From c2d7230e2a569d4eb0f4d8001a7b0f90a1408ed7 Mon Sep 17 00:00:00 2001
From: MaxKey <shimingxy@qq.com>
Date: Fri, 2 Sep 2022 12:02:59 +0800
Subject: [PATCH] =?UTF-8?q?=E8=85=BE=E8=AE=AF=E4=BC=81=E4=B8=9A=E9=82=AE?=
 =?UTF-8?q?=E7=AE=B1=E7=99=BB=E5=BD=95=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 NOTICE                                        |   3 +
 .../endpoint/ExtendApiAuthorizeEndpoint.java  |   7 +-
 .../adapter/ExtendApiQQExmailAdapter.java     | 165 ++++++++++++++++--
 .../views/authorize/redirect_sso_submit.ftl   |  11 +-
 4 files changed, 165 insertions(+), 21 deletions(-)

diff --git a/NOTICE b/NOTICE
index ca4cea16..bfa4e743 100644
--- a/NOTICE
+++ b/NOTICE
@@ -14,6 +14,9 @@ It can be used directly without authorization. All copyrights, patents, trademar
 页脚中归属声明及版权声明不可忽略，否则视为侵权
 The attribution statement and copyright notice in the footer cannot be ignored, otherwise it will be deemed as infringement.
 
+仅使用java程序情况，必须在软件前端页脚中添加此声明
+If only Java programs are used, this declaration must be added in the footer of the software front end
+
 Copyright  http://www.maxkey.top  All Rights Reserved.
 
 License http://www.maxkey.top/zh/about/licenses.html
\ No newline at end of file
diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java
index f10f1289..568d7645 100644
--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java
@@ -57,10 +57,14 @@ public class ExtendApiAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 			@PathVariable("id") String id,
 			@CurrentUser UserInfo currentUser){
 	    
-	    ModelAndView modelAndView=new ModelAndView("authorize/redirect_sso_submit");
+	    ModelAndView modelAndView = new ModelAndView("authorize/redirect_sso_submit");
+	    modelAndView.addObject("errorCode", 0);
+	    modelAndView.addObject("errorMessage", "");
+	    
 		Apps apps = getApp(id);
 		_logger.debug(""+apps);
 		if(ConstsBoolean.isTrue(apps.getIsAdapter())){
+			_logger.debug("Adapter {}",apps.getAdapter());
 			AbstractAuthorizeAdapter adapter = (AbstractAuthorizeAdapter)Instance.newInstance(apps.getAdapter());
 			Accounts account = getAccounts(apps,currentUser);
 			if(apps.getCredential()==Apps.CREDENTIALS.USER_DEFINED && account == null) {
@@ -73,6 +77,7 @@ public class ExtendApiAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 			
 			return adapter.authorize(modelAndView);
 		}else{
+			_logger.debug("redirect_uri {}",apps.getLoginUrl());
 	        modelAndView.addObject("redirect_uri", apps.getLoginUrl());
 	        return modelAndView;
 		}
diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java
index 84cd9627..9297d3b7 100644
--- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailAdapter.java
@@ -18,6 +18,8 @@
 package org.maxkey.authz.exapi.endpoint.adapter;
 
 import java.io.Serializable;
+import java.util.HashMap;
+import java.util.concurrent.TimeUnit;
 
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.entity.Accounts;
@@ -29,6 +31,9 @@ import org.maxkey.web.HttpRequestAdapter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.web.servlet.ModelAndView;
+
+import com.github.benmanes.caffeine.cache.Cache;
+import com.github.benmanes.caffeine.cache.Caffeine;
 /**
  * https://exmail.qq.com/qy_mng_logic/doc
  * exmail sso
@@ -42,6 +47,10 @@ public class ExtendApiQQExmailAdapter extends AbstractAuthorizeAdapter {
 	//https://exmail.qq.com/qy_mng_logic/doc#10036
 	static String AUTHKEY_URI 	= "https://api.exmail.qq.com/cgi-bin/service/get_login_url?access_token=%s&userid=%s";
 	
+	final static  Cache<String, String> tokenCache = Caffeine.newBuilder()
+                										.expireAfterWrite(7200, TimeUnit.SECONDS)
+                										.build();
+	
 	Accounts account;
 	
