From 6afe10a1bd1440155a75176297928bd1e8490c86 Mon Sep 17 00:00:00 2001 From: smallbun <2689170096@qq.com> Date: Wed, 8 Feb 2023 14:44:21 +0800 Subject: [PATCH] =?UTF-8?q?:recycle:=20=E9=87=8D=E6=9E=84=E4=BB=A3?= =?UTF-8?q?=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cas/AbstractCasApplicationService.java | 7 +- .../cas}/CasApplicationService.java | 7 +- .../CasStandardApplicationServiceImpl.java | 39 +- .../AppCasStandardConfigConverter.java | 43 + .../application/cas/model}/CasSsoModel.java | 9 +- .../cas/pojo/AppCasProtocolEndpoint.java | 69 ++ .../AppCasStandardConfigGetResult.java | 27 +- .../AppCasStandardSaveConfigParam.java | 22 +- .../AbstractApplicationService.java | 4 +- .../application/ApplicationServiceLoader.java | 13 +- .../form/AbstractFormApplicationService.java | 45 +- .../form/FormApplicationService.java | 48 ++ .../FormStandardApplicationServiceImpl.java | 141 +++- .../converter/AppFormConfigConverter.java | 117 +++ .../form/model/FormProtocolConfig.java | 77 ++ .../form/pojo/AppFormConfigGetResult.java | 101 +++ .../form/pojo/AppFormProtocolEndpoint.java | 46 ++ .../form/pojo/AppFormSaveConfigParam.java | 93 +++ .../oidc/AbstractOidcApplicationService.java | 2 +- .../OidcStandardApplicationServiceImpl.java | 2 +- .../AppOidcStandardConfigConverter.java | 12 +- .../oidc/pojo/AppOidcProtocolEndpoint.java | 81 ++ .../AppOidcStandardConfigGetResult.java | 94 +-- .../AppOidcStandardSaveConfigParam.java | 2 +- .../application/oidc/pojo}/package-info.java | 4 +- .../saml2/AbstractSamlAppService.java | 13 +- .../saml2}/Saml2ApplicationService.java | 9 +- .../Saml2StandardApplicationServiceImpl.java | 5 +- .../saml2}/SamlRamRoleNameValueType.java | 4 +- .../AppSaml2StandardConfigConverter.java | 6 +- .../saml2/model}/Saml2ProtocolConfig.java | 4 +- .../saml2/model}/Saml2SsoModel.java | 4 +- .../AppSaml2ProtocolEndpoint.java} | 4 +- .../AppSaml2StandardConfigGetResult.java | 4 +- .../AppSaml2StandardSaveConfigParam.java | 2 +- .../{model => pojo}/Saml2ConverterUtils.java | 11 +- .../common}/IdentityProviderCategory.java | 19 +- .../IdentityProviderCategoryConverter.java | 6 +- .../common/IdentityProviderService.java | 1 - .../common/IdentityProviderType.java | 109 +++ .../constant/AuthenticationConstants.java | 20 +- .../IdentityProviderNotExistException.java | 25 +- ...ractIdpAuthenticationProcessingFilter.java | 19 +- .../authentication/common/modal/IdpUser.java | 2 +- .../common/util/AuthenticationUtils.java | 60 ++ ...th2AuthorizationRequestRedirectFilter.java | 17 +- .../DingtalkOauthAuthenticationFilter.java | 18 +- .../DingtalkScanCodeAuthenticationFilter.java | 23 +- ...ScanCodeAuthorizationRequestGetFilter.java | 16 +- .../feishu/FeiShuIdpScanCodeConfig.java | 35 +- ...eiShuScanCodeAuthenticationConfigurer.java | 91 +++ .../FeiShuAuthenticationConstants.java | 39 + .../filter/FeiShuAuthenticationFilter.java | 70 -- .../FeiShuAuthorizationRequestGetFilter.java | 163 ++++ .../FeiShuLoginAuthenticationFilter.java | 152 ++++ .../mfa/MfaAuthenticationConfigurer.java | 98 +++ .../mfa/MfaAuthenticationFilter.java | 141 ++++ .../mfa/MfaAuthenticationHandler.java | 147 ++++ .../MfaAuthenticationMfaFactorsFilter.java | 132 ++++ .../mfa/MfaAuthenticationSendOtpFilter.java | 159 ++++ .../constant/MfaAuthenticationConstants.java | 48 ++ .../mfa/constant}/package-info.java | 4 +- .../mfa/email/EmailOtpProviderValidator.java | 47 ++ .../mfa/sms/SmsOtpProviderValidator.java | 47 ++ .../mfa/totp/TotpProviderValidator.java | 45 ++ ...th2AuthorizationRequestRedirectFilter.java | 16 +- .../QqOAuth2LoginAuthenticationFilter.java | 12 +- .../sms/SendSmsCaptchaFilter.java | 94 +++ .../SmsAuthenticationConfigurer.java | 28 +- .../{filter => }/SmsAuthenticationFilter.java | 63 +- .../constant/SmsAuthenticationConstants.java | 43 + .../{filter => constant}/package-info.java | 2 +- .../exception/CaptchaNotExistException.java | 31 + .../sms/exception/PhoneNotExistException.java | 33 + ...odeAuthorizationRequestRedirectFilter.java | 21 +- ...ChatScanCodeLoginAuthenticationFilter.java | 32 +- .../WeChatWorkAuthenticationConstants.java | 16 +- ...odeAuthorizationRequestRedirectFilter.java | 17 +- ...WorkScanCodeLoginAuthenticationFilter.java | 14 +- .../common/constants/AccountConstants.java | 8 +- .../common/constants/AnalysisConstants.java | 2 +- .../common/constants/AppConstants.java | 2 +- .../common/constants/AuditConstants.java | 2 +- .../constants/AuthenticationConstants.java | 2 +- .../common/constants/AuthorizeConstants.java | 13 +- .../constants/ConfigBeanNameConstants.java | 4 +- .../common/constants/ProtocolConstants.java | 96 ++- .../common/constants/SessionConstants.java | 2 +- .../common/constants/SettingConstants.java | 6 +- .../common/constants/StorageConstants.java | 2 +- .../common/context}/package-info.java | 4 +- .../employee/common/crypto/Encrypt.java | 40 + .../common/crypto/EncryptContextHelp.java | 68 ++ .../crypto/EncryptedDeserializerModifier.java | 61 ++ .../crypto/EncryptedJsonDeserializer.java | 54 ++ .../crypto/EncryptedJsonSerializer.java | 108 +++ .../crypto/EncryptedSerializerModifier.java | 71 ++ .../common/crypto/EncryptionModule.java | 75 ++ .../topiam/employee/common/crypto/Type.java | 38 + .../entity/account/OrganizationEntity.java | 14 +- .../account/OrganizationMemberEntity.java | 14 +- .../entity/account/UserDetailEntity.java | 12 +- .../common/entity/account/UserEntity.java | 14 +- .../entity/account/UserGroupEntity.java | 15 +- .../entity/account/UserGroupMemberEntity.java | 15 +- .../account/UserHistoryPasswordEntity.java | 15 +- .../entity/account/UserIdpBindEntity.java | 28 +- .../entity/app/AppAccessPolicyEntity.java | 13 +- .../common/entity/app/AppAccountEntity.java | 19 +- .../common/entity/app/AppCasConfigEntity.java | 15 +- .../common/entity/app/AppCertEntity.java | 13 +- .../employee/common/entity/app/AppEntity.java | 13 +- .../entity/app/AppFormConfigEntity.java | 107 +++ .../entity/app/AppOidcConfigEntity.java | 12 +- .../entity/app/AppPermissionActionEntity.java | 15 +- .../entity/app/AppPermissionPolicyEntity.java | 15 +- .../app/AppPermissionResourceEntity.java | 16 +- .../entity/app/AppPermissionRoleEntity.java | 15 +- .../entity/app/AppSaml2ConfigEntity.java | 12 +- .../common/entity/app/AppTsaConfigEntity.java | 128 +++ .../common/entity/app/po/AppFormConfigPO.java | 47 +- .../common/entity/app/po/AppTsaConfigPO.java | 74 ++ .../IdentityProviderEntity.java | 31 +- .../identitysource/IdentitySourceEntity.java | 14 +- .../IdentitySourceEventRecordEntity.java | 13 +- .../IdentitySourceSyncHistoryEntity.java | 13 +- .../IdentitySourceSyncRecordEntity.java | 13 +- .../identitysource/config/JobConfig.java | 4 +- .../{ => message}/MailSendRecordEntity.java | 15 +- .../{ => message}/SmsSendRecordEntity.java | 15 +- .../entity/setting/AdministratorEntity.java | 15 +- .../entity/setting/MailTemplateEntity.java | 13 +- .../common/entity/setting/SettingEntity.java | 15 +- .../common/enums/AuthenticationType.java | 2 - .../common/enums/CaptchaProviderType.java | 1 - .../employee/common/enums/DataOrigin.java | 2 - .../common/enums/IdentityProviderType.java | 135 ---- .../employee/common/enums/Language.java | 1 - .../common/enums/ListEnumDeserializer.java | 5 +- .../common/enums/MessageCategory.java | 2 - .../employee/common/enums/MfaFactor.java | 2 - .../topiam/employee/common/enums/MfaMode.java | 2 - .../common/enums/OrganizationType.java | 2 - .../common/enums/PermissionActionType.java | 2 - .../employee/common/enums/PolicyEffect.java | 2 - .../common/enums/PolicyObjectType.java | 2 - .../common/enums/PolicySubjectType.java | 2 - .../topiam/employee/common/enums/SmsType.java | 8 +- .../employee/common/enums/SyncStatus.java | 2 - .../employee/common/enums/TriggerType.java | 2 - .../employee/common/enums/UserGender.java | 2 - .../employee/common/enums/UserIdType.java | 2 - .../employee/common/enums/UserStatus.java | 2 - .../employee/common/enums/UserType.java | 2 - .../common/enums/app/AppCertUsingType.java | 1 - .../common/enums/app/AppProtocol.java | 8 +- .../employee/common/enums/app/AppType.java | 8 +- .../common/enums/app/AuthorizationType.java | 2 - .../common/enums/app/CasUserIdentityType.java | 78 ++ .../common/enums/app/FormSubmitType.java | 84 ++ .../app/SamlAttributeStatementValueType.java | 1 - .../CasUserIdentityTypeConverter.java | 46 ++ .../converter/FormSubmitTypeConverter.java} | 21 +- .../IdentitySourceActionType.java | 2 - .../IdentitySourceObjectType.java | 2 - .../IdentitySourceProvider.java | 4 +- .../IdentitySourceProviderConverter.java | 4 +- .../topiam/employee/common/geo/District.java | 739 ++++++++++++++++++ .../MaxmindGeoLocationServiceImpl.java | 7 +- .../geo/maxmind/MaxmindProviderConfig.java | 2 + .../message/mail/MailProviderConfig.java | 4 +- .../sms/aliyun/AliyunSmsProviderConfig.java | 2 + .../sms/qiniu/QiNiuSmsProviderConfig.java | 2 + .../sms/tencent/TencentSmsProviderConfig.java | 2 + .../sms/tencent/TencentSmsProviderSend.java | 4 +- .../account/OrganizationMemberRepository.java | 17 +- .../account/OrganizationRepository.java | 16 +- .../account/UserDetailRepository.java | 25 +- .../account/UserGroupMemberRepository.java | 17 +- .../account/UserGroupRepository.java | 20 +- .../UserHistoryPasswordRepository.java | 6 +- .../repository/account/UserIdpRepository.java | 4 +- .../repository/account/UserRepository.java | 49 +- .../account/UserRepositoryCustomized.java | 2 +- ...erGroupMemberRepositoryCustomizedImpl.java | 11 +- .../impl/UserIdpRepositoryCustomizedImpl.java | 25 +- .../impl/UserRepositoryCustomizedImpl.java | 92 +-- .../impl/mapper/UserIdpBindPoMapper.java | 3 +- .../app/AppAccessPolicyRepository.java | 16 +- .../repository/app/AppAccountRepository.java | 21 +- .../repository/app/AppCertRepository.java | 15 +- .../app/AppFormConfigRepository.java | 85 ++ .../AppFormConfigRepositoryCustomized.java | 50 ++ .../app/AppOidcConfigRepository.java | 15 +- .../app/AppPermissionActionRepository.java | 6 +- .../app/AppPermissionPolicyRepository.java | 25 +- .../app/AppPermissionResourceRepository.java | 22 +- .../app/AppPermissionRoleRepository.java | 23 +- .../common/repository/app/AppRepository.java | 19 +- .../app/AppSaml2ConfigRepository.java | 15 +- .../app/AppTsaConfigRepository.java | 85 ++ .../app/AppTsaConfigRepositoryCustomized.java | 50 ++ ...pAccessPolicyRepositoryCustomizedImpl.java | 42 +- .../AppAccountRepositoryCustomizedImpl.java | 20 +- .../AppCasConfigRepositoryCustomizedImpl.java | 17 +- ...AppFormConfigRepositoryCustomizedImpl.java | 111 +++ ...AppOidcConfigRepositoryCustomizedImpl.java | 18 +- ...missionPolicyRepositoryCustomizedImpl.java | 4 +- .../app/impl/AppRepositoryCustomizedImpl.java | 27 +- ...ppSaml2ConfigRepositoryCustomizedImpl.java | 47 +- .../AppTsaConfigRepositoryCustomizedImpl.java | 111 +++ .../app/impl/mapper/AppCasConfigPoMapper.java | 35 +- .../impl/mapper/AppFormConfigPoMapper.java | 91 +++ .../impl/mapper/AppOidcConfigPoMapper.java | 62 +- .../app/impl/mapper/AppTsaConfigPoMapper.java | 80 ++ .../IdentityProviderRepository.java | 35 +- .../IdentitySourceEventRecordRepository.java | 4 +- .../IdentitySourceRepository.java | 18 +- .../IdentitySourceSyncHistoryRepository.java | 6 +- .../IdentitySourceSyncRecordRepository.java | 4 +- .../MailSendRecordRepository.java | 9 +- .../SmsSendRecordRepository.java | 8 +- .../setting/AdministratorRepository.java | 33 +- .../setting/MailTemplateRepository.java | 25 +- .../repository/setting/SettingRepository.java | 18 +- .../common/storage/impl/AliYunOssStorage.java | 28 +- .../common/storage/impl/MinIoStorage.java | 2 + .../common/storage/impl/QiNiuKodoStorage.java | 2 + .../storage/impl/TencentCosStorage.java | 2 + .../employee/common/util/RequestUtils.java | 4 +- .../ConsoleApiConfiguration.java | 13 +- .../ConsoleFrontendConfiguration.java | 4 +- .../ConsoleSecurityConfiguration.java | 44 +- .../controller/CurrentUserEndpoint.java | 26 +- .../account/OrganizationController.java | 14 +- .../controller/account/UserController.java | 35 +- .../account/UserGroupController.java | 23 +- .../account/UserIdpBindController.java | 8 +- .../analysis/AnalysisController.java | 75 +- .../app/AppAccessPolicyController.java | 14 +- .../controller/app/AppAccountController.java | 14 +- .../controller/app/AppCertController.java | 20 +- .../console/controller/app/AppController.java | 16 +- .../app/AppPermissionActionController.java | 18 +- .../app/AppPermissionPolicyController.java | 14 +- .../app/AppPermissionResourceController.java | 24 +- .../app/AppPermissionRoleController.java | 24 +- .../controller/app/AppSaml2Controller.java | 25 +- .../controller/app/AppTemplateController.java | 25 +- .../IdentityProviderController.java | 13 +- .../IdentitySourceController.java | 14 +- .../IdentitySourceEventController.java | 20 +- .../IdentitySourceSyncController.java | 14 +- .../session/SessionManageEndpoint.java | 58 +- .../setting/AdministratorController.java | 20 +- .../setting/GeoIpLibraryController.java | 14 +- .../setting/MailProviderController.java | 21 +- .../setting/MailTemplateController.java | 20 +- .../setting/SecurityController.java | 18 +- .../setting/SmsProviderController.java | 16 +- .../setting/SmsTemplateController.java | 23 +- .../controller/setting/StorageController.java | 14 +- .../account/OrganizationConverter.java | 15 +- .../converter/account/UserConverter.java | 58 +- .../converter/account/UserGroupConverter.java | 25 +- .../app/AppAccessPolicyConverter.java | 11 +- .../converter/app/AppAccountConverter.java | 13 +- .../converter/app/AppCertConverter.java | 21 +- .../console/converter/app/AppConverter.java | 27 +- .../app/AppPermissionActionConverter.java | 23 +- .../app/AppPermissionPolicyConverter.java | 13 +- .../app/AppPermissionResourceConverter.java | 25 +- .../app/AppPermissionRoleConverter.java | 25 +- .../converter/app/UserIdpBindConverter.java | 9 +- .../IdentityProviderConverter.java | 139 ++-- .../IdentitySourceConverter.java | 44 +- .../IdentitySourceEventRecordConverter.java | 23 +- .../IdentitySourceSyncConverter.java | 28 +- .../setting/AdministratorConverter.java | 23 +- .../setting/GeoLocationSettingConverter.java | 23 +- .../setting/MailTemplateConverter.java | 13 +- .../setting/MessageSettingConverter.java | 34 +- .../setting/PasswordPolicyConverter.java | 14 +- .../setting/SecuritySettingConverter.java | 31 +- .../setting/StorageSettingConverter.java | 25 +- ...onsoleAdminPasswordInitializeListener.java | 22 +- .../ConsoleAesSecretInitializeListener.java | 108 +++ .../IdentitySourceConfigValidatorParam.java | 19 +- .../pojo/other/OrganizationExcelData.java | 16 +- .../query/account/UserGroupListQuery.java | 12 +- .../pojo/query/analysis/AnalysisQuery.java | 28 +- .../console/pojo/query/app/AppCertQuery.java | 14 +- .../app/AppPermissionActionListQuery.java | 15 +- .../query/app/AppPermissionRoleListQuery.java | 13 +- .../console/pojo/query/app/AppQuery.java | 11 +- .../pojo/query/app/AppResourceListQuery.java | 13 +- .../IdentityProviderListQuery.java | 23 +- .../IdentitySourceEventRecordListQuery.java | 13 +- .../identity/IdentitySourceListQuery.java | 12 +- .../IdentitySourceSyncHistoryListQuery.java | 16 +- .../IdentitySourceSyncRecordListQuery.java | 16 +- .../query/setting/AdministratorListQuery.java | 6 +- .../account/OrganizationChildResult.java | 10 +- .../result/account/OrganizationResult.java | 10 +- .../account/OrganizationRootResult.java | 10 +- .../account/OrganizationTreeResult.java | 12 +- .../result/account/UserGroupListResult.java | 9 +- .../account/UserGroupMemberListResult.java | 9 +- .../pojo/result/account/UserGroupResult.java | 9 +- .../pojo/result/account/UserListResult.java | 13 +- .../account/UserLoginAuditListResult.java | 8 +- .../pojo/result/account/UserResult.java | 11 +- .../result/analysis/AppVisitRankResult.java | 5 +- .../analysis/AuthnHotProviderResult.java | 3 +- .../result/analysis/AuthnQuantityResult.java | 5 +- .../pojo/result/analysis/AuthnZoneResult.java | 48 ++ .../pojo/result/analysis/OverviewResult.java | 5 +- .../result/app/AppAccessPolicyResult.java | 6 +- .../pojo/result/app/AppAccountListResult.java | 5 +- .../pojo/result/app/AppCertListResult.java | 6 +- .../pojo/result/app/AppCreateResult.java | 7 +- .../console/pojo/result/app/AppGetResult.java | 10 +- .../pojo/result/app/AppListResult.java | 8 +- .../app/AppPermissionActionListResult.java | 11 +- .../app/AppPermissionPolicyGetResult.java | 8 +- .../app/AppPermissionPolicyListResult.java | 4 +- .../app/AppPermissionResourceGetResult.java | 12 +- .../app/AppPermissionResourceListResult.java | 9 +- .../app/AppPermissionRoleListResult.java | 9 +- .../result/app/AppPermissionRoleResult.java | 7 +- .../pojo/result/app/AppTemplateResult.java | 8 +- .../result/app/ParseSaml2MetadataResult.java | 7 +- .../result/app/UserIdpBindListResult.java | 17 +- .../IdentityProviderCreateResult.java | 13 +- .../IdentityProviderListResult.java | 21 +- .../IdentityProviderResult.java | 13 +- .../IdentitySourceConfigGetResult.java | 10 +- .../IdentitySourceEventRecordListResult.java | 14 +- .../IdentitySourceGetResult.java | 12 +- .../IdentitySourceListResult.java | 7 +- .../IdentitySourceSyncHistoryListResult.java | 16 +- .../IdentitySourceSyncRecordListResult.java | 8 +- .../setting/AdministratorListResult.java | 13 +- .../result/setting/AdministratorResult.java | 9 +- .../setting/EmailProviderConfigResult.java | 10 +- .../setting/EmailTemplateListResult.java | 9 +- .../result/setting/EmailTemplateResult.java | 9 +- .../result/setting/GeoIpProviderResult.java | 11 +- .../setting/PasswordPolicyConfigResult.java | 6 +- .../setting/SecurityBasicConfigResult.java | 7 +- .../setting/SecurityCaptchaConfigResult.java | 8 +- .../setting/SecurityMfaConfigResult.java | 10 +- .../result/setting/SmsTemplateListResult.java | 8 +- .../setting/StorageProviderConfigResult.java | 18 +- .../setting/WeakPasswordLibListResult.java | 7 +- .../save/account/OrganizationCreateParam.java | 13 +- .../pojo/save/account/UserCreateParam.java | 20 +- .../save/account/UserGroupCreateParam.java | 10 +- .../save/app/AppAccessPolicyCreateParam.java | 9 +- .../pojo/save/app/AppAccountCreateParam.java | 13 +- .../console/pojo/save/app/AppCreateParam.java | 8 +- .../app/AppPermissionPolicyCreateParam.java | 11 +- .../app/AppPermissionResourceCreateParam.java | 10 +- .../app/AppPermissionRoleCreateParam.java | 8 +- .../save/app/AppPermissionsActionParam.java | 10 +- .../pojo/save/app/AppSaveConfigParam.java | 10 +- .../IdentityProviderCreateParam.java | 30 +- .../InitializeAdminSaveParam.java | 10 +- .../IdentitySourceConfigSaveParam.java | 20 +- .../IdentitySourceCreateParam.java | 15 +- .../IdentitySourceCreateResult.java | 7 +- .../setting/AdministratorCreateParam.java | 5 +- .../setting/EmailCustomTemplateSaveParam.java | 10 +- .../save/setting/GeoIpProviderSaveParam.java | 14 +- .../save/setting/MailProviderSaveParam.java | 11 +- .../save/setting/PasswordPolicySaveParam.java | 6 +- .../save/setting/SecurityBasicSaveParam.java | 7 +- .../setting/SecurityCaptchaSaveParam.java | 14 +- .../save/setting/SecurityMfaSaveParam.java | 13 +- .../save/setting/SmsProviderSaveParam.java | 16 +- .../save/setting/StorageConfigSaveParam.java | 14 +- .../pojo/setting/SmsProviderConfigResult.java | 12 +- .../account/OrganizationUpdateParam.java | 13 +- .../update/account/ResetPasswordParam.java | 18 +- .../update/account/UserGroupUpdateParam.java | 10 +- .../pojo/update/account/UserUpdateParam.java | 13 +- .../app/AppPermissionPolicyUpdateParam.java | 11 +- .../app/AppPermissionResourceUpdateParam.java | 14 +- .../pojo/update/app/AppSaveConfigParam.java | 10 +- .../pojo/update/app/AppUpdateParam.java | 8 +- .../update/app/PermissionRoleUpdateParam.java | 9 +- .../update/authentication/IdpUpdateParam.java | 29 +- .../identity/IdentitySourceUpdateParam.java | 12 +- .../setting/AdministratorUpdateParam.java | 9 +- .../handler/ConsoleAccessDeniedHandler.java | 13 +- .../ConsoleAuthenticationEntryPoint.java | 10 +- .../ConsoleAuthenticationFailureHandler.java | 14 +- .../ConsoleAuthenticationSuccessHandler.java | 12 +- .../handler/ConsoleLogoutSuccessHandler.java | 17 +- ...oleAuthenticationFailureEventListener.java | 18 +- ...oleAuthenticationSuccessEventListener.java | 46 +- .../ConsoleLogoutSuccessEventListener.java | 17 +- ...soleSessionInformationExpiredStrategy.java | 9 +- .../service/account/OrganizationService.java | 12 +- .../service/account/UserGroupService.java | 12 +- .../console/service/account/UserService.java | 14 +- .../account/impl/OrganizationServiceImpl.java | 74 +- .../impl/UserAccountAssociateServiceImpl.java | 4 +- .../account/impl/UserGroupServiceImpl.java | 91 ++- .../service/account/impl/UserServiceImpl.java | 89 +-- .../impl/UserSocialBindServiceImpl.java | 4 +- .../userdetail/UserDetailsServiceImpl.java | 21 +- .../service/analysis/AnalysisService.java | 30 +- .../analysis/impl/AnalysisServiceImpl.java | 185 +++-- .../console/service/app/AppCertService.java | 4 +- .../app/AppPermissionActionService.java | 4 +- .../console/service/app/AppSaml2Service.java | 4 +- .../console/service/app/AppService.java | 4 +- .../service/app/AppTemplateService.java | 6 +- .../service/app/UserIdpBindService.java | 4 +- .../app/impl/AppAccessPolicyServiceImpl.java | 17 +- .../app/impl/AppAccountServiceImpl.java | 25 +- .../service/app/impl/AppCertServiceImpl.java | 8 +- .../impl/AppPermissionActionServiceImpl.java | 11 +- .../impl/AppPermissionPolicyServiceImpl.java | 8 +- .../AppPermissionResourceServiceImpl.java | 34 +- .../impl/AppPermissionRoleServiceImpl.java | 26 +- .../service/app/impl/AppSaml2ServiceImpl.java | 53 +- .../service/app/impl/AppServiceImpl.java | 34 +- .../app/impl/AppTemplateServiceImpl.java | 12 +- .../app/impl/UserIdpBindServiceImpl.java | 12 +- .../IdentityProviderService.java | 9 +- .../impl/IdentityProviderServiceImpl.java | 29 +- .../identitysource/IdentitySourceService.java | 4 +- .../IdentitySourceEventRecordServiceImpl.java | 15 +- .../impl/IdentitySourceServiceImpl.java | 25 +- .../impl/IdentitySourceSyncServiceImpl.java | 22 +- .../service/setting/AdministratorService.java | 11 + .../service/setting/MailTemplateService.java | 4 +- .../setting/PasswordPolicyService.java | 4 +- .../service/setting/SettingService.java | 4 +- .../service/setting/SmsTemplateService.java | 4 +- .../impl/AdministratorServiceImpl.java | 75 +- .../impl/GeoLocationSettingServiceImpl.java | 8 +- .../setting/impl/MailTemplateServiceImpl.java | 26 +- .../impl/MessageSettingServiceImpl.java | 4 +- .../impl/PasswordPolicyServiceImpl.java | 12 +- .../impl/SecuritySettingServiceImpl.java | 18 +- .../setting/impl/SettingServiceImpl.java | 11 +- .../setting/impl/SmsTemplateServiceImpl.java | 14 +- .../impl/StorageSettingServiceImpl.java | 4 +- .../CustomRedisSessionRepository.java | 78 ++ .../configuration/EiamCacheConfiguration.java | 83 ++ .../EiamGeoLocationConfiguration.java | 3 +- .../EiamSchedulingConfiguration.java | 7 - .../RedisSessionConfiguration.java | 248 ++++++ .../core/context/SettingContextHelp.java | 9 +- .../CurrentSessionStatusEndpoint.java | 2 +- .../employee/core/logger/LogAspect.java | 6 +- .../message/mail/MailMsgEventListener.java | 4 +- .../core/message/sms/SmsMsgEventListener.java | 4 +- .../captcha/CaptchaValidatorFilter.java | 120 --- .../geetest/GeeTestCaptchaValidator.java | 120 --- .../captcha/geetest/package-info.java | 18 - .../jackson2/UserDetailsDeserializer.java | 4 +- .../core/security/otp/OtpContextHelp.java | 2 +- .../PasswordComplexityRuleValidator.java | 10 +- .../weak/DefaultPasswordWeakLibImpl.java | 1 - .../HttpSessionRedirectCache.java | 20 +- .../LoginRedirectParameterFilter.java | 2 +- .../security/savedredirect/RedirectCache.java | 2 +- .../core/security/session/SessionDetails.java | 5 + .../TopIamSessionBackedSessionRegistry.java | 6 +- .../security/userdetails/UserDetails.java | 5 + .../constant/MessageSettingConstants.java | 2 +- .../identitysource/core/IdentitySource.java | 5 +- .../modal/IdentitySourceEventProcessData.java | 2 +- .../dingtalk/DingTalkIdentitySource.java | 12 +- .../feishu/FieShuIdentitySource.java | 2 +- .../wechatwork/WeChatWorkIdentitySource.java | 14 +- .../wechatwork/util/AesException.java | 16 +- .../EiamCaptchaValidatorConfiguration.java | 20 +- .../configuration/PortalApiConfiguration.java | 14 +- .../PortalFrontendConfiguration.java | 4 +- .../PortalSecurityConfiguration.java | 329 ++++---- .../portal/controller/AccountController.java | 32 +- .../portal/controller/AppController.java | 12 +- .../controller/CurrentUserController.java | 28 +- .../controller/SessionManageEndpoint.java | 56 +- .../login/LoginConfigController.java | 12 +- .../portal/converter/AccountConverter.java | 18 +- .../portal/converter/AppConverter.java | 25 +- .../converter/LoginConfigConverter.java | 11 +- .../handler/PortalAccessDeniedHandler.java | 13 +- .../PortalAuthenticationEntryPoint.java | 16 +- .../PortalAuthenticationFailureHandler.java | 27 +- .../PortalAuthenticationSuccessHandler.java | 41 +- .../handler/PortalLogoutSuccessHandler.java | 17 +- .../idp/IdpRedirectParameterMatcher.java | 9 +- .../idp/bind/IdpAuthenticationConfigurer.java | 18 +- .../bind/IdpBindUserAuthenticationFilter.java | 92 ++- .../portal/idp/bind/UserBindIdpException.java | 3 +- ...talAuthenticationFailureEventListener.java | 22 +- ...talAuthenticationSuccessEventListener.java | 45 +- .../PortalLogoutSuccessEventListener.java | 15 +- ...rtalSessionInformationExpiredStrategy.java | 9 +- .../portal/pojo/query/GetAppListQuery.java | 10 +- .../pojo/request/AccountBindIdpRequest.java | 12 +- .../portal/pojo/request/BindTotpRequest.java | 12 +- .../pojo/request/ChangeEmailRequest.java | 12 +- .../pojo/request/ChangePasswordRequest.java | 12 +- .../pojo/request/ChangePhoneRequest.java | 12 +- .../pojo/request/PrepareBindTotpRequest.java | 12 +- .../request/PrepareChangeEmailRequest.java | 54 ++ .../request/PrepareChangePhoneRequest.java | 62 ++ .../pojo/request/UpdateUserInfoRequest.java | 7 +- .../portal/pojo/result/GetAppListResult.java | 23 +- .../portal/pojo/result/LoginConfigResult.java | 28 +- .../pojo/result/PrepareBindMfaResult.java | 9 +- .../portal/service/AccountService.java | 16 + .../service/impl/AccountServiceImpl.java | 93 ++- .../portal/service/impl/AppServiceImpl.java | 5 +- .../service/impl/LoginConfigServiceImpl.java | 13 +- .../service/impl/UserIdpServiceImpl.java | 14 +- .../userdetail/UserDetailsServiceImpl.java | 23 +- .../repository/LogicDeleteRepository.java | 34 +- .../repository/domain/BaseTenantEntity.java | 2 +- .../repository/domain/LogicDeleteEntity.java | 48 ++ .../employee/support/util/AesUtils.java | 10 +- .../support/util/HttpClientUtils.java | 4 +- .../support/util/HttpResponseUtils.java | 9 +- .../topiam/employee/support/util/IpUtils.java | 3 + 532 files changed, 9835 insertions(+), 4015 deletions(-) rename eiam-application/{eiam-application-core/src/main/java/cn/topiam/employee/application => eiam-application-cas/src/main/java/cn/topiam/employee/application/cas}/CasApplicationService.java (81%) rename {eiam-core/src/main/java/cn/topiam/employee/core/protocol => eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/model}/CasSsoModel.java (82%) create mode 100644 eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/pojo/AppCasProtocolEndpoint.java rename eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/{model => pojo}/AppCasStandardConfigGetResult.java (69%) rename eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/{model => pojo}/AppCasStandardSaveConfigParam.java (73%) create mode 100644 eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/FormApplicationService.java create mode 100644 eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/converter/AppFormConfigConverter.java create mode 100644 eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/model/FormProtocolConfig.java create mode 100644 eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/pojo/AppFormConfigGetResult.java create mode 100644 eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/pojo/AppFormProtocolEndpoint.java create mode 100644 eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/pojo/AppFormSaveConfigParam.java create mode 100644 eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/AppOidcProtocolEndpoint.java rename eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/{model => pojo}/AppOidcStandardConfigGetResult.java (55%) rename eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/{model => pojo}/AppOidcStandardSaveConfigParam.java (98%) rename eiam-application/{eiam-application-saml2/src/main/java/cn/topiam/employee/application => eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo}/package-info.java (85%) rename eiam-application/{eiam-application-core/src/main/java/cn/topiam/employee/application => eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2}/Saml2ApplicationService.java (79%) rename eiam-application/{eiam-application-core/src/main/java/cn/topiam/employee/application => eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2}/SamlRamRoleNameValueType.java (91%) rename {eiam-core/src/main/java/cn/topiam/employee/core/protocol => eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model}/Saml2ProtocolConfig.java (97%) rename {eiam-core/src/main/java/cn/topiam/employee/core/protocol => eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model}/Saml2SsoModel.java (97%) rename eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/{model/Saml2ProtocolEndpoint.java => pojo/AppSaml2ProtocolEndpoint.java} (93%) rename eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/{model => pojo}/AppSaml2StandardConfigGetResult.java (97%) rename eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/{model => pojo}/AppSaml2StandardSaveConfigParam.java (98%) rename eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/{model => pojo}/Saml2ConverterUtils.java (83%) rename {eiam-common/src/main/java/cn/topiam/employee/common/enums => eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common}/IdentityProviderCategory.java (83%) rename {eiam-common/src/main/java/cn/topiam/employee/common/enums/converter => eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common}/IdentityProviderCategoryConverter.java (92%) create mode 100644 eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderType.java rename eiam-common/src/main/java/cn/topiam/employee/common/util/CasUtils.java => eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/constant/AuthenticationConstants.java (68%) rename eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/CaptchaValidator.java => eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/exception/IdentityProviderNotExistException.java (58%) create mode 100644 eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/util/AuthenticationUtils.java rename eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/geetest/GeeTestCaptchaProviderConfig.java => eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/FeiShuIdpScanCodeConfig.java (57%) create mode 100644 eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/configurer/FeiShuScanCodeAuthenticationConfigurer.java create mode 100644 eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/constant/FeiShuAuthenticationConstants.java delete mode 100644 eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuAuthenticationFilter.java create mode 100644 eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuAuthorizationRequestGetFilter.java create mode 100644 eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java create mode 100644 eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationConfigurer.java create mode 100644 eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationFilter.java create mode 100644 eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationHandler.java create mode 100644 eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationMfaFactorsFilter.java create mode 100644 eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationSendOtpFilter.java create mode 100644 eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/constant/MfaAuthenticationConstants.java rename eiam-authentication/{eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/configurer => eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/constant}/package-info.java (85%) create mode 100644 eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/email/EmailOtpProviderValidator.java create mode 100644 eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/sms/SmsOtpProviderValidator.java create mode 100644 eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/totp/TotpProviderValidator.java create mode 100644 eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/SendSmsCaptchaFilter.java rename eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/{configurer => }/SmsAuthenticationConfigurer.java (72%) rename eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/{filter => }/SmsAuthenticationFilter.java (71%) create mode 100644 eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/constant/SmsAuthenticationConstants.java rename eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/{filter => constant}/package-info.java (93%) create mode 100644 eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/exception/CaptchaNotExistException.java create mode 100644 eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/exception/PhoneNotExistException.java rename {eiam-core/src/main/java/cn/topiam/employee/core/security/captcha => eiam-common/src/main/java/cn/topiam/employee/common/context}/package-info.java (86%) create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/crypto/Encrypt.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptContextHelp.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedDeserializerModifier.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedJsonDeserializer.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedJsonSerializer.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedSerializerModifier.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptionModule.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/crypto/Type.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppFormConfigEntity.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppTsaConfigEntity.java rename eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/model/AppFormConfigGetResult.java => eiam-common/src/main/java/cn/topiam/employee/common/entity/app/po/AppFormConfigPO.java (60%) create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/entity/app/po/AppTsaConfigPO.java rename eiam-common/src/main/java/cn/topiam/employee/common/entity/{ => message}/MailSendRecordEntity.java (74%) rename eiam-common/src/main/java/cn/topiam/employee/common/entity/{ => message}/SmsSendRecordEntity.java (75%) delete mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/enums/IdentityProviderType.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/enums/app/CasUserIdentityType.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/enums/app/FormSubmitType.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/enums/app/converter/CasUserIdentityTypeConverter.java rename eiam-common/src/main/java/cn/topiam/employee/common/enums/{converter/IdentityProviderTypeConverter.java => app/converter/FormSubmitTypeConverter.java} (75%) rename eiam-common/src/main/java/cn/topiam/employee/common/enums/{identityprovider => identitysource}/IdentitySourceProvider.java (98%) rename eiam-common/src/main/java/cn/topiam/employee/common/enums/{identityprovider => identitysource}/converter/IdentitySourceProviderConverter.java (94%) create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/geo/District.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppFormConfigRepository.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppFormConfigRepositoryCustomized.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppTsaConfigRepository.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppTsaConfigRepositoryCustomized.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppFormConfigRepositoryCustomizedImpl.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppTsaConfigRepositoryCustomizedImpl.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppFormConfigPoMapper.java create mode 100644 eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppTsaConfigPoMapper.java rename eiam-common/src/main/java/cn/topiam/employee/common/repository/{ => message}/MailSendRecordRepository.java (74%) rename eiam-common/src/main/java/cn/topiam/employee/common/repository/{ => message}/SmsSendRecordRepository.java (75%) create mode 100644 eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAesSecretInitializeListener.java create mode 100644 eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnZoneResult.java create mode 100644 eiam-core/src/main/java/cn/topiam/employee/core/configuration/CustomRedisSessionRepository.java create mode 100644 eiam-core/src/main/java/cn/topiam/employee/core/configuration/RedisSessionConfiguration.java delete mode 100644 eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/CaptchaValidatorFilter.java delete mode 100644 eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/geetest/GeeTestCaptchaValidator.java delete mode 100644 eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/geetest/package-info.java rename {eiam-core/src/main/java/cn/topiam/employee/core => eiam-portal/src/main/java/cn/topiam/employee/portal}/configuration/EiamCaptchaValidatorConfiguration.java (85%) create mode 100644 eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangeEmailRequest.java create mode 100644 eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangePhoneRequest.java rename eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/NoneCaptchaProvider.java => eiam-support/src/main/java/cn/topiam/employee/support/repository/LogicDeleteRepository.java (54%) create mode 100644 eiam-support/src/main/java/cn/topiam/employee/support/repository/domain/LogicDeleteEntity.java diff --git a/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/AbstractCasApplicationService.java b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/AbstractCasApplicationService.java index c1b3ac19..fd9570e5 100644 --- a/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/AbstractCasApplicationService.java +++ b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/AbstractCasApplicationService.java @@ -22,10 +22,9 @@ import org.slf4j.LoggerFactory; import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.application.AbstractApplicationService; -import cn.topiam.employee.application.CasApplicationService; +import cn.topiam.employee.application.cas.model.CasSsoModel; import cn.topiam.employee.common.entity.app.po.AppCasConfigPO; import cn.topiam.employee.common.repository.app.*; -import cn.topiam.employee.core.protocol.CasSsoModel; /** * CAS 应用配置 @@ -58,8 +57,8 @@ public abstract class AbstractCasApplicationService extends AbstractApplicationS @Override public CasSsoModel getSsoModel(Long appId) { - AppCasConfigPO appCasConfigPO = appCasConfigRepository.getByAppId(appId); - return CasSsoModel.builder().ssoCallbackUrl(appCasConfigPO.getSpCallbackUrl()).build(); + AppCasConfigPO appCasConfigPo = appCasConfigRepository.getByAppId(appId); + return CasSsoModel.builder().clientServiceUrl(appCasConfigPo.getClientServiceUrl()).build(); } /** diff --git a/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/CasApplicationService.java b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/CasApplicationService.java similarity index 81% rename from eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/CasApplicationService.java rename to eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/CasApplicationService.java index 7752258f..6397a9ab 100644 --- a/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/CasApplicationService.java +++ b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/CasApplicationService.java @@ -1,5 +1,5 @@ /* - * eiam-application-core - Employee Identity and Access Management Program + * eiam-application-cas - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,9 +15,10 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application; +package cn.topiam.employee.application.cas; -import cn.topiam.employee.core.protocol.CasSsoModel; +import cn.topiam.employee.application.ApplicationService; +import cn.topiam.employee.application.cas.model.CasSsoModel; /** * @author TopIAM diff --git a/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/CasStandardApplicationServiceImpl.java b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/CasStandardApplicationServiceImpl.java index 39851e2e..3b6e750f 100644 --- a/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/CasStandardApplicationServiceImpl.java +++ b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/CasStandardApplicationServiceImpl.java @@ -28,26 +28,19 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; -import cn.topiam.employee.application.cas.model.AppCasStandardConfigGetResult; -import cn.topiam.employee.application.cas.model.AppCasStandardSaveConfigParam; +import cn.topiam.employee.application.cas.converter.AppCasStandardConfigConverter; +import cn.topiam.employee.application.cas.pojo.AppCasStandardSaveConfigParam; import cn.topiam.employee.application.exception.AppNotExistException; import cn.topiam.employee.audit.context.AuditContext; -import cn.topiam.employee.common.constants.ProtocolConstants; import cn.topiam.employee.common.entity.app.AppCasConfigEntity; import cn.topiam.employee.common.entity.app.AppEntity; import cn.topiam.employee.common.entity.app.po.AppCasConfigPO; -import cn.topiam.employee.common.enums.app.AppProtocol; -import cn.topiam.employee.common.enums.app.AppType; -import cn.topiam.employee.common.enums.app.AuthorizationType; -import cn.topiam.employee.common.enums.app.InitLoginType; +import cn.topiam.employee.common.enums.app.*; import cn.topiam.employee.common.repository.app.*; -import cn.topiam.employee.core.context.ServerContextHelp; import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.validation.ValidationHelp; import static com.fasterxml.jackson.databind.DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES; -import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE_VARIABLE; - /** * Cas 用户应用 * @@ -68,10 +61,12 @@ public class CasStandardApplicationServiceImpl extends AbstractCasApplicationSer AppAccountRepository appAccountRepository, AppAccessPolicyRepository appAccessPolicyRepository, AppRepository appRepository, - AppCasConfigRepository appCasConfigRepository) { + AppCasConfigRepository appCasConfigRepository, + AppCasStandardConfigConverter casStandardConfigConverter) { super(appCertRepository, appAccountRepository, appAccessPolicyRepository, appRepository, appCasConfigRepository); this.appCasConfigRepository = appCasConfigRepository; + this.casStandardConfigConverter = casStandardConfigConverter; } /** @@ -119,7 +114,8 @@ public class CasStandardApplicationServiceImpl extends AbstractCasApplicationSer throw new AppNotExistException(); } AppCasConfigEntity entity = cas.get(); - entity.setSpCallbackUrl(model.getSpCallbackUrl()); + entity.setClientServiceUrl(model.getClientServerUrl()); + entity.setUserIdentityType(model.getUserIdentityType()); appCasConfigRepository.save(entity); } @@ -133,18 +129,7 @@ public class CasStandardApplicationServiceImpl extends AbstractCasApplicationSer @Override public Object getConfig(String appId) { AppCasConfigPO po = appCasConfigRepository.getByAppId(Long.valueOf(appId)); - AppCasStandardConfigGetResult result = new AppCasStandardConfigGetResult(); - result.setAuthorizationType(po.getAuthorizationType()); - result.setInitLoginType(po.getInitLoginType()); - result.setInitLoginUrl(po.getInitLoginUrl()); - result.setSpCallbackUrl(po.getSpCallbackUrl()); - - String baseUrl = ServerContextHelp.getPortalPublicBaseUrl(); - // 服务端URL配置前缀 - result.setServerUrlPrefix( - baseUrl + ProtocolConstants.CasEndpointConstants.CAS_AUTHORIZE_BASE_PATH - .replace(APP_CODE_VARIABLE, po.getAppCode())); - return result; + return casStandardConfigConverter.entityConverterToCasConfigResult(po); } /** @@ -236,16 +221,18 @@ public class CasStandardApplicationServiceImpl extends AbstractCasApplicationSer appEntity.setProtocol(getProtocol()); appEntity.setClientId(idGenerator.generateId().toString().replace("-", "")); appEntity.setClientSecret(idGenerator.generateId().toString().replace("-", "")); - appEntity.setInitLoginType(InitLoginType.PORTAL_OR_APP); + appEntity.setInitLoginType(InitLoginType.APP); appEntity.setAuthorizationType(AuthorizationType.AUTHORIZATION); appEntity.setRemark(remark); appRepository.save(appEntity); AppCasConfigEntity casEntity = new AppCasConfigEntity(); casEntity.setAppId(appEntity.getId()); - casEntity.setSpCallbackUrl(""); + casEntity.setUserIdentityType(CasUserIdentityType.USER_USERNAME); appCasConfigRepository.save(casEntity); return appEntity.getId().toString(); } + private final AppCasStandardConfigConverter casStandardConfigConverter; + } diff --git a/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/converter/AppCasStandardConfigConverter.java b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/converter/AppCasStandardConfigConverter.java index 82e67f8c..8cd8fb0a 100644 --- a/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/converter/AppCasStandardConfigConverter.java +++ b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/converter/AppCasStandardConfigConverter.java @@ -19,6 +19,13 @@ package cn.topiam.employee.application.cas.converter; import org.mapstruct.Mapper; +import cn.topiam.employee.application.cas.pojo.AppCasProtocolEndpoint; +import cn.topiam.employee.application.cas.pojo.AppCasStandardConfigGetResult; +import cn.topiam.employee.common.constants.ProtocolConstants; +import cn.topiam.employee.common.entity.app.po.AppCasConfigPO; +import cn.topiam.employee.core.context.ServerContextHelp; +import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE_VARIABLE; + /** * 配置转换 * @@ -27,4 +34,40 @@ import org.mapstruct.Mapper; */ @Mapper(componentModel = "spring") public interface AppCasStandardConfigConverter { + + /** + * 实体转CAS配置 + * + * @param po {@link AppCasConfigPO} + * @return {@link AppCasStandardConfigGetResult} + */ + default AppCasStandardConfigGetResult entityConverterToCasConfigResult(AppCasConfigPO po) { + AppCasStandardConfigGetResult result = new AppCasStandardConfigGetResult(); + result.setAuthorizationType(po.getAuthorizationType()); + result.setInitLoginType(po.getInitLoginType()); + result.setInitLoginUrl(po.getInitLoginUrl()); + result.setClientServiceUrl(po.getClientServiceUrl()); + result.setUserIdentityType(po.getUserIdentityType()); + + //封装端点信息 + AppCasProtocolEndpoint protocolEndpoint = new AppCasProtocolEndpoint(); + String baseUrl = ServerContextHelp.getPortalPublicBaseUrl(); + protocolEndpoint + .setCasSsoEndpoint(baseUrl + ProtocolConstants.CasEndpointConstants.CAS_LOGIN_PATH + .replace(APP_CODE_VARIABLE, po.getAppCode())); + protocolEndpoint + .setCasSloEndpoint(baseUrl + ProtocolConstants.CasEndpointConstants.CAS_LOGOUT_PATH + .replace(APP_CODE_VARIABLE, po.getAppCode())); + protocolEndpoint.setCasValidateEndpoint( + baseUrl + ProtocolConstants.CasEndpointConstants.CAS_VALIDATE_V1_PATH + .replace(APP_CODE_VARIABLE, po.getAppCode())); + protocolEndpoint.setCasValidateV2Endpoint( + baseUrl + ProtocolConstants.CasEndpointConstants.CAS_VALIDATE_V2_PATH + .replace(APP_CODE_VARIABLE, po.getAppCode())); + protocolEndpoint.setCasValidateV3Endpoint( + baseUrl + ProtocolConstants.CasEndpointConstants.CAS_VALIDATE_V3_PATH + .replace(APP_CODE_VARIABLE, po.getAppCode())); + result.setProtocolEndpoint(protocolEndpoint); + return result; + } } diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/protocol/CasSsoModel.java b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/model/CasSsoModel.java similarity index 82% rename from eiam-core/src/main/java/cn/topiam/employee/core/protocol/CasSsoModel.java rename to eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/model/CasSsoModel.java index 14719eed..2c00928e 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/protocol/CasSsoModel.java +++ b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/model/CasSsoModel.java @@ -1,5 +1,5 @@ /* - * eiam-core - Employee Identity and Access Management Program + * eiam-application-cas - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.core.protocol; +package cn.topiam.employee.application.cas.model; import java.io.Serializable; @@ -30,6 +30,9 @@ import lombok.Data; @Builder public class CasSsoModel implements Serializable { - private String ssoCallbackUrl; + /** + * 客户端服务URL + */ + private String clientServiceUrl; } diff --git a/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/pojo/AppCasProtocolEndpoint.java b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/pojo/AppCasProtocolEndpoint.java new file mode 100644 index 00000000..888d2aa0 --- /dev/null +++ b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/pojo/AppCasProtocolEndpoint.java @@ -0,0 +1,69 @@ +/* + * eiam-application-cas - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.application.cas.pojo; + +import java.io.Serial; +import java.io.Serializable; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; + +/** +* 协议端点域 +* +* @author TopIAM +* Created by support@topiam.cn on 2022/6/4 23:37 +*/ +@Data +@Schema(description = "协议端点") +public class AppCasProtocolEndpoint implements Serializable { + + @Serial + private static final long serialVersionUID = -2261602995152894964L; + + /** + * CAS SSO 端点 + */ + @Schema(description = "CAS SSO 端点") + private String casSsoEndpoint; + + /** + * CAS SLO 端点 + */ + @Schema(description = "CAS SLO 端点") + private String casSloEndpoint; + + /** + * CAS 校验端点 + */ + @Schema(description = "CAS 校验端点") + private String casValidateEndpoint; + + /** + * CAS v2 校验端点 + */ + @Schema(description = "CAS V2 校验端点") + private String casValidateV2Endpoint; + + /** + * CAS v3 校验端点 + */ + @Schema(description = "CAS V3 校验端点") + private String casValidateV3Endpoint; +} diff --git a/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/model/AppCasStandardConfigGetResult.java b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/pojo/AppCasStandardConfigGetResult.java similarity index 69% rename from eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/model/AppCasStandardConfigGetResult.java rename to eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/pojo/AppCasStandardConfigGetResult.java index f4815280..b79c8434 100644 --- a/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/model/AppCasStandardConfigGetResult.java +++ b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/pojo/AppCasStandardConfigGetResult.java @@ -15,14 +15,14 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application.cas.model; +package cn.topiam.employee.application.cas.pojo; import cn.topiam.employee.common.enums.app.AuthorizationType; +import cn.topiam.employee.common.enums.app.CasUserIdentityType; import cn.topiam.employee.common.enums.app.InitLoginType; import lombok.Data; -import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; /** @@ -37,28 +37,35 @@ public class AppCasStandardConfigGetResult { * 应用ID */ @Schema(description = "授权类型") - private AuthorizationType authorizationType; + private AuthorizationType authorizationType; /** * SSO 发起登录类型 */ @Schema(description = "SSO 发起登录类型") - private InitLoginType initLoginType; + private InitLoginType initLoginType; /** * SSO 发起登录URL */ @Schema(description = "SSO 发起登录URL") - private String initLoginUrl; + private String initLoginUrl; /** - * 单点登录 SP 回调地址 + * 客户端服务URL */ - @Parameter(name = "单点登录 sp Callback Url") - private String spCallbackUrl; + @Schema(name = "客户端服务URL") + private String clientServiceUrl; /** - * Server端配置前缀 + * 用户身份类型标识 */ - private String serverUrlPrefix; + @Schema(name = "用户身份类型标识") + private CasUserIdentityType userIdentityType; + + /** + * CAS 协议端点 + */ + @Schema(name = "CAS 协议端点") + private AppCasProtocolEndpoint protocolEndpoint; } diff --git a/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/model/AppCasStandardSaveConfigParam.java b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/pojo/AppCasStandardSaveConfigParam.java similarity index 73% rename from eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/model/AppCasStandardSaveConfigParam.java rename to eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/pojo/AppCasStandardSaveConfigParam.java index 0ea31a7a..4806e1fe 100644 --- a/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/model/AppCasStandardSaveConfigParam.java +++ b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/pojo/AppCasStandardSaveConfigParam.java @@ -15,17 +15,17 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application.cas.model; +package cn.topiam.employee.application.cas.pojo; import java.io.Serial; import java.io.Serializable; import cn.topiam.employee.common.enums.app.AuthorizationType; +import cn.topiam.employee.common.enums.app.CasUserIdentityType; import cn.topiam.employee.common.enums.app.InitLoginType; import lombok.Data; -import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; /** @@ -35,29 +35,35 @@ import io.swagger.v3.oas.annotations.media.Schema; @Data public class AppCasStandardSaveConfigParam implements Serializable { @Serial - private static final long serialVersionUID = 1881187724713984421L; + private static final long serialVersionUID = 1881187724713984421L; /** * 应用ID */ @Schema(description = "授权类型") - private AuthorizationType authorizationType; + private AuthorizationType authorizationType; /** * SSO 发起登录类型 */ @Schema(description = "SSO 发起登录类型") - private InitLoginType initLoginType; + private InitLoginType initLoginType; /** * SSO 发起登录URL */ @Schema(description = "SSO 发起登录URL") - private String initLoginUrl; + private String initLoginUrl; + + /** + * CAS 用户身份类型 + */ + @Schema(name = "CAS 用户身份类型") + private CasUserIdentityType userIdentityType; /** * 单点登录 SP 回调地址 */ - @Parameter(name = "单点登录 sp Callback Url") - private String spCallbackUrl; + @Schema(name = "客户端服务URL") + private String clientServerUrl; } diff --git a/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/AbstractApplicationService.java b/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/AbstractApplicationService.java index f1b32495..e7e81d20 100644 --- a/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/AbstractApplicationService.java +++ b/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/AbstractApplicationService.java @@ -57,7 +57,7 @@ public abstract class AbstractApplicationService implements ApplicationService { * 创建证书 * * @param appId {@link Long} - * @param appCode {@link Long} + * @param appCode {@link Long} * @param usingType {@link AppCertUsingType} */ public void createCertificate(Long appId, String appCode, AppCertUsingType usingType) { @@ -120,7 +120,7 @@ public abstract class AbstractApplicationService implements ApplicationService { protected final AppAccountRepository appAccountRepository; /** - * AppAccessPolicyRepository + *AppAccessPolicyRepository */ protected final AppAccessPolicyRepository appAccessPolicyRepository; diff --git a/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/ApplicationServiceLoader.java b/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/ApplicationServiceLoader.java index ea299531..62445b34 100644 --- a/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/ApplicationServiceLoader.java +++ b/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/ApplicationServiceLoader.java @@ -44,6 +44,7 @@ public class ApplicationServiceLoader implements ApplicationContextAware { * 用于保存接口实现类名及对应的类 */ private Map loadMap = new HashMap<>(16); + private ApplicationContext applicationContext; /** * key: code,value:templateImpl */ @@ -64,9 +65,9 @@ public class ApplicationServiceLoader implements ApplicationContextAware { * @see BeanInitializationException */ @Override - public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext) throws BeansException { + public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { + this.applicationContext = applicationContext; loadMap = applicationContext.getBeansOfType(ApplicationService.class); - getApplicationServiceList(); } /** @@ -101,4 +102,12 @@ public class ApplicationServiceLoader implements ApplicationContextAware { return impl; } + public void addApplicationService(List beanNameList) { + Map applicationServiceMap = new HashMap<>(16); + for (String beanName : beanNameList) { + applicationServiceMap.put(beanName, + applicationContext.getBean(beanName, ApplicationService.class)); + } + loadMap.putAll(applicationServiceMap); + } } diff --git a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/AbstractFormApplicationService.java b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/AbstractFormApplicationService.java index 9fe8f53a..3867036c 100644 --- a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/AbstractFormApplicationService.java +++ b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/AbstractFormApplicationService.java @@ -17,8 +17,11 @@ */ package cn.topiam.employee.application.form; -import cn.topiam.employee.application.ApplicationService; -import cn.topiam.employee.common.repository.app.AppCertRepository; +import org.springframework.util.AlternativeJdkIdGenerator; +import org.springframework.util.IdGenerator; + +import cn.topiam.employee.common.repository.app.AppAccountRepository; +import cn.topiam.employee.common.repository.app.AppFormConfigRepository; import cn.topiam.employee.common.repository.app.AppRepository; /** @@ -27,20 +30,40 @@ import cn.topiam.employee.common.repository.app.AppRepository; * @author TopIAM * Created by support@topiam.cn on 2022/8/23 20:58 */ -public abstract class AbstractFormApplicationService implements ApplicationService { +public abstract class AbstractFormApplicationService implements FormApplicationService { + + @Override + public void delete(String appId) { + //删除应用 + appRepository.deleteById(Long.valueOf(appId)); + //删除应用账户 + appAccountRepository.deleteAllByAppId(Long.valueOf(appId)); + // 删除应用配置 + appFormConfigRepository.deleteByAppId(Long.valueOf(appId)); + } - /** - * AppCertRepository - */ - protected final AppCertRepository appCertRepository; /** * ApplicationRepository */ - protected final AppRepository appRepository; + protected final AppRepository appRepository; - protected AbstractFormApplicationService(AppCertRepository appCertRepository, - AppRepository appRepository) { - this.appCertRepository = appCertRepository; + /** + * AppAccountRepository + */ + protected final AppAccountRepository appAccountRepository; + + protected final AppFormConfigRepository appFormConfigRepository; + + /** + * IdGenerator + */ + protected final IdGenerator idGenerator = new AlternativeJdkIdGenerator(); + + protected AbstractFormApplicationService(AppRepository appRepository, + AppAccountRepository appAccountRepository, + AppFormConfigRepository appFormConfigRepository) { this.appRepository = appRepository; + this.appAccountRepository = appAccountRepository; + this.appFormConfigRepository = appFormConfigRepository; } } diff --git a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/FormApplicationService.java b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/FormApplicationService.java new file mode 100644 index 00000000..8d105ce6 --- /dev/null +++ b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/FormApplicationService.java @@ -0,0 +1,48 @@ +/* + * eiam-application-form - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.application.form; + +import cn.topiam.employee.application.ApplicationService; +import cn.topiam.employee.application.form.model.FormProtocolConfig; +import cn.topiam.employee.common.entity.app.AppAccountEntity; + +/** + * 应用接口 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/8/20 23:20 + */ +public interface FormApplicationService extends ApplicationService { + + /** + * 获取协议配置 + * + * @param appCode {@link String} + * @return {@link FormProtocolConfig} + */ + FormProtocolConfig getProtocolConfig(String appCode); + + /** + * 获取应用用户信息 + * + * @param appId {@link Long} + * @param userId {@link Long} + * @return {@link FormProtocolConfig} + */ + AppAccountEntity getAppAccount(Long appId, Long userId); +} diff --git a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/FormStandardApplicationServiceImpl.java b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/FormStandardApplicationServiceImpl.java index 75e5dd82..ed24688d 100644 --- a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/FormStandardApplicationServiceImpl.java +++ b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/FormStandardApplicationServiceImpl.java @@ -17,15 +17,45 @@ */ package cn.topiam.employee.application.form; +import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Optional; +import javax.validation.ConstraintViolationException; + +import org.apache.commons.text.StringSubstitutor; import org.springframework.stereotype.Component; -import cn.topiam.employee.common.enums.app.AppProtocol; -import cn.topiam.employee.common.enums.app.AppType; -import cn.topiam.employee.common.repository.app.AppCertRepository; +import com.fasterxml.jackson.databind.ObjectMapper; + +import cn.topiam.employee.application.exception.AppNotExistException; +import cn.topiam.employee.application.form.converter.AppFormConfigConverter; +import cn.topiam.employee.application.form.model.FormProtocolConfig; +import cn.topiam.employee.application.form.pojo.AppFormSaveConfigParam; +import cn.topiam.employee.audit.context.AuditContext; +import cn.topiam.employee.common.entity.app.AppAccountEntity; +import cn.topiam.employee.common.entity.app.AppEntity; +import cn.topiam.employee.common.entity.app.AppFormConfigEntity; +import cn.topiam.employee.common.entity.app.po.AppFormConfigPO; +import cn.topiam.employee.common.enums.app.*; +import cn.topiam.employee.common.exception.app.AppAccountNotExistException; +import cn.topiam.employee.common.repository.app.AppAccountRepository; +import cn.topiam.employee.common.repository.app.AppFormConfigRepository; import cn.topiam.employee.common.repository.app.AppRepository; +import cn.topiam.employee.core.context.ServerContextHelp; +import cn.topiam.employee.support.exception.TopIamException; +import cn.topiam.employee.support.util.BeanUtils; +import cn.topiam.employee.support.util.HttpUrlUtils; +import cn.topiam.employee.support.validation.ValidationHelp; + +import lombok.extern.slf4j.Slf4j; +import static com.fasterxml.jackson.databind.DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES; + +import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE; +import static cn.topiam.employee.common.constants.ProtocolConstants.FormEndpointConstants.IDP_FORM_SSO_INITIATOR; +import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; +import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; /** * Form 用户应用 @@ -33,6 +63,7 @@ import cn.topiam.employee.common.repository.app.AppRepository; * @author TopIAM * Created by support@topiam.cn on 2022/8/20 23:20 */ +@Slf4j @Component public class FormStandardApplicationServiceImpl extends AbstractFormApplicationService { @@ -44,6 +75,51 @@ public class FormStandardApplicationServiceImpl extends AbstractFormApplicationS */ @Override public void saveConfig(String appId, Map config) { + AppFormSaveConfigParam model; + try { + ObjectMapper mapper = new ObjectMapper(); + String value = mapper.writeValueAsString(config); + // 指定序列化输入的类型 + mapper.configure(FAIL_ON_UNKNOWN_PROPERTIES, false); + model = mapper.readValue(value, AppFormSaveConfigParam.class); + } catch (Exception e) { + throw new TopIamException(e.getMessage()); + } + //@formatter:off + ValidationHelp.ValidationResult validationResult = ValidationHelp.validateEntity(model); + if (validationResult.isHasErrors()) { + throw new ConstraintViolationException(validationResult.getConstraintViolations()); + } + //@formatter:on + //1、修改基本信息 + Optional optional = appRepository.findById(Long.valueOf(appId)); + if (optional.isEmpty()) { + AuditContext.setContent("保存配置失败,应用 [" + appId + "] 不存在!"); + log.error(AuditContext.getContent()); + throw new AppNotExistException(); + } + AppEntity appEntity = optional.get(); + appEntity.setAuthorizationType(model.getAuthorizationType()); + Map variables = new HashMap<>(16); + variables.put(APP_CODE, appEntity.getCode()); + StringSubstitutor sub = new StringSubstitutor(variables, "{", "}"); + appEntity.setInitLoginUrl(sub.replace(HttpUrlUtils + .format(ServerContextHelp.getPortalPublicBaseUrl() + IDP_FORM_SSO_INITIATOR))); + appEntity.setInitLoginType(model.getInitLoginType()); + appRepository.save(appEntity); + //2、修改 表单代填 配置 + Optional form = appFormConfigRepository + .findByAppId(Long.valueOf(appId)); + if (form.isEmpty()) { + AuditContext.setContent("保存配置失败,应用 [" + appId + "] 不存在!"); + log.error(AuditContext.getContent()); + throw new AppNotExistException(); + } + AppFormConfigEntity entity = form.get(); + AppFormConfigEntity formConfig = appFormConfigConverter + .appFormSaveConfigParamToEntity(model); + BeanUtils.merge(formConfig, entity, LAST_MODIFIED_BY, LAST_MODIFIED_TIME); + appFormConfigRepository.save(entity); } /** @@ -54,7 +130,8 @@ public class FormStandardApplicationServiceImpl extends AbstractFormApplicationS */ @Override public Object getConfig(String appId) { - return null; + AppFormConfigPO po = appFormConfigRepository.getByAppId(Long.valueOf(appId)); + return appFormConfigConverter.entityConverterToFormConfigResult(po); } /** @@ -64,7 +141,7 @@ public class FormStandardApplicationServiceImpl extends AbstractFormApplicationS */ @Override public String getCode() { - return "form"; + return AppProtocol.FORM.getCode(); } /** @@ -74,7 +151,7 @@ public class FormStandardApplicationServiceImpl extends AbstractFormApplicationS */ @Override public String getName() { - return "表单代填"; + return AppProtocol.FORM.getDesc(); } /** @@ -124,7 +201,7 @@ public class FormStandardApplicationServiceImpl extends AbstractFormApplicationS */ @Override public String getBase64Icon() { - return ""; + return ""; } /** @@ -135,22 +212,50 @@ public class FormStandardApplicationServiceImpl extends AbstractFormApplicationS */ @Override public String create(String name, String remark) { - return ""; + //1、创建应用 + AppEntity appEntity = new AppEntity(); + appEntity.setName(name); + appEntity.setCode( + org.apache.commons.lang3.RandomStringUtils.randomAlphanumeric(32).toLowerCase()); + appEntity.setTemplate(getCode()); + appEntity.setType(getType()); + appEntity.setEnabled(true); + appEntity.setProtocol(getProtocol()); + appEntity.setClientId(idGenerator.generateId().toString().replace("-", "")); + appEntity.setClientSecret(idGenerator.generateId().toString().replace("-", "")); + appEntity.setInitLoginType(InitLoginType.PORTAL_OR_APP); + appEntity.setAuthorizationType(AuthorizationType.AUTHORIZATION); + appEntity.setRemark(remark); + appRepository.save(appEntity); + + AppFormConfigEntity appFormConfig = new AppFormConfigEntity(); + appFormConfig.setAppId(appEntity.getId()); + //提交类型 + appFormConfig.setSubmitType(FormSubmitType.POST); + appFormConfigRepository.save(appFormConfig); + return String.valueOf(appEntity.getId()); } - /** - * 删除应用 - * - * @param appId {@link String} 应用ID - */ @Override - public void delete(String appId) { - + public FormProtocolConfig getProtocolConfig(String appCode) { + AppFormConfigPO configPo = appFormConfigRepository.findByAppCode(appCode); + return appFormConfigConverter.appFormEntityToConfig(configPo); } - protected FormStandardApplicationServiceImpl(AppCertRepository appCertRepository, - AppRepository appRepository) { - super(appCertRepository, appRepository); + @Override + public AppAccountEntity getAppAccount(Long appId, Long userId) { + return appAccountRepository.findByAppIdAndUserId(appId, userId) + .orElseThrow(AppAccountNotExistException::new); + } + + private final AppFormConfigConverter appFormConfigConverter; + + protected FormStandardApplicationServiceImpl(AppAccountRepository appAccountRepository, + AppFormConfigRepository appFormConfigRepository, + AppRepository appRepository, + AppFormConfigConverter appFormConfigConverter) { + super(appRepository, appAccountRepository, appFormConfigRepository); + this.appFormConfigConverter = appFormConfigConverter; } } diff --git a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/converter/AppFormConfigConverter.java b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/converter/AppFormConfigConverter.java new file mode 100644 index 00000000..c0df3a14 --- /dev/null +++ b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/converter/AppFormConfigConverter.java @@ -0,0 +1,117 @@ +/* + * eiam-application-form - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.application.form.converter; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.apache.commons.text.StringSubstitutor; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; + +import cn.topiam.employee.application.form.model.FormProtocolConfig; +import cn.topiam.employee.application.form.pojo.AppFormConfigGetResult; +import cn.topiam.employee.application.form.pojo.AppFormProtocolEndpoint; +import cn.topiam.employee.application.form.pojo.AppFormSaveConfigParam; +import cn.topiam.employee.common.entity.app.AppFormConfigEntity; +import cn.topiam.employee.common.entity.app.po.AppFormConfigPO; +import cn.topiam.employee.core.context.ServerContextHelp; +import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE; +import static cn.topiam.employee.common.constants.ProtocolConstants.FormEndpointConstants.FORM_SSO_PATH; + +/** + * 应用映射 + * + * @author TopIAM + * Created by support@topiam.cn on 2020/8/14 22:45 + */ +@Mapper(componentModel = "spring") +public interface AppFormConfigConverter { + + /** + * save 转 entity + * + * @param config {@link AppFormSaveConfigParam} + * @return {@link AppFormConfigEntity} + */ + @Mapping(target = "updateTime", ignore = true) + @Mapping(target = "updateBy", ignore = true) + @Mapping(target = "remark", ignore = true) + @Mapping(target = "id", ignore = true) + @Mapping(target = "createTime", ignore = true) + @Mapping(target = "createBy", ignore = true) + @Mapping(target = "appId", ignore = true) + AppFormConfigEntity appFormSaveConfigParamToEntity(AppFormSaveConfigParam config); + + /** + * entity转config + * + * @param po {@link AppFormConfigPO} + * @return {@link FormProtocolConfig} + */ + FormProtocolConfig appFormEntityToConfig(AppFormConfigPO po); + + /** + * po 转 result + * + * @param po {@link AppFormConfigPO} + * @return {@link AppFormConfigGetResult} + */ + default AppFormConfigGetResult entityConverterToFormConfigResult(AppFormConfigPO po) { + if (po == null) { + return null; + } + AppFormConfigGetResult result = new AppFormConfigGetResult(); + if (po.getAppId() != null) { + result.setAppId(String.valueOf(po.getAppId())); + } + result.setInitLoginType(po.getInitLoginType()); + result.setInitLoginUrl(po.getInitLoginUrl()); + result.setAuthorizationType(po.getAuthorizationType()); + result.setLoginUrl(po.getLoginUrl()); + result.setUsernameField(po.getUsernameField()); + result.setPasswordField(po.getPasswordField()); + result.setSubmitType(po.getSubmitType()); + List list = po.getOtherField(); + if (list != null) { + result.setOtherField(new ArrayList<>(list)); + } + result.setProtocolEndpoint(getProtocolEndpointDomain(po.getAppCode())); + return result; + } + + /** + * 获取协议端点 + * + * @param appCode {@link String} + * @return {@link AppFormProtocolEndpoint} + */ + private AppFormProtocolEndpoint getProtocolEndpointDomain(String appCode) { + //@formatter:off + AppFormProtocolEndpoint domain = new AppFormProtocolEndpoint(); + Map variables = new HashMap<>(16); + variables.put(APP_CODE,appCode); + StringSubstitutor sub = new StringSubstitutor(variables, "{", "}"); + //IDP SSO 端点 + domain.setIdpSsoEndpoint(sub.replace(ServerContextHelp.getPortalPublicBaseUrl()+FORM_SSO_PATH)); + return domain; + //@formatter:on + } +} diff --git a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/model/FormProtocolConfig.java b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/model/FormProtocolConfig.java new file mode 100644 index 00000000..cab38d69 --- /dev/null +++ b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/model/FormProtocolConfig.java @@ -0,0 +1,77 @@ +/* + * eiam-application-form - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.application.form.model; + +import java.io.Serial; +import java.io.Serializable; +import java.util.List; + +import cn.topiam.employee.common.entity.app.AppFormConfigEntity; +import cn.topiam.employee.common.enums.app.FormSubmitType; + +import lombok.Builder; +import lombok.Data; + +/** + * Form 协议配置 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/8/28 21:43 + */ +@Data +@Builder +public class FormProtocolConfig implements Serializable { + + @Serial + private static final long serialVersionUID = -3671812647788723766L; + + /** + * APP ID + */ + private String appId; + + /** + * APP Code + */ + private String appCode; + + /** + * 登录URL + */ + private String loginUrl; + + /** + * 登录名属性名称 + */ + private String usernameField; + + /** + * 登录密码属性名称 + */ + private String passwordField; + + /** + * 登录提交方式 + */ + private FormSubmitType submitType; + + /** + * 登录其他信息 + */ + private List otherField; +} diff --git a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/pojo/AppFormConfigGetResult.java b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/pojo/AppFormConfigGetResult.java new file mode 100644 index 00000000..4e72f037 --- /dev/null +++ b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/pojo/AppFormConfigGetResult.java @@ -0,0 +1,101 @@ +/* + * eiam-application-form - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.application.form.pojo; + +import java.io.Serializable; +import java.util.List; + +import cn.topiam.employee.common.entity.app.AppFormConfigEntity; +import cn.topiam.employee.common.enums.app.AuthorizationType; +import cn.topiam.employee.common.enums.app.FormSubmitType; +import cn.topiam.employee.common.enums.app.InitLoginType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * Form 配置返回 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/5/31 22:46 + */ +@Data +@Schema(description = "Form 配置返回结果") +public class AppFormConfigGetResult implements Serializable { + /** + * 应用id + */ + @Schema(description = "应用id") + private String appId; + + /** + * SSO 发起方 + */ + @Parameter(description = "SSO 发起方") + private InitLoginType initLoginType; + + /** + * SSO 登录链接 + */ + @Parameter(description = "SSO 登录链接") + private String initLoginUrl; + + /** + * 授权范围 + */ + @Parameter(description = "SSO 授权范围") + private AuthorizationType authorizationType; + + /** + * 登录URL + */ + @Schema(description = "登录URL") + private String loginUrl; + + /** + * 登录名属性名称 + */ + @Schema(description = "登录名属性名称") + private String usernameField; + + /** + * 登录密码属性名称 + */ + @Schema(description = "登录密码属性名称") + private String passwordField; + + /** + * 登录提交方式 + */ + @Schema(description = "登录提交方式") + private FormSubmitType submitType; + + /** + * 登录其他信息 + */ + @Schema(description = "登录其他信息") + private List otherField; + + /** + * 协议端点 + */ + @Schema(description = "协议端点") + private AppFormProtocolEndpoint protocolEndpoint; +} diff --git a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/pojo/AppFormProtocolEndpoint.java b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/pojo/AppFormProtocolEndpoint.java new file mode 100644 index 00000000..eef01b69 --- /dev/null +++ b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/pojo/AppFormProtocolEndpoint.java @@ -0,0 +1,46 @@ +/* + * eiam-application-form - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.application.form.pojo; + +import java.io.Serial; +import java.io.Serializable; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** +* 协议端点域 +* +* @author TopIAM +* Created by support@topiam.cn on 2022/6/4 23:37 +*/ +@Data +@Schema(description = "协议端点") +public class AppFormProtocolEndpoint implements Serializable { + + @Serial + private static final long serialVersionUID = -2261602995152894964L; + + /** + * IDP SSO 端点 + */ + @Parameter(description = "IDP SSO 端点") + private String idpSsoEndpoint; +} diff --git a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/pojo/AppFormSaveConfigParam.java b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/pojo/AppFormSaveConfigParam.java new file mode 100644 index 00000000..3ebad2c3 --- /dev/null +++ b/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/pojo/AppFormSaveConfigParam.java @@ -0,0 +1,93 @@ +/* + * eiam-application-form - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.application.form.pojo; + +import java.io.Serial; +import java.io.Serializable; +import java.util.List; + +import javax.validation.constraints.NotNull; + +import cn.topiam.employee.common.entity.app.AppFormConfigEntity; +import cn.topiam.employee.common.enums.app.AuthorizationType; +import cn.topiam.employee.common.enums.app.FormSubmitType; +import cn.topiam.employee.common.enums.app.InitLoginType; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/12/13 22:45 + */ +@Data +@Schema(description = "保存 表单代填 应用配置参数") +public class AppFormSaveConfigParam implements Serializable { + + @Serial + private static final long serialVersionUID = 7257798528680745281L; + + /** + * SSO范围 + */ + @NotNull(message = "SSO范围不能为空") + @Schema(description = "SSO范围") + private AuthorizationType authorizationType; + + /** + * SSO发起方 + */ + @NotNull(message = "SSO发起方不能为空") + @Schema(description = "SSO发起方") + private InitLoginType initLoginType; + + /** + * 登录URL + */ + @NotNull(message = "登录URL不能为空") + @Schema(description = "登录URL") + private String loginUrl; + + /** + * 登录名属性名称 + */ + @NotNull(message = "登录名属性名称不能为空") + @Schema(description = "登录名属性名称") + private String usernameField; + + /** + * 登录密码属性名称 + */ + @NotNull(message = "登录密码属性名称不能为空") + @Schema(description = "登录密码属性名称") + private String passwordField; + + /** + * 登录提交方式 + */ + @NotNull(message = "登录提交方式不能为空") + @Schema(description = "登录提交方式") + private FormSubmitType submitType; + + /** + * 登录其他信息 + */ + @Schema(description = "登录其他信息") + private List otherField; +} diff --git a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/AbstractOidcApplicationService.java b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/AbstractOidcApplicationService.java index a01c4e72..7c320944 100644 --- a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/AbstractOidcApplicationService.java +++ b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/AbstractOidcApplicationService.java @@ -40,7 +40,7 @@ public abstract class AbstractOidcApplicationService extends AbstractApplication appAccountRepository.deleteAllByAppId(Long.valueOf(appId)); //删除应用权限策略 appAccessPolicyRepository.deleteAllByAppId(Long.valueOf(appId)); - //删除SAML2配置 + //删除OIDC配置 appOidcConfigRepository.deleteByAppId(Long.valueOf(appId)); } diff --git a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/OidcStandardApplicationServiceImpl.java b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/OidcStandardApplicationServiceImpl.java index 075a59c5..17993f0b 100644 --- a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/OidcStandardApplicationServiceImpl.java +++ b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/OidcStandardApplicationServiceImpl.java @@ -39,7 +39,7 @@ import com.google.common.collect.Sets; import cn.topiam.employee.application.exception.AppNotExistException; import cn.topiam.employee.application.oidc.converter.AppOidcStandardConfigConverter; -import cn.topiam.employee.application.oidc.model.AppOidcStandardSaveConfigParam; +import cn.topiam.employee.application.oidc.pojo.AppOidcStandardSaveConfigParam; import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.common.entity.app.AppEntity; import cn.topiam.employee.common.entity.app.AppOidcConfigEntity; diff --git a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/converter/AppOidcStandardConfigConverter.java b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/converter/AppOidcStandardConfigConverter.java index 91452748..d648f1e8 100644 --- a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/converter/AppOidcStandardConfigConverter.java +++ b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/converter/AppOidcStandardConfigConverter.java @@ -25,8 +25,9 @@ import org.apache.commons.text.StringSubstitutor; import org.mapstruct.Mapper; import org.mapstruct.Mapping; -import cn.topiam.employee.application.oidc.model.AppOidcStandardConfigGetResult; -import cn.topiam.employee.application.oidc.model.AppOidcStandardSaveConfigParam; +import cn.topiam.employee.application.oidc.pojo.AppOidcProtocolEndpoint; +import cn.topiam.employee.application.oidc.pojo.AppOidcStandardConfigGetResult; +import cn.topiam.employee.application.oidc.pojo.AppOidcStandardSaveConfigParam; import cn.topiam.employee.common.constants.ProtocolConstants; import cn.topiam.employee.common.entity.app.AppOidcConfigEntity; import cn.topiam.employee.common.entity.app.po.AppOidcConfigPO; @@ -88,6 +89,7 @@ public interface AppOidcStandardConfigConverter { * @param config {@link AppOidcConfigEntity} * @return {@link AppOidcConfigEntity} */ + @Mapping(target = "responseTypes", ignore = true) @Mapping(target = "updateTime", ignore = true) @Mapping(target = "updateBy", ignore = true) @Mapping(target = "remark", ignore = true) @@ -101,11 +103,11 @@ public interface AppOidcStandardConfigConverter { * 获取协议端点 * * @param appCode {@link String} - * @return {@link AppOidcStandardConfigGetResult.ProtocolEndpoint} + * @return {@link AppOidcProtocolEndpoint} */ - private AppOidcStandardConfigGetResult.ProtocolEndpoint getProtocolEndpointDomain(String appCode) { + private AppOidcProtocolEndpoint getProtocolEndpointDomain(String appCode) { //@formatter:off - AppOidcStandardConfigGetResult.ProtocolEndpoint domain = new AppOidcStandardConfigGetResult.ProtocolEndpoint(); + AppOidcProtocolEndpoint domain = new AppOidcProtocolEndpoint(); //issues Map variables = new HashMap<>(16); variables.put(APP_CODE,appCode); diff --git a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/AppOidcProtocolEndpoint.java b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/AppOidcProtocolEndpoint.java new file mode 100644 index 00000000..f5d5a6f6 --- /dev/null +++ b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/AppOidcProtocolEndpoint.java @@ -0,0 +1,81 @@ +/* + * eiam-application-oidc - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.application.oidc.pojo; + +import java.io.Serial; +import java.io.Serializable; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; + +/** + * 协议端点域 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/6/4 23:37 + */ +@Data +@Schema(description = "协议端点") +public class AppOidcProtocolEndpoint implements Serializable { + + @Serial + private static final long serialVersionUID = -2261602995152894964L; + /** + * oidcIssuer + */ + @Parameter(description = "Issuer") + private String issuer; + + /** + * discoveryEndpoint + */ + @Parameter(description = "Discovery Endpoint") + private String discoveryEndpoint; + + /** + * UserinfoEndpoint + */ + @Parameter(description = "UserInfo Endpoint") + private String userinfoEndpoint; + + /** + * jwksEndpoint + */ + @Parameter(description = "Jwks Endpoint") + private String jwksEndpoint; + + /** + * revokeEndpoint + */ + @Parameter(description = "Revoke Endpoint") + private String revokeEndpoint; + + /** + * tokenEndpoint + */ + @Parameter(description = "Token Endpoint") + private String tokenEndpoint; + + /** + * authorizationEndpoint + */ + @Parameter(description = "Authorization Endpoint") + private String authorizationEndpoint; +} diff --git a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/model/AppOidcStandardConfigGetResult.java b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/AppOidcStandardConfigGetResult.java similarity index 55% rename from eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/model/AppOidcStandardConfigGetResult.java rename to eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/AppOidcStandardConfigGetResult.java index ccea1df6..0ca3fd5a 100644 --- a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/model/AppOidcStandardConfigGetResult.java +++ b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/AppOidcStandardConfigGetResult.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application.oidc.model; +package cn.topiam.employee.application.oidc.pojo; import java.io.Serial; import java.io.Serializable; @@ -40,163 +40,109 @@ import io.swagger.v3.oas.annotations.media.Schema; public class AppOidcStandardConfigGetResult implements Serializable { @Serial - private static final long serialVersionUID = 4177874005424703372L; + private static final long serialVersionUID = 4177874005424703372L; /** * APP ID */ @Parameter(description = "appId") - private Long appId; + private Long appId; /** * SSO 发起方 */ @Parameter(description = "SSO 发起方") - private InitLoginType initLoginType; + private InitLoginType initLoginType; /** * SSO 登录链接 */ @Parameter(description = "SSO 登录链接") - private String initLoginUrl; + private String initLoginUrl; /** * 授权范围 */ @Parameter(description = "SSO 授权范围") - private AuthorizationType authorizationType; + private AuthorizationType authorizationType; /** * authorizationGrantTypes */ @Parameter(description = "认证授权类型") - private Set authGrantTypes; + private Set authGrantTypes; /** * 客户端认证方式 */ @Parameter(description = "客户端认证方式") - private Set clientAuthMethods; + private Set clientAuthMethods; /** * 重定向URI */ @Parameter(description = "重定向URI") - private Set redirectUris; + private Set redirectUris; /** * scopes */ @Parameter(description = "授权范围") - private Set grantScopes; + private Set grantScopes; /** * 启用PKCE */ @Parameter(description = "启用PKCE") - private Boolean requireProofKey; + private Boolean requireProofKey; /** * 令牌 Endpoint 身份验证签名算法 */ @Parameter(description = "令牌 Endpoint 身份验证签名算法") - private String tokenEndpointAuthSigningAlgorithm; + private String tokenEndpointAuthSigningAlgorithm; /** * 是否需要授权同意 */ @Parameter(description = "是否需要授权同意") - private Boolean requireAuthConsent; + private Boolean requireAuthConsent; /** * 访问令牌有效时间 */ @Parameter(description = "访问令牌有效时间") - private String accessTokenTimeToLive; + private String accessTokenTimeToLive; /** * 刷新令牌有效时间 */ @Parameter(description = "刷新令牌有效时间") - private String refreshTokenTimeToLive; + private String refreshTokenTimeToLive; /** * ID token 有效时间 */ @Parameter(description = "ID 令牌有效时间") - private String idTokenTimeToLive; + private String idTokenTimeToLive; /** * id 令牌签名算法 */ @Parameter(description = "Id令牌签名算法") - private String idTokenSignatureAlgorithm; + private String idTokenSignatureAlgorithm; /** * 协议端点域 */ @Parameter(description = "协议端点域") - private ProtocolEndpoint protocolEndpoint; + private AppOidcProtocolEndpoint protocolEndpoint; /** * Access Token 格式 */ @Parameter(description = "Access Token 格式") - private String accessTokenFormat; + private String accessTokenFormat; /** * 是否重用刷新令牌 */ @Parameter(description = "是否重用刷新令牌") - private Boolean reuseRefreshToken; + private Boolean reuseRefreshToken; - /** - * 协议端点域 - * - * @author TopIAM - * Created by support@topiam.cn on 2022/6/4 23:37 - */ - @Data - @Schema(description = "协议端点") - public static class ProtocolEndpoint implements Serializable { - - @Serial - private static final long serialVersionUID = -2261602995152894964L; - /** - * oidcIssuer - */ - @Parameter(description = "Issuer") - private String issuer; - - /** - * discoveryEndpoint - */ - @Parameter(description = "Discovery Endpoint") - private String discoveryEndpoint; - - /** - * UserinfoEndpoint - */ - @Parameter(description = "UserInfo Endpoint") - private String userinfoEndpoint; - - /** - * jwksEndpoint - */ - @Parameter(description = "Jwks Endpoint") - private String jwksEndpoint; - - /** - * revokeEndpoint - */ - @Parameter(description = "Revoke Endpoint") - private String revokeEndpoint; - - /** - * tokenEndpoint - */ - @Parameter(description = "Token Endpoint") - private String tokenEndpoint; - - /** - * authorizationEndpoint - */ - @Parameter(description = "Authorization Endpoint") - private String authorizationEndpoint; - } } diff --git a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/model/AppOidcStandardSaveConfigParam.java b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/AppOidcStandardSaveConfigParam.java similarity index 98% rename from eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/model/AppOidcStandardSaveConfigParam.java rename to eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/AppOidcStandardSaveConfigParam.java index f66a60b4..4140309f 100644 --- a/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/model/AppOidcStandardSaveConfigParam.java +++ b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/AppOidcStandardSaveConfigParam.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application.oidc.model; +package cn.topiam.employee.application.oidc.pojo; import java.io.Serial; import java.io.Serializable; diff --git a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/package-info.java b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/package-info.java similarity index 85% rename from eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/package-info.java rename to eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/package-info.java index 24c3c14d..14b28282 100644 --- a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/package-info.java +++ b/eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/pojo/package-info.java @@ -1,5 +1,5 @@ /* - * eiam-application-saml2 - Employee Identity and Access Management Program + * eiam-application-oidc - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,4 +15,4 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application; \ No newline at end of file +package cn.topiam.employee.application.oidc.pojo; \ No newline at end of file diff --git a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/AbstractSamlAppService.java b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/AbstractSamlAppService.java index 9a369e5a..a05cc437 100644 --- a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/AbstractSamlAppService.java +++ b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/AbstractSamlAppService.java @@ -26,11 +26,14 @@ import org.mapstruct.Mapping; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.transaction.annotation.Transactional; +import org.springframework.util.AlternativeJdkIdGenerator; import org.springframework.util.CollectionUtils; +import org.springframework.util.IdGenerator; import cn.topiam.employee.application.AbstractApplicationService; -import cn.topiam.employee.application.Saml2ApplicationService; import cn.topiam.employee.application.exception.AppCertNotExistException; +import cn.topiam.employee.application.saml2.model.Saml2ProtocolConfig; +import cn.topiam.employee.application.saml2.model.Saml2SsoModel; import cn.topiam.employee.common.entity.account.UserEntity; import cn.topiam.employee.common.entity.app.AppAccountEntity; import cn.topiam.employee.common.entity.app.AppCertEntity; @@ -43,8 +46,6 @@ import cn.topiam.employee.common.exception.app.AppAccountNotExistException; import cn.topiam.employee.common.repository.account.UserRepository; import cn.topiam.employee.common.repository.app.*; import cn.topiam.employee.common.util.SamlKeyStoreProvider; -import cn.topiam.employee.core.protocol.Saml2ProtocolConfig; -import cn.topiam.employee.core.protocol.Saml2SsoModel; import cn.topiam.employee.core.security.util.SecurityUtils; import cn.topiam.employee.support.context.ApplicationContextHelp; import static cn.topiam.employee.common.enums.app.SamlNameIdValueType.*; @@ -134,6 +135,11 @@ public abstract class AbstractSamlAppService extends AbstractApplicationService */ protected final AppSaml2ConfigRepository appSaml2ConfigRepository; + /** + * IdGenerator + */ + protected final IdGenerator idGenerator; + protected AbstractSamlAppService(AppCertRepository appCertRepository, AppAccountRepository appAccountRepository, AppAccessPolicyRepository appAccessPolicyRepository, @@ -141,6 +147,7 @@ public abstract class AbstractSamlAppService extends AbstractApplicationService AppSaml2ConfigRepository appSaml2ConfigRepository) { super(appCertRepository, appAccountRepository, appAccessPolicyRepository, appRepository); this.appSaml2ConfigRepository = appSaml2ConfigRepository; + this.idGenerator = new AlternativeJdkIdGenerator(); } @Mapper(componentModel = "spring") diff --git a/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/Saml2ApplicationService.java b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/Saml2ApplicationService.java similarity index 79% rename from eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/Saml2ApplicationService.java rename to eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/Saml2ApplicationService.java index 4f25df24..98e8b50d 100644 --- a/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/Saml2ApplicationService.java +++ b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/Saml2ApplicationService.java @@ -1,5 +1,5 @@ /* - * eiam-application-core - Employee Identity and Access Management Program + * eiam-application-saml2 - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,10 +15,11 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application; +package cn.topiam.employee.application.saml2; -import cn.topiam.employee.core.protocol.Saml2ProtocolConfig; -import cn.topiam.employee.core.protocol.Saml2SsoModel; +import cn.topiam.employee.application.ApplicationService; +import cn.topiam.employee.application.saml2.model.Saml2ProtocolConfig; +import cn.topiam.employee.application.saml2.model.Saml2SsoModel; /** * 应用接口 diff --git a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/Saml2StandardApplicationServiceImpl.java b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/Saml2StandardApplicationServiceImpl.java index eb3e424c..6db7a640 100644 --- a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/Saml2StandardApplicationServiceImpl.java +++ b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/Saml2StandardApplicationServiceImpl.java @@ -28,9 +28,11 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Component; +import com.fasterxml.jackson.databind.ObjectMapper; + import cn.topiam.employee.application.exception.AppNotExistException; import cn.topiam.employee.application.saml2.converter.AppSaml2StandardConfigConverter; -import cn.topiam.employee.application.saml2.model.AppSaml2StandardSaveConfigParam; +import cn.topiam.employee.application.saml2.pojo.AppSaml2StandardSaveConfigParam; import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.common.entity.app.AppEntity; import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity; @@ -69,6 +71,7 @@ public class Saml2StandardApplicationServiceImpl extends AbstractSamlAppService public void saveConfig(String appId, Map config) { AppSaml2StandardSaveConfigParam model; try { + ObjectMapper mapper = new ObjectMapper(); String value = mapper.writeValueAsString(config); // 指定序列化输入的类型 mapper.configure(FAIL_ON_UNKNOWN_PROPERTIES, false); diff --git a/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/SamlRamRoleNameValueType.java b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/SamlRamRoleNameValueType.java similarity index 91% rename from eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/SamlRamRoleNameValueType.java rename to eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/SamlRamRoleNameValueType.java index 0f18b798..e357d9c5 100644 --- a/eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/SamlRamRoleNameValueType.java +++ b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/SamlRamRoleNameValueType.java @@ -1,5 +1,5 @@ /* - * eiam-application-core - Employee Identity and Access Management Program + * eiam-application-saml2 - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application; +package cn.topiam.employee.application.saml2; import com.fasterxml.jackson.annotation.JsonValue; diff --git a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/converter/AppSaml2StandardConfigConverter.java b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/converter/AppSaml2StandardConfigConverter.java index 053b1ccb..48eefa9b 100644 --- a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/converter/AppSaml2StandardConfigConverter.java +++ b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/converter/AppSaml2StandardConfigConverter.java @@ -22,9 +22,9 @@ import java.util.List; import org.mapstruct.Mapper; import org.mapstruct.Mapping; -import cn.topiam.employee.application.saml2.model.AppSaml2StandardConfigGetResult; -import cn.topiam.employee.application.saml2.model.AppSaml2StandardSaveConfigParam; -import cn.topiam.employee.application.saml2.model.Saml2ConverterUtils; +import cn.topiam.employee.application.saml2.pojo.AppSaml2StandardConfigGetResult; +import cn.topiam.employee.application.saml2.pojo.AppSaml2StandardSaveConfigParam; +import cn.topiam.employee.application.saml2.pojo.Saml2ConverterUtils; import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity; import cn.topiam.employee.common.entity.app.po.AppSaml2ConfigPO; diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/protocol/Saml2ProtocolConfig.java b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ProtocolConfig.java similarity index 97% rename from eiam-core/src/main/java/cn/topiam/employee/core/protocol/Saml2ProtocolConfig.java rename to eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ProtocolConfig.java index 6e5f646a..7b945fda 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/protocol/Saml2ProtocolConfig.java +++ b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ProtocolConfig.java @@ -1,5 +1,5 @@ /* - * eiam-core - Employee Identity and Access Management Program + * eiam-application-saml2 - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.core.protocol; +package cn.topiam.employee.application.saml2.model; import java.io.Serial; import java.io.Serializable; diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/protocol/Saml2SsoModel.java b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2SsoModel.java similarity index 97% rename from eiam-core/src/main/java/cn/topiam/employee/core/protocol/Saml2SsoModel.java rename to eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2SsoModel.java index 82d145a3..5b4b8041 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/protocol/Saml2SsoModel.java +++ b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2SsoModel.java @@ -1,5 +1,5 @@ /* - * eiam-core - Employee Identity and Access Management Program + * eiam-application-saml2 - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.core.protocol; +package cn.topiam.employee.application.saml2.model; import java.io.Serial; import java.io.Serializable; diff --git a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ProtocolEndpoint.java b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/pojo/AppSaml2ProtocolEndpoint.java similarity index 93% rename from eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ProtocolEndpoint.java rename to eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/pojo/AppSaml2ProtocolEndpoint.java index 2e16338e..1adf4dad 100644 --- a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ProtocolEndpoint.java +++ b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/pojo/AppSaml2ProtocolEndpoint.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application.saml2.model; +package cn.topiam.employee.application.saml2.pojo; import java.io.Serial; import java.io.Serializable; @@ -33,7 +33,7 @@ import io.swagger.v3.oas.annotations.media.Schema; */ @Data @Schema(description = "协议端点") -public class Saml2ProtocolEndpoint implements Serializable { +public class AppSaml2ProtocolEndpoint implements Serializable { @Serial private static final long serialVersionUID = -2261602995152894964L; diff --git a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/AppSaml2StandardConfigGetResult.java b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/pojo/AppSaml2StandardConfigGetResult.java similarity index 97% rename from eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/AppSaml2StandardConfigGetResult.java rename to eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/pojo/AppSaml2StandardConfigGetResult.java index 02605901..24e90c86 100644 --- a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/AppSaml2StandardConfigGetResult.java +++ b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/pojo/AppSaml2StandardConfigGetResult.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application.saml2.model; +package cn.topiam.employee.application.saml2.pojo; import java.util.List; import java.util.Map; @@ -160,7 +160,7 @@ public class AppSaml2StandardConfigGetResult { * 协议端点域 */ @Parameter(description = "协议端点域") - private Saml2ProtocolEndpoint protocolEndpoint; + private AppSaml2ProtocolEndpoint protocolEndpoint; /** * 模版配置 diff --git a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/AppSaml2StandardSaveConfigParam.java b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/pojo/AppSaml2StandardSaveConfigParam.java similarity index 98% rename from eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/AppSaml2StandardSaveConfigParam.java rename to eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/pojo/AppSaml2StandardSaveConfigParam.java index 8923844e..d36de479 100644 --- a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/AppSaml2StandardSaveConfigParam.java +++ b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/pojo/AppSaml2StandardSaveConfigParam.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application.saml2.model; +package cn.topiam.employee.application.saml2.pojo; import java.io.Serial; import java.io.Serializable; diff --git a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ConverterUtils.java b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/pojo/Saml2ConverterUtils.java similarity index 83% rename from eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ConverterUtils.java rename to eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/pojo/Saml2ConverterUtils.java index ac618f1e..5e528d7c 100644 --- a/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ConverterUtils.java +++ b/eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/pojo/Saml2ConverterUtils.java @@ -15,10 +15,11 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application.saml2.model; +package cn.topiam.employee.application.saml2.pojo; import cn.topiam.employee.core.context.ServerContextHelp; -import static cn.topiam.employee.common.constants.ProtocolConstants.*; +import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE_VARIABLE; +import static cn.topiam.employee.common.constants.ProtocolConstants.Saml2EndpointConstants; /** * Saml2ConverterUtils @@ -31,10 +32,10 @@ public class Saml2ConverterUtils { * 应用ID * * @param appCode {@link String} - * @return {@link Saml2ProtocolEndpoint} + * @return {@link AppSaml2ProtocolEndpoint} */ - public static Saml2ProtocolEndpoint getProtocolEndpointDomain(String appCode) { - Saml2ProtocolEndpoint domain = new Saml2ProtocolEndpoint(); + public static AppSaml2ProtocolEndpoint getProtocolEndpointDomain(String appCode) { + AppSaml2ProtocolEndpoint domain = new AppSaml2ProtocolEndpoint(); //IDP String baseUrl = ServerContextHelp.getPortalPublicBaseUrl(); //元数据端点 diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/IdentityProviderCategory.java b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderCategory.java similarity index 83% rename from eiam-common/src/main/java/cn/topiam/employee/common/enums/IdentityProviderCategory.java rename to eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderCategory.java index dfe3252a..e97a2ba9 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/IdentityProviderCategory.java +++ b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderCategory.java @@ -1,5 +1,5 @@ /* - * eiam-common - Employee Identity and Access Management Program + * eiam-authentication-core - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,12 +15,14 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.common.enums; +package cn.topiam.employee.authentication.common; import java.util.List; import com.google.common.collect.Lists; +import cn.topiam.employee.common.enums.AuthenticationType; +import cn.topiam.employee.common.enums.BaseEnum; import cn.topiam.employee.support.web.converter.EnumConvert; /** @@ -35,20 +37,17 @@ public enum IdentityProviderCategory implements BaseEnum { */ social("social", "社交", Lists.newArrayList( IdentityProviderType.QQ, - IdentityProviderType.WECHAT_SCAN_CODE, - IdentityProviderType.WEIBO, - IdentityProviderType.GITHUB, - IdentityProviderType.GOOGLE, - IdentityProviderType.ALIPAY)), + IdentityProviderType.WECHAT_QR)), /** * 企业 */ enterprise("enterprise", "企业", Lists .newArrayList( - IdentityProviderType.WECHATWORK_SCAN_CODE, - IdentityProviderType.DINGTALK_SCAN_CODE, + IdentityProviderType.WECHAT_WORK_QR, + IdentityProviderType.DINGTALK_QR, IdentityProviderType.DINGTALK_OAUTH, - IdentityProviderType.LDAP)); + IdentityProviderType.LDAP, + IdentityProviderType.FEISHU_OAUTH)); private final String code; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/converter/IdentityProviderCategoryConverter.java b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderCategoryConverter.java similarity index 92% rename from eiam-common/src/main/java/cn/topiam/employee/common/enums/converter/IdentityProviderCategoryConverter.java rename to eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderCategoryConverter.java index 813b1acc..dcfee952 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/converter/IdentityProviderCategoryConverter.java +++ b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderCategoryConverter.java @@ -1,5 +1,5 @@ /* - * eiam-common - Employee Identity and Access Management Program + * eiam-authentication-core - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,15 +15,13 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.common.enums.converter; +package cn.topiam.employee.authentication.common; import java.util.Objects; import javax.persistence.AttributeConverter; import javax.persistence.Converter; -import cn.topiam.employee.common.enums.IdentityProviderCategory; - /** * @author TopIAM * Created by support@topiam.cn on 2020/12/11 19:42 diff --git a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderService.java b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderService.java index 7c5ecda1..0efd2843 100644 --- a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderService.java +++ b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderService.java @@ -23,7 +23,6 @@ import java.util.Map; import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.authentication.common.config.IdentityProviderConfig; -import cn.topiam.employee.common.enums.IdentityProviderType; /** * IdentityProviderService diff --git a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderType.java b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderType.java new file mode 100644 index 00000000..ba7f6c60 --- /dev/null +++ b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/IdentityProviderType.java @@ -0,0 +1,109 @@ +/* + * eiam-authentication-core - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.common; + +import org.springframework.util.Assert; +import static cn.topiam.employee.common.constants.AuthorizeConstants.AUTHORIZATION_REQUEST_URI; +import static cn.topiam.employee.common.constants.AuthorizeConstants.LOGIN_PATH; + +/** + * @author SanLi + * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2022/12/31 15:18 + */ +public record IdentityProviderType(String value,String name,String desc){ +/** + * 飞书 + */ +public static final IdentityProviderType FEISHU_OAUTH=new IdentityProviderType("feishu_oauth","飞书认证","通过飞书进行身份验证"); +/** + * 钉钉 + */ +public static final IdentityProviderType DINGTALK_OAUTH=new IdentityProviderType("dingtalk_oauth","钉钉Oauth认证","通过钉钉进行身份认证"); +/** + * 钉钉扫码 + */ +public static final IdentityProviderType DINGTALK_QR=new IdentityProviderType("dingtalk_qr","钉钉扫码认证","通过钉钉扫码进行身份认证"); +/** + * 微信开放平台 + */ +public static final IdentityProviderType WECHAT_QR=new IdentityProviderType("wechat_qr","微信扫码登录","通过微信扫码进行身份认证"); +/** + * 企业微信 + */ +public static final IdentityProviderType WECHAT_WORK_QR=new IdentityProviderType("wechatwork_qr","企业微信扫码认证","通过企业微信同步的用户可使用企业微信扫码登录进行身份认证"); + +/** + * QQ认证 + */ +public static final IdentityProviderType QQ=new IdentityProviderType("qq_oauth","QQ认证","通过QQ进行身份认证"); + +/** + * IDAP + */ +public static final IdentityProviderType LDAP=new IdentityProviderType("ldap","LDAP认证","通过 LDAP 进行身份验证"); + +/** + * 用户名密码 + */ +public static final IdentityProviderType USERNAME_PASSWORD=new IdentityProviderType("username_password","用户名密码认证","通过用户名密码进行身份认证"); + +/** + * 短信验证码 + */ +public static final IdentityProviderType SMS=new IdentityProviderType("sms","短信验证码认证","通过短信验证码进行身份认证"); + +/** + * Constructs an {@code IdentityProviderType} using the provided value. + * + * @param value the value of the authorization grant type + */ +public IdentityProviderType{Assert.hasText(value,"value cannot be empty");} + +/** + * Returns the value of the authorization grant type. + * + * @return the value of the authorization grant type + */ +@Override public String value(){return this.value;} + +@Override public boolean equals(Object obj){if(this==obj){return true;}if(obj==null||this.getClass()!=obj.getClass()){return false;}IdentityProviderType that=(IdentityProviderType)obj;return this.value().equals(that.value());} + +@Override public int hashCode(){return this.value().hashCode();} + + @Override + public String name() { + return name; + } + + @Override + public String desc() { + return desc; + } + + public String getLoginPathPrefix() { + return LOGIN_PATH + "/" + value(); + } + + public String getAuthorizationPathPrefix() { + return AUTHORIZATION_REQUEST_URI + "/" + value(); + } + + public static int size() { + return 9; + } +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/util/CasUtils.java b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/constant/AuthenticationConstants.java similarity index 68% rename from eiam-common/src/main/java/cn/topiam/employee/common/util/CasUtils.java rename to eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/constant/AuthenticationConstants.java index ac0edff3..091e42f7 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/util/CasUtils.java +++ b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/constant/AuthenticationConstants.java @@ -1,5 +1,5 @@ /* - * eiam-common - Employee Identity and Access Management Program + * eiam-authentication-core - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,16 +15,18 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.common.util; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; +package cn.topiam.employee.authentication.common.constant; /** + * 认证常量 + * * @author TopIAM - * Created by support@topiam.cn on 2022/12/30 01:06 + * Created by support@topiam.cn on 2021/12/20 23:19 */ -public class CasUtils { - private static final Logger logger = LoggerFactory.getLogger(CasUtils.class); +public final class AuthenticationConstants { -} + /** + * 提供商ID + */ + public static final String PROVIDER_CODE = "providerId"; +} \ No newline at end of file diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/CaptchaValidator.java b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/exception/IdentityProviderNotExistException.java similarity index 58% rename from eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/CaptchaValidator.java rename to eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/exception/IdentityProviderNotExistException.java index 00a6da91..7bc3565a 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/CaptchaValidator.java +++ b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/exception/IdentityProviderNotExistException.java @@ -1,5 +1,5 @@ /* - * eiam-core - Employee Identity and Access Management Program + * eiam-authentication-core - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,23 +15,20 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.core.security.captcha; +package cn.topiam.employee.authentication.common.exception; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import cn.topiam.employee.support.exception.TopIamException; +import static org.springframework.http.HttpStatus.BAD_REQUEST; /** + * 身份提供商不存在 * * @author TopIAM - * Created by support@topiam.cn on 2022/8/14 22:09 + * Created by support@topiam.cn on 2022/12/20 22:50 */ -public interface CaptchaValidator { - /** - * 验证 - * - * @param request {@link HttpServletRequest} - * @param response {@link HttpServletResponse} - * @return {@link Boolean} - */ - boolean validate(HttpServletRequest request, HttpServletResponse response); +public class IdentityProviderNotExistException extends TopIamException { + + public IdentityProviderNotExistException() { + super("idp_not_exist", "身份提供商不存在", BAD_REQUEST); + } } diff --git a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/filter/AbstractIdpAuthenticationProcessingFilter.java b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/filter/AbstractIdpAuthenticationProcessingFilter.java index 9dae4cf8..8d687075 100644 --- a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/filter/AbstractIdpAuthenticationProcessingFilter.java +++ b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/filter/AbstractIdpAuthenticationProcessingFilter.java @@ -35,10 +35,11 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import com.alibaba.fastjson2.JSONObject; +import cn.topiam.employee.authentication.common.IdentityProviderType; +import cn.topiam.employee.authentication.common.exception.IdentityProviderNotExistException; import cn.topiam.employee.authentication.common.modal.IdpUser; import cn.topiam.employee.authentication.common.service.UserIdpService; import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; -import cn.topiam.employee.common.enums.IdentityProviderType; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; import cn.topiam.employee.core.security.authentication.IdpAuthentication; import cn.topiam.employee.core.security.userdetails.UserDetails; @@ -65,14 +66,18 @@ public abstract class AbstractIdpAuthenticationProcessingFilter extends * @param request {@link HttpServletRequest} * @param response {@link HttpServletResponse} * @param provider {@link IdentityProviderType} - * @param providerId {@link String} + * @param providerCode {@link String} * @param info {@link JSONObject} * @return {@link Authentication} */ public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response, - IdentityProviderType provider, String providerId, + IdentityProviderType provider, String providerCode, IdpUser info) throws IOException { + IdentityProviderEntity identityProvider = identityProviderRepository + .findByCodeAndEnabledIsTrue(providerCode) + .orElseThrow(IdentityProviderNotExistException::new); + String providerId = String.valueOf(identityProvider.getId()); info.setProviderId(providerId); info.setProviderType(provider); //调用接口查询是否已绑定 @@ -81,7 +86,7 @@ public abstract class AbstractIdpAuthenticationProcessingFilter extends //是否自动绑定 if (!userIdpService.isAutoBindUserIdp(providerId)) { setUserBindSessionContent(request, info); - return new IdpAuthentication(provider.getCode(), providerId); + return new IdpAuthentication(provider.value(), providerId); } //调用接口进行绑定操作 info.setProviderId(providerId); @@ -136,16 +141,16 @@ public abstract class AbstractIdpAuthenticationProcessingFilter extends String providerId, HttpServletRequest request) { //认证 UserDetails userDetails = userIdpService.getUserDetails(openId, providerId); - IdpAuthentication token = new IdpAuthentication(userDetails, provider.getCode(), providerId, + IdpAuthentication token = new IdpAuthentication(userDetails, provider.value(), providerId, true, userDetails.getAuthorities()); // Allow subclasses to set the "details" property token.setDetails(this.authenticationDetailsSource.buildDetails(request)); return token; } - public IdentityProviderEntity getIdentityProviderEntity(String providerId) { + public IdentityProviderEntity getIdentityProviderEntity(String code) { Optional optional = getIdentityProviderRepository() - .findByIdAndEnabledIsTrue(Long.valueOf(providerId)); + .findByCodeAndEnabledIsTrue(code); if (optional.isEmpty()) { //无效身份提供商 OAuth2Error oauth2Error = new OAuth2Error(INVALID_IDP); diff --git a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/modal/IdpUser.java b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/modal/IdpUser.java index 99f0a993..ec26d132 100644 --- a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/modal/IdpUser.java +++ b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/modal/IdpUser.java @@ -19,7 +19,7 @@ package cn.topiam.employee.authentication.common.modal; import java.util.Map; -import cn.topiam.employee.common.enums.IdentityProviderType; +import cn.topiam.employee.authentication.common.IdentityProviderType; import lombok.AllArgsConstructor; import lombok.Builder; diff --git a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/util/AuthenticationUtils.java b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/util/AuthenticationUtils.java new file mode 100644 index 00000000..709f6ebc --- /dev/null +++ b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/util/AuthenticationUtils.java @@ -0,0 +1,60 @@ +/* + * eiam-authentication-core - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.common.util; + +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; + +import cn.topiam.employee.core.security.authentication.IdpAuthentication; +import cn.topiam.employee.core.security.authentication.SmsAuthentication; +import cn.topiam.employee.core.security.mfa.MfaAuthentication; +import static cn.topiam.employee.authentication.common.IdentityProviderType.SMS; +import static cn.topiam.employee.authentication.common.IdentityProviderType.USERNAME_PASSWORD; + +/** + * + * @author SanLi + * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2022/12/31 14:29 + */ +public class AuthenticationUtils { + /** + * 获取认证类型 + * + * @param authentication {@link Authentication} + * @return {@link String} + */ + public static String geAuthType(Authentication authentication) { + //用户名密码 + if (authentication instanceof UsernamePasswordAuthenticationToken) { + return USERNAME_PASSWORD.value(); + } + //身份提供商 + if (authentication instanceof IdpAuthentication) { + return ((IdpAuthentication) authentication).getProviderType(); + } + //短信登录 + if (authentication instanceof SmsAuthentication) { + return SMS.value(); + } + //MFA + if (authentication instanceof MfaAuthentication) { + return geAuthType(((MfaAuthentication) authentication).getFirst()); + } + throw new IllegalArgumentException("未知认证对象"); + } +} diff --git a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOAuth2AuthorizationRequestRedirectFilter.java b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOAuth2AuthorizationRequestRedirectFilter.java index 055f527f..a8a3ccf4 100644 --- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOAuth2AuthorizationRequestRedirectFilter.java +++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOAuth2AuthorizationRequestRedirectFilter.java @@ -51,9 +51,10 @@ import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.RESPONSE_TYPE; +import static cn.topiam.employee.authentication.common.IdentityProviderType.DINGTALK_OAUTH; +import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.PROVIDER_CODE; import static cn.topiam.employee.authentication.dingtalk.constant.DingTalkAuthenticationConstants.URL_AUTHORIZE; import static cn.topiam.employee.authentication.dingtalk.filter.DingtalkOauthAuthenticationFilter.getLoginUrl; -import static cn.topiam.employee.common.enums.IdentityProviderType.DINGTALK_OAUTH; /** * 微信扫码登录请求重定向过滤器 @@ -67,16 +68,11 @@ public class DingtalkOAuth2AuthorizationRequestRedirectFilter extends OncePerReq private final Logger logger = LoggerFactory .getLogger(DingtalkOAuth2AuthorizationRequestRedirectFilter.class); - /** - * 提供商ID - */ - public static final String PROVIDER_ID = "providerId"; - /** * AntPathRequestMatcher */ public static final AntPathRequestMatcher DINGTALK_OAUTH2_REQUEST_MATCHER = new AntPathRequestMatcher( - DINGTALK_OAUTH.getAuthorizationPathPrefix() + "/" + "{" + PROVIDER_ID + "}", + DINGTALK_OAUTH.getAuthorizationPathPrefix() + "/" + "{" + PROVIDER_CODE + "}", HttpMethod.GET.name()); /** @@ -108,9 +104,9 @@ public class DingtalkOAuth2AuthorizationRequestRedirectFilter extends OncePerReq return; } Map variables = matcher.getVariables(); - String providerId = variables.get(PROVIDER_ID); + String providerCode = variables.get(PROVIDER_CODE); Optional optional = identityProviderRepository - .findByIdAndEnabledIsTrue(Long.valueOf(providerId)); + .findByCodeAndEnabledIsTrue(providerCode); if (optional.isEmpty()) { throw new NullPointerException("未查询到身份提供商信息"); } @@ -121,7 +117,8 @@ public class DingtalkOAuth2AuthorizationRequestRedirectFilter extends OncePerReq //构建授权请求 OAuth2AuthorizationRequest.Builder builder = OAuth2AuthorizationRequest.authorizationCode() .clientId(config.getAppKey()).authorizationUri(URL_AUTHORIZE) - .redirectUri(getLoginUrl(providerId)).state(DEFAULT_STATE_GENERATOR.generateKey()); + .redirectUri(getLoginUrl(optional.get().getCode())) + .state(DEFAULT_STATE_GENERATOR.generateKey()); builder.parameters(parameters -> { parameters.put(RESPONSE_TYPE, OAuth2ParameterNames.CODE); parameters.put("prompt", "consent"); diff --git a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java index 5bbd90cb..2ccb014e 100644 --- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkOauthAuthenticationFilter.java @@ -59,8 +59,9 @@ import cn.topiam.employee.core.context.ServerContextHelp; import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.trace.TraceUtils; import cn.topiam.employee.support.util.HttpUrlUtils; -import static cn.topiam.employee.authentication.dingtalk.filter.DingtalkScanCodeAuthorizationRequestGetFilter.PROVIDER_ID; -import static cn.topiam.employee.common.enums.IdentityProviderType.DINGTALK_OAUTH; +import static cn.topiam.employee.authentication.common.IdentityProviderType.DINGTALK_OAUTH; +import static cn.topiam.employee.authentication.common.IdentityProviderType.DINGTALK_QR; +import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.PROVIDER_CODE; /** * 钉钉认证过滤器 @@ -72,13 +73,14 @@ import static cn.topiam.employee.common.enums.IdentityProviderType.DINGTALK_OAUT */ @SuppressWarnings("DuplicatedCode") public class DingtalkOauthAuthenticationFilter extends AbstractIdpAuthenticationProcessingFilter { - public static final String DEFAULT_FILTER_PROCESSES_URI = DINGTALK_OAUTH + public final static String DEFAULT_FILTER_PROCESSES_URI = DINGTALK_QR .getLoginPathPrefix() + "/*"; /** * AntPathRequestMatcher */ public static final AntPathRequestMatcher REQUEST_MATCHER = new AntPathRequestMatcher( - DINGTALK_OAUTH.getLoginPathPrefix() + "/" + "{" + PROVIDER_ID + "}", HttpMethod.GET.name()); + DINGTALK_OAUTH.getLoginPathPrefix() + "/" + "{" + PROVIDER_CODE + "}", + HttpMethod.GET.name()); /** * Creates a new instance @@ -108,7 +110,7 @@ public class DingtalkOauthAuthenticationFilter extends AbstractIdpAuthentication TraceUtils.put(UUID.randomUUID().toString()); RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request); Map variables = matcher.getVariables(); - String providerId = variables.get(PROVIDER_ID); + String providerId = variables.get(PROVIDER_CODE); //code 钉钉新版登录为 authCode String code = request.getParameter(AUTH_CODE); if (StringUtils.isEmpty(code)) { @@ -154,7 +156,7 @@ public class DingtalkOauthAuthenticationFilter extends AbstractIdpAuthentication } //执行逻辑 IdpUser idpUser = IdpUser.builder().openId(user.getBody().getOpenId()).build(); - return attemptAuthentication(request, response, DINGTALK_OAUTH, providerId, idpUser); + return attemptAuthentication(request, response, DINGTALK_QR, providerId, idpUser); } /** @@ -199,8 +201,8 @@ public class DingtalkOauthAuthenticationFilter extends AbstractIdpAuthentication private Cache cache; public static String getLoginUrl(String providerId) { - String url = ServerContextHelp.getPortalPublicBaseUrl() - + DINGTALK_OAUTH.getLoginPathPrefix() + "/" + providerId; + String url = ServerContextHelp.getPortalPublicBaseUrl() + DINGTALK_QR.getLoginPathPrefix() + + "/" + providerId; return HttpUrlUtils.format(url); } diff --git a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java index 6e399153..a949aaa0 100644 --- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthenticationFilter.java @@ -59,17 +59,14 @@ import cn.topiam.employee.authentication.common.modal.IdpUser; import cn.topiam.employee.authentication.common.service.UserIdpService; import cn.topiam.employee.authentication.dingtalk.DingTalkIdpScanCodeConfig; import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; -import cn.topiam.employee.common.enums.IdentityProviderType; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; import cn.topiam.employee.core.context.ServerContextHelp; import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.trace.TraceUtils; import cn.topiam.employee.support.util.HttpUrlUtils; -import static cn.topiam.employee.authentication.dingtalk.constant.DingTalkAuthenticationConstants.GET_USERINFO_BY_CODE; -import static cn.topiam.employee.authentication.dingtalk.constant.DingTalkAuthenticationConstants.GET_USERINFO_BY_USERID; -import static cn.topiam.employee.authentication.dingtalk.constant.DingTalkAuthenticationConstants.GET_USERID_BY_UNIONID; -import static cn.topiam.employee.authentication.dingtalk.filter.DingtalkScanCodeAuthorizationRequestGetFilter.PROVIDER_ID; -import static cn.topiam.employee.common.enums.IdentityProviderType.DINGTALK_SCAN_CODE; +import static cn.topiam.employee.authentication.common.IdentityProviderType.DINGTALK_QR; +import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.PROVIDER_CODE; +import static cn.topiam.employee.authentication.dingtalk.constant.DingTalkAuthenticationConstants.*; /** * 钉钉认证过滤器 @@ -82,14 +79,13 @@ import static cn.topiam.employee.common.enums.IdentityProviderType.DINGTALK_SCAN @SuppressWarnings("DuplicatedCode") public class DingtalkScanCodeAuthenticationFilter extends AbstractIdpAuthenticationProcessingFilter { - public static final String DEFAULT_FILTER_PROCESSES_URI = DINGTALK_SCAN_CODE + public final static String DEFAULT_FILTER_PROCESSES_URI = DINGTALK_QR .getLoginPathPrefix() + "/*"; /** * AntPathRequestMatcher */ public static final AntPathRequestMatcher REQUEST_MATCHER = new AntPathRequestMatcher( - DINGTALK_SCAN_CODE.getLoginPathPrefix() + "/" + "{" + PROVIDER_ID + "}", - HttpMethod.GET.name()); + DINGTALK_QR.getLoginPathPrefix() + "/" + "{" + PROVIDER_CODE + "}", HttpMethod.GET.name()); /** * Creates a new instance @@ -119,7 +115,7 @@ public class DingtalkScanCodeAuthenticationFilter extends TraceUtils.put(UUID.randomUUID().toString()); RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request); Map variables = matcher.getVariables(); - String providerId = variables.get(PROVIDER_ID); + String providerId = variables.get(PROVIDER_CODE); //code String code = request.getParameter(OAuth2ParameterNames.CODE); if (StringUtils.isEmpty(code)) { @@ -197,8 +193,7 @@ public class DingtalkScanCodeAuthenticationFilter extends //4、执行逻辑 OapiV2UserGetResponse.UserGetResponse result = rspGetResponse.getResult(); IdpUser idpUser = IdpUser.builder().openId(result.getUserid()).build(); - return attemptAuthentication(request, response, IdentityProviderType.DINGTALK_SCAN_CODE, - providerId, idpUser); + return attemptAuthentication(request, response, DINGTALK_QR, providerId, idpUser); } /** @@ -236,8 +231,8 @@ public class DingtalkScanCodeAuthenticationFilter extends private Cache cache; public static String getLoginUrl(String providerId) { - String url = ServerContextHelp.getPortalPublicBaseUrl() - + DINGTALK_SCAN_CODE.getLoginPathPrefix() + "/" + providerId; + String url = ServerContextHelp.getPortalPublicBaseUrl() + DINGTALK_QR.getLoginPathPrefix() + + "/" + providerId; return HttpUrlUtils.format(url); } diff --git a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthorizationRequestGetFilter.java b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthorizationRequestGetFilter.java index 799b6638..581440d3 100644 --- a/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthorizationRequestGetFilter.java +++ b/eiam-authentication/eiam-authentication-dingtalk/src/main/java/cn/topiam/employee/authentication/dingtalk/filter/DingtalkScanCodeAuthorizationRequestGetFilter.java @@ -55,10 +55,11 @@ import cn.topiam.employee.support.util.HttpResponseUtils; import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.CODE; import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.RESPONSE_TYPE; +import static cn.topiam.employee.authentication.common.IdentityProviderType.DINGTALK_QR; +import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.PROVIDER_CODE; import static cn.topiam.employee.authentication.dingtalk.constant.DingTalkAuthenticationConstants.APP_ID; import static cn.topiam.employee.authentication.dingtalk.constant.DingTalkAuthenticationConstants.SCAN_CODE_URL_AUTHORIZE; import static cn.topiam.employee.authentication.dingtalk.filter.DingtalkScanCodeAuthenticationFilter.getLoginUrl; -import static cn.topiam.employee.common.enums.IdentityProviderType.DINGTALK_SCAN_CODE; /** * 微信扫码登录请求重定向过滤器 @@ -72,16 +73,11 @@ public class DingtalkScanCodeAuthorizationRequestGetFilter extends OncePerReques private final Logger logger = LoggerFactory .getLogger(DingtalkScanCodeAuthorizationRequestGetFilter.class); - /** - * 提供商ID - */ - public static final String PROVIDER_ID = "providerId"; - /** * AntPathRequestMatcher */ public static final AntPathRequestMatcher DINGTALK_SCAN_CODE_REQUEST_MATCHER = new AntPathRequestMatcher( - DINGTALK_SCAN_CODE.getAuthorizationPathPrefix() + "/" + "{" + PROVIDER_ID + "}", + DINGTALK_QR.getAuthorizationPathPrefix() + "/" + "{" + PROVIDER_CODE + "}", HttpMethod.GET.name()); /** @@ -109,9 +105,9 @@ public class DingtalkScanCodeAuthorizationRequestGetFilter extends OncePerReques } Map variables = matcher.getVariables(); //校验身份提供商 - String providerId = variables.get(PROVIDER_ID); + String providerCode = variables.get(PROVIDER_CODE); Optional optional = identityProviderRepository - .findByIdAndEnabledIsTrue(Long.valueOf(providerId)); + .findByCodeAndEnabledIsTrue(providerCode); if (optional.isEmpty()) { logger.error("身份提供商不存在"); throw new NullPointerException("身份提供商不存在"); @@ -131,7 +127,7 @@ public class DingtalkScanCodeAuthorizationRequestGetFilter extends OncePerReques .clientId(config.getAppKey()) .scopes(Sets.newHashSet("snsapi_login")) .authorizationUri(SCAN_CODE_URL_AUTHORIZE) - .redirectUri(getLoginUrl(providerId)) + .redirectUri(getLoginUrl(optional.get().getCode())) .state(DEFAULT_STATE_GENERATOR.generateKey()) .attributes(attributes); builder.parameters(parameters -> { diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/geetest/GeeTestCaptchaProviderConfig.java b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/FeiShuIdpScanCodeConfig.java similarity index 57% rename from eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/geetest/GeeTestCaptchaProviderConfig.java rename to eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/FeiShuIdpScanCodeConfig.java index 498f065f..d7a3ff51 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/geetest/GeeTestCaptchaProviderConfig.java +++ b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/FeiShuIdpScanCodeConfig.java @@ -1,5 +1,5 @@ /* - * eiam-core - Employee Identity and Access Management Program + * eiam-authentication-feishu - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,37 +15,38 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.core.security.captcha.geetest; +package cn.topiam.employee.authentication.feishu; import java.io.Serial; -import javax.validation.constraints.NotEmpty; +import javax.validation.constraints.NotBlank; -import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig; +import cn.topiam.employee.authentication.common.config.IdentityProviderConfig; import lombok.Data; import lombok.EqualsAndHashCode; /** - * 极速验证码 + * 飞书扫码 认证配置 + * * @author TopIAM - * Created by support@topiam.cn on 2022/8/14 22:44 + * Created by support@topiam.cn on 2022/12/19 22:58 */ @Data @EqualsAndHashCode(callSuper = true) -public class GeeTestCaptchaProviderConfig extends CaptchaProviderConfig { - +public class FeiShuIdpScanCodeConfig extends IdentityProviderConfig { @Serial - private static final long serialVersionUID = 3279601494863893521L; - /** - * 验证码ID - */ - @NotEmpty(message = "验证码ID不能为空") - private String captchaId; + private static final long serialVersionUID = -6850223527422243076L; /** - * 验证码KEY + * APP ID */ - @NotEmpty(message = "验证码KEY不能为空") - private String captchaKey; + @NotBlank(message = "APP ID 不能为空") + private String appId; + + /** + * APP Secret + */ + @NotBlank(message = "APP Secret 不能为空") + private String appSecret; } diff --git a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/configurer/FeiShuScanCodeAuthenticationConfigurer.java b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/configurer/FeiShuScanCodeAuthenticationConfigurer.java new file mode 100644 index 00000000..fd9ecf4c --- /dev/null +++ b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/configurer/FeiShuScanCodeAuthenticationConfigurer.java @@ -0,0 +1,91 @@ +/* + * eiam-authentication-feishu - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.feishu.configurer; + +import org.springframework.security.config.annotation.web.HttpSecurityBuilder; +import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; +import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; +import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.util.matcher.OrRequestMatcher; +import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.util.Assert; + +import cn.topiam.employee.authentication.common.service.UserIdpService; +import cn.topiam.employee.authentication.feishu.filter.FeiShuAuthorizationRequestGetFilter; +import cn.topiam.employee.authentication.feishu.filter.FeiShuLoginAuthenticationFilter; +import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; + +/** + * 认证配置 + * + * @author TopIAM + * Created by support@topiam.cn on 2021/12/19 23:58 + */ +public final class FeiShuScanCodeAuthenticationConfigurer> extends + AbstractAuthenticationFilterConfigurer, FeiShuLoginAuthenticationFilter> { + + private final IdentityProviderRepository identityProviderRepository; + private final UserIdpService userIdpService; + + public FeiShuScanCodeAuthenticationConfigurer(IdentityProviderRepository identityProviderRepository, + UserIdpService userIdpService) { + Assert.notNull(identityProviderRepository, "identityProviderRepository must not be null"); + Assert.notNull(userIdpService, "userIdpService must not be null"); + this.identityProviderRepository = identityProviderRepository; + this.userIdpService = userIdpService; + } + + /** + * Create the {@link RequestMatcher} given a loginProcessingUrl + * + * @param loginProcessingUrl creates the {@link RequestMatcher} based upon the + * loginProcessingUrl + * @return the {@link RequestMatcher} to use based upon the loginProcessingUrl + */ + @Override + protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { + return new AntPathRequestMatcher(loginProcessingUrl); + } + + @Override + public void init(H http) throws Exception { + //微信扫码登录认证 + FeiShuLoginAuthenticationFilter loginAuthenticationFilter = new FeiShuLoginAuthenticationFilter( + identityProviderRepository, userIdpService); + this.setAuthenticationFilter(loginAuthenticationFilter); + //处理URL + super.loginProcessingUrl(FeiShuLoginAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); + super.init(http); + } + + @Override + public void configure(H http) throws Exception { + //微信扫码请求重定向 + FeiShuAuthorizationRequestGetFilter requestRedirectFilter = new FeiShuAuthorizationRequestGetFilter( + identityProviderRepository); + http.addFilterBefore(requestRedirectFilter, OAuth2AuthorizationRequestRedirectFilter.class); + http.addFilterBefore(this.getAuthenticationFilter(), OAuth2LoginAuthenticationFilter.class); + super.configure(http); + } + + public RequestMatcher getRequestMatcher() { + return new OrRequestMatcher(FeiShuAuthorizationRequestGetFilter.getRequestMatcher(), + FeiShuLoginAuthenticationFilter.getRequestMatcher()); + } +} diff --git a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/constant/FeiShuAuthenticationConstants.java b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/constant/FeiShuAuthenticationConstants.java new file mode 100644 index 00000000..532424a3 --- /dev/null +++ b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/constant/FeiShuAuthenticationConstants.java @@ -0,0 +1,39 @@ +/* + * eiam-authentication-feishu - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.feishu.constant; + +/** + * 飞书认证常量 + * + * @author TopIAM + * Created by support@topiam.cn on 2021/12/19 23:19 + */ +public final class FeiShuAuthenticationConstants { + + public static final String AUTHORIZATION_REQUEST = "https://passport.feishu.cn/suite/passport/oauth/authorize"; + public static final String ACCESS_TOKEN = "https://passport.feishu.cn/suite/passport/oauth/token"; + public static final String USER_INFO = "https://passport.feishu.cn/suite/passport/oauth/userinfo"; + + public static final String CLIENT_ID = "client_id"; + public static final String CLIENT_SECRET = "client_secret"; + public static final String OPEN_ID = "open_id"; + + public static final String CODE = "code"; + public static final String HREF = "href"; + +} \ No newline at end of file diff --git a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuAuthenticationFilter.java b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuAuthenticationFilter.java deleted file mode 100644 index 5fe2fcf3..00000000 --- a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuAuthenticationFilter.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * eiam-authentication-feishu - Employee Identity and Access Management Program - * Copyright © 2020-2023 TopIAM (support@topiam.cn) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package cn.topiam.employee.authentication.feishu.filter; - -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; -import org.springframework.security.web.util.matcher.RequestMatcher; - -/** - * 飞书认证过滤器 - * https://open.feishu.cn/document/common-capabilities/sso/web-application-sso/qr-sdk-documentation - * - * @author TopIAM - * Created by support@topiam.cn on 2021/12/8 21:11 - */ -public class FeiShuAuthenticationFilter extends AbstractAuthenticationProcessingFilter { - - /** - * Creates a new instance - * - * @param requiresAuthenticationRequestMatcher the {@link RequestMatcher} used to - * determine if authentication is required. Cannot be null. - */ - protected FeiShuAuthenticationFilter(RequestMatcher requiresAuthenticationRequestMatcher) { - super(requiresAuthenticationRequestMatcher); - } - - /** - * qq认证 - * - * @param request {@link HttpServletRequest} - * @param response {@link HttpServletRequest} - * @return {@link HttpServletRequest} - * @throws AuthenticationException AuthenticationException - * @throws IOException IOException - * @throws ServletException ServletException - */ - @Override - public Authentication attemptAuthentication(HttpServletRequest request, - HttpServletResponse response) throws AuthenticationException, - IOException, - ServletException { - //@formatter:off - - //@formatter:on - return null; - } -} diff --git a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuAuthorizationRequestGetFilter.java b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuAuthorizationRequestGetFilter.java new file mode 100644 index 00000000..52869b93 --- /dev/null +++ b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuAuthorizationRequestGetFilter.java @@ -0,0 +1,163 @@ +/* + * eiam-authentication-feishu - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.feishu.filter; + +import java.io.IOException; +import java.util.*; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.checkerframework.checker.nullness.qual.Nullable; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.HttpMethod; +import org.springframework.lang.NonNull; +import org.springframework.security.crypto.keygen.Base64StringKeyGenerator; +import org.springframework.security.crypto.keygen.StringKeyGenerator; +import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository; +import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; +import org.springframework.security.web.DefaultRedirectStrategy; +import org.springframework.security.web.RedirectStrategy; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.util.Assert; +import org.springframework.web.filter.OncePerRequestFilter; + +import com.alibaba.fastjson2.JSONObject; +import com.google.common.collect.Maps; + +import cn.topiam.employee.authentication.feishu.FeiShuIdpScanCodeConfig; +import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; +import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.RESPONSE_TYPE; + +import static cn.topiam.employee.authentication.common.IdentityProviderType.FEISHU_OAUTH; +import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.PROVIDER_CODE; +import static cn.topiam.employee.authentication.feishu.constant.FeiShuAuthenticationConstants.*; +import static cn.topiam.employee.authentication.feishu.filter.FeiShuLoginAuthenticationFilter.getLoginUrl; + +/** + * 飞书认证过滤器 + * + * https://open.feishu.cn/document/common-capabilities/sso/web-application-sso/qr-sdk-documentation + * + * @author TopIAM + * Created by support@topiam.cn on 2021/12/8 21:11 + */ +public class FeiShuAuthorizationRequestGetFilter extends OncePerRequestFilter { + + private final Logger logger = LoggerFactory + .getLogger(FeiShuAuthorizationRequestGetFilter.class); + + /** + * AntPathRequestMatcher + */ + public static final AntPathRequestMatcher FEI_SHU_SCAN_CODE_REQUEST_MATCHER = new AntPathRequestMatcher( + FEISHU_OAUTH.getAuthorizationPathPrefix() + "/" + "{" + PROVIDER_CODE + "}", + HttpMethod.GET.name()); + + /** + * 认证请求存储库 + */ + private final AuthorizationRequestRepository authorizationRequestRepository = new HttpSessionOAuth2AuthorizationRequestRepository(); + + private static final StringKeyGenerator DEFAULT_STATE_GENERATOR = new Base64StringKeyGenerator( + Base64.getUrlEncoder()); + private final IdentityProviderRepository identityProviderRepository; + + public FeiShuAuthorizationRequestGetFilter(IdentityProviderRepository identityProviderRepository) { + this.identityProviderRepository = identityProviderRepository; + } + + @Override + protected void doFilterInternal(@NonNull HttpServletRequest request, + @NonNull HttpServletResponse response, + @NonNull FilterChain filterChain) throws IOException, + ServletException { + RequestMatcher.MatchResult matcher = FEI_SHU_SCAN_CODE_REQUEST_MATCHER.matcher(request); + if (!matcher.isMatch()) { + filterChain.doFilter(request, response); + return; + } + Map variables = matcher.getVariables(); + String providerCode = variables.get(PROVIDER_CODE); + Optional optional = identityProviderRepository + .findByCodeAndEnabledIsTrue(providerCode); + if (optional.isEmpty()) { + throw new NullPointerException("未查询到身份提供商信息"); + } + IdentityProviderEntity entity = optional.get(); + FeiShuIdpScanCodeConfig config = JSONObject.parseObject(entity.getConfig(), + FeiShuIdpScanCodeConfig.class); + Assert.notNull(config, "飞书扫码登录配置不能为空"); + //构建授权请求 + //@formatter:off + HashMap<@Nullable String, @Nullable Object> attributes = Maps.newHashMap(); + attributes.put(RESPONSE_TYPE, CODE); + OAuth2AuthorizationRequest.Builder builder = OAuth2AuthorizationRequest.authorizationCode() + .clientId(config.getAppId()) + .authorizationUri(AUTHORIZATION_REQUEST) + .redirectUri(getLoginUrl(optional.get().getCode())) + .state(DEFAULT_STATE_GENERATOR.generateKey()) + .attributes(attributes); + //@formatter:on + builder.parameters(parameters -> { + HashMap linkedParameters = new LinkedHashMap<>(); + parameters.forEach((key, value) -> { + if (OAuth2ParameterNames.CLIENT_ID.equals(key)) { + linkedParameters.put(CLIENT_ID, value); + } + if (OAuth2ParameterNames.STATE.equals(key)) { + linkedParameters.put(OAuth2ParameterNames.STATE, value); + } + if (OAuth2ParameterNames.REDIRECT_URI.equals(key)) { + linkedParameters.put(OAuth2ParameterNames.REDIRECT_URI, value); + } + if (RESPONSE_TYPE.equals(key)) { + linkedParameters.put(RESPONSE_TYPE, value); + } + }); + parameters.clear(); + parameters.putAll(linkedParameters); + }); + this.sendRedirectForAuthorization(request, response, builder.build()); + } + + private void sendRedirectForAuthorization(HttpServletRequest request, + HttpServletResponse response, + OAuth2AuthorizationRequest authorizationRequest) throws IOException { + this.authorizationRequestRepository.saveAuthorizationRequest(authorizationRequest, request, + response); + this.authorizationRedirectStrategy.sendRedirect(request, response, + authorizationRequest.getAuthorizationRequestUri()); + } + + /** + * 重定向策略 + */ + private final RedirectStrategy authorizationRedirectStrategy = new DefaultRedirectStrategy(); + + public static RequestMatcher getRequestMatcher() { + return FEI_SHU_SCAN_CODE_REQUEST_MATCHER; + } +} diff --git a/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java new file mode 100644 index 00000000..de02dcfe --- /dev/null +++ b/eiam-authentication/eiam-authentication-feishu/src/main/java/cn/topiam/employee/authentication/feishu/filter/FeiShuLoginAuthenticationFilter.java @@ -0,0 +1,152 @@ +/* + * eiam-authentication-feishu - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.feishu.filter; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; +import java.util.Objects; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.apache.http.message.BasicHeader; +import org.springframework.http.HttpMethod; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2AuthenticationException; +import org.springframework.security.oauth2.core.OAuth2Error; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.util.matcher.RequestMatcher; + +import com.alibaba.fastjson2.JSON; +import com.alibaba.fastjson2.JSONObject; +import com.nimbusds.oauth2.sdk.GrantType; + +import cn.topiam.employee.authentication.common.filter.AbstractIdpAuthenticationProcessingFilter; +import cn.topiam.employee.authentication.common.modal.IdpUser; +import cn.topiam.employee.authentication.common.service.UserIdpService; +import cn.topiam.employee.authentication.feishu.FeiShuIdpScanCodeConfig; +import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; +import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import cn.topiam.employee.core.context.ServerContextHelp; +import cn.topiam.employee.support.util.HttpClientUtils; +import static cn.topiam.employee.authentication.common.IdentityProviderType.FEISHU_OAUTH; +import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.PROVIDER_CODE; +import static cn.topiam.employee.authentication.feishu.constant.FeiShuAuthenticationConstants.*; + +/** + * 飞书扫码登录过滤器 + * + * @author TopIAM + * Created by support@topiam.cn on 2021/12/8 21:11 + */ +public class FeiShuLoginAuthenticationFilter extends AbstractIdpAuthenticationProcessingFilter { + + public final static String DEFAULT_FILTER_PROCESSES_URI = FEISHU_OAUTH + .getLoginPathPrefix() + "/*"; + public static final AntPathRequestMatcher REQUEST_MATCHER = new AntPathRequestMatcher( + FEISHU_OAUTH.getLoginPathPrefix() + "/" + "{" + PROVIDER_CODE + "}", HttpMethod.GET.name()); + + /** + * Creates a new instance + * + * @param identityProviderRepository the {@link IdentityProviderRepository} + * @param authenticationUserDetails {@link UserIdpService} + */ + public FeiShuLoginAuthenticationFilter(IdentityProviderRepository identityProviderRepository, + UserIdpService authenticationUserDetails) { + super(DEFAULT_FILTER_PROCESSES_URI, authenticationUserDetails, identityProviderRepository); + } + + /** + * 飞书认证 + * + * @param request {@link HttpServletRequest} + * @param response {@link HttpServletRequest} + * @return {@link HttpServletRequest} + * @throws AuthenticationException {@link AuthenticationException} AuthenticationException + */ + @Override + public Authentication attemptAuthentication(HttpServletRequest request, + HttpServletResponse response) throws AuthenticationException, + IOException { + OAuth2AuthorizationRequest authorizationRequest = getOAuth2AuthorizationRequest(request, + response); + RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request); + Map variables = matcher.getVariables(); + String providerCode = variables.get(PROVIDER_CODE); + //code + String code = request.getParameter(OAuth2ParameterNames.CODE); + if (StringUtils.isEmpty(code)) { + OAuth2Error oauth2Error = new OAuth2Error(INVALID_CODE_PARAMETER_ERROR_CODE); + throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); + } + // state + String state = request.getParameter(OAuth2ParameterNames.STATE); + if (StringUtils.isEmpty(state)) { + OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE); + throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); + } + if (!authorizationRequest.getState().equals(state)) { + OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE); + throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); + } + //获取身份提供商 + IdentityProviderEntity provider = getIdentityProviderEntity(providerCode); + FeiShuIdpScanCodeConfig config = JSONObject.parseObject(provider.getConfig(), + FeiShuIdpScanCodeConfig.class); + if (Objects.isNull(config)) { + logger.error("未查询到飞书扫码登录配置"); + //无效身份提供商 + OAuth2Error oauth2Error = new OAuth2Error( + AbstractIdpAuthenticationProcessingFilter.INVALID_IDP_CONFIG); + throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString()); + } + //获取access token + HashMap param = new HashMap<>(16); + param.put(CLIENT_ID, config.getAppId()); + param.put(CLIENT_SECRET, config.getAppSecret()); + param.put(OAuth2ParameterNames.CODE, code); + param.put(OAuth2ParameterNames.REDIRECT_URI, getLoginUrl(provider.getCode())); + param.put(OAuth2ParameterNames.GRANT_TYPE, GrantType.AUTHORIZATION_CODE.getValue()); + JSONObject result = JSON.parseObject(HttpClientUtils.post(ACCESS_TOKEN, param)); + // 获取user信息 + param = new HashMap<>(16); + BasicHeader authorization = new BasicHeader( + "Authorization", result.getString(OAuth2ParameterNames.TOKEN_TYPE) + " " + + result.getString(OAuth2ParameterNames.ACCESS_TOKEN)); + result = JSON.parseObject(HttpClientUtils.get(USER_INFO, param, authorization)); + // 返回 + IdpUser idpUser = IdpUser.builder().openId(result.getString(OPEN_ID)).build(); + return attemptAuthentication(request, response, FEISHU_OAUTH, providerCode, idpUser); + } + + public static String getLoginUrl(String providerId) { + String url = ServerContextHelp.getPortalPublicBaseUrl() + FEISHU_OAUTH.getLoginPathPrefix() + + "/" + providerId; + return url.replaceAll("(?. + */ +package cn.topiam.employee.authentication.mfa; + +import org.springframework.security.config.annotation.web.HttpSecurityBuilder; +import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; +import org.springframework.security.web.authentication.AuthenticationFailureHandler; +import org.springframework.security.web.authentication.AuthenticationSuccessHandler; +import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.util.Assert; + +import cn.topiam.employee.core.security.otp.OtpContextHelp; + +/** + * Mfa Authentication Configurer + * + * @author TopIAM + * Created by support@topiam.cn on 2021/9/10 22:58 + */ +public final class MfaAuthenticationConfigurer> extends + AbstractAuthenticationFilterConfigurer, MfaAuthenticationFilter> { + + private final OtpContextHelp otpContextHelp; + private final MfaAuthenticationHandler mfaAuthenticationHandler; + + public MfaAuthenticationConfigurer(OtpContextHelp otpContextHelp, + AuthenticationSuccessHandler successHandler, + AuthenticationFailureHandler authenticationFailureHandler) { + Assert.notNull(otpContextHelp, "otpContextHelp must not be null"); + Assert.notNull(successHandler, "successHandler must not be null"); + Assert.notNull(authenticationFailureHandler, + "authenticationFailureHandler must not be null"); + this.otpContextHelp = otpContextHelp; + mfaAuthenticationHandler = new MfaAuthenticationHandler(successHandler, + authenticationFailureHandler); + } + + /** + * Create the {@link RequestMatcher} given a loginProcessingUrl + * + * @param loginProcessingUrl creates the {@link RequestMatcher} based upon the + * loginProcessingUrl + * @return the {@link RequestMatcher} to use based upon the loginProcessingUrl + */ + @Override + protected RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl) { + return new AntPathRequestMatcher(loginProcessingUrl); + } + + @Override + public void init(H http) throws Exception { + //设置登录成功失败处理器 + super.successHandler(mfaAuthenticationHandler); + super.failureHandler(mfaAuthenticationHandler); + //MFA认证 + MfaAuthenticationFilter loginAuthenticationFilter = new MfaAuthenticationFilter(); + this.setAuthenticationFilter(loginAuthenticationFilter); + //处理URL + super.loginProcessingUrl(MfaAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); + super.init(http); + } + + @Override + public void configure(H http) throws Exception { + //Mfa认证方式 + http.addFilterBefore(new MfaAuthenticationMfaFactorsFilter(), + UsernamePasswordAuthenticationFilter.class); + //Mfa认证方式 + http.addFilterAfter(new MfaAuthenticationSendOtpFilter(otpContextHelp), + MfaAuthenticationMfaFactorsFilter.class); + //Mfa认证 + http.addFilterAfter(this.getAuthenticationFilter(), + MfaAuthenticationMfaFactorsFilter.class); + super.configure(http); + } + + public static RequestMatcher getRequestMatcher() { + return MfaAuthenticationFilter.getRequestMatcher(); + } + +} diff --git a/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationFilter.java b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationFilter.java new file mode 100644 index 00000000..9d1a4d67 --- /dev/null +++ b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationFilter.java @@ -0,0 +1,141 @@ +/* + * eiam-authentication-mfa - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.mfa; + +import java.util.Objects; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.HttpMethod; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.util.matcher.RequestMatcher; + +import cn.topiam.employee.authentication.mfa.email.EmailOtpProviderValidator; +import cn.topiam.employee.authentication.mfa.sms.SmsOtpProviderValidator; +import cn.topiam.employee.authentication.mfa.totp.TotpProviderValidator; +import cn.topiam.employee.common.entity.account.UserEntity; +import cn.topiam.employee.common.enums.MfaFactor; +import cn.topiam.employee.core.security.mfa.MfaAuthentication; +import cn.topiam.employee.core.security.mfa.exception.MfaRequiredException; +import cn.topiam.employee.core.security.util.UserUtils; +import static cn.topiam.employee.authentication.mfa.constant.MfaAuthenticationConstants.MFA_VALIDATE; +import static cn.topiam.employee.common.enums.MfaFactor.SMS_OTP; + +/** + * MFA 认证过滤器 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/7/29 22:23 + */ +public class MfaAuthenticationFilter extends AbstractAuthenticationProcessingFilter { + private final Logger logger = LoggerFactory + .getLogger(MfaAuthenticationFilter.class); + public static final String SPRING_SECURITY_FORM_CODE_KEY = "otp"; + public static final String SPRING_SECURITY_FORM_TOTP_KEY = "totp"; + + public static final String SPRING_SECURITY_FORM_TYPE_KEY = "type"; + public final static String DEFAULT_FILTER_PROCESSES_URI = MFA_VALIDATE; + + public static final RequestMatcher MFA_LOGIN_MATCHER = new AntPathRequestMatcher( + DEFAULT_FILTER_PROCESSES_URI, HttpMethod.POST.name()); + + protected MfaAuthenticationFilter() { + super(MFA_LOGIN_MATCHER); + } + + protected static RequestMatcher getRequestMatcher() { + return MFA_LOGIN_MATCHER; + } + + /** + * Performs actual authentication. + *

+ * The implementation should do one of the following: + *

    + *
  1. Return a populated authentication token for the authenticated user, indicating + * successful authentication
  2. + *
  3. Return null, indicating that the authentication process is still in progress. + * Before returning, the implementation should perform any additional work required to + * complete the process.
  4. + *
  5. Throw an AuthenticationException if the authentication process + * fails
  6. + *
+ * + * @param request from which to extract parameters and perform the authentication + * @param response the response, which may be needed if the implementation has to do a + * redirect as part of a multi-stage authentication process (such as OpenID). + * @return the authenticated user token, or null if authentication is incomplete. + * @throws AuthenticationException if authentication fails. + */ + @Override + public Authentication attemptAuthentication(HttpServletRequest request, + HttpServletResponse response) throws AuthenticationException { + UserEntity user = UserUtils.getUser(); + MfaAuthentication authentication = (MfaAuthentication) SecurityContextHolder.getContext() + .getAuthentication(); + boolean result = false; + //获取类型 + MfaFactor type = MfaFactor.getType(request.getParameter(SPRING_SECURITY_FORM_TYPE_KEY)); + if (Objects.isNull(type)) { + throw new MfaRequiredException("MFA 类型不存在"); + } + //SMS OPT + if (SMS_OTP.equals(type)) { + String otp = request.getParameter(SPRING_SECURITY_FORM_CODE_KEY); + if (StringUtils.isBlank(otp)) { + throw new MfaRequiredException("OTP 参数不存在"); + } + result = smsOtpProviderValidator.validate(otp); + } + //Mail OPT + if (MfaFactor.EMAIL_OTP.equals(type)) { + String otp = request.getParameter(SPRING_SECURITY_FORM_CODE_KEY); + if (StringUtils.isBlank(otp)) { + throw new MfaRequiredException("OTP 参数不存在"); + } + result = emailOtpProviderValidator.validate(otp); + } + //TOTP + if (MfaFactor.APP_TOTP.equals(type)) { + long totp = Long.parseLong(request.getParameter(SPRING_SECURITY_FORM_TOTP_KEY)); + result = totpProviderValidator.validate(String.valueOf(totp)); + } + if (!result) { + logger.error("用户ID: [{}] 用户名: [{}] {} 认证失败", type.getDesc(), user.getId(), + user.getUsername()); + return authentication; + } + logger.error("用户ID: [{}] 用户名: [{}] {} 认证成功", type.getDesc(), user.getId(), + user.getUsername()); + //认证成功 + authentication.setValidated(true); + return authentication; + } + + protected final EmailOtpProviderValidator emailOtpProviderValidator = new EmailOtpProviderValidator(); + protected final SmsOtpProviderValidator smsOtpProviderValidator = new SmsOtpProviderValidator(); + protected final TotpProviderValidator totpProviderValidator = new TotpProviderValidator(); +} diff --git a/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationHandler.java b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationHandler.java new file mode 100644 index 00000000..33d3c4aa --- /dev/null +++ b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationHandler.java @@ -0,0 +1,147 @@ +/* + * eiam-authentication-mfa - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.mfa; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.springframework.http.HttpStatus; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.web.WebAttributes; +import org.springframework.security.web.authentication.AuthenticationFailureHandler; +import org.springframework.security.web.authentication.AuthenticationSuccessHandler; +import org.springframework.util.Assert; + +import cn.topiam.employee.common.constants.AuthorizeConstants; +import cn.topiam.employee.core.context.ServerContextHelp; +import cn.topiam.employee.core.security.mfa.MfaAuthentication; +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; +import cn.topiam.employee.support.util.HttpUrlUtils; +import static cn.topiam.employee.core.context.SettingContextHelp.isMfaEnabled; +import static cn.topiam.employee.support.constant.EiamConstants.CAPTCHA_CODE_SESSION; +import static cn.topiam.employee.support.constant.EiamConstants.SAVED_REQUEST; +import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml; +import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX000102; + +/** + * 认证处理器 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/7/28 23:36 + */ +@SuppressWarnings("DuplicatedCode") +public class MfaAuthenticationHandler implements AuthenticationSuccessHandler, + AuthenticationFailureHandler { + private static final String REQUIRE_MFA = "require_mfa"; + + private final AuthenticationSuccessHandler successHandler; + private final AuthenticationFailureHandler failureHandler; + + public MfaAuthenticationHandler(AuthenticationSuccessHandler successHandler, + AuthenticationFailureHandler failureHandler) { + Assert.notNull(successHandler, "userIdpService must not be null"); + Assert.notNull(failureHandler, "userIdpService must not be null"); + this.successHandler = successHandler; + this.failureHandler = failureHandler; + } + + /** + * Called when an authentication attempt fails. + * + * @param request the request during which the authentication attempt occurred. + * @param response the response. + * @param exception the exception which was thrown to reject the authentication + * request. + */ + @Override + public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, + AuthenticationException exception) throws IOException, + ServletException { + failureHandler.onAuthenticationFailure(request, response, exception); + } + + /** + * Called when a user has been successfully authenticated. + * + * @param request the request which caused the successful authentication + * @param response the response + * @param authentication the Authentication object which was created during + * the authentication process. + */ + @Override + public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, + Authentication authentication) throws IOException, + ServletException { + boolean isTextHtml = acceptIncludeTextHtml(request); + //TODO MFA启用、但是对象非MFA,说明需要MFA认证 + if (isMfaEnabled() && !(authentication instanceof MfaAuthentication)) { + SecurityContextHolder.getContext() + .setAuthentication(new MfaAuthentication(authentication)); + //Clear Authentication Attributes + clearAuthenticationAttributes(request); + if (response.isCommitted()) { + return; + } + if (!isTextHtml) { + HttpResponseUtils.flushResponseJson(response, HttpStatus.BAD_REQUEST.value(), + ApiRestResult.builder().status(REQUIRE_MFA).message(REQUIRE_MFA).build()); + return; + } + //跳转登录,前端会有接口获取状态,并进行展示 MFA + response.sendRedirect(HttpUrlUtils + .format(ServerContextHelp.getPortalPublicBaseUrl() + AuthorizeConstants.FE_LOGIN)); + return; + } + //TODO Mfa 验证成功 + if (authentication instanceof MfaAuthentication + && ((MfaAuthentication) authentication).getValidated()) { + SecurityContextHolder.getContext() + .setAuthentication(((MfaAuthentication) authentication).getFirst()); + successHandler.onAuthenticationSuccess(request, response, authentication); + return; + } + //TODO Mfa 验证失败 + if (authentication instanceof MfaAuthentication + && !((MfaAuthentication) authentication).getValidated()) { + HttpResponseUtils.flushResponseJson(response, HttpStatus.BAD_REQUEST.value(), + ApiRestResult.builder().status(EX000102.getCode()).message(EX000102.getMessage()) + .build()); + return; + } + successHandler.onAuthenticationSuccess(request, response, authentication); + } + + protected final void clearAuthenticationAttributes(HttpServletRequest request) { + HttpSession session = request.getSession(false); + if (session != null) { + //清理验证码 + session.removeAttribute(CAPTCHA_CODE_SESSION); + //清理保存请求 + session.removeAttribute(SAVED_REQUEST); + //清理认证异常 + session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); + } + } +} diff --git a/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationMfaFactorsFilter.java b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationMfaFactorsFilter.java new file mode 100644 index 00000000..eb479f4f --- /dev/null +++ b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationMfaFactorsFilter.java @@ -0,0 +1,132 @@ +/* + * eiam-authentication-mfa - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.mfa; + +import java.io.IOException; +import java.io.Serial; +import java.io.Serializable; +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.web.filter.OncePerRequestFilter; + +import cn.topiam.employee.common.entity.account.UserEntity; +import cn.topiam.employee.common.enums.MfaFactor; +import cn.topiam.employee.core.security.util.UserUtils; +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.DesensitizationUtil; +import cn.topiam.employee.support.util.HttpResponseUtils; + +import lombok.Builder; +import lombok.Data; +import static cn.topiam.employee.authentication.mfa.constant.MfaAuthenticationConstants.LOGIN_MFA_FACTORS; +import static cn.topiam.employee.core.context.SettingContextHelp.getMfaFactors; + +/** + * MfaAuthenticationMfaFactorsFilter + * + * @author SanLi + * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/1/2 13:28 + */ +public class MfaAuthenticationMfaFactorsFilter extends OncePerRequestFilter { + + public final static String DEFAULT_FILTER_PROCESSES_URI = LOGIN_MFA_FACTORS; + + public static final RequestMatcher LOGIN_MFA_FACTORS_MATCHER = new AntPathRequestMatcher( + DEFAULT_FILTER_PROCESSES_URI, HttpMethod.GET.name()); + + @Override + @SuppressWarnings("AlibabaAvoidComplexCondition") + protected void doFilterInternal(@NotNull HttpServletRequest request, + @NotNull HttpServletResponse response, + @NotNull FilterChain filterChain) throws ServletException, + IOException { + if (!getRequestMatcher().matches(request)) { + filterChain.doFilter(request, response); + return; + } + UserEntity user = UserUtils.getUser(); + List list = new ArrayList<>(); + List factors = getMfaFactors(); + for (MfaFactor provider : factors) { + MfaFactorResult result = MfaFactorResult.builder().build(); + result.setFactor(provider); + result.setUsable(false); + //sms + if (provider.equals(MfaFactor.SMS_OTP) && StringUtils.isNotBlank(user.getPhone())) { + result.setTarget(DesensitizationUtil.phoneEncrypt(user.getPhone())); + result.setUsable(true); + } + //otp + if (provider.equals(MfaFactor.EMAIL_OTP) && StringUtils.isNotBlank(user.getEmail())) { + result.setTarget(DesensitizationUtil.emailEncrypt(user.getEmail())); + result.setUsable(true); + } + //totp + if (provider.equals(MfaFactor.APP_TOTP) + && (!Objects.isNull(user.getTotpBind()) && user.getTotpBind())) { + result.setUsable(true); + } + list.add(result); + } + HttpResponseUtils.flushResponseJson(response, HttpStatus.OK.value(), + ApiRestResult.ok(list)); + } + + public static RequestMatcher getRequestMatcher() { + return LOGIN_MFA_FACTORS_MATCHER; + } + + /** + * Mfa 登录方式 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/8/13 21:29 + */ + @Builder + @Data + public static class MfaFactorResult implements Serializable { + + @Serial + private static final long serialVersionUID = 7255002979319970337L; + /** + * provider + */ + private MfaFactor factor; + /** + * 可用 + */ + private Boolean usable; + /** + * 目标 + */ + private String target; + } +} diff --git a/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationSendOtpFilter.java b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationSendOtpFilter.java new file mode 100644 index 00000000..536bed47 --- /dev/null +++ b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/MfaAuthenticationSendOtpFilter.java @@ -0,0 +1,159 @@ +/* + * eiam-authentication-mfa - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.mfa; + +import java.io.IOException; +import java.io.Serializable; +import java.util.Map; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.validation.ConstraintViolationException; + +import org.jetbrains.annotations.NotNull; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.web.filter.OncePerRequestFilter; + +import com.fasterxml.jackson.databind.ObjectMapper; + +import cn.topiam.employee.common.entity.account.UserEntity; +import cn.topiam.employee.common.enums.MailType; +import cn.topiam.employee.common.enums.MessageNoticeChannel; +import cn.topiam.employee.common.enums.SmsType; +import cn.topiam.employee.common.exception.LoginOtpActionNotSupportException; +import cn.topiam.employee.common.util.RequestUtils; +import cn.topiam.employee.core.security.mfa.MfaAuthentication; +import cn.topiam.employee.core.security.otp.OtpContextHelp; +import cn.topiam.employee.core.security.userdetails.UserDetails; +import cn.topiam.employee.core.security.util.SecurityUtils; +import cn.topiam.employee.core.security.util.UserUtils; +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; +import cn.topiam.employee.support.validation.ValidationHelp; + +import lombok.Data; + +import io.swagger.v3.oas.annotations.Parameter; +import static cn.topiam.employee.authentication.mfa.constant.MfaAuthenticationConstants.OTP_SEND_OTP; + +/** + * 发送短信OPT + * + * @author SanLi + * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/1/1 22:01 + */ +public class MfaAuthenticationSendOtpFilter extends OncePerRequestFilter { + public final static String DEFAULT_FILTER_PROCESSES_URI = OTP_SEND_OTP; + + public static final RequestMatcher SMS_SEND_OPT_MATCHER = new AntPathRequestMatcher( + DEFAULT_FILTER_PROCESSES_URI, HttpMethod.POST.name()); + + @Override + protected void doFilterInternal(@NotNull HttpServletRequest request, + @NotNull HttpServletResponse response, + @NotNull FilterChain filterChain) throws ServletException, + IOException { + if (!getRequestMatcher().matches(request)) { + filterChain.doFilter(request, response); + return; + } + SecurityContext securityContext = SecurityUtils.getSecurityContext(); + Authentication authentication = securityContext.getAuthentication(); + //非MFA对象 + if (!(authentication instanceof MfaAuthentication)) { + HttpResponseUtils.flushResponseJson(response, HttpStatus.UNAUTHORIZED.value(), + ApiRestResult.ok()); + return; + } + Map params = RequestUtils.getParams(request); + String value = OBJECT_MAPPER.writeValueAsString(params); + SendOtpRequest sendOtpRequest = OBJECT_MAPPER.readValue(value, SendOtpRequest.class); + ValidationHelp.ValidationResult validationResult = ValidationHelp + .validateEntity(sendOtpRequest); + if (validationResult.isHasErrors()) { + throw new ConstraintViolationException(validationResult.getConstraintViolations()); + } + //MFA,从会话上下文中获取手机号及邮箱信息 + UserDetails principal = (UserDetails) ((MfaAuthentication) authentication).getFirst() + .getPrincipal(); + UserEntity user = UserUtils.getUser(principal.getId()); + String email = user.getEmail(); + if (MessageNoticeChannel.MAIL.equals(sendOtpRequest.getChannel())) { + send(email, MessageNoticeChannel.MAIL); + HttpResponseUtils.flushResponseJson(response, HttpStatus.OK.value(), + ApiRestResult.ok()); + return; + } + String phone = user.getPhone(); + if (MessageNoticeChannel.SMS.equals(sendOtpRequest.getChannel())) { + send(phone, MessageNoticeChannel.SMS); + HttpResponseUtils.flushResponseJson(response, HttpStatus.OK.value(), + ApiRestResult.ok()); + return; + } + throw new LoginOtpActionNotSupportException(); + } + + /** + * 发送 + * + * @param target {@link String} + * @param channel {@link MessageNoticeChannel} + */ + private void send(String target, MessageNoticeChannel channel) { + String type; + if (channel == MessageNoticeChannel.MAIL) { + type = MailType.AGAIN_VERIFY.getCode(); + } else { + type = SmsType.AGAIN_VERIFY.getCode(); + } + otpContextHelp.sendOtp(target, type, channel); + } + + /** + * 发送 OTP 请求 + */ + @Data + public static class SendOtpRequest implements Serializable { + /** + * 渠道 + */ + @Parameter(description = "channel") + @javax.validation.constraints.NotNull(message = "消息渠道不能为空") + private MessageNoticeChannel channel; + } + + public static RequestMatcher getRequestMatcher() { + return SMS_SEND_OPT_MATCHER; + } + + private final OtpContextHelp otpContextHelp; + + private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper(); + + public MfaAuthenticationSendOtpFilter(OtpContextHelp otpContextHelp) { + this.otpContextHelp = otpContextHelp; + } +} diff --git a/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/constant/MfaAuthenticationConstants.java b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/constant/MfaAuthenticationConstants.java new file mode 100644 index 00000000..8c79d61a --- /dev/null +++ b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/constant/MfaAuthenticationConstants.java @@ -0,0 +1,48 @@ +/* + * eiam-authentication-mfa - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.mfa.constant; + +import static cn.topiam.employee.common.constants.AuthorizeConstants.LOGIN_PATH; + +/** + * Mfa 认证常量 + * + * @author TopIAM + * Created by support@topiam.cn on 2021/12/19 23:19 + */ +public final class MfaAuthenticationConstants { + /** + * mfa + */ + public static final String LOGIN_MFA = LOGIN_PATH + "/mfa"; + /** + * mfa 登录提供者 + */ + public static final String LOGIN_MFA_FACTORS = LOGIN_MFA + "/factors"; + + /** + * maf 验证 + */ + public static final String MFA_VALIDATE = LOGIN_MFA + "/validate"; + + /** + * 发送 OTP + */ + public static final String OTP_SEND_OTP = LOGIN_MFA + "/send"; + +} \ No newline at end of file diff --git a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/configurer/package-info.java b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/constant/package-info.java similarity index 85% rename from eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/configurer/package-info.java rename to eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/constant/package-info.java index 3c293f6c..d98f7da2 100644 --- a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/configurer/package-info.java +++ b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/constant/package-info.java @@ -1,5 +1,5 @@ /* - * eiam-authentication-sms - Employee Identity and Access Management Program + * eiam-authentication-mfa - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,4 +15,4 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.authentication.sms.configurer; \ No newline at end of file +package cn.topiam.employee.authentication.mfa.constant; \ No newline at end of file diff --git a/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/email/EmailOtpProviderValidator.java b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/email/EmailOtpProviderValidator.java new file mode 100644 index 00000000..6308f87a --- /dev/null +++ b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/email/EmailOtpProviderValidator.java @@ -0,0 +1,47 @@ +/* + * eiam-authentication-mfa - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.mfa.email; + +import cn.topiam.employee.common.entity.account.UserEntity; +import cn.topiam.employee.common.enums.MailType; +import cn.topiam.employee.common.enums.MessageNoticeChannel; +import cn.topiam.employee.core.security.mfa.MfaProviderValidator; +import cn.topiam.employee.core.security.otp.OtpContextHelp; +import cn.topiam.employee.core.security.util.UserUtils; +import cn.topiam.employee.support.context.ApplicationContextHelp; + +/** + * OTP 提供商验证 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/7/31 20:50 + */ +public class EmailOtpProviderValidator implements MfaProviderValidator { + /** + * 验证 + * + * @param code {@link String} + */ + @Override + public boolean validate(String code) { + UserEntity user = UserUtils.getUser(); + OtpContextHelp bean = ApplicationContextHelp.getBean(OtpContextHelp.class); + return bean.checkOtp(MailType.AGAIN_VERIFY.getCode(), MessageNoticeChannel.MAIL, + user.getEmail(), code); + } +} diff --git a/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/sms/SmsOtpProviderValidator.java b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/sms/SmsOtpProviderValidator.java new file mode 100644 index 00000000..bdba5dfc --- /dev/null +++ b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/sms/SmsOtpProviderValidator.java @@ -0,0 +1,47 @@ +/* + * eiam-authentication-mfa - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.mfa.sms; + +import cn.topiam.employee.common.entity.account.UserEntity; +import cn.topiam.employee.common.enums.MessageNoticeChannel; +import cn.topiam.employee.common.enums.SmsType; +import cn.topiam.employee.core.security.mfa.MfaProviderValidator; +import cn.topiam.employee.core.security.otp.OtpContextHelp; +import cn.topiam.employee.core.security.util.UserUtils; +import cn.topiam.employee.support.context.ApplicationContextHelp; + +/** + * 短信 OTP 提供商验证 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/7/31 20:50 + */ +public class SmsOtpProviderValidator implements MfaProviderValidator { + /** + * 验证 + * + * @param code {@link String} + */ + @Override + public boolean validate(String code) { + UserEntity user = UserUtils.getUser(); + OtpContextHelp bean = ApplicationContextHelp.getBean(OtpContextHelp.class); + return bean.checkOtp(SmsType.AGAIN_VERIFY.getCode(), MessageNoticeChannel.SMS, + user.getPhone(), code); + } +} diff --git a/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/totp/TotpProviderValidator.java b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/totp/TotpProviderValidator.java new file mode 100644 index 00000000..e7f92bef --- /dev/null +++ b/eiam-authentication/eiam-authentication-mfa/src/main/java/cn/topiam/employee/authentication/mfa/totp/TotpProviderValidator.java @@ -0,0 +1,45 @@ +/* + * eiam-authentication-mfa - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.mfa.totp; + +import cn.topiam.employee.common.entity.account.UserEntity; +import cn.topiam.employee.core.security.mfa.MfaProviderValidator; +import cn.topiam.employee.core.security.mfa.provider.TotpAuthenticator; +import cn.topiam.employee.core.security.util.UserUtils; + +/** + * Totp 提供商验证 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/7/31 20:50 + */ +public class TotpProviderValidator implements MfaProviderValidator { + /** + * 验证 + * + * @param code {@link String} + */ + @Override + public boolean validate(String code) { + UserEntity user = UserUtils.getUser(); + return totpAuthenticator.checkCode(user.getSharedSecret(), Long.parseLong(code), + System.currentTimeMillis()); + } + + private final TotpAuthenticator totpAuthenticator = new TotpAuthenticator(); +} diff --git a/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2AuthorizationRequestRedirectFilter.java b/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2AuthorizationRequestRedirectFilter.java index 6a6a130b..41b6749e 100644 --- a/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2AuthorizationRequestRedirectFilter.java +++ b/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2AuthorizationRequestRedirectFilter.java @@ -49,8 +49,9 @@ import com.alibaba.fastjson2.JSONObject; import cn.topiam.employee.authentication.qq.QqIdpOauthConfig; import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import static cn.topiam.employee.authentication.common.IdentityProviderType.QQ; +import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.PROVIDER_CODE; import static cn.topiam.employee.authentication.qq.filter.QqOAuth2LoginAuthenticationFilter.getLoginUrl; -import static cn.topiam.employee.common.enums.IdentityProviderType.QQ; import static cn.topiam.employee.portal.idp.qq.constant.QqAuthenticationConstants.URL_AUTHORIZE; /** @@ -64,16 +65,12 @@ public class QqOAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFi private final Logger logger = LoggerFactory .getLogger(QqOAuth2AuthorizationRequestRedirectFilter.class); - /** - * 提供商ID - */ - public static final String PROVIDER_ID = "providerId"; /** * AntPathRequestMatcher */ public static final AntPathRequestMatcher QQ_REQUEST_MATCHER = new AntPathRequestMatcher( - QQ.getAuthorizationPathPrefix() + "/" + "{" + PROVIDER_ID + "}", HttpMethod.GET.name()); + QQ.getAuthorizationPathPrefix() + "/" + "{" + PROVIDER_CODE + "}", HttpMethod.GET.name()); /** * 重定向策略 @@ -104,9 +101,9 @@ public class QqOAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFi return; } Map variables = matcher.getVariables(); - String providerId = variables.get(PROVIDER_ID); + String providerCode = variables.get(PROVIDER_CODE); Optional optional = identityProviderRepository - .findByIdAndEnabledIsTrue(Long.valueOf(providerId)); + .findByCodeAndEnabledIsTrue(providerCode); if (optional.isEmpty()) { throw new NullPointerException("未查询到身份提供商信息"); } @@ -117,7 +114,8 @@ public class QqOAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFi //构建授权请求 OAuth2AuthorizationRequest.Builder builder = OAuth2AuthorizationRequest.authorizationCode() .clientId(config.getAppId()).authorizationUri(URL_AUTHORIZE) - .redirectUri(getLoginUrl(providerId)).state(DEFAULT_STATE_GENERATOR.generateKey()); + .redirectUri(getLoginUrl(optional.get().getCode())) + .state(DEFAULT_STATE_GENERATOR.generateKey()); builder.parameters(parameters -> { parameters.put(OAuth2ParameterNames.RESPONSE_TYPE, OAuth2ParameterNames.CODE); }); diff --git a/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java index c7231645..c197ed4d 100644 --- a/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-qq/src/main/java/cn/topiam/employee/authentication/qq/filter/QqOAuth2LoginAuthenticationFilter.java @@ -53,8 +53,8 @@ import cn.topiam.employee.support.trace.TraceUtils; import cn.topiam.employee.support.util.HttpClientUtils; import static com.nimbusds.oauth2.sdk.GrantType.AUTHORIZATION_CODE; -import static cn.topiam.employee.authentication.qq.filter.QqOAuth2AuthorizationRequestRedirectFilter.PROVIDER_ID; -import static cn.topiam.employee.common.enums.IdentityProviderType.QQ; +import static cn.topiam.employee.authentication.common.IdentityProviderType.QQ; +import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.PROVIDER_CODE; import static cn.topiam.employee.portal.idp.qq.constant.QqAuthenticationConstants.URL_GET_ACCESS_TOKEN; import static cn.topiam.employee.portal.idp.qq.constant.QqAuthenticationConstants.URL_GET_OPEN_ID; @@ -67,10 +67,10 @@ import static cn.topiam.employee.portal.idp.qq.constant.QqAuthenticationConstant @SuppressWarnings({ "AlibabaClassNamingShouldBeCamel", "DuplicatedCode" }) public class QqOAuth2LoginAuthenticationFilter extends AbstractIdpAuthenticationProcessingFilter { final String ERROR_CODE = "error"; - public static final String DEFAULT_FILTER_PROCESSES_URI = QQ.getLoginPathPrefix() + public final static String DEFAULT_FILTER_PROCESSES_URI = QQ.getLoginPathPrefix() + "/*"; public static final AntPathRequestMatcher REQUEST_MATCHER = new AntPathRequestMatcher( - QQ.getLoginPathPrefix() + "/" + "{" + PROVIDER_ID + "}", HttpMethod.GET.name()); + QQ.getLoginPathPrefix() + "/" + "{" + PROVIDER_CODE + "}", HttpMethod.GET.name()); /** * Creates a new instance @@ -100,7 +100,7 @@ public class QqOAuth2LoginAuthenticationFilter extends AbstractIdpAuthentication TraceUtils.put(UUID.randomUUID().toString()); RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request); Map variables = matcher.getVariables(); - String providerId = variables.get(PROVIDER_ID); + String providerId = variables.get(PROVIDER_CODE); //code String code = request.getParameter(OAuth2ParameterNames.CODE); if (StringUtils.isEmpty(code)) { @@ -133,7 +133,7 @@ public class QqOAuth2LoginAuthenticationFilter extends AbstractIdpAuthentication param.put(OAuth2ParameterNames.CLIENT_ID, config.getAppId().trim()); param.put(OAuth2ParameterNames.CLIENT_SECRET, config.getAppKey().trim()); param.put(OAuth2ParameterNames.CODE, code.trim()); - param.put(OAuth2ParameterNames.REDIRECT_URI, getLoginUrl(providerId)); + param.put(OAuth2ParameterNames.REDIRECT_URI, getLoginUrl(provider.getCode())); param.put("fmt", "json"); //注意:QQ不能使用编码后的get请求,否则会报 {"error_description":"redirect uri is illegal","error":100010} JSONObject result = JSON.parseObject(HttpClientUtils.doGet(URL_GET_ACCESS_TOKEN, param)); diff --git a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/SendSmsCaptchaFilter.java b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/SendSmsCaptchaFilter.java new file mode 100644 index 00000000..a708c3be --- /dev/null +++ b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/SendSmsCaptchaFilter.java @@ -0,0 +1,94 @@ +/* + * eiam-authentication-sms - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.sms; + +import java.io.IOException; +import java.util.Objects; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.jetbrains.annotations.NotNull; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.web.filter.OncePerRequestFilter; + +import cn.topiam.employee.authentication.sms.exception.PhoneNotExistException; +import cn.topiam.employee.common.entity.account.UserEntity; +import cn.topiam.employee.common.repository.account.UserRepository; +import cn.topiam.employee.core.security.otp.OtpContextHelp; +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; +import static cn.topiam.employee.authentication.sms.constant.SmsAuthenticationConstants.PHONE_KEY; +import static cn.topiam.employee.authentication.sms.constant.SmsAuthenticationConstants.SMS_SEND_OTP; +import static cn.topiam.employee.common.enums.MessageNoticeChannel.SMS; +import static cn.topiam.employee.common.enums.SmsType.LOGIN; + +/** + * 发送短信OPT + * + * @author SanLi + * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/1/1 22:01 + */ +public class SendSmsCaptchaFilter extends OncePerRequestFilter { + public final static String DEFAULT_FILTER_PROCESSES_URI = SMS_SEND_OTP; + + public static final RequestMatcher SMS_SEND_OPT_MATCHER = new AntPathRequestMatcher( + DEFAULT_FILTER_PROCESSES_URI, HttpMethod.POST.name()); + + @Override + protected void doFilterInternal(@NotNull HttpServletRequest request, + @NotNull HttpServletResponse response, + @NotNull FilterChain filterChain) throws ServletException, + IOException { + if (!getRequestMatcher().matches(request)) { + filterChain.doFilter(request, response); + return; + } + String phone = request.getParameter(PHONE_KEY); + if (StringUtils.isBlank(phone)) { + throw new PhoneNotExistException(); + } + //判断是否存在用户 + UserEntity user = userRepository.findByPhone(phone); + if (Objects.isNull(user)) { + HttpResponseUtils.flushResponseJson(response, HttpStatus.OK.value(), + ApiRestResult.ok()); + return; + } + //发送OPT + otpContextHelp.sendOtp(phone, LOGIN.getCode(), SMS); + } + + public static RequestMatcher getRequestMatcher() { + return SMS_SEND_OPT_MATCHER; + } + + private final UserRepository userRepository; + private final OtpContextHelp otpContextHelp; + + public SendSmsCaptchaFilter(UserRepository userRepository, OtpContextHelp otpContextHelp) { + this.userRepository = userRepository; + this.otpContextHelp = otpContextHelp; + } +} diff --git a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/configurer/SmsAuthenticationConfigurer.java b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/SmsAuthenticationConfigurer.java similarity index 72% rename from eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/configurer/SmsAuthenticationConfigurer.java rename to eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/SmsAuthenticationConfigurer.java index efeecc89..2d87d306 100644 --- a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/configurer/SmsAuthenticationConfigurer.java +++ b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/SmsAuthenticationConfigurer.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.authentication.sms.configurer; +package cn.topiam.employee.authentication.sms; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; @@ -25,7 +25,8 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; -import cn.topiam.employee.authentication.sms.filter.SmsAuthenticationFilter; +import cn.topiam.employee.common.repository.account.UserRepository; +import cn.topiam.employee.core.security.otp.OtpContextHelp; /** * 认证配置 @@ -35,11 +36,20 @@ import cn.topiam.employee.authentication.sms.filter.SmsAuthenticationFilter; */ public final class SmsAuthenticationConfigurer> extends AbstractAuthenticationFilterConfigurer, SmsAuthenticationFilter> { + private final UserRepository userRepository; private final UserDetailsService userDetailsService; - public SmsAuthenticationConfigurer(UserDetailsService userDetailsService) { + private final OtpContextHelp otpContextHelp; + + public SmsAuthenticationConfigurer(UserRepository userRepository, + UserDetailsService userDetailsService, + OtpContextHelp otpContextHelp) { + Assert.notNull(userDetailsService, "userRepository must not be null"); Assert.notNull(userDetailsService, "userDetailsService must not be null"); + Assert.notNull(otpContextHelp, "otpContextHelp must not be null"); this.userDetailsService = userDetailsService; + this.userRepository = userRepository; + this.otpContextHelp = otpContextHelp; } /** @@ -58,7 +68,7 @@ public final class SmsAuthenticationConfigurer> public void init(H http) throws Exception { //SMS SmsAuthenticationFilter loginAuthenticationFilter = new SmsAuthenticationFilter( - userDetailsService); + userDetailsService, otpContextHelp); this.setAuthenticationFilter(loginAuthenticationFilter); //处理URL super.loginProcessingUrl(SmsAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI); @@ -67,12 +77,10 @@ public final class SmsAuthenticationConfigurer> @Override public void configure(H http) throws Exception { - http.addFilterAfter(this.getAuthenticationFilter(), - UsernamePasswordAuthenticationFilter.class); + SendSmsCaptchaFilter sendSmsCaptchaFilter = new SendSmsCaptchaFilter(userRepository, + otpContextHelp); + http.addFilterAfter(sendSmsCaptchaFilter, UsernamePasswordAuthenticationFilter.class); + http.addFilterAfter(this.getAuthenticationFilter(), SendSmsCaptchaFilter.class); super.configure(http); } - - public RequestMatcher getRequestMatcher() { - return SmsAuthenticationFilter.getRequestMatcher(); - } } diff --git a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/filter/SmsAuthenticationFilter.java b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/SmsAuthenticationFilter.java similarity index 71% rename from eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/filter/SmsAuthenticationFilter.java rename to eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/SmsAuthenticationFilter.java index 6e4a579b..074508c4 100644 --- a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/filter/SmsAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/SmsAuthenticationFilter.java @@ -15,12 +15,14 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.authentication.sms.filter; +package cn.topiam.employee.authentication.sms; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.security.authentication.AuthenticationServiceException; @@ -28,15 +30,23 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.util.Assert; +import cn.topiam.employee.authentication.sms.exception.CaptchaNotExistException; +import cn.topiam.employee.authentication.sms.exception.PhoneNotExistException; +import cn.topiam.employee.common.enums.MessageNoticeChannel; import cn.topiam.employee.core.security.authentication.SmsAuthentication; +import cn.topiam.employee.core.security.otp.OtpContextHelp; import cn.topiam.employee.support.result.ApiRestResult; import cn.topiam.employee.support.util.HttpResponseUtils; +import static cn.topiam.employee.authentication.sms.constant.SmsAuthenticationConstants.CODE_KEY; +import static cn.topiam.employee.authentication.sms.constant.SmsAuthenticationConstants.PHONE_KEY; import static cn.topiam.employee.common.constants.AuthorizeConstants.SMS_LOGIN; +import static cn.topiam.employee.common.enums.SmsType.LOGIN; import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX000102; /** @@ -47,28 +57,25 @@ import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX00010 */ public class SmsAuthenticationFilter extends AbstractAuthenticationProcessingFilter { - public static final String PHONE_KEY = "phone"; + private final Logger logger = LoggerFactory + .getLogger(SmsAuthenticationFilter.class); /** * 请求方法 */ public static final String METHOD = "POST"; private String phoneParameter = PHONE_KEY; + private String codeParameter = CODE_KEY; /** * 是否值处理POST请求 */ private boolean postOnly = true; - public static final String DEFAULT_FILTER_PROCESSES_URI = SMS_LOGIN; + public final static String DEFAULT_FILTER_PROCESSES_URI = SMS_LOGIN; public static final RequestMatcher SMS_LOGIN_MATCHER = new AntPathRequestMatcher( DEFAULT_FILTER_PROCESSES_URI, HttpMethod.POST.name()); - public SmsAuthenticationFilter(UserDetailsService userDetailsService) { - super(SMS_LOGIN_MATCHER); - this.userDetailsService = userDetailsService; - } - @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { @@ -79,7 +86,21 @@ public class SmsAuthenticationFilter extends AbstractAuthenticationProcessingFil } // 获取手机号 String phone = StringUtils.defaultString(obtainUsername(request), "").trim(); + if (StringUtils.isBlank(phone)) { + throw new PhoneNotExistException(); + } + String code = StringUtils.defaultString(obtainCode(request), "").trim(); + if (StringUtils.isBlank(code)) { + throw new CaptchaNotExistException(); + } UserDetails userDetails = userDetailsService.loadUserByUsername(phone); + //判断短信验证码 + Boolean checkOtp = otpContextHelp.checkOtp(LOGIN.getCode(), MessageNoticeChannel.SMS, + phone, code); + if (!checkOtp) { + logger.error("用户手机号: [{}], 验证码: [{}] 认证失败", phone, code); + throw new UsernameNotFoundException("用户名或密码错误"); + } SmsAuthentication authentication = new SmsAuthentication(userDetails, phone, userDetails.getAuthorities()); // Allow subclasses to set the "details" property @@ -106,6 +127,10 @@ public class SmsAuthenticationFilter extends AbstractAuthenticationProcessingFil return request.getParameter(phoneParameter); } + protected String obtainCode(HttpServletRequest request) { + return request.getParameter(codeParameter); + } + /** * Provided so that subclasses may configure what is put into the * authentication request's details property. @@ -135,9 +160,18 @@ public class SmsAuthenticationFilter extends AbstractAuthenticationProcessingFil return phoneParameter; } - public void setPhoneParameter(String phoneParameter) { + public final String getCodeParameter() { + return codeParameter; + } + + public void setPhoneParameter(String codeParameter) { Assert.hasText(phoneParameter, "Mobile parameter must not be empty or null"); - this.phoneParameter = phoneParameter; + this.codeParameter = codeParameter; + } + + public void setCodeParameter(String codeParameter) { + Assert.hasText(codeParameter, "Code parameter must not be empty or null"); + this.codeParameter = codeParameter; } public static RequestMatcher getRequestMatcher() { @@ -145,4 +179,13 @@ public class SmsAuthenticationFilter extends AbstractAuthenticationProcessingFil } private final UserDetailsService userDetailsService; + + private final OtpContextHelp otpContextHelp; + + public SmsAuthenticationFilter(UserDetailsService userDetailsService, + OtpContextHelp otpContextHelp) { + super(SMS_LOGIN_MATCHER); + this.userDetailsService = userDetailsService; + this.otpContextHelp = otpContextHelp; + } } diff --git a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/constant/SmsAuthenticationConstants.java b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/constant/SmsAuthenticationConstants.java new file mode 100644 index 00000000..5606889b --- /dev/null +++ b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/constant/SmsAuthenticationConstants.java @@ -0,0 +1,43 @@ +/* + * eiam-authentication-sms - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.sms.constant; + +import static cn.topiam.employee.common.constants.AuthorizeConstants.LOGIN_PATH; + +/** + * Sms认证常量 + * + * @author TopIAM + * Created by support@topiam.cn on 2021/12/19 23:19 + */ +public final class SmsAuthenticationConstants { + + /** + * sms login 路径 + */ + public static final String SMS_LOGIN = LOGIN_PATH + "/sms"; + + /** + * 发送短信OTP + */ + public static final String SMS_SEND_OTP = SMS_LOGIN + "/send"; + + public static final String PHONE_KEY = "phone"; + public static final String CODE_KEY = "code"; + +} \ No newline at end of file diff --git a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/filter/package-info.java b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/constant/package-info.java similarity index 93% rename from eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/filter/package-info.java rename to eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/constant/package-info.java index 09f5ba56..c250c94b 100644 --- a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/filter/package-info.java +++ b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/constant/package-info.java @@ -15,4 +15,4 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.authentication.sms.filter; \ No newline at end of file +package cn.topiam.employee.authentication.sms.constant; \ No newline at end of file diff --git a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/exception/CaptchaNotExistException.java b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/exception/CaptchaNotExistException.java new file mode 100644 index 00000000..58a63c68 --- /dev/null +++ b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/exception/CaptchaNotExistException.java @@ -0,0 +1,31 @@ +/* + * eiam-authentication-sms - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.sms.exception; + +import cn.topiam.employee.support.exception.TopIamException; + +/** + * + * @author SanLi + * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/1/2 13:00 + */ +public class CaptchaNotExistException extends TopIamException { + public CaptchaNotExistException() { + super("captcha_not_exist", "验证码不存在", DEFAULT_STATUS); + } +} diff --git a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/exception/PhoneNotExistException.java b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/exception/PhoneNotExistException.java new file mode 100644 index 00000000..e80bb762 --- /dev/null +++ b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/sms/exception/PhoneNotExistException.java @@ -0,0 +1,33 @@ +/* + * eiam-authentication-sms - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.authentication.sms.exception; + +import cn.topiam.employee.support.exception.TopIamException; + +/** + * 手机号不存在异常 + * + * @author SanLi + * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/1/2 12:59 + */ +public class PhoneNotExistException extends TopIamException { + public PhoneNotExistException() { + super("phone_not_exist", "手机号不存在", DEFAULT_STATUS); + } + +} diff --git a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeAuthorizationRequestRedirectFilter.java b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeAuthorizationRequestRedirectFilter.java index 5afe3186..c63ea3bd 100644 --- a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeAuthorizationRequestRedirectFilter.java +++ b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeAuthorizationRequestRedirectFilter.java @@ -51,11 +51,9 @@ import com.google.common.collect.Sets; import cn.topiam.employee.authentication.wechat.WeChatIdpScanCodeConfig; import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; -import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.APP_ID; -import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.AUTHORIZATION_REQUEST; -import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.HREF; -import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.SNSAPI_LOGIN; -import static cn.topiam.employee.common.enums.IdentityProviderType.WECHAT_SCAN_CODE; +import static cn.topiam.employee.authentication.common.IdentityProviderType.WECHAT_QR; +import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.PROVIDER_CODE; +import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.*; /** * 微信扫码登录请求重定向过滤器 @@ -69,16 +67,11 @@ public class WeChatScanCodeAuthorizationRequestRedirectFilter extends OncePerReq private final Logger logger = LoggerFactory .getLogger(WeChatScanCodeAuthorizationRequestRedirectFilter.class); - /** - * 提供商ID - */ - public static final String PROVIDER_ID = "providerId"; - /** * AntPathRequestMatcher */ public static final AntPathRequestMatcher WE_CHAT_SCAN_CODE_REQUEST_MATCHER = new AntPathRequestMatcher( - WECHAT_SCAN_CODE.getAuthorizationPathPrefix() + "/" + "{" + PROVIDER_ID + "}", + WECHAT_QR.getAuthorizationPathPrefix() + "/" + "{" + PROVIDER_CODE + "}", HttpMethod.GET.name()); /** @@ -110,9 +103,9 @@ public class WeChatScanCodeAuthorizationRequestRedirectFilter extends OncePerReq return; } Map variables = matcher.getVariables(); - String providerId = variables.get(PROVIDER_ID); + String providerCode = variables.get(PROVIDER_CODE); Optional optional = identityProviderRepository - .findByIdAndEnabledIsTrue(Long.valueOf(providerId)); + .findByCodeAndEnabledIsTrue(providerCode); if (optional.isEmpty()) { throw new NullPointerException("未查询到身份提供商信息"); } @@ -127,7 +120,7 @@ public class WeChatScanCodeAuthorizationRequestRedirectFilter extends OncePerReq .clientId(config.getAppId()) .scopes(Sets.newHashSet(SNSAPI_LOGIN)) .authorizationUri(AUTHORIZATION_REQUEST) - .redirectUri(WeChatScanCodeLoginAuthenticationFilter.getLoginUrl(providerId)) + .redirectUri(WeChatScanCodeLoginAuthenticationFilter.getLoginUrl(optional.get().getCode())) .state(DEFAULT_STATE_GENERATOR.generateKey()) .attributes(attributes); //@formatter:on diff --git a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java index c4ba73dc..fb1f6ea5 100644 --- a/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-wechat/src/main/java/cn/topiam/employee/authentication/wechat/filter/WeChatScanCodeLoginAuthenticationFilter.java @@ -44,21 +44,17 @@ import cn.topiam.employee.authentication.common.filter.AbstractIdpAuthentication import cn.topiam.employee.authentication.common.modal.IdpUser; import cn.topiam.employee.authentication.common.service.UserIdpService; import cn.topiam.employee.authentication.wechat.WeChatIdpScanCodeConfig; +import cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants; import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; -import cn.topiam.employee.common.enums.IdentityProviderType; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; import cn.topiam.employee.core.context.ServerContextHelp; import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.util.HttpClientUtils; import static org.springframework.security.oauth2.core.AuthorizationGrantType.AUTHORIZATION_CODE; -import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.ACCESS_TOKEN; -import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.APP_ID; -import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.ERROR_CODE; -import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.SECRET; -import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.USER_INFO; -import static cn.topiam.employee.authentication.wechat.filter.WeChatScanCodeAuthorizationRequestRedirectFilter.PROVIDER_ID; -import static cn.topiam.employee.common.enums.IdentityProviderType.WECHAT_SCAN_CODE; +import static cn.topiam.employee.authentication.common.IdentityProviderType.WECHAT_QR; +import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.PROVIDER_CODE; +import static cn.topiam.employee.authentication.wechat.constant.WeChatAuthenticationConstants.*; /** * 微信扫码登录过滤器 @@ -69,11 +65,10 @@ import static cn.topiam.employee.common.enums.IdentityProviderType.WECHAT_SCAN_C public class WeChatScanCodeLoginAuthenticationFilter extends AbstractIdpAuthenticationProcessingFilter { - public static final String DEFAULT_FILTER_PROCESSES_URI = WECHAT_SCAN_CODE + public final static String DEFAULT_FILTER_PROCESSES_URI = WECHAT_QR .getLoginPathPrefix() + "/*"; public static final AntPathRequestMatcher REQUEST_MATCHER = new AntPathRequestMatcher( - WECHAT_SCAN_CODE.getLoginPathPrefix() + "/" + "{" + PROVIDER_ID + "}", - HttpMethod.GET.name()); + WECHAT_QR.getLoginPathPrefix() + "/" + "{" + PROVIDER_CODE + "}", HttpMethod.GET.name()); /** * Creates a new instance @@ -102,7 +97,7 @@ public class WeChatScanCodeLoginAuthenticationFilter extends response); RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request); Map variables = matcher.getVariables(); - String providerId = variables.get(PROVIDER_ID); + String providerId = variables.get(PROVIDER_CODE); //code String code = request.getParameter(OAuth2ParameterNames.CODE); if (StringUtils.isEmpty(code)) { @@ -136,7 +131,8 @@ public class WeChatScanCodeLoginAuthenticationFilter extends param.put(SECRET, config.getAppSecret()); param.put(OAuth2ParameterNames.CODE, code); param.put(OAuth2ParameterNames.GRANT_TYPE, AUTHORIZATION_CODE.getValue()); - JSONObject result = JSON.parseObject(HttpClientUtils.get(ACCESS_TOKEN, param)); + JSONObject result = JSON + .parseObject(HttpClientUtils.get(WeChatAuthenticationConstants.ACCESS_TOKEN, param)); if (result.containsKey(ERROR_CODE)) { logger.error("获取access_token发生错误: " + result.toJSONString()); throw new TopIamException("获取access_token发生错误: " + result.toJSONString()); @@ -146,20 +142,20 @@ public class WeChatScanCodeLoginAuthenticationFilter extends param.put(OAuth2ParameterNames.ACCESS_TOKEN, result.getString(OAuth2ParameterNames.ACCESS_TOKEN)); param.put(OidcScopes.OPENID, result.getString(OidcScopes.OPENID)); - result = JSON.parseObject(HttpClientUtils.get(USER_INFO, param)); + result = JSON + .parseObject(HttpClientUtils.get(WeChatAuthenticationConstants.USER_INFO, param)); if (result.containsKey(ERROR_CODE)) { logger.error("获取微信用户个人信息发生错误: " + result.toJSONString()); throw new TopIamException("获取微信用户个人信息发生错误: " + result.toJSONString()); } // 返回 IdpUser idpUser = IdpUser.builder().openId(param.get(OidcScopes.OPENID)).build(); - return attemptAuthentication(request, response, IdentityProviderType.WECHAT_SCAN_CODE, - providerId, idpUser); + return attemptAuthentication(request, response, WECHAT_QR, providerId, idpUser); } public static String getLoginUrl(String providerId) { - String url = ServerContextHelp.getPortalPublicBaseUrl() - + WECHAT_SCAN_CODE.getLoginPathPrefix() + "/" + providerId; + String url = ServerContextHelp.getPortalPublicBaseUrl() + WECHAT_QR.getLoginPathPrefix() + + "/" + providerId; return url.replaceAll("(? variables = matcher.getVariables(); - String providerId = variables.get(PROVIDER_ID); + String providerCode = variables.get(PROVIDER_CODE); Optional optional = identityProviderRepository - .findByIdAndEnabledIsTrue(Long.valueOf(providerId)); + .findByCodeAndEnabledIsTrue(providerCode); if (optional.isEmpty()) { throw new NullPointerException("未查询到身份提供商信息"); } @@ -115,7 +111,8 @@ public class WeChatWorkScanCodeAuthorizationRequestRedirectFilter extends OncePe OAuth2AuthorizationRequest.Builder builder = OAuth2AuthorizationRequest.authorizationCode() .clientId(config.getCorpId()) .authorizationUri(WeChatWorkAuthenticationConstants.URL_AUTHORIZE) - .redirectUri(WeChatWorkScanCodeLoginAuthenticationFilter.getLoginUrl(providerId)) + .redirectUri( + WeChatWorkScanCodeLoginAuthenticationFilter.getLoginUrl(optional.get().getCode())) .state(DEFAULT_STATE_GENERATOR.generateKey()); builder.parameters(parameters -> { HashMap linkedParameters = new LinkedHashMap<>(); diff --git a/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java b/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java index 6d258a15..0898cd5f 100644 --- a/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java +++ b/eiam-authentication/eiam-authentication-wechatwork/src/main/java/cn/topiam/employee/authentication/wechatwork/filter/WeChatWorkScanCodeLoginAuthenticationFilter.java @@ -53,8 +53,8 @@ import cn.topiam.employee.common.repository.authentication.IdentityProviderRepos import cn.topiam.employee.core.context.ServerContextHelp; import cn.topiam.employee.support.trace.TraceUtils; import cn.topiam.employee.support.util.HttpClientUtils; -import static cn.topiam.employee.authentication.wechatwork.filter.WeChatWorkScanCodeAuthorizationRequestRedirectFilter.PROVIDER_ID; -import static cn.topiam.employee.common.enums.IdentityProviderType.WECHATWORK_SCAN_CODE; +import static cn.topiam.employee.authentication.common.IdentityProviderType.WECHAT_WORK_QR; +import static cn.topiam.employee.authentication.common.constant.AuthenticationConstants.PROVIDER_CODE; /** * 企业微信扫码登录 @@ -67,10 +67,10 @@ public class WeChatWorkScanCodeLoginAuthenticationFilter extends AbstractIdpAuthenticationProcessingFilter { final String ERROR_CODE = "errcode"; final String SUCCESS = "0"; - public static final String DEFAULT_FILTER_PROCESSES_URI = WECHATWORK_SCAN_CODE + public final static String DEFAULT_FILTER_PROCESSES_URI = WECHAT_WORK_QR .getLoginPathPrefix() + "/*"; public static final AntPathRequestMatcher REQUEST_MATCHER = new AntPathRequestMatcher( - WECHATWORK_SCAN_CODE.getLoginPathPrefix() + "/" + "{" + PROVIDER_ID + "}", + WECHAT_WORK_QR.getLoginPathPrefix() + "/" + "{" + PROVIDER_CODE + "}", HttpMethod.GET.name()); /** @@ -101,7 +101,7 @@ public class WeChatWorkScanCodeLoginAuthenticationFilter extends TraceUtils.put(UUID.randomUUID().toString()); RequestMatcher.MatchResult matcher = REQUEST_MATCHER.matcher(request); Map variables = matcher.getVariables(); - String providerId = variables.get(PROVIDER_ID); + String providerId = variables.get(PROVIDER_CODE); //code String code = request.getParameter(OAuth2ParameterNames.CODE); if (StringUtils.isEmpty(code)) { @@ -145,7 +145,7 @@ public class WeChatWorkScanCodeLoginAuthenticationFilter extends String userId = StringUtils.defaultString(result.getString("UserId"), result.getString("OpenId")); IdpUser idpUser = IdpUser.builder().openId(userId).build(); - return attemptAuthentication(request, response, WECHATWORK_SCAN_CODE, providerId, idpUser); + return attemptAuthentication(request, response, WECHAT_WORK_QR, providerId, idpUser); } /** @@ -186,7 +186,7 @@ public class WeChatWorkScanCodeLoginAuthenticationFilter extends public static String getLoginUrl(String providerId) { String url = ServerContextHelp.getPortalPublicBaseUrl() - + WECHATWORK_SCAN_CODE.getLoginPathPrefix() + "/" + providerId; + + WECHAT_WORK_QR.getLoginPathPrefix() + "/" + providerId; return url.replaceAll("(?. */ -package cn.topiam.employee.core.security.captcha; \ No newline at end of file +package cn.topiam.employee.common.context; \ No newline at end of file diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/crypto/Encrypt.java b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/Encrypt.java new file mode 100644 index 00000000..a7445dca --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/Encrypt.java @@ -0,0 +1,40 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.crypto; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import com.fasterxml.jackson.annotation.JacksonAnnotation; + +/** + * Encrypt + * + * @author TopIAM + * Created by support@topiam.cn on 2022/12/22 21:53 + */ +@JacksonAnnotation +@Retention(RetentionPolicy.RUNTIME) +@Target({ ElementType.FIELD, ElementType.METHOD, ElementType.PARAMETER }) +public @interface Encrypt { + Type serializer() default Type.ENCRYPT; + + Type deserializer() default Type.DECRYPT; +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptContextHelp.java b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptContextHelp.java new file mode 100644 index 00000000..2238c360 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptContextHelp.java @@ -0,0 +1,68 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.crypto; + +import java.util.Objects; + +import org.springframework.util.Assert; + +import cn.topiam.employee.common.entity.setting.SettingEntity; +import cn.topiam.employee.common.repository.setting.SettingRepository; +import cn.topiam.employee.support.context.ApplicationContextHelp; +import cn.topiam.employee.support.util.AesUtils; + +import lombok.AccessLevel; +import lombok.NoArgsConstructor; +import static cn.topiam.employee.common.constants.SettingConstants.AES_SECRET; + +/** + * EncryptContextHelp + * + * @author TopIAM + * Created by support@topiam.cn on 2022/12/22 21:53 + */ +@NoArgsConstructor(access = AccessLevel.PRIVATE) +public class EncryptContextHelp { + private static final AesUtils AES_UTILS = new AesUtils(getAesSecret()); + + public static String encrypt(String content) { + return AES_UTILS.encrypt(content); + } + + public static String decrypt(String content) { + if (Objects.isNull(content)) { + return null; + } + return AES_UTILS.decrypt(content); + } + + /** + * 获取AES秘钥 + * + * @return {@link String} + */ + public static String getAesSecret() { + SettingEntity setting = getSettingRepository().findByName(AES_SECRET); + Assert.notNull(setting, "aes secret must not be null"); + return setting.getValue(); + } + + private static SettingRepository getSettingRepository() { + return ApplicationContextHelp.getBean(SettingRepository.class); + } +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedDeserializerModifier.java b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedDeserializerModifier.java new file mode 100644 index 00000000..8120795f --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedDeserializerModifier.java @@ -0,0 +1,61 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.crypto; + +import com.fasterxml.jackson.databind.BeanDescription; +import com.fasterxml.jackson.databind.DeserializationConfig; +import com.fasterxml.jackson.databind.deser.BeanDeserializerBuilder; +import com.fasterxml.jackson.databind.deser.BeanDeserializerModifier; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/12/22 21:53 + */ +public class EncryptedDeserializerModifier extends BeanDeserializerModifier { + + private final Type type; + + public EncryptedDeserializerModifier() { + this.type = null; + } + + public EncryptedDeserializerModifier(Type type) { + this.type = type; + } + + @Override + public BeanDeserializerBuilder updateBuilder(DeserializationConfig config, + BeanDescription beanDesc, + BeanDeserializerBuilder builder) { + var properties = builder.getProperties(); + while (properties.hasNext()) { + var property = properties.next(); + Encrypt annotation = property.getAnnotation(Encrypt.class); + if (annotation != null) { + Type deserializer = type; + if (type == null) { + deserializer = annotation.deserializer(); + } + builder.addOrReplaceProperty( + property.withValueDeserializer(new EncryptedJsonDeserializer(deserializer)), + true); + } + } + return builder; + } +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedJsonDeserializer.java b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedJsonDeserializer.java new file mode 100644 index 00000000..085213f8 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedJsonDeserializer.java @@ -0,0 +1,54 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.crypto; + +import java.io.IOException; + +import org.apache.commons.lang3.StringUtils; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/12/22 21:53 + */ +public class EncryptedJsonDeserializer extends JsonDeserializer { + + private final Type deserializerType; + + public EncryptedJsonDeserializer(Type deserializer) { + this.deserializerType = deserializer; + } + + @Override + public Object deserialize(final JsonParser parser, + final DeserializationContext context) throws IOException { + String value = parser.getValueAsString(); + if (StringUtils.isBlank(value)) { + return null; + } + if (Type.ENCRYPT == deserializerType) { + return EncryptContextHelp.encrypt(value); + } else if (Type.DECRYPT == deserializerType) { + return EncryptContextHelp.decrypt(value); + } + return value; + } +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedJsonSerializer.java b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedJsonSerializer.java new file mode 100644 index 00000000..87789b38 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedJsonSerializer.java @@ -0,0 +1,108 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.crypto; + +import java.io.IOException; +import java.io.StringWriter; + +import org.apache.commons.lang3.StringUtils; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.core.ObjectCodec; +import com.fasterxml.jackson.databind.JsonSerializer; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializerProvider; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/12/22 21:53 + */ +public class EncryptedJsonSerializer extends JsonSerializer { + + /** + * 默认序列化工具对象 + */ + private final JsonSerializer serializer; + private final Type serializerType; + + public EncryptedJsonSerializer() { + this.serializer = null; + this.serializerType = null; + } + + public EncryptedJsonSerializer(JsonSerializer serializer, Type type) { + this.serializer = serializer; + this.serializerType = type; + } + + @Override + public void serialize(Object obj, JsonGenerator jsonGenerator, + SerializerProvider serializerProvider) throws IOException { + StringWriter stringWriter = new StringWriter(); + ObjectCodec objectCodec = jsonGenerator.getCodec(); + JsonGenerator nestedGenerator = null; + + //空对象或空字符串不处理。 + if (obj == null || StringUtils.isEmpty(String.valueOf(obj))) { + if (serializer == null) { + serializerProvider.defaultSerializeValue(obj, jsonGenerator); + } else { + serializer.serialize(obj, jsonGenerator, serializerProvider); + } + return; + } + /* + 生成一个新的JsonGenerator,用于将obj写入。 + */ + if (objectCodec instanceof ObjectMapper) { + nestedGenerator = objectCodec.getFactory().createGenerator(stringWriter); + } + + if (nestedGenerator == null) { + throw new NullPointerException("nestedGenerator == null"); + } + + /* + 将数据写入到新生成的JsonGenerator中 + */ + if (serializer == null) { + serializerProvider.defaultSerializeValue(obj, nestedGenerator); + } else { + serializer.serialize(obj, nestedGenerator, serializerProvider); + } + + nestedGenerator.close(); + /* + JsonGenerator会生成一个带双引号的字符串, 将数据加密后写入。 + */ + String value = stringWriter.getBuffer().toString(); + try { + String newValue = value.substring(1, value.length() - 1); + if (StringUtils.isNotEmpty(newValue)) { + if (Type.ENCRYPT == serializerType) { + newValue = EncryptContextHelp.encrypt(newValue); + } else if (Type.DECRYPT == serializerType) { + newValue = EncryptContextHelp.decrypt(value); + } + } + jsonGenerator.writeString(newValue); + } catch (Exception e) { + throw new IllegalStateException(e); + } + } +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedSerializerModifier.java b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedSerializerModifier.java new file mode 100644 index 00000000..f3ae0104 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptedSerializerModifier.java @@ -0,0 +1,71 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.crypto; + +import java.util.ArrayList; +import java.util.List; + +import com.fasterxml.jackson.databind.BeanDescription; +import com.fasterxml.jackson.databind.JsonSerializer; +import com.fasterxml.jackson.databind.SerializationConfig; +import com.fasterxml.jackson.databind.ser.BeanPropertyWriter; +import com.fasterxml.jackson.databind.ser.BeanSerializerModifier; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/12/22 21:53 + */ +public class EncryptedSerializerModifier extends BeanSerializerModifier { + + private final Type type; + + public EncryptedSerializerModifier() { + this.type = null; + } + + public EncryptedSerializerModifier(Type type) { + this.type = type; + } + + @Override + public List changeProperties(SerializationConfig config, + BeanDescription beanDesc, + List beanProperties) { + /* + 遍历beanProperties处理Encrypt.class注解 + */ + List newWriter = new ArrayList<>(); + for (BeanPropertyWriter writer : beanProperties) { + Encrypt annotation = writer.getAnnotation(Encrypt.class); + if (null == annotation) { + newWriter.add(writer); + } else { + Type deserializer = type; + if (type == null) { + deserializer = annotation.deserializer(); + } + JsonSerializer serializer = new EncryptedJsonSerializer( + writer.getSerializer(), deserializer); + writer.assignSerializer(serializer); + newWriter.add(writer); + } + } + + return newWriter; + } +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptionModule.java b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptionModule.java new file mode 100644 index 00000000..ec66395a --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/EncryptionModule.java @@ -0,0 +1,75 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.crypto; + +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; +import com.fasterxml.jackson.databind.module.SimpleModule; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/12/22 21:53 + */ +public class EncryptionModule extends SimpleModule { + + private final Type serializer; + private final Type deserializer; + + public EncryptionModule() { + this.serializer = null; + this.deserializer = null; + } + + public EncryptionModule(Type serializer, Type deserializer) { + this.serializer = serializer; + this.deserializer = deserializer; + } + + @Override + public void setupModule(SetupContext setupContext) { + setupContext.addBeanSerializerModifier(new EncryptedSerializerModifier(serializer)); + setupContext.addBeanDeserializerModifier(new EncryptedDeserializerModifier(deserializer)); + } + + public static ObjectMapper serializerEncrypt() { + return createMapper(Type.ENCRYPT, Type.NONE); + } + + public static ObjectMapper deserializerEncrypt() { + return createMapper(Type.NONE, Type.ENCRYPT); + } + + public static ObjectMapper serializerDecrypt() { + return createMapper(Type.DECRYPT, Type.NONE); + } + + public static ObjectMapper deserializerDecrypt() { + return createMapper(Type.NONE, Type.DECRYPT); + } + + public static ObjectMapper createMapper(Type serializer, Type deserializer) { + ObjectMapper objectMapper = new ObjectMapper(); + objectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL); + objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + objectMapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false); + objectMapper.registerModule(new EncryptionModule(serializer, deserializer)); + return objectMapper; + } +} \ No newline at end of file diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/crypto/Type.java b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/Type.java new file mode 100644 index 00000000..ae8de653 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/crypto/Type.java @@ -0,0 +1,38 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.crypto; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/12/22 21:53 + */ +public enum Type { + /** + * Encrypt + */ + ENCRYPT, + /** + * Decrypt + */ + DECRYPT, + + /** + * None + */ + NONE +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/OrganizationEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/OrganizationEntity.java index 59e4c521..d6b13219 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/OrganizationEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/OrganizationEntity.java @@ -25,14 +25,19 @@ import javax.persistence.Entity; import javax.persistence.Table; import org.hibernate.Hibernate; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; import cn.topiam.employee.common.enums.DataOrigin; import cn.topiam.employee.common.enums.OrganizationType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** *

@@ -46,8 +51,11 @@ import lombok.ToString; @Setter @ToString @Entity -@Table(name = "`organization`") -public class OrganizationEntity extends BaseEntity { +@Table(name = "organization") +@SQLDelete(sql = "update organization set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update organization set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class OrganizationEntity extends LogicDeleteEntity { @Serial private static final long serialVersionUID = 8143944323232082295L; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/OrganizationMemberEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/OrganizationMemberEntity.java index c6dd357f..d3ee275a 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/OrganizationMemberEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/OrganizationMemberEntity.java @@ -24,13 +24,18 @@ import javax.persistence.Entity; import javax.persistence.Table; import org.hibernate.Hibernate; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 组织机构成员 @@ -43,8 +48,11 @@ import lombok.experimental.Accessors; @ToString @Accessors(chain = true) @Entity -@Table(name = "`organization_member`") -public class OrganizationMemberEntity extends BaseEntity { +@Table(name = "organization_member") +@SQLDelete(sql = "update organization_member set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update organization_member set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class OrganizationMemberEntity extends LogicDeleteEntity { /** * 组织机构ID */ diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserDetailEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserDetailEntity.java index f872d729..f1c37995 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserDetailEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserDetailEntity.java @@ -25,14 +25,19 @@ import javax.persistence.Entity; import javax.persistence.Table; import org.hibernate.Hibernate; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; import cn.topiam.employee.common.enums.UserIdType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** *

@@ -48,7 +53,10 @@ import lombok.experimental.Accessors; @Accessors(chain = true) @Entity @Table(name = "user_detail") -public class UserDetailEntity extends BaseEntity { +@SQLDelete(sql = "update user_detail set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update user_detail set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class UserDetailEntity extends LogicDeleteEntity { @Serial private static final long serialVersionUID = -3599183663669763315L; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserEntity.java index e09da282..5a546393 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserEntity.java @@ -28,17 +28,22 @@ import javax.persistence.Table; import javax.persistence.Transient; import org.hibernate.Hibernate; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; import com.fasterxml.jackson.annotation.JsonIgnore; import cn.topiam.employee.common.enums.DataOrigin; import cn.topiam.employee.common.enums.UserStatus; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** *

@@ -53,8 +58,11 @@ import lombok.experimental.Accessors; @ToString @Accessors(chain = true) @Entity -@Table(name = "`user`") -public class UserEntity extends BaseEntity { +@Table(name = "user") +@SQLDelete(sql = "update user set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update user set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class UserEntity extends LogicDeleteEntity { @Serial private static final long serialVersionUID = -2619231849746900857L; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserGroupEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserGroupEntity.java index b22055f6..86033a8a 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserGroupEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserGroupEntity.java @@ -23,12 +23,18 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** *

@@ -43,8 +49,11 @@ import lombok.experimental.Accessors; @ToString @Accessors(chain = true) @Entity -@Table(name = "`user_group`") -public class UserGroupEntity extends BaseEntity { +@Table(name = "user_group") +@SQLDelete(sql = "update user_group set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update user_group set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class UserGroupEntity extends LogicDeleteEntity { @Serial private static final long serialVersionUID = -2619231849746900857L; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserGroupMemberEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserGroupMemberEntity.java index e64282cd..4233275e 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserGroupMemberEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserGroupMemberEntity.java @@ -21,12 +21,18 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 用户组成员 @@ -39,8 +45,11 @@ import lombok.experimental.Accessors; @ToString @Accessors(chain = true) @Entity -@Table(name = "`user_group_member`") -public class UserGroupMemberEntity extends BaseEntity { +@Table(name = "user_group_member") +@SQLDelete(sql = "update user_group_member set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update user_group_member set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class UserGroupMemberEntity extends LogicDeleteEntity { /** * 组ID */ diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserHistoryPasswordEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserHistoryPasswordEntity.java index 9ba74092..9381fa73 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserHistoryPasswordEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserHistoryPasswordEntity.java @@ -24,14 +24,20 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import com.fasterxml.jackson.annotation.JsonIgnore; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** *

@@ -46,8 +52,11 @@ import lombok.experimental.Accessors; @ToString @Accessors(chain = true) @Entity -@Table(name = "`user_history_password`") -public class UserHistoryPasswordEntity extends BaseEntity { +@Table(name = "user_history_password") +@SQLDelete(sql = "update user_history_password set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update user_history_password set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class UserHistoryPasswordEntity extends LogicDeleteEntity { @Serial private static final long serialVersionUID = -2619231849746900857L; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserIdpBindEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserIdpBindEntity.java index 1171373c..d06bf831 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserIdpBindEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/account/UserIdpBindEntity.java @@ -24,13 +24,18 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; -import cn.topiam.employee.common.enums.IdentityProviderType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 用户认证方式绑定表 @@ -40,47 +45,50 @@ import lombok.experimental.Accessors; */ @Entity @Table(name = "user_idp_bind") +@SQLDelete(sql = "update user_idp_bind set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update user_idp_bind set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) @Accessors(chain = true) @Getter @Setter @ToString -public class UserIdpBindEntity extends BaseEntity { +public class UserIdpBindEntity extends LogicDeleteEntity { @Serial - private static final long serialVersionUID = -14364708756807242L; + private static final long serialVersionUID = -14364708756807242L; /** * 用户ID */ @Column(name = "user_id") - private Long userId; + private Long userId; /** * OpenId */ @Column(name = "open_id") - private String openId; + private String openId; /** * 身份提供商 ID */ @Column(name = "idp_id") - private String idpId; + private String idpId; /** * 身份提供商 类型 */ @Column(name = "idp_type") - private IdentityProviderType idpType; + private String idpType; /** * 绑定时间 */ @Column(name = "bind_time") - private LocalDateTime bindTime; + private LocalDateTime bindTime; /** * 附加信息 */ @Column(name = "addition_info") - private String additionInfo; + private String additionInfo; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppAccessPolicyEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppAccessPolicyEntity.java index 823e2494..4def668b 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppAccessPolicyEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppAccessPolicyEntity.java @@ -21,13 +21,19 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import cn.topiam.employee.common.enums.PolicySubjectType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 应用授权策略 @@ -41,7 +47,10 @@ import lombok.experimental.Accessors; @Entity @Accessors(chain = true) @Table(name = "app_access_policy") -public class AppAccessPolicyEntity extends BaseEntity { +@SQLDelete(sql = "update app_access_policy set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update app_access_policy set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AppAccessPolicyEntity extends LogicDeleteEntity { /** * 应用ID */ diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppAccountEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppAccountEntity.java index 41252ea6..84ca85f5 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppAccountEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppAccountEntity.java @@ -21,12 +21,18 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 应用账户 @@ -40,7 +46,10 @@ import lombok.experimental.Accessors; @Entity @Accessors(chain = true) @Table(name = "app_account") -public class AppAccountEntity extends BaseEntity { +@SQLDelete(sql = "update app_account set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update app_account set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AppAccountEntity extends LogicDeleteEntity { /** * 应用ID */ @@ -58,4 +67,10 @@ public class AppAccountEntity extends BaseEntity { */ @Column(name = "account_") private String account; + + /** + * 账户密码 + */ + @Column(name = "password_") + private String password; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppCasConfigEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppCasConfigEntity.java index 0f2d67f0..c2977183 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppCasConfigEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppCasConfigEntity.java @@ -25,6 +25,7 @@ import org.hibernate.annotations.TypeDef; import com.vladmihalcea.hibernate.type.json.JsonStringType; +import cn.topiam.employee.common.enums.app.CasUserIdentityType; import cn.topiam.employee.support.repository.domain.BaseEntity; import lombok.Getter; @@ -50,12 +51,18 @@ public class AppCasConfigEntity extends BaseEntity { * APP ID */ @Column(name = "app_id") - private Long appId; + private Long appId; /** - * SP 接受回调地址 + * 用户身份类型 */ - @Column(name = "sp_callback_url") - private String spCallbackUrl; + @Column(name = "user_identity_type") + private CasUserIdentityType userIdentityType; + + /** + * 客户端服务URL + */ + @Column(name = "client_service_url") + private String clientServiceUrl; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppCertEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppCertEntity.java index b4b69aae..81111318 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppCertEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppCertEntity.java @@ -24,13 +24,19 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import cn.topiam.employee.common.enums.app.AppCertUsingType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * @author TopIAM @@ -42,7 +48,10 @@ import lombok.experimental.Accessors; @Entity @Accessors(chain = true) @Table(name = "app_cert") -public class AppCertEntity extends BaseEntity { +@SQLDelete(sql = "update app_cert set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update app_cert set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AppCertEntity extends LogicDeleteEntity { /** * 应用ID */ diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppEntity.java index 1367c07b..c784481e 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppEntity.java @@ -21,16 +21,22 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import cn.topiam.employee.common.enums.app.AppProtocol; import cn.topiam.employee.common.enums.app.AppType; import cn.topiam.employee.common.enums.app.AuthorizationType; import cn.topiam.employee.common.enums.app.InitLoginType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 应用 @@ -44,7 +50,10 @@ import lombok.experimental.Accessors; @Entity @Accessors(chain = true) @Table(name = "app") -public class AppEntity extends BaseEntity { +@SQLDelete(sql = "update app set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update app set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AppEntity extends LogicDeleteEntity { /** * 应用名称 diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppFormConfigEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppFormConfigEntity.java new file mode 100644 index 00000000..2fa6c528 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppFormConfigEntity.java @@ -0,0 +1,107 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.entity.app; + +import java.io.Serializable; +import java.util.List; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.Table; + +import org.hibernate.annotations.*; + +import com.vladmihalcea.hibernate.type.json.JsonStringType; + +import cn.topiam.employee.common.enums.app.FormSubmitType; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; + +import lombok.Data; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import lombok.experimental.Accessors; + +import io.swagger.v3.oas.annotations.media.Schema; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; + +/** + * APP Form 配置 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/12/13 22:31 + */ +@Getter +@Setter +@ToString +@Entity +@Accessors(chain = true) +@Table(name = "app_form_config") +@SQLDelete(sql = "update app_form_config set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update app_form_config set " + SOFT_DELETE_SET + " where id_ = ?") +@TypeDef(name = "json", typeClass = JsonStringType.class) +@Where(clause = SOFT_DELETE_WHERE) +public class AppFormConfigEntity extends LogicDeleteEntity { + + /** + * APP ID + */ + @Column(name = "app_id") + private Long appId; + + /** + * 登录URL + */ + @Column(name = "login_url") + private String loginUrl; + + /** + * 登录名属性名称 + */ + @Column(name = "username_field") + private String usernameField; + + /** + * 登录密码属性名称 + */ + @Column(name = "password_field") + private String passwordField; + + /** + * 登录提交方式 + */ + @Column(name = "submit_type") + private FormSubmitType submitType; + + /** + * 登录其他信息 + */ + @Column(name = "other_field") + @Type(type = "json") + private List otherField; + + @Data + @Schema(description = "表单其他信息") + public static class OtherField implements Serializable { + + private String fieldName; + + private String fieldValue; + } +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppOidcConfigEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppOidcConfigEntity.java index efedbf1b..b1d60aab 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppOidcConfigEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppOidcConfigEntity.java @@ -23,17 +23,18 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; -import org.hibernate.annotations.Type; -import org.hibernate.annotations.TypeDef; +import org.hibernate.annotations.*; import com.vladmihalcea.hibernate.type.json.JsonStringType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * APP OIDC 配置 @@ -47,8 +48,11 @@ import lombok.experimental.Accessors; @Entity @Accessors(chain = true) @Table(name = "app_oidc_config") +@SQLDelete(sql = "update app_oidc_config set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update app_oidc_config set " + SOFT_DELETE_SET + " where id_ = ?") @TypeDef(name = "json", typeClass = JsonStringType.class) -public class AppOidcConfigEntity extends BaseEntity { +@Where(clause = SOFT_DELETE_WHERE) +public class AppOidcConfigEntity extends LogicDeleteEntity { /** * APP ID diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionActionEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionActionEntity.java index 097bfeb1..7c6cf858 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionActionEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionActionEntity.java @@ -21,13 +21,19 @@ import java.io.Serial; import javax.persistence.*; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import cn.topiam.employee.common.enums.PermissionActionType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 应用权限 @@ -40,8 +46,11 @@ import lombok.experimental.Accessors; @ToString @Entity @Accessors(chain = true) -@Table(name = "`app_permission_action`") -public class AppPermissionActionEntity extends BaseEntity { +@Table(name = "app_permission_action") +@SQLDelete(sql = "update app_permission_action set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update app_permission_action set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AppPermissionActionEntity extends LogicDeleteEntity { @Serial private static final long serialVersionUID = -3954680915360748087L; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionPolicyEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionPolicyEntity.java index f8b51c68..50aa2c82 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionPolicyEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionPolicyEntity.java @@ -21,15 +21,21 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import cn.topiam.employee.common.enums.PolicyEffect; import cn.topiam.employee.common.enums.PolicyObjectType; import cn.topiam.employee.common.enums.PolicySubjectType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 应用策略 @@ -42,8 +48,11 @@ import lombok.experimental.Accessors; @ToString @Entity @Accessors(chain = true) -@Table(name = "`app_permission_policy`") -public class AppPermissionPolicyEntity extends BaseEntity { +@Table(name = "app_permission_policy") +@SQLDelete(sql = "update app_permission_policy set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update app_permission_policy set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AppPermissionPolicyEntity extends LogicDeleteEntity { /** * 应用id diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionResourceEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionResourceEntity.java index 4ebea00b..f9f4e994 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionResourceEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionResourceEntity.java @@ -22,7 +22,11 @@ import java.util.List; import javax.persistence.*; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; @@ -30,6 +34,9 @@ import lombok.ToString; import lombok.experimental.Accessors; import static javax.persistence.FetchType.LAZY; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; + /** *

* 应用资源关联 @@ -43,8 +50,11 @@ import static javax.persistence.FetchType.LAZY; @ToString @Entity @Accessors(chain = true) -@Table(name = "`app_permission_resource`") -public class AppPermissionResourceEntity extends BaseEntity { +@Table(name = "app_permission_resource") +@SQLDelete(sql = "update app_permission_resource set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update app_permission_resource set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AppPermissionResourceEntity extends LogicDeleteEntity { @Serial private static final long serialVersionUID = 7342074686605139968L; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionRoleEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionRoleEntity.java index cf01d0d3..3b36e343 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionRoleEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppPermissionRoleEntity.java @@ -23,12 +23,18 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** *

@@ -43,8 +49,11 @@ import lombok.experimental.Accessors; @ToString @Entity @Accessors(chain = true) -@Table(name = "`app_permission_role`") -public class AppPermissionRoleEntity extends BaseEntity { +@Table(name = "app_permission_role") +@SQLDelete(sql = "update app_permission_role set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update app_permission_role set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AppPermissionRoleEntity extends LogicDeleteEntity { @Serial private static final long serialVersionUID = -7761332532995424593L; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppSaml2ConfigEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppSaml2ConfigEntity.java index 935ede51..c22920e9 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppSaml2ConfigEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppSaml2ConfigEntity.java @@ -26,20 +26,21 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; -import org.hibernate.annotations.Type; -import org.hibernate.annotations.TypeDef; +import org.hibernate.annotations.*; import com.fasterxml.jackson.annotation.JsonAlias; import com.vladmihalcea.hibernate.type.json.JsonStringType; import cn.topiam.employee.common.enums.app.*; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Data; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * APP SAML 配置 @@ -53,8 +54,11 @@ import lombok.experimental.Accessors; @Entity @Accessors(chain = true) @Table(name = "app_saml2_config") +@SQLDelete(sql = "update app_saml2_config set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update app_saml2_config set " + SOFT_DELETE_SET + " where id_ = ?") @TypeDef(name = "json", typeClass = JsonStringType.class) -public class AppSaml2ConfigEntity extends BaseEntity { +@Where(clause = SOFT_DELETE_WHERE) +public class AppSaml2ConfigEntity extends LogicDeleteEntity { /** * APP ID */ diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppTsaConfigEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppTsaConfigEntity.java new file mode 100644 index 00000000..06993dc4 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/AppTsaConfigEntity.java @@ -0,0 +1,128 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.entity.app; + +import java.io.Serializable; +import java.util.List; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.Table; + +import org.hibernate.annotations.*; + +import com.vladmihalcea.hibernate.type.json.JsonStringType; + +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; + +import lombok.Data; +import lombok.Getter; +import lombok.Setter; +import lombok.ToString; +import lombok.experimental.Accessors; + +import io.swagger.v3.oas.annotations.media.Schema; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; + +/** + * APP Form 配置 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/12/13 22:31 + */ +@Getter +@Setter +@ToString +@Entity +@Accessors(chain = true) +@Table(name = "app_tsa_config") +@SQLDelete(sql = "update app_tsa_config set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update app_tsa_config set " + SOFT_DELETE_SET + " where id_ = ?") +@TypeDef(name = "json", typeClass = JsonStringType.class) +@Where(clause = SOFT_DELETE_WHERE) +public class AppTsaConfigEntity extends LogicDeleteEntity { + + /** + * APP ID + */ + @Column(name = "app_id") + private Long appId; + + /** + * 登录页面 + */ + @Column(name = "login_page") + private String loginPage; + + /** + * 自动登录步骤 + */ + @Column(name = "auto_login_steps") + @Type(type = "json") + private List autoLoginSteps; + + /** + * 创建账号步骤 + */ + @Column(name = "create_account_steps") + @Type(type = "json") + private List createAccountSteps; + + @Data + @Schema(description = "自动登录步骤") + public static class AutoLoginStep implements Serializable { + + private String action; + + private String target; + + private String value; + } + + @Data + @Schema(description = "创建账号步骤") + public static class CreateAccountStep implements Serializable { + + private String title; + + private String titleI18n; + + private FormItemProp formItemProps; + } + + @Data + @Schema(description = "表单内容") + public static class FormItemProp implements Serializable { + + private List name; + + private List rules; + } + + @Data + @Schema(description = "表单验证规则") + public static class Rule implements Serializable { + + private Boolean required; + + private String message; + + private String messageI18n; + } +} diff --git a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/model/AppFormConfigGetResult.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/po/AppFormConfigPO.java similarity index 60% rename from eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/model/AppFormConfigGetResult.java rename to eiam-common/src/main/java/cn/topiam/employee/common/entity/app/po/AppFormConfigPO.java index 89635696..c15d5cbd 100644 --- a/eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/model/AppFormConfigGetResult.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/po/AppFormConfigPO.java @@ -1,5 +1,5 @@ /* - * eiam-application-form - Employee Identity and Access Management Program + * eiam-common - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,42 +15,61 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.application.form.model; - -import java.io.Serializable; +package cn.topiam.employee.common.entity.app.po; +import cn.topiam.employee.common.entity.app.AppFormConfigEntity; import cn.topiam.employee.common.enums.app.AuthorizationType; import cn.topiam.employee.common.enums.app.InitLoginType; import lombok.Data; - -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import lombok.EqualsAndHashCode; /** - * Form 配置返回 * * @author TopIAM - * Created by support@topiam.cn on 2022/5/31 22:46 + * Created by support@topiam.cn on 2022/12/13 23:45 */ @Data -@Schema(description = "Form 配置返回结果") -public class AppFormConfigGetResult implements Serializable { +@EqualsAndHashCode(callSuper = true) +public class AppFormConfigPO extends AppFormConfigEntity { + + /** + * 应用编码 + */ + private String appCode; + + /** + * 模版 + */ + private String appTemplate; + + /** + * 客户端ID + */ + private String clientId; + + /** + * 客户端秘钥 + */ + private String clientSecret; + /** * SSO 发起方 */ - @Parameter(description = "SSO 发起方") private InitLoginType initLoginType; /** * SSO 登录链接 */ - @Parameter(description = "SSO 登录链接") private String initLoginUrl; /** * 授权范围 */ - @Parameter(description = "SSO 授权范围") private AuthorizationType authorizationType; + + /** + * 应用是否启用 + */ + private Boolean enabled; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/po/AppTsaConfigPO.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/po/AppTsaConfigPO.java new file mode 100644 index 00000000..65edad5e --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/app/po/AppTsaConfigPO.java @@ -0,0 +1,74 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.entity.app.po; + +import cn.topiam.employee.common.entity.app.AppTsaConfigEntity; +import cn.topiam.employee.common.enums.app.AuthorizationType; + +import lombok.Data; +import lombok.EqualsAndHashCode; + +/** + * + * @author TopIAM + * Created by support@topiam.cn on 2022/01/14 10:45 + */ +@Data +@EqualsAndHashCode(callSuper = true) +public class AppTsaConfigPO extends AppTsaConfigEntity { + + /** + * 应用编码 + */ + private String appCode; + + /** + * 模版 + */ + private String appTemplate; + + /** + * 客户端ID + */ + private String clientId; + + /** + * 客户端秘钥 + */ + private String clientSecret; + + // /** + // * SSO 发起方 + // */ + // private InitLoginType initLoginType; + + /** + * SSO 登录链接 + */ + private String initLoginUrl; + + /** + * 授权范围 + */ + private AuthorizationType authorizationType; + + /** + * 应用是否启用 + */ + private Boolean enabled; +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/authentication/IdentityProviderEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/authentication/IdentityProviderEntity.java index 4bb9876e..4e77e331 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/authentication/IdentityProviderEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/authentication/IdentityProviderEntity.java @@ -23,14 +23,18 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; -import cn.topiam.employee.common.enums.IdentityProviderCategory; -import cn.topiam.employee.common.enums.IdentityProviderType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** *

@@ -46,51 +50,54 @@ import lombok.experimental.Accessors; @Entity @Accessors(chain = true) @Table(name = "identity_provider") -public class IdentityProviderEntity extends BaseEntity { +@SQLDelete(sql = "update identity_provider set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update identity_provider set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class IdentityProviderEntity extends LogicDeleteEntity { @Serial - private static final long serialVersionUID = -7936931011805155568L; + private static final long serialVersionUID = -7936931011805155568L; /** * 名称 */ @Column(name = "name_") - private String name; + private String name; /** * 唯一CODE 不可修改 */ @Column(name = "code_") - private String code; + private String code; /** * 平台 */ @Column(name = "type_") - private IdentityProviderType type; + private String type; /** * 分类 */ @Column(name = "category_") - private IdentityProviderCategory category; + private String category; /** * 配置JSON串 */ @Column(name = "config_") - private String config; + private String config; /** * 是否启用 */ @Column(name = "is_enabled") - private Boolean enabled; + private Boolean enabled; /** * 是否展示 */ @Column(name = "is_displayed") - private Boolean displayed; + private Boolean displayed; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceEntity.java index 18056331..d6b4f15d 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceEntity.java @@ -23,18 +23,23 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; import org.hibernate.annotations.Type; +import org.hibernate.annotations.Where; import cn.topiam.employee.common.entity.identitysource.config.JobConfig; import cn.topiam.employee.common.entity.identitysource.config.StrategyConfig; -import cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; import lombok.extern.slf4j.Slf4j; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** *

@@ -51,7 +56,10 @@ import lombok.extern.slf4j.Slf4j; @Accessors(chain = true) @Slf4j @Table(name = "identity_source") -public class IdentitySourceEntity extends BaseEntity { +@SQLDelete(sql = "update identity_source set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update identity_source set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class IdentitySourceEntity extends LogicDeleteEntity { @Serial private static final long serialVersionUID = -7936931011805155568L; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceEventRecordEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceEventRecordEntity.java index 31559b40..a08fa618 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceEventRecordEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceEventRecordEntity.java @@ -23,16 +23,22 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import cn.topiam.employee.common.enums.SyncStatus; import cn.topiam.employee.common.enums.identitysource.IdentitySourceActionType; import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 身份源事件记录 @@ -47,7 +53,10 @@ import lombok.experimental.Accessors; @Accessors(chain = true) @NoArgsConstructor @Table(name = "identity_source_event_record") -public class IdentitySourceEventRecordEntity extends BaseEntity { +@SQLDelete(sql = "update identity_source_event_record set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update identity_source_event_record set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class IdentitySourceEventRecordEntity extends LogicDeleteEntity { /** * 身份源ID diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceSyncHistoryEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceSyncHistoryEntity.java index 0b458833..9c22cc9d 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceSyncHistoryEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceSyncHistoryEntity.java @@ -23,16 +23,22 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import cn.topiam.employee.common.enums.SyncStatus; import cn.topiam.employee.common.enums.TriggerType; import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 身份源同步记录表 @@ -47,7 +53,10 @@ import lombok.experimental.Accessors; @Accessors(chain = true) @NoArgsConstructor @Table(name = "identity_source_sync_history") -public class IdentitySourceSyncHistoryEntity extends BaseEntity { +@SQLDelete(sql = "update identity_source_sync_history set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update identity_source_sync_history set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class IdentitySourceSyncHistoryEntity extends LogicDeleteEntity { /** * 批号 diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceSyncRecordEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceSyncRecordEntity.java index 89f94eb6..b47e3614 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceSyncRecordEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/IdentitySourceSyncRecordEntity.java @@ -21,16 +21,22 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import cn.topiam.employee.common.enums.SyncStatus; import cn.topiam.employee.common.enums.identitysource.IdentitySourceActionType; import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.NoArgsConstructor; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 身份源同步详情 @@ -45,7 +51,10 @@ import lombok.experimental.Accessors; @Accessors(chain = true) @NoArgsConstructor @Table(name = "identity_source_sync_record") -public class IdentitySourceSyncRecordEntity extends BaseEntity { +@SQLDelete(sql = "update identity_source_sync_record set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update identity_source_sync_record set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class IdentitySourceSyncRecordEntity extends LogicDeleteEntity { /** * 同步历史ID diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/config/JobConfig.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/config/JobConfig.java index d5256f71..0e546e29 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/config/JobConfig.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/identitysource/config/JobConfig.java @@ -170,14 +170,14 @@ public class JobConfig { } } //模式为定时 解析时分秒 - if (mode.equals(JobConfig.Mode.timed)) { + if (mode.equals(Mode.timed)) { LocalTime time = LocalTime.parse(value, DateTimeFormatter.ofPattern("H[H]:mm:ss")); hour = on(time.getHour()); minute = on(time.getMinute()); second = on(time.getSecond()); } //模式为周期(0- 某个小时)执行 - if (mode.equals(JobConfig.Mode.period)) { + if (mode.equals(Mode.period)) { hour = new Every(on(0), new IntegerFieldValue(Integer.parseInt(value))); minute = on(0); second = on(0); diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/MailSendRecordEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/message/MailSendRecordEntity.java similarity index 74% rename from eiam-common/src/main/java/cn/topiam/employee/common/entity/MailSendRecordEntity.java rename to eiam-common/src/main/java/cn/topiam/employee/common/entity/message/MailSendRecordEntity.java index c5eec298..cfa788fe 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/MailSendRecordEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/message/MailSendRecordEntity.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.common.entity; +package cn.topiam.employee.common.entity.message; import java.time.LocalDateTime; @@ -23,14 +23,20 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import cn.topiam.employee.common.enums.MailType; import cn.topiam.employee.common.message.enums.MailProvider; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 邮件发送记录 @@ -44,7 +50,10 @@ import lombok.experimental.Accessors; @Setter @ToString @Table(name = "mail_send_record") -public class MailSendRecordEntity extends BaseEntity { +@SQLDelete(sql = "update mail_send_record set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update mail_send_record set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class MailSendRecordEntity extends LogicDeleteEntity { /** * subject */ diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/SmsSendRecordEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/message/SmsSendRecordEntity.java similarity index 75% rename from eiam-common/src/main/java/cn/topiam/employee/common/entity/SmsSendRecordEntity.java rename to eiam-common/src/main/java/cn/topiam/employee/common/entity/message/SmsSendRecordEntity.java index 915df827..a6c741b8 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/SmsSendRecordEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/message/SmsSendRecordEntity.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.common.entity; +package cn.topiam.employee.common.entity.message; import java.time.LocalDateTime; @@ -23,15 +23,21 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import cn.topiam.employee.common.enums.MessageCategory; import cn.topiam.employee.common.enums.SmsType; import cn.topiam.employee.common.message.enums.SmsProvider; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** * 短信记录发送表 @@ -45,7 +51,10 @@ import lombok.experimental.Accessors; @Setter @ToString @Table(name = "sms_send_record") -public class SmsSendRecordEntity extends BaseEntity { +@SQLDelete(sql = "update sms_send_record set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update sms_send_record set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class SmsSendRecordEntity extends LogicDeleteEntity { /** * phone_ */ diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/setting/AdministratorEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/setting/AdministratorEntity.java index a3c436ce..f41c5849 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/setting/AdministratorEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/setting/AdministratorEntity.java @@ -24,13 +24,19 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import cn.topiam.employee.common.enums.UserStatus; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** *

@@ -45,8 +51,11 @@ import lombok.experimental.Accessors; @ToString @Accessors(chain = true) @Entity -@Table(name = "`administrator`") -public class AdministratorEntity extends BaseEntity { +@Table(name = "administrator") +@SQLDelete(sql = "update administrator set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update administrator set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class AdministratorEntity extends LogicDeleteEntity { @Serial private static final long serialVersionUID = -2619231849746900857L; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/setting/MailTemplateEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/setting/MailTemplateEntity.java index e664e9ce..f9f60324 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/setting/MailTemplateEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/setting/MailTemplateEntity.java @@ -23,13 +23,19 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + import cn.topiam.employee.common.enums.MailType; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** *

@@ -45,7 +51,10 @@ import lombok.experimental.Accessors; @Entity @Accessors(chain = true) @Table(name = "mail_template") -public class MailTemplateEntity extends BaseEntity { +@SQLDelete(sql = "update mail_template set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update mail_template set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class MailTemplateEntity extends LogicDeleteEntity { @Serial private static final long serialVersionUID = 5983857137670090984L; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/entity/setting/SettingEntity.java b/eiam-common/src/main/java/cn/topiam/employee/common/entity/setting/SettingEntity.java index 3ceb0101..9a1b2cf9 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/entity/setting/SettingEntity.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/entity/setting/SettingEntity.java @@ -21,12 +21,18 @@ import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Table; -import cn.topiam.employee.support.repository.domain.BaseEntity; +import org.hibernate.annotations.SQLDelete; +import org.hibernate.annotations.SQLDeleteAll; +import org.hibernate.annotations.Where; + +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; import lombok.Getter; import lombok.Setter; import lombok.ToString; import lombok.experimental.Accessors; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** *

@@ -41,8 +47,11 @@ import lombok.experimental.Accessors; @ToString @Entity @Accessors(chain = true) -@Table(name = "`setting`") -public class SettingEntity extends BaseEntity { +@Table(name = "setting") +@SQLDelete(sql = "update setting set " + SOFT_DELETE_SET + " where id_ = ?") +@SQLDeleteAll(sql = "update setting set " + SOFT_DELETE_SET + " where id_ = ?") +@Where(clause = SOFT_DELETE_WHERE) +public class SettingEntity extends LogicDeleteEntity { /** * name diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/AuthenticationType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/AuthenticationType.java index 934617fb..cd6b5a4b 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/AuthenticationType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/AuthenticationType.java @@ -68,7 +68,6 @@ public enum AuthenticationType implements BaseEnum { throw new NullPointerException("未获取到对应平台"); } - @Override public String getCode() { return code; } @@ -77,7 +76,6 @@ public enum AuthenticationType implements BaseEnum { this.code = code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/CaptchaProviderType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/CaptchaProviderType.java index 4e0bf8cf..86abcc51 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/CaptchaProviderType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/CaptchaProviderType.java @@ -76,7 +76,6 @@ public enum CaptchaProviderType implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/DataOrigin.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/DataOrigin.java index f8f918a8..0ec8864c 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/DataOrigin.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/DataOrigin.java @@ -64,12 +64,10 @@ public enum DataOrigin implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/IdentityProviderType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/IdentityProviderType.java deleted file mode 100644 index 0c746866..00000000 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/IdentityProviderType.java +++ /dev/null @@ -1,135 +0,0 @@ -/* - * eiam-common - Employee Identity and Access Management Program - * Copyright © 2020-2023 TopIAM (support@topiam.cn) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package cn.topiam.employee.common.enums; - -import com.fasterxml.jackson.annotation.JsonValue; - -import cn.topiam.employee.support.web.converter.EnumConvert; -import static cn.topiam.employee.common.constants.AuthorizeConstants.AUTHORIZATION_REQUEST_URI; -import static cn.topiam.employee.common.constants.AuthorizeConstants.LOGIN_PATH; - -/** - * 认证提供商 - * - * @author TopIAM - * Created by support@topiam.cn on 2020/8/13 22:18 - */ -public enum IdentityProviderType implements BaseEnum { - /** - * 微信扫码登录 - */ - WECHAT_SCAN_CODE("wechat_scan_code", "微信扫码登录", - "通过微信扫码进行身份认证"), - /** - * 钉钉扫码登录 - */ - DINGTALK_SCAN_CODE("dingtalk_scan_code", - "钉钉扫码认证", - - "通过钉钉扫码进行身份认证"), - /** - * 钉钉Oauth2 - */ - DINGTALK_OAUTH("dingtalk_oauth", "钉钉Oauth认证", - "通过钉钉进行身份认证"), - /** - * 企业微信 - */ - WECHATWORK_SCAN_CODE("wechatwork_scan_code", - "企业微信扫码认证", - - "通过企业微信同步的用户可使用企业微信扫码登录进行身份认证"), - /** - * QQ - */ - QQ("qq_oauth", "QQ认证", "通过QQ进行身份认证"), - /** - * 微博 - */ - WEIBO("weibo_oauth", "微博认证", "通过微博进行身份认证"), - /** - * Github - */ - GITHUB("github_oauth", "Github", - "通过 GitHub 进行身份认证"), - /** - * Google - */ - GOOGLE("google_oauth", "Google", - "通过 Google 进行身份认证"), - /** - * 支付宝扫码认证 - */ - ALIPAY("alipay_oauth", "支付宝认证", - "通过支付宝进行身份认证"), - - /** - * LDAP - */ - LDAP("ldap", "LDAP 认证源", "通过 LDAP 认证源进行身份验证"); - - @JsonValue - private final String code; - private final String name; - private final String desc; - - IdentityProviderType(String code, String name, String desc) { - this.code = code; - this.name = name; - this.desc = desc; - } - - @Override - public String getCode() { - return code; - } - - public String getName() { - return name; - } - - @Override - public String getDesc() { - return desc; - } - - public String getAuthorizationPathPrefix() { - return AUTHORIZATION_REQUEST_URI + "/" + getCode(); - } - - public String getLoginPathPrefix() { - return LOGIN_PATH + "/" + getCode(); - } - - /** - * 获取认证平台 - * - * @param code {@link String} - * @return {@link IdentityProviderType} - */ - @EnumConvert - public static IdentityProviderType getType(String code) { - IdentityProviderType[] values = values(); - for (IdentityProviderType status : values) { - if (String.valueOf(status.getCode()).equals(code)) { - return status; - } - } - return null; - } -} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/Language.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/Language.java index 329f0c08..3419fc6e 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/Language.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/Language.java @@ -61,7 +61,6 @@ public enum Language implements BaseEnum { return locale; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/ListEnumDeserializer.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/ListEnumDeserializer.java index 13703bcf..b989c177 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/ListEnumDeserializer.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/ListEnumDeserializer.java @@ -22,7 +22,10 @@ import java.lang.reflect.Field; import java.util.*; import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.databind.*; +import com.fasterxml.jackson.databind.BeanProperty; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.deser.ContextualDeserializer; import com.fasterxml.jackson.databind.node.ArrayNode; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/MessageCategory.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/MessageCategory.java index 9f077f8e..7d5eeb9b 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/MessageCategory.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/MessageCategory.java @@ -52,12 +52,10 @@ public enum MessageCategory implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/MfaFactor.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/MfaFactor.java index ff657716..5d62eb73 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/MfaFactor.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/MfaFactor.java @@ -57,12 +57,10 @@ public enum MfaFactor implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/MfaMode.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/MfaMode.java index 83db5123..c0c0b073 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/MfaMode.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/MfaMode.java @@ -56,12 +56,10 @@ public enum MfaMode implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/OrganizationType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/OrganizationType.java index 6c831b6e..477eee4f 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/OrganizationType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/OrganizationType.java @@ -60,12 +60,10 @@ public enum OrganizationType implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/PermissionActionType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/PermissionActionType.java index 6bb62285..99db64b7 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/PermissionActionType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/PermissionActionType.java @@ -62,12 +62,10 @@ public enum PermissionActionType implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/PolicyEffect.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/PolicyEffect.java index 8b7d34cf..d368d3bd 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/PolicyEffect.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/PolicyEffect.java @@ -52,12 +52,10 @@ public enum PolicyEffect implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/PolicyObjectType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/PolicyObjectType.java index e29cf037..ba86dc5e 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/PolicyObjectType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/PolicyObjectType.java @@ -56,12 +56,10 @@ public enum PolicyObjectType implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/PolicySubjectType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/PolicySubjectType.java index 2618085a..19369d9b 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/PolicySubjectType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/PolicySubjectType.java @@ -65,12 +65,10 @@ public enum PolicySubjectType implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/SmsType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/SmsType.java index ae593939..0ffdfac5 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/SmsType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/SmsType.java @@ -33,8 +33,8 @@ public enum SmsType implements BaseEnum { */ BIND_PHONE("bind_phone", "绑定手机号", MessageCategory.CODE), /** - * 绑定,修改手机号成功 - */ + * 绑定,修改手机号成功 + */ BIND_PHONE_SUCCESS("bind_phone_success", "绑定手机号成功", MessageCategory.CODE), /** @@ -63,7 +63,7 @@ public enum SmsType implements BaseEnum { RESET_PASSWORD_SUCCESS("reset_password_success", "重置密码成功", MessageCategory.NOTICE), /** - * 登录验证 未使用 + * 登录验证 */ LOGIN("login", "登录验证", MessageCategory.CODE), @@ -110,12 +110,10 @@ public enum SmsType implements BaseEnum { this.category = category; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/SyncStatus.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/SyncStatus.java index 02bf561a..6c98e1b0 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/SyncStatus.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/SyncStatus.java @@ -59,12 +59,10 @@ public enum SyncStatus implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/TriggerType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/TriggerType.java index f8b80f06..a361faab 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/TriggerType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/TriggerType.java @@ -46,12 +46,10 @@ public enum TriggerType implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserGender.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserGender.java index 5c46a108..f8dd9cba 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserGender.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserGender.java @@ -50,12 +50,10 @@ public enum UserGender implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserIdType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserIdType.java index 8d778871..a854373c 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserIdType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserIdType.java @@ -49,12 +49,10 @@ public enum UserIdType implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserStatus.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserStatus.java index a9379a25..d3b3f32e 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserStatus.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserStatus.java @@ -66,12 +66,10 @@ public enum UserStatus implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserType.java index 3f0ebd83..181903ca 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/UserType.java @@ -72,7 +72,6 @@ public enum UserType implements BaseEnum { throw new NullPointerException("未获取到类型"); } - @Override public String getCode() { return code; } @@ -81,7 +80,6 @@ public enum UserType implements BaseEnum { this.code = code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AppCertUsingType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AppCertUsingType.java index e3073109..3c20436f 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AppCertUsingType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AppCertUsingType.java @@ -54,7 +54,6 @@ public enum AppCertUsingType implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AppProtocol.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AppProtocol.java index 51b040ca..6af6e6fb 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AppProtocol.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AppProtocol.java @@ -52,7 +52,12 @@ public enum AppProtocol implements BaseEnum { /** * FORM表单 */ - FORM("form", "表单代填"); + FORM("form", "表单代填"), + + /** + * TSA + */ + TSA("tsa", "TSA"); @JsonValue private final String code; @@ -66,7 +71,6 @@ public enum AppProtocol implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AppType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AppType.java index bbfd6886..59ea6fe9 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AppType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AppType.java @@ -42,7 +42,11 @@ public enum AppType implements BaseEnum { /** * 自研 */ - SELF_DEVELOPED("self_developed", "自研应用"); + SELF_DEVELOPED("self_developed", "自研应用"), + /** + * TSA + */ + TSA("tsa", "TSA"),; /** * code @@ -59,12 +63,10 @@ public enum AppType implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AuthorizationType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AuthorizationType.java index 68a2a648..fecc29ae 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AuthorizationType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/AuthorizationType.java @@ -53,12 +53,10 @@ public enum AuthorizationType implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/CasUserIdentityType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/CasUserIdentityType.java new file mode 100644 index 00000000..06d94c9e --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/CasUserIdentityType.java @@ -0,0 +1,78 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.enums.app; + +import com.fasterxml.jackson.annotation.JsonValue; + +import cn.topiam.employee.support.web.converter.EnumConvert; + +/** + * Cas 用户标识类型 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/5/22 23:49 + */ +public enum CasUserIdentityType { + /** + * 用户名 + */ + USER_USERNAME("user.username"), + /** + * 姓名 + */ + USER_FULL_NAME("user.fullName"), + /** + * 昵称 + */ + USER_NICK_NAME("user.nickName"), + /** + * 邮箱 + */ + USER_EMAIL("user.email"), + /** + * 应用账户 + */ + APP_USERNAME("app_user.username"); + + @JsonValue + private final String code; + + CasUserIdentityType(String code) { + this.code = code; + } + + public String getCode() { + return code; + } + + @EnumConvert + public static CasUserIdentityType getType(String code) { + CasUserIdentityType[] values = values(); + for (CasUserIdentityType status : values) { + if (String.valueOf(status.getCode()).equals(code)) { + return status; + } + } + return null; + } + + @Override + public String toString() { + return code; + } +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/FormSubmitType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/FormSubmitType.java new file mode 100644 index 00000000..00964ace --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/FormSubmitType.java @@ -0,0 +1,84 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.enums.app; + +import com.fasterxml.jackson.annotation.JsonValue; + +import cn.topiam.employee.common.enums.BaseEnum; +import cn.topiam.employee.support.web.converter.EnumConvert; + +/** + * + * @author SanLi + * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2022/12/21 17:20 + */ +public enum FormSubmitType implements BaseEnum { + /** + * POST + */ + POST("post", "POST"), + /** + * GET + */ + GET("get", "GET"); + + /** + * code + */ + @JsonValue + private final String code; + /** + * desc + */ + private final String desc; + + FormSubmitType(String code, String desc) { + this.code = code; + this.desc = desc; + } + + public String getCode() { + return code; + } + + public String getDesc() { + return desc; + } + + /** + * 获取类型 + * + * @param code {@link String} + * @return {@link InitLoginType} + */ + @EnumConvert + public static FormSubmitType getType(String code) { + FormSubmitType[] values = values(); + for (FormSubmitType status : values) { + if (String.valueOf(status.getCode()).equals(code)) { + return status; + } + } + return null; + } + + @Override + public String toString() { + return this.code; + } +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/SamlAttributeStatementValueType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/SamlAttributeStatementValueType.java index e46d4a22..0f8e3336 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/SamlAttributeStatementValueType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/SamlAttributeStatementValueType.java @@ -84,7 +84,6 @@ public enum SamlAttributeStatementValueType implements BaseEnum { return null; } - @Override public String getCode() { return code; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/converter/CasUserIdentityTypeConverter.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/converter/CasUserIdentityTypeConverter.java new file mode 100644 index 00000000..c46fdfff --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/converter/CasUserIdentityTypeConverter.java @@ -0,0 +1,46 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.enums.app.converter; + +import java.util.Objects; + +import javax.persistence.AttributeConverter; +import javax.persistence.Converter; + +import cn.topiam.employee.common.enums.app.CasUserIdentityType; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/5/22 23:25 + */ +@Converter(autoApply = true) +public class CasUserIdentityTypeConverter implements + AttributeConverter { + @Override + public String convertToDatabaseColumn(CasUserIdentityType attribute) { + if (Objects.isNull(attribute)) { + return null; + } + return attribute.getCode(); + } + + @Override + public CasUserIdentityType convertToEntityAttribute(String dbData) { + return CasUserIdentityType.getType(dbData); + } +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/converter/IdentityProviderTypeConverter.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/converter/FormSubmitTypeConverter.java similarity index 75% rename from eiam-common/src/main/java/cn/topiam/employee/common/enums/converter/IdentityProviderTypeConverter.java rename to eiam-common/src/main/java/cn/topiam/employee/common/enums/app/converter/FormSubmitTypeConverter.java index cae8b060..b983e49a 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/converter/IdentityProviderTypeConverter.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/app/converter/FormSubmitTypeConverter.java @@ -15,22 +15,21 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.common.enums.converter; +package cn.topiam.employee.common.enums.app.converter; import java.util.Objects; import javax.persistence.AttributeConverter; import javax.persistence.Converter; -import cn.topiam.employee.common.enums.IdentityProviderType; +import cn.topiam.employee.common.enums.app.FormSubmitType; /** * @author TopIAM - * Created by support@topiam.cn on 2020/12/11 19:42 + * Created by support@topiam.cn on 2020/12/11 23:48 */ @Converter(autoApply = true) -public class IdentityProviderTypeConverter implements - AttributeConverter { +public class FormSubmitTypeConverter implements AttributeConverter { /** * Converts the value stored in the entity attribute into the @@ -41,11 +40,11 @@ public class IdentityProviderTypeConverter implements * column */ @Override - public String convertToDatabaseColumn(IdentityProviderType attribute) { - if (!Objects.isNull(attribute)) { - return attribute.getCode(); + public String convertToDatabaseColumn(FormSubmitType attribute) { + if (Objects.isNull(attribute)) { + return null; } - return null; + return attribute.getCode(); } /** @@ -62,7 +61,7 @@ public class IdentityProviderTypeConverter implements * attribute */ @Override - public IdentityProviderType convertToEntityAttribute(String dbData) { - return IdentityProviderType.getType(dbData); + public FormSubmitType convertToEntityAttribute(String dbData) { + return FormSubmitType.getType(dbData); } } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/IdentitySourceActionType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/IdentitySourceActionType.java index 5bd97d26..708d735b 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/IdentitySourceActionType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/IdentitySourceActionType.java @@ -57,12 +57,10 @@ public enum IdentitySourceActionType implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/IdentitySourceObjectType.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/IdentitySourceObjectType.java index 14716843..9241a35f 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/IdentitySourceObjectType.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/IdentitySourceObjectType.java @@ -55,12 +55,10 @@ public enum IdentitySourceObjectType implements BaseEnum { this.desc = desc; } - @Override public String getCode() { return code; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/identityprovider/IdentitySourceProvider.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/IdentitySourceProvider.java similarity index 98% rename from eiam-common/src/main/java/cn/topiam/employee/common/enums/identityprovider/IdentitySourceProvider.java rename to eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/IdentitySourceProvider.java index 2ae3b9e2..67e09ef4 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/identityprovider/IdentitySourceProvider.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/IdentitySourceProvider.java @@ -15,7 +15,7 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.common.enums.identityprovider; +package cn.topiam.employee.common.enums.identitysource; import com.fasterxml.jackson.annotation.JsonValue; @@ -80,7 +80,6 @@ public enum IdentitySourceProvider implements BaseEnum { return null; } - @Override public String getCode() { return code; } @@ -89,7 +88,6 @@ public enum IdentitySourceProvider implements BaseEnum { return name; } - @Override public String getDesc() { return desc; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/enums/identityprovider/converter/IdentitySourceProviderConverter.java b/eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/converter/IdentitySourceProviderConverter.java similarity index 94% rename from eiam-common/src/main/java/cn/topiam/employee/common/enums/identityprovider/converter/IdentitySourceProviderConverter.java rename to eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/converter/IdentitySourceProviderConverter.java index 73225c17..186dbdbd 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/enums/identityprovider/converter/IdentitySourceProviderConverter.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/enums/identitysource/converter/IdentitySourceProviderConverter.java @@ -15,14 +15,14 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.common.enums.identityprovider.converter; +package cn.topiam.employee.common.enums.identitysource.converter; import java.util.Objects; import javax.persistence.AttributeConverter; import javax.persistence.Converter; -import cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider; +import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider; /** * 身份源提供商 diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/geo/District.java b/eiam-common/src/main/java/cn/topiam/employee/common/geo/District.java new file mode 100644 index 00000000..aa4c0546 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/geo/District.java @@ -0,0 +1,739 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.geo; + +import java.util.HashMap; +import java.util.Map; + +/** + * GeoLocationResponse + * + * @author TopIAM + * Created by support@topiam.cn on 2023/02/04 14:19 + */ +public final class District { + public static final Map PROVINCE_DISTRICT = new HashMap<>() { + { + put("北京市", "110000"); + put("天津市", "120000"); + put("河北省", "130000"); + put(" 石家庄市", "130100"); + put(" 唐山市", "130200"); + put(" 秦皇岛市", "130300"); + put(" 邯郸市", "130400"); + put(" 邢台市", "130500"); + put(" 保定市", "130600"); + put(" 张家口市", "130700"); + put(" 承德市", "130800"); + put(" 沧州市", "130900"); + put(" 廊坊市", "131000"); + put(" 衡水市", "131100"); + put("山西省", "140000"); + put(" 太原市", "140100"); + put(" 大同市", "140200"); + put(" 阳泉市", "140300"); + put(" 长治市", "140400"); + put(" 晋城市", "140500"); + put(" 朔州市", "140600"); + put(" 晋中市", "140700"); + put(" 运城市", "140800"); + put(" 忻州市", "140900"); + put(" 临汾市", "141000"); + put(" 吕梁市", "141100"); + put("内蒙古自治区", "150000"); + put(" 呼和浩特市", "150100"); + put(" 包头市", "150200"); + put(" 乌海市", "150300"); + put(" 赤峰市", "150400"); + put(" 通辽市", "150500"); + put(" 鄂尔多斯市", "150600"); + put(" 呼伦贝尔市", "150700"); + put(" 巴彦淖尔市", "150800"); + put(" 乌兰察布市", "150900"); + put(" 兴安盟", "152200"); + put(" 锡林郭勒盟", "152500"); + put(" 阿拉善盟", "152900"); + put("辽宁省", "210000"); + put(" 沈阳市", "210100"); + put(" 大连市", "210200"); + put(" 鞍山市", "210300"); + put(" 抚顺市", "210400"); + put(" 本溪市", "210500"); + put(" 丹东市", "210600"); + put(" 锦州市", "210700"); + put(" 营口市", "210800"); + put(" 阜新市", "210900"); + put(" 辽阳市", "211000"); + put(" 盘锦市", "211100"); + put(" 铁岭市", "211200"); + put(" 朝阳市", "211300"); + put(" 葫芦岛市", "211400"); + put("吉林省", "220000"); + put(" 长春市", "220100"); + put(" 吉林市", "220200"); + put(" 四平市", "220300"); + put(" 辽源市", "220400"); + put(" 通化市", "220500"); + put(" 白山市", "220600"); + put(" 松原市", "220700"); + put(" 白城市", "220800"); + put(" 延边朝鲜族自治州", "222400"); + put("黑龙江省", "230000"); + put(" 哈尔滨市", "230100"); + put(" 齐齐哈尔市", "230200"); + put(" 鸡西市", "230300"); + put(" 鹤岗市", "230400"); + put(" 双鸭山市", "230500"); + put(" 大庆市", "230600"); + put(" 伊春市", "230700"); + put(" 佳木斯市", "230800"); + put(" 七台河市", "230900"); + put(" 牡丹江市", "231000"); + put(" 黑河市", "231100"); + put(" 绥化市", "231200"); + put(" 大兴安岭地区", "232700"); + put("上海市", "310000"); + put("江苏省", "320000"); + put(" 南京市", "320100"); + put(" 无锡市", "320200"); + put(" 徐州市", "320300"); + put(" 常州市", "320400"); + put(" 苏州市", "320500"); + put(" 南通市", "320600"); + put(" 连云港市", "320700"); + put(" 淮安市", "320800"); + put(" 盐城市", "320900"); + put(" 扬州市", "321000"); + put(" 镇江市", "321100"); + put(" 泰州市", "321200"); + put(" 宿迁市", "321300"); + put("浙江省", "330000"); + put(" 杭州市", "330100"); + put(" 宁波市", "330200"); + put(" 温州市", "330300"); + put(" 嘉兴市", "330400"); + put(" 湖州市", "330500"); + put(" 绍兴市", "330600"); + put(" 金华市", "330700"); + put(" 衢州市", "330800"); + put(" 舟山市", "330900"); + put(" 台州市", "331000"); + put(" 丽水市", "331100"); + put("安徽省", "340000"); + put(" 合肥市", "340100"); + put(" 芜湖市", "340200"); + put(" 蚌埠市", "340300"); + put(" 淮南市", "340400"); + put(" 马鞍山市", "340500"); + put(" 淮北市", "340600"); + put(" 铜陵市", "340700"); + put(" 安庆市", "340800"); + put(" 黄山市", "341000"); + put(" 滁州市", "341100"); + put(" 阜阳市", "341200"); + put(" 宿州市", "341300"); + put(" 六安市", "341500"); + put(" 亳州市", "341600"); + put(" 池州市", "341700"); + put(" 宣城市", "341800"); + put("福建省", "350000"); + put(" 福州市", "350100"); + put(" 厦门市", "350200"); + put(" 莆田市", "350300"); + put(" 三明市", "350400"); + put(" 泉州市", "350500"); + put(" 漳州市", "350600"); + put(" 南平市", "350700"); + put(" 龙岩市", "350800"); + put(" 宁德市", "350900"); + put("江西省", "360000"); + put(" 南昌市", "360100"); + put(" 景德镇市", "360200"); + put(" 萍乡市", "360300"); + put(" 九江市", "360400"); + put(" 新余市", "360500"); + put(" 鹰潭市", "360600"); + put(" 赣州市", "360700"); + put(" 吉安市", "360800"); + put(" 宜春市", "360900"); + put(" 抚州市", "361000"); + put(" 上饶市", "361100"); + put("山东省", "370000"); + put(" 济南市", "370100"); + put(" 青岛市", "370200"); + put(" 淄博市", "370300"); + put(" 枣庄市", "370400"); + put(" 东营市", "370500"); + put(" 烟台市", "370600"); + put(" 潍坊市", "370700"); + put(" 济宁市", "370800"); + put(" 泰安市", "370900"); + put(" 威海市", "371000"); + put(" 日照市", "371100"); + put(" 临沂市", "371300"); + put(" 德州市", "371400"); + put(" 聊城市", "371500"); + put(" 滨州市", "371600"); + put(" 菏泽市", "371700"); + put("河南省", "410000"); + put(" 郑州市", "410100"); + put(" 开封市", "410200"); + put(" 洛阳市", "410300"); + put(" 平顶山市", "410400"); + put(" 安阳市", "410500"); + put(" 鹤壁市", "410600"); + put(" 新乡市", "410700"); + put(" 焦作市", "410800"); + put(" 濮阳市", "410900"); + put(" 许昌市", "411000"); + put(" 漯河市", "411100"); + put(" 三门峡市", "411200"); + put(" 南阳市", "411300"); + put(" 商丘市", "411400"); + put(" 信阳市", "411500"); + put(" 周口市", "411600"); + put(" 驻马店市", "411700"); + put("湖北省", "420000"); + put(" 武汉市", "420100"); + put(" 黄石市", "420200"); + put(" 十堰市", "420300"); + put(" 宜昌市", "420500"); + put(" 襄阳市", "420600"); + put(" 鄂州市", "420700"); + put(" 荆门市", "420800"); + put(" 孝感市", "420900"); + put(" 荆州市", "421000"); + put(" 黄冈市", "421100"); + put(" 咸宁市", "421200"); + put(" 随州市", "421300"); + put(" 恩施土家族苗族自治州", "422800"); + put("湖南省", "430000"); + put(" 长沙市", "430100"); + put(" 株洲市", "430200"); + put(" 湘潭市", "430300"); + put(" 衡阳市", "430400"); + put(" 邵阳市", "430500"); + put(" 岳阳市", "430600"); + put(" 常德市", "430700"); + put(" 张家界市", "430800"); + put(" 益阳市", "430900"); + put(" 郴州市", "431000"); + put(" 永州市", "431100"); + put(" 怀化市", "431200"); + put(" 娄底市", "431300"); + put(" 湘西土家族苗族自治州", "433100"); + put("广东省", "440000"); + put(" 广州市", "440100"); + put(" 韶关市", "440200"); + put(" 深圳市", "440300"); + put(" 珠海市", "440400"); + put(" 汕头市", "440500"); + put(" 佛山市", "440600"); + put(" 江门市", "440700"); + put(" 湛江市", "440800"); + put(" 茂名市", "440900"); + put(" 肇庆市", "441200"); + put(" 惠州市", "441300"); + put(" 梅州市", "441400"); + put(" 汕尾市", "441500"); + put(" 河源市", "441600"); + put(" 阳江市", "441700"); + put(" 清远市", "441800"); + put(" 东莞市", "441900"); + put(" 中山市", "442000"); + put(" 潮州市", "445100"); + put(" 揭阳市", "445200"); + put(" 云浮市", "445300"); + put("广西壮族自治区", "450000"); + put(" 南宁市", "450100"); + put(" 柳州市", "450200"); + put(" 桂林市", "450300"); + put(" 梧州市", "450400"); + put(" 北海市", "450500"); + put(" 防城港市", "450600"); + put(" 钦州市", "450700"); + put(" 贵港市", "450800"); + put(" 玉林市", "450900"); + put(" 百色市", "451000"); + put(" 贺州市", "451100"); + put(" 河池市", "451200"); + put(" 来宾市", "451300"); + put(" 崇左市", "451400"); + put("海南省", "460000"); + put(" 海口市", "460100"); + put(" 三亚市", "460200"); + put(" 三沙市", "460300"); + put(" 儋州市", "460400"); + put("重庆市", "500000"); + put("四川省", "510000"); + put(" 成都市", "510100"); + put(" 自贡市", "510300"); + put(" 攀枝花市", "510400"); + put(" 泸州市", "510500"); + put(" 德阳市", "510600"); + put(" 绵阳市", "510700"); + put(" 广元市", "510800"); + put(" 遂宁市", "510900"); + put(" 内江市", "511000"); + put(" 乐山市", "511100"); + put(" 南充市", "511300"); + put(" 眉山市", "511400"); + put(" 宜宾市", "511500"); + put(" 广安市", "511600"); + put(" 达州市", "511700"); + put(" 雅安市", "511800"); + put(" 巴中市", "511900"); + put(" 资阳市", "512000"); + put(" 阿坝藏族羌族自治州", "513200"); + put(" 甘孜藏族自治州", "513300"); + put(" 凉山彝族自治州", "513400"); + put("贵州省", "520000"); + put(" 贵阳市", "520100"); + put(" 六盘水市", "520200"); + put(" 遵义市", "520300"); + put(" 安顺市", "520400"); + put(" 毕节市", "520500"); + put(" 铜仁市", "520600"); + put(" 黔西南布依族苗族自治州", "522300"); + put(" 黔东南苗族侗族自治州", "522600"); + put(" 黔南布依族苗族自治州", "522700"); + put("云南省", "530000"); + put(" 昆明市", "530100"); + put(" 曲靖市", "530300"); + put(" 玉溪市", "530400"); + put(" 保山市", "530500"); + put(" 昭通市", "530600"); + put(" 丽江市", "530700"); + put(" 普洱市", "530800"); + put(" 临沧市", "530900"); + put(" 楚雄彝族自治州", "532300"); + put(" 红河哈尼族彝族自治州", "532500"); + put(" 文山壮族苗族自治州", "532600"); + put(" 西双版纳傣族自治州", "532800"); + put(" 大理白族自治州", "532900"); + put(" 德宏傣族景颇族自治州", "533100"); + put(" 怒江傈僳族自治州", "533300"); + put(" 迪庆藏族自治州", "533400"); + put("西藏自治区", "540000"); + put(" 拉萨市", "540100"); + put(" 日喀则市", "540200"); + put(" 昌都市", "540300"); + put(" 林芝市", "540400"); + put(" 山南市", "540500"); + put(" 那曲市", "540600"); + put(" 阿里地区", "542500"); + put("陕西省", "610000"); + put(" 西安市", "610100"); + put(" 铜川市", "610200"); + put(" 宝鸡市", "610300"); + put(" 咸阳市", "610400"); + put(" 渭南市", "610500"); + put(" 延安市", "610600"); + put(" 汉中市", "610700"); + put(" 榆林市", "610800"); + put(" 安康市", "610900"); + put(" 商洛市", "611000"); + put("甘肃省", "620000"); + put(" 兰州市", "620100"); + put(" 嘉峪关市", "620200"); + put(" 金昌市", "620300"); + put(" 白银市", "620400"); + put(" 天水市", "620500"); + put(" 武威市", "620600"); + put(" 张掖市", "620700"); + put(" 平凉市", "620800"); + put(" 酒泉市", "620900"); + put(" 庆阳市", "621000"); + put(" 定西市", "621100"); + put(" 陇南市", "621200"); + put(" 临夏回族自治州", "622900"); + put(" 甘南藏族自治州", "623000"); + put("青海省", "630000"); + put(" 西宁市", "630100"); + put(" 海东市", "630200"); + put(" 海北藏族自治州", "632200"); + put(" 黄南藏族自治州", "632300"); + put(" 海南藏族自治州", "632500"); + put(" 果洛藏族自治州", "632600"); + put(" 玉树藏族自治州", "632700"); + put(" 海西蒙古族藏族自治州", "632800"); + put("宁夏回族自治区", "640000"); + put(" 银川市", "640100"); + put(" 石嘴山市", "640200"); + put(" 吴忠市", "640300"); + put(" 固原市", "640400"); + put(" 中卫市", "640500"); + put("新疆维吾尔自治区", "650000"); + put(" 乌鲁木齐市", "650100"); + put(" 克拉玛依市", "650200"); + put(" 吐鲁番市", "650400"); + put(" 哈密市", "650500"); + put(" 昌吉回族自治州", "652300"); + put(" 博尔塔拉蒙古自治州", "652700"); + put(" 巴音郭楞蒙古自治州", "652800"); + put(" 阿克苏地区", "652900"); + put(" 克孜勒苏柯尔克孜自治州", "653000"); + put(" 喀什地区", "653100"); + put(" 和田地区", "653200"); + put(" 伊犁哈萨克自治州", "654000"); + put(" 塔城地区", "654200"); + put(" 阿勒泰地区", "654300"); + put("台湾省", "710000"); + put("香港特别行政区", "810000"); + put("澳门特别行政区", "820000"); + } + }; + + public static final Map CITY_DISTRICT = new HashMap<>() { + { + put("石家庄市", "130100"); + put("唐山市", "130200"); + put("秦皇岛市", "130300"); + put("邯郸市", "130400"); + put("邢台市", "130500"); + put("保定市", "130600"); + put("张家口市", "130700"); + put("承德市", "130800"); + put("沧州市", "130900"); + put("廊坊市", "131000"); + put("衡水市", "131100"); + put("太原市", "140100"); + put("大同市", "140200"); + put("阳泉市", "140300"); + put("长治市", "140400"); + put("晋城市", "140500"); + put("朔州市", "140600"); + put("晋中市", "140700"); + put("运城市", "140800"); + put("忻州市", "140900"); + put("临汾市", "141000"); + put("吕梁市", "141100"); + put("呼和浩特市", "150100"); + put("包头市", "150200"); + put("乌海市", "150300"); + put("赤峰市", "150400"); + put("通辽市", "150500"); + put("鄂尔多斯市", "150600"); + put("呼伦贝尔市", "150700"); + put("巴彦淖尔市", "150800"); + put("乌兰察布市", "150900"); + put("兴安盟", "152200"); + put("锡林郭勒盟", "152500"); + put("阿拉善盟", "152900"); + put("沈阳市", "210100"); + put("大连市", "210200"); + put("鞍山市", "210300"); + put("抚顺市", "210400"); + put("本溪市", "210500"); + put("丹东市", "210600"); + put("锦州市", "210700"); + put("营口市", "210800"); + put("阜新市", "210900"); + put("辽阳市", "211000"); + put("盘锦市", "211100"); + put("铁岭市", "211200"); + put("朝阳市", "211300"); + put("葫芦岛市", "211400"); + put("长春市", "220100"); + put("吉林市", "220200"); + put("四平市", "220300"); + put("辽源市", "220400"); + put("通化市", "220500"); + put("白山市", "220600"); + put("松原市", "220700"); + put("白城市", "220800"); + put("延边朝鲜族自治州", "222400"); + put("哈尔滨市", "230100"); + put("齐齐哈尔市", "230200"); + put("鸡西市", "230300"); + put("鹤岗市", "230400"); + put("双鸭山市", "230500"); + put("大庆市", "230600"); + put("伊春市", "230700"); + put("佳木斯市", "230800"); + put("七台河市", "230900"); + put("牡丹江市", "231000"); + put("黑河市", "231100"); + put("绥化市", "231200"); + put("大兴安岭地区", "232700"); + put("南京市", "320100"); + put("无锡市", "320200"); + put("徐州市", "320300"); + put("常州市", "320400"); + put("苏州市", "320500"); + put("南通市", "320600"); + put("连云港市", "320700"); + put("淮安市", "320800"); + put("盐城市", "320900"); + put("扬州市", "321000"); + put("镇江市", "321100"); + put("泰州市", "321200"); + put("宿迁市", "321300"); + put("杭州市", "330100"); + put("宁波市", "330200"); + put("温州市", "330300"); + put("嘉兴市", "330400"); + put("湖州市", "330500"); + put("绍兴市", "330600"); + put("金华市", "330700"); + put("衢州市", "330800"); + put("舟山市", "330900"); + put("台州市", "331000"); + put("丽水市", "331100"); + put("合肥市", "340100"); + put("芜湖市", "340200"); + put("蚌埠市", "340300"); + put("淮南市", "340400"); + put("马鞍山市", "340500"); + put("淮北市", "340600"); + put("铜陵市", "340700"); + put("安庆市", "340800"); + put("黄山市", "341000"); + put("滁州市", "341100"); + put("阜阳市", "341200"); + put("宿州市", "341300"); + put("六安市", "341500"); + put("亳州市", "341600"); + put("池州市", "341700"); + put("宣城市", "341800"); + put("福州市", "350100"); + put("厦门市", "350200"); + put("莆田市", "350300"); + put("三明市", "350400"); + put("泉州市", "350500"); + put("漳州市", "350600"); + put("南平市", "350700"); + put("龙岩市", "350800"); + put("宁德市", "350900"); + put("南昌市", "360100"); + put("景德镇市", "360200"); + put("萍乡市", "360300"); + put("九江市", "360400"); + put("新余市", "360500"); + put("鹰潭市", "360600"); + put("赣州市", "360700"); + put("吉安市", "360800"); + put("宜春市", "360900"); + put("抚州市", "361000"); + put("上饶市", "361100"); + put("济南市", "370100"); + put("青岛市", "370200"); + put("淄博市", "370300"); + put("枣庄市", "370400"); + put("东营市", "370500"); + put("烟台市", "370600"); + put("潍坊市", "370700"); + put("济宁市", "370800"); + put("泰安市", "370900"); + put("威海市", "371000"); + put("日照市", "371100"); + put("临沂市", "371300"); + put("德州市", "371400"); + put("聊城市", "371500"); + put("滨州市", "371600"); + put("菏泽市", "371700"); + put("郑州市", "410100"); + put("开封市", "410200"); + put("洛阳市", "410300"); + put("平顶山市", "410400"); + put("安阳市", "410500"); + put("鹤壁市", "410600"); + put("新乡市", "410700"); + put("焦作市", "410800"); + put("濮阳市", "410900"); + put("许昌市", "411000"); + put("漯河市", "411100"); + put("三门峡市", "411200"); + put("南阳市", "411300"); + put("商丘市", "411400"); + put("信阳市", "411500"); + put("周口市", "411600"); + put("驻马店市", "411700"); + put("武汉市", "420100"); + put("黄石市", "420200"); + put("十堰市", "420300"); + put("宜昌市", "420500"); + put("襄阳市", "420600"); + put("鄂州市", "420700"); + put("荆门市", "420800"); + put("孝感市", "420900"); + put("荆州市", "421000"); + put("黄冈市", "421100"); + put("咸宁市", "421200"); + put("随州市", "421300"); + put("恩施土家族苗族自治州", "422800"); + put("长沙市", "430100"); + put("株洲市", "430200"); + put("湘潭市", "430300"); + put("衡阳市", "430400"); + put("邵阳市", "430500"); + put("岳阳市", "430600"); + put("常德市", "430700"); + put("张家界市", "430800"); + put("益阳市", "430900"); + put("郴州市", "431000"); + put("永州市", "431100"); + put("怀化市", "431200"); + put("娄底市", "431300"); + put("湘西土家族苗族自治州", "433100"); + put("广州市", "440100"); + put("韶关市", "440200"); + put("深圳市", "440300"); + put("珠海市", "440400"); + put("汕头市", "440500"); + put("佛山市", "440600"); + put("江门市", "440700"); + put("湛江市", "440800"); + put("茂名市", "440900"); + put("肇庆市", "441200"); + put("惠州市", "441300"); + put("梅州市", "441400"); + put("汕尾市", "441500"); + put("河源市", "441600"); + put("阳江市", "441700"); + put("清远市", "441800"); + put("东莞市", "441900"); + put("中山市", "442000"); + put("潮州市", "445100"); + put("揭阳市", "445200"); + put("云浮市", "445300"); + put("南宁市", "450100"); + put("柳州市", "450200"); + put("桂林市", "450300"); + put("梧州市", "450400"); + put("北海市", "450500"); + put("防城港市", "450600"); + put("钦州市", "450700"); + put("贵港市", "450800"); + put("玉林市", "450900"); + put("百色市", "451000"); + put("贺州市", "451100"); + put("河池市", "451200"); + put("来宾市", "451300"); + put("崇左市", "451400"); + put("海口市", "460100"); + put("三亚市", "460200"); + put("三沙市", "460300"); + put("儋州市", "460400"); + put("成都市", "510100"); + put("自贡市", "510300"); + put("攀枝花市", "510400"); + put("泸州市", "510500"); + put("德阳市", "510600"); + put("绵阳市", "510700"); + put("广元市", "510800"); + put("遂宁市", "510900"); + put("内江市", "511000"); + put("乐山市", "511100"); + put("南充市", "511300"); + put("眉山市", "511400"); + put("宜宾市", "511500"); + put("广安市", "511600"); + put("达州市", "511700"); + put("雅安市", "511800"); + put("巴中市", "511900"); + put("资阳市", "512000"); + put("阿坝藏族羌族自治州", "513200"); + put("甘孜藏族自治州", "513300"); + put("凉山彝族自治州", "513400"); + put("贵阳市", "520100"); + put("六盘水市", "520200"); + put("遵义市", "520300"); + put("安顺市", "520400"); + put("毕节市", "520500"); + put("铜仁市", "520600"); + put("黔西南布依族苗族自治州", "522300"); + put("黔东南苗族侗族自治州", "522600"); + put("黔南布依族苗族自治州", "522700"); + put("昆明市", "530100"); + put("曲靖市", "530300"); + put("玉溪市", "530400"); + put("保山市", "530500"); + put("昭通市", "530600"); + put("丽江市", "530700"); + put("普洱市", "530800"); + put("临沧市", "530900"); + put("楚雄彝族自治州", "532300"); + put("红河哈尼族彝族自治州", "532500"); + put("文山壮族苗族自治州", "532600"); + put("西双版纳傣族自治州", "532800"); + put("大理白族自治州", "532900"); + put("德宏傣族景颇族自治州", "533100"); + put("怒江傈僳族自治州", "533300"); + put("迪庆藏族自治州", "533400"); + put("拉萨市", "540100"); + put("日喀则市", "540200"); + put("昌都市", "540300"); + put("林芝市", "540400"); + put("山南市", "540500"); + put("那曲市", "540600"); + put("阿里地区", "542500"); + put("西安市", "610100"); + put("铜川市", "610200"); + put("宝鸡市", "610300"); + put("咸阳市", "610400"); + put("渭南市", "610500"); + put("延安市", "610600"); + put("汉中市", "610700"); + put("榆林市", "610800"); + put("安康市", "610900"); + put("商洛市", "611000"); + put("兰州市", "620100"); + put("嘉峪关市", "620200"); + put("金昌市", "620300"); + put("白银市", "620400"); + put("天水市", "620500"); + put("武威市", "620600"); + put("张掖市", "620700"); + put("平凉市", "620800"); + put("酒泉市", "620900"); + put("庆阳市", "621000"); + put("定西市", "621100"); + put("陇南市", "621200"); + put("临夏回族自治州", "622900"); + put("甘南藏族自治州", "623000"); + put("西宁市", "630100"); + put("海东市", "630200"); + put("海北藏族自治州", "632200"); + put("黄南藏族自治州", "632300"); + put("海南藏族自治州", "632500"); + put("果洛藏族自治州", "632600"); + put("玉树藏族自治州", "632700"); + put("海西蒙古族藏族自治州", "632800"); + put("银川市", "640100"); + put("石嘴山市", "640200"); + put("吴忠市", "640300"); + put("固原市", "640400"); + put("中卫市", "640500"); + put("乌鲁木齐市", "650100"); + put("克拉玛依市", "650200"); + put("吐鲁番市", "650400"); + put("哈密市", "650500"); + put("昌吉回族自治州", "652300"); + put("博尔塔拉蒙古自治州", "652700"); + put("巴音郭楞蒙古自治州", "652800"); + put("阿克苏地区", "652900"); + put("克孜勒苏柯尔克孜自治州", "653000"); + put("喀什地区", "653100"); + put("和田地区", "653200"); + put("伊犁哈萨克自治州", "654000"); + put("塔城地区", "654200"); + put("阿勒泰地区", "654300"); + } + }; +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/geo/maxmind/MaxmindGeoLocationServiceImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/geo/maxmind/MaxmindGeoLocationServiceImpl.java index 9102638d..53978e1a 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/geo/maxmind/MaxmindGeoLocationServiceImpl.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/geo/maxmind/MaxmindGeoLocationServiceImpl.java @@ -34,6 +34,7 @@ import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream; import org.apache.commons.io.FileUtils; import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpMethod; import org.springframework.http.ResponseEntity; import org.springframework.web.client.ResourceAccessException; @@ -54,6 +55,8 @@ import lombok.extern.slf4j.Slf4j; import dev.failsafe.Failsafe; import dev.failsafe.RetryPolicy; +import static cn.topiam.employee.common.geo.District.CITY_DISTRICT; +import static cn.topiam.employee.common.geo.District.PROVINCE_DISTRICT; import static cn.topiam.employee.common.geo.maxmind.enums.GeoLocationProvider.MAXMIND; /** @@ -116,9 +119,9 @@ public class MaxmindGeoLocationServiceImpl implements GeoLocationService { .setCountryName(country.getName()) .setCountryCode(country.getGeoNameId().toString()) .setCityName(city.getName()) - .setCityCode(String.valueOf(city.getGeoNameId())) + .setCityCode(StringUtils.defaultString(CITY_DISTRICT.get(city.getName()), String.valueOf(city.getGeoNameId()))) .setProvinceName(subdivision.getName()) - .setProvinceCode(subdivision.getIsoCode()) + .setProvinceCode(StringUtils.defaultString(PROVINCE_DISTRICT.get(subdivision.getName()), subdivision.getIsoCode())) .setLongitude(location.getLongitude()) .setLatitude(location.getLatitude()) .setProvider(MAXMIND); diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/geo/maxmind/MaxmindProviderConfig.java b/eiam-common/src/main/java/cn/topiam/employee/common/geo/maxmind/MaxmindProviderConfig.java index 94e2eb0b..59f95d2c 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/geo/maxmind/MaxmindProviderConfig.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/geo/maxmind/MaxmindProviderConfig.java @@ -19,6 +19,7 @@ package cn.topiam.employee.common.geo.maxmind; import javax.validation.constraints.NotEmpty; +import cn.topiam.employee.common.crypto.Encrypt; import cn.topiam.employee.common.geo.GeoLocationProviderConfig; import lombok.Data; @@ -35,6 +36,7 @@ public class MaxmindProviderConfig extends GeoLocationProviderConfig.GeoLocation /** * 密码 */ + @Encrypt @NotEmpty(message = "密码不能为空") private String sessionKey; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/message/mail/MailProviderConfig.java b/eiam-common/src/main/java/cn/topiam/employee/common/message/mail/MailProviderConfig.java index 6a5aacd5..20c2abf5 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/message/mail/MailProviderConfig.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/message/mail/MailProviderConfig.java @@ -20,9 +20,9 @@ package cn.topiam.employee.common.message.mail; import javax.validation.constraints.NotEmpty; import javax.validation.constraints.NotNull; +import cn.topiam.employee.common.crypto.EncryptContextHelp; import cn.topiam.employee.common.message.enums.MailProvider; import cn.topiam.employee.common.message.enums.MailSafetyType; -import cn.topiam.employee.support.util.AesUtils; import lombok.Builder; import lombok.Data; @@ -86,6 +86,6 @@ public class MailProviderConfig { private String secret; public String getDecryptSecret() { - return AesUtils.decrypt(this.secret); + return EncryptContextHelp.decrypt(this.secret); } } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/aliyun/AliyunSmsProviderConfig.java b/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/aliyun/AliyunSmsProviderConfig.java index 23bfcf3e..9ccb84f9 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/aliyun/AliyunSmsProviderConfig.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/aliyun/AliyunSmsProviderConfig.java @@ -19,6 +19,7 @@ package cn.topiam.employee.common.message.sms.aliyun; import javax.validation.constraints.NotEmpty; +import cn.topiam.employee.common.crypto.Encrypt; import cn.topiam.employee.common.message.sms.SmsProviderConfig; import lombok.Data; @@ -45,6 +46,7 @@ public class AliyunSmsProviderConfig extends SmsProviderConfig { /** * accessKeySecret */ + @Encrypt @NotEmpty(message = "accessKeySecret不能为空") private String accessKeySecret; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/qiniu/QiNiuSmsProviderConfig.java b/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/qiniu/QiNiuSmsProviderConfig.java index 1f21e672..05e52295 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/qiniu/QiNiuSmsProviderConfig.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/qiniu/QiNiuSmsProviderConfig.java @@ -19,6 +19,7 @@ package cn.topiam.employee.common.message.sms.qiniu; import javax.validation.constraints.NotEmpty; +import cn.topiam.employee.common.crypto.Encrypt; import cn.topiam.employee.common.message.sms.SmsProviderConfig; import lombok.Data; @@ -44,6 +45,7 @@ public class QiNiuSmsProviderConfig extends SmsProviderConfig { /** * secretKey */ + @Encrypt @NotEmpty(message = "secretKey不能为空") private String secretKey; } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/tencent/TencentSmsProviderConfig.java b/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/tencent/TencentSmsProviderConfig.java index e67e8f66..208372e3 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/tencent/TencentSmsProviderConfig.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/tencent/TencentSmsProviderConfig.java @@ -19,6 +19,7 @@ package cn.topiam.employee.common.message.sms.tencent; import javax.validation.constraints.NotEmpty; +import cn.topiam.employee.common.crypto.Encrypt; import cn.topiam.employee.common.message.sms.SmsProviderConfig; import lombok.Data; @@ -45,6 +46,7 @@ public class TencentSmsProviderConfig extends SmsProviderConfig { /** * secretKey */ + @Encrypt @NotEmpty(message = "SecretKey不能为空") private String secretKey; diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/tencent/TencentSmsProviderSend.java b/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/tencent/TencentSmsProviderSend.java index 85036b92..105822d5 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/tencent/TencentSmsProviderSend.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/message/sms/tencent/TencentSmsProviderSend.java @@ -89,9 +89,7 @@ public class TencentSmsProviderSend implements SmsProviderSend { /* 模板参数: 模板参数的个数需要与 TemplateId 对应模板的变量个数保持一致,若无模板参数,则设置为空 */ Map parameters = sendSmsParam.getParameters(); List templateParamList = new ArrayList<>(); - parameters.forEach((key, value) -> { - templateParamList.add(value); - }); + parameters.forEach((key, value) -> templateParamList.add(value)); req.setTemplateParamSet(templateParamList.toArray(new String[0])); /* 下发手机号码,采用 E.164 标准,+[国家或地区码][手机号] * 示例如:+8613711112222, 其中前面有一个+号 ,86为国家码,13711112222为手机号,最多不要超过200个手机号 */ diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/OrganizationMemberRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/OrganizationMemberRepository.java index 4e6e2f43..5bcfa77b 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/OrganizationMemberRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/OrganizationMemberRepository.java @@ -19,7 +19,6 @@ package cn.topiam.employee.common.repository.account; import java.util.List; -import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; @@ -28,6 +27,8 @@ import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.entity.account.OrganizationMemberEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; /** * 组织机构成员 @@ -36,7 +37,8 @@ import cn.topiam.employee.common.entity.account.OrganizationMemberEntity; * Created by support@topiam.cn on 2021/11/30 03:06 */ @Repository -public interface OrganizationMemberRepository extends JpaRepository, +public interface OrganizationMemberRepository extends + LogicDeleteRepository, QuerydslPredicateExecutor, OrganizationMemberCustomizedRepository { @@ -46,7 +48,10 @@ public interface OrganizationMemberRepository extends JpaRepository userIds); /** @@ -72,6 +79,8 @@ public interface OrganizationMemberRepository extends JpaRepository @@ -44,8 +44,7 @@ import cn.topiam.employee.common.enums.DataOrigin; * Created by support@topiam.cn on 2020-08-09 */ @Repository -public interface OrganizationRepository extends CrudRepository, - PagingAndSortingRepository, +public interface OrganizationRepository extends LogicDeleteRepository, JpaSpecificationExecutor, QuerydslPredicateExecutor, OrganizationRepositoryCustomized { @@ -197,4 +196,13 @@ public interface OrganizationRepository extends CrudRepository findByIdInOrderByOrderAsc(Collection parentIds); + /** + * findByIdContainsDeleted + * + * @param id must not be {@literal null}. + * @return {@link OrganizationEntity} + */ + @NotNull + @Query(value = "SELECT * FROM organization WHERE id_ = :id", nativeQuery = true) + Optional findByIdContainsDeleted(@NotNull @Param(value = "id") String id); } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserDetailRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserDetailRepository.java index d1883241..a2528190 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserDetailRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserDetailRepository.java @@ -23,12 +23,13 @@ import java.util.Optional; import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.CrudRepository; -import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; +import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.entity.account.UserDetailEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_HQL_SET; /** *

@@ -39,8 +40,7 @@ import cn.topiam.employee.common.entity.account.UserDetailEntity; * Created by support@topiam.cn on 2020-08-07 */ @Repository -public interface UserDetailRepository extends PagingAndSortingRepository, - CrudRepository, +public interface UserDetailRepository extends LogicDeleteRepository, QuerydslPredicateExecutor, UserDetailRepositoryCustomized { /** @@ -56,16 +56,21 @@ public interface UserDetailRepository extends PagingAndSortingRepository userIds); + @Transactional(rollbackFor = Exception.class) + @Query(value = "UPDATE UserDetailEntity SET " + SOFT_DELETE_HQL_SET + + " WHERE userId IN (:userIds)") + void deleteAllByUserIds(@Param("userIds") Iterable userIds); /** * 根据用户ID查询用户详情 @@ -73,7 +78,5 @@ public interface UserDetailRepository extends PagingAndSortingRepository findAllByUserIds(@Param("userIds") Iterable userIds); + List findAllByUserIdIn(List userIds); } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserGroupMemberRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserGroupMemberRepository.java index 3391b807..56b94296 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserGroupMemberRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserGroupMemberRepository.java @@ -19,7 +19,6 @@ package cn.topiam.employee.common.repository.account; import java.util.List; -import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; @@ -28,6 +27,8 @@ import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.entity.account.UserGroupMemberEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; /** * 用户组成员 @@ -36,7 +37,8 @@ import cn.topiam.employee.common.entity.account.UserGroupMemberEntity; * Created by support@topiam.cn on 2021/11/30 03:04 */ @Repository -public interface UserGroupMemberRepository extends JpaRepository, +public interface UserGroupMemberRepository extends + LogicDeleteRepository, QuerydslPredicateExecutor, UserGroupMemberRepositoryCustomized { @@ -46,7 +48,10 @@ public interface UserGroupMemberRepository extends JpaRepository userIds); /** @@ -73,6 +80,8 @@ public interface UserGroupMemberRepository extends JpaRepository @@ -33,8 +37,16 @@ import cn.topiam.employee.common.entity.account.UserGroupEntity; * Created by support@topiam.cn on 2020-07-31 */ @Repository -public interface UserGroupRepository extends CrudRepository, - PagingAndSortingRepository, +public interface UserGroupRepository extends LogicDeleteRepository, QuerydslPredicateExecutor { + /** + * findByIdContainsDeleted + * + * @param id must not be {@literal null}. + * @return {@link UserGroupEntity} + */ + @NotNull + @Query(value = "SELECT * FROM user_group WHERE id_ = :id", nativeQuery = true) + Optional findByIdContainsDeleted(@NotNull @Param(value = "id") Long id); } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserHistoryPasswordRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserHistoryPasswordRepository.java index def209b6..27e656c7 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserHistoryPasswordRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserHistoryPasswordRepository.java @@ -20,11 +20,10 @@ package cn.topiam.employee.common.repository.account; import java.util.List; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.CrudRepository; -import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.stereotype.Repository; import cn.topiam.employee.common.entity.account.UserHistoryPasswordEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; /** *

@@ -36,8 +35,7 @@ import cn.topiam.employee.common.entity.account.UserHistoryPasswordEntity; */ @Repository public interface UserHistoryPasswordRepository extends - CrudRepository, - PagingAndSortingRepository, + LogicDeleteRepository, QuerydslPredicateExecutor { /** * 根据用户ID查询历史密码 diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserIdpRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserIdpRepository.java index 645ddba9..a966587a 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserIdpRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserIdpRepository.java @@ -18,10 +18,10 @@ package cn.topiam.employee.common.repository.account; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.CrudRepository; import org.springframework.stereotype.Repository; import cn.topiam.employee.common.entity.account.UserIdpBindEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; /** * 用户身份绑定表 @@ -30,7 +30,7 @@ import cn.topiam.employee.common.entity.account.UserIdpBindEntity; * Created by support@topiam.cn on 2022/4/3 22:18 */ @Repository -public interface UserIdpRepository extends CrudRepository, +public interface UserIdpRepository extends LogicDeleteRepository, QuerydslPredicateExecutor, UserIdpRepositoryCustomized { diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserRepository.java index 1b5f9e82..f18c424b 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserRepository.java @@ -29,8 +29,6 @@ import org.springframework.cache.annotation.Cacheable; import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.CrudRepository; -import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; @@ -38,7 +36,9 @@ import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.entity.account.UserEntity; import cn.topiam.employee.common.enums.DataOrigin; import cn.topiam.employee.common.enums.UserStatus; +import cn.topiam.employee.support.repository.LogicDeleteRepository; import static cn.topiam.employee.common.constants.AccountConstants.USER_CACHE_NAME; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_WHERE; /** *

@@ -50,8 +50,7 @@ import static cn.topiam.employee.common.constants.AccountConstants.USER_CACHE_NA */ @Repository @CacheConfig(cacheNames = { USER_CACHE_NAME }) -public interface UserRepository extends CrudRepository, - PagingAndSortingRepository, +public interface UserRepository extends LogicDeleteRepository, QuerydslPredicateExecutor, UserRepositoryCustomized { /** * findById @@ -62,7 +61,18 @@ public interface UserRepository extends CrudRepository, @NotNull @Override @Cacheable(key = "#p0", unless = "#result==null") - Optional findById(@NotNull Long id); + Optional findById(@NotNull @Param(value = "id") Long id); + + /** + * findByIdContainsDeleted + * + * @param id must not be {@literal null}. + * @return {@link UserEntity} + */ + @NotNull + @Cacheable(key = "#p0", unless = "#result==null") + @Query(value = "SELECT * FROM user WHERE id_ = :id", nativeQuery = true) + Optional findByIdContainsDeleted(@NotNull @Param(value = "id") Long id); /** * findById @@ -195,7 +205,8 @@ public interface UserRepository extends CrudRepository, * @param expireWarnDays {@link Integer} 即将到期日期 * @return {@link UserEntity} */ - @Query(value = "SELECT * FROM `user` WHERE DATE_ADD(DATE_FORMAT(last_update_password_time,'%Y-%m-%d'), INTERVAL :expireWarnDays DAY ) <= CURDATE() and user.status_ != 'locked'", nativeQuery = true) + @Query(value = "SELECT * FROM `user` WHERE DATE_ADD(DATE_FORMAT(last_update_password_time,'%Y-%m-%d'), INTERVAL :expireWarnDays DAY ) <= CURDATE() and user.status_ != 'locked' AND " + + SOFT_DELETE_WHERE, nativeQuery = true) List findPasswordExpireWarnUser(@Param(value = "expireWarnDays") Integer expireWarnDays); /** @@ -204,7 +215,8 @@ public interface UserRepository extends CrudRepository, * @param expireDays {@link Integer} 密码过期日期 * @return {@link UserEntity} */ - @Query(value = "SELECT * FROM `user` WHERE DATE_ADD(DATE_FORMAT(last_update_password_time,'%Y-%m-%d'), INTERVAL :expireDays DAY ) BETWEEN DATE_FORMAT(DATE_SUB(NOW(),INTERVAL 1 HOUR),'%Y-%m-%d %h') AND DATE_FORMAT(DATE_SUB(NOW(),INTERVAL 1 HOUR),'%Y-%m-%d %h') and user.status_ != 'password_expired_locked'", nativeQuery = true) + @Query(value = "SELECT * FROM `user` WHERE DATE_ADD(DATE_FORMAT(last_update_password_time,'%Y-%m-%d'), INTERVAL :expireDays DAY ) BETWEEN DATE_FORMAT(DATE_SUB(NOW(),INTERVAL 1 HOUR),'%Y-%m-%d %h') AND DATE_FORMAT(DATE_SUB(NOW(),INTERVAL 1 HOUR),'%Y-%m-%d %h') AND user.status_ != 'password_expired_locked' AND " + + SOFT_DELETE_WHERE, nativeQuery = true) List findPasswordExpireUser(@Param(value = "expireDays") Integer expireDays); /** @@ -212,7 +224,8 @@ public interface UserRepository extends CrudRepository, * * @return {@link UserEntity} */ - @Query(value = "SELECT * from `user` WHERE expire_date <= CURDATE() and status_ != 'expired_locked'", nativeQuery = true) + @Query(value = "SELECT * FROM `user` WHERE expire_date <= CURDATE() and status_ != 'expired_locked' AND " + + SOFT_DELETE_WHERE, nativeQuery = true) List findExpireUser(); /** @@ -230,13 +243,6 @@ public interface UserRepository extends CrudRepository, @Param(value = "sharedSecret") String sharedSecret, @Param(value = "totpBind") Boolean totpBind); - /** - * 根据第三方扩展ID 删除用户 - * - * @param externalIds {@link List} - */ - void deleteAllByExternalIdIn(Collection externalIds); - /** * 根据用户名查询全部 * @@ -268,4 +274,17 @@ public interface UserRepository extends CrudRepository, * @return {@link List} */ List findAllByIdNotInAndDataOrigin(Collection ids, DataOrigin dataOrigin); + + /** + * 更新认证成功信息 + * + * @param id {@link String} + * @param ip {@link String} + * @param loginTime {@link LocalDateTime} + */ + @CacheEvict(allEntries = true) + @Transactional(rollbackFor = Exception.class) + @Modifying + @Query(value = "UPDATE user SET auth_total = (IFNULL(auth_total,0) +1),last_auth_ip = ?2,last_auth_time = ?3 WHERE id_ = ?1", nativeQuery = true) + void updateAuthSucceedInfo(String id, String ip, LocalDateTime loginTime); } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserRepositoryCustomized.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserRepositoryCustomized.java index 67769df8..c3385255 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserRepositoryCustomized.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/UserRepositoryCustomized.java @@ -44,7 +44,7 @@ public interface UserRepositoryCustomized { Page getUserList(UserListQuery query, Pageable pageable); /** - * 获取用户组成员列表 + * 获取用户组不存在成员列表 * * @param query {@link UserListNotInGroupQuery} * @param pageable {@link Pageable} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/UserGroupMemberRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/UserGroupMemberRepositoryCustomizedImpl.java index 7227a360..c7dd7d38 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/UserGroupMemberRepositoryCustomizedImpl.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/UserGroupMemberRepositoryCustomizedImpl.java @@ -83,12 +83,13 @@ public class UserGroupMemberRepositoryCustomizedImpl implements group_concat( organization_.display_path ) AS org_display_path FROM user_group_member ugm - INNER JOIN user u ON ugm.user_id = u.id_ - INNER JOIN user_group ug ON ug.id_ = ugm.group_id - LEFT JOIN organization_member ON ( u.id_ = organization_member.user_id ) - LEFT JOIN organization organization_ ON ( organization_.id_ = organization_member.org_id ) + INNER JOIN user u ON ugm.user_id = u.id_ AND u.is_deleted = '0' + INNER JOIN user_group ug ON ug.id_ = ugm.group_id AND ug.is_deleted = '0' + LEFT JOIN organization_member ON ( u.id_ = organization_member.user_id AND organization_member.is_deleted = '0') + LEFT JOIN organization organization_ ON ( organization_.id_ = organization_member.org_id AND organization_.is_deleted = '0') WHERE - ugm.group_id = '%s' + ugm.is_deleted = '0' + AND ugm.group_id = '%s' AND ug.id_ = '%s' """.formatted(query.getId(), query.getId())); //用户名 diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/UserIdpRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/UserIdpRepositoryCustomizedImpl.java index 12f6d539..36f979e8 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/UserIdpRepositoryCustomizedImpl.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/UserIdpRepositoryCustomizedImpl.java @@ -22,6 +22,7 @@ import java.util.Optional; import org.apache.commons.lang3.StringUtils; import org.springframework.cache.annotation.CacheConfig; +import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.stereotype.Repository; @@ -54,7 +55,7 @@ public class UserIdpRepositoryCustomizedImpl implements UserIdpRepositoryCustomi @Override public Optional findByIdpIdAndOpenId(String idpId, String openId) { //@formatter:off - StringBuilder builder = new StringBuilder("SELECT uidp.*,`user`.username_,idp.name_ as idp_name FROM user_idp_bind uidp LEFT JOIN `user` ON uidp.user_id = `user`.id_ LEFT JOIN identity_provider idp ON uidp.idp_id = idp.id_ WHERE 1=1"); + StringBuilder builder = new StringBuilder("SELECT uidp.*,`user`.username_,idp.name_ as idp_name FROM user_idp_bind uidp LEFT JOIN `user` ON uidp.user_id = `user`.id_ AND `user`.is_deleted = '0' LEFT JOIN identity_provider idp ON uidp.idp_id = idp.id_ AND idp.is_deleted = '0' WHERE uidp.is_deleted = '0' "); //身份提供商ID if (StringUtils.isNoneBlank(idpId)) { builder.append(" AND uidp.idp_id = '").append(idpId).append("'"); @@ -65,8 +66,13 @@ public class UserIdpRepositoryCustomizedImpl implements UserIdpRepositoryCustomi } //@formatter:on String sql = builder.toString(); - UserIdpBindPo userIdpBindPo = jdbcTemplate.queryForObject(sql, new UserIdpBindPoMapper()); - return Optional.ofNullable(userIdpBindPo); + try { + UserIdpBindPo userIdpBindPo = jdbcTemplate.queryForObject(sql, + new UserIdpBindPoMapper()); + return Optional.ofNullable(userIdpBindPo); + } catch (EmptyResultDataAccessException e) { + return Optional.empty(); + } } /** @@ -79,7 +85,7 @@ public class UserIdpRepositoryCustomizedImpl implements UserIdpRepositoryCustomi @Override public Optional findByIdpIdAndUserId(String idpId, Long userId) { //@formatter:off - StringBuilder builder = new StringBuilder("SELECT uidp.*,`user`.username_,idp.name_ as idp_name FROM user_idp_bind uidp LEFT JOIN `user` ON uidp.user_id = `user`.id_ LEFT JOIN identity_provider idp ON uidp.idp_id = idp.id_ WHERE 1=1"); + StringBuilder builder = new StringBuilder("SELECT uidp.*,`user`.username_,idp.name_ as idp_name FROM user_idp_bind uidp LEFT JOIN `user` ON uidp.user_id = `user`.id_ AND `user`.is_deleted = '0' LEFT JOIN identity_provider idp ON uidp.idp_id = idp.id_ AND idp.is_deleted = '0' WHERE uidp.is_deleted = '0' "); //身份提供商ID if (StringUtils.isNoneBlank(idpId)) { builder.append(" AND uidp.idp_id = '").append(idpId).append("'"); @@ -90,8 +96,13 @@ public class UserIdpRepositoryCustomizedImpl implements UserIdpRepositoryCustomi } //@formatter:on String sql = builder.toString(); - UserIdpBindPo userIdpBindPo = jdbcTemplate.queryForObject(sql, new UserIdpBindPoMapper()); - return Optional.ofNullable(userIdpBindPo); + try { + UserIdpBindPo userIdpBindPo = jdbcTemplate.queryForObject(sql, + new UserIdpBindPoMapper()); + return Optional.ofNullable(userIdpBindPo); + } catch (EmptyResultDataAccessException e) { + return Optional.empty(); + } } /** @@ -103,7 +114,7 @@ public class UserIdpRepositoryCustomizedImpl implements UserIdpRepositoryCustomi @Override public Iterable getUserIdpBindList(Long userId) { //@formatter:off - StringBuilder builder = new StringBuilder("SELECT uidp.*,idp.name_ as idp_name FROM user_idp_bind uidp LEFT JOIN identity_provider idp ON uidp.idp_id = idp.id_ WHERE 1=1"); + StringBuilder builder = new StringBuilder("SELECT uidp.*,idp.name_ as idp_name FROM user_idp_bind uidp LEFT JOIN identity_provider idp ON uidp.idp_id = idp.id_ AND idp.is_deleted = '0' WHERE uidp.is_deleted = '0' "); //用户ID if (Objects.nonNull(userId)) { builder.append(" AND uidp.user_id = '").append(userId).append("'"); diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/UserRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/UserRepositoryCustomizedImpl.java index 6d0e385b..763bbe77 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/UserRepositoryCustomizedImpl.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/UserRepositoryCustomizedImpl.java @@ -68,7 +68,7 @@ public class UserRepositoryCustomizedImpl implements UserRepositoryCustomized { @Override public Page getUserList(UserListQuery query, Pageable pageable) { //@formatter:off - StringBuilder builder = new StringBuilder("SELECT `user`.id_, `user`.username_,`user`.password_, `user`.email_, `user`.phone_,`user`.phone_area_code, `user`.full_name ,`user`.nick_name, `user`.avatar_ , `user`.status_, `user`.data_origin, `user`.email_verified, `user`.phone_verified, `user`.shared_secret, `user`.totp_bind , `user`.auth_total, `user`.last_auth_ip, `user`.last_auth_time, `user`.expand_, `user`.external_id , `user`.expire_date,`user`.create_by, `user`.create_time, `user`.update_by , `user`.update_time, `user`.remark_, group_concat(organization_.display_path) AS org_display_path FROM `user` INNER JOIN `organization_member` ON (`user`.id_ = organization_member.user_id) INNER JOIN `organization` organization_ ON (organization_.id_ = organization_member.org_id) WHERE 1=1"); + StringBuilder builder = new StringBuilder("SELECT `user`.id_, `user`.username_,`user`.password_, `user`.email_, `user`.phone_,`user`.phone_area_code, `user`.full_name ,`user`.nick_name, `user`.avatar_ , `user`.status_, `user`.data_origin, `user`.email_verified, `user`.phone_verified, `user`.shared_secret, `user`.totp_bind , `user`.auth_total, `user`.last_auth_ip, `user`.last_auth_time, `user`.expand_, `user`.external_id , `user`.expire_date,`user`.create_by, `user`.create_time, `user`.update_by , `user`.update_time, `user`.remark_, group_concat(organization_.display_path) AS org_display_path FROM `user` INNER JOIN `organization_member` ON (`user`.id_ = organization_member.user_id) INNER JOIN `organization` organization_ ON (organization_.id_ = organization_member.org_id) WHERE `user`.is_deleted = 0"); //组织条件 if (StringUtils.isNoneBlank(query.getOrganizationId())) { //包含子节点 @@ -118,7 +118,7 @@ public class UserRepositoryCustomizedImpl implements UserRepositoryCustomized { } /** - * 获取用户组成员列表 + * 获取用户组不存在成员列表 * * @param query {@link UserListNotInGroupQuery} * @param pageable {@link Pageable} @@ -127,48 +127,52 @@ public class UserRepositoryCustomizedImpl implements UserRepositoryCustomized { @Override public Page getUserListNotInGroupId(UserListNotInGroupQuery query, Pageable pageable) { //@formatter:off - StringBuilder builder = new StringBuilder("SELECT\n" + - " \t`user`.id_,\n" + - " \t`user`.username_,\n" + - " \t`user`.password_,\n" + - " \t`user`.email_,\n" + - " \t`user`.phone_,\n" + - " \t`user`.phone_area_code,\n" + - " \t`user`.full_name,\n" + - " \t`user`.nick_name,\n" + - " \t`user`.avatar_,\n" + - " \t`user`.status_,\n" + - " \t`user`.data_origin,\n" + - " \t`user`.email_verified,\n" + - " \t`user`.phone_verified,\n" + - " \t`user`.shared_secret,\n" + - " \t`user`.totp_bind,\n" + - " \t`user`.auth_total,\n" + - " \t`user`.last_auth_ip,\n" + - " \t`user`.last_auth_time,\n" + - " \t`user`.expand_,\n" + - " \t`user`.external_id,\n" + - " \t`user`.expire_date,\n" + - " \t`user`.create_by,\n" + - " \t`user`.create_time,\n" + - " \t`user`.update_by,\n" + - " \t`user`.update_time,\n" + - " \t`user`.remark_,\n" + - " \tgroup_concat( organization_.display_path ) AS org_display_path \n" + - " FROM\n" + - " `user` \n" + - " LEFT JOIN `organization_member` ON ( `user`.id_ = organization_member.user_id )\n" + - " LEFT JOIN `organization` organization_ ON ( organization_.id_ = organization_member.org_id ) \n" + - " WHERE\n" + - " \tuser.id_ NOT IN (\n" + - " \tSELECT\n" + - " \t\tu.id_ \n" + - " \tFROM\n" + - " \t\tuser u\n" + - " \t\tINNER JOIN user_group_member ugm ON ugm.user_id = u.id_\n" + - " \t\tINNER JOIN user_group ug ON ug.id_ = ugm.group_id \n" + - " \tWHERE\n" + - " \tug.id_ = '%s' AND ugm.group_id = '%s')".formatted(query.getId(), query.getId())); + StringBuilder builder = new StringBuilder( + """ + SELECT + `user`.id_, + `user`.username_, + `user`.password_, + `user`.email_, + `user`.phone_, + `user`.phone_area_code, + `user`.full_name, + `user`.nick_name, + `user`.avatar_, + `user`.status_, + `user`.data_origin, + `user`.email_verified, + `user`.phone_verified, + `user`.shared_secret, + `user`.totp_bind, + `user`.auth_total, + `user`.last_auth_ip, + `user`.last_auth_time, + `user`.expand_, + `user`.external_id, + `user`.expire_date, + `user`.create_by, + `user`.create_time, + `user`.update_by, + `user`.update_time, + `user`.remark_, + group_concat( organization_.display_path ) AS org_display_path + FROM `user` + LEFT JOIN `organization_member` ON ( `user`.id_ = organization_member.user_id AND organization_member.is_deleted = '0' ) + LEFT JOIN `organization` organization_ ON ( organization_.id_ = organization_member.org_id AND organization_.is_deleted = '0' ) + WHERE + user.is_deleted = 0 AND + user.id_ NOT IN ( + SELECT + u.id_ + FROM + user u + INNER JOIN user_group_member ugm ON ugm.user_id = u.id_ + INNER JOIN user_group ug ON ug.id_ = ugm.group_id + WHERE + u.is_deleted = '0' + AND ug.id_ = '%s' AND ugm.group_id = '%s') + """.formatted(query.getId(), query.getId())); if (StringUtils.isNoneBlank(query.getKeyword())) { builder.append(" AND user.username_ LIKE '%").append(query.getKeyword()).append("%'"); builder.append(" OR user.full_name LIKE '%").append(query.getKeyword()).append("%'"); diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/mapper/UserIdpBindPoMapper.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/mapper/UserIdpBindPoMapper.java index d370c7ad..6e844753 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/mapper/UserIdpBindPoMapper.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/account/impl/mapper/UserIdpBindPoMapper.java @@ -25,7 +25,6 @@ import org.springframework.jdbc.core.RowMapper; import org.springframework.lang.NonNull; import cn.topiam.employee.common.entity.account.po.UserIdpBindPo; -import cn.topiam.employee.common.enums.IdentityProviderType; /** * @author TopIAM @@ -52,7 +51,7 @@ public class UserIdpBindPoMapper implements RowMapper { userIdpBindPo.setUserId(rs.getLong("user_id")); userIdpBindPo.setOpenId(rs.getString("open_id")); userIdpBindPo.setIdpId(rs.getString("idp_id")); - userIdpBindPo.setIdpType(IdentityProviderType.getType(rs.getString("idp_type"))); + userIdpBindPo.setIdpType(rs.getString("idp_type")); userIdpBindPo.setBindTime(rs.getTimestamp("bind_time").toLocalDateTime()); userIdpBindPo.setAdditionInfo(rs.getString("addition_info")); if (isExistColumn(rs, "username_")) { diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppAccessPolicyRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppAccessPolicyRepository.java index 6232c5cf..21a0fe8a 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppAccessPolicyRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppAccessPolicyRepository.java @@ -19,12 +19,17 @@ package cn.topiam.employee.common.repository.app; import java.util.Optional; -import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Modifying; +import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; +import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; +import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.entity.app.AppAccessPolicyEntity; import cn.topiam.employee.common.enums.PolicySubjectType; +import cn.topiam.employee.support.repository.LogicDeleteRepository; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; /** * 应用授权策略 Repository @@ -33,7 +38,8 @@ import cn.topiam.employee.common.enums.PolicySubjectType; * Created by support@topiam.cn on 2022/6/4 19:54 */ @Repository -public interface AppAccessPolicyRepository extends JpaRepository, +public interface AppAccessPolicyRepository extends + LogicDeleteRepository, QuerydslPredicateExecutor, AppAccessPolicyRepositoryCustomized { /** @@ -41,7 +47,11 @@ public interface AppAccessPolicyRepository extends JpaRepository, +public interface AppAccountRepository extends LogicDeleteRepository, QuerydslPredicateExecutor, AppAccountRepositoryCustomized { /** @@ -78,7 +83,11 @@ public interface AppAccountRepository extends JpaRepository, +public interface AppCertRepository extends LogicDeleteRepository, QuerydslPredicateExecutor { /** * 根据应用ID查询证书 @@ -77,7 +82,11 @@ public interface AppCertRepository extends JpaRepository, * @param appId {@link Long} */ @CacheEvict(allEntries = true) - void deleteByAppId(Long appId); + @Modifying + @Transactional(rollbackFor = Exception.class) + @Query(value = "UPDATE app_cert SET " + SOFT_DELETE_SET + + " WHERE app_id = :appId", nativeQuery = true) + void deleteByAppId(@Param("appId") Long appId); /** * find by id diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppFormConfigRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppFormConfigRepository.java new file mode 100644 index 00000000..3ab1efee --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppFormConfigRepository.java @@ -0,0 +1,85 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app; + +import java.util.Optional; + +import org.jetbrains.annotations.NotNull; +import org.springframework.cache.annotation.CacheConfig; +import org.springframework.cache.annotation.CacheEvict; +import org.springframework.data.jpa.repository.Modifying; +import org.springframework.data.jpa.repository.Query; +import org.springframework.data.querydsl.QuerydslPredicateExecutor; +import org.springframework.data.repository.query.Param; +import org.springframework.stereotype.Repository; +import org.springframework.transaction.annotation.Transactional; + +import cn.topiam.employee.common.entity.app.AppFormConfigEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; +import static cn.topiam.employee.common.constants.ProtocolConstants.FORM_CONFIG_CACHE_NAME; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; + +/** + * @author TopIAM + */ +@Repository +@CacheConfig(cacheNames = { FORM_CONFIG_CACHE_NAME }) +public interface AppFormConfigRepository extends LogicDeleteRepository, + QuerydslPredicateExecutor, + AppFormConfigRepositoryCustomized { + /** + * 按应用 ID 删除 + * + * @param appId {@link Long} + */ + @CacheEvict(allEntries = true) + @Modifying + @Transactional(rollbackFor = Exception.class) + @Query(value = "UPDATE app_form_config SET " + SOFT_DELETE_SET + + " WHERE app_id = :appId", nativeQuery = true) + void deleteByAppId(@Param("appId") Long appId); + + /** + * delete + * + * @param id must not be {@literal null}. + */ + @CacheEvict(allEntries = true) + @Override + void deleteById(@NotNull Long id); + + /** + * save + * + * @param entity must not be {@literal null}. + * @param {@link S} + * @return {@link AppFormConfigEntity} + */ + @NotNull + @Override + @CacheEvict(allEntries = true) + S save(@NotNull S entity); + + /** + * 根据应用ID获取配置 + * + * @param appId {@link Long} + * @return {@link AppFormConfigEntity} + */ + Optional findByAppId(Long appId); +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppFormConfigRepositoryCustomized.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppFormConfigRepositoryCustomized.java new file mode 100644 index 00000000..27433d7a --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppFormConfigRepositoryCustomized.java @@ -0,0 +1,50 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app; + +import cn.topiam.employee.common.entity.app.po.AppFormConfigPO; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/12/13 22:58 + */ +public interface AppFormConfigRepositoryCustomized { + /** + * 根据应用ID获取 + * + * @param appId {@link Long} + * @return {@link AppFormConfigPO} + */ + AppFormConfigPO getByAppId(Long appId); + + /** + * 根据应用 Client 获取 + * + * @param clientId {@link String} + * @return {@link AppFormConfigPO} + */ + AppFormConfigPO getByClientId(String clientId); + + /** + * 根据应用编码查询应用配置 + * + * @param appCode {@link String} + * @return {@link AppFormConfigPO} + */ + AppFormConfigPO findByAppCode(String appCode); +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppOidcConfigRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppOidcConfigRepository.java index 827d834c..e513fbf0 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppOidcConfigRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppOidcConfigRepository.java @@ -22,19 +22,24 @@ import java.util.Optional; import org.jetbrains.annotations.NotNull; import org.springframework.cache.annotation.CacheConfig; import org.springframework.cache.annotation.CacheEvict; -import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Modifying; +import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; +import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; +import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.entity.app.AppOidcConfigEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; import static cn.topiam.employee.common.constants.ProtocolConstants.OIDC_CONFIG_CACHE_NAME; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; /** * @author TopIAM */ @Repository @CacheConfig(cacheNames = { OIDC_CONFIG_CACHE_NAME }) -public interface AppOidcConfigRepository extends JpaRepository, +public interface AppOidcConfigRepository extends LogicDeleteRepository, QuerydslPredicateExecutor, AppOidcConfigRepositoryCustomized { /** @@ -43,7 +48,11 @@ public interface AppOidcConfigRepository extends JpaRepository, - PagingAndSortingRepository, + LogicDeleteRepository, QuerydslPredicateExecutor { /** * findAllByResource diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionPolicyRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionPolicyRepository.java index 4febb017..1fe46923 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionPolicyRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionPolicyRepository.java @@ -23,13 +23,13 @@ import java.util.Collection; import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.CrudRepository; -import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.entity.app.AppPermissionPolicyEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; /** * @author TopIAM @@ -37,29 +37,40 @@ import cn.topiam.employee.common.entity.app.AppPermissionPolicyEntity; */ @Repository public interface AppPermissionPolicyRepository extends AppPermissionPolicyRepositoryCustomized, - CrudRepository, - PagingAndSortingRepository, + LogicDeleteRepository, QuerydslPredicateExecutor { /** * 按主体 ID 删除所有 * * @param subjectIds {@link String} */ - void deleteAllBySubjectIdIn(Collection subjectIds); + @Modifying + @Transactional(rollbackFor = Exception.class) + @Query(value = "UPDATE app_permission_policy SET " + SOFT_DELETE_SET + + " WHERE subject_id IN (:subjectIds)", nativeQuery = true) + void deleteAllBySubjectIdIn(@Param("subjectIds") Collection subjectIds); /** * 按客体 ID 删除所有 * * @param objectIds {@link String} */ - void deleteAllByObjectIdIn(Collection objectIds); + @Modifying + @Transactional(rollbackFor = Exception.class) + @Query(value = "UPDATE app_permission_policy SET " + SOFT_DELETE_SET + + " WHERE object_id IN (:objectIds)", nativeQuery = true) + void deleteAllByObjectIdIn(@Param("objectIds") Collection objectIds); /** * 根据主体删除所有 * * @param objectId */ - void deleteAllByObjectId(Long objectId); + @Modifying + @Transactional(rollbackFor = Exception.class) + @Query(value = "UPDATE app_permission_policy SET " + SOFT_DELETE_SET + + " WHERE object_id = :objectId", nativeQuery = true) + void deleteAllByObjectId(@Param("objectId") Long objectId); /** * 更新启用/禁用 diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionResourceRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionResourceRepository.java index 18d7ba09..2b457f42 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionResourceRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionResourceRepository.java @@ -17,13 +17,18 @@ */ package cn.topiam.employee.common.repository.app; +import java.util.Optional; + +import org.jetbrains.annotations.NotNull; +import org.springframework.cache.annotation.Cacheable; +import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.CrudRepository; -import org.springframework.data.repository.PagingAndSortingRepository; +import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity; import cn.topiam.employee.common.repository.authorization.ResourceRepositoryCustomized; +import cn.topiam.employee.support.repository.LogicDeleteRepository; /** *

@@ -35,9 +40,18 @@ import cn.topiam.employee.common.repository.authorization.ResourceRepositoryCust */ @Repository public interface AppPermissionResourceRepository extends - CrudRepository, + LogicDeleteRepository, ResourceRepositoryCustomized, - PagingAndSortingRepository, QuerydslPredicateExecutor { + /** + * findByIdContainsDeleted + * + * @param id must not be {@literal null}. + * @return {@link AppPermissionResourceEntity} + */ + @NotNull + @Cacheable + @Query(value = "SELECT * FROM app_permission_resource WHERE id_ = :id", nativeQuery = true) + Optional findByIdContainsDeleted(@NotNull @Param(value = "id") Long id); } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionRoleRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionRoleRepository.java index 9a9b3c89..98266937 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionRoleRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppPermissionRoleRepository.java @@ -17,17 +17,20 @@ */ package cn.topiam.employee.common.repository.app; +import java.util.Optional; + +import org.jetbrains.annotations.NotNull; +import org.springframework.cache.annotation.Cacheable; import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.CrudRepository; -import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.entity.app.AppPermissionRoleEntity; import cn.topiam.employee.common.repository.authorization.RoleRepositoryCustomized; +import cn.topiam.employee.support.repository.LogicDeleteRepository; /** *

@@ -38,9 +41,8 @@ import cn.topiam.employee.common.repository.authorization.RoleRepositoryCustomiz * Created by support@topiam.cn on 2020-08-10 */ @Repository -public interface AppPermissionRoleRepository extends CrudRepository, - RoleRepositoryCustomized, - PagingAndSortingRepository, +public interface AppPermissionRoleRepository extends RoleRepositoryCustomized, + LogicDeleteRepository, QuerydslPredicateExecutor { /** * 更新角色状态 @@ -52,4 +54,15 @@ public interface AppPermissionRoleRepository extends CrudRepository findByIdContainsDeleted(@NotNull @Param(value = "id") Long id); } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppRepository.java index 2b8b75b2..26c8ceca 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppRepository.java @@ -23,11 +23,13 @@ import org.jetbrains.annotations.NotNull; import org.springframework.cache.annotation.CacheConfig; import org.springframework.cache.annotation.CacheEvict; import org.springframework.cache.annotation.Cacheable; -import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; +import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; import cn.topiam.employee.common.entity.app.AppEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; import static cn.topiam.employee.common.constants.AppConstants.APP_CACHE_NAME; /** @@ -35,7 +37,7 @@ import static cn.topiam.employee.common.constants.AppConstants.APP_CACHE_NAME; */ @Repository @CacheConfig(cacheNames = { APP_CACHE_NAME }) -public interface AppRepository extends JpaRepository, +public interface AppRepository extends LogicDeleteRepository, QuerydslPredicateExecutor, AppRepositoryCustomized { /** * 根据应用ID查询已启用应用 @@ -76,7 +78,18 @@ public interface AppRepository extends JpaRepository, @NotNull @Override @Cacheable - Optional findById(@NotNull Long id); + Optional findById(@NotNull @Param(value = "id") Long id); + + /** + * find by id + * + * @param id must not be {@literal null}. + * @return {@link AppEntity} + */ + @NotNull + @Cacheable + @Query(value = "SELECT * FROM app WHERE id_ = :id", nativeQuery = true) + Optional findByIdContainsDeleted(@NotNull @Param(value = "id") Long id); /** * 根据clientId获取配置 diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppSaml2ConfigRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppSaml2ConfigRepository.java index 0e165738..eb7b6667 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppSaml2ConfigRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppSaml2ConfigRepository.java @@ -22,19 +22,24 @@ import java.util.Optional; import org.jetbrains.annotations.NotNull; import org.springframework.cache.annotation.CacheConfig; import org.springframework.cache.annotation.CacheEvict; -import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Modifying; +import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; +import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; +import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; import static cn.topiam.employee.common.constants.ProtocolConstants.SAML2_CONFIG_CACHE_NAME; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; /** * @author TopIAM */ @Repository @CacheConfig(cacheNames = { SAML2_CONFIG_CACHE_NAME }) -public interface AppSaml2ConfigRepository extends JpaRepository, +public interface AppSaml2ConfigRepository extends LogicDeleteRepository, QuerydslPredicateExecutor, AppSaml2ConfigRepositoryCustomized { /** @@ -43,7 +48,11 @@ public interface AppSaml2ConfigRepository extends JpaRepository. + */ +package cn.topiam.employee.common.repository.app; + +import java.util.Optional; + +import org.jetbrains.annotations.NotNull; +import org.springframework.cache.annotation.CacheConfig; +import org.springframework.cache.annotation.CacheEvict; +import org.springframework.data.jpa.repository.Modifying; +import org.springframework.data.jpa.repository.Query; +import org.springframework.data.querydsl.QuerydslPredicateExecutor; +import org.springframework.data.repository.query.Param; +import org.springframework.stereotype.Repository; +import org.springframework.transaction.annotation.Transactional; + +import cn.topiam.employee.common.entity.app.AppTsaConfigEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; +import static cn.topiam.employee.common.constants.ProtocolConstants.TSA_CONFIG_CACHE_NAME; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; + +/** + * @author TopIAM + */ +@Repository +@CacheConfig(cacheNames = { TSA_CONFIG_CACHE_NAME }) +public interface AppTsaConfigRepository extends LogicDeleteRepository, + QuerydslPredicateExecutor, + AppTsaConfigRepositoryCustomized { + /** + * 按应用 ID 删除 + * + * @param appId {@link Long} + */ + @CacheEvict(allEntries = true) + @Modifying + @Transactional(rollbackFor = Exception.class) + @Query(value = "UPDATE app_tsa_config SET " + SOFT_DELETE_SET + + " WHERE app_id = :appId", nativeQuery = true) + void deleteByAppId(@Param("appId") Long appId); + + /** + * delete + * + * @param id must not be {@literal null}. + */ + @CacheEvict(allEntries = true) + @Override + void deleteById(@NotNull Long id); + + /** + * save + * + * @param entity must not be {@literal null}. + * @param {@link S} + * @return {@link AppTsaConfigEntity} + */ + @NotNull + @Override + @CacheEvict(allEntries = true) + S save(@NotNull S entity); + + /** + * 根据应用ID获取配置 + * + * @param appId {@link Long} + * @return {@link AppTsaConfigEntity} + */ + Optional findByAppId(Long appId); +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppTsaConfigRepositoryCustomized.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppTsaConfigRepositoryCustomized.java new file mode 100644 index 00000000..db8032bf --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/AppTsaConfigRepositoryCustomized.java @@ -0,0 +1,50 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app; + +import cn.topiam.employee.common.entity.app.po.AppTsaConfigPO; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/01/14 09:58 + */ +public interface AppTsaConfigRepositoryCustomized { + /** + * 根据应用ID获取 + * + * @param appId {@link Long} + * @return {@link AppTsaConfigPO} + */ + AppTsaConfigPO getByAppId(Long appId); + + /** + * 根据应用 Client 获取 + * + * @param clientId {@link String} + * @return {@link AppTsaConfigPO} + */ + AppTsaConfigPO getByClientId(String clientId); + + /** + * 根据应用编码查询应用配置 + * + * @param appCode {@link String} + * @return {@link AppTsaConfigPO} + */ + AppTsaConfigPO findByAppCode(String appCode); +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppAccessPolicyRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppAccessPolicyRepositoryCustomizedImpl.java index aeaaad44..1c64fe9f 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppAccessPolicyRepositoryCustomizedImpl.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppAccessPolicyRepositoryCustomizedImpl.java @@ -56,8 +56,46 @@ public class AppAccessPolicyRepositoryCustomizedImpl implements @Override public Page getAppPolicyList(AppAccessPolicyQuery query, Pageable pageable) { //@formatter:off - StringBuilder builder = new StringBuilder("SELECT a.id_,a.app_id,a.subject_id,a.subject_type,a.create_time,`subject`.name_,app.name_ as app_name,app.type_ as app_type,app.template_ as app_template,app.protocol_ as app_protocol FROM app_access_policy a LEFT JOIN app ON a.app_id = app.id_ LEFT JOIN "); - builder.append("(SELECT id_,name_ FROM user_group UNION ALL SELECT id_,name_ FROM organization UNION ALL SELECT id_,username_ as name_ FROM `user`) `subject` ON a.subject_id = `subject`.id_ WHERE 1=1"); + StringBuilder builder = new StringBuilder(""" + SELECT + a.id_, + a.app_id, + a.subject_id, + a.subject_type, + a.create_time, + subject.name_, + app.name_ AS app_name, + app.type_ AS app_type, + app.template_ AS app_template, + app.protocol_ AS app_protocol + FROM + app_access_policy a + LEFT JOIN app ON a.app_id = app.id_ AND app.is_deleted = '0' + LEFT JOIN + """); + builder.append(""" + ( SELECT + id_, + name_, + is_deleted + FROM + user_group UNION ALL + SELECT + id_, + name_, + is_deleted + FROM + organization UNION ALL + SELECT + id_, + username_ AS name_, + is_deleted + FROM + `user` + ) `subject` ON a.subject_id = `subject`.id_ AND `subject`.is_deleted = '0' + WHERE + a.is_deleted = '0' + """); if (ObjectUtils.isNotEmpty(query.getSubjectType())) { builder.append(" AND a.subject_type = '").append(query.getSubjectType().getCode()).append("'"); } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppAccountRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppAccountRepositoryCustomizedImpl.java index 2f64341f..a1e4cb2b 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppAccountRepositoryCustomizedImpl.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppAccountRepositoryCustomizedImpl.java @@ -54,7 +54,25 @@ public class AppAccountRepositoryCustomizedImpl implements AppAccountRepositoryC @Override public Page getAppAccountList(AppAccountQuery query, Pageable pageable) { //@formatter:off - StringBuilder builder = new StringBuilder("SELECT a.id_,a.app_id,a.user_id,a.account_,a.create_time,u.username_,p.name_ as app_name,p.type_ as app_type,p.template_ as app_template,p.protocol_ as app_protocol FROM app_account a LEFT JOIN `user` u ON a.user_id = u.id_ LEFT JOIN app p ON a.app_id = p.id_ WHERE 1=1"); + StringBuilder builder = new StringBuilder(""" + SELECT + a.id_, + a.app_id, + a.user_id, + a.account_, + a.create_time, + u.username_, + p.name_ AS app_name, + p.type_ AS app_type, + p.template_ AS app_template, + p.protocol_ AS app_protocol + FROM + app_account a + LEFT JOIN `user` u ON a.user_id = u.id_ AND u.is_deleted = '0' + LEFT JOIN app p ON a.app_id = p.id_ AND p.is_deleted = '0' + WHERE + a.is_deleted = '0' + """); //用户名 if (StringUtils.isNoneBlank(query.getUsername())) { builder.append(" AND u.username_ like '%").append(query.getUsername()).append("%'"); diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppCasConfigRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppCasConfigRepositoryCustomizedImpl.java index c3ce145b..28a910a4 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppCasConfigRepositoryCustomizedImpl.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppCasConfigRepositoryCustomizedImpl.java @@ -19,6 +19,7 @@ package cn.topiam.employee.common.repository.app.impl; import org.springframework.cache.annotation.CacheConfig; import org.springframework.cache.annotation.Cacheable; +import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.stereotype.Repository; @@ -50,17 +51,25 @@ public class AppCasConfigRepositoryCustomizedImpl implements AppCasConfigReposit @Override @Cacheable(key = "#p0", unless = "#result==null") public AppCasConfigPO getByAppId(Long appId) { - String sql = "select acc.*,app.init_login_url,app.init_login_type,app.authorization_type,app.template_,app.code_,client_id,client_secret from app left join app_cas_config acc on app.id_ = acc.app_id where 1=1" + String sql = "select acc.*,app.init_login_url,app.init_login_type,app.authorization_type,app.template_,app.code_,client_id,client_secret from app left join app_cas_config acc on app.id_ = acc.app_id where acc.is_deleted=0" + " AND app_id = " + appId; - return jdbcTemplate.queryForObject(sql, new AppCasConfigPoMapper()); + try { + return jdbcTemplate.queryForObject(sql, new AppCasConfigPoMapper()); + } catch (EmptyResultDataAccessException e) { + return null; + } } @Override @Cacheable(key = "#p0", unless = "#result==null") public AppCasConfigPO findByAppCode(String appCode) { - String sql = "select acc.*,app.init_login_url,app.init_login_type,app.authorization_type,app.template_,app.code_,client_id,client_secret from app left join app_cas_config acc on app.id_ = acc.app_id where 1=1" + String sql = "select acc.*,app.init_login_url,app.init_login_type,app.authorization_type,app.template_,app.code_,client_id,client_secret from app left join app_cas_config acc on app.id_ = acc.app_id where acc.is_deleted=0" + " AND code_ = " + "'" + appCode + "'"; - return jdbcTemplate.queryForObject(sql, new AppCasConfigPoMapper()); + try { + return jdbcTemplate.queryForObject(sql, new AppCasConfigPoMapper()); + } catch (EmptyResultDataAccessException e) { + return null; + } } /** diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppFormConfigRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppFormConfigRepositoryCustomizedImpl.java new file mode 100644 index 00000000..bfba5234 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppFormConfigRepositoryCustomizedImpl.java @@ -0,0 +1,111 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app.impl; + +import org.springframework.cache.annotation.CacheConfig; +import org.springframework.cache.annotation.Cacheable; +import org.springframework.dao.EmptyResultDataAccessException; +import org.springframework.jdbc.core.JdbcTemplate; +import org.springframework.stereotype.Repository; + +import cn.topiam.employee.common.entity.app.po.AppFormConfigPO; +import cn.topiam.employee.common.repository.app.AppFormConfigRepositoryCustomized; +import cn.topiam.employee.common.repository.app.impl.mapper.AppFormConfigPoMapper; + +import lombok.AllArgsConstructor; +import static cn.topiam.employee.common.constants.ProtocolConstants.FORM_CONFIG_CACHE_NAME; + +/** + * + * @author TopIAM + * Created by support@topiam.cn on 2022/12/13 23:58 + */ +@Repository +@AllArgsConstructor +@CacheConfig(cacheNames = { FORM_CONFIG_CACHE_NAME }) +public class AppFormConfigRepositoryCustomizedImpl implements AppFormConfigRepositoryCustomized { + private static final String SELECT_SQL = """ + SELECT + afc.*, + app.init_login_url, + app.init_login_type, + app.authorization_type, + app.template_, + app.code_, + app.is_enabled, + app.client_id, + app.client_secret + FROM + app + LEFT JOIN app_form_config afc ON app.id_ = afc.app_id AND afc.is_deleted = '0' + WHERE + app.is_deleted = '0' + """; + + /** + * 根据应用ID获取 + * + * @param appId {@link Long} + * @return {@link AppFormConfigPO} + */ + @Override + @Cacheable(key = "#p0", unless = "#result==null") + public AppFormConfigPO getByAppId(Long appId) { + //@formatter:off + String sql = SELECT_SQL + " AND app_id = " + appId; + //@formatter:on + return jdbcTemplate.queryForObject(sql, new AppFormConfigPoMapper()); + } + + @Override + @Cacheable(key = "#p0", unless = "#result==null") + public AppFormConfigPO getByClientId(String clientId) { + //@formatter:off + try { + String sql = SELECT_SQL + " AND app.client_id = " + "'"+clientId+"'"; + return jdbcTemplate.queryForObject(sql, new AppFormConfigPoMapper()); + } catch (EmptyResultDataAccessException e){ + return null; + } + //@formatter:on + } + + /** + * 根据应用编码查询应用配置 + * + * @param appCode {@link String} + * @return {@link AppFormConfigPO} + */ + @Override + @Cacheable(key = "#p0", unless = "#result==null") + public AppFormConfigPO findByAppCode(String appCode) { + //@formatter:off + String sql = SELECT_SQL + " AND app.code_ = " + "'"+appCode+"'"; + //@formatter:on + try { + return jdbcTemplate.queryForObject(sql, new AppFormConfigPoMapper()); + } catch (EmptyResultDataAccessException e) { + return null; + } + } + + /** + * JdbcTemplate + */ + private final JdbcTemplate jdbcTemplate; +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppOidcConfigRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppOidcConfigRepositoryCustomizedImpl.java index 83a32abc..dcdc6de4 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppOidcConfigRepositoryCustomizedImpl.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppOidcConfigRepositoryCustomizedImpl.java @@ -39,7 +39,23 @@ import static cn.topiam.employee.common.constants.ProtocolConstants.OIDC_CONFIG_ @AllArgsConstructor @CacheConfig(cacheNames = { OIDC_CONFIG_CACHE_NAME }) public class AppOidcConfigRepositoryCustomizedImpl implements AppOidcConfigRepositoryCustomized { - private final String SELECT_SQL = "SELECT aoc.*,app.init_login_url,app.init_login_type,app.authorization_type,app.template_,app.code_,app.is_enabled,app.client_id,app.client_secret from app left join app_oidc_config aoc on app.id_ = aoc.app_id where 1=1"; + private static final String SELECT_SQL = """ + SELECT + aoc.*, + app.init_login_url, + app.init_login_type, + app.authorization_type, + app.template_, + app.code_, + app.is_enabled, + app.client_id, + app.client_secret + FROM + app + LEFT JOIN app_oidc_config aoc ON app.id_ = aoc.app_id and aoc.is_deleted = '0' + WHERE + app.is_deleted = '0' + """; /** * 根据应用ID获取 diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppPermissionPolicyRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppPermissionPolicyRepositoryCustomizedImpl.java index 69a43483..7e210f5d 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppPermissionPolicyRepositoryCustomizedImpl.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppPermissionPolicyRepositoryCustomizedImpl.java @@ -45,7 +45,7 @@ public class AppPermissionPolicyRepositoryCustomizedImpl implements AppPermissionPolicyRepositoryCustomized { private String leftJoin(String table, String condition) { - return " LEFT JOIN " + table + " ON " + condition; + return " LEFT JOIN " + table + " ON " + condition + " AND " + table + ".is_deleted = '0' "; } @Override @@ -53,7 +53,7 @@ public class AppPermissionPolicyRepositoryCustomizedImpl implements //查询条件 //@formatter:off // 所属应用 - StringBuilder where = new StringBuilder("WHERE policy.app_id = '").append(query.getAppId()).append("' "); + StringBuilder where = new StringBuilder("WHERE policy.is_deleted = '0' AND policy.app_id = '").append(query.getAppId()).append("' "); // 主体类型 where.append(" AND policy.subject_type = '").append(query.getSubjectType().getCode()).append("' "); // 客体类型 diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppRepositoryCustomizedImpl.java index 6cd0b4cd..4a44f43e 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppRepositoryCustomizedImpl.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppRepositoryCustomizedImpl.java @@ -22,6 +22,7 @@ import java.util.List; import java.util.Map; import org.apache.commons.lang3.StringUtils; +import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.data.domain.Page; import org.springframework.data.domain.PageImpl; import org.springframework.data.domain.Pageable; @@ -62,9 +63,13 @@ public class AppRepositoryCustomizedImpl implements AppRepositoryCustomized { @Override @Transactional(rollbackFor = Exception.class) public Integer updateAppStatus(Long id, Boolean enabled) { - StringBuilder builder = new StringBuilder("UPDATE app SET is_enabled=?where id_=?"); + StringBuffer builder = new StringBuffer("UPDATE app SET is_enabled=?where id_=?"); //@formatter:on - return jdbcTemplate.queryForObject(builder.toString(), Integer.class, enabled, id); + try { + return jdbcTemplate.queryForObject(builder.toString(), Integer.class, enabled, id); + } catch (EmptyResultDataAccessException e) { + return null; + } } /** @@ -90,7 +95,23 @@ public class AppRepositoryCustomizedImpl implements AppRepositoryCustomized { Map paramMap = new HashMap<>(16); paramMap.put("subjectIds", paramList); //@formatter:off - StringBuilder builder = new StringBuilder("SELECT distinct app.* from app LEFT JOIN app_access_policy app_acce ON app.id_ = app_acce.app_id WHERE app_acce.subject_id in (:subjectIds) "); + StringBuilder builder = new StringBuilder(""" + SELECT DISTINCT + app.* + FROM + app + LEFT JOIN app_access_policy app_acce ON app.id_ = app_acce.app_id AND app_acce.is_deleted = '0' + WHERE + app.is_enabled = 1 + AND app.is_deleted = '0' + AND app_acce.subject_id IN (:subjectIds) + """); + //用户名 + if (StringUtils.isNoneBlank(name)) { + builder.append(" AND app.name_ like '%").append(name).append("%'"); + } + //或者是全员可访问的应用 + builder.append(" OR app.authorization_type = '").append("all_access'"); //用户名 if (StringUtils.isNoneBlank(name)) { builder.append(" AND app.name_ like '%").append(name).append("%'"); diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppSaml2ConfigRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppSaml2ConfigRepositoryCustomizedImpl.java index e723b7c8..d70a4371 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppSaml2ConfigRepositoryCustomizedImpl.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppSaml2ConfigRepositoryCustomizedImpl.java @@ -19,6 +19,7 @@ package cn.topiam.employee.common.repository.app.impl; import org.springframework.cache.annotation.CacheConfig; import org.springframework.cache.annotation.Cacheable; +import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.stereotype.Repository; @@ -48,20 +49,58 @@ public class AppSaml2ConfigRepositoryCustomizedImpl implements AppSaml2ConfigRep @Cacheable(key = "#p0", unless = "#result==null") public AppSaml2ConfigPO getByAppId(Long appId) { //@formatter:off - String sql = "select as2c.*,app.init_login_url,app.init_login_type,app.authorization_type,app.template_,app.code_,client_id,client_secret from app left join app_saml2_config as2c on app.id_ = as2c.app_id where 1=1" + String sql = """ + SELECT + as2c.*, + app.init_login_url, + app.init_login_type, + app.authorization_type, + app.template_, + app.code_, + client_id, + client_secret + FROM + app + LEFT JOIN app_saml2_config as2c ON app.id_ = as2c.app_id AND as2c.is_deleted = '0' + WHERE + app.is_deleted = '0' + """ + " AND app_id = " + appId; //@formatter:on - return jdbcTemplate.queryForObject(sql, new AppSaml2ConfigPoMapper()); + try { + return jdbcTemplate.queryForObject(sql, new AppSaml2ConfigPoMapper()); + } catch (EmptyResultDataAccessException e) { + return null; + } } @Override @Cacheable(key = "#p0", unless = "#result==null") public AppSaml2ConfigPO findByAppCode(String appCode) { //@formatter:off - String sql = "select as2c.*,app.init_login_url,app.init_login_type,app.authorization_type,app.template_,app.code_,client_id,client_secret from app left join app_saml2_config as2c on app.id_ = as2c.app_id where 1=1" + String sql = """ + SELECT + as2c.*, + app.init_login_url, + app.init_login_type, + app.authorization_type, + app.template_, + app.code_, + client_id, + client_secret + FROM + app + LEFT JOIN app_saml2_config as2c ON app.id_ = as2c.app_id and as2c.is_deleted = '0' + WHERE + app.is_deleted = '0' + """ + " AND code_ = " + "'"+appCode+"'"; //@formatter:on - return jdbcTemplate.queryForObject(sql, new AppSaml2ConfigPoMapper()); + try { + return jdbcTemplate.queryForObject(sql, new AppSaml2ConfigPoMapper()); + } catch (EmptyResultDataAccessException e) { + return null; + } } /** diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppTsaConfigRepositoryCustomizedImpl.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppTsaConfigRepositoryCustomizedImpl.java new file mode 100644 index 00000000..9c117b1d --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/AppTsaConfigRepositoryCustomizedImpl.java @@ -0,0 +1,111 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app.impl; + +import org.springframework.cache.annotation.CacheConfig; +import org.springframework.cache.annotation.Cacheable; +import org.springframework.dao.EmptyResultDataAccessException; +import org.springframework.jdbc.core.JdbcTemplate; +import org.springframework.stereotype.Repository; + +import cn.topiam.employee.common.entity.app.po.AppTsaConfigPO; +import cn.topiam.employee.common.repository.app.AppTsaConfigRepositoryCustomized; +import cn.topiam.employee.common.repository.app.impl.mapper.AppTsaConfigPoMapper; + +import lombok.AllArgsConstructor; +import static cn.topiam.employee.common.constants.ProtocolConstants.TSA_CONFIG_CACHE_NAME; + +/** + * + * @author TopIAM + * Created by support@topiam.cn on 2022/01/14 10:58 + */ +@Repository +@AllArgsConstructor +@CacheConfig(cacheNames = { TSA_CONFIG_CACHE_NAME }) +public class AppTsaConfigRepositoryCustomizedImpl implements AppTsaConfigRepositoryCustomized { + private static final String SELECT_SQL = """ + SELECT + afc.*, + app.init_login_url, + app.init_login_type, + app.authorization_type, + app.template_, + app.code_, + app.is_enabled, + app.client_id, + app.client_secret + FROM + app + LEFT JOIN app_tsa_config atc ON app.id_ = atc.app_id AND atc.is_deleted = '0' + WHERE + app.is_deleted = '0' + """; + + /** + * 根据应用ID获取 + * + * @param appId {@link Long} + * @return {@link AppTsaConfigPO} + */ + @Override + @Cacheable(key = "#p0", unless = "#result==null") + public AppTsaConfigPO getByAppId(Long appId) { + //@formatter:off + String sql = SELECT_SQL + " AND app_id = " + appId; + //@formatter:on + return jdbcTemplate.queryForObject(sql, new AppTsaConfigPoMapper()); + } + + @Override + @Cacheable(key = "#p0", unless = "#result==null") + public AppTsaConfigPO getByClientId(String clientId) { + //@formatter:off + try { + String sql = SELECT_SQL + " AND app.client_id = " + "'"+clientId+"'"; + return jdbcTemplate.queryForObject(sql, new AppTsaConfigPoMapper()); + } catch (EmptyResultDataAccessException e){ + return null; + } + //@formatter:on + } + + /** + * 根据应用编码查询应用配置 + * + * @param appCode {@link String} + * @return {@link AppTsaConfigPO} + */ + @Override + @Cacheable(key = "#p0", unless = "#result==null") + public AppTsaConfigPO findByAppCode(String appCode) { + //@formatter:off + String sql = SELECT_SQL + " AND app.code_ = " + "'"+appCode+"'"; + //@formatter:on + try { + return jdbcTemplate.queryForObject(sql, new AppTsaConfigPoMapper()); + } catch (EmptyResultDataAccessException e) { + return null; + } + } + + /** + * JdbcTemplate + */ + private final JdbcTemplate jdbcTemplate; +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppCasConfigPoMapper.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppCasConfigPoMapper.java index f256dc3c..64da5f65 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppCasConfigPoMapper.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppCasConfigPoMapper.java @@ -24,6 +24,7 @@ import java.time.LocalDateTime; import org.springframework.jdbc.core.RowMapper; import cn.topiam.employee.common.entity.app.po.AppCasConfigPO; +import cn.topiam.employee.common.enums.app.CasUserIdentityType; import cn.topiam.employee.common.enums.app.InitLoginType; /** @@ -36,21 +37,23 @@ public class AppCasConfigPoMapper implements RowMapper { @Override public AppCasConfigPO mapRow(ResultSet rs, int rowNum) throws SQLException { - AppCasConfigPO configPO = new AppCasConfigPO(); - configPO.setAppId(rs.getLong("id_")); - configPO.setAppId(rs.getLong("app_id")); - configPO.setAppCode(rs.getString("code_")); - configPO.setClientId(rs.getString("client_id")); - configPO.setClientSecret(rs.getString("client_secret")); - configPO.setInitLoginType(InitLoginType.getType(rs.getString("init_login_type"))); - configPO.setInitLoginUrl(rs.getString("init_login_url")); - configPO.setAppTemplate(rs.getString("template_")); - configPO.setCreateBy(rs.getString("create_by")); - configPO.setCreateTime(rs.getObject("create_time", LocalDateTime.class)); - configPO.setUpdateBy(rs.getString("update_by")); - configPO.setCreateTime(rs.getObject("update_time", LocalDateTime.class)); - configPO.setRemark(rs.getString("remark_")); - configPO.setSpCallbackUrl(rs.getString("sp_callback_url")); - return configPO; + AppCasConfigPO configPo = new AppCasConfigPO(); + configPo.setAppId(rs.getLong("id_")); + configPo.setAppId(rs.getLong("app_id")); + configPo.setAppCode(rs.getString("code_")); + configPo.setClientId(rs.getString("client_id")); + configPo.setClientSecret(rs.getString("client_secret")); + configPo.setInitLoginType(InitLoginType.getType(rs.getString("init_login_type"))); + configPo.setInitLoginUrl(rs.getString("init_login_url")); + configPo.setAppTemplate(rs.getString("template_")); + configPo.setCreateBy(rs.getString("create_by")); + configPo.setCreateTime(rs.getObject("create_time", LocalDateTime.class)); + configPo.setUpdateBy(rs.getString("update_by")); + configPo.setCreateTime(rs.getObject("update_time", LocalDateTime.class)); + configPo.setRemark(rs.getString("remark_")); + configPo.setClientServiceUrl(rs.getString("client_service_url")); + configPo + .setUserIdentityType(CasUserIdentityType.getType(rs.getString("user_identity_type"))); + return configPo; } } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppFormConfigPoMapper.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppFormConfigPoMapper.java new file mode 100644 index 00000000..e4e66f13 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppFormConfigPoMapper.java @@ -0,0 +1,91 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app.impl.mapper; + +import java.sql.ResultSet; +import java.sql.SQLException; +import java.time.LocalDateTime; +import java.util.Objects; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.jdbc.core.RowMapper; + +import com.alibaba.fastjson2.JSON; + +import cn.topiam.employee.common.entity.app.AppFormConfigEntity; +import cn.topiam.employee.common.entity.app.po.AppFormConfigPO; +import cn.topiam.employee.common.enums.app.AuthorizationType; +import cn.topiam.employee.common.enums.app.FormSubmitType; +import cn.topiam.employee.common.enums.app.InitLoginType; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/12/13 22:58 + */ +@SuppressWarnings("DuplicatedCode") +public class AppFormConfigPoMapper implements RowMapper { + + /** + * Implementations must implement this method to map each row of data + * in the ResultSet. This method should not call {@code next()} on + * the ResultSet; it is only supposed to map values of the current row. + * + * @param rs the ResultSet to map (pre-initialized for the current row) + * @param rowNum the number of the current row + * @return the result object for the current row (may be {@code null}) + * @throws SQLException if an SQLException is encountered getting + * column values (that is, there's no need to catch SQLException) + */ + @Override + public AppFormConfigPO mapRow(ResultSet rs, int rowNum) throws SQLException { + //@formatter:off + AppFormConfigPO appForm = new AppFormConfigPO(); + appForm.setAppId(rs.getLong("app_id")); + //应用表相关 + appForm.setAppCode(rs.getString("code_")); + appForm.setAppTemplate(rs.getString("template_")); + appForm.setEnabled(rs.getBoolean("is_enabled")); + appForm.setClientId(rs.getString("client_id")); + appForm.setClientSecret(rs.getString("client_secret")); + appForm.setInitLoginType(InitLoginType.getType(rs.getString("init_login_type"))); + appForm.setInitLoginUrl(rs.getString("init_login_url")); + appForm.setAuthorizationType(AuthorizationType.getType(rs.getString("authorization_type"))); + //配置相关 + appForm.setLoginUrl(rs.getString("login_url")); + appForm.setUsernameField(rs.getString("username_field")); + appForm.setPasswordField(rs.getString("password_field")); + String submitType = rs.getString("submit_type"); + if (!Objects.isNull(submitType)){ + appForm.setSubmitType(FormSubmitType.getType(submitType)); + } + String otherField = rs.getString("other_field"); + if (StringUtils.isNotBlank(otherField)){ + appForm.setOtherField(JSON.parseArray(rs.getString("other_field")) + .toList(AppFormConfigEntity.OtherField.class)); + } + //创建修改相关 + appForm.setCreateBy(rs.getString("create_by")); + appForm.setCreateTime(rs.getObject("create_time", LocalDateTime.class)); + appForm.setUpdateBy(rs.getString("update_by")); + appForm.setCreateTime(rs.getObject("update_time", LocalDateTime.class)); + appForm.setRemark(rs.getString("remark_")); + return appForm; + //@formatter:on + } + +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppOidcConfigPoMapper.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppOidcConfigPoMapper.java index dcd317b3..522faba2 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppOidcConfigPoMapper.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppOidcConfigPoMapper.java @@ -51,41 +51,41 @@ public class AppOidcConfigPoMapper implements RowMapper { @Override public AppOidcConfigPO mapRow(ResultSet rs, int rowNum) throws SQLException { //@formatter:off - AppOidcConfigPO appAccount = new AppOidcConfigPO(); - appAccount.setAppId(rs.getLong("id_")); - appAccount.setAppId(rs.getLong("app_id")); + AppOidcConfigPO appOidc = new AppOidcConfigPO(); + appOidc.setAppId(rs.getLong("id_")); + appOidc.setAppId(rs.getLong("app_id")); //应用表相关 - appAccount.setAppCode(rs.getString("code_")); - appAccount.setAppTemplate(rs.getString("template_")); - appAccount.setEnabled(rs.getBoolean("is_enabled")); - appAccount.setClientId(rs.getString("client_id")); - appAccount.setClientSecret(rs.getString("client_secret")); - appAccount.setInitLoginType(InitLoginType.getType(rs.getString("init_login_type"))); - appAccount.setInitLoginUrl(rs.getString("init_login_url")); - appAccount.setAuthorizationType(AuthorizationType.getType(rs.getString("authorization_type"))); + appOidc.setAppCode(rs.getString("code_")); + appOidc.setAppTemplate(rs.getString("template_")); + appOidc.setEnabled(rs.getBoolean("is_enabled")); + appOidc.setClientId(rs.getString("client_id")); + appOidc.setClientSecret(rs.getString("client_secret")); + appOidc.setInitLoginType(InitLoginType.getType(rs.getString("init_login_type"))); + appOidc.setInitLoginUrl(rs.getString("init_login_url")); + appOidc.setAuthorizationType(AuthorizationType.getType(rs.getString("authorization_type"))); //配置相关 - appAccount.setClientAuthMethods(JSONObject.parseObject(rs.getString("client_auth_methods"), Set.class)); - appAccount.setAuthGrantTypes(JSONObject.parseObject(rs.getString("auth_grant_types"), Set.class)); - appAccount.setResponseTypes(JSONObject.parseObject(rs.getString("response_types"), Set.class)); - appAccount.setRedirectUris(JSONObject.parseObject(rs.getString("redirect_uris"), Set.class)); - appAccount.setGrantScopes(JSONObject.parseObject(rs.getString("grant_scopes"), Set.class)); - appAccount.setRequireAuthConsent(rs.getBoolean("require_auth_consent")); - appAccount.setRequireProofKey(rs.getBoolean("require_proof_key")); - appAccount.setTokenEndpointAuthSigningAlgorithm( + appOidc.setClientAuthMethods(JSONObject.parseObject(rs.getString("client_auth_methods"), Set.class)); + appOidc.setAuthGrantTypes(JSONObject.parseObject(rs.getString("auth_grant_types"), Set.class)); + appOidc.setResponseTypes(JSONObject.parseObject(rs.getString("response_types"), Set.class)); + appOidc.setRedirectUris(JSONObject.parseObject(rs.getString("redirect_uris"), Set.class)); + appOidc.setGrantScopes(JSONObject.parseObject(rs.getString("grant_scopes"), Set.class)); + appOidc.setRequireAuthConsent(rs.getBoolean("require_auth_consent")); + appOidc.setRequireProofKey(rs.getBoolean("require_proof_key")); + appOidc.setTokenEndpointAuthSigningAlgorithm( rs.getString("token_endpoint_auth_signing_algorithm")); - appAccount.setRefreshTokenTimeToLive(rs.getInt("refresh_token_time_to_live")); - appAccount.setAccessTokenFormat(rs.getString("access_token_format")); - appAccount.setAccessTokenTimeToLive(rs.getInt("access_token_time_to_live")); - appAccount.setIdTokenTimeToLive(rs.getInt("id_token_time_to_live")); - appAccount.setIdTokenSignatureAlgorithm(rs.getString("id_token_signature_algorithm")); - appAccount.setReuseRefreshToken(rs.getBoolean("reuse_refresh_token")); + appOidc.setRefreshTokenTimeToLive(rs.getInt("refresh_token_time_to_live")); + appOidc.setAccessTokenFormat(rs.getString("access_token_format")); + appOidc.setAccessTokenTimeToLive(rs.getInt("access_token_time_to_live")); + appOidc.setIdTokenTimeToLive(rs.getInt("id_token_time_to_live")); + appOidc.setIdTokenSignatureAlgorithm(rs.getString("id_token_signature_algorithm")); + appOidc.setReuseRefreshToken(rs.getBoolean("reuse_refresh_token")); //创建修改相关 - appAccount.setCreateBy(rs.getString("create_by")); - appAccount.setCreateTime(rs.getObject("create_time", LocalDateTime.class)); - appAccount.setUpdateBy(rs.getString("update_by")); - appAccount.setCreateTime(rs.getObject("update_time", LocalDateTime.class)); - appAccount.setRemark(rs.getString("remark_")); - return appAccount; + appOidc.setCreateBy(rs.getString("create_by")); + appOidc.setCreateTime(rs.getObject("create_time", LocalDateTime.class)); + appOidc.setUpdateBy(rs.getString("update_by")); + appOidc.setCreateTime(rs.getObject("update_time", LocalDateTime.class)); + appOidc.setRemark(rs.getString("remark_")); + return appOidc; //@formatter:on } } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppTsaConfigPoMapper.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppTsaConfigPoMapper.java new file mode 100644 index 00000000..6ac96681 --- /dev/null +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/app/impl/mapper/AppTsaConfigPoMapper.java @@ -0,0 +1,80 @@ +/* + * eiam-common - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.common.repository.app.impl.mapper; + +import java.sql.ResultSet; +import java.sql.SQLException; +import java.time.LocalDateTime; + +import org.springframework.jdbc.core.RowMapper; + +import com.alibaba.fastjson2.JSON; + +import cn.topiam.employee.common.entity.app.AppTsaConfigEntity; +import cn.topiam.employee.common.entity.app.po.AppTsaConfigPO; +import cn.topiam.employee.common.enums.app.AuthorizationType; + +/** + * @author TopIAM + * Created by support@topiam.cn on 2022/01/14 10:58 + */ +@SuppressWarnings("DuplicatedCode") +public class AppTsaConfigPoMapper implements RowMapper { + + /** + * Implementations must implement this method to map each row of data + * in the ResultSet. This method should not call {@code next()} on + * the ResultSet; it is only supposed to map values of the current row. + * + * @param rs the ResultSet to map (pre-initialized for the current row) + * @param rowNum the number of the current row + * @return the result object for the current row (may be {@code null}) + * @throws SQLException if an SQLException is encountered getting + * column values (that is, there's no need to catch SQLException) + */ + @Override + public AppTsaConfigPO mapRow(ResultSet rs, int rowNum) throws SQLException { + //@formatter:off + AppTsaConfigPO appForm = new AppTsaConfigPO(); + appForm.setAppId(rs.getLong("app_id")); + //应用表相关 + appForm.setAppCode(rs.getString("code_")); + appForm.setAppTemplate(rs.getString("template_")); + appForm.setEnabled(rs.getBoolean("is_enabled")); + appForm.setClientId(rs.getString("client_id")); + appForm.setClientSecret(rs.getString("client_secret")); +// appForm.setInitLoginType(InitLoginType.getType(rs.getString("init_login_type"))); + appForm.setInitLoginUrl(rs.getString("init_login_url")); + appForm.setAuthorizationType(AuthorizationType.getType(rs.getString("authorization_type"))); + //配置相关 + appForm.setLoginPage(rs.getString("login_page")); + appForm.setAutoLoginSteps(JSON.parseArray(rs.getString("auto_login_steps")) + .toList(AppTsaConfigEntity.AutoLoginStep.class)); + appForm.setCreateAccountSteps(JSON.parseArray(rs.getString("create_account_stepss")) + .toList(AppTsaConfigEntity.CreateAccountStep.class)); + //创建修改相关 + appForm.setCreateBy(rs.getString("create_by")); + appForm.setCreateTime(rs.getObject("create_time", LocalDateTime.class)); + appForm.setUpdateBy(rs.getString("update_by")); + appForm.setCreateTime(rs.getObject("update_time", LocalDateTime.class)); + appForm.setRemark(rs.getString("remark_")); + return appForm; + //@formatter:on + } + +} diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/authentication/IdentityProviderRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/authentication/IdentityProviderRepository.java index 11f70825..57680a16 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/authentication/IdentityProviderRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/authentication/IdentityProviderRepository.java @@ -27,14 +27,12 @@ import org.springframework.cache.annotation.Cacheable; import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.CrudRepository; -import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; -import cn.topiam.employee.common.enums.IdentityProviderType; +import cn.topiam.employee.support.repository.LogicDeleteRepository; /** *

@@ -46,16 +44,16 @@ import cn.topiam.employee.common.enums.IdentityProviderType; */ @Repository @CacheConfig(cacheNames = "idp") -public interface IdentityProviderRepository extends CrudRepository, - PagingAndSortingRepository, +public interface IdentityProviderRepository extends + LogicDeleteRepository, QuerydslPredicateExecutor { /** * 根据平台类型查询认证源配置 * - * @param type {@link IdentityProviderType} + * @param type {@link String} * @return {@link IdentityProviderEntity} */ - List findByType(IdentityProviderType type); + List findByType(String type); /** * 根据平台类型查询是否显示 @@ -103,7 +101,19 @@ public interface IdentityProviderRepository extends CrudRepository findById(@NotNull Long id); + Optional findById(@NotNull @Param(value = "id") Long id); + + /** + * Retrieves an entity by its id. + * + * @param id must not be {@literal null}. + * @return the entity with the given id or {@literal Optional#empty()} if none found. + * @throws IllegalArgumentException if {@literal id} is {@literal null}. + */ + @NotNull + @Cacheable(key = "#a0") + @Query(value = "SELECT * FROM identity_provider WHERE id_ = :id", nativeQuery = true) + Optional findByIdContainsDeleted(@NotNull @Param(value = "id") Long id); /** * 更新社交认证源状态 @@ -127,4 +137,13 @@ public interface IdentityProviderRepository extends CrudRepository findByIdAndEnabledIsTrue(Long id); + + /** + * 根据code查找,并且为启用 + * + * @param code {@link Long} + * @return {@link IdentityProviderEntity} + */ + @Cacheable(key = "#a0", unless = "#result == null") + Optional findByCodeAndEnabledIsTrue(String code); } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceEventRecordRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceEventRecordRepository.java index beaf762b..f0b50403 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceEventRecordRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceEventRecordRepository.java @@ -18,10 +18,10 @@ package cn.topiam.employee.common.repository.identitysource; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.stereotype.Repository; import cn.topiam.employee.common.entity.identitysource.IdentitySourceEventRecordEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; /** * 身份源事件记录 @@ -31,7 +31,7 @@ import cn.topiam.employee.common.entity.identitysource.IdentitySourceEventRecord */ @Repository public interface IdentitySourceEventRecordRepository extends - PagingAndSortingRepository, + LogicDeleteRepository, QuerydslPredicateExecutor, IdentitySourceEventRecordRepositoryCustomized { } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceRepository.java index 5664f3d9..84b8b4bd 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceRepository.java @@ -26,8 +26,6 @@ import org.springframework.cache.annotation.Cacheable; import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.CrudRepository; -import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.data.repository.query.Param; import org.springframework.lang.NonNull; import org.springframework.stereotype.Repository; @@ -35,6 +33,7 @@ import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.constants.AccountConstants; import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; /** *

@@ -48,8 +47,7 @@ import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity; */ @Repository @CacheConfig(cacheNames = { AccountConstants.IDS_CACHE_NAME }) -public interface IdentitySourceRepository extends CrudRepository, - PagingAndSortingRepository, +public interface IdentitySourceRepository extends LogicDeleteRepository, QuerydslPredicateExecutor { /** * 根据ID查询 @@ -59,7 +57,17 @@ public interface IdentitySourceRepository extends CrudRepository findById(Long id); + Optional findById(@Param(value = "id") Long id); + + /** + * 根据ID查询 + * + * @param id {@link Long} + * @return {@link IdentitySourceEntity} + */ + @Cacheable(key = "#p0", unless = "#result==null") + @Query(value = "SELECT * FROM identity_source WHERE id_ = :id", nativeQuery = true) + Optional findByIdContainsDeleted(@Param(value = "id") Long id); /** * 查询启用的身份源 diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceSyncHistoryRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceSyncHistoryRepository.java index d912df55..a3d10f7c 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceSyncHistoryRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceSyncHistoryRepository.java @@ -18,11 +18,10 @@ package cn.topiam.employee.common.repository.identitysource; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.CrudRepository; -import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.stereotype.Repository; import cn.topiam.employee.common.entity.identitysource.IdentitySourceSyncHistoryEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; /** * 身份源同步结果 @@ -32,7 +31,6 @@ import cn.topiam.employee.common.entity.identitysource.IdentitySourceSyncHistory */ @Repository public interface IdentitySourceSyncHistoryRepository extends - CrudRepository, - PagingAndSortingRepository, + LogicDeleteRepository, QuerydslPredicateExecutor { } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceSyncRecordRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceSyncRecordRepository.java index 9fbb6a70..50f02bb7 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceSyncRecordRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/identitysource/IdentitySourceSyncRecordRepository.java @@ -18,10 +18,10 @@ package cn.topiam.employee.common.repository.identitysource; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.PagingAndSortingRepository; import org.springframework.stereotype.Repository; import cn.topiam.employee.common.entity.identitysource.IdentitySourceSyncRecordEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; /** * 身份源同步详情 @@ -31,7 +31,7 @@ import cn.topiam.employee.common.entity.identitysource.IdentitySourceSyncRecordE */ @Repository public interface IdentitySourceSyncRecordRepository extends - PagingAndSortingRepository, + LogicDeleteRepository, QuerydslPredicateExecutor, IdentitySourceSyncRecordRepositoryCustomized { } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/MailSendRecordRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/message/MailSendRecordRepository.java similarity index 74% rename from eiam-common/src/main/java/cn/topiam/employee/common/repository/MailSendRecordRepository.java rename to eiam-common/src/main/java/cn/topiam/employee/common/repository/message/MailSendRecordRepository.java index 30359311..3061079a 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/MailSendRecordRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/message/MailSendRecordRepository.java @@ -15,12 +15,12 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.common.repository; +package cn.topiam.employee.common.repository.message; -import org.springframework.data.repository.CrudRepository; import org.springframework.stereotype.Repository; -import cn.topiam.employee.common.entity.MailSendRecordEntity; +import cn.topiam.employee.common.entity.message.MailSendRecordEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; /** * MailSendRecordRepository @@ -29,5 +29,6 @@ import cn.topiam.employee.common.entity.MailSendRecordEntity; * Created by support@topiam.cn on 2021/10/3 03:38 */ @Repository -public interface MailSendRecordRepository extends CrudRepository { +public interface MailSendRecordRepository extends + LogicDeleteRepository { } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/SmsSendRecordRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/message/SmsSendRecordRepository.java similarity index 75% rename from eiam-common/src/main/java/cn/topiam/employee/common/repository/SmsSendRecordRepository.java rename to eiam-common/src/main/java/cn/topiam/employee/common/repository/message/SmsSendRecordRepository.java index e9dbe8d3..3cebecfd 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/SmsSendRecordRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/message/SmsSendRecordRepository.java @@ -15,17 +15,17 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.common.repository; +package cn.topiam.employee.common.repository.message; -import org.springframework.data.repository.CrudRepository; import org.springframework.stereotype.Repository; -import cn.topiam.employee.common.entity.SmsSendRecordEntity; +import cn.topiam.employee.common.entity.message.SmsSendRecordEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; /** * @author TopIAM */ @Repository -public interface SmsSendRecordRepository extends CrudRepository { +public interface SmsSendRecordRepository extends LogicDeleteRepository { } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/setting/AdministratorRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/setting/AdministratorRepository.java index 7231fd73..bde7efe9 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/setting/AdministratorRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/setting/AdministratorRepository.java @@ -17,6 +17,7 @@ */ package cn.topiam.employee.common.repository.setting; +import java.time.LocalDateTime; import java.util.Optional; import org.jetbrains.annotations.NotNull; @@ -26,12 +27,12 @@ import org.springframework.cache.annotation.Cacheable; import org.springframework.data.jpa.repository.Modifying; import org.springframework.data.jpa.repository.Query; import org.springframework.data.querydsl.QuerydslPredicateExecutor; -import org.springframework.data.repository.CrudRepository; import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.entity.setting.AdministratorEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; import static cn.topiam.employee.common.constants.SettingConstants.ADMIN_CACHE_NAME; /** @@ -40,7 +41,7 @@ import static cn.topiam.employee.common.constants.SettingConstants.ADMIN_CACHE_N */ @Repository @CacheConfig(cacheNames = { ADMIN_CACHE_NAME }) -public interface AdministratorRepository extends CrudRepository, +public interface AdministratorRepository extends LogicDeleteRepository, QuerydslPredicateExecutor { /** @@ -51,8 +52,19 @@ public interface AdministratorRepository extends CrudRepository findById(@NotNull Long id); + @Cacheable + Optional findById(@NotNull @Param(value = "id") Long id); + + /** + * findById + * + * @param id must not be {@literal null}. + * @return {@link AdministratorEntity} + */ + @NotNull + @Cacheable + @Query(value = "SELECT * FROM administrator WHERE id_ = :id", nativeQuery = true) + Optional findByIdContainsDeleted(@NotNull @Param(value = "id") Long id); /** * findById @@ -130,4 +142,17 @@ public interface AdministratorRepository extends CrudRepository @@ -34,7 +41,7 @@ import cn.topiam.employee.common.enums.MailType; * Created by support@topiam.cn on 2020-08-13 */ @Repository -public interface MailTemplateRepository extends CrudRepository { +public interface MailTemplateRepository extends LogicDeleteRepository { /** * 根据类型查询模板 * @@ -48,6 +55,20 @@ public interface MailTemplateRepository extends CrudRepository findByIdContainsDeleted(@NotNull @Param(value = "id") Long id); } diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/repository/setting/SettingRepository.java b/eiam-common/src/main/java/cn/topiam/employee/common/repository/setting/SettingRepository.java index fbc54b78..d42f4a28 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/repository/setting/SettingRepository.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/repository/setting/SettingRepository.java @@ -20,14 +20,18 @@ package cn.topiam.employee.common.repository.setting; import java.util.List; import java.util.Objects; -import org.springframework.data.repository.CrudRepository; +import org.springframework.data.jpa.repository.Modifying; +import org.springframework.data.jpa.repository.Query; +import org.springframework.data.repository.query.Param; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; import cn.topiam.employee.common.entity.setting.SettingEntity; +import cn.topiam.employee.support.repository.LogicDeleteRepository; import cn.topiam.employee.support.util.BeanUtils; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; +import static cn.topiam.employee.support.repository.domain.LogicDeleteEntity.SOFT_DELETE_SET; /** * 设置表 Repository 接口 @@ -36,7 +40,7 @@ import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIF * Created by support@topiam.cn on 2020/12/5 22:09 */ @Repository -public interface SettingRepository extends CrudRepository { +public interface SettingRepository extends LogicDeleteRepository { /** * 根据KEY查询 * @@ -74,16 +78,22 @@ public interface SettingRepository extends CrudRepository { * * @param name {@link String} */ + @Modifying @Transactional(rollbackFor = Exception.class) - void deleteByName(String name); + @Query(value = "UPDATE stting SET " + SOFT_DELETE_SET + + " WHERE name_ = :name", nativeQuery = true) + void deleteByName(@Param("name") String name); /** * 根据名称列表删除 * * @param names {@link String} */ + @Modifying @Transactional(rollbackFor = Exception.class) - void deleteByNameIn(List names); + @Query(value = "UPDATE stting SET " + SOFT_DELETE_SET + + " WHERE name_ IN (:names)", nativeQuery = true) + void deleteByNameIn(@Param("names") List names); /** * 保存配置 diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/AliYunOssStorage.java b/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/AliYunOssStorage.java index b0559822..7147f753 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/AliYunOssStorage.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/AliYunOssStorage.java @@ -32,6 +32,7 @@ import com.aliyun.oss.model.CreateBucketRequest; import com.aliyun.oss.model.GeneratePresignedUrlRequest; import com.aliyun.oss.model.PutObjectRequest; +import cn.topiam.employee.common.crypto.Encrypt; import cn.topiam.employee.common.storage.AbstractStorage; import cn.topiam.employee.common.storage.StorageConfig; import cn.topiam.employee.common.storage.StorageProviderException; @@ -92,22 +93,22 @@ public class AliYunOssStorage extends AbstractStorage { } } + /** + * 所有OSS支持的请求和各种Header参数,在URL中进行签名的算法和在Header中包含签名的算法基本一样。 + * 生成URL中的签名字符串时,除了将Date参数替换为Expires参数外,仍然包含CONTENT-TYPE、CONTENT-MD5、CanonicalizedOSSHeaders等在Header中包含签名中定义的Header(请求中虽然仍有Date请求Header,但无需将Date加入签名字符串中)。 + * 在URL中包含签名时必须对URL进行urlencode。如果在URL中多次传入Signature、Expires或OSSAccessKeyId,则以第一次传入的值为准。 + * 使用URL签名时,OSS会先验证请求时间是否晚于Expires时间,然后再验证签名。 + * urlencode(base64(hmac-sha1(AccessKeySecret, + * VERB + "\n" + * + CONTENT-MD5 + "\n" + * + CONTENT-TYPE + "\n" + * + EXPIRES + "\n" + * + CanonicalizedOSSHeaders + * + CanonicalizedResource))) + */ @Override public String download(String path) throws StorageProviderException { super.download(path); - /** - * 所有OSS支持的请求和各种Header参数,在URL中进行签名的算法和在Header中包含签名的算法基本一样。 - * 生成URL中的签名字符串时,除了将Date参数替换为Expires参数外,仍然包含CONTENT-TYPE、CONTENT-MD5、CanonicalizedOSSHeaders等在Header中包含签名中定义的Header(请求中虽然仍有Date请求Header,但无需将Date加入签名字符串中)。 - * 在URL中包含签名时必须对URL进行urlencode。如果在URL中多次传入Signature、Expires或OSSAccessKeyId,则以第一次传入的值为准。 - * 使用URL签名时,OSS会先验证请求时间是否晚于Expires时间,然后再验证签名。 - * urlencode(base64(hmac-sha1(AccessKeySecret, - * VERB + "\n" - * + CONTENT-MD5 + "\n" - * + CONTENT-TYPE + "\n" - * + EXPIRES + "\n" - * + CanonicalizedOSSHeaders - * + CanonicalizedResource))) - */ GeneratePresignedUrlRequest request = new GeneratePresignedUrlRequest( aliYunConfig.getBucket(), path, HttpMethod.GET); request.setExpiration(DateUtils.addSeconds(new Date(), EXPIRY_SECONDS)); @@ -129,6 +130,7 @@ public class AliYunOssStorage extends AbstractStorage { /** * accessKeySecret */ + @Encrypt @NotEmpty(message = "AccessKeySecret不能为空") private String accessKeySecret; /** diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/MinIoStorage.java b/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/MinIoStorage.java index 23bd221e..b15a0b02 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/MinIoStorage.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/MinIoStorage.java @@ -25,6 +25,7 @@ import javax.validation.constraints.NotEmpty; import org.springframework.web.multipart.MultipartFile; +import cn.topiam.employee.common.crypto.Encrypt; import cn.topiam.employee.common.storage.AbstractStorage; import cn.topiam.employee.common.storage.StorageConfig; import cn.topiam.employee.common.storage.StorageProviderException; @@ -118,6 +119,7 @@ public class MinIoStorage extends AbstractStorage { /** * SecretKey */ + @Encrypt @NotEmpty(message = "SecretKey不能为空") private String secretKey; /** diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/QiNiuKodoStorage.java b/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/QiNiuKodoStorage.java index 3ce1d1e7..b8c07529 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/QiNiuKodoStorage.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/QiNiuKodoStorage.java @@ -31,6 +31,7 @@ import com.qiniu.storage.UploadManager; import com.qiniu.storage.model.DefaultPutRet; import com.qiniu.util.Auth; +import cn.topiam.employee.common.crypto.Encrypt; import cn.topiam.employee.common.storage.AbstractStorage; import cn.topiam.employee.common.storage.StorageConfig; import cn.topiam.employee.common.storage.StorageProviderException; @@ -144,6 +145,7 @@ public class QiNiuKodoStorage extends AbstractStorage { /** * SecretKey */ + @Encrypt @NotEmpty(message = "SecretKey不能为空") private String secretKey; /** diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/TencentCosStorage.java b/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/TencentCosStorage.java index 866757c9..38fd6823 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/TencentCosStorage.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/storage/impl/TencentCosStorage.java @@ -37,6 +37,7 @@ import com.qcloud.cos.http.HttpProtocol; import com.qcloud.cos.model.*; import com.qcloud.cos.region.Region; +import cn.topiam.employee.common.crypto.Encrypt; import cn.topiam.employee.common.storage.AbstractStorage; import cn.topiam.employee.common.storage.StorageConfig; import cn.topiam.employee.common.storage.StorageProviderException; @@ -157,6 +158,7 @@ public class TencentCosStorage extends AbstractStorage { /** * SecretKey */ + @Encrypt @NotEmpty(message = "SecretKey不能为空") private String secretKey; /** diff --git a/eiam-common/src/main/java/cn/topiam/employee/common/util/RequestUtils.java b/eiam-common/src/main/java/cn/topiam/employee/common/util/RequestUtils.java index 4f7037ce..aadbecd8 100644 --- a/eiam-common/src/main/java/cn/topiam/employee/common/util/RequestUtils.java +++ b/eiam-common/src/main/java/cn/topiam/employee/common/util/RequestUtils.java @@ -67,8 +67,8 @@ public class RequestUtils { /** **把request转换成map数据 */ - public static Map getParams(HttpServletRequest request) { - Map params = new HashMap<>(16); + public static Map getParams(HttpServletRequest request) { + Map params = new HashMap<>(16); Map requestParams = request.getParameterMap(); for (Map.Entry entry : requestParams.entrySet()) { String[] values = entry.getValue(); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleApiConfiguration.java b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleApiConfiguration.java index e0e42ff8..2b630531 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleApiConfiguration.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleApiConfiguration.java @@ -17,18 +17,17 @@ */ package cn.topiam.employee.console.configuration; +import cn.topiam.employee.EiamConsoleApplication; +import cn.topiam.employee.common.constants.AuthenticationConstants; +import cn.topiam.employee.support.util.AppVersionUtils; +import io.swagger.v3.oas.models.OpenAPI; +import io.swagger.v3.oas.models.info.Contact; +import io.swagger.v3.oas.models.info.Info; import org.springdoc.core.GroupedOpenApi; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.env.Environment; -import cn.topiam.employee.EiamConsoleApplication; -import cn.topiam.employee.common.constants.AuthenticationConstants; -import cn.topiam.employee.support.util.AppVersionUtils; - -import io.swagger.v3.oas.models.OpenAPI; -import io.swagger.v3.oas.models.info.Contact; -import io.swagger.v3.oas.models.info.Info; import static cn.topiam.employee.common.constants.AccountConstants.ACCOUNT_API_DOC_GROUP_NAME; import static cn.topiam.employee.common.constants.AccountConstants.ACCOUNT_API_PATHS; import static cn.topiam.employee.common.constants.AnalysisConstants.ANALYSIS_GROUP_NAME; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleFrontendConfiguration.java b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleFrontendConfiguration.java index a059ccfc..37955ae4 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleFrontendConfiguration.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleFrontendConfiguration.java @@ -17,8 +17,6 @@ */ package cn.topiam.employee.console.configuration; -import java.io.IOException; - import org.jetbrains.annotations.NotNull; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.Resource; @@ -26,6 +24,8 @@ import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.resource.PathResourceResolver; +import java.io.IOException; + /** * 控制台前端配置 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleSecurityConfiguration.java b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleSecurityConfiguration.java index fce67f30..da8b82c5 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleSecurityConfiguration.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleSecurityConfiguration.java @@ -17,9 +17,18 @@ */ package cn.topiam.employee.console.configuration; -import java.util.Objects; -import java.util.stream.Collectors; - +import cn.topiam.employee.common.constants.AuthorizeConstants; +import cn.topiam.employee.common.entity.setting.SettingEntity; +import cn.topiam.employee.common.geo.GeoLocationService; +import cn.topiam.employee.common.repository.setting.SettingRepository; +import cn.topiam.employee.console.security.handler.*; +import cn.topiam.employee.console.security.listener.ConsoleAuthenticationFailureEventListener; +import cn.topiam.employee.console.security.listener.ConsoleAuthenticationSuccessEventListener; +import cn.topiam.employee.console.security.listener.ConsoleLogoutSuccessEventListener; +import cn.topiam.employee.console.security.listener.ConsoleSessionInformationExpiredStrategy; +import cn.topiam.employee.core.endpoint.security.PublicSecretEndpoint; +import cn.topiam.employee.core.security.form.FormLoginSecretFilter; +import lombok.RequiredArgsConstructor; import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.cloud.context.config.annotation.RefreshScope; @@ -37,21 +46,8 @@ import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; -import cn.topiam.employee.common.constants.AuthorizeConstants; -import cn.topiam.employee.common.entity.setting.SettingEntity; -import cn.topiam.employee.common.geo.GeoLocationService; -import cn.topiam.employee.common.repository.setting.SettingRepository; -import cn.topiam.employee.console.security.handler.*; -import cn.topiam.employee.console.security.listener.ConsoleAuthenticationFailureEventListener; -import cn.topiam.employee.console.security.listener.ConsoleAuthenticationSuccessEventListener; -import cn.topiam.employee.console.security.listener.ConsoleLogoutSuccessEventListener; -import cn.topiam.employee.console.security.listener.ConsoleSessionInformationExpiredStrategy; -import cn.topiam.employee.core.endpoint.security.PublicSecretEndpoint; -import cn.topiam.employee.core.security.form.FormLoginSecretFilter; - -import lombok.RequiredArgsConstructor; -import static org.springframework.boot.autoconfigure.security.StaticResourceLocation.*; -import static org.springframework.security.config.Customizer.withDefaults; +import java.util.Objects; +import java.util.stream.Collectors; import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN; import static cn.topiam.employee.common.constants.AuthorizeConstants.LOGIN_PATH; @@ -59,6 +55,8 @@ import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.DEFAUL import static cn.topiam.employee.common.constants.SessionConstants.CURRENT_STATUS; import static cn.topiam.employee.core.setting.constant.SecuritySettingConstants.*; import static cn.topiam.employee.support.constant.EiamConstants.*; +import static org.springframework.boot.autoconfigure.security.StaticResourceLocation.*; +import static org.springframework.security.config.Customizer.withDefaults; /** * ConsoleSecurityConfiguration @@ -84,7 +82,7 @@ public class ConsoleSecurityConfiguration { http //认证请求 .authorizeHttpRequests(authorizeRequests()) - // 表单登录配置 + //表单登录配置 .formLogin(withFormLoginConfigurerDefaults()) //x509 .x509(withDefaults()) @@ -179,12 +177,12 @@ public class ConsoleSecurityConfiguration { configurer.xssProtection(xssProtection -> xssProtection.block(false)); configurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin); configurer.contentSecurityPolicy( - "default-src 'self'; " + - "frame-src 'self' data:; " + + "default-src 'self' data:; " + + "frame-src 'self' login.dingtalk.com open.weixin.qq.com open.work.weixin.qq.com passport.feishu.cn data:; " + "frame-ancestors 'self' https://eiam.topiam.cn data:; " + - "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; " + + "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com sf3-cn.feishucdn.com;" + "style-src 'self' https://fonts.googleapis.com https://cdn.jsdelivr.net 'unsafe-inline'; " + - "img-src 'self' https://img.alicdn.com https://static-legacy.dingtalk.com https://joeschmoe.io data:; " + + "img-src 'self' https://img.alicdn.com https://static-legacy.dingtalk.com https://joeschmoe.io https://api.multiavatar.com data:; " + "font-src 'self' https://fonts.gstatic.com data:; "+ "worker-src 'self' https://storage.googleapis.com blob:;"); configurer.referrerPolicy( diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/CurrentUserEndpoint.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/CurrentUserEndpoint.java index 39d4d005..bffa5ab2 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/CurrentUserEndpoint.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/CurrentUserEndpoint.java @@ -17,19 +17,6 @@ */ package cn.topiam.employee.console.controller; -import java.io.Serializable; -import java.util.Optional; - -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.stereotype.Component; - -import com.alibaba.fastjson2.JSON; - import cn.topiam.employee.common.entity.setting.AdministratorEntity; import cn.topiam.employee.common.exception.UserNotFoundException; import cn.topiam.employee.common.repository.setting.AdministratorRepository; @@ -38,11 +25,20 @@ import cn.topiam.employee.core.security.util.SecurityUtils; import cn.topiam.employee.support.result.ApiRestResult; import cn.topiam.employee.support.util.DesensitizationUtil; import cn.topiam.employee.support.util.HttpResponseUtils; - +import com.alibaba.fastjson2.JSON; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; import lombok.extern.slf4j.Slf4j; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Component; + +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.Serializable; +import java.util.Optional; -import io.swagger.v3.oas.annotations.media.Schema; import static cn.topiam.employee.common.constants.SessionConstants.CURRENT_USER; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/OrganizationController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/OrganizationController.java index 8ffff172..337c99b4 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/OrganizationController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/OrganizationController.java @@ -17,13 +17,6 @@ */ package cn.topiam.employee.console.controller.account; -import java.util.List; - -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.constants.AccountConstants; @@ -37,9 +30,14 @@ import cn.topiam.employee.console.service.account.OrganizationService; import cn.topiam.employee.support.lock.Lock; import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import java.util.List; /** * 系统账户-组织架构 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserController.java index 8053cdfd..220ddb5e 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserController.java @@ -17,24 +17,13 @@ */ package cn.topiam.employee.console.controller.account; -import java.io.Serializable; -import java.util.List; - -import javax.validation.constraints.NotBlank; -import javax.validation.constraints.NotEmpty; -import javax.validation.constraints.NotNull; - -import org.springframework.http.MediaType; -import org.springframework.http.ResponseEntity; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.entity.account.query.UserListNotInGroupQuery; import cn.topiam.employee.common.entity.account.query.UserListQuery; -import cn.topiam.employee.common.enums.*; +import cn.topiam.employee.common.enums.CheckValidityType; +import cn.topiam.employee.common.enums.MessageNoticeChannel; +import cn.topiam.employee.common.enums.UserStatus; import cn.topiam.employee.console.pojo.result.account.UserListResult; import cn.topiam.employee.console.pojo.result.account.UserLoginAuditListResult; import cn.topiam.employee.console.pojo.result.account.UserResult; @@ -50,13 +39,23 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; -import lombok.Data; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import lombok.Data; +import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import javax.validation.constraints.NotBlank; +import javax.validation.constraints.NotEmpty; +import javax.validation.constraints.NotNull; +import java.io.Serializable; +import java.util.List; + import static cn.topiam.employee.common.constants.AccountConstants.USER_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserGroupController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserGroupController.java index 33df5ca8..03b9d9e4 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserGroupController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserGroupController.java @@ -17,16 +17,6 @@ */ package cn.topiam.employee.console.controller.account; -import javax.validation.constraints.NotEmpty; -import javax.validation.constraints.NotNull; - -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - -import com.google.common.collect.Lists; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.entity.account.UserGroupEntity; @@ -46,12 +36,19 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - +import com.google.common.collect.Lists; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import javax.validation.constraints.NotEmpty; +import javax.validation.constraints.NotNull; + import static cn.topiam.employee.common.constants.AccountConstants.USER_GROUP_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserIdpBindController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserIdpBindController.java index dc81a565..ba3d88b1 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserIdpBindController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserIdpBindController.java @@ -17,13 +17,13 @@ */ package cn.topiam.employee.console.controller.account; +import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; import org.springframework.http.MediaType; import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; -import lombok.AllArgsConstructor; - -import io.swagger.v3.oas.annotations.tags.Tag; import static cn.topiam.employee.common.constants.AccountConstants.USER_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/analysis/AnalysisController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/analysis/AnalysisController.java index 0271f8df..f315e01c 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/analysis/AnalysisController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/analysis/AnalysisController.java @@ -17,26 +17,20 @@ */ package cn.topiam.employee.console.controller.analysis; -import java.util.ArrayList; -import java.util.List; - +import cn.topiam.employee.console.pojo.query.analysis.AnalysisQuery; +import cn.topiam.employee.console.pojo.result.analysis.*; +import cn.topiam.employee.console.service.analysis.AnalysisService; +import cn.topiam.employee.support.result.ApiRestResult; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import cn.topiam.employee.audit.enums.EventStatus; -import cn.topiam.employee.console.pojo.query.analysis.AnalysisQuery; -import cn.topiam.employee.console.pojo.result.analysis.AppVisitRankResult; -import cn.topiam.employee.console.pojo.result.analysis.AuthnHotProviderResult; -import cn.topiam.employee.console.pojo.result.analysis.AuthnQuantityResult; -import cn.topiam.employee.console.pojo.result.analysis.OverviewResult; -import cn.topiam.employee.console.service.analysis.AnalysisService; -import cn.topiam.employee.support.result.ApiRestResult; +import java.util.List; -import io.swagger.v3.oas.annotations.Operation; -import io.swagger.v3.oas.annotations.tags.Tag; import static cn.topiam.employee.common.constants.AnalysisConstants.ANALYSIS_GROUP_NAME; import static cn.topiam.employee.common.constants.AnalysisConstants.ANALYSIS_PATH; @@ -74,28 +68,7 @@ public class AnalysisController { @Operation(summary = "认证量") @PreAuthorize(value = "authenticated and hasAuthority(T(cn.topiam.employee.core.security.authorization.Roles).ADMIN)") public ApiRestResult> authnQuantity(@Validated AnalysisQuery query) { - if (true) { - return ApiRestResult.ok(analysisService.authnQuantity(query)); - } - List list = new ArrayList<>(); - list.add(new AuthnQuantityResult("一月", 18L, EventStatus.SUCCESS.getDesc())); - list.add(new AuthnQuantityResult("二月", 28L, EventStatus.SUCCESS.getDesc())); - list.add(new AuthnQuantityResult("三月", 39L, EventStatus.SUCCESS.getDesc())); - list.add(new AuthnQuantityResult("四月", 81L, EventStatus.SUCCESS.getDesc())); - list.add(new AuthnQuantityResult("五月", 47L, EventStatus.SUCCESS.getDesc())); - list.add(new AuthnQuantityResult("六月", 20L, EventStatus.SUCCESS.getDesc())); - list.add(new AuthnQuantityResult("七月", 24L, EventStatus.SUCCESS.getDesc())); - list.add(new AuthnQuantityResult("八月", 35L, EventStatus.SUCCESS.getDesc())); - //失败 - list.add(new AuthnQuantityResult("一月", 12L, EventStatus.FAIL.getDesc())); - list.add(new AuthnQuantityResult("二月", 23L, EventStatus.FAIL.getDesc())); - list.add(new AuthnQuantityResult("三月", 34L, EventStatus.FAIL.getDesc())); - list.add(new AuthnQuantityResult("四月", 99L, EventStatus.FAIL.getDesc())); - list.add(new AuthnQuantityResult("五月", 52L, EventStatus.FAIL.getDesc())); - list.add(new AuthnQuantityResult("六月", 35L, EventStatus.FAIL.getDesc())); - list.add(new AuthnQuantityResult("七月", 37L, EventStatus.FAIL.getDesc())); - list.add(new AuthnQuantityResult("八月", 42L, EventStatus.FAIL.getDesc())); - return ApiRestResult.ok(list); + return ApiRestResult.ok(analysisService.authnQuantity(query)); } /** @@ -107,19 +80,7 @@ public class AnalysisController { @Operation(summary = "热门认证提供商") @PreAuthorize(value = "authenticated and hasAuthority(T(cn.topiam.employee.core.security.authorization.Roles).ADMIN)") public ApiRestResult> authnHotProvider(@Validated AnalysisQuery query) { - ArrayList list = new ArrayList<>() { - { - add(new AuthnHotProviderResult("微信扫码登录", 1000L)); - add(new AuthnHotProviderResult("钉钉扫码登录", 100L)); - add(new AuthnHotProviderResult("企业微信", 99L)); - add(new AuthnHotProviderResult("QQ", 88L)); - add(new AuthnHotProviderResult("Github", 77L)); - add(new AuthnHotProviderResult("支付宝扫码认证", 66L)); - add(new AuthnHotProviderResult("LDAP", 55L)); - add(new AuthnHotProviderResult("微博", 10L)); - } - }; - return ApiRestResult.ok(list); + return ApiRestResult.ok(analysisService.authnHotProvider(query)); } /** @@ -128,8 +89,8 @@ public class AnalysisController { @GetMapping("/authn/zone") @Operation(summary = "登录区域") @PreAuthorize(value = "authenticated and hasAuthority(T(cn.topiam.employee.core.security.authorization.Roles).ADMIN)") - public void authnZone(@Validated AnalysisQuery query) { - + public ApiRestResult> authnZone(@Validated AnalysisQuery query) { + return ApiRestResult.ok(analysisService.authnZone(query)); } /** @@ -142,19 +103,7 @@ public class AnalysisController { @Operation(summary = "访问应用排名") @PreAuthorize(value = "authenticated and hasAuthority(T(cn.topiam.employee.core.security.authorization.Roles).ADMIN)") public ApiRestResult> appVisitRank(@Validated AnalysisQuery query) { - if (true) { - return ApiRestResult.ok(analysisService.appVisitRank(query)); - } - List list = new ArrayList<>(); - list.add(new AppVisitRankResult("阿里云用户", 145L)); - list.add(new AppVisitRankResult("腾讯云用户", 61L)); - list.add(new AppVisitRankResult("华为云", 52L)); - list.add(new AppVisitRankResult("百度云用户", 48L)); - list.add(new AppVisitRankResult("阿里云角色", 38L)); - list.add(new AppVisitRankResult("百度云角色", 28L)); - list.add(new AppVisitRankResult("腾讯云角色", 22L)); - list.add(new AppVisitRankResult("OIDC", 10L)); - return ApiRestResult.ok(list); + return ApiRestResult.ok(analysisService.appVisitRank(query)); } private final AnalysisService analysisService; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccessPolicyController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccessPolicyController.java index cedc8bf7..e0ef68b5 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccessPolicyController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccessPolicyController.java @@ -17,11 +17,6 @@ */ package cn.topiam.employee.console.controller.app; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.entity.app.query.AppAccessPolicyQuery; @@ -35,11 +30,14 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + import static cn.topiam.employee.common.constants.AppConstants.APP_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccountController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccountController.java index 6417d864..157fa262 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccountController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccountController.java @@ -17,11 +17,6 @@ */ package cn.topiam.employee.console.controller.app; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.entity.app.query.AppAccountQuery; @@ -33,11 +28,14 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + import static cn.topiam.employee.common.constants.AppConstants.APP_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppCertController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppCertController.java index b214b763..5aa4af48 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppCertController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppCertController.java @@ -17,8 +17,14 @@ */ package cn.topiam.employee.console.controller.app; -import java.util.List; - +import cn.topiam.employee.application.saml2.pojo.AppSaml2StandardConfigGetResult; +import cn.topiam.employee.console.pojo.query.app.AppCertQuery; +import cn.topiam.employee.console.pojo.result.app.AppCertListResult; +import cn.topiam.employee.console.service.app.AppCertService; +import cn.topiam.employee.support.result.ApiRestResult; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; import org.springframework.http.MediaType; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; @@ -26,16 +32,8 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import cn.topiam.employee.application.saml2.model.AppSaml2StandardConfigGetResult; -import cn.topiam.employee.console.pojo.query.app.AppCertQuery; -import cn.topiam.employee.console.pojo.result.app.AppCertListResult; -import cn.topiam.employee.console.service.app.AppCertService; -import cn.topiam.employee.support.result.ApiRestResult; +import java.util.List; -import lombok.AllArgsConstructor; - -import io.swagger.v3.oas.annotations.Operation; -import io.swagger.v3.oas.annotations.tags.Tag; import static cn.topiam.employee.common.constants.AppConstants.APP_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppController.java index ccaf02c8..c40eab46 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppController.java @@ -17,12 +17,7 @@ */ package cn.topiam.employee.console.controller.app; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - -import cn.topiam.employee.application.saml2.model.AppSaml2StandardConfigGetResult; +import cn.topiam.employee.application.saml2.pojo.AppSaml2StandardConfigGetResult; import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.console.pojo.query.app.AppQuery; @@ -38,11 +33,14 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + import static cn.topiam.employee.common.constants.AppConstants.APP_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionActionController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionActionController.java index 3a1c6dd2..1d067fb5 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionActionController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionActionController.java @@ -17,8 +17,13 @@ */ package cn.topiam.employee.console.controller.app; -import java.util.List; - +import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery; +import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult; +import cn.topiam.employee.console.service.app.AppPermissionActionService; +import cn.topiam.employee.support.result.ApiRestResult; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.RequiredArgsConstructor; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.MediaType; @@ -28,15 +33,8 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery; -import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult; -import cn.topiam.employee.console.service.app.AppPermissionActionService; -import cn.topiam.employee.support.result.ApiRestResult; +import java.util.List; -import lombok.RequiredArgsConstructor; - -import io.swagger.v3.oas.annotations.Operation; -import io.swagger.v3.oas.annotations.tags.Tag; import static cn.topiam.employee.common.constants.AppConstants.APP_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionPolicyController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionPolicyController.java index 9e175cc6..deff41fb 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionPolicyController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionPolicyController.java @@ -17,11 +17,6 @@ */ package cn.topiam.employee.console.controller.app; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.common.entity.app.query.AppPolicyQuery; import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyGetResult; import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyListResult; @@ -36,11 +31,14 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.RequiredArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.RequiredArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + import static cn.topiam.employee.common.constants.AppConstants.APP_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionResourceController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionResourceController.java index fc03a204..57a2adbb 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionResourceController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionResourceController.java @@ -17,16 +17,6 @@ */ package cn.topiam.employee.console.controller.app; -import javax.validation.constraints.NotEmpty; -import javax.validation.constraints.NotNull; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.enums.CheckValidityType; @@ -44,12 +34,20 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.RequiredArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.RequiredArgsConstructor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import javax.validation.constraints.NotEmpty; +import javax.validation.constraints.NotNull; + import static cn.topiam.employee.common.constants.AppConstants.APP_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionRoleController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionRoleController.java index 1f55d047..2afebcb6 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionRoleController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppPermissionRoleController.java @@ -17,16 +17,6 @@ */ package cn.topiam.employee.console.controller.app; -import javax.validation.constraints.NotEmpty; -import javax.validation.constraints.NotNull; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.enums.CheckValidityType; @@ -41,12 +31,20 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.RequiredArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.RequiredArgsConstructor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import javax.validation.constraints.NotEmpty; +import javax.validation.constraints.NotNull; + import static cn.topiam.employee.common.constants.AppConstants.APP_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppSaml2Controller.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppSaml2Controller.java index 582fa14b..f8debc69 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppSaml2Controller.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppSaml2Controller.java @@ -17,27 +17,24 @@ */ package cn.topiam.employee.console.controller.app; -import java.io.IOException; - -import javax.validation.Valid; -import javax.validation.constraints.NotBlank; - +import cn.topiam.employee.console.pojo.result.app.ParseSaml2MetadataResult; +import cn.topiam.employee.console.service.app.AppSaml2Service; +import cn.topiam.employee.support.lock.Lock; +import cn.topiam.employee.support.result.ApiRestResult; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; import org.springframework.http.MediaType; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; -import cn.topiam.employee.console.pojo.result.app.ParseSaml2MetadataResult; -import cn.topiam.employee.console.service.app.AppSaml2Service; -import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.result.ApiRestResult; +import javax.validation.Valid; +import javax.validation.constraints.NotBlank; +import java.io.IOException; -import lombok.AllArgsConstructor; - -import io.swagger.v3.oas.annotations.Operation; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.tags.Tag; import static cn.topiam.employee.common.constants.AppConstants.APP_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppTemplateController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppTemplateController.java index 1fbae800..0b1a0bf3 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppTemplateController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppTemplateController.java @@ -17,11 +17,14 @@ */ package cn.topiam.employee.console.controller.app; -import java.util.List; -import java.util.Map; - -import javax.validation.constraints.NotEmpty; - +import cn.topiam.employee.common.enums.app.AppType; +import cn.topiam.employee.console.pojo.result.app.AppTemplateResult; +import cn.topiam.employee.console.service.app.AppTemplateService; +import cn.topiam.employee.support.result.ApiRestResult; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.RequiredArgsConstructor; import org.springframework.http.MediaType; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; @@ -30,16 +33,10 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; -import cn.topiam.employee.common.enums.app.AppType; -import cn.topiam.employee.console.pojo.result.app.AppTemplateResult; -import cn.topiam.employee.console.service.app.AppTemplateService; -import cn.topiam.employee.support.result.ApiRestResult; +import javax.validation.constraints.NotEmpty; +import java.util.List; +import java.util.Map; -import lombok.RequiredArgsConstructor; - -import io.swagger.v3.oas.annotations.Operation; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.tags.Tag; import static cn.topiam.employee.common.constants.AppConstants.APP_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/authentication/IdentityProviderController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/authentication/IdentityProviderController.java index 0e59b8fd..6ee38934 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/authentication/IdentityProviderController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/authentication/IdentityProviderController.java @@ -17,11 +17,6 @@ */ package cn.topiam.employee.console.controller.authentication; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.constants.AuthenticationConstants; @@ -37,11 +32,13 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; /** * 身份提供商 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceController.java index 180888b0..1ea7f4c8 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceController.java @@ -17,11 +17,6 @@ */ package cn.topiam.employee.console.controller.identitysource; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity; @@ -42,11 +37,14 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + import static cn.topiam.employee.common.constants.AccountConstants.IDENTITY_SOURCE_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceEventController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceEventController.java index f59be34c..5819c6d3 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceEventController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceEventController.java @@ -17,6 +17,15 @@ */ package cn.topiam.employee.console.controller.identitysource; +import cn.topiam.employee.console.pojo.query.identity.IdentitySourceEventRecordListQuery; +import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceEventRecordListResult; +import cn.topiam.employee.console.service.identitysource.IdentitySourceEventRecordService; +import cn.topiam.employee.support.repository.page.domain.Page; +import cn.topiam.employee.support.repository.page.domain.PageModel; +import cn.topiam.employee.support.result.ApiRestResult; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; import org.springframework.http.MediaType; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; @@ -24,17 +33,6 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import cn.topiam.employee.console.pojo.query.identity.IdentitySourceEventRecordListQuery; -import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceEventRecordListResult; -import cn.topiam.employee.console.service.identitysource.IdentitySourceEventRecordService; -import cn.topiam.employee.support.repository.page.domain.Page; -import cn.topiam.employee.support.repository.page.domain.PageModel; -import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - -import io.swagger.v3.oas.annotations.Operation; -import io.swagger.v3.oas.annotations.tags.Tag; import static cn.topiam.employee.common.constants.AccountConstants.IDENTITY_SOURCE_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceSyncController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceSyncController.java index 652eedd6..8fa52729 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceSyncController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceSyncController.java @@ -17,11 +17,6 @@ */ package cn.topiam.employee.console.controller.identitysource; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.console.pojo.query.identity.IdentitySourceSyncHistoryListQuery; @@ -34,11 +29,14 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + import static cn.topiam.employee.common.constants.AccountConstants.IDENTITY_SOURCE_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/session/SessionManageEndpoint.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/session/SessionManageEndpoint.java index 2b3db85e..b620a612 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/session/SessionManageEndpoint.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/session/SessionManageEndpoint.java @@ -17,28 +17,6 @@ */ package cn.topiam.employee.console.controller.session; -import java.io.Serial; -import java.io.Serializable; -import java.time.LocalDateTime; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; -import org.springframework.security.core.session.SessionRegistry; -import org.springframework.web.bind.annotation.DeleteMapping; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; - -import com.alibaba.fastjson2.JSON; -import com.alibaba.fastjson2.annotation.JSONField; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; @@ -55,16 +33,33 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; import cn.topiam.employee.support.util.HttpResponseUtils; import cn.topiam.employee.support.web.useragent.UserAgent; - -import lombok.Data; -import lombok.experimental.Accessors; - +import com.alibaba.fastjson2.JSON; +import com.alibaba.fastjson2.annotation.JSONField; +import com.fasterxml.jackson.annotation.JsonTypeInfo; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; -import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.USERNAME; +import lombok.Data; +import lombok.experimental.Accessors; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.springframework.security.core.session.SessionRegistry; +import org.springframework.web.bind.annotation.DeleteMapping; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.Serial; +import java.io.Serializable; +import java.time.LocalDateTime; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; import static cn.topiam.employee.common.constants.SessionConstants.SESSION_PATH; import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN; +import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.USERNAME; /** * 会话管理 @@ -111,7 +106,7 @@ public class SessionManageEndpoint { if (principal instanceof SessionDetails) { //过滤掉当前用户的会话 if (!((SessionDetails) principal).getSessionId() - .equals(req.getSession().getId())) { + .equals(req.getSession().getId()) || true) { //@formatter:off OnlineUserConverter userConverter = ApplicationContextHelp.getBean(OnlineUserConverter.class); OnlineSession user = userConverter.sessionDetailsToOnlineSession(((SessionDetails) principal)); @@ -193,6 +188,11 @@ class OnlineSession implements Serializable { @JsonTypeInfo(use = JsonTypeInfo.Id.NONE) private UserAgent userAgent; + /** + * 认证类型 + */ + private String authType; + /** * 登录时间 */ @@ -236,6 +236,8 @@ interface OnlineUserConverter { onlineSession.setGeoLocation(sessionDetails.getGeoLocation()); //用户代理 onlineSession.setUserAgent(sessionDetails.getUserAgent()); + //认证类型 + onlineSession.setAuthType(sessionDetails.getAuthType()); //登录时间 onlineSession.setLoginTime(sessionDetails.getLoginTime()); //最后请求时间 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/AdministratorController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/AdministratorController.java index 19d77932..ebce46d4 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/AdministratorController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/AdministratorController.java @@ -17,14 +17,6 @@ */ package cn.topiam.employee.console.controller.setting; -import javax.validation.constraints.NotEmpty; -import javax.validation.constraints.NotNull; - -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.enums.CheckValidityType; @@ -41,12 +33,18 @@ import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import javax.validation.constraints.NotEmpty; +import javax.validation.constraints.NotNull; + import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/GeoIpLibraryController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/GeoIpLibraryController.java index 6fefe472..81726f0d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/GeoIpLibraryController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/GeoIpLibraryController.java @@ -17,11 +17,6 @@ */ package cn.topiam.employee.console.controller.setting; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.geo.GeoLocation; @@ -32,12 +27,15 @@ import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.lock.Lock; import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.GEO_LOCATION; import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH; import static cn.topiam.employee.core.setting.constant.GeoIpProviderConstants.IPADDRESS_SETTING_NAME; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailProviderController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailProviderController.java index f3edbeb3..03bc2442 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailProviderController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailProviderController.java @@ -17,18 +17,10 @@ */ package cn.topiam.employee.console.controller.setting; -import java.util.HashMap; - -import org.apache.commons.lang3.RandomStringUtils; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.enums.MailType; import cn.topiam.employee.console.pojo.result.setting.EmailProviderConfigResult; -import cn.topiam.employee.console.pojo.save.authentication.InitializeAdminSaveParam; import cn.topiam.employee.console.pojo.save.setting.MailProviderSaveParam; import cn.topiam.employee.console.service.setting.MessageSettingService; import cn.topiam.employee.core.context.ServerContextHelp; @@ -37,11 +29,16 @@ import cn.topiam.employee.core.message.mail.MailMsgEventPublish; import cn.topiam.employee.support.lock.Lock; import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.apache.commons.lang3.RandomStringUtils; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import java.util.HashMap; + import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH; /** @@ -60,7 +57,7 @@ public class MailProviderController { /** * 保存邮件服务商配置 * - * @param param {@link InitializeAdminSaveParam} + * @param param {@link MailProviderSaveParam} * @return {@link ApiRestResult} */ @Lock diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailTemplateController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailTemplateController.java index 5475de17..873becda 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailTemplateController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailTemplateController.java @@ -17,14 +17,6 @@ */ package cn.topiam.employee.console.controller.setting; -import java.util.List; -import java.util.Objects; - -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.enums.MailType; @@ -35,11 +27,17 @@ import cn.topiam.employee.console.service.setting.MailTemplateService; import cn.topiam.employee.support.lock.Lock; import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import java.util.List; +import java.util.Objects; + import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityController.java index 6658268e..88f1a2e0 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityController.java @@ -17,13 +17,6 @@ */ package cn.topiam.employee.console.controller.setting; -import java.util.List; - -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.console.pojo.result.setting.*; @@ -36,11 +29,16 @@ import cn.topiam.employee.console.service.setting.SecuritySettingService; import cn.topiam.employee.support.lock.Lock; import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import java.util.List; + import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsProviderController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsProviderController.java index c532badd..98e16dc0 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsProviderController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsProviderController.java @@ -17,12 +17,6 @@ */ package cn.topiam.employee.console.controller.setting; -import java.util.LinkedHashMap; - -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.common.enums.MailType; @@ -35,11 +29,15 @@ import cn.topiam.employee.core.security.password.PasswordGenerator; import cn.topiam.employee.support.lock.Lock; import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + +import java.util.LinkedHashMap; + import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsTemplateController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsTemplateController.java index 6acaf350..80e4ba52 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsTemplateController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsTemplateController.java @@ -17,10 +17,14 @@ */ package cn.topiam.employee.console.controller.setting; -import java.util.List; - -import javax.validation.constraints.NotNull; - +import cn.topiam.employee.common.enums.Language; +import cn.topiam.employee.console.pojo.result.setting.SmsTemplateListResult; +import cn.topiam.employee.console.service.setting.SmsTemplateService; +import cn.topiam.employee.support.result.ApiRestResult; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; import org.springframework.http.MediaType; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; @@ -28,16 +32,9 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import cn.topiam.employee.common.enums.Language; -import cn.topiam.employee.console.pojo.result.setting.SmsTemplateListResult; -import cn.topiam.employee.console.service.setting.SmsTemplateService; -import cn.topiam.employee.support.result.ApiRestResult; +import javax.validation.constraints.NotNull; +import java.util.List; -import lombok.AllArgsConstructor; - -import io.swagger.v3.oas.annotations.Operation; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.tags.Tag; import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/StorageController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/StorageController.java index 1e7a4d9f..d2160e48 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/StorageController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/StorageController.java @@ -17,11 +17,6 @@ */ package cn.topiam.employee.console.controller.setting; -import org.springframework.http.MediaType; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.console.pojo.result.setting.StorageProviderConfigResult; @@ -30,11 +25,14 @@ import cn.topiam.employee.console.service.setting.StorageSettingService; import cn.topiam.employee.support.lock.Lock; import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + import static cn.topiam.employee.common.constants.SettingConstants.SETTING_PATH; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/OrganizationConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/OrganizationConverter.java index 1db3ac19..0a0ae46d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/OrganizationConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/OrganizationConverter.java @@ -17,14 +17,6 @@ */ package cn.topiam.employee.console.converter.account; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; - -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.util.CollectionUtils; - import cn.topiam.employee.common.entity.account.OrganizationEntity; import cn.topiam.employee.console.pojo.result.account.OrganizationChildResult; import cn.topiam.employee.console.pojo.result.account.OrganizationResult; @@ -32,6 +24,13 @@ import cn.topiam.employee.console.pojo.result.account.OrganizationRootResult; import cn.topiam.employee.console.pojo.result.account.OrganizationTreeResult; import cn.topiam.employee.console.pojo.save.account.OrganizationCreateParam; import cn.topiam.employee.console.pojo.update.account.OrganizationUpdateParam; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; + +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; /** * 组织架构数据映射 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java index e8aeb141..4781a3b5 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java @@ -17,31 +17,6 @@ */ package cn.topiam.employee.console.converter.account; -import java.time.LocalDateTime; -import java.time.ZoneId; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; -import java.util.Set; - -import org.elasticsearch.index.query.BoolQueryBuilder; -import org.elasticsearch.index.query.QueryBuilders; -import org.elasticsearch.search.sort.FieldSortBuilder; -import org.elasticsearch.search.sort.SortBuilder; -import org.elasticsearch.search.sort.SortBuilders; -import org.elasticsearch.search.sort.SortOrder; -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.data.domain.PageRequest; -import org.springframework.data.elasticsearch.core.SearchHits; -import org.springframework.data.elasticsearch.core.query.NativeSearchQuery; -import org.springframework.data.elasticsearch.core.query.NativeSearchQueryBuilder; -import org.springframework.util.CollectionUtils; -import org.springframework.util.StringUtils; - -import com.google.common.collect.Lists; -import com.google.common.collect.Sets; - import cn.topiam.employee.audit.entity.AuditElasticSearchEntity; import cn.topiam.employee.audit.entity.Event; import cn.topiam.employee.audit.enums.EventType; @@ -60,6 +35,30 @@ import cn.topiam.employee.console.pojo.update.account.UserUpdateParam; import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; +import com.google.common.collect.Lists; +import com.google.common.collect.Sets; +import org.elasticsearch.index.query.BoolQueryBuilder; +import org.elasticsearch.index.query.QueryBuilders; +import org.elasticsearch.search.sort.FieldSortBuilder; +import org.elasticsearch.search.sort.SortBuilder; +import org.elasticsearch.search.sort.SortBuilders; +import org.elasticsearch.search.sort.SortOrder; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.data.domain.PageRequest; +import org.springframework.data.elasticsearch.core.SearchHits; +import org.springframework.data.elasticsearch.core.query.NativeSearchQuery; +import org.springframework.data.elasticsearch.core.query.NativeSearchQueryBuilder; +import org.springframework.util.CollectionUtils; +import org.springframework.util.StringUtils; + +import java.time.LocalDateTime; +import java.time.ZoneId; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.Set; + import static cn.topiam.employee.audit.entity.Actor.ACTOR_ID; import static cn.topiam.employee.audit.entity.Event.EVENT_TIME; import static cn.topiam.employee.audit.entity.Event.EVENT_TYPE; @@ -122,9 +121,15 @@ public interface UserConverter { UserEntity userEntity = new UserEntity(); userEntity.setRemark(param.getRemark()); userEntity.setUsername(param.getUsername()); - userEntity.setEmail(param.getEmail()); + //邮箱 + if (StringUtils.hasText(param.getEmail())) { + userEntity.setEmail(param.getEmail()); + userEntity.setEmailVerified(Boolean.TRUE); + } + //手机号 if (StringUtils.hasText(param.getPhone())) { userEntity.setPhone(getPhoneNumber(param.getPhone())); + userEntity.setPhoneVerified(Boolean.TRUE); userEntity.setPhoneAreaCode(getPhoneAreaCode(param.getPhone())); } userEntity.setFullName(param.getFullName()); @@ -133,7 +138,6 @@ public interface UserConverter { userEntity.setStatus(cn.topiam.employee.common.enums.UserStatus.ENABLE); userEntity.setAvatar("https://joeschmoe.io/api/v1/random"); userEntity.setDataOrigin(cn.topiam.employee.common.enums.DataOrigin.INPUT); - userEntity.setEmailVerified(Boolean.FALSE); userEntity.setExpireDate( java.util.Objects.isNull(param.getExpireDate()) ? java.time.LocalDate.of(2116, 12, 31) : param.getExpireDate()); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserGroupConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserGroupConverter.java index 9fad7a78..9c48feec 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserGroupConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserGroupConverter.java @@ -17,18 +17,6 @@ */ package cn.topiam.employee.console.converter.account; -import java.util.ArrayList; -import java.util.List; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.util.CollectionUtils; - -import com.google.common.collect.Lists; -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.common.entity.account.QUserGroupEntity; import cn.topiam.employee.common.entity.account.UserEntity; import cn.topiam.employee.common.entity.account.UserGroupEntity; @@ -41,6 +29,16 @@ import cn.topiam.employee.console.pojo.save.account.UserGroupCreateParam; import cn.topiam.employee.console.pojo.update.account.UserGroupUpdateParam; import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.repository.page.domain.Page; +import com.google.common.collect.Lists; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; + +import java.util.ArrayList; +import java.util.List; /** * 用户映射 @@ -152,7 +150,8 @@ public interface UserGroupConverter { */ default Predicate queryUserGroupListParamConvertToPredicate(UserGroupListQuery query) { QUserGroupEntity userGroup = QUserGroupEntity.userGroupEntity; - Predicate predicate = userGroup.isNotNull(); + Predicate predicate = ExpressionUtils.and(userGroup.isNotNull(), + userGroup.isDeleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off predicate = StringUtils.isBlank(query.getName()) ? predicate : ExpressionUtils.and(predicate, userGroup.name.like("%" + query.getName() + "%")); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccessPolicyConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccessPolicyConverter.java index e5769e01..ed582e01 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccessPolicyConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccessPolicyConverter.java @@ -17,17 +17,16 @@ */ package cn.topiam.employee.console.converter.app; -import java.util.ArrayList; -import java.util.List; - -import org.mapstruct.Mapper; -import org.springframework.util.CollectionUtils; - import cn.topiam.employee.common.entity.app.AppAccessPolicyEntity; import cn.topiam.employee.common.entity.app.po.AppAccessPolicyPO; import cn.topiam.employee.console.pojo.result.app.AppAccessPolicyResult; import cn.topiam.employee.console.pojo.save.app.AppAccessPolicyCreateParam; import cn.topiam.employee.support.repository.page.domain.Page; +import org.mapstruct.Mapper; +import org.springframework.util.CollectionUtils; + +import java.util.ArrayList; +import java.util.List; /** * 应用授权策略 Converter diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccountConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccountConverter.java index 0bf236fc..ed00604a 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccountConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppAccountConverter.java @@ -17,18 +17,17 @@ */ package cn.topiam.employee.console.converter.app; -import java.util.ArrayList; -import java.util.List; - -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.util.CollectionUtils; - import cn.topiam.employee.common.entity.app.AppAccountEntity; import cn.topiam.employee.common.entity.app.po.AppAccountPO; import cn.topiam.employee.console.pojo.result.app.AppAccountListResult; import cn.topiam.employee.console.pojo.save.app.AppAccountCreateParam; import cn.topiam.employee.support.repository.page.domain.Page; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; + +import java.util.ArrayList; +import java.util.List; /** * 应用账户映射 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppCertConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppCertConverter.java index d875d383..c9d706f1 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppCertConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppCertConverter.java @@ -17,20 +17,18 @@ */ package cn.topiam.employee.console.converter.app; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; - -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.common.entity.app.AppCertEntity; import cn.topiam.employee.common.entity.app.QAppCertEntity; import cn.topiam.employee.console.pojo.query.app.AppCertQuery; import cn.topiam.employee.console.pojo.result.app.AppCertListResult; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; + +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; /** * 应用证书Converter @@ -48,7 +46,8 @@ public interface AppCertConverter { */ default Predicate queryAppCertListParamConvertToPredicate(AppCertQuery query) { QAppCertEntity cert = QAppCertEntity.appCertEntity; - Predicate predicate = cert.isNotNull(); + Predicate predicate = ExpressionUtils.and(cert.isNotNull(), + cert.isDeleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off predicate = StringUtils.isBlank(query.getAppId()) ? predicate : ExpressionUtils.and(predicate, cert.appId.eq(Long.valueOf(query.getAppId()))); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppConverter.java index c3cda624..e82a13ca 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppConverter.java @@ -17,19 +17,6 @@ */ package cn.topiam.employee.console.converter.app; -import java.util.List; -import java.util.Objects; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.util.AlternativeJdkIdGenerator; -import org.springframework.util.IdGenerator; - -import com.google.common.collect.Lists; -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.application.ApplicationService; import cn.topiam.employee.application.ApplicationServiceLoader; import cn.topiam.employee.common.entity.app.AppEntity; @@ -40,6 +27,17 @@ import cn.topiam.employee.console.pojo.result.app.AppListResult; import cn.topiam.employee.console.pojo.update.app.AppUpdateParam; import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.repository.page.domain.Page; +import com.google.common.collect.Lists; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.AlternativeJdkIdGenerator; +import org.springframework.util.IdGenerator; + +import java.util.List; +import java.util.Objects; /** * 应用映射 @@ -58,7 +56,8 @@ public interface AppConverter { */ default Predicate queryAppListParamConvertToPredicate(AppQuery query) { QAppEntity application = QAppEntity.appEntity; - Predicate predicate = application.isNotNull(); + Predicate predicate = ExpressionUtils.and(application.isNotNull(), + application.isDeleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off predicate = StringUtils.isBlank(query.getName()) ? predicate : ExpressionUtils.and(predicate, application.name.like("%" + query.getName() + "%")); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionActionConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionActionConverter.java index 2656e599..76992fb4 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionActionConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionActionConverter.java @@ -17,23 +17,21 @@ */ package cn.topiam.employee.console.converter.app; -import java.util.ArrayList; -import java.util.List; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.util.ObjectUtils; - -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.common.entity.app.AppPermissionActionEntity; import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity; import cn.topiam.employee.common.entity.app.QAppPermissionResourceEntity; import cn.topiam.employee.common.enums.PermissionActionType; import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery; import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.ObjectUtils; + +import java.util.ArrayList; +import java.util.List; /** * 权限映射 @@ -51,7 +49,8 @@ public interface AppPermissionActionConverter { */ default Predicate appPermissionActionListQueryConvertToPredicate(AppPermissionActionListQuery query) { QAppPermissionResourceEntity resource = QAppPermissionResourceEntity.appPermissionResourceEntity; - Predicate predicate = resource.isNotNull(); + Predicate predicate = ExpressionUtils.and(resource.isNotNull(), + resource.isDeleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off // 资源名称 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionPolicyConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionPolicyConverter.java index 1797d095..4ae16b32 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionPolicyConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionPolicyConverter.java @@ -17,19 +17,18 @@ */ package cn.topiam.employee.console.converter.app; -import java.util.ArrayList; -import java.util.List; - -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.util.CollectionUtils; - import cn.topiam.employee.common.entity.app.AppPermissionPolicyEntity; import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO; import cn.topiam.employee.console.pojo.result.app.AppPermissionPolicyListResult; import cn.topiam.employee.console.pojo.save.app.AppPermissionPolicyCreateParam; import cn.topiam.employee.console.pojo.update.app.AppPermissionPolicyUpdateParam; import cn.topiam.employee.support.repository.page.domain.Page; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; + +import java.util.ArrayList; +import java.util.List; /** * 策略映射 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionResourceConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionResourceConverter.java index dffe4c7e..f9c4c3db 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionResourceConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionResourceConverter.java @@ -17,18 +17,6 @@ */ package cn.topiam.employee.console.converter.app; -import java.util.ArrayList; -import java.util.List; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.util.CollectionUtils; -import org.springframework.util.ObjectUtils; - -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity; import cn.topiam.employee.common.entity.app.QAppPermissionResourceEntity; import cn.topiam.employee.console.pojo.query.app.AppResourceListQuery; @@ -37,6 +25,16 @@ import cn.topiam.employee.console.pojo.result.app.AppPermissionResourceListResul import cn.topiam.employee.console.pojo.save.app.AppPermissionResourceCreateParam; import cn.topiam.employee.console.pojo.update.app.AppPermissionResourceUpdateParam; import cn.topiam.employee.support.repository.page.domain.Page; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; +import org.springframework.util.ObjectUtils; + +import java.util.ArrayList; +import java.util.List; /** * 资源映射 @@ -55,7 +53,8 @@ public interface AppPermissionResourceConverter { */ default Predicate resourcePaginationParamConvertToPredicate(AppResourceListQuery query) { QAppPermissionResourceEntity resource = QAppPermissionResourceEntity.appPermissionResourceEntity; - Predicate predicate = resource.isNotNull(); + Predicate predicate = ExpressionUtils.and(resource.isNotNull(), + resource.isDeleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off // 资源名称 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionRoleConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionRoleConverter.java index a6c7371c..ea503a57 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionRoleConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/AppPermissionRoleConverter.java @@ -17,18 +17,6 @@ */ package cn.topiam.employee.console.converter.app; -import java.util.ArrayList; -import java.util.List; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.util.CollectionUtils; -import org.springframework.util.ObjectUtils; - -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.common.entity.app.AppPermissionRoleEntity; import cn.topiam.employee.common.entity.app.QAppPermissionRoleEntity; import cn.topiam.employee.console.pojo.query.app.AppPermissionRoleListQuery; @@ -37,6 +25,16 @@ import cn.topiam.employee.console.pojo.result.app.AppPermissionRoleResult; import cn.topiam.employee.console.pojo.save.app.AppPermissionRoleCreateParam; import cn.topiam.employee.console.pojo.update.app.PermissionRoleUpdateParam; import cn.topiam.employee.support.repository.page.domain.Page; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; +import org.springframework.util.ObjectUtils; + +import java.util.ArrayList; +import java.util.List; /** * 角色映射 @@ -124,7 +122,8 @@ public interface AppPermissionRoleConverter { */ default Predicate rolePaginationParamConvertToPredicate(AppPermissionRoleListQuery query) { QAppPermissionRoleEntity role = QAppPermissionRoleEntity.appPermissionRoleEntity; - Predicate predicate = role.isNotNull(); + Predicate predicate = ExpressionUtils.and(role.isNotNull(), + role.isDeleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off // 角色名称 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/UserIdpBindConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/UserIdpBindConverter.java index 710d2dd6..b2fbe605 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/UserIdpBindConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/app/UserIdpBindConverter.java @@ -17,14 +17,13 @@ */ package cn.topiam.employee.console.converter.app; -import java.util.ArrayList; -import java.util.List; - -import org.mapstruct.Mapper; - import cn.topiam.employee.common.entity.account.po.UserIdpBindPo; import cn.topiam.employee.console.pojo.result.app.UserIdpBindListResult; import cn.topiam.employee.support.repository.page.domain.Page; +import org.mapstruct.Mapper; + +import java.util.ArrayList; +import java.util.List; /** * 用户身份提供商绑定 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/authentication/IdentityProviderConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/authentication/IdentityProviderConverter.java index c289a9e5..01f2a460 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/authentication/IdentityProviderConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/authentication/IdentityProviderConverter.java @@ -17,32 +17,17 @@ */ package cn.topiam.employee.console.converter.authentication; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; - -import javax.validation.ConstraintViolationException; - -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.data.querydsl.QPageRequest; - -import com.alibaba.fastjson2.JSONObject; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; - +import cn.topiam.employee.authentication.common.IdentityProviderCategory; +import cn.topiam.employee.authentication.common.IdentityProviderType; import cn.topiam.employee.authentication.common.config.IdentityProviderConfig; import cn.topiam.employee.authentication.dingtalk.DingTalkIdpOauthConfig; import cn.topiam.employee.authentication.dingtalk.DingTalkIdpScanCodeConfig; +import cn.topiam.employee.authentication.feishu.FeiShuIdpScanCodeConfig; import cn.topiam.employee.authentication.qq.QqIdpOauthConfig; import cn.topiam.employee.authentication.wechat.WeChatIdpScanCodeConfig; import cn.topiam.employee.authentication.wechatwork.WeChatWorkIdpScanCodeConfig; import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; import cn.topiam.employee.common.entity.authentication.QIdentityProviderEntity; -import cn.topiam.employee.common.enums.IdentityProviderType; import cn.topiam.employee.console.pojo.query.authentication.IdentityProviderListQuery; import cn.topiam.employee.console.pojo.result.authentication.IdentityProviderListResult; import cn.topiam.employee.console.pojo.result.authentication.IdentityProviderResult; @@ -54,6 +39,23 @@ import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.repository.page.domain.QueryDslRequest; import cn.topiam.employee.support.validation.ValidationHelp; +import com.alibaba.fastjson2.JSONObject; +import com.fasterxml.jackson.annotation.JsonTypeInfo; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import org.apache.commons.lang3.RandomStringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.data.querydsl.QPageRequest; + +import javax.validation.ConstraintViolationException; +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; + +import static cn.topiam.employee.authentication.common.IdentityProviderType.*; /** * 身份提供商转换器 @@ -93,7 +95,7 @@ public interface IdentityProviderConverter { * @param entity {@link IdentityProviderEntity} * @return {@link IdentityProviderListResult} