diff --git a/aspnet-core/modules/account/LINGYUN.Abp.Account.Application/LINGYUN/Abp/Account/AccountAppService.cs b/aspnet-core/modules/account/LINGYUN.Abp.Account.Application/LINGYUN/Abp/Account/AccountAppService.cs index 005e95f11..c1f648440 100644 --- a/aspnet-core/modules/account/LINGYUN.Abp.Account.Application/LINGYUN/Abp/Account/AccountAppService.cs +++ b/aspnet-core/modules/account/LINGYUN.Abp.Account.Application/LINGYUN/Abp/Account/AccountAppService.cs @@ -55,7 +55,7 @@ namespace LINGYUN.Abp.Account throw new UserFriendlyException(L["DuplicateWeChat"]); } var userName = input.UserName ?? wehchatOpenId.OpenId; - var userEmail = input.EmailAddress ?? $"{userName}@{new Random().Next(1000, 99999)}.com";//如果邮件地址不验证,随意写入一个 + var userEmail = input.EmailAddress ?? $"{userName}@default.io";//如果邮件地址不验证,随意写入一个 user = new IdentityUser(GuidGenerator.Create(), userName, userEmail, CurrentTenant.Id) { @@ -101,7 +101,7 @@ namespace LINGYUN.Abp.Account // } //} - var userEmail = input.EmailAddress ?? $"{input.PhoneNumber}@{new Random().Next(1000, 99999)}.com";//如果邮件地址不验证,随意写入一个 + var userEmail = input.EmailAddress ?? $"{input.PhoneNumber}@default.io";//如果邮件地址不验证,随意写入一个 var userName = input.UserName ?? input.PhoneNumber; var user = new IdentityUser(GuidGenerator.Create(), userName, userEmail, CurrentTenant.Id) { diff --git a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AbpIdentityServerWeChatValidatorModule.cs b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AbpIdentityServerWeChatValidatorModule.cs index e821e5f24..1fb0af4e3 100644 --- a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AbpIdentityServerWeChatValidatorModule.cs +++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AbpIdentityServerWeChatValidatorModule.cs @@ -1,4 +1,5 @@ -using LINGYUN.Abp.IdentityServer.WeChatValidator; +using LINGYUN.Abp.IdentityServer.AspNetIdentity; +using LINGYUN.Abp.IdentityServer.WeChatValidator; using LINGYUN.Abp.WeChat.Authorization; using Microsoft.Extensions.DependencyInjection; using Volo.Abp.IdentityServer; @@ -18,6 +19,7 @@ namespace LINGYUN.Abp.IdentityServer { PreConfigure(builder => { + builder.AddProfileService(); builder.AddExtensionGrantValidator(); }); } diff --git a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AspNetIdentity/AbpWeChatProfileService.cs b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AspNetIdentity/AbpWeChatProfileService.cs new file mode 100644 index 000000000..81760622e --- /dev/null +++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AspNetIdentity/AbpWeChatProfileService.cs @@ -0,0 +1,49 @@ +using IdentityServer4.AspNetIdentity; +using IdentityServer4.Models; +using System.Linq; +using System.Security.Principal; +using System.Threading.Tasks; +using Volo.Abp.Identity; +using Volo.Abp.MultiTenancy; +using Volo.Abp.Security.Claims; +using Volo.Abp.Uow; + +namespace LINGYUN.Abp.IdentityServer.AspNetIdentity +{ + public class AbpWeChatProfileServicee : ProfileService + { + protected ICurrentTenant CurrentTenant { get; } + public AbpWeChatProfileServicee( + IdentityUserManager userManager, + Microsoft.AspNetCore.Identity.IUserClaimsPrincipalFactory claimsFactory, + ICurrentTenant currentTenant) + : base(userManager, claimsFactory) + { + CurrentTenant = currentTenant; + } + + [UnitOfWork] + public override async Task GetProfileDataAsync(ProfileDataRequestContext context) + { + using (CurrentTenant.Change(context.Subject.FindTenantId())) + { + await base.GetProfileDataAsync(context); + + // TODO: 可以从令牌获取openid, 安全性呢? + if (context.RequestedClaimTypes.Any(rc => rc.Contains(WeChatClaimTypes.OpenId))) + { + context.IssuedClaims.Add(context.Subject.FindFirst(WeChatClaimTypes.OpenId)); + } + } + } + + [UnitOfWork] + public override async Task IsActiveAsync(IsActiveContext context) + { + using (CurrentTenant.Change(context.Subject.FindTenantId())) + { + await base.IsActiveAsync(context); + } + } + } +} diff --git a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs index 