From f4624a980837a1812a3a2a57ac24ae071f5ad2e3 Mon Sep 17 00:00:00 2001
From: cKey <35512826+colinin@users.noreply.github.com>
Date: Thu, 24 Sep 2020 09:00:27 +0800
Subject: [PATCH] add unionid to wechat claimtypes

---
 .../AspNetIdentity/AbpWeChatProfileService.cs | 22 ++++++++++++++-----
 .../WeChatTokenGrantValidator.cs              |  4 ++++
 .../OpenId/WeChatOpenIdFinder.cs              |  4 +++-
 .../Abp/Security/Claims/WeChatClaimTypes.cs   |  1 +
 .../Volo/Abp/Users/CurrentUserExtensions.cs   | 18 ++++++++++++++-
 5 files changed, 42 insertions(+), 7 deletions(-)

diff --git a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AspNetIdentity/AbpWeChatProfileService.cs b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AspNetIdentity/AbpWeChatProfileService.cs
index 81760622e..9cb7a6ca5 100644
--- a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AspNetIdentity/AbpWeChatProfileService.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AspNetIdentity/AbpWeChatProfileService.cs
@@ -1,5 +1,6 @@
 using IdentityServer4.AspNetIdentity;
 using IdentityServer4.Models;
+using Microsoft.AspNetCore.Identity;
 using System.Linq;
 using System.Security.Principal;
 using System.Threading.Tasks;
@@ -7,6 +8,7 @@ using Volo.Abp.Identity;
 using Volo.Abp.MultiTenancy;
 using Volo.Abp.Security.Claims;
 using Volo.Abp.Uow;
+using IdentityUser = Volo.Abp.Identity.IdentityUser;
 
 namespace LINGYUN.Abp.IdentityServer.AspNetIdentity
 {
@@ -15,7 +17,7 @@ namespace LINGYUN.Abp.IdentityServer.AspNetIdentity
         protected ICurrentTenant CurrentTenant { get; }
         public AbpWeChatProfileServicee(
             IdentityUserManager userManager,
-            Microsoft.AspNetCore.Identity.IUserClaimsPrincipalFactory<IdentityUser> claimsFactory,
+            IUserClaimsPrincipalFactory<IdentityUser> claimsFactory,
             ICurrentTenant currentTenant)
             : base(userManager, claimsFactory)
         {
@@ -30,10 +32,8 @@ namespace LINGYUN.Abp.IdentityServer.AspNetIdentity
                 await base.GetProfileDataAsync(context);
 
                 // TODO: 可以从令牌获取openid, 安全性呢?
-                if (context.RequestedClaimTypes.Any(rc => rc.Contains(WeChatClaimTypes.OpenId)))
-                {
-                    context.IssuedClaims.Add(context.Subject.FindFirst(WeChatClaimTypes.OpenId));
-                }
+                TryAddWeChatClaim(context, WeChatClaimTypes.OpenId);
+                TryAddWeChatClaim(context, WeChatClaimTypes.UnionId);
             }
         }
 
@@ -45,5 +45,17 @@ namespace LINGYUN.Abp.IdentityServer.AspNetIdentity
                 await base.IsActiveAsync(context);
             }
         }
+
+        protected virtual void TryAddWeChatClaim(ProfileDataRequestContext context, string weChatClaimType)
+        {
+            if (context.RequestedClaimTypes.Any(rc => rc.Contains(weChatClaimType)))
+            {
+                var weChatClaim = context.Subject.FindFirst(weChatClaimType);
+                if (weChatClaim != null)
+                {
+                    context.IssuedClaims.Add(weChatClaim);
+                }
+            }
+        }
     }
 }
diff --git a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs
index 43d6dba8a..ed363e542 100644
--- a/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs
@@ -97,6 +97,10 @@ namespace LINGYUN.Abp.IdentityServer.WeChatValidator
                 additionalClaims.Add(new Claim(AbpClaimTypes.TenantId, currentUser.TenantId?.ToString()));
             }
             additionalClaims.Add(new Claim(WeChatClaimTypes.OpenId, wechatOpenId.OpenId));
+            if (!wechatOpenId.UnionId.IsNullOrWhiteSpace())
+            {
+                additionalClaims.Add(new Claim(WeChatClaimTypes.UnionId, wechatOpenId.UnionId));
+            }
 
