gitee
/
eiam
mirror of https://gitee.com/topiam/eiam
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

优化

pull/82/head^2
awenes 2024-04-04 21:58:50 +08:00
parent 8ecb1760da
commit 45ecbfd668
9 changed files with 37 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/AbstractCertificateApplicationService.java
View File

@ -67,7 +67,7 @@ public abstract class AbstractCertificateApplicationService extends AbstractAppl
//算法
config.setSignAlgo("SHA256WITHRSA");
RsaUtils.RsaResult keys = getKeys(config.getKeyLong());
X500Name x500Name = getX500Name("app_" + appCode, "TopIAM", "Jinan", "Shandong", "CN",
X500Name x500Name = getX500Name("app_" + appCode, "TOPIAM", "Jinan", "Shandong", "CN",
"EIAM");
//发行者
config.setIssuer(x500Name.toString());

2
eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/converter/AppFormConfigConverter.java
View File

@ -32,7 +32,7 @@ import cn.topiam.employee.application.form.pojo.AppFormSaveConfigParam;
import cn.topiam.employee.common.entity.app.AppFormConfigEntity;
import cn.topiam.employee.common.entity.app.po.AppFormConfigPO;
import cn.topiam.employee.core.help.ServerHelp;
import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE;
import static cn.topiam.employee.common.constant.AppConstants.APP_CODE;
import static cn.topiam.employee.common.constant.ProtocolConstants.FormEndpointConstants.FORM_SSO_PATH;
/**

2
eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/converter/AppJwtConfigConverter.java
View File

@ -30,7 +30,7 @@ import cn.topiam.employee.application.jwt.pojo.AppJwtSaveConfigParam;
import cn.topiam.employee.common.entity.app.AppJwtConfigEntity;
import cn.topiam.employee.common.entity.app.po.AppJwtConfigPO;
import cn.topiam.employee.core.help.ServerHelp;
import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE;
import static cn.topiam.employee.common.constant.AppConstants.APP_CODE;
import static cn.topiam.employee.common.constant.ProtocolConstants.JwtEndpointConstants.JWT_SLO_PATH;
import static cn.topiam.employee.common.constant.ProtocolConstants.JwtEndpointConstants.JWT_SSO_PATH;

7
eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/AbstractOidcCertificateApplicationService.java
View File

@ -32,8 +32,9 @@ import cn.topiam.employee.application.oidc.model.OidcProtocolConfig;
import cn.topiam.employee.common.entity.app.AppCertEntity;
import cn.topiam.employee.common.entity.app.po.AppOidcConfigPO;
import cn.topiam.employee.common.repository.app.*;
import cn.topiam.employee.common.util.X509Utils;
import static cn.topiam.employee.common.enums.app.AppCertUsingType.OIDC_JWK;
import static cn.topiam.employee.support.util.CertUtils.readPrivateKey;
import static cn.topiam.employee.support.util.CertUtils.readPublicKey;
/**
* OIDC
@ -80,8 +81,8 @@ public abstract class AbstractOidcCertificateApplicationService extends
//@formatter:off
try {
PrivateKey rsaPrivateKey = X509Utils.readPrivateKey(appCert.getPrivateKey(), "");
RSAPublicKey rsaPublicKey = (RSAPublicKey) X509Utils.readPublicKey(appCert.getPublicKey(), "");
PrivateKey rsaPrivateKey = readPrivateKey(appCert.getPrivateKey(), "");
RSAPublicKey rsaPublicKey = (RSAPublicKey) readPublicKey(appCert.getPublicKey(), "");
RSAKey rsaKey = new RSAKey.Builder(rsaPublicKey)
.privateKey(rsaPrivateKey)

18
eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/converter/AppOidcStandardConfigConverter.java
View File

@ -32,8 +32,8 @@ import cn.topiam.employee.common.constant.ProtocolConstants;
import cn.topiam.employee.common.entity.app.AppOidcConfigEntity;
import cn.topiam.employee.common.entity.app.po.AppOidcConfigPO;
import cn.topiam.employee.core.help.ServerHelp;
import cn.topiam.employee.support.util.HttpUrlUtils;
import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE;
import cn.topiam.employee.support.util.UrlUtils;
import static cn.topiam.employee.common.constant.AppConstants.APP_CODE;
import static cn.topiam.employee.common.constant.ProtocolConstants.OidcEndpointConstants.OIDC_AUTHORIZE_PATH;
import static cn.topiam.employee.common.constant.ProtocolConstants.OidcEndpointConstants.WELL_KNOWN_OPENID_CONFIGURATION;
@ -118,19 +118,19 @@ public interface AppOidcStandardConfigConverter {
//Issuer
domain.setIssuer(sub.replace(ServerHelp.getPortalPublicBaseUrl()+OIDC_AUTHORIZE_PATH));
//发现端点
domain.setDiscoveryEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(WELL_KNOWN_OPENID_CONFIGURATION)));
domain.setDiscoveryEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(WELL_KNOWN_OPENID_CONFIGURATION)));
//认证端点
domain.setAuthorizationEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT)));
domain.setAuthorizationEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT)));
//Token端点
domain.setTokenEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace( ProtocolConstants.OidcEndpointConstants.TOKEN_ENDPOINT)));
domain.setTokenEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace( ProtocolConstants.OidcEndpointConstants.TOKEN_ENDPOINT)));
//Jwks端点
domain.setJwksEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.JWK_SET_ENDPOINT)));
domain.setJwksEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.JWK_SET_ENDPOINT)));
//撤销端点
domain.setRevokeEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl()+ sub.replace(ProtocolConstants.OidcEndpointConstants.TOKEN_REVOCATION_ENDPOINT)));
domain.setRevokeEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl()+ sub.replace(ProtocolConstants.OidcEndpointConstants.TOKEN_REVOCATION_ENDPOINT)));
//UserInfo端点
domain.setUserinfoEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.OIDC_USER_INFO_ENDPOINT)));
domain.setUserinfoEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.OIDC_USER_INFO_ENDPOINT)));
//登出端点
domain.setEndSessionEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.OIDC_LOGOUT_ENDPOINT)));
domain.setEndSessionEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.OIDC_LOGOUT_ENDPOINT)));
return domain;
//@formatter:on
}

21
eiam-core/src/main/java/cn/topiam/employee/core/security/password/manager/DefaultPasswordPolicyManager.java
View File

@ -17,18 +17,14 @@
*/
package cn.topiam.employee.core.security.password.manager;
import java.time.LocalDateTime;
import java.util.*;
import org.springframework.data.domain.Example;
import org.springframework.data.domain.Page;
import org.springframework.data.domain.PageRequest;
import org.springframework.data.querydsl.QSort;
import org.springframework.data.domain.Sort;
import org.springframework.security.crypto.password.PasswordEncoder;
import com.querydsl.core.types.OrderSpecifier;
import com.querydsl.core.types.dsl.BooleanExpression;
import cn.topiam.employee.common.entity.account.QUserHistoryPasswordEntity;
import cn.topiam.employee.common.entity.account.UserEntity;
import cn.topiam.employee.common.entity.account.UserHistoryPasswordEntity;
import cn.topiam.employee.common.entity.setting.SettingEntity;
@ -42,6 +38,7 @@ import cn.topiam.employee.support.security.password.enums.PasswordComplexityRule
import cn.topiam.employee.support.security.password.validator.*;
import cn.topiam.employee.support.security.password.weak.PasswordWeakLib;
import static cn.topiam.employee.core.setting.constant.PasswordPolicySettingConstants.*;
import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIED_TIME;
/**
*
@ -83,7 +80,7 @@ public class DefaultPasswordPolicyManager implements PasswordPolicyManager<UserE
if (userId.getId() != null) {
//@formatter:off
validators.add(getPasswordIncludeUserInfoValidator(userId.getId()));
validators.add(getHistoryPasswordValidator(userId.getId()));
validators.add(getHistoryPasswordValidator(String.valueOf(userId.getId())));
//@formatter:on
}
validators.forEach(passwordValidator -> passwordValidator.validate(password));
@ -117,7 +114,7 @@ public class DefaultPasswordPolicyManager implements PasswordPolicyManager<UserE
*
* @return {@link HistoryPasswordValidator}
*/
private HistoryPasswordValidator getHistoryPasswordValidator(Long userId) {
private HistoryPasswordValidator getHistoryPasswordValidator(String userId) {
SettingEntity historyCipherCheck = settingRepository.findByName(PasswordPolicySettingConstants.PASSWORD_POLICY_HISTORY_PASSWORD_CHECK);
boolean enabled = Objects.isNull(historyCipherCheck)
? Boolean.parseBoolean(PasswordPolicySettingConstants.PASSWORD_POLICY_DEFAULT_SETTINGS.get(PASSWORD_POLICY_HISTORY_PASSWORD_CHECK))
@ -127,11 +124,9 @@ public class DefaultPasswordPolicyManager implements PasswordPolicyManager<UserE
Integer count = Objects.isNull(historyCipherCheckCount)
? Integer.valueOf(PasswordPolicySettingConstants.PASSWORD_POLICY_DEFAULT_SETTINGS.get(PASSWORD_POLICY_HISTORY_PASSWORD_CHECK_COUNT))
: Integer.valueOf(historyCipherCheckCount.getValue());
//构建查询条件
QUserHistoryPasswordEntity historyPasswordEntity = QUserHistoryPasswordEntity.userHistoryPasswordEntity;
BooleanExpression expression = historyPasswordEntity.userId.eq(String.valueOf(userId));
OrderSpecifier<LocalDateTime> desc = historyPasswordEntity.updateTime.desc();
Page<UserHistoryPasswordEntity> entities = userHistoryPasswordRepository.findAll(expression, PageRequest.of(0, count, QSort.by(desc)));
Page<UserHistoryPasswordEntity> entities = userHistoryPasswordRepository.findAll(
Example.of(new UserHistoryPasswordEntity().setUserId(userId)),
PageRequest.of(0, count, Sort.by(Sort.Direction.DESC, LAST_MODIFIED_TIME)));
//构建历史密码验证器
new HistoryPasswordValidator(entities.getContent().stream().map(UserHistoryPasswordEntity::getPassword).toList(), passwordEncoder);
}

12
eiam-identity-source/eiam-identity-source-dingtalk/src/main/java/cn/topiam/employee/identitysource/dingtalk/DingTalkIdentitySource.java
View File

@ -34,7 +34,6 @@ import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider;
import cn.topiam.employee.common.util.RequestUtils;
import cn.topiam.employee.identitysource.core.AbstractDefaultIdentitySource;
import cn.topiam.employee.identitysource.core.client.IdentitySourceClient;
import cn.topiam.employee.identitysource.core.enums.IdentitySourceEventReceiveType;
@ -44,6 +43,7 @@ import cn.topiam.employee.identitysource.core.processor.IdentitySourceSyncUserPo
import cn.topiam.employee.identitysource.core.processor.modal.IdentitySourceEventProcessData;
import cn.topiam.employee.identitysource.dingtalk.enums.DingTalkEventType;
import cn.topiam.employee.identitysource.dingtalk.util.DingTalkEventCryptoUtils;
import cn.topiam.employee.support.util.HttpRequestUtils;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
@ -75,7 +75,7 @@ public class DingTalkIdentitySource extends AbstractDefaultIdentitySource<DingTa
@Override
public Object event(HttpServletRequest request, String body) {
LocalDateTime eventTime = LocalDateTime.now();
Map<String, Object> params = RequestUtils.getParams(request);
Map<String, String> params = HttpRequestUtils.getRequestParameters(request);
if (StringUtils.isNoneBlank(body)) {
String encrypt = JSON.parseObject(body).getString(ENCRYPT);
log.info("钉钉身份源 [{}] 回调入参: {}, encrypt: {}", getId(), JSON.toJSONString(params),
@ -96,13 +96,13 @@ public class DingTalkIdentitySource extends AbstractDefaultIdentitySource<DingTa
* @param syncMap {@link Map}
* @return {@link Map}
*/
private Object eventCallBack(LocalDateTime eventTime, Map<String, Object> syncMap,
private Object eventCallBack(LocalDateTime eventTime, Map<String, String> syncMap,
String encrypt) {
try {
DingTalkConfig config = getConfig();
String msgSignature = (String) syncMap.get(MSG_SIGNATURE);
String timeStamp = (String) syncMap.get(TIMESTAMP);
String nonce = (String) syncMap.get(NONCE);
String msgSignature = syncMap.get(MSG_SIGNATURE);
String timeStamp = syncMap.get(TIMESTAMP);
String nonce = syncMap.get(NONCE);
DingTalkEventCryptoUtils eventCryptoUtils = new DingTalkEventCryptoUtils(
config.getToken(), config.getAesKey(), config.getAppKey());
String decryptMsg = eventCryptoUtils.getDecryptMsg(msgSignature, timeStamp, nonce,

33
eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/account/impl/OrganizationServiceImpl.java
View File

@ -27,17 +27,10 @@ import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
import com.querydsl.core.types.ExpressionUtils;
import com.querydsl.core.types.Predicate;
import com.querydsl.core.types.dsl.BooleanExpression;
import com.querydsl.core.types.dsl.Expressions;
import com.querydsl.jpa.impl.JPAQuery;
import com.querydsl.jpa.impl.JPAQueryFactory;
import cn.topiam.employee.audit.context.AuditContext;
import cn.topiam.employee.audit.entity.Target;
import cn.topiam.employee.audit.enums.TargetType;
import cn.topiam.employee.common.entity.account.*;
import cn.topiam.employee.common.entity.account.OrganizationEntity;
import cn.topiam.employee.common.repository.account.OrganizationRepository;
import cn.topiam.employee.openapi.constant.OpenApiStatus;
import cn.topiam.employee.openapi.converter.account.OrganizationConverter;
@ -210,7 +203,7 @@ public class OrganizationServiceImpl implements OrganizationService {
List<OrganizationEntity> list = organizationRepository.findByParentId(id);
if (CollectionUtils.isEmpty(list)) {
//查询当前机构和当前机构下子机构下是否存在用户,不存在删除,存在抛出异常
Long count = getOrgMemberCount(id);
Integer count = getOrgMemberCount(id);
if (count > 0) {
throw new OpenApiException(OpenApiStatus.DEPARTMENT_HAS_USER);
}
@ -265,23 +258,9 @@ public class OrganizationServiceImpl implements OrganizationService {
* @param orgId {@link String}
* @return {@link Long}
*/
public Long getOrgMemberCount(String orgId) {
//条件
QUserEntity user = QUserEntity.userEntity;
QOrganizationEntity qOrganization = QOrganizationEntity.organizationEntity;
Predicate predicate = ExpressionUtils.and(user.isNotNull(), user.deleted.eq(Boolean.FALSE));
//FIND_IN_SET函数
BooleanExpression template = Expressions.booleanTemplate(
"FIND_IN_SET({0}, replace({1}, '/', ','))> 0", orgId, qOrganization.path);
predicate = ExpressionUtils.and(predicate, qOrganization.id.eq(orgId).or(template));
//构造查询
JPAQuery<Long> jpaQuery = jpaQueryFactory.selectFrom(user).select(user.count())
.innerJoin(QOrganizationMemberEntity.organizationMemberEntity)
.on(user.id.eq(QOrganizationMemberEntity.organizationMemberEntity.userId))
.innerJoin(qOrganization)
.on(qOrganization.id.eq(QOrganizationMemberEntity.organizationMemberEntity.orgId))
.where(predicate);
return jpaQuery.fetch().get(0);
public Integer getOrgMemberCount(String orgId) {
return organizationRepository.getOrgMemberList(orgId).size();
}
@Override
@ -292,8 +271,6 @@ public class OrganizationServiceImpl implements OrganizationService {
.orElseThrow(() -> new OpenApiException(OpenApiStatus.DEPARTMENT_NOT_EXIST));
}
private final JPAQueryFactory jpaQueryFactory;
/**
*
*/

4
eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/app/impl/AppAccountServiceImpl.java
View File

@ -19,7 +19,7 @@ package cn.topiam.employee.openapi.service.app.impl;
import java.util.Optional;
import org.springframework.data.querydsl.QPageRequest;
import org.springframework.data.domain.PageRequest;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@ -64,7 +64,7 @@ public class AppAccountServiceImpl implements AppAccountService {
public Page<AppAccountListResult> getAppAccountList(PageModel pageModel,
AppAccountQuery query) {
//分页条件
QPageRequest request = QPageRequest.of(pageModel.getCurrent(), pageModel.getPageSize());
PageRequest request = PageRequest.of(pageModel.getCurrent(), pageModel.getPageSize());
//查询映射
org.springframework.data.domain.Page<AppAccountPO> list = appAccountRepository
.getAppAccountList(query, request);