From 45ecbfd668220e2df566dd877872771dd4deb0de Mon Sep 17 00:00:00 2001 From: awenes <1121353141@qq.com> Date: Thu, 4 Apr 2024 21:58:50 +0800 Subject: [PATCH] =?UTF-8?q?:zap:=20=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...AbstractCertificateApplicationService.java | 2 +- .../converter/AppFormConfigConverter.java | 2 +- .../jwt/converter/AppJwtConfigConverter.java | 2 +- ...ractOidcCertificateApplicationService.java | 7 ++-- .../AppOidcStandardConfigConverter.java | 18 +++++----- .../manager/DefaultPasswordPolicyManager.java | 21 +++++------- .../dingtalk/DingTalkIdentitySource.java | 12 +++---- .../account/impl/OrganizationServiceImpl.java | 33 +++---------------- .../app/impl/AppAccountServiceImpl.java | 4 +-- 9 files changed, 37 insertions(+), 64 deletions(-) diff --git a/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/AbstractCertificateApplicationService.java b/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/AbstractCertificateApplicationService.java index 4fe7510e..899f6b7a 100644 --- a/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/AbstractCertificateApplicationService.java +++ b/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/AbstractCertificateApplicationService.java @@ -67,7 +67,7 @@ public abstract class AbstractCertificateApplicationService extends AbstractAppl //算法 config.setSignAlgo("SHA256WITHRSA"); RsaUtils.RsaResult keys = getKeys(config.getKeyLong()); - X500Name x500Name = getX500Name("app_" + appCode, "TopIAM", "Jinan", "Shandong", "CN", + X500Name x500Name = getX500Name("app_" + appCode, "TOPIAM", "Jinan", "Shandong", "CN", "EIAM"); //发行者 config.setIssuer(x500Name.toString()); diff --git a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/converter/AppFormConfigConverter.java b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/converter/AppFormConfigConverter.java index 5d0ef4a0..e7497926 100644 --- a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/converter/AppFormConfigConverter.java +++ b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/converter/AppFormConfigConverter.java @@ -32,7 +32,7 @@ import cn.topiam.employee.application.form.pojo.AppFormSaveConfigParam; import cn.topiam.employee.common.entity.app.AppFormConfigEntity; import cn.topiam.employee.common.entity.app.po.AppFormConfigPO; import cn.topiam.employee.core.help.ServerHelp; -import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE; +import static cn.topiam.employee.common.constant.AppConstants.APP_CODE; import static cn.topiam.employee.common.constant.ProtocolConstants.FormEndpointConstants.FORM_SSO_PATH; /** diff --git a/eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/converter/AppJwtConfigConverter.java b/eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/converter/AppJwtConfigConverter.java index 0d91b927..66ffccea 100644 --- a/eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/converter/AppJwtConfigConverter.java +++ b/eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/converter/AppJwtConfigConverter.java @@ -30,7 +30,7 @@ import cn.topiam.employee.application.jwt.pojo.AppJwtSaveConfigParam; import cn.topiam.employee.common.entity.app.AppJwtConfigEntity; import cn.topiam.employee.common.entity.app.po.AppJwtConfigPO; import cn.topiam.employee.core.help.ServerHelp; -import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE; +import static cn.topiam.employee.common.constant.AppConstants.APP_CODE; import static cn.topiam.employee.common.constant.ProtocolConstants.JwtEndpointConstants.JWT_SLO_PATH; import static cn.topiam.employee.common.constant.ProtocolConstants.JwtEndpointConstants.JWT_SSO_PATH; diff --git a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/AbstractOidcCertificateApplicationService.java b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/AbstractOidcCertificateApplicationService.java index 99bc497d..e5ab554b 100644 --- a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/AbstractOidcCertificateApplicationService.java +++ b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/AbstractOidcCertificateApplicationService.java @@ -32,8 +32,9 @@ import cn.topiam.employee.application.oidc.model.OidcProtocolConfig; import cn.topiam.employee.common.entity.app.AppCertEntity; import cn.topiam.employee.common.entity.app.po.AppOidcConfigPO; import cn.topiam.employee.common.repository.app.*; -import cn.topiam.employee.common.util.X509Utils; import static cn.topiam.employee.common.enums.app.AppCertUsingType.OIDC_JWK; +import static cn.topiam.employee.support.util.CertUtils.readPrivateKey; +import static cn.topiam.employee.support.util.CertUtils.readPublicKey; /** * OIDC 应用配置 @@ -80,8 +81,8 @@ public abstract class AbstractOidcCertificateApplicationService extends //@formatter:off try { - PrivateKey rsaPrivateKey = X509Utils.readPrivateKey(appCert.getPrivateKey(), ""); - RSAPublicKey rsaPublicKey = (RSAPublicKey) X509Utils.readPublicKey(appCert.getPublicKey(), ""); + PrivateKey rsaPrivateKey = readPrivateKey(appCert.getPrivateKey(), ""); + RSAPublicKey rsaPublicKey = (RSAPublicKey) readPublicKey(appCert.getPublicKey(), ""); RSAKey rsaKey = new RSAKey.Builder(rsaPublicKey) .privateKey(rsaPrivateKey) diff --git a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/converter/AppOidcStandardConfigConverter.java b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/converter/AppOidcStandardConfigConverter.java index c3f47295..dc6c6376 100644 --- a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/converter/AppOidcStandardConfigConverter.java +++ b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/converter/AppOidcStandardConfigConverter.java @@ -32,8 +32,8 @@ import cn.topiam.employee.common.constant.ProtocolConstants; import cn.topiam.employee.common.entity.app.AppOidcConfigEntity; import cn.topiam.employee.common.entity.app.po.AppOidcConfigPO; import cn.topiam.employee.core.help.ServerHelp; -import cn.topiam.employee.support.util.HttpUrlUtils; -import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE; +import cn.topiam.employee.support.util.UrlUtils; +import static cn.topiam.employee.common.constant.AppConstants.APP_CODE; import static cn.topiam.employee.common.constant.ProtocolConstants.OidcEndpointConstants.OIDC_AUTHORIZE_PATH; import static cn.topiam.employee.common.constant.ProtocolConstants.OidcEndpointConstants.WELL_KNOWN_OPENID_CONFIGURATION; @@ -118,19 +118,19 @@ public interface AppOidcStandardConfigConverter { //Issuer domain.setIssuer(sub.replace(ServerHelp.getPortalPublicBaseUrl()+OIDC_AUTHORIZE_PATH)); //发现端点 - domain.setDiscoveryEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(WELL_KNOWN_OPENID_CONFIGURATION))); + domain.setDiscoveryEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(WELL_KNOWN_OPENID_CONFIGURATION))); //认证端点 - domain.setAuthorizationEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT))); + domain.setAuthorizationEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT))); //Token端点 - domain.setTokenEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace( ProtocolConstants.OidcEndpointConstants.TOKEN_ENDPOINT))); + domain.setTokenEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace( ProtocolConstants.OidcEndpointConstants.TOKEN_ENDPOINT))); //Jwks端点 - domain.setJwksEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.JWK_SET_ENDPOINT))); + domain.setJwksEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.JWK_SET_ENDPOINT))); //撤销端点 - domain.setRevokeEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl()+ sub.replace(ProtocolConstants.OidcEndpointConstants.TOKEN_REVOCATION_ENDPOINT))); + domain.setRevokeEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl()+ sub.replace(ProtocolConstants.OidcEndpointConstants.TOKEN_REVOCATION_ENDPOINT))); //UserInfo端点 - domain.setUserinfoEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.OIDC_USER_INFO_ENDPOINT))); + domain.setUserinfoEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.OIDC_USER_INFO_ENDPOINT))); //登出端点 - domain.setEndSessionEndpoint(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.OIDC_LOGOUT_ENDPOINT))); + domain.setEndSessionEndpoint(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.OIDC_LOGOUT_ENDPOINT))); return domain; //@formatter:on } diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/password/manager/DefaultPasswordPolicyManager.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/password/manager/DefaultPasswordPolicyManager.java index 263cecbe..7f579944 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/password/manager/DefaultPasswordPolicyManager.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/password/manager/DefaultPasswordPolicyManager.java @@ -17,18 +17,14 @@ */ package cn.topiam.employee.core.security.password.manager; -import java.time.LocalDateTime; import java.util.*; +import org.springframework.data.domain.Example; import org.springframework.data.domain.Page; import org.springframework.data.domain.PageRequest; -import org.springframework.data.querydsl.QSort; +import org.springframework.data.domain.Sort; import org.springframework.security.crypto.password.PasswordEncoder; -import com.querydsl.core.types.OrderSpecifier; -import com.querydsl.core.types.dsl.BooleanExpression; - -import cn.topiam.employee.common.entity.account.QUserHistoryPasswordEntity; import cn.topiam.employee.common.entity.account.UserEntity; import cn.topiam.employee.common.entity.account.UserHistoryPasswordEntity; import cn.topiam.employee.common.entity.setting.SettingEntity; @@ -42,6 +38,7 @@ import cn.topiam.employee.support.security.password.enums.PasswordComplexityRule import cn.topiam.employee.support.security.password.validator.*; import cn.topiam.employee.support.security.password.weak.PasswordWeakLib; import static cn.topiam.employee.core.setting.constant.PasswordPolicySettingConstants.*; +import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIED_TIME; /** * 密码策略管理器 @@ -83,7 +80,7 @@ public class DefaultPasswordPolicyManager implements PasswordPolicyManager passwordValidator.validate(password)); @@ -117,7 +114,7 @@ public class DefaultPasswordPolicyManager implements PasswordPolicyManager desc = historyPasswordEntity.updateTime.desc(); - Page entities = userHistoryPasswordRepository.findAll(expression, PageRequest.of(0, count, QSort.by(desc))); + Page entities = userHistoryPasswordRepository.findAll( + Example.of(new UserHistoryPasswordEntity().setUserId(userId)), + PageRequest.of(0, count, Sort.by(Sort.Direction.DESC, LAST_MODIFIED_TIME))); //构建历史密码验证器 new HistoryPasswordValidator(entities.getContent().stream().map(UserHistoryPasswordEntity::getPassword).toList(), passwordEncoder); } diff --git a/eiam-identity-source/eiam-identity-source-dingtalk/src/main/java/cn/topiam/employee/identitysource/dingtalk/DingTalkIdentitySource.java b/eiam-identity-source/eiam-identity-source-dingtalk/src/main/java/cn/topiam/employee/identitysource/dingtalk/DingTalkIdentitySource.java index f846ca54..58b17a33 100644 --- a/eiam-identity-source/eiam-identity-source-dingtalk/src/main/java/cn/topiam/employee/identitysource/dingtalk/DingTalkIdentitySource.java +++ b/eiam-identity-source/eiam-identity-source-dingtalk/src/main/java/cn/topiam/employee/identitysource/dingtalk/DingTalkIdentitySource.java @@ -34,7 +34,6 @@ import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider; -import cn.topiam.employee.common.util.RequestUtils; import cn.topiam.employee.identitysource.core.AbstractDefaultIdentitySource; import cn.topiam.employee.identitysource.core.client.IdentitySourceClient; import cn.topiam.employee.identitysource.core.enums.IdentitySourceEventReceiveType; @@ -44,6 +43,7 @@ import cn.topiam.employee.identitysource.core.processor.IdentitySourceSyncUserPo import cn.topiam.employee.identitysource.core.processor.modal.IdentitySourceEventProcessData; import cn.topiam.employee.identitysource.dingtalk.enums.DingTalkEventType; import cn.topiam.employee.identitysource.dingtalk.util.DingTalkEventCryptoUtils; +import cn.topiam.employee.support.util.HttpRequestUtils; import lombok.Data; import lombok.extern.slf4j.Slf4j; @@ -75,7 +75,7 @@ public class DingTalkIdentitySource extends AbstractDefaultIdentitySource params = RequestUtils.getParams(request); + Map params = HttpRequestUtils.getRequestParameters(request); if (StringUtils.isNoneBlank(body)) { String encrypt = JSON.parseObject(body).getString(ENCRYPT); log.info("钉钉身份源 [{}] 回调入参: {}, encrypt: {}", getId(), JSON.toJSONString(params), @@ -96,13 +96,13 @@ public class DingTalkIdentitySource extends AbstractDefaultIdentitySource syncMap, + private Object eventCallBack(LocalDateTime eventTime, Map syncMap, String encrypt) { try { DingTalkConfig config = getConfig(); - String msgSignature = (String) syncMap.get(MSG_SIGNATURE); - String timeStamp = (String) syncMap.get(TIMESTAMP); - String nonce = (String) syncMap.get(NONCE); + String msgSignature = syncMap.get(MSG_SIGNATURE); + String timeStamp = syncMap.get(TIMESTAMP); + String nonce = syncMap.get(NONCE); DingTalkEventCryptoUtils eventCryptoUtils = new DingTalkEventCryptoUtils( config.getToken(), config.getAesKey(), config.getAppKey()); String decryptMsg = eventCryptoUtils.getDecryptMsg(msgSignature, timeStamp, nonce, diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/account/impl/OrganizationServiceImpl.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/account/impl/OrganizationServiceImpl.java index 00edfd39..dcd14894 100644 --- a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/account/impl/OrganizationServiceImpl.java +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/account/impl/OrganizationServiceImpl.java @@ -27,17 +27,10 @@ import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import org.springframework.util.CollectionUtils; -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; -import com.querydsl.core.types.dsl.BooleanExpression; -import com.querydsl.core.types.dsl.Expressions; -import com.querydsl.jpa.impl.JPAQuery; -import com.querydsl.jpa.impl.JPAQueryFactory; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.TargetType; -import cn.topiam.employee.common.entity.account.*; +import cn.topiam.employee.common.entity.account.OrganizationEntity; import cn.topiam.employee.common.repository.account.OrganizationRepository; import cn.topiam.employee.openapi.constant.OpenApiStatus; import cn.topiam.employee.openapi.converter.account.OrganizationConverter; @@ -210,7 +203,7 @@ public class OrganizationServiceImpl implements OrganizationService { List list = organizationRepository.findByParentId(id); if (CollectionUtils.isEmpty(list)) { //查询当前机构和当前机构下子机构下是否存在用户,不存在删除,存在抛出异常 - Long count = getOrgMemberCount(id); + Integer count = getOrgMemberCount(id); if (count > 0) { throw new OpenApiException(OpenApiStatus.DEPARTMENT_HAS_USER); } @@ -265,23 +258,9 @@ public class OrganizationServiceImpl implements OrganizationService { * @param orgId {@link String} * @return {@link Long} */ - public Long getOrgMemberCount(String orgId) { - //条件 - QUserEntity user = QUserEntity.userEntity; - QOrganizationEntity qOrganization = QOrganizationEntity.organizationEntity; - Predicate predicate = ExpressionUtils.and(user.isNotNull(), user.deleted.eq(Boolean.FALSE)); - //FIND_IN_SET函数 - BooleanExpression template = Expressions.booleanTemplate( - "FIND_IN_SET({0}, replace({1}, '/', ','))> 0", orgId, qOrganization.path); - predicate = ExpressionUtils.and(predicate, qOrganization.id.eq(orgId).or(template)); - //构造查询 - JPAQuery jpaQuery = jpaQueryFactory.selectFrom(user).select(user.count()) - .innerJoin(QOrganizationMemberEntity.organizationMemberEntity) - .on(user.id.eq(QOrganizationMemberEntity.organizationMemberEntity.userId)) - .innerJoin(qOrganization) - .on(qOrganization.id.eq(QOrganizationMemberEntity.organizationMemberEntity.orgId)) - .where(predicate); - return jpaQuery.fetch().get(0); + public Integer getOrgMemberCount(String orgId) { + return organizationRepository.getOrgMemberList(orgId).size(); + } @Override @@ -292,8 +271,6 @@ public class OrganizationServiceImpl implements OrganizationService { .orElseThrow(() -> new OpenApiException(OpenApiStatus.DEPARTMENT_NOT_EXIST)); } - private final JPAQueryFactory jpaQueryFactory; - /** * 组织架构数据映射器 */ diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/app/impl/AppAccountServiceImpl.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/app/impl/AppAccountServiceImpl.java index de4e6ddd..21b1a8bb 100644 --- a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/app/impl/AppAccountServiceImpl.java +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/app/impl/AppAccountServiceImpl.java @@ -19,7 +19,7 @@ package cn.topiam.employee.openapi.service.app.impl; import java.util.Optional; -import org.springframework.data.querydsl.QPageRequest; +import org.springframework.data.domain.PageRequest; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -64,7 +64,7 @@ public class AppAccountServiceImpl implements AppAccountService { public Page getAppAccountList(PageModel pageModel, AppAccountQuery query) { //分页条件 - QPageRequest request = QPageRequest.of(pageModel.getCurrent(), pageModel.getPageSize()); + PageRequest request = PageRequest.of(pageModel.getCurrent(), pageModel.getPageSize()); //查询映射 org.springframework.data.domain.Page list = appAccountRepository .getAppAccountList(query, request);