提交 bbbfdc6b 编写于 作者: nancy's avatar nancy

钉钉认证。

上级 2564b22d
...@@ -11,34 +11,22 @@ import cn.ibizlab.util.security.AuthenticationUser; ...@@ -11,34 +11,22 @@ import cn.ibizlab.util.security.AuthenticationUser;
import cn.ibizlab.util.service.AuthenticationUserService; import cn.ibizlab.util.service.AuthenticationUserService;
import cn.ibizlab.util.service.IBZUSERService; import cn.ibizlab.util.service.IBZUSERService;
import com.alibaba.fastjson.JSONObject; import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.client.identify.Base64;
import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.dingtalk.api.DefaultDingTalkClient; import com.dingtalk.api.DefaultDingTalkClient;
import com.dingtalk.api.DingTalkClient; import com.dingtalk.api.DingTalkClient;
import com.dingtalk.api.request.*; import com.dingtalk.api.request.OapiGettokenRequest;
import com.dingtalk.api.response.*; import com.dingtalk.api.request.OapiSnsGetuserinfoBycodeRequest;
import com.dingtalk.api.request.OapiUserGetuserinfoRequest;
import com.dingtalk.api.response.OapiGettokenResponse;
import com.dingtalk.api.response.OapiSnsGetuserinfoBycodeResponse;
import com.dingtalk.api.response.OapiUserGetuserinfoResponse;
import com.taobao.api.ApiException; import com.taobao.api.ApiException;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.sql.Timestamp; import java.sql.Timestamp;
import java.sql.Wrapper;
import java.util.Date;
/** /**
* 实体[IBZUSER] 钉钉用户注册接口实现 * 实体[IBZUSER] 钉钉用户注册接口实现
...@@ -49,83 +37,63 @@ public class UserDingtalkRegisterService { ...@@ -49,83 +37,63 @@ public class UserDingtalkRegisterService {
@Autowired @Autowired
private IBZUSERService ibzuserService; private IBZUSERService ibzuserService;
@Autowired @Autowired
private AuthenticationUserService authenticationUserService; private AuthenticationUserService authenticationUserService;
@Autowired @Autowired
private ISysUserAuthService sysUserAuthService; private ISysUserAuthService sysUserAuthService;
@Autowired
private ISysOpenAccessService sysOpenAccessService;
public synchronized String getAccessToken(SysOpenAccess sysOpenAccess) {
if (sysOpenAccess == null) {
log.error("无法获取对应的第三方认证信息,数据信息[{}],请检查数据库信息。", sysOpenAccess);
private long lastRefreshTime=System.currentTimeMillis()-7200001; throw new BadRequestAlertException("无法获取对应的第三方认证信息,数据信息[{}],请检查数据库信息。", null, null);
private String accessToken="";
public boolean isExpire()
{
if(System.currentTimeMillis()<(lastRefreshTime+7200000))
{
System.currentTimeMillis();
return false;
} }
return true;
}
public synchronized String getAccessToken(String appKey,String appSecret) if (sysOpenAccess.getExpiresTime() == null || System.currentTimeMillis() < (sysOpenAccess.getExpiresTime().getTime() + 7200000)) {
{
if(isExpire()) {
DefaultDingTalkClient client = new DefaultDingTalkClient("https://oapi.dingtalk.com/gettoken"); DefaultDingTalkClient client = new DefaultDingTalkClient("https://oapi.dingtalk.com/gettoken");
OapiGettokenRequest request = new OapiGettokenRequest(); OapiGettokenRequest request = new OapiGettokenRequest();
request.setAppkey("appKey"); request.setAppkey(sysOpenAccess.getAccessKey());
request.setAppsecret("appSecret"); request.setAppsecret(sysOpenAccess.getSecretKey());
request.setHttpMethod("GET"); request.setHttpMethod("GET");
try { try {
OapiGettokenResponse response = client.execute(request); OapiGettokenResponse response = client.execute(request);