9c298699c..43d6dba8a 100644 --- a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs +++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs @@ -96,7 +96,7 @@ namespace LINGYUN.Abp.IdentityServer.WeChatValidator { additionalClaims.Add(new Claim(AbpClaimTypes.TenantId, currentUser.TenantId?.ToString())); } - additionalClaims.Add(new Claim(WeChatValidatorConsts.ClaimTypes.OpenId, wechatOpenId.OpenId)); + additionalClaims.Add(new Claim(WeChatClaimTypes.OpenId, wechatOpenId.OpenId)); await EventService.RaiseAsync(new UserLoginSuccessEvent(currentUser.UserName, wechatOpenId.OpenId, null)); context.Result = new GrantValidationResult(sub, diff --git a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatValidatorConsts.cs b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatValidatorConsts.cs index 91ab26b6b..53bf094c5 100644 --- a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatValidatorConsts.cs +++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatValidatorConsts.cs @@ -8,11 +8,6 @@ public const string WeChatValidatorTokenName = "code"; - public class ClaimTypes - { - public const string OpenId = "wx-openid"; - } - public class AuthenticationMethods { public const string BasedWeChatAuthentication = "wca"; diff --git a/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Security/Claims/WeChatClaimTypes.cs b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Security/Claims/WeChatClaimTypes.cs new file mode 100644 index 000000000..51b45ed43 --- /dev/null +++ b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Security/Claims/WeChatClaimTypes.cs @@ -0,0 +1,7 @@ +namespace Volo.Abp.Security.Claims +{ + public class WeChatClaimTypes + { + public static string OpenId { get; set; } = "wx-openid"; + } +} diff --git a/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Users/CurrentUserExtensions.cs b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Users/CurrentUserExtensions.cs new file mode 100644 index 000000000..25dacbbf8 --- /dev/null +++ b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Users/CurrentUserExtensions.cs @@ -0,0 +1,23 @@ +using Volo.Abp.Security.Claims; + +namespace Volo.Abp.Users +{ + public static class CurrentUserExtensions + { + /// + /// 获取用户微信id,如果不存在返回空值 + /// + /// + /// + public static string FindWeChatId(this ICurrentUser currentUser) + { + var weChatClaim = currentUser.FindClaim(WeChatClaimTypes.OpenId); + if (weChatClaim == null) + { + return null; + } + + return weChatClaim.Value; + } + } +} diff --git a/aspnet-core/services/account/AuthServer.Host/DataSeeder/IdentityServerDataSeedContributor.cs b/aspnet-core/services/account/AuthServer.Host/DataSeeder/IdentityServerDataSeedContributor.cs index 8d3237885..f22aa8f68 100644 --- a/aspnet-core/services/account/AuthServer.Host/DataSeeder/IdentityServerDataSeedContributor.cs +++ b/aspnet-core/services/account/AuthServer.Host/DataSeeder/IdentityServerDataSeedContributor.cs @@ -1,5 +1,4 @@ -using LINGYUN.Abp.IdentityServer.WeChatValidator; -using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.Configuration; using System; using System.Collections.Generic; using System.IO; @@ -14,6 +13,7 @@ using Volo.Abp.IdentityServer.ApiResources; using Volo.Abp.IdentityServer.Clients; using Volo.Abp.IdentityServer.IdentityResources; using Volo.Abp.PermissionManagement; +using Volo.Abp.Security.Claims; using Volo.Abp.Uow; namespace AuthServer.DataSeeder @@ -62,9 +62,9 @@ namespace AuthServer.DataSeeder private async Task CreateWeChatClaimTypeAsync() { - if (!await _identityClaimTypeRepository.AnyAsync(WeChatValidatorConsts.ClaimTypes.OpenId)) + if (!await _identityClaimTypeRepository.AnyAsync(WeChatClaimTypes.OpenId)) { - var wechatClaimType = new IdentityClaimType(_guidGenerator.Create(), WeChatValidatorConsts.ClaimTypes.OpenId, + var wechatClaimType = new IdentityClaimType(_guidGenerator.Create(), WeChatClaimTypes.OpenId, isStatic: true, description: "适用于微信认证的用户标识"); await _identityClaimTypeRepository.InsertAsync(wechatClaimType);