💩 添加新版钉钉扫码登录能力

justauth · Sep 1, 2024 · 64e1098 · 64e1098
1 parent e913543
commit 64e1098
Show file tree

Hide file tree

Showing 6 changed files with 213 additions and 2 deletions.
diff --git a/CHANGELOGS.md b/CHANGELOGS.md
@@ -1,11 +1,12 @@
 ## 1.16.7
 
 ### 2024/08/03
-:
+
 - 新增
   - 添加`appleid`社交登录能力。 [Github#192](https://github.com/justauth/JustAuth/pull/192)
   - 添加`figma`社交登录能力。 [Gitee#41](https://gitee.com/yadong.zhang/JustAuth/pulls/41)
   - 添加新版`企业微信扫码`登录能力。 [Github Issue#165](https://github.com/justauth/JustAuth/issues/165)
+  - 添加新版`钉钉扫码`登录能力。 [Gitee Issue#I73FZL](https://gitee.com/yadong.zhang/JustAuth/issues/I73FZL)
   - 添加新版`华为`登录能力，原`AuthHuaweiRequest`会在后面版本被弃用，如有使用，请切换到`AuthHuaweiV3Request`
   - 新增微信小程序授权登录
 - 优化

diff --git a/src/main/java/me/zhyd/oauth/config/AuthConfig.java b/src/main/java/me/zhyd/oauth/config/AuthConfig.java
@@ -209,9 +209,47 @@ public String getAuthServerId() {
     private String loginType = "CorpApp";
 
     /**
-     * 语言编码
+     * 企业微信平台的语言编码
      *
      * @since 1.16.7
      */
     private String lang = "zh";
+
+    /**
+     * 钉钉平台参数：控制输出特定类型的组织列表，org_type=management 表示只输出有管理权限的组织。
+     *
+     * scope包含corpid时该参数存在意义。
+     *
+     * @see <a href="https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug">https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug</a>
+     * @since 1.16.7
+     */
+    private String dingTalkOrgType;
+
+    /**
+     * 钉钉平台参数：用于指定用户需要选择的组织。
+     *
+     * scope包含corpid时该参数存在意义。传入的corpId需要是当前用户所在的组织。
+     *
+     * @see <a href="https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug">https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug</a>
+     * @since 1.16.7
+     */
+    private String dingTalkCorpId;
+
+    /**
+     * 钉钉平台参数：true表示专属帐号登录，展示组织代码输入页。
+     *
+     * @see <a href="https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug">https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug</a>
+     * @since 1.16.7
+     */
+    private boolean dingTalkExclusiveLogin;
+
+    /**
+     * 钉钉平台参数：开启了专属帐号功能的组织corpId。
+     *
+     * scope包含corpid时该参数存在意义。传入的corpId需要是当前用户所在的组织。
+     *
+     * @see <a href="https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug">https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug</a>
+     * @since 1.16.7
+     */
+    private String dingTalkExclusiveCorpId;
 }
diff --git a/src/main/java/me/zhyd/oauth/config/AuthDefaultSource.java b/src/main/java/me/zhyd/oauth/config/AuthDefaultSource.java
@@ -112,6 +112,30 @@ public Class<? extends AuthDefaultRequest> getTargetClass() {
             return AuthDingTalkRequest.class;
         }
     },
+    /**
+     * 新版钉钉扫码登录
+     */
+    DINGTALK_V2 {
+        @Override
+        public String authorize() {
+            return "https://login.dingtalk.com/oauth2/challenge.htm";
+        }
+
+        @Override
+        public String accessToken() {
+            return "https://api.dingtalk.com/v1.0/oauth2/userAccessToken";
+        }
+
+        @Override
+        public String userInfo() {
+            return "https://api.dingtalk.com/v1.0/contact/users/me";
+        }
+
+        @Override
+        public Class<? extends AuthDefaultRequest> getTargetClass() {
+            return AuthDingTalkV2Request.class;
+        }
+    },
     /**
      * 钉钉账号登录
      */

