Merge branch 'develop' of gitee.com:fusenpack/fusenapi into develop

server/ldap-admin/internal/logic/addldaporganizationmemberlogic.go

@@ -34,7 +34,7 @@ func NewAddLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.ServiceC
 
 func (l *AddLdapOrganizationMemberLogic) AddLdapOrganizationMember(req *types.AddLdapOrganizationMemberReq, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")

server/ldap-admin/internal/logic/createldaporganizationlogic.go

@@ -34,7 +34,7 @@ func NewCreateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
 
 func (l *CreateLdapOrganizationLogic) CreateLdapOrganization(req *types.CreateLdapOrganizationReq, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationEnName = strings.Trim(req.OrganizationEnName, " ")

server/ldap-admin/internal/logic/createldapuserbasegrouplogic.go

@@ -32,7 +32,7 @@ func NewCreateLdapUserBaseGroupLogic(ctx context.Context, svcCtx *svc.ServiceCon
 
 func (l *CreateLdapUserBaseGroupLogic) CreateLdapUserBaseGroup(req *types.Request, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	err := l.svcCtx.Ldap.Create(l.svcCtx.Config.Ldap.PeopleGroupDN, map[string][]string{

server/ldap-admin/internal/logic/createldapuserlogic.go

@@ -6,7 +6,6 @@ import (
 	"fusenapi/utils/basic"
 	"fusenapi/utils/chinese_to_pinyin"
 	"fusenapi/utils/email"
-	"fusenapi/utils/encryption_decryption"
 	"gorm.io/gorm"
 	"net/http"
 	"strings"
@@ -40,7 +39,7 @@ func NewCreateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Cr
 
 func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.UserName = strings.Trim(req.UserName, " ")
@@ -73,10 +72,6 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, r *ht
 		if err := tx.WithContext(l.ctx).Model(&gmodel.LdapUser{}).Create(userData).Error; err != nil {
 			return err
 		}
-		pwd, err := encryption_decryption.CBCEncrypt(req.Password)
-		if err != nil {
-			return err
-		}
 		return l.svcCtx.Ldap.Create(userDN, map[string][]string{
 			"objectClass":      {"person", "organizationalPerson", "inetOrgPerson", "posixAccount", "top", "shadowAccount"}, //固有属性
 			"shadowLastChange": {"19676"},                                                                                   //固有属性
@@ -96,7 +91,7 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, r *ht
 			"departmentNumber": {fmt.Sprintf("%d", req.GroupId)},      //权限分组id
 			"postalAddress":    {req.Avatar},                          //头像
 			"mobile":           {req.Mobile},                          //手机号
-			"userPassword":     {"{crypt}" + pwd},                     //密码
+			"userPassword":     {req.Password},                        //密码
 		})
 	})
 	if err != nil {

server/ldap-admin/internal/logic/deleteldaporganizationlogic.go

@@ -33,7 +33,7 @@ func NewDeleteLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
 
 func (l *DeleteLdapOrganizationLogic) DeleteLdapOrganization(req *types.DeleteLdapOrganizationReq, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")

server/ldap-admin/internal/logic/deleteldapuserlogic.go

@@ -33,7 +33,7 @@ func NewDeleteLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *De
 
 func (l *DeleteLdapUserLogic) DeleteLdapUser(req *types.DeleteLdapUserReq, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.UserDN = strings.Trim(req.UserDN, " ")

server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go

@@ -35,7 +35,7 @@ func NewGetLdapOrganizationMembersLogic(ctx context.Context, svcCtx *svc.Service
 
 func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.GetLdapOrganizationMembersReq, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")

server/ldap-admin/internal/logic/getldaporganizationslogic.go

@@ -43,7 +43,7 @@ type DNItem struct {
 
 func (l *GetLdapOrganizationsLogic) GetLdapOrganizations(req *types.Request, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	//从ldap获取组织架构数据

server/ldap-admin/internal/logic/getldapuserinfologic.go

@@ -32,7 +32,7 @@ func NewGetLdapUserInfoLogic(ctx context.Context, svcCtx *svc.ServiceContext) *G
 
 func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" {

server/ldap-admin/internal/logic/getldapuserslogic.go

@@ -33,7 +33,7 @@ func NewGetLdapUsersLogic(ctx context.Context, svcCtx *svc.ServiceContext) *GetL
 
 func (l *GetLdapUsersLogic) GetLdapUsers(req *types.GetLdapUsersReq, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.PageCookie = strings.Trim(req.PageCookie, " ")

server/ldap-admin/internal/logic/removeldaporganizationmemberlogic.go

@@ -34,7 +34,7 @@ func NewRemoveLdapOrganizationMemberLogic(ctx context.Context, svcCtx *svc.Servi
 
 func (l *RemoveLdapOrganizationMemberLogic) RemoveLdapOrganizationMember(req *types.RemoveLdapOrganizationMemberReq, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")

server/ldap-admin/internal/logic/updateldaporganizationlogic.go

@@ -33,7 +33,7 @@ func NewUpdateLdapOrganizationLogic(ctx context.Context, svcCtx *svc.ServiceCont
 
 func (l *UpdateLdapOrganizationLogic) UpdateLdapOrganization(req *types.UpdateLdapOrganizationReq, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.OrganizationDN = strings.Trim(req.OrganizationDN, " ")

server/ldap-admin/internal/logic/updateldapuserlogic.go

@@ -38,7 +38,7 @@ func NewUpdateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Up
 
 func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.UserDN = strings.Trim(req.UserDN, " ")

server/ldap-admin/internal/logic/updateldapuserpwdlogic.go

@@ -3,7 +3,6 @@ package logic
 import (
 	"fusenapi/utils/basic"
 	"fusenapi/utils/email"
-	"fusenapi/utils/encryption_decryption"
 	"net/http"
 	"strings"
 
@@ -35,7 +34,7 @@ func NewUpdateLdapUserPwdLogic(ctx context.Context, svcCtx *svc.ServiceContext)
 
 func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdReq, r *http.Request) (resp *basic.Response) {
 
-	if !l.svcCtx.Ldap.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) {
+	if !l.svcCtx.Ldap.VerifyAuthority(r) {
 		return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限，请联系管理员开通")
 	}
 	req.UserDN = strings.Trim(req.UserDN, " ")
@@ -57,26 +56,11 @@ func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdR
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error())
 	}
-	if len(user.Password) > 7 && user.Password[:7] == "{crypt}" {
-		//解密旧的密码
-		oldPwd, err := encryption_decryption.CBCDecrypt(user.Password[7:])
-		if err != nil {
-			logx.Error(err)
-			return resp.SetStatusWithMessage(basic.CodeServiceErr, "解密旧的密码出错")
-		}
-		//验证旧的密码
-		if oldPwd != req.OldPassword {
-			return resp.SetStatusWithMessage(basic.CodeServiceErr, "旧密码不对，请重新尝试")
-		}
-	}
-	//加密新的密码
-	newPwd, err := encryption_decryption.CBCEncrypt(req.NewPassword)
-	if err != nil {
-		logx.Error(err)
-		return resp.SetStatusWithMessage(basic.CodeServiceErr, "加密密码失败")
+	if user.Password != req.OldPassword {
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, "旧密码不对，请重新尝试")
 	}
 	err = l.svcCtx.Ldap.Update(req.UserDN, map[string][]string{
-		"userPassword": {"{crypt}" + newPwd},
+		"userPassword": {req.NewPassword},
 	})
 	if err != nil {
 		logx.Error(err)

utils/ldap_lib/auth.go

@@ -5,10 +5,13 @@ import (
 	"net/http"
 )
 
+type LdapOptions struct {
+}
+
 // 验证权限
-func (l *Ldap) VerifyAuthority(r *http.Request, jwtSecret string) bool {
+func (l *Ldap) VerifyAuthority(r *http.Request, options ...string) bool {
 	token := r.Header.Get("Ldap-Authorization")
-	info, err := l.ParseJwtToken(token, jwtSecret)
+	info, err := l.ParseJwtToken(token, l.jwtSecret)
 	if err != nil {
 		logx.Error("解析token失败", err, "----token:", token)
 		return false
@@ -21,6 +24,12 @@ func (l *Ldap) VerifyAuthority(r *http.Request, jwtSecret string) bool {
 	if userInfo.Status != 1 {
 		return false
 	}
-	// TODO 查询权限组相关信息
+	if len(options) == 0 {
+		return true
+	}
+	// todo 获取分组信息
+	/*for _, option := range options {
+
+	}*/
 	return true
 }