fix
This commit is contained in:
laodaming
parent
3c6aadb253
commit
040016d88f
|
|
@ -35,7 +35,7 @@ func NewAddLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.ServiceC
|
|||
|
||||
func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.AddLdapOrganizationMemberReq, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ func NewCreateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
|
|||
|
||||
func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLdapOrganizationReq, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
req.OrganizationEnName = strings.Trim(req.OrganizationEnName, " ")
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ func NewCreateLdapUserBaseGroupLogic(ctx context.Context, svcCtx *svc.ServiceCon
|
|||
|
||||
func (l *CreateLdapUserBaseGroupLogic) CreateLdapUserBaseGroup(req *types.Request, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
err := ldapServer.Create(l.svcCtx.Config.Ldap.PeopleGroupDN, map[string][]string{
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ func NewCreateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Cr
|
|||
|
||||
func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
req.UserName = strings.Trim(req.UserName, " ")
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ func NewDeleteLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
|
|||
|
||||
func (l *DeleteLdapOrganizationLogic) DeleteLdapOrganization(req *types.DeleteLdapOrganizationReq, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ func NewDeleteLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *De
|
|||
|
||||
func (l *DeleteLdapUserLogic) DeleteLdapUser(req *types.DeleteLdapUserReq, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
req.UserDN = strings.Trim(req.UserDN, " ")
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ func NewGetLdapOrganizationMembersLogic(ctx context.Context, svcCtx *svc.Service
|
|||
|
||||
func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.GetLdapOrganizationMembersReq, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
|
||||
|
|
|
|||
|
|
@ -44,7 +44,7 @@ type DNItem struct {
|
|||
|
||||
func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
//从ldap获取组织架构数据
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ func NewGetLdapUserInfoLogic(ctx context.Context, svcCtx *svc.ServiceContext) *G
|
|||
|
||||
func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" {
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ func NewGetLdapUsersLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetL
|
|||
|
||||
func (l *GetLdapUsersLogic) GetLdapUsers(req *types.GetLdapUsersReq, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
req.PageCookie = strings.Trim(req.PageCookie, " ")
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ func NewRemoveLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.Servi
|
|||
|
||||
func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *types.RemoveLdapOrganizationMemberReq, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ func NewUpdateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
|
|||
|
||||
func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLdapOrganizationReq, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ func NewUpdateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Up
|
|||
|
||||
func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
req.UserDN = strings.Trim(req.UserDN, " ")
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ func NewUpdateLdapUserPwdLogic(ctx context.Context, svcCtx *svc.ServiceContext)
|
|||
|
||||
func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdReq, r *http.Request) (resp *basic.Response) {
|
||||
ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN)
|
||||
if !ldapServer.VerifyAuthority(r.Header.Get("Ldap-Authorization"), l.svcCtx.Config.Auth.AccessSecret) {
|
||||
if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
|
||||
return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通")
|
||||
}
|
||||
req.UserDN = strings.Trim(req.UserDN, " ")
|
||||
|
|
|
|||
|
|
@ -1,9 +1,13 @@
|
|||
package ldap_lib
|
||||
|
||||
import "github.com/zeromicro/go-zero/core/logx"
|
||||
import (
|
||||
"github.com/zeromicro/go-zero/core/logx"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
// 验证权限
|
||||
func (l *Ldap) VerifyAuthority(token, jwtSecret string) bool {
|
||||
func (l *Ldap) VerifyAuthority(r *http.Request, jwtSecret string) bool {
|
||||
token := r.Header.Get("Ldap-Authorization")
|
||||
info, err := l.ParseJwtToken(token, jwtSecret)
|
||||
if err != nil {
|
||||
logx.Error("解析token失败", err, "----token:", token)
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user