diff --git a/src/main/java/me/zhyd/oauth/enums/scope/AuthDingTalkScope.java b/src/main/java/me/zhyd/oauth/enums/scope/AuthDingTalkScope.java
@@ -0,0 +1,33 @@
+package me.zhyd.oauth.enums.scope;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+/**
+ * 钉钉平台 OAuth 授权范围
+ *
+ * https://open.dingtalk.com/document/orgapp/obtain-identity-credentials#title-4up-u8w-5ug
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @version 1.0.0
+ * @since 1.16.7
+ */
+@Getter
+@AllArgsConstructor
+public enum AuthDingTalkScope implements AuthScope {
+
+    /**
+     * 无需申请	默认开启
+     */
+    openid("openid", "授权后可获得用户userid", true),
+    /**
+     * 无需申请	默认开启
+     */
+    corpid("corpid", "授权后可获得登录过程中用户选择的组织id", false)
+    ;
+
+    private final String scope;
+    private final String description;
+    private final boolean isDefault;
+
+}
diff --git a/src/main/java/me/zhyd/oauth/model/AuthToken.java b/src/main/java/me/zhyd/oauth/model/AuthToken.java
@@ -66,4 +66,11 @@ public class AuthToken implements Serializable {
      * Apple附带属性
      */
     private String username;
+
+    /**
+     * 新版钉钉附带属性
+     *
+     * @since 1.16.7
+     */
+    private String corpId;
 }
diff --git a/src/main/java/me/zhyd/oauth/request/AuthDingTalkV2Request.java b/src/main/java/me/zhyd/oauth/request/AuthDingTalkV2Request.java
@@ -0,0 +1,108 @@
+package me.zhyd.oauth.request;
+
+import com.alibaba.fastjson.JSONObject;
+import com.xkcoding.http.support.HttpHeader;
+import me.zhyd.oauth.cache.AuthStateCache;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthDefaultSource;
+import me.zhyd.oauth.enums.scope.AuthDingTalkScope;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthToken;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.utils.AuthScopeUtils;
+import me.zhyd.oauth.utils.HttpUtils;
+import me.zhyd.oauth.utils.UrlBuilder;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 新版钉钉二维码登录
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @since 1.16.7
+ */
+public class AuthDingTalkV2Request extends AuthDefaultRequest {
+
+    public AuthDingTalkV2Request(AuthConfig config) {
+        super(config, AuthDefaultSource.DINGTALK_V2);
+    }
+
+    public AuthDingTalkV2Request(AuthConfig config, AuthStateCache authStateCache) {
+        super(config, AuthDefaultSource.DINGTALK_V2, authStateCache);
+    }
+
+    @Override
+    public String authorize(String state) {
+        return UrlBuilder.fromBaseUrl(source.authorize())
+            .queryParam("response_type", "code")
+            .queryParam("client_id", config.getClientId())
+            .queryParam("scope", this.getScopes(",", true, AuthScopeUtils.getDefaultScopes(AuthDingTalkScope.values())))
+            .queryParam("redirect_uri", config.getRedirectUri())
+            .queryParam("prompt", "consent")
+            .queryParam("org_type", config.getDingTalkOrgType())
+            .queryParam("corpId", config.getDingTalkCorpId())
+            .queryParam("exclusiveLogin", config.isDingTalkExclusiveLogin())
+            .queryParam("exclusiveCorpId", config.getDingTalkExclusiveCorpId())
+            .queryParam("state", getRealState(state))
+            .build();
+    }
+
+    @Override
+    public AuthToken getAccessToken(AuthCallback authCallback) {
+        Map<String, String> params = new HashMap<>();
+        params.put("grantType", "authorization_code");
+        params.put("clientId", config.getClientId());
+        params.put("clientSecret", config.getClientSecret());
+        params.put("code", authCallback.getCode());
+        String response = new HttpUtils(config.getHttpConfig()).post(this.source.accessToken(), JSONObject.toJSONString(params)).getBody();
+        JSONObject accessTokenObject = JSONObject.parseObject(response);
+        if (!accessTokenObject.containsKey("accessToken")) {
+            throw new AuthException(JSONObject.toJSONString(response), source);
+        }
+        return AuthToken.builder()
+            .accessToken(accessTokenObject.getString("accessToken"))
+            .refreshToken(accessTokenObject.getString("refreshToken"))
+            .expireIn(accessTokenObject.getIntValue("expireIn"))
+            .corpId(accessTokenObject.getString("corpId"))
+            .build();
+    }
+
+    @Override
+    public AuthUser getUserInfo(AuthToken authToken) {
+        HttpHeader header = new HttpHeader();
+        header.add("x-acs-dingtalk-access-token", authToken.getAccessToken());
+
+        String response = new HttpUtils(config.getHttpConfig()).get(this.source.userInfo(), null, header, false).getBody();
+        JSONObject object = JSONObject.parseObject(response);
+
+        authToken.setOpenId(object.getString("openId"));
+        authToken.setUnionId(object.getString("unionId"));
+        return AuthUser.builder()
+            .rawUserInfo(object)
+            .uuid(object.getString("unionId"))
+            .username(object.getString("nick"))
+            .nickname(object.getString("nick"))
+            .avatar(object.getString("avatarUrl"))
+            .snapshotUser(object.getBooleanValue("visitor"))
+            .token(authToken)
+            .source(source.toString())
+            .build();
+    }
+
+    /**
+     * 返回获取accessToken的url
+     *
+     * @param code 授权码
+     * @return 返回获取accessToken的url
+     */
+    protected String accessTokenUrl(String code) {
+        return UrlBuilder.fromBaseUrl(source.accessToken())
+            .queryParam("code", code)
+            .queryParam("clientId", config.getClientId())
+            .queryParam("clientSecret", config.getClientSecret())
+            .queryParam("grantType", "authorization_code")
+            .build();
+    }
+}