package logic import ( "fusenapi/utils/basic" "fusenapi/utils/email" "fusenapi/utils/encryption_decryption" "fusenapi/utils/ldap_lib" "net/http" "strings" "context" "fusenapi/server/ldap-admin/internal/svc" "fusenapi/server/ldap-admin/internal/types" "github.com/zeromicro/go-zero/core/logx" ) type UpdateLdapUserPwdLogic struct { logx.Logger ctx context.Context svcCtx *svc.ServiceContext } func NewUpdateLdapUserPwdLogic(ctx context.Context, svcCtx *svc.ServiceContext) *UpdateLdapUserPwdLogic { return &UpdateLdapUserPwdLogic{ Logger: logx.WithContext(ctx), ctx: ctx, svcCtx: svcCtx, } } // 处理进入前逻辑w,r // func (l *UpdateLdapUserPwdLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) { // } func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdReq, r *http.Request) (resp *basic.Response) { ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN, l.svcCtx.Config.Ldap.PeopleGroupDN) if !ldapServer.VerifyAuthority(r, l.svcCtx.Config.Auth.AccessSecret) { return resp.SetStatusWithMessage(basic.CodeUnAuth, "无权限,请联系管理员开通") } req.UserDN = strings.Trim(req.UserDN, " ") req.NewPassword = strings.Trim(req.NewPassword, " ") req.OldPassword = strings.Trim(req.OldPassword, " ") if req.NewPassword == "" || req.OldPassword == "" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "新/旧密码都不允许为空") } if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误,无效的用户DN") } cnEmail := strings.Split(req.UserDN, ",")[0][3:] if !email.IsEmailValid(cnEmail) { return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn") } //查询个人信息 user, err := ldapServer.GetLdapUserInfo(req.UserDN) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error()) } if len(user.Password) > 7 && user.Password[:7] == "{crypt}" { //解密旧的密码 oldPwd, err := encryption_decryption.CBCDecrypt(user.Password[7:]) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "解密旧的密码出错") } //验证旧的密码 if oldPwd != req.OldPassword { return resp.SetStatusWithMessage(basic.CodeServiceErr, "旧密码不对,请重新尝试") } } //加密新的密码 newPwd, err := encryption_decryption.CBCEncrypt(req.NewPassword) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "加密密码失败") } err = ldapServer.Update(req.UserDN, map[string][]string{ "userPassword": {"{crypt}" + newPwd}, }) if err != nil { logx.Error(err) return resp.SetStatusWithMessage(basic.CodeServiceErr, "修改密码失败") } return resp.SetStatusWithMessage(basic.CodeOK, "修改密码成功") } // 处理逻辑后 w,r 如:重定向, resp 必须重新处理 // func (l *UpdateLdapUserPwdLogic) AfterLogic(w http.ResponseWriter, r *http.Request, resp *basic.Response) { // // httpx.OkJsonCtx(r.Context(), w, resp) // }