Skip to content

I
ibzuaa
提交 63f97340 编写于 作者: nancy's avatar nancy
浏览文件
操作

UserDingtalkResourse还原

上级 84dff5de
显示空白字符变更
内嵌 并排
正在显示 包含 206 行增加205 行删除
ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/LdapUserService.java
浏览文件 @ 63f97340
......@@ -10,7 +10,9 @@ import cn.ibizlab.util.service.AuthenticationUserService;
import cn.ibizlab.util.service.IBZUSERService;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
......@@ -24,19 +26,18 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
import org.springframework.util.DigestUtils;
import org.springframework.util.StringUtils;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.*;
/**
* 实体[IBZUSER] 服务对象接口实现
*/
@Primary
@Slf4j
@Service("LdapUserService")
@ConditionalOnExpression("'${ibiz.auth.service:SimpleUserService}'.equals('LdapUserService')")
public class LdapUserService extends ServiceImpl<IBZUSERMapper, IBZUSER> implements IBZUSERService, AuthenticationUserService {
......@@ -48,14 +49,60 @@ public class LdapUserService extends ServiceImpl<IBZUSERMapper, IBZUSER> impleme
@Override
public AuthenticationUser loadUserByUsername(String username) {
AuthenticationUser user = new AuthenticationUser();
if (StringUtils.isEmpty(username))
throw new UsernameNotFoundException("用户名为空");
QueryWrapper<IBZUSER> conds = new QueryWrapper<IBZUSER>();
String[] data = username.split("[|]");
String loginname = "";
String domains = "";
if (data.length > 0)
loginname = data[0].trim();
if (data.length > 1)
domains = data[1].trim();
if (!StringUtils.isEmpty(loginname))
conds.eq("loginname", loginname);
if (!StringUtils.isEmpty(domains))
conds.eq("domains", domains);
IBZUSER user = this.getOne(conds);
if (user == null) {
throw new UsernameNotFoundException("用户" + username + "未找到");
} else {
user.setUsername(username);
return user;
AuthenticationUser curUser = createUserDetails(user);
if (curUser.getPermissionList() == null) {
setUserPermission(curUser);
setUserOrgInfo(curUser);
}
return curUser;
}
}
@Override
public AuthenticationUser loadUserByLogin(String username, String password){
AuthenticationUser user = new AuthenticationUser();
public AuthenticationUser loadUserByLogin(String username, String password) {
//获取用户
AuthenticationUser user = loadUserByUsername(username);
if (1 == user.getSuperuser()) {
if (pwencrymode == 1)
password = DigestUtils.md5DigestAsHex(password.getBytes());
else if (pwencrymode == 2)
password = DigestUtils.md5DigestAsHex(String.format("%1$s||%2$s", username, password).getBytes());
if (!user.getPassword().equals(password)) {
throw new BadRequestAlertException("用户名密码错误", "IBZUSER", username);
}
} else {
//Ldap 认证。
authenticateByLdap(username, password);
}
return user;
}
private void authenticateByLdap(String username, String password) {
String[] data = username.split("[|]");
String loginname = username;
String devslnsysid = "";
......@@ -81,32 +128,18 @@ public class LdapUserService extends ServiceImpl<IBZUSERMapper, IBZUSER> impleme
}
if (!bAuthenticate) {
throw new BadRequestAlertException("用户名密码错误", "IBZUSER", username);
throw new BadRequestAlertException("用户名或密码错误。", "IBZUSER", username);
}
user.setUsercode(loginname);
user.setUsername(loginname);
user.setLoginname(loginname);
user.setPersonname(loginname);
// user.setDomain(devslnsysid);
// user.setDevslnsysid(devslnsysid);
// user.setPassword(password);
// user.setOrgid(devslnsysid);
// user.setOrgcode(devslnsysid);
// user.setOrgname(devslnsysid);
return user;
}
public void resetByUsername(String username) {
}
public AuthenticationUser createUserDetails(IBZUSER user) {
AuthenticationUser userdatail = new AuthenticationUser();
CachedBeanCopier.copy(user,userdatail);
if(userdatail.getSuperuser()==1){
CachedBeanCopier.copy(user, userdatail);
if (userdatail.getSuperuser() == 1) {
userdatail.setAuthorities(AuthorityUtils.createAuthorityList("ROLE_SUPERADMIN"));
}
return userdatail;
......@@ -121,17 +154,18 @@ public class LdapUserService extends ServiceImpl<IBZUSERMapper, IBZUSER> impleme
/**
* 设置用户权限
* 由于GrantedAuthority缺少无参构造,导致无法序列化,暂时通过PermissionList中转
*
* @param user
* @return
*/
public void setUserPermission(AuthenticationUser user) {
Collection<GrantedAuthority> userAuthorities=uaaCoreService.getAuthoritiesByUserId(user.getUserid());
Collection<GrantedAuthority> userAuthorities = uaaCoreService.getAuthoritiesByUserId(user.getUserid());
Set<String> authorities = AuthorityUtils.authorityListToSet(userAuthorities);
if(user.getSuperuser()==1){
if (user.getSuperuser() == 1) {
authorities.add("ROLE_SUPERADMIN");
}
JSONObject permission =new JSONObject();
permission.put("authorities",authorities);
JSONObject permission = new JSONObject();
permission.put("authorities", authorities);
user.setPermissionList(permission);
}
......@@ -141,13 +175,14 @@ public class LdapUserService extends ServiceImpl<IBZUSERMapper, IBZUSER> impleme
/**
* 设置用户组织相关信息
*
* @param user
*/
private void setUserOrgInfo(AuthenticationUser user) {
Map<String, Set<String>> orgInfo=ouFeignClient.getOUMapsByUserId(user.getUserid());
if(orgInfo==null)
orgInfo=new HashMap<>();
Map<String, Set<String>> orgInfo = ouFeignClient.getOUMapsByUserId(user.getUserid());
if (orgInfo == null)
orgInfo = new HashMap<>();
//throw new RuntimeException(String.format("获取用户信息失败,请检查用户中心[IBZOU]中是否存在[%s]用户!",user.getLoginname()));
user.setOrgInfo(orgInfo);
......
ibzuaa-core/src/main/java/cn/ibizlab/core/uaa/extensions/service/UserDingtalkRegisterService.java
浏览文件 @ 63f97340
......@@ -11,34 +11,22 @@ import cn.ibizlab.util.security.AuthenticationUser;
import cn.ibizlab.util.service.AuthenticationUserService;
import cn.ibizlab.util.service.IBZUSERService;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.client.identify.Base64;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.dingtalk.api.DefaultDingTalkClient;
import com.dingtalk.api.DingTalkClient;
import com.dingtalk.api.request.*;
import com.dingtalk.api.response.*;
import com.dingtalk.api.request.OapiGettokenRequest;
import com.dingtalk.api.request.OapiSnsGetuserinfoBycodeRequest;
import com.dingtalk.api.request.OapiUserGetuserinfoRequest;
import com.dingtalk.api.response.OapiGettokenResponse;
import com.dingtalk.api.response.OapiSnsGetuserinfoBycodeResponse;
import com.dingtalk.api.response.OapiUserGetuserinfoResponse;
import com.taobao.api.ApiException;
import lombok.extern.slf4j.Slf4j;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.sql.Timestamp;
import java.sql.Wrapper;
import java.util.Date;
/**
* 实体[IBZUSER] 钉钉用户注册接口实现
......@@ -49,83 +37,63 @@ public class UserDingtalkRegisterService {
@Autowired
private IBZUSERService ibzuserService;
@Autowired
private AuthenticationUserService authenticationUserService;
@Autowired
private ISysUserAuthService sysUserAuthService;
@Autowired
private ISysOpenAccessService sysOpenAccessService;
public synchronized String getAccessToken(SysOpenAccess sysOpenAccess) {
private long lastRefreshTime=System.currentTimeMillis()-7200001;
private String accessToken="";
public boolean isExpire()
{
if(System.currentTimeMillis()<(lastRefreshTime+7200000))
{
System.currentTimeMillis();
return false;
if (sysOpenAccess == null) {
log.error("无法获取对应的第三方认证信息,数据信息[{}],请检查数据库信息。", sysOpenAccess);
throw new BadRequestAlertException("无法获取对应的第三方认证信息,数据信息[{}],请检查数据库信息。", null, null);
}
return true;
}
public synchronized String getAccessToken(String appKey,String appSecret)
{
if(isExpire()) {
if (sysOpenAccess.getExpiresTime() == null || System.currentTimeMillis() < (sysOpenAccess.getExpiresTime().getTime() + 7200000)) {
DefaultDingTalkClient client = new DefaultDingTalkClient("https://oapi.dingtalk.com/gettoken");
OapiGettokenRequest request = new OapiGettokenRequest();
request.setAppkey("appKey");
request.setAppsecret("appSecret");
request.setAppkey(sysOpenAccess.getAccessKey());
request.setAppsecret(sysOpenAccess.getSecretKey());
request.setHttpMethod("GET");
try {
OapiGettokenResponse response = client.execute(request);
if(response.getErrcode()!=0||StringUtils.isEmpty(response.getAccessToken()))
throw new BadRequestAlertException("获取access_token失败","UserDingtalkRegisterService",response.getErrmsg());
lastRefreshTime = System.currentTimeMillis();
accessToken = response.getAccessToken();
if (response.getErrcode() != 0 || StringUtils.isEmpty(response.getAccessToken()))
throw new BadRequestAlertException("获取access_token失败", "UserDingtalkRegisterService", response.getErrmsg());
sysOpenAccess.setExpiresTime(new Timestamp(System.currentTimeMillis()));
sysOpenAccess.setAccessToken(response.getAccessToken());
} catch (ApiException e) {
e.printStackTrace();
throw new InternalServerErrorException("获取access_token失败");
}
}
return accessToken;
sysOpenAccessService.update(sysOpenAccess);
return sysOpenAccess.getAccessToken();
}
@Autowired
private ISysOpenAccessService sysOpenAccessService;
public SysOpenAccess getOpenAccess(String id)
{
return getOpenAccess(id,true);
}
public SysOpenAccess getOpenAccess(String id,boolean throwEx)
{
final String accessid = StringUtils.isEmpty(id)?"dingtalk":id;
SysOpenAccess sysOpenAccess=sysOpenAccessService.getOne(Wrappers.<SysOpenAccess>lambdaQuery().eq(SysOpenAccess::getOpenType,"dingtalk").
