fix

2023-11-22 10:47:19 +08:00 · 2023-11-22 10:47:19 +08:00 · 760d9928dc
commit 760d9928dc
parent 50e8a42e34
3 changed files with 15 additions and 27 deletions
--- a/server/ldap-admin/internal/logic/createldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/createldapuserlogic.go
@ -6,7 +6,6 @@ import (
 	"fusenapi/utils/basic"
 	"fusenapi/utils/chinese_to_pinyin"
 	"fusenapi/utils/email"
 	"fusenapi/utils/encryption_decryption"
 	"gorm.io/gorm"
 	"net/http"
 	"strings"
@ -73,10 +72,6 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, r *ht
 		if err := tx.WithContext(l.ctx).Model(&gmodel.LdapUser{}).Create(userData).Error; err != nil {
 			return err
 		}
 		pwd, err := encryption_decryption.CBCEncrypt(req.Password)
 		if err != nil {
 			return err
 		}
 		return l.svcCtx.Ldap.Create(userDN, map[string][]string{
 			"objectClass":      {"person", "organizationalPerson", "inetOrgPerson", "posixAccount", "top", "shadowAccount"}, //固有属性
 			"shadowLastChange": {"19676"},                                                                                   //固有属性
@ -96,7 +91,7 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, r *ht
 			"departmentNumber": {fmt.Sprintf("%d", req.GroupId)},      //权限分组id
 			"postalAddress":    {req.Avatar},                          //头像
 			"mobile":           {req.Mobile},                          //手机号
-			"userPassword":     {"{crypt}" + pwd},                     //密码
+			"userPassword":     {req.Password},                        //密码
 		})
 	})
 	if err != nil {
--- a/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go
+++ b/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go
@ -3,7 +3,6 @@ package logic
 import (
 	"fusenapi/utils/basic"
 	"fusenapi/utils/email"
 	"fusenapi/utils/encryption_decryption"
 	"net/http"
 	"strings"
@ -57,26 +56,11 @@ func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdR
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error())
 	}
-	if len(user.Password) > 7 && user.Password[:7] == "{crypt}" {
+	if user.Password != req.OldPassword {
-		//解密旧的密码
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, "旧密码不对，请重新尝试")
 		oldPwd, err := encryption_decryption.CBCDecrypt(user.Password[7:])
 		if err != nil {
 			logx.Error(err)
 			return resp.SetStatusWithMessage(basic.CodeServiceErr, "解密旧的密码出错")
 		}
 		//验证旧的密码
 		if oldPwd != req.OldPassword {
 			return resp.SetStatusWithMessage(basic.CodeServiceErr, "旧密码不对，请重新尝试")
 		}
 	}
 	//加密新的密码
 	newPwd, err := encryption_decryption.CBCEncrypt(req.NewPassword)
 	if err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "加密密码失败")
 	}
 	err = l.svcCtx.Ldap.Update(req.UserDN, map[string][]string{
-		"userPassword": {"{crypt}" + newPwd},
+		"userPassword": {req.NewPassword},
 	})
 	if err != nil {
 		logx.Error(err)
--- a/utils/ldap_lib/auth.go
+++ b/utils/ldap_lib/auth.go
@ -5,8 +5,11 @@ import (
 	"net/http"
 )
 type LdapOptions struct {
 }
 // 验证权限
-func (l *Ldap) VerifyAuthority(r *http.Request) bool {
+func (l *Ldap) VerifyAuthority(r *http.Request, options ...string) bool {
 	token := r.Header.Get("Ldap-Authorization")
 	info, err := l.ParseJwtToken(token, l.jwtSecret)
 	if err != nil {
@ -21,6 +24,12 @@ func (l *Ldap) VerifyAuthority(r *http.Request) bool {
 	if userInfo.Status != 1 {
 		return false
 	}
-	// TODO 查询权限组相关信息
+	if len(options) == 0 {
 		return true
 	}
 	// todo 获取分组信息
 	/*for _, option := range options {
 	}*/
 	return true
 }