 	@Override
@@ -59,31 +68,58 @@ public class ExtendApiQQExmailAdapter extends AbstractAuthorizeAdapter {
 		if(details.getIsExtendAttr()==1){
 			extraAttrs=new ExtraAttrs(details.getExtendAttr());
 		}
-		_logger.debug("Extra Attrs "+extraAttrs);
-		String responseBody = new HttpRequestAdapter().get(
-				String.format(TOKEN_URI,details.getPrincipal(),details.getCredentials()),null);
-		Token token =JsonUtils.gson2Object(responseBody,Token.class);
-		_logger.debug("token {}" , token);
 		
-		String authKeyBody = new HttpRequestAdapter().get(
-				String.format(AUTHKEY_URI,token.getAccess_token(),userInfo.getUsername()),null);
+		_logger.debug("Extra Attrs {}",extraAttrs);
 		
-		LoginUrl loginUrl=JsonUtils.gson2Object(authKeyBody, LoginUrl.class);
-		_logger.debug("LoginUrl {} " , loginUrl);
+		String accessToken = getToken(details.getPrincipal(),details.getCredentials());
 		
+		ExMailLoginUrl exMailLoginUrl = getLoginUrl(accessToken,userInfo.getUsername());
 		
-        modelAndView.addObject("redirect_uri", loginUrl.getLogin_url());
+		if(exMailLoginUrl.errcode == 0) {
+			modelAndView.addObject("redirect_uri", exMailLoginUrl.getLogin_url());
+		}else {
+			_logger.error("Exception code {} , message {} , mapping message {} ,",
+					exMailLoginUrl.getErrcode(),
+					exMailLoginUrl.getErrmsg(),
+					exMailMsgMapper.get(exMailLoginUrl.getErrcode())
+					);
+			//remove accessToken 
+			tokenCache.invalidate(details.getPrincipal());
+			modelAndView.addObject("errorCode", exMailLoginUrl.getErrcode());
+			modelAndView.addObject("errorMessage", exMailMsgMapper.get(exMailLoginUrl.getErrcode()));
+		}
         
         return modelAndView;
 	}
     
+    public String getToken(String corpid , String corpsecret) {
+    	String accessToken = tokenCache.getIfPresent(corpid);
+    	if(accessToken ==  null) {
+	    	String responseBody = new HttpRequestAdapter().get(String.format(TOKEN_URI,corpid,corpsecret),null);
+			Token token =JsonUtils.gson2Object(responseBody,Token.class);
+			_logger.debug("access_token {}" , token);
+			accessToken = token.getAccess_token();
+			tokenCache.put(corpid, accessToken);
+    	}
+    	return accessToken;
+    }
+    
+    public ExMailLoginUrl getLoginUrl(String accessToken,String userId) {
+    	_logger.debug("userId {}" , userId);
+		String authKeyBody = new HttpRequestAdapter().get(String.format(AUTHKEY_URI,accessToken,userId),null);
+		
+		ExMailLoginUrl exMailLoginUrl = JsonUtils.gson2Object(authKeyBody, ExMailLoginUrl.class);
+		_logger.debug("LoginUrl {} " , exMailLoginUrl);
+		return exMailLoginUrl;
+    }
+    
 	class ExMailMsg{
 		
 		protected long expires_in;
 		    
 		protected String errmsg;
 		
-		protected long errcode;
+		protected Integer errcode;
 
 		public ExMailMsg() {
 		}
@@ -104,15 +140,13 @@ public class ExtendApiQQExmailAdapter extends AbstractAuthorizeAdapter {
 			this.errmsg = errmsg;
 		}
 
-		public long getErrcode() {
+		public Integer getErrcode() {
 			return errcode;
 		}
 
-		public void setErrcode(long errcode) {
+		public void setErrcode(Integer errcode) {
 			this.errcode = errcode;
 		}
-		
-		
 	}
 	
 	class Token extends ExMailMsg implements Serializable {
@@ -142,7 +176,7 @@ public class ExtendApiQQExmailAdapter extends AbstractAuthorizeAdapter {
 
 	}
 	
-	class LoginUrl extends ExMailMsg  implements Serializable {
+	class ExMailLoginUrl extends ExMailMsg  implements Serializable {
 		private static final long serialVersionUID = 3033047757268214198L;
 		private String login_url;
 		 