if(response.getErrcode()!=0||StringUtils.isEmpty(response.getAccessToken())) if (response.getErrcode() != 0 || StringUtils.isEmpty(response.getAccessToken()))
throw new BadRequestAlertException("获取access_token失败","UserDingtalkRegisterService",response.getErrmsg()); throw new BadRequestAlertException("获取access_token失败", "UserDingtalkRegisterService", response.getErrmsg());
lastRefreshTime = System.currentTimeMillis(); sysOpenAccess.setExpiresTime(new Timestamp(System.currentTimeMillis()));
accessToken = response.getAccessToken(); sysOpenAccess.setAccessToken(response.getAccessToken());
} catch (ApiException e) { } catch (ApiException e) {
e.printStackTrace(); e.printStackTrace();
throw new InternalServerErrorException("获取access_token失败"); throw new InternalServerErrorException("获取access_token失败");
} }
} }
return accessToken;
sysOpenAccessService.update(sysOpenAccess);
return sysOpenAccess.getAccessToken();
} }
@Autowired
private ISysOpenAccessService sysOpenAccessService;
public SysOpenAccess getOpenAccess(String id) public SysOpenAccess getOpenAccess(String id) {
{ return getOpenAccess(id, true);
return getOpenAccess(id,true);
}
public SysOpenAccess getOpenAccess(String id,boolean throwEx)
{
final String accessid = StringUtils.isEmpty(id)?"dingtalk":id;
SysOpenAccess sysOpenAccess=sysOpenAccessService.getOne(Wrappers.<SysOpenAccess>lambdaQuery().eq(SysOpenAccess::getOpenType,"dingtalk").
and(wrapper -> wrapper.eq(SysOpenAccess::getAccessKey,accessid).or().eq(SysOpenAccess::getId,accessid)),false);
if((sysOpenAccess==null|| (sysOpenAccess.getDisabled()!=null && sysOpenAccess.getDisabled()==1))&&throwEx)
throw new BadRequestAlertException("获取接入配置失败","UserDingtalkRegisterService","");
String accessToken = getAccessToken(sysOpenAccess.getAccessKey(),sysOpenAccess.getSecretKey());
if(!accessToken.equals(sysOpenAccess.getAccessToken()))
{
sysOpenAccess.setAccessToken(accessToken);
sysOpenAccess.setExpiresTime(new Timestamp(lastRefreshTime));
sysOpenAccessService.update(sysOpenAccess);
} }
public SysOpenAccess getOpenAccess(String id, boolean throwEx) {
final String accessid = StringUtils.isEmpty(id) ? "dingtalk" : id;
SysOpenAccess sysOpenAccess = sysOpenAccessService.getOne(Wrappers.<SysOpenAccess>lambdaQuery().eq(SysOpenAccess::getOpenType, "dingtalk").
and(wrapper -> wrapper.eq(SysOpenAccess::getAccessKey, accessid).or().eq(SysOpenAccess::getId, accessid)), false);
if ((sysOpenAccess == null || (sysOpenAccess.getDisabled() != null && sysOpenAccess.getDisabled() == 1)) && throwEx)
throw new BadRequestAlertException("获取接入配置失败", "UserDingtalkRegisterService", "");
String accessToken = getAccessToken(sysOpenAccess);
return sysOpenAccess; return sysOpenAccess;
} }
public AuthenticationUser getUserByToken(String id, String requestAuthCode) {
public AuthenticationUser getUserByToken(String id,String requestAuthCode)
{
SysOpenAccess openAccess = getOpenAccess(id); SysOpenAccess openAccess = getOpenAccess(id);
if (openAccess==null || (openAccess.getDisabled()!=null && openAccess.getDisabled()==1)) if (openAccess == null || (openAccess.getDisabled() != null && openAccess.getDisabled() == 1))
throw new BadRequestAlertException("未找到配置", "UserDingtalkRegisterService", ""); throw new BadRequestAlertException("未找到配置", "UserDingtalkRegisterService", "");
DingTalkClient client = new DefaultDingTalkClient("https://oapi.dingtalk.com/user/getuserinfo"); DingTalkClient client = new DefaultDingTalkClient("https://oapi.dingtalk.com/user/getuserinfo");
...@@ -135,8 +103,8 @@ public class UserDingtalkRegisterService { ...@@ -135,8 +103,8 @@ public class UserDingtalkRegisterService {
OapiUserGetuserinfoResponse response = null; OapiUserGetuserinfoResponse response = null;
try { try {
response = client.execute(request, openAccess.getAccessToken()); response = client.execute(request, openAccess.getAccessToken());
if(response.getErrcode()!=0||StringUtils.isEmpty(response.getUserid())) if (response.getErrcode() != 0 || StringUtils.isEmpty(response.getUserid()))
throw new BadRequestAlertException("获取user失败","UserDingtalkRegisterService",response.getErrmsg()); throw new BadRequestAlertException("获取user失败", "UserDingtalkRegisterService", response.getErrmsg());
} catch (ApiException e) { } catch (ApiException e) {
e.printStackTrace(); e.printStackTrace();
throw new InternalServerErrorException("获取user失败"); throw new InternalServerErrorException("获取user失败");
...@@ -144,19 +112,18 @@ public class UserDingtalkRegisterService { ...@@ -144,19 +112,18 @@ public class UserDingtalkRegisterService {
String userId = response.getUserid(); String userId = response.getUserid();
//先按userid或者username查 //先按userid或者username查
IBZUSER user = ibzuserService.getOne(Wrappers.<IBZUSER>lambdaQuery().eq(IBZUSER::getUserid,userId).or().eq(IBZUSER::getUsername,userId),false); IBZUSER user = ibzuserService.getOne(Wrappers.<IBZUSER>lambdaQuery().eq(IBZUSER::getUserid, userId).or().eq(IBZUSER::getUsername, userId), false);
if(user==null) if (user == null) {
{
//查不到情况下到auth表查真实userId //查不到情况下到auth表查真实userId
SysUserAuth userAuth = sysUserAuthService.getOne(Wrappers.<SysUserAuth>lambdaQuery().eq(SysUserAuth::getIdentityType,"dingtalk").eq(SysUserAuth::getIdentifier, userId),false); SysUserAuth userAuth = sysUserAuthService.getOne(Wrappers.<SysUserAuth>lambdaQuery().eq(SysUserAuth::getIdentityType, "dingtalk").eq(SysUserAuth::getIdentifier, userId), false);
// 该钉钉用户注册过账号,登录系统 // 该钉钉用户注册过账号,登录系统
if (userAuth!=null) { if (userAuth != null) {
user = ibzuserService.getById(userAuth.getUserid()); user = ibzuserService.getById(userAuth.getUserid());
if(user==null) if (user == null)
throw new BadRequestAlertException("未找到"+userId+"对应系统用户","UserDingtalkRegisterService",""); throw new BadRequestAlertException("未找到" + userId + "对应系统用户", "UserDingtalkRegisterService", "");
AuthenticationUser curUser = authenticationUserService.loadUserByUsername(user.getLoginname()+(StringUtils.isEmpty(user.getDomains())?"":("|"+user.getDomains()))); AuthenticationUser curUser = authenticationUserService.loadUserByUsername(user.getLoginname() + (StringUtils.isEmpty(user.getDomains()) ? "" : ("|" + user.getDomains())));
return curUser; return curUser;
} }
} }
...@@ -170,41 +137,41 @@ public class UserDingtalkRegisterService { ...@@ -170,41 +137,41 @@ public class UserDingtalkRegisterService {
* *
* @return * @return
*/ */
public JSONObject getUserBySnsToken(String id,String requestAuthCode) { public JSONObject getUserBySnsToken(String id, String requestAuthCode) {
JSONObject returnObj = null; JSONObject returnObj = null;
SysOpenAccess openAccess = getOpenAccess(id); SysOpenAccess openAccess = getOpenAccess(id);
if (openAccess==null || (openAccess.getDisabled()!=null && openAccess.getDisabled()==1)) if (openAccess == null || (openAccess.getDisabled() != null && openAccess.getDisabled() == 1))
throw new BadRequestAlertException("未找到配置", "UserDingtalkRegisterService", ""); throw new BadRequestAlertException("未找到配置", "UserDingtalkRegisterService", "");
DefaultDingTalkClient client = new DefaultDingTalkClient("https://oapi.dingtalk.com/sns/getuserinfo_bycode"); DefaultDingTalkClient client = new DefaultDingTalkClient("https://oapi.dingtalk.com/sns/getuserinfo_bycode");
OapiSnsGetuserinfoBycodeRequest req = new OapiSnsGetuserinfoBycodeRequest(); OapiSnsGetuserinfoBycodeRequest req = new OapiSnsGetuserinfoBycodeRequest();
req.setTmpAuthCode(requestAuthCode); req.setTmpAuthCode(requestAuthCode);
try { try {
OapiSnsGetuserinfoBycodeResponse response = client.execute(req,openAccess.getAccessKey(),openAccess.getSecretKey()); OapiSnsGetuserinfoBycodeResponse response = client.execute(req, openAccess.getAccessKey(), openAccess.getSecretKey());
if(response.getErrcode()!=0) if (response.getErrcode() != 0) {
{
throw new BadRequestAlertException("获取user失败", "UserDingtalkRegisterService", response.getErrmsg()); throw new BadRequestAlertException("获取user失败", "UserDingtalkRegisterService", response.getErrmsg());
} }
returnObj.put("openid", response.getUserInfo().getOpenid()); returnObj.put("openid", response.getUserInfo().getOpenid());
returnObj.put("nickname", response.getUserInfo().getNick()); returnObj.put("nickname", response.getUserInfo().getNick());
returnObj.put("unionid", response.getUserInfo().getUnionid()); returnObj.put("unionid", response.getUserInfo().getUnionid());
SysUserAuth userAuth = sysUserAuthService.getOne(Wrappers.<SysUserAuth>lambdaQuery().eq(SysUserAuth::getIdentityType,"dingtalk") SysUserAuth userAuth = sysUserAuthService.getOne(Wrappers.<SysUserAuth>lambdaQuery().eq(SysUserAuth::getIdentityType, "dingtalk")
.and(wrapper -> wrapper.eq(SysUserAuth::getIdentifier, response.getUserInfo().getOpenid()).or().eq(SysUserAuth::getIdentifier, response.getUserInfo().getUnionid()) .and(wrapper -> wrapper.eq(SysUserAuth::getIdentifier, response.getUserInfo().getOpenid()).or().eq(SysUserAuth::getIdentifier, response.getUserInfo().getUnionid())
),false); ), false);
IBZUSER user = null; IBZUSER user = null;
// 该钉钉用户注册过账号,登录系统 // 该钉钉用户注册过账号,登录系统
if (userAuth!=null) { if (userAuth != null) {
user = ibzuserService.getById(userAuth.getUserid()); user = ibzuserService.getById(userAuth.getUserid());
if (user == null) if (user == null)
user = ibzuserService.getOne(Wrappers.<IBZUSER>lambdaQuery().eq(IBZUSER::getUserid,response.getUserInfo().getOpenid()).or().eq(IBZUSER::getUsername,response.getUserInfo().getOpenid()),false); user = ibzuserService.getOne(Wrappers.<IBZUSER>lambdaQuery().eq(IBZUSER::getUserid, response.getUserInfo().getOpenid()).or().eq(IBZUSER::getUsername, response.getUserInfo().getOpenid()), false);
if(user!=null) if (user != null) {
{ returnObj.put("username", user.getLoginname() + (StringUtils.isEmpty(user.getDomains()) ? "" : ("|" + user.getDomains())));
returnObj.put("username",user.getLoginname()+(StringUtils.isEmpty(user.getDomains())?"":("|"+user.getDomains())));
} }
} }
...@@ -217,5 +184,4 @@ public class UserDingtalkRegisterService { ...@@ -217,5 +184,4 @@ public class UserDingtalkRegisterService {
return returnObj; return returnObj;
} }
} }
\ No newline at end of file
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册