From bcbb46ef6643e8c296cc9ade5b0e890edb6ce1fd Mon Sep 17 00:00:00 2001 From: cKey <35512826+colinin@users.noreply.github.com> Date: Mon, 21 Sep 2020 14:26:54 +0800 Subject: [PATCH 1/3] Handle endpoint pipelines that are different from gateways --- .../LINGYUN.ApiGateway.Host/ApiGatewayHostModule.cs | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/aspnet-core/services/apigateway/LINGYUN.ApiGateway.Host/ApiGatewayHostModule.cs b/aspnet-core/services/apigateway/LINGYUN.ApiGateway.Host/ApiGatewayHostModule.cs index 0abc2078a..bcb56b3d7 100644 --- a/aspnet-core/services/apigateway/LINGYUN.ApiGateway.Host/ApiGatewayHostModule.cs +++ b/aspnet-core/services/apigateway/LINGYUN.ApiGateway.Host/ApiGatewayHostModule.cs @@ -173,8 +173,18 @@ namespace LINGYUN.ApiGateway var app = context.GetApplicationBuilder(); app.UseAuditing(); + app.UseVirtualFiles(); app.UseRouting(); - app.UseConfiguredEndpoints(); + app.UseAuthentication(); + app.UseAbpClaimsMap(); + app.MapWhen( + ctx => ctx.Request.Path.ToString().StartsWith("/api/ApiGateway/Basic/"), + appNext => + { + // 仅针对属于网关自己的控制器进入MVC管道 + appNext.UseRouting(); + appNext.UseConfiguredEndpoints(); + }); // 启用ws协议 app.UseWebSockets(); app.UseOcelot().Wait(); From b5e1170b6e3242039ae8cc41cba1fa527e2462c1 Mon Sep 17 00:00:00 2001 From: cKey <35512826+colinin@users.noreply.github.com> Date: Mon, 21 Sep 2020 14:43:21 +0800 Subject: [PATCH 2/3] use AbpClaimsMapMiddleware --- .../services/account/AuthServer.Host/AuthIdentityServerModule.cs | 1 + .../BackendAdminHostModule.cs | 1 + .../ApiGatewayHttpApiHostModule.cs | 1 + .../AbpIdentityServerAdminHttpApiHostModule.cs | 1 + .../AbpMessageServiceHttpApiHostModule.cs | 1 + .../AppPlatformHttpApiHostModule.cs | 1 + 6 files changed, 6 insertions(+) diff --git a/aspnet-core/services/account/AuthServer.Host/AuthIdentityServerModule.cs b/aspnet-core/services/account/AuthServer.Host/AuthIdentityServerModule.cs index 11dabb09e..458939f79 100644 --- a/aspnet-core/services/account/AuthServer.Host/AuthIdentityServerModule.cs +++ b/aspnet-core/services/account/AuthServer.Host/AuthIdentityServerModule.cs @@ -192,6 +192,7 @@ namespace AuthServer.Host app.UseRouting(); app.UseCors(DefaultCorsPolicyName); app.UseAuthentication(); + app.UseAbpClaimsMap(); app.UseMultiTenancy(); app.UseIdentityServer(); app.UseAuthorization(); diff --git a/aspnet-core/services/admin/LINGYUN.Abp.BackendAdmin.HttpApi.Host/BackendAdminHostModule.cs b/aspnet-core/services/admin/LINGYUN.Abp.BackendAdmin.HttpApi.Host/BackendAdminHostModule.cs index bff31156e..83d74cc79 100644 --- a/aspnet-core/services/admin/LINGYUN.Abp.BackendAdmin.HttpApi.Host/BackendAdminHostModule.cs +++ b/aspnet-core/services/admin/LINGYUN.Abp.BackendAdmin.HttpApi.Host/BackendAdminHostModule.cs @@ -292,6 +292,7 @@ namespace LINGYUN.Abp.BackendAdmin app.UseRouting(); // 认证 app.UseAuthentication(); + app.UseAbpClaimsMap(); // jwt app.UseJwtTokenMiddleware(); // 多租户 diff --git a/aspnet-core/services/apigateway/LINGYUN.ApiGateway.HttpApi.Host/ApiGatewayHttpApiHostModule.cs b/aspnet-core/services/apigateway/LINGYUN.ApiGateway.HttpApi.Host/ApiGatewayHttpApiHostModule.cs index cc39316e7..ffe096a72 100644 --- a/aspnet-core/services/apigateway/LINGYUN.ApiGateway.HttpApi.Host/ApiGatewayHttpApiHostModule.cs +++ b/aspnet-core/services/apigateway/LINGYUN.ApiGateway.HttpApi.Host/ApiGatewayHttpApiHostModule.cs @@ -198,6 +198,7 @@ namespace LINGYUN.ApiGateway app.UseRouting(); // 认证 app.UseAuthentication(); + app.UseAbpClaimsMap(); // 多租户 // app.UseMultiTenancy(); // 本地化 diff --git