             await EventService.RaiseAsync(new UserLoginSuccessEvent(currentUser.UserName, wechatOpenId.OpenId, null));
             context.Result = new GrantValidationResult(sub, 
diff --git a/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/LINGYUN/Abp/WeChat/Authorization/OpenId/WeChatOpenIdFinder.cs b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/LINGYUN/Abp/WeChat/Authorization/OpenId/WeChatOpenIdFinder.cs
index 1adad5390..553f356e1 100644
--- a/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/LINGYUN/Abp/WeChat/Authorization/OpenId/WeChatOpenIdFinder.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/LINGYUN/Abp/WeChat/Authorization/OpenId/WeChatOpenIdFinder.cs
@@ -41,6 +41,8 @@ namespace LINGYUN.Abp.WeChat.Authorization
         }
         public virtual async Task<WeChatOpenId> FindAsync(string code)
         {
+            // TODO: 如果需要获取SessionKey的话呢，需要再以openid作为标识来缓存一下吗
+            // 或者前端保存code,通过传递code来获取
             return (await GetCacheItemAsync(code, CurrentTenant.Id)).WeChatOpenId;
         }
 
@@ -82,7 +84,7 @@ namespace LINGYUN.Abp.WeChat.Authorization
             {
                 // 微信官方文档表示 session_key的有效期是3天
                 // https://developers.weixin.qq.com/community/develop/doc/000c2424654c40bd9c960e71e5b009
-                AbsoluteExpiration = DateTimeOffset.Now.AddDays(3)
+                AbsoluteExpiration = DateTimeOffset.Now.AddDays(3).AddSeconds(-120)
                 // SlidingExpiration = TimeSpan.FromDays(3),
             };
 
diff --git a/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Security/Claims/WeChatClaimTypes.cs b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Security/Claims/WeChatClaimTypes.cs
index 51b45ed43..792813c49 100644
--- a/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Security/Claims/WeChatClaimTypes.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Security/Claims/WeChatClaimTypes.cs
@@ -3,5 +3,6 @@
     public class WeChatClaimTypes
     {
         public static string OpenId { get; set; } = "wx-openid";
+        public static string UnionId { get; set; } = "wx-unionid";
     }
 }
diff --git a/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Users/CurrentUserExtensions.cs b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Users/CurrentUserExtensions.cs
index 25dacbbf8..b3a68ea18 100644
--- a/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Users/CurrentUserExtensions.cs
+++ b/aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Users/CurrentUserExtensions.cs
@@ -9,7 +9,7 @@ namespace Volo.Abp.Users
         /// </summary>
         /// <param name="currentUser"></param>
         /// <returns></returns>
-        public static string FindWeChatId(this ICurrentUser currentUser)
+        public static string FindWeChatOpenId(this ICurrentUser currentUser)
         {
             var weChatClaim = currentUser.FindClaim(WeChatClaimTypes.OpenId);
             if (weChatClaim == null)
@@ -19,5 +19,21 @@ namespace Volo.Abp.Users
 
             return weChatClaim.Value;
         }
+
+        /// <summary>
+        /// 获取微信用户主体id,如果不存在返回空值
+        /// </summary>
+        /// <param name="currentUser"></param>
+        /// <returns></returns>
+        public static string FindWeChatUnionId(this ICurrentUser currentUser)
+        {
+            var weChatClaim = currentUser.FindClaim(WeChatClaimTypes.UnionId);
+            if (weChatClaim == null)
+            {
+                return null;
+            }
+
+            return weChatClaim.Value;
+        }
     }
 }