Merge pull request #86 from colinin/3.1

add unionid to wechat claimtypes

aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/AspNetIdentity/AbpWeChatProfileService.cs

@@ -1,5 +1,6 @@
 using IdentityServer4.AspNetIdentity;
 using IdentityServer4.Models;
+using Microsoft.AspNetCore.Identity;
 using System.Linq;
 using System.Security.Principal;
 using System.Threading.Tasks;
@@ -7,6 +8,7 @@ using Volo.Abp.Identity;
 using Volo.Abp.MultiTenancy;
 using Volo.Abp.Security.Claims;
 using Volo.Abp.Uow;
+using IdentityUser = Volo.Abp.Identity.IdentityUser;
 
 namespace LINGYUN.Abp.IdentityServer.AspNetIdentity
 {
@@ -15,7 +17,7 @@ namespace LINGYUN.Abp.IdentityServer.AspNetIdentity
         protected ICurrentTenant CurrentTenant { get; }
         public AbpWeChatProfileServicee(
             IdentityUserManager userManager,
-            Microsoft.AspNetCore.Identity.IUserClaimsPrincipalFactory<IdentityUser> claimsFactory,
+            IUserClaimsPrincipalFactory<IdentityUser> claimsFactory,
             ICurrentTenant currentTenant)
             : base(userManager, claimsFactory)
         {
@@ -30,10 +32,8 @@ namespace LINGYUN.Abp.IdentityServer.AspNetIdentity
                 await base.GetProfileDataAsync(context);
 
                 // TODO: 可以从令牌获取openid, 安全性呢?
-                if (context.RequestedClaimTypes.Any(rc => rc.Contains(WeChatClaimTypes.OpenId)))
+                TryAddWeChatClaim(context, WeChatClaimTypes.OpenId);
-                {
+                TryAddWeChatClaim(context, WeChatClaimTypes.UnionId);
-                    context.IssuedClaims.Add(context.Subject.FindFirst(WeChatClaimTypes.OpenId));
-                }
             }
         }
 
@@ -45,5 +45,17 @@ namespace LINGYUN.Abp.IdentityServer.AspNetIdentity
                 await base.IsActiveAsync(context);
             }
         }
+
+        protected virtual void TryAddWeChatClaim(ProfileDataRequestContext context, string weChatClaimType)
+        {
+            if (context.RequestedClaimTypes.Any(rc => rc.Contains(weChatClaimType)))
+            {
+                var weChatClaim = context.Subject.FindFirst(weChatClaimType);
+                if (weChatClaim != null)
+                {
+                    context.IssuedClaims.Add(weChatClaim);
+                }
+            }
+        }
     }
 }

aspnet-core/modules/common/LINGYUN.Abp.IdentityServer.WeChatValidator/LINGYUN/Abp/IdentityServer/WeChatValidator/WeChatTokenGrantValidator.cs

@@ -97,6 +97,10 @@ namespace LINGYUN.Abp.IdentityServer.WeChatValidator
                 additionalClaims.Add(new Claim(AbpClaimTypes.TenantId, currentUser.TenantId?.ToString()));
             }
             additionalClaims.Add(new Claim(WeChatClaimTypes.OpenId, wechatOpenId.OpenId));
+            if (!wechatOpenId.UnionId.IsNullOrWhiteSpace())
+            {
+                additionalClaims.Add(new Claim(WeChatClaimTypes.UnionId, wechatOpenId.UnionId));
+            }
 
             await EventService.RaiseAsync(new UserLoginSuccessEvent(currentUser.UserName, wechatOpenId.OpenId, null));
             context.Result = new GrantValidationResult(sub, 

aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/LINGYUN/Abp/WeChat/Authorization/OpenId/WeChatOpenIdFinder.cs

@@ -41,6 +41,8 @@ namespace LINGYUN.Abp.WeChat.Authorization
         }
         public virtual async Task<WeChatOpenId> FindAsync(string code)
         {
+            // TODO: 如果需要获取SessionKey的话呢，需要再以openid作为标识来缓存一下吗
+            // 或者前端保存code,通过传递code来获取
             return (await GetCacheItemAsync(code, CurrentTenant.Id)).WeChatOpenId;
         }
 
@@ -82,7 +84,7 @@ namespace LINGYUN.Abp.WeChat.Authorization
             {
                 // 微信官方文档表示 session_key的有效期是3天
                 // https://developers.weixin.qq.com/community/develop/doc/000c2424654c40bd9c960e71e5b009
-                AbsoluteExpiration = DateTimeOffset.Now.AddDays(3)
+                AbsoluteExpiration = DateTimeOffset.Now.AddDays(3).AddSeconds(-120)
                 // SlidingExpiration = TimeSpan.FromDays(3),
             };
 

aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Security/Claims/WeChatClaimTypes.cs

@@ -3,5 +3,6 @@
     public class WeChatClaimTypes
     {
         public static string OpenId { get; set; } = "wx-openid";
+        public static string UnionId { get; set; } = "wx-unionid";
     }
 }

aspnet-core/modules/common/LINGYUN.Abp.WeChat.Authorization/Volo/Abp/Users/CurrentUserExtensions.cs

@@ -9,7 +9,7 @@ namespace Volo.Abp.Users
         /// </summary>
         /// <param name="currentUser"></param>
         /// <returns></returns>
-        public static string FindWeChatId(this ICurrentUser currentUser)
+        public static string FindWeChatOpenId(this ICurrentUser currentUser)
         {
             var weChatClaim = currentUser.FindClaim(WeChatClaimTypes.OpenId);
             if (weChatClaim == null)
@@ -19,5 +19,21 @@ namespace Volo.Abp.Users
 
             return weChatClaim.Value;
         }
+
+        /// <summary>
+        /// 获取微信用户主体id,如果不存在返回空值
+        /// </summary>
+        /// <param name="currentUser"></param>
+        /// <returns></returns>
+        public static string FindWeChatUnionId(this ICurrentUser currentUser)
+        {
+            var weChatClaim = currentUser.FindClaim(WeChatClaimTypes.UnionId);
+            if (weChatClaim == null)
+            {
+                return null;
+            }
+
+            return weChatClaim.Value;
+        }
     }
 }