@@ -154,7 +188,7 @@ public class ExtendApiQQExmailAdapter extends AbstractAuthorizeAdapter {
 			this.login_url = login_url;
 		}
 		
-		public LoginUrl() {
+		public ExMailLoginUrl() {
 		}
 
 		@Override
@@ -167,4 +201,101 @@ public class ExtendApiQQExmailAdapter extends AbstractAuthorizeAdapter {
 		}
 	}
 
+	public static HashMap<Integer,String> exMailMsgMapper = new HashMap<Integer,String>();
+	
+	static {
+		exMailMsgMapper.put(-1, "系统繁忙");
+		exMailMsgMapper.put(0, "请求成功");
+		exMailMsgMapper.put(40001, "获取access_token时CorpSecret错误，或者access_token无效");
+		exMailMsgMapper.put(40003, "不合法的UserID");
+		exMailMsgMapper.put(40013, "不合法的corpid");
+		exMailMsgMapper.put(40014, "不合法的access_token");
+		exMailMsgMapper.put(40057, "不合法的callbackurl或者callbackurl验证失败");
+		exMailMsgMapper.put(40091, "无效secert");
+		exMailMsgMapper.put(40092, "参数不合法");
+		exMailMsgMapper.put(40093, "请求并发过大，请降低并发并重试");
+		exMailMsgMapper.put(45009, "接口调用超过限制");
+		exMailMsgMapper.put(45024, "帐号数量超过上限");
+		exMailMsgMapper.put(50005, "企业已禁用");
+		exMailMsgMapper.put(60001, "部门长度不符合限制");
+		exMailMsgMapper.put(60002, "部门层级深度超过限制");
+		exMailMsgMapper.put(60003, "部门不存在");
+		exMailMsgMapper.put(60004, "父部门不存在");
+		exMailMsgMapper.put(60005, "不允许删除有成员的部门");
+		exMailMsgMapper.put(60006, "不允许删除有子部门的部门");
+		exMailMsgMapper.put(60007, "不允许删除根部门");
+		exMailMsgMapper.put(60008, "部门名称已存在");
+		exMailMsgMapper.put(60009, "部门名称含有非法字符");
+		exMailMsgMapper.put(60010, "部门存在循环关系");
+		exMailMsgMapper.put(60102, "UserID已存在");
+		exMailMsgMapper.put(60103, "手机号码不合法");
+		exMailMsgMapper.put(60104, "不合法的position参数");
+		exMailMsgMapper.put(60105, "部门ID数量超过上限");
+		exMailMsgMapper.put(60106, "不合法的userlist参数");
+		exMailMsgMapper.put(60111, "UserID不存在");
+		exMailMsgMapper.put(60112, "成员姓名不合法");
+		exMailMsgMapper.put(60114, "性别不合法");
+		exMailMsgMapper.put(60115, "激活码格式错误");
+		exMailMsgMapper.put(60116, "邮箱回收站内已存在相同的帐号");
+		exMailMsgMapper.put(60118, "userid在企业微信重复");
+		exMailMsgMapper.put(60119, "用户未绑定(删除、回收站状态)");
+		exMailMsgMapper.put(60120, "密码和手机号不能同时为空");
+		exMailMsgMapper.put(60123, "无效的部门id");
+		exMailMsgMapper.put(60124, "无效的父部门id");
+		exMailMsgMapper.put(60125, "非法部门名字，长度超过限制、重名等，重名包括与csv文件中同级部门重名或者与旧组织架构包含成员的同级部门重名");
+		exMailMsgMapper.put(60126, "创建部门失败");
+		exMailMsgMapper.put(60127, "缺少部门id");
+		exMailMsgMapper.put(60128, "帐号已绑定手机或微信，需员工修改密码");
+		exMailMsgMapper.put(60201, "不合法的标签id");
+		exMailMsgMapper.put(60202, "缺少标签id");
+		exMailMsgMapper.put(60203, "不合法的标签名");
+		exMailMsgMapper.put(60204, "标签名已存在");
+		exMailMsgMapper.put(60205, "所有参数都非法");
+		exMailMsgMapper.put(60301, "不合法的type参数");
+		exMailMsgMapper.put(60302, "不合法的option参数");
+		exMailMsgMapper.put(600001, "Userid与别名冲突");
+		exMailMsgMapper.put(600002, "Userid与Groupid冲突");
+		exMailMsgMapper.put(600003, "无效密码或者是弱密码");
+		exMailMsgMapper.put(600004, "别名无效");
+		exMailMsgMapper.put(600005, "别名与userid或者Groupid冲突");
+		exMailMsgMapper.put(600006, "别名数量达到上限");
+		exMailMsgMapper.put(600007, "Groupid无效");
