fix

2023-11-17 18:17:33 +08:00 · 2023-11-17 18:17:33 +08:00 · 57fc586eb8
commit 57fc586eb8
parent 28f5fa1019
6 changed files with 120 additions and 78 deletions
--- a/server/ldap-admin/internal/logic/getldapuserinfologic.go
+++ b/server/ldap-admin/internal/logic/getldapuserinfologic.go
@ -2,15 +2,11 @@ package logic

 import (
 	"context"
+	"fusenapi/server/ldap-admin/internal/svc"
+	"fusenapi/server/ldap-admin/internal/types"
 	"fusenapi/utils/auth"
 	"fusenapi/utils/basic"
 	"fusenapi/utils/ldap_lib"
-	"github.com/go-ldap/ldap/v3"
-	"strconv"
-	"strings"
-
-	"fusenapi/server/ldap-admin/internal/svc"
-	"fusenapi/server/ldap-admin/internal/types"

 	"github.com/zeromicro/go-zero/core/logx"
 )
@ -38,59 +34,20 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，用户DN错误")
 	}
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
-	res, err := ldapServer.Search(req.UserDN, ldap.ScopeWholeSubtree, "(&(objectClass=posixAccount)(objectClass=inetOrgPerson))", nil, nil)
+	user, err := ldapServer.GetLdapUserInfo(req.UserDN)
 	if err != nil {
 		logx.Error(err)
-		return resp.SetStatusWithMessage(basic.CodeServiceErr, "获取用户信息失败:"+err.Error())
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error())
 	}
-	if len(res.Entries) != 1 {
-		return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询到不到用户信息")
-	}
-	apiRsp := types.GetLdapUserInfoRsp{
-		UserId: 0,
-		Status: 0,
-	}
-	for _, entry := range res.Entries {
-		if entry.DN != req.UserDN {
-			continue
-		}
-		apiRsp.UserDN = entry.DN
-		for _, attr := range entry.Attributes {
-			switch attr.Name {
-			case "uidNumber": //用户id
-				if len(attr.Values) == 0 {
-					return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户id不存在")
-				}
-				apiRsp.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
-				if err != nil {
-					logx.Error(err)
-					return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户id转数字失败")
-				}
-			case "sn": //用户真名
-				apiRsp.UserName = strings.Join(attr.Values, "")
-			case "mail": //邮箱
-				apiRsp.Email = strings.Join(attr.Values, "")
-			case "mobile": //手机号
-				apiRsp.Mobile = strings.Join(attr.Values, "")
-			case "postalAddress": //头像
-				apiRsp.Avatar = strings.Join(attr.Values, "")
-			case "postalCode": //状态
-				if len(attr.Values) == 0 {
-					return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户状态不存在")
-				}
-				apiRsp.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
-				if err != nil {
-					logx.Error(err)
-					return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户状态转数字失败")
-				}
-			}
-		}
-		break
-	}
-	if apiRsp.UserId == 0 {
-		return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询到的不是用户信息!!!")
-	}
-	return resp.SetStatusWithMessage(basic.CodeOK, "success", apiRsp)
+	return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapUserInfoRsp{
+		UserId:   user.UserId,
+		UserDN:   user.UserDN,
+		UserName: user.UserName,
+		Email:    user.Email,
+		Mobile:   user.Mobile,
+		Avatar:   user.Avatar,
+		Status:   user.Status,
+	})
 }

 // 处理逻辑后 w,r 如:重定向, resp 必须重新处理
--- a/server/ldap-admin/internal/logic/updateldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/updateldapuserlogic.go
@ -43,25 +43,35 @@ func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, useri
 	if req.AuthGroupId < 0 {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，无效的用户权限组id")
 	}
-	if req.Password != "" {
-		//todo 验证下是不是本人
-	}
 	if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，无效的用户DN")
 	}
 	//把用户名转pinyin
 	userNamePinyin := chinese_to_pinyin.ChineseToPinyin(req.UserName)
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
-	err := ldapServer.Update(req.UserDN, map[string][]string{
+	//更新的属性
+	attr := map[string][]string{
 		"homeDirectory":    {"/home/users/" + userNamePinyin},
 		"departmentNumber": {fmt.Sprintf("%d", req.AuthGroupId)},
 		"sn":               {req.UserName},
 		"uid":              {userNamePinyin},
 		"mobile":           {req.Mobile},
-		"userPassword":     {req.Password},
 		"postalAddress":    {req.Avatar},
 		"postalCode":       {fmt.Sprintf("%d", req.Status)},
-	})
+	}
+	if req.Password != "" {
+		//查询个人信息
+		/*user, err := ldapServer.GetLdapUserInfo(req.UserDN)
+		if err != nil {
+			logx.Error(err)
+			return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error())
+		}*/
+		//验证旧的密码
+		//加密新的密码
+		//赋值属性
+		attr["userPassword"] = []string{""}
+	}
+	err := ldapServer.Update(req.UserDN, attr)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "更新用户失败,"+err.Error())
--- a/server/ldap-admin/internal/types/types.go
+++ b/server/ldap-admin/internal/types/types.go
@ -140,13 +140,14 @@ type CreateLdapUserReq struct {
 }

 type UpdateLdapUserReq struct {
-	UserDN      string `json:"user_dn"`            //用户dn
-	UserName    string `json:"user_name"`          //用户名
-	Password    string `json:"password,optional"`  //密码
-	Mobile      string `json:"mobile,optional"`    //手机号
-	Avatar      string `json:"avatar,optional"`    //头像地址
-	Status      int64  `json:"status,options=0|1"` //状态 1正常0离职
-	AuthGroupId int64  `json:"authGroupId"`        //权限分组id
+	UserDN      string `json:"user_dn"`                //用户dn
+	UserName    string `json:"user_name"`              //用户名
+	Password    string `json:"password,optional"`      //密码
+	OldPassword string `json:"old_password"`           //旧的密码
+	Mobile      string `json:"mobile,optional"`        //手机号
+	Avatar      string `json:"avatar,optional"`        //头像地址
+	Status      int64  `json:"status,options=0|1"`     //状态 1正常0离职
+	AuthGroupId int64  `json:"auth_group_id,optional"` //权限分组id
 }

 type DeleteLdapUserReq struct {
--- a/server_api/ldap-admin.api
+++ b/server_api/ldap-admin.api
@ -37,7 +37,7 @@ service ldap-admin {
 	//删除API
 	@handler DeleteApiHandler
 	post /api/ldap-admin/delete_api(DeleteApiReq) returns (response);
-
+	
 	//保存菜单
 	@handler SaveMenuHandler
 	post /api/ldap-admin/save_menu(SaveMenuReq) returns (response);
@ -218,13 +218,14 @@ type CreateLdapUserReq {
 }
 //修改ldap用户信息
 type UpdateLdapUserReq {
-	UserDN      string `json:"user_dn"`            //用户dn
-	UserName    string `json:"user_name"`          //用户名
-	Password    string `json:"password,optional"`  //密码
-	Mobile      string `json:"mobile,optional"`    //手机号
-	Avatar      string `json:"avatar,optional"`    //头像地址
-	Status      int64  `json:"status,options=0|1"` //状态 1正常0离职
-	AuthGroupId int64  `json:"authGroupId"`        //权限分组id
+	UserDN      string `json:"user_dn"`                //用户dn
+	UserName    string `json:"user_name"`              //用户名
+	Password    string `json:"password,optional"`      //密码
+	OldPassword string `json:"old_password"`           //旧的密码
+	Mobile      string `json:"mobile,optional"`        //手机号
+	Avatar      string `json:"avatar,optional"`        //头像地址
+	Status      int64  `json:"status,options=0|1"`     //状态 1正常0离职
+	AuthGroupId int64  `json:"auth_group_id,optional"` //权限分组id
 }
 //删除ldap用户
 type DeleteLdapUserReq {
--- a/utils/ldap_lib/ldap_group.go
+++ b/utils/ldap_lib/ldap_group.go
@ -54,7 +54,7 @@ func (l *Ldap) Delete(DN string) error {
 // 查询资源(分组/用户)
 func (l *Ldap) Search(DN string, scope int, filter string, attr []string, controls []ldap.Control) (resp *ldap.SearchResult, err error) {
 	if DN == l.rootDN {
-		return nil, errors.New("你没有权限查询根用户")
+		return nil, errors.New("没有权限查询根用户")
 	}
 	if filter == "" {
 		rootCn := strings.Split(l.rootDN, ",")
--- a/utils/ldap_lib/ldap_user.go
+++ b/utils/ldap_lib/ldap_user.go
@ -0,0 +1,73 @@
+package ldap_lib
+
+import (
+	"errors"
+	"github.com/go-ldap/ldap/v3"
+	"github.com/zeromicro/go-zero/core/logx"
+	"strconv"
+	"strings"
+)
+
+type GetLdapUserInfoRsp struct {
+	UserId   int64  `json:"userId"`
+	UserDN   string `json:"user_dn"`
+	UserName string `json:"user_name"`          //用户名
+	Password string `json:"password"`           //密码
+	Email    string `json:"email"`              //邮箱
+	Mobile   string `json:"mobile"`             //手机号
+	Avatar   string `json:"avatar"`             //头像地址
+	Status   int64  `json:"status,options=0|1"` //状态 1正常0离职
+}
+
+func (l *Ldap) GetLdapUserInfo(userDN string) (*GetLdapUserInfoRsp, error) {
+	res, err := l.Search(userDN, ldap.ScopeWholeSubtree, "(&(objectClass=posixAccount)(objectClass=inetOrgPerson))", nil, nil)
+	if err != nil {
+		return nil, err
+	}
+	if len(res.Entries) != 1 {
+		return nil, errors.New("查询到不到用户信息")
+	}
+	user := &GetLdapUserInfoRsp{}
+	for _, entry := range res.Entries {
+		if entry.DN != userDN {
+			continue
+		}
+		user.UserDN = entry.DN
+		for _, attr := range entry.Attributes {
+			switch attr.Name {
+			case "uidNumber": //用户id
+				if len(attr.Values) == 0 {
+					continue
+				}
+				user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
+				if err != nil {
+					logx.Error(err)
+					return nil, errors.New("用户id转数字失败")
+				}
+			case "sn": //用户真名
+				user.UserName = strings.Join(attr.Values, "")
+			case "mail": //邮箱
+				user.Email = strings.Join(attr.Values, "")
+			case "mobile": //手机号
+				user.Mobile = strings.Join(attr.Values, "")
+			case "postalAddress": //头像
+				user.Avatar = strings.Join(attr.Values, "")
+			case "userPassword": //密码
+				user.Password = strings.Join(attr.Values, ",")
+			case "postalCode": //状态
+				if len(attr.Values) == 0 {
+					continue
+				}
+				user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
+				if err != nil {
+					return nil, errors.New("用户状态转数字失败")
+				}
+			}
+		}
+		break
+	}
+	if user.UserId == 0 {
+		return nil, errors.New("查询到的不是用户信息!!!")
+	}
+	return user, nil
+}