUrl = UrlBuilder.fromBaseUrl("https://qyapi.weixin.qq.com/cgi-bin/user/get")
+        // 用户基础信息
+        String userInfoUrl = UrlBuilder.fromBaseUrl("https://qyapi.weixin.qq.com/cgi-bin/user/get")
             .queryParam("access_token", accessToken)
             .queryParam("userid", userId)
             .build();
-        return new HttpUtils(config.getHttpConfig()).get(userDetailUrl).getBody();
+        String userInfoResponse = new HttpUtils(config.getHttpConfig()).get(userInfoUrl).getBody();
+        JSONObject userInfo = checkResponse(userInfoResponse);
+
+        // 用户敏感信息
+        if (StringUtils.isNotEmpty(userTicket)) {
+            String userDetailUrl = UrlBuilder.fromBaseUrl("https://qyapi.weixin.qq.com/cgi-bin/auth/getuserdetail")
+                .queryParam("access_token", accessToken)
+                .build();
+            JSONObject param = new JSONObject();
+            param.put("user_ticket", userTicket);
+            String userDetailResponse = new HttpUtils(config.getHttpConfig()).post(userDetailUrl, param.toJSONString()).getBody();
+            JSONObject userDetail = checkResponse(userDetailResponse);
+
+            userInfo.putAll(userDetail);
+        }
+        return userInfo;
     }
 
 }

src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseWebRequest.java

@@ -29,6 +29,7 @@ public class AuthWeChatEnterpriseWebRequest extends AbstractAuthWeChatEnterprise
     public String authorize(String state) {
         return UrlBuilder.fromBaseUrl(source.authorize())
             .queryParam("appid", config.getClientId())
+            .queryParam("agentid", config.getAgentId())
             .queryParam("redirect_uri", GlobalAuthUtils.urlEncode(config.getRedirectUri()))
             .queryParam("response_type", "code")
             .queryParam("scope", this.getScopes(",", false, AuthScopeUtils.getDefaultScopes(AuthWeChatEnterpriseWebScope.values())))

src/test/java/me/zhyd/oauth/request/AuthFeiShuRequestTest.java

@@ -0,0 +1,84 @@
+package me.zhyd.oauth.request;
+
+import com.alibaba.fastjson.JSON;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.AuthStateUtils;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * @ClassName AuthFeiShuRequestTest
+ * @Author jackcheng(chen781142032@gamil.com)
+ * @version 1.0
+ * @since 1.16.5
+ * @Date 2022/10/1 11:23
+ * @Description 飞书第三方登录测试类 先执行authorize()方法获取state以及authorizeUrl，
+ * 然后在浏览器中打开authorizeUrl，登录成功后会跳转到redirectUri，并且会携带code和state参数
+ **/
+public class AuthFeiShuRequestTest {
+
+    @Test
+    public void authorize() {
+        AuthRequest request = new AuthFeishuRequest(AuthConfig.builder()
+            .clientId("your App ID")
+            .clientSecret("your App Secret")
+            .redirectUri("you set redirect uri")
+            .build());
+        String state = AuthStateUtils.createState();
+        System.out.println("state==" + state);
+        String authorize = request.authorize(state);
+        System.out.println("authorize==" + authorize);
+        Assert.assertNotNull(authorize);
+    }
+
+    @Test
+    public void getAccessTokenAndUserInfo() {
+        AuthRequest request = new AuthFeishuRequest(AuthConfig.builder()
+            .clientId("your App ID")
+            .clientSecret("your App Secret")
+            .redirectUri("you set redirect uri")
+            .build());
+
+        String state = "your state";
+
+        AuthCallback callback = AuthCallback.builder()
+            .code("your code")
+            .state(state)
+            .build();
+        AuthToken accessToken = ((AuthFeishuRequest) request).getAccessToken(callback);
+        Assert.assertNotNull(accessToken);
+        System.out.println("token==" + accessToken.getAccessToken());
+
+        AuthUser userInfo = ((AuthFeishuRequest) request).getUserInfo(accessToken);
+        Assert.assertNotNull(userInfo);
+        System.out.println("userInfo==" + JSON.toJSONString(userInfo));
+
+    }
+
+    @Test
+    public void login() {
+        AuthRequest request = new AuthFeishuRequest(AuthConfig.builder()
+            .clientId("your App ID")
+            .clientSecret("your App Secret")
+            .redirectUri("you set redirect uri")
+            .build());
+
+        String state = "your state";
+        request.authorize(state);
+        AuthCallback callback = AuthCallback.builder()
+            .code("your code")
+            .state(state)
+            .build();
+        AuthResponse response = request.login(callback);
+        Assert.assertNotNull(response);
+        AuthUser user = (AuthUser) response.getData();
+        Assert.assertNotNull(user);
+        System.out.println(JSON.toJSONString(user));
+    }
+
+}
+