a/aspnet-core/services/identity-server/LINGYUN.Abp.IdentityServer4.HttpApi.Host/AbpIdentityServerAdminHttpApiHostModule.cs b/aspnet-core/services/identity-server/LINGYUN.Abp.IdentityServer4.HttpApi.Host/AbpIdentityServerAdminHttpApiHostModule.cs index 65fa73387..9923e28d7 100644 --- a/aspnet-core/services/identity-server/LINGYUN.Abp.IdentityServer4.HttpApi.Host/AbpIdentityServerAdminHttpApiHostModule.cs +++ b/aspnet-core/services/identity-server/LINGYUN.Abp.IdentityServer4.HttpApi.Host/AbpIdentityServerAdminHttpApiHostModule.cs @@ -262,6 +262,7 @@ namespace LINGYUN.Abp.IdentityServer4 app.UseRouting(); // 认证 app.UseAuthentication(); + app.UseAbpClaimsMap(); // jwt app.UseJwtTokenMiddleware(); // 多租户 diff --git a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs index c61d5540b..639b8965c 100644 --- a/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs +++ b/aspnet-core/services/messages/LINGYUN.Abp.MessageService.HttpApi.Host/AbpMessageServiceHttpApiHostModule.cs @@ -291,6 +291,7 @@ namespace LINGYUN.Abp.MessageService app.UseHangfireJwtToken(); // 认证 app.UseAuthentication(); + app.UseAbpClaimsMap(); // jwt app.UseJwtTokenMiddleware(); // 授权 diff --git a/aspnet-core/services/platform/LINGYUN.Platform.HttpApi.Host/AppPlatformHttpApiHostModule.cs b/aspnet-core/services/platform/LINGYUN.Platform.HttpApi.Host/AppPlatformHttpApiHostModule.cs index 5dde3c123..15752504c 100644 --- a/aspnet-core/services/platform/LINGYUN.Platform.HttpApi.Host/AppPlatformHttpApiHostModule.cs +++ b/aspnet-core/services/platform/LINGYUN.Platform.HttpApi.Host/AppPlatformHttpApiHostModule.cs @@ -265,6 +265,7 @@ namespace LINGYUN.Platform app.UseRouting(); // 认证 app.UseAuthentication(); + app.UseAbpClaimsMap(); // jwt app.UseJwtTokenMiddleware(); // 授权 From 59dc90b3f905c3aceb269bf82417242ad6e5a9e7 Mon Sep 17 00:00:00 2001 From: cKey <35512826+colinin@users.noreply.github.com> Date: Wed, 23 Sep 2020 10:47:16 +0800 Subject: [PATCH 3/3] ICurrentUser interface adds extension method to FindWeChatId --- .../LINGYUN/Abp/Account/AccountAppService.cs | 4 +- .../AbpIdentityServerWeChatValidatorModule.cs | 4 +- .../AspNetIdentity/AbpWeChatProfileService.cs | 49 +++++++++++++++++++ .../WeChatTokenGrantValidator.cs | 2 +- .../WeChatValidator/WeChatValidatorConsts.cs | 5 -- .../Abp/Security/Claims/WeChatClaimTypes.cs | 7 +++ .../Volo/Abp/Users/CurrentUserExtensions.cs | 23 +++++++++ .../IdentityServerDataSeedContributor.cs | 8 +-- 8 files changed, 89 insertions(+), 13 deletions(-) create mode 100644 aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AspNetIdentity/AbpWeChatProfileService.cs create mode 100644 aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Security/Claims/WeChatClaimTypes.cs create mode 100644 aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Users/CurrentUserExtensions.cs diff --git a/aspnet-core/modules/account/LINGYUN.Abp.Account.Application/LINGYUN/Abp/Account/AccountAppService.cs b/aspnet-core/modules/account/LINGYUN.Abp.Account.Application/LINGYUN/Abp/Account/AccountAppService.cs index 005e95f11..c1f648440 100644 --- a/aspnet-core/modules/account/LINGYUN.Abp.Account.Application/LINGYUN/Abp/Account/AccountAppService.cs +++ b/aspnet-core/modules/account/LINGYUN.Abp.Account.Application/LINGYUN/Abp/Account/AccountAppService.cs @@ -55,7 +55,7 @@ namespace LINGYUN.Abp.Account throw new UserFriendlyException(L["DuplicateWeChat"]); } var userName = input.UserName ?? wehchatOpenId.OpenId; - var userEmail = input.EmailAddress ?? $"{userName}@{new Random().Next(1000, 99999)}.com";//如果邮件地址不验证,随意写入一个 + var userEmail = input.EmailAddress ?? $"{userName}@default.io";//如果邮件地址不验证,随意写入一个 