Merge pull request #13 from Jeff-Tian/dev-keycloak-22

Dev keycloak 22

README.md

@@ -24,27 +24,10 @@ To install the social weixin one has to:
 
 ## 本地开发
 
-设置 JAVA_HOME 到 11 的 jdk，然后
-
 ```shell script
 mvn install
 ```
 
-> 关于设置 JAVA_HOME，如果是 Mac 上使用了 zsh，可以在 ~/.zshrc 里面加上：
->
-> export JAVA_HOME=/usr/local/opt/openjdk
-> export PATH="${JAVA_HOME}/bin:$PATH"
->
-> 然后执行 source ~/.zshrc
->
-> 关于找到 JAVA_HOME 的路径，如果你用了 jabba，可以使用 `jabba which openjdk` 。
-> 如果使用了 jabba，指定 11 的 jdk，可以通过
-> jabba install openjdk@1.11.0
-> 来安装 java 11。如果 `jabba which openjdk` 得到的是 /Users/you/.jabba/jdk/openjdk@1.11.0，也可以通过这样来运行 `mvn install`：
-> JAVA_HOME=/Users/you/.jabba/jdk/openjdk@1.11.0/Contents/Home mvn clean install
-
-如果使用别的版本，会导致运行测试碰到一些问题，比如 https://github.com/mockito/mockito/issues/2568 。
-
 ## 跑测试
 
 ```shell script
@@ -101,3 +84,7 @@ docker pull jefftian/keycloak-heroku:latest
 * 20200514
 
 1 增加 customizedLoginUrlForPc 功能。
+
+* 20230820
+
+1 适配 quay.io/keycloak 21.1 的版本（由于 21 既不支持老的配置页，又没有新的方式增加自定义配置页，所以只能通过导入老的 Keycloak 版本中的 微信 identity provider 配置）

pom.xml

@@ -3,13 +3,13 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.keycloak</groupId>
     <artifactId>keycloak-services-social-weixin</artifactId>
-    <version>0.2.2</version>
+    <version>0.3.3</version>
     <name>Keycloak Services Social WeiXin</name>
     <description/>
     <properties>
         <maven.compiler.target>11</maven.compiler.target>
         <maven.compiler.source>11</maven.compiler.source>
-        <keycloak.version>21.1.1</keycloak.version>
+        <keycloak.version>22.0.1</keycloak.version>
     </properties>
 
     <distributionManagement>
@@ -39,6 +39,8 @@
                     <argLine>
                         --add-opens=java.base/java.lang=ALL-UNNAMED
                         --add-opens java.base/java.security=ALL-UNNAMED
+                        --add-opens java.base/java.util=ALL-UNNAMED
+                        --add-opens java.base/java.net=ALL-UNNAMED
                     </argLine>
                 </configuration>
             </plugin>
@@ -81,7 +83,7 @@
         <dependency>
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
-            <version>2.23.0</version>
+            <version>3.6.28</version>
         </dependency>
         <dependency>
             <groupId>org.powermock</groupId>

src/main/java/org/keycloak/social/weixin/JsonResponse.java

@@ -1,6 +1,7 @@
 package org.keycloak.social.weixin;
 
-import javax.ws.rs.core.Response;
+
+import jakarta.ws.rs.core.Response;
 
 public class JsonResponse {
     public static Response fromJson(String json) {

src/main/java/org/keycloak/social/weixin/ParsedCodeContext.java

@@ -1,10 +1,9 @@
 package org.keycloak.social.weixin;
 
+import jakarta.ws.rs.core.Response;
 import org.keycloak.services.managers.ClientSessionCode;
 import org.keycloak.sessions.AuthenticationSessionModel;
 
-import javax.ws.rs.core.Response;
-
 public class ParsedCodeContext {
     public ClientSessionCode<AuthenticationSessionModel> clientSessionCode;
     public Response response;

src/main/java/org/keycloak/social/weixin/WeiXinIdentityBrokerService.java

@@ -1,5 +1,9 @@
 package org.keycloak.social.weixin;
 
+import jakarta.ws.rs.core.Context;
+import jakarta.ws.rs.core.HttpHeaders;
+import jakarta.ws.rs.core.Response;
+import jakarta.ws.rs.core.UriBuilder;
 import org.jboss.logging.Logger;
 import org.keycloak.OAuthErrorException;
 import org.keycloak.authentication.AuthenticationProcessor;
@@ -33,16 +37,11 @@
 import org.keycloak.services.resources.IdentityBrokerService;
 import org.keycloak.services.resources.LoginActionsService;
 import org.keycloak.services.resources.SessionCodeChecks;
-import org.keycloak.services.resources.account.AccountFormService;
 import org.keycloak.services.util.BrowserHistoryHelper;
 import org.keycloak.services.validation.Validation;
 import org.keycloak.sessions.AuthenticationSessionModel;
 import org.keycloak.util.JsonSerialization;
 
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriBuilder;
 import java.io.IOException;
 import java.net.URI;
 import java.util.*;
@@ -147,7 +146,7 @@ private Response redirectToAccountErrorPage(AuthenticationSessionModel authSessi
         FormMessage errorMessage = new FormMessage(message, parameters);
         try {
             String serializedError = JsonSerialization.writeValueAsString(errorMessage);
-            authSession.setAuthNote(AccountFormService.ACCOUNT_MGMT_FORWARDED_ERROR_NOTE, serializedError);
+            authSession.setAuthNote("accountMgmtForwardedError", serializedError);
         } catch (IOException ioe) {
             throw new RuntimeException(ioe);
         }

src/main/java/org/keycloak/social/weixin/WeiXinIdentityProvider.java

@@ -18,20 +18,14 @@
 
 import java.io.IOException;
 import java.net.URI;
-import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.UUID;
 
-import javax.ws.rs.GET;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.UriBuilder;
-import javax.ws.rs.core.UriInfo;
-
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.QueryParam;
+import jakarta.ws.rs.WebApplicationException;
+import jakarta.ws.rs.core.*;
 import org.keycloak.OAuth2Constants;
 import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
 import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
@@ -48,7 +42,6 @@
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.protocol.oidc.OIDCLoginProtocol;
-import org.keycloak.provider.ProviderConfigProperty;
 import org.keycloak.services.ErrorPage;
 import org.keycloak.services.messages.Messages;
 
@@ -73,7 +66,7 @@ public class WeiXinIdentityProvider extends AbstractOAuth2IdentityProvider<OAuth
     public static final String OAUTH2_PARAMETER_CLIENT_SECRET = "secret";
 
     public static final String WECHAT_APPID_KEY = "clientId2";
-    public static final String WECHATAPPIDKEY = "clientSecret2";
+    public static final String WECHAT_APPID_SECRET = "clientSecret2";
 
     public static final String WMP_APP_ID = "wmpClientId";
     public static final String WMP_APP_SECRET = "wmpClientSecret";
@@ -91,10 +84,11 @@ public WeiXinIdentityProvider(KeycloakSession session, OAuth2IdentityProviderCon
         customAuth = new WeixinIdentityCustomAuth(session, config, this);
     }
 
-    public WeiXinIdentityProvider(KeycloakSession session, WeixinProviderConfig config) {
+    public WeiXinIdentityProvider(KeycloakSession session, WeixinIdentityProviderConfig config) {
         super(session, config);
         config.setAuthorizationUrl(AUTH_URL);
         config.setTokenUrl(TOKEN_URL);
+        config.setUserInfoUrl(PROFILE_URL);
 
         customAuth = new WeixinIdentityCustomAuth(session, config, this);
     }
@@ -183,7 +177,7 @@ protected String getDefaultScopes() {
      */
     private boolean isWechatBrowser(String ua) {
         String wechatAppId = getConfig().getConfig().get(WECHAT_APPID_KEY);
-        String wechatAppSecret = getConfig().getConfig().get(WECHATAPPIDKEY);
+        String wechatAppSecret = getConfig().getConfig().get(WECHAT_APPID_SECRET);
         return ua.indexOf(WECHATFLAG) > 0 && wechatAppId != null && wechatAppSecret != null
                 && !wechatAppId.isEmpty() && !wechatAppSecret.isEmpty();
     }
@@ -205,8 +199,8 @@ protected UriBuilder createAuthorizationUrl(AuthenticationRequest request) {
                     .queryParam(OAUTH2_PARAMETER_REDIRECT_URI, request.getRedirectUri());
         } else {
             var config = getConfig();
-            if (config instanceof WeixinProviderConfig) {
-                var customizedLoginUrlForPc = ((WeixinProviderConfig) config).getCustomizedLoginUrlForPc();
+            if (config instanceof WeixinIdentityProviderConfig) {
+                var customizedLoginUrlForPc = ((WeixinIdentityProviderConfig) config).getCustomizedLoginUrlForPc();
 
                 if (customizedLoginUrlForPc != null && !customizedLoginUrlForPc.isEmpty()) {
                     uriBuilder = UriBuilder.fromUri(customizedLoginUrlForPc);
@@ -368,7 +362,7 @@ public SimpleHttp[] generateTokenRequest(String authorizationCode, WechatLoginTy
                 return new SimpleHttp[]{SimpleHttp.doPost(WECHAT_TOKEN_URL, session)
                         .param(OAUTH2_PARAMETER_CODE, authorizationCode)
                         .param(OAUTH2_PARAMETER_CLIENT_ID, getConfig().getConfig().get(WECHAT_APPID_KEY))
-                        .param(OAUTH2_PARAMETER_CLIENT_SECRET, getConfig().getConfig().get(WECHATAPPIDKEY))
+                        .param(OAUTH2_PARAMETER_CLIENT_SECRET, getConfig().getConfig().get(WECHAT_APPID_SECRET))
                         .param(OAUTH2_PARAMETER_REDIRECT_URI, uriInfo.getAbsolutePath().toString())
                         .param(OAUTH2_PARAMETER_GRANT_TYPE, OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE), null};
             }

src/main/java/org/keycloak/social/weixin/WeiXinIdentityProviderFactory.java

@@ -1,17 +1,18 @@
 package org.keycloak.social.weixin;
 
+import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
 import org.keycloak.broker.provider.AbstractIdentityProviderFactory;
 import org.keycloak.broker.social.SocialIdentityProviderFactory;
 import org.keycloak.models.IdentityProviderModel;
 import org.keycloak.models.KeycloakSession;
-import org.keycloak.provider.ConfiguredProvider;
 import org.keycloak.provider.ProviderConfigProperty;
 import org.keycloak.provider.ProviderConfigurationBuilder;
 
 import java.util.List;
 
-public class WeiXinIdentityProviderFactory extends AbstractIdentityProviderFactory<WeiXinIdentityProvider>
-        implements SocialIdentityProviderFactory<WeiXinIdentityProvider>, ConfiguredProvider {
+public class WeiXinIdentityProviderFactory extends
+        AbstractIdentityProviderFactory<WeiXinIdentityProvider> implements
+        SocialIdentityProviderFactory<WeiXinIdentityProvider> {
 
     public static final String PROVIDER_ID = "weixin";
 
@@ -22,12 +23,12 @@ public String getName() {
 
     @Override
     public WeiXinIdentityProvider create(KeycloakSession session, IdentityProviderModel model) {
-        return new WeiXinIdentityProvider(session, new WeixinProviderConfig(model));
+        return new WeiXinIdentityProvider(session, new WeixinIdentityProviderConfig(model));
     }
 
     @Override
-    public WeixinProviderConfig createConfig() {
-        return new WeixinProviderConfig();
+    public OAuth2IdentityProviderConfig createConfig() {
+        return new OAuth2IdentityProviderConfig();
     }
 
     @Override
@@ -47,7 +48,23 @@ public List<ProviderConfigProperty> getConfigProperties() {
     }
 
     @Override
-    public String getHelpText() {
-        return "微信登录集成";
+    public List<ProviderConfigProperty> getConfigProperties() {
+        return ProviderConfigurationBuilder.create()
+                .property().name(WeiXinIdentityProvider.WECHAT_APPID_KEY)
+                .label("公众号 App Id")
+                .helpText("当用户使用 PC 进行关注微信公众号即登录时，要使用的 app Id，即微信公众号（不是开放平台）的 appid")
+                .type(ProviderConfigProperty.STRING_TYPE)
+                .add()
+                .property().name(WeiXinIdentityProvider.WECHAT_APPID_SECRET)
+                .label("公众号 App Secret")
+                .helpText("当用户使用 PC 进行关注微信公众号即登录时，要使用的 app Secret，即微信公众号（不是开放平台）的 app secret")
+                .type(ProviderConfigProperty.STRING_TYPE)
+                .add()
+
+                .property().name(WeiXinIdentityProvider.CUSTOMIZED_LOGIN_URL_FOR_PC)
+                .label("PC 登录 URL")
+                .helpText("PC 登录 URL 的登录页面，可以配置为一个自定义的前端登录页面，用来展示公众号带参二维码")
+                .type(ProviderConfigProperty.STRING_TYPE)
+                .add().build();
     }
 }

src/main/java/org/keycloak/social/weixin/WeixinProviderConfig.java → src/main/java/org/keycloak/social/weixin/WeixinIdentityProviderConfig.java

@@ -1,13 +1,13 @@
 package org.keycloak.social.weixin;
 
-import org.keycloak.broker.oidc.OAuth2IdentityProviderConfig;
+import org.keycloak.broker.oidc.OIDCIdentityProviderConfig;
 import org.keycloak.models.IdentityProviderModel;
 
-public class WeixinProviderConfig extends OAuth2IdentityProviderConfig {
-    public WeixinProviderConfig() {
+public class WeixinIdentityProviderConfig extends OIDCIdentityProviderConfig {
+    public WeixinIdentityProviderConfig() {
     }
 
-    public WeixinProviderConfig(IdentityProviderModel model) {
+    public WeixinIdentityProviderConfig(IdentityProviderModel model) {
         super(model);
     }