and(wrapper -> wrapper.eq(SysOpenAccess::getAccessKey,accessid).or().eq(SysOpenAccess::getId,accessid)),false);
if((sysOpenAccess==null|| (sysOpenAccess.getDisabled()!=null && sysOpenAccess.getDisabled()==1))&&throwEx)
throw new BadRequestAlertException("获取接入配置失败","UserDingtalkRegisterService","");
String accessToken = getAccessToken(sysOpenAccess.getAccessKey(),sysOpenAccess.getSecretKey());
if(!accessToken.equals(sysOpenAccess.getAccessToken()))
{
sysOpenAccess.setAccessToken(accessToken);
sysOpenAccess.setExpiresTime(new Timestamp(lastRefreshTime));
sysOpenAccessService.update(sysOpenAccess);
public SysOpenAccess getOpenAccess(String id) {
return getOpenAccess(id, true);
}
public SysOpenAccess getOpenAccess(String id, boolean throwEx) {
final String accessid = StringUtils.isEmpty(id) ? "dingtalk" : id;
SysOpenAccess sysOpenAccess = sysOpenAccessService.getOne(Wrappers.<SysOpenAccess>lambdaQuery().eq(SysOpenAccess::getOpenType, "dingtalk").
and(wrapper -> wrapper.eq(SysOpenAccess::getAccessKey, accessid).or().eq(SysOpenAccess::getId, accessid)), false);
if ((sysOpenAccess == null || (sysOpenAccess.getDisabled() != null && sysOpenAccess.getDisabled() == 1)) && throwEx)
throw new BadRequestAlertException("获取接入配置失败", "UserDingtalkRegisterService", "");
String accessToken = getAccessToken(sysOpenAccess);
return sysOpenAccess;
}
public AuthenticationUser getUserByToken(String id,String requestAuthCode)
{
public AuthenticationUser getUserByToken(String id, String requestAuthCode) {
SysOpenAccess openAccess = getOpenAccess(id);
if (openAccess==null || (openAccess.getDisabled()!=null && openAccess.getDisabled()==1))
if (openAccess == null || (openAccess.getDisabled() != null && openAccess.getDisabled() == 1))
throw new BadRequestAlertException("未找到配置", "UserDingtalkRegisterService", "");
DingTalkClient client = new DefaultDingTalkClient("https://oapi.dingtalk.com/user/getuserinfo");
......@@ -135,8 +103,8 @@ public class UserDingtalkRegisterService {
OapiUserGetuserinfoResponse response = null;
try {
response = client.execute(request, openAccess.getAccessToken());
if(response.getErrcode()!=0||StringUtils.isEmpty(response.getUserid()))
throw new BadRequestAlertException("获取user失败","UserDingtalkRegisterService",response.getErrmsg());
if (response.getErrcode() != 0 || StringUtils.isEmpty(response.getUserid()))
throw new BadRequestAlertException("获取user失败", "UserDingtalkRegisterService", response.getErrmsg());
} catch (ApiException e) {
e.printStackTrace();
throw new InternalServerErrorException("获取user失败");
......@@ -144,19 +112,18 @@ public class UserDingtalkRegisterService {
String userId = response.getUserid();
//先按userid或者username查
IBZUSER user = ibzuserService.getOne(Wrappers.<IBZUSER>lambdaQuery().eq(IBZUSER::getUserid,userId).or().eq(IBZUSER::getUsername,userId),false);
IBZUSER user = ibzuserService.getOne(Wrappers.<IBZUSER>lambdaQuery().eq(IBZUSER::getUserid, userId).or().eq(IBZUSER::getUsername, userId), false);
if(user==null)
{
if (user == null) {
//查不到情况下到auth表查真实userId
SysUserAuth userAuth = sysUserAuthService.getOne(Wrappers.<SysUserAuth>lambdaQuery().eq(SysUserAuth::getIdentityType,"dingtalk").eq(SysUserAuth::getIdentifier, userId),false);
SysUserAuth userAuth = sysUserAuthService.getOne(Wrappers.<SysUserAuth>lambdaQuery().eq(SysUserAuth::getIdentityType, "dingtalk").eq(SysUserAuth::getIdentifier, userId), false);
// 该钉钉用户注册过账号,登录系统
if (userAuth!=null) {
if (userAuth != null) {