user = new IdentityUser(GuidGenerator.Create(), userName, userEmail, CurrentTenant.Id) { @@ -101,7 +101,7 @@ namespace LINGYUN.Abp.Account // } //} - var userEmail = input.EmailAddress ?? $"{input.PhoneNumber}@{new Random().Next(1000, 99999)}.com";//如果邮件地址不验证,随意写入一个 + var userEmail = input.EmailAddress ?? $"{input.PhoneNumber}@default.io";//如果邮件地址不验证,随意写入一个 var userName = input.UserName ?? input.PhoneNumber; var user = new IdentityUser(GuidGenerator.Create(), userName, userEmail, CurrentTenant.Id) { diff --git a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AbpIdentityServerWeChatValidatorModule.cs b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AbpIdentityServerWeChatValidatorModule.cs index e821e5f24..1fb0af4e3 100644 --- a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AbpIdentityServerWeChatValidatorModule.cs +++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AbpIdentityServerWeChatValidatorModule.cs @@ -1,4 +1,5 @@ -using LINGYUN.Abp.IdentityServer.WeChatValidator; +using LINGYUN.Abp.IdentityServer.AspNetIdentity; +using LINGYUN.Abp.IdentityServer.WeChatValidator; using LINGYUN.Abp.WeChat.Authorization; using Microsoft.Extensions.DependencyInjection; using Volo.Abp.IdentityServer; @@ -18,6 +19,7 @@ namespace LINGYUN.Abp.IdentityServer { PreConfigure(builder => { + builder.AddProfileService(); builder.AddExtensionGrantValidator(); }); } diff --git a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AspNetIdentity/AbpWeChatProfileService.cs b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AspNetIdentity/AbpWeChatProfileService.cs new file mode 100644 index 000000000..81760622e --- /dev/null +++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AspNetIdentity/AbpWeChatProfileService.cs @@ -0,0 +1,49 @@ +using IdentityServer4.AspNetIdentity; +using IdentityServer4.Models; +using System.Linq; +using System.Security.Principal; +using System.Threading.Tasks; +using Volo.Abp.Identity; +using Volo.Abp.MultiTenancy; +using Volo.Abp.Security.Claims; +using Volo.Abp.Uow; + +namespace LINGYUN.Abp.IdentityServer.AspNetIdentity +{ + public class AbpWeChatProfileServicee : ProfileService + { + protected ICurrentTenant CurrentTenant { get; } + public AbpWeChatProfileServicee( + IdentityUserManager userManager, + Microsoft.AspNetCore.Identity.IUserClaimsPrincipalFactory claimsFactory, + ICurrentTenant currentTenant) + : base(userManager, claimsFactory) + { + CurrentTenant = currentTenant; + } + + [UnitOfWork] + public override async Task GetProfileDataAsync(ProfileDataRequestContext context) + { + using (CurrentTenant.Change(context.Subject.FindTenantId())) + { + await base.GetProfileDataAsync(context); + + // TODO: 可以从令牌获取openid, 安全性呢? + if (context.RequestedClaimTypes.Any(rc => rc.Contains(WeChatClaimTypes.OpenId))) + { + context.IssuedClaims.Add(context.Subject.FindFirst(WeChatClaimTypes.OpenId)); + } + } + } + + [UnitOfWork] + public override async Task IsActiveAsync(IsActiveContext context) + { + using (CurrentTenant.Change(context.Subject.FindTenantId())) + { + await base.IsActiveAsync(context); + } + } + } +} diff --git a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs index 9c298699c..43d6dba8a 100644 --- a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs +++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs @@ -96,7 +96,7 @@ namespace LINGYUN.Abp.IdentityServer.WeChatValidator { additionalClaims.Add(new Claim(AbpClaimTypes.TenantId, currentUser.TenantId?.ToString())); } - additionalClaims.Add(new Claim(WeChatValidatorConsts.ClaimTypes.OpenId, wechatOpenId.OpenId)); + additionalClaims.Add(new Claim(WeChatClaimTypes.OpenId, wechatOpenId.OpenId)); await EventService.RaiseAsync(new UserLoginSuccessEvent(currentUser.UserName, wechatOpenId.OpenId, null)); context.Result = new GrantValidationResult(sub, diff --git a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatValidatorConsts.cs b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatValidatorConsts.cs index 91ab26b6b..53bf094c5 100644 --- a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatValidatorConsts.cs +++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatValidatorConsts.cs @@ -8,11 +8,6 @@ public const string WeChatValidatorTokenName = "code"; - public class ClaimTypes - { - public const string OpenId = "wx-openid"; - } - public class AuthenticationMethods { public const string BasedWeChatAuthentication = "wca"; diff --git a/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Security/Claims/WeChatClaimTypes.cs b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Security/Claims/WeChatClaimTypes.cs new file mode 100644 index 000000000..51b45ed43 --- /dev/null +++ b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Security/Claims/WeChatClaimTypes.cs @@ -0,0 +1,7 @@ +namespace Volo.Abp.Security.Claims +{ + public class WeChatClaimTypes + { + public static string OpenId { get; set; } = "wx-openid"; + } +} diff --git a/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Users/CurrentUserExtensions.cs b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Users/CurrentUserExtensions.cs new file mode 100644 index 000000000..25dacbbf8 --- /dev/null +++ b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Users/CurrentUserExtensions.cs @@ -0,0 +1,23 @@ +using Volo.Abp.Security.Claims; + +namespace Volo.Abp.Users +{ + public static class CurrentUserExtensions + { + /// + /// 获取用户微信id,如果不存在返回空值 + /// + /// + /// + public static string FindWeChatId(this ICurrentUser currentUser) + { + var weChatClaim = currentUser.FindClaim(WeChatClaimTypes.OpenId); + if (weChatClaim == null) + { + return null; + } + + return weChatClaim.Value; + } + } +} diff --git a/aspnet-core/services/account/AuthServer.Host/DataSeeder/IdentityServerDataSeedContributor.cs b/aspnet-core/services/account/AuthServer.Host/DataSeeder/IdentityServerDataSeedContributor.cs index 8d3237885..f22aa8f68 100644 --- a/aspnet-core/services/account/AuthServer.Host/DataSeeder/IdentityServerDataSeedContributor.cs +++ b/aspnet-core/services/account/AuthServer.Host/DataSeeder/IdentityServerDataSeedContributor.cs @@ -1,5 +1,4 @@ -using LINGYUN.Abp.IdentityServer.WeChatValidator; -using Microsoft.Extensions.Configuration; +using Microsoft.Extensions.Configuration; using System; using System.Collections.Generic; using System.IO; @@ -14,6 +13,7 @@ using Volo.Abp.IdentityServer.ApiResources; using Volo.Abp.IdentityServer.Clients; using Volo.Abp.IdentityServer.IdentityResources; using Volo.Abp.PermissionManagement; +using Volo.Abp.Security.Claims; using Volo.Abp.Uow; namespace AuthServer.DataSeeder @@ -62,9 +62,9 @@ namespace AuthServer.DataSeeder private async Task CreateWeChatClaimTypeAsync() { - if (!await _identityClaimTypeRepository.AnyAsync(WeChatValidatorConsts.ClaimTypes.OpenId)) + if (!await _identityClaimTypeRepository.AnyAsync(WeChatClaimTypes.OpenId)) { - var wechatClaimType = new IdentityClaimType(_guidGenerator.Create(), WeChatValidatorConsts.ClaimTypes.OpenId, + var wechatClaimType = new IdentityClaimType(_guidGenerator.Create(), WeChatClaimTypes.OpenId, isStatic: true, description: "适用于微信认证的用户标识"); await _identityClaimTypeRepository.InsertAsync(wechatClaimType);