diff --git a/server/ldap-admin/internal/logic/getldapuserinfologic.go b/server/ldap-admin/internal/logic/getldapuserinfologic.go index 31abb39f..ee24e44c 100644 --- a/server/ldap-admin/internal/logic/getldapuserinfologic.go +++ b/server/ldap-admin/internal/logic/getldapuserinfologic.go @@ -2,15 +2,11 @@ package logic import ( "context" + "fusenapi/server/ldap-admin/internal/svc" + "fusenapi/server/ldap-admin/internal/types" "fusenapi/utils/auth" "fusenapi/utils/basic" "fusenapi/utils/ldap_lib" - "github.com/go-ldap/ldap/v3" - "strconv" - "strings" - - "fusenapi/server/ldap-admin/internal/svc" - "fusenapi/server/ldap-admin/internal/types" "github.com/zeromicro/go-zero/core/logx" ) @@ -38,59 +34,20 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,用户DN错误") } ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN) - res, err := ldapServer.Search(req.UserDN, ldap.ScopeWholeSubtree, "(&(objectClass=posixAccount)(objectClass=inetOrgPerson))", nil, nil) + user, err := ldapServer.GetLdapUserInfo(req.UserDN) if err != nil { logx.Error(err) - return resp.SetStatusWithMessage(basic.CodeServiceErr, "获取用户信息失败:"+err.Error()) + return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error()) } - if len(res.Entries) != 1 { - return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询到不到用户信息") - } - apiRsp := types.GetLdapUserInfoRsp{ - UserId: 0, - Status: 0, - } - for _, entry := range res.Entries { - if entry.DN != req.UserDN { - continue - } - apiRsp.UserDN = entry.DN - for _, attr := range entry.Attributes { - switch attr.Name { - case "uidNumber": //用户id - if len(attr.Values) == 0 { - return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户id不存在") - } - apiRsp.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64) - if err != nil { - logx.Error(err) - return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户id转数字失败") - } - case "sn": //用户真名 - apiRsp.UserName = strings.Join(attr.Values, "") - case "mail": //邮箱 - apiRsp.Email = strings.Join(attr.Values, "") - case "mobile": //手机号 - apiRsp.Mobile = strings.Join(attr.Values, "") - case "postalAddress": //头像 - apiRsp.Avatar = strings.Join(attr.Values, "") - case "postalCode": //状态 - if len(attr.Values) == 0 { - return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户状态不存在") - } - apiRsp.Status, err = strconv.ParseInt(attr.Values[0], 10, 64) - if err != nil { - logx.Error(err) - return resp.SetStatusWithMessage(basic.CodeServiceErr, "用户状态转数字失败") - } - } - } - break - } - if apiRsp.UserId == 0 { - return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询到的不是用户信息!!!") - } - return resp.SetStatusWithMessage(basic.CodeOK, "success", apiRsp) + return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapUserInfoRsp{ + UserId: user.UserId, + UserDN: user.UserDN, + UserName: user.UserName, + Email: user.Email, + Mobile: user.Mobile, + Avatar: user.Avatar, + Status: user.Status, + }) } // 处理逻辑后 w,r 如:重定向, resp 必须重新处理 diff --git a/server/ldap-admin/internal/logic/updateldapuserlogic.go b/server/ldap-admin/internal/logic/updateldapuserlogic.go index dee9cdf3..4a6759d7 100644 --- a/server/ldap-admin/internal/logic/updateldapuserlogic.go +++ b/server/ldap-admin/internal/logic/updateldapuserlogic.go @@ -43,25 +43,35 @@ func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, useri if req.AuthGroupId < 0 { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的用户权限组id") } - if req.Password != "" { - //todo 验证下是不是本人 - } if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的用户DN") } //把用户名转pinyin userNamePinyin := chinese_to_pinyin.ChineseToPinyin(req.UserName) ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN) - err := ldapServer.Update(req.UserDN, map[string][]string{ + //更新的属性 + attr := map[string][]string{ "homeDirectory": {"/home/users/" + userNamePinyin}, "departmentNumber": {fmt.Sprintf("%d", req.AuthGroupId)}, "sn": {req.UserName}, "uid": {userNamePinyin}, "mobile": {req.Mobile}, - "userPassword": {req.Password}, "postalAddress": {req.Avatar}, "postalCode": {fmt.Sprintf("%d", req.Status)}, - }) + } + if req.Password != "" { + //查询个人信息 + /*user, err := ldapServer.GetLdapUserInfo(req.UserDN) + if err != nil { + logx.Error(err) + return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error()) + }*/ + //验证旧的密码 + //加密新的密码 + //赋值属性 + attr["userPassword"] = []string{""} + } + err := ldapServer.Update(req.UserDN, attr) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "更新用户失败,"+err.Error()) diff --git a/server/ldap-admin/internal/types/types.go b/server/ldap-admin/internal/types/types.go index 6dce7590..119bc005 100644 --- a/server/ldap-admin/internal/types/types.go +++ b/server/ldap-admin/internal/types/types.go @@ -140,13 +140,14 @@ type CreateLdapUserReq struct { } type UpdateLdapUserReq struct { - UserDN string `json:"user_dn"` //用户dn - UserName string `json:"user_name"` //用户名 - Password string `json:"password,optional"` //密码 - Mobile string `json:"mobile,optional"` //手机号 - Avatar string `json:"avatar,optional"` //头像地址 - Status int64 `json:"status,options=0|1"` //状态 1正常0离职 - AuthGroupId int64 `json:"authGroupId"` //权限分组id + UserDN string `json:"user_dn"` //用户dn + UserName string `json:"user_name"` //用户名 + Password string `json:"password,optional"` //密码 + OldPassword string `json:"old_password"` //旧的密码 + Mobile string `json:"mobile,optional"` //手机号 + Avatar string `json:"avatar,optional"` //头像地址 + Status int64 `json:"status,options=0|1"` //状态 1正常0离职 + AuthGroupId int64 `json:"auth_group_id,optional"` //权限分组id } type DeleteLdapUserReq struct { diff --git a/server_api/ldap-admin.api b/server_api/ldap-admin.api index 120bb064..32fd269b 100644 --- a/server_api/ldap-admin.api +++ b/server_api/ldap-admin.api @@ -37,7 +37,7 @@ service ldap-admin { //删除API @handler DeleteApiHandler post /api/ldap-admin/delete_api(DeleteApiReq) returns (response); - + //保存菜单 @handler SaveMenuHandler post /api/ldap-admin/save_menu(SaveMenuReq) returns (response); @@ -218,13 +218,14 @@ type CreateLdapUserReq { } //修改ldap用户信息 type UpdateLdapUserReq { - UserDN string `json:"user_dn"` //用户dn - UserName string `json:"user_name"` //用户名 - Password string `json:"password,optional"` //密码 - Mobile string `json:"mobile,optional"` //手机号 - Avatar string `json:"avatar,optional"` //头像地址 - Status int64 `json:"status,options=0|1"` //状态 1正常0离职 - AuthGroupId int64 `json:"authGroupId"` //权限分组id + UserDN string `json:"user_dn"` //用户dn + UserName string `json:"user_name"` //用户名 + Password string `json:"password,optional"` //密码 + OldPassword string `json:"old_password"` //旧的密码 + Mobile string `json:"mobile,optional"` //手机号 + Avatar string `json:"avatar,optional"` //头像地址 + Status int64 `json:"status,options=0|1"` //状态 1正常0离职 + AuthGroupId int64 `json:"auth_group_id,optional"` //权限分组id } //删除ldap用户 type DeleteLdapUserReq { diff --git a/utils/ldap_lib/ldap_group.go b/utils/ldap_lib/ldap_group.go index 1828ce38..f0742527 100644 --- a/utils/ldap_lib/ldap_group.go +++ b/utils/ldap_lib/ldap_group.go @@ -54,7 +54,7 @@ func (l *Ldap) Delete(DN string) error { // 查询资源(分组/用户) func (l *Ldap) Search(DN string, scope int, filter string, attr []string, controls []ldap.Control) (resp *ldap.SearchResult, err error) { if DN == l.rootDN { - return nil, errors.New("你没有权限查询根用户") + return nil, errors.New("没有权限查询根用户") } if filter == "" { rootCn := strings.Split(l.rootDN, ",") diff --git a/utils/ldap_lib/ldap_user.go b/utils/ldap_lib/ldap_user.go new file mode 100644 index 00000000..f8bba87d --- /dev/null +++ b/utils/ldap_lib/ldap_user.go @@ -0,0 +1,73 @@ +package ldap_lib + +import ( + "errors" + "github.com/go-ldap/ldap/v3" + "github.com/zeromicro/go-zero/core/logx" + "strconv" + "strings" +) + +type GetLdapUserInfoRsp struct { + UserId int64 `json:"userId"` + UserDN string `json:"user_dn"` + UserName string `json:"user_name"` //用户名 + Password string `json:"password"` //密码 + Email string `json:"email"` //邮箱 + Mobile string `json:"mobile"` //手机号 + Avatar string `json:"avatar"` //头像地址 + Status int64 `json:"status,options=0|1"` //状态 1正常0离职 +} + +func (l *Ldap) GetLdapUserInfo(userDN string) (*GetLdapUserInfoRsp, error) { + res, err := l.Search(userDN, ldap.ScopeWholeSubtree, "(&(objectClass=posixAccount)(objectClass=inetOrgPerson))", nil, nil) + if err != nil { + return nil, err + } + if len(res.Entries) != 1 { + return nil, errors.New("查询到不到用户信息") + } + user := &GetLdapUserInfoRsp{} + for _, entry := range res.Entries { + if entry.DN != userDN { + continue + } + user.UserDN = entry.DN + for _, attr := range entry.Attributes { + switch attr.Name { + case "uidNumber": //用户id + if len(attr.Values) == 0 { + continue + } + user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64) + if err != nil { + logx.Error(err) + return nil, errors.New("用户id转数字失败") + } + case "sn": //用户真名 + user.UserName = strings.Join(attr.Values, "") + case "mail": //邮箱 + user.Email = strings.Join(attr.Values, "") + case "mobile": //手机号 + user.Mobile = strings.Join(attr.Values, "") + case "postalAddress": //头像 + user.Avatar = strings.Join(attr.Values, "") + case "userPassword": //密码 + user.Password = strings.Join(attr.Values, ",") + case "postalCode": //状态 + if len(attr.Values) == 0 { + continue + } + user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64) + if err != nil { + return nil, errors.New("用户状态转数字失败") + } + } + } + break + } + if user.UserId == 0 { + return nil, errors.New("查询到的不是用户信息!!!") + } + return user, nil +}