user = ibzuserService.getById(userAuth.getUserid());
if(user==null)
throw new BadRequestAlertException("未找到"+userId+"对应系统用户","UserDingtalkRegisterService","");
if (user == null)
throw new BadRequestAlertException("未找到" + userId + "对应系统用户", "UserDingtalkRegisterService", "");
AuthenticationUser curUser = authenticationUserService.loadUserByUsername(user.getLoginname()+(StringUtils.isEmpty(user.getDomains())?"":("|"+user.getDomains())));
AuthenticationUser curUser = authenticationUserService.loadUserByUsername(user.getLoginname() + (StringUtils.isEmpty(user.getDomains()) ? "" : ("|" + user.getDomains())));
return curUser;
}
}
......@@ -170,41 +137,41 @@ public class UserDingtalkRegisterService {
*
* @return
*/
public JSONObject getUserBySnsToken(String id,String requestAuthCode) {
public JSONObject getUserBySnsToken(String id, String requestAuthCode) {
JSONObject returnObj = null;
SysOpenAccess openAccess = getOpenAccess(id);
if (openAccess==null || (openAccess.getDisabled()!=null && openAccess.getDisabled()==1))
if (openAccess == null || (openAccess.getDisabled() != null && openAccess.getDisabled() == 1))
throw new BadRequestAlertException("未找到配置", "UserDingtalkRegisterService", "");
DefaultDingTalkClient client = new DefaultDingTalkClient("https://oapi.dingtalk.com/sns/getuserinfo_bycode");
OapiSnsGetuserinfoBycodeRequest req = new OapiSnsGetuserinfoBycodeRequest();
req.setTmpAuthCode(requestAuthCode);
try {
OapiSnsGetuserinfoBycodeResponse response = client.execute(req,openAccess.getAccessKey(),openAccess.getSecretKey());
OapiSnsGetuserinfoBycodeResponse response = client.execute(req, openAccess.getAccessKey(), openAccess.getSecretKey());
if(response.getErrcode()!=0)
{
if (response.getErrcode() != 0) {
throw new BadRequestAlertException("获取user失败", "UserDingtalkRegisterService", response.getErrmsg());
}
returnObj.put("openid", response.getUserInfo().getOpenid());
returnObj.put("nickname", response.getUserInfo().getNick());
returnObj.put("unionid", response.getUserInfo().getUnionid());
SysUserAuth userAuth = sysUserAuthService.getOne(Wrappers.<SysUserAuth>lambdaQuery().eq(SysUserAuth::getIdentityType,"dingtalk")
SysUserAuth userAuth = sysUserAuthService.getOne(Wrappers.<SysUserAuth>lambdaQuery().eq(SysUserAuth::getIdentityType, "dingtalk")
.and(wrapper -> wrapper.eq(SysUserAuth::getIdentifier, response.getUserInfo().getOpenid()).or().eq(SysUserAuth::getIdentifier, response.getUserInfo().getUnionid())
),false);
), false);
IBZUSER user = null;
// 该钉钉用户注册过账号,登录系统
if (userAuth!=null) {
if (userAuth != null) {
user = ibzuserService.getById(userAuth.getUserid());
if (user == null)
user = ibzuserService.getOne(Wrappers.<IBZUSER>lambdaQuery().eq(IBZUSER::getUserid,response.getUserInfo().getOpenid()).or().eq(IBZUSER::getUsername,response.getUserInfo().getOpenid()),false);
user = ibzuserService.getOne(Wrappers.<IBZUSER>lambdaQuery().eq(IBZUSER::getUserid, response.getUserInfo().getOpenid()).or().eq(IBZUSER::getUsername, response.getUserInfo().getOpenid()), false);
if(user!=null)
{
returnObj.put("username",user.getLoginname()+(StringUtils.isEmpty(user.getDomains())?"":("|"+user.getDomains())));
if (user != null) {
returnObj.put("username", user.getLoginname() + (StringUtils.isEmpty(user.getDomains()) ? "" : ("|" + user.getDomains())));
}
}
......@@ -217,5 +184,4 @@ public class UserDingtalkRegisterService {
return returnObj;
}
}
\ No newline at end of file
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册