Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,24 @@ public class TransferBillsRequest implements Serializable {
@SerializedName("transfer_scene_report_infos")
private List<TransferSceneReportInfo> transferSceneReportInfos;

/**
* 自动收款授权信息
*/
@SerializedName("authorization_info")
private AuthorizationInfo authorizationInfo;
Comment on lines +93 to +94

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Route authorization-info calls to the pre-transfer API

When callers populate authorizationInfo, TransferServiceImpl.transferBills still serializes this request to /v3/fund-app/mch-transfer/transfer-bills. WeChat documents authorization_info only for POST /v3/fund-app/mch-transfer/transfer-bills/pre-transfer-with-authorization (https://pay.wechatpay.cn/doc/v3/merchant/4014399293); the regular transfer endpoint doesn't accept it, so this newly exposed field will produce an unsupported request instead of starting the transfer+authorization flow.

Useful? React with 👍 / 👎.


/**
* 微信免确认收款授权单号
*/
@SerializedName("authorization_id")
private String authorizationId;
Comment on lines +99 to +100

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Route authorized transfers to the transfer endpoint

When callers set authorizationId (or the adjacent outAuthorizationNo) to pay a user who already authorized免确认收款, this same request object is still sent by transferBills to /transfer-bills and also requires the normal openid. The WeChat docs put these fields on POST /v3/fund-app/mch-transfer/transfer-bills/transfer (https://pay.wechatpay.cn/doc/v3/merchant/4014399371), so authorized-transfer requests built with the new fields are sent to the wrong API and cannot succeed.

Useful? React with 👍 / 👎.


/**
* 商户侧授权单号
*/
@SerializedName("out_authorization_no")
private String outAuthorizationNo;
Comment on lines +90 to +106

/**
* 收款授权模式
* <pre>
Expand Down Expand Up @@ -125,4 +143,28 @@ public static class TransferSceneReportInfo {
@SerializedName("info_content")
private String infoContent;
}

@Data
@Builder(builderMethodName = "newBuilder")
@AllArgsConstructor
@NoArgsConstructor
public static class AuthorizationInfo {

@augmentcode augmentcode Bot Jul 2, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TransferBillsRequest.java:151TransferBillsRequest implements Serializable, but the newly added nested type AuthorizationInfo does not; serializing a TransferBillsRequest that has authorizationInfo set can throw NotSerializableException.

Severity: medium

Fix This in Augment

🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.

/**
* 用户展示名称
*/
@SerializedName("user_display_name")
private String userDisplayName;

/**
* 商户侧授权单号
*/
@SerializedName("out_authorization_no")
private String outAuthorizationNo;

/**
* 自动收款授权结果通知地址
*/
@SerializedName("authorization_notify_url")
private String authorizationNotifyUrl;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -140,9 +140,12 @@ public ReservationTransferBatchResult reservationTransferBatch(ReservationTransf
String url = String.format("%s/v3/fund-app/mch-transfer/reservation/transfer-batches", this.payService.getPayBaseUrl());
List<ReservationTransferBatchRequest.TransferDetail> transferDetailList = request.getTransferDetailList();
if (transferDetailList != null && !transferDetailList.isEmpty()) {
X509Certificate validCertificate = this.payService.getConfig().getVerifier().getValidCertificate();
X509Certificate validCertificate = null;
for (ReservationTransferBatchRequest.TransferDetail detail : transferDetailList) {
if (detail.getUserName() != null && !detail.getUserName().isEmpty()) {
if (validCertificate == null) {
validCertificate = this.payService.getConfig().getVerifier().getValidCertificate();
}
RsaCryptoUtil.encryptFields(detail, validCertificate);
}
}
Expand Down
Loading