+		exMailMsgMapper.put(600008, "邮件群组不存在");
+		exMailMsgMapper.put(600009, "群组成员为空");
+		exMailMsgMapper.put(600010, "Userlist无效，可能是个别成员无效");
+		exMailMsgMapper.put(600011, "Grouplist无效，可能是个别成员无效");
+		exMailMsgMapper.put(600012, "Partylist无效，可能是个别成员无效");
+		exMailMsgMapper.put(600013, "群发权限类型无效");
+		exMailMsgMapper.put(600014, "群发权限成员无效");
+		exMailMsgMapper.put(600015, "邮件群组已存在");
+		exMailMsgMapper.put(600016, "Userlist部分成员未找到");
+		exMailMsgMapper.put(600017, "Partylist部分成员未找到");
+		exMailMsgMapper.put(600018, "Grouplist部分成员未找到");
+		exMailMsgMapper.put(600019, "邮件群组名称含有非法字符");
+		exMailMsgMapper.put(600020, "邮件群组存在循环");
+		exMailMsgMapper.put(600021, "邮件群组嵌套超过层数");
+		exMailMsgMapper.put(600023, "群发权限成员缺失");
+		exMailMsgMapper.put(600024, "Groupid与userid或者别名冲突");
+		exMailMsgMapper.put(600025, "座机号码无效");
+		exMailMsgMapper.put(600026, "编号无效");
+		exMailMsgMapper.put(600027, "批量检查的成员数超过限额");
+		exMailMsgMapper.put(600034, "不合法的fuzzy参数");
+		exMailMsgMapper.put(600035, "不合法的业务邮箱账号");
+		exMailMsgMapper.put(600036, "密码不允许修改");
+		exMailMsgMapper.put(600037, "不合法的业务邮箱ID");
+		exMailMsgMapper.put(600038, "不合法的业务邮箱名称");
+		exMailMsgMapper.put(600039, "业务邮箱账号已存在");
+		exMailMsgMapper.put(600040, "业务邮箱名称已存在");
+		exMailMsgMapper.put(600041, "业务邮箱ID不存在");
+		exMailMsgMapper.put(601001, "日志查询的时间无效");
+		exMailMsgMapper.put(601002, "日志查询的时间超过限制");
+		exMailMsgMapper.put(601003, "日志查询的域名无效");
+		exMailMsgMapper.put(601004, "日志查询的域名不存在");
+		exMailMsgMapper.put(601005, "不合法的mailtype参数");
+		exMailMsgMapper.put(601006, "不合法的type参数");
+		exMailMsgMapper.put(602005, "应用没有访问此API的权限");
+		exMailMsgMapper.put(604001, "基础版企业无权限操作专业版功能");
+		exMailMsgMapper.put(604002, "企业VIP人员达到上限");
+		exMailMsgMapper.put(604003, "不合法的setvip参数");
+	}
 }
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/redirect_sso_submit.ftl b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/redirect_sso_submit.ftl
index 189414d4..ab1c77a5 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/redirect_sso_submit.ftl
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/redirect_sso_submit.ftl
@@ -5,18 +5,23 @@
     <#include  "authorize_common.ftl">
     <script type="text/javascript">
         function redirectToLogin(){
-            window.top.location.href ="${redirect_uri!}";
+           <#if redirect_uri??>
+                window.top.location.href ="${redirect_uri!}";
+           </#if>
        }
     </script>
 </head>
 
-<body onload="redirectToLogin()"  style="display:none">
-<form id="redirect_sso_form" name="redirect_sso_form" action="${redirect_uri!}" method="get">
+<body onload="redirectToLogin()"  >
+    <form id="redirect_sso_form" name="redirect_sso_form" action="${redirect_uri!}" method="get" style="display:none">
         <table style="width:100%">
             <tr>
                 <td colspan="2"><input type="submit"  name="submitBtn" value="Continue..." /></td>
             </tr>
         </table>
     </form>
+    <#if errorMessage??>
+        ${errorMessage!}
+    </#if>
 </body>
 </html>