From 9d7f5734be4fd641f16b6642508072d4fb99a2cc Mon Sep 17 00:00:00 2001
From: shibanglin <shibanglin@maxsso.net>
Date: Tue, 14 Feb 2023 10:52:01 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=81=E4=B8=9A=E5=BE=AE=E4=BF=A1=E4=B8=8A?=
 =?UTF-8?q?=E4=B8=8B=E6=B8=B8=E5=A4=84=E7=90=86=E7=94=A8=E6=88=B7id?=
 =?UTF-8?q?=EF=BC=8C=E4=B8=8D=E8=8E=B7=E5=8F=96=E7=94=A8=E6=88=B7=E8=AF=A6?=
 =?UTF-8?q?=E6=83=85?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../AuthWeChatEnterpriseWebRequestCost.java   | 82 +++++++++++++++++++
 .../service/SocialSignOnProviderService.java  |  2 +-
 2 files changed, 83 insertions(+), 1 deletion(-)
 create mode 100644 maxkey-authentications/maxkey-authentication-social/src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseWebRequestCost.java

diff --git a/maxkey-authentications/maxkey-authentication-social/src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseWebRequestCost.java b/maxkey-authentications/maxkey-authentication-social/src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseWebRequestCost.java
new file mode 100644
index 000000000..daa44b098
--- /dev/null
+++ b/maxkey-authentications/maxkey-authentication-social/src/main/java/me/zhyd/oauth/request/AuthWeChatEnterpriseWebRequestCost.java
@@ -0,0 +1,82 @@
+//
+// Source code recreated from a .class file by IntelliJ IDEA
+// (powered by FernFlower decompiler)
+//
+
+package me.zhyd.oauth.request;
+
+import com.alibaba.fastjson.JSONObject;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.AuthResponseStatus;
+import me.zhyd.oauth.enums.AuthUserGender;
+import me.zhyd.oauth.enums.scope.AuthWeChatEnterpriseWebScope;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.AuthScopeUtils;
+import me.zhyd.oauth.utils.HttpUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class AuthWeChatEnterpriseWebRequestCost extends AbstractAuthWeChatEnterpriseRequest {
+    final static Logger _logger = LoggerFactory.getLogger(AuthWeChatEnterpriseWebRequestCost.class);
+    public AuthWeChatEnterpriseWebRequestCost(AuthConfig config) {
+        super(config, AuthDefaultSource.WECHAT_ENTERPRISE_WEB);
+    }
+
+    public AuthWeChatEnterpriseWebRequestCost(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.WECHAT_ENTERPRISE_WEB, authStateCache);
+    }
+
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(this.source.authorize()).queryParam("appid", this.config.getClientId()).queryParam("redirect_uri", this.config.getRedirectUri()).queryParam("response_type", "code").queryParam("scope", this.getScopes(",", false, AuthScopeUtils.getDefaultScopes(AuthWeChatEnterpriseWebScope.values()))).queryParam("state", this.getRealState(state).concat("#wechat_redirect")).build();
+    }
+
+    @Override
+    protected AuthUser getUserInfo(AuthToken authToken) {
+        String response = this.doGetUserInfo(authToken);
+        JSONObject object = this.checkResponse(response);
+        if (!object.containsKey("UserId")) {
+            throw new AuthException(AuthResponseStatus.UNIDENTIFIED_PLATFORM, this.source);
+        } else {
+            String userId = object.getString("UserId");
+            if (StringUtils.isEmpty(userId)) {
+                userId = object.getString("userid");
+                if (StringUtils.isEmpty(userId)) {
+                    //如果还是空，则异常
+                    throw new AuthException(AuthResponseStatus.UNIDENTIFIED_PLATFORM, this.source);
+                }
+            }
+            _logger.debug("get userid:{}",userId);
+            //根据userid判断是否是上下游的企业微信扫码，下游企业微信扫码返回userid是企业id/用户id,无法获取用户详情会报错400058
+            if (userId.indexOf("/") == -1) {
+                try {
+                    String userDetailResponse = this.getUserDetail(authToken.getAccessToken(), userId);
+                    JSONObject userDetail = this.checkResponse(userDetailResponse);
+                    return AuthUser.builder().rawUserInfo(userDetail).username(userDetail.getString("name")).nickname(userDetail.getString("alias")).avatar(userDetail.getString("avatar")).location(userDetail.getString("address")).email(userDetail.getString("email")).uuid(userId).gender(AuthUserGender.getWechatRealGender(userDetail.getString("gender"))).token(authToken).source(this.source.toString()).build();
+                }catch (Exception e){
+                    _logger.error("get userDetail error:{}",e.getMessage());
+                }
+            }
+            return AuthUser.builder().uuid(userId).build();
+        }
+    }
+
+    private String getUserDetail(String accessToken, String userId) {
+        String userDetailUrl = UrlBuilder.fromBaseUrl("https://qyapi.weixin.qq.com/cgi-bin/user/get").queryParam("access_token", accessToken).queryParam("userid", userId).build();
+        return (new HttpUtils(this.config.getHttpConfig())).get(userDetailUrl).getBody();
+    }
+
+    private JSONObject checkResponse(String response) {
+        JSONObject object = JSONObject.parseObject(response);
+        if (object.containsKey("errcode") && object.getIntValue("errcode") != 0) {
+            throw new AuthException(object.getString("errmsg"), this.source);
+        } else {
+            return object;
+        }
+    }
+}
diff --git a/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/service/SocialSignOnProviderService.java b/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/service/SocialSignOnProviderService.java
index 6624ff3c3..106c307c2 100644
--- a/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/service/SocialSignOnProviderService.java
+++ b/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/service/SocialSignOnProviderService.java
@@ -141,7 +141,7 @@ public class SocialSignOnProviderService{
         }else if(provider.equalsIgnoreCase("WeChatQyQrcode")) {
             authRequest = new AuthWeChatEnterpriseQrcodeRequest(authConfig);
         }else if(provider.equalsIgnoreCase("workweixin")) {
-            authRequest = new AuthWeChatEnterpriseWebRequest(authConfig);
+            authRequest = new AuthWeChatEnterpriseWebRequestCost(authConfig);
         }else if(provider.equalsIgnoreCase("welink")) {
             authRequest = new AuthHuaweiWeLinkRequest(authConfig);
         }else if(provider.equalsIgnoreCase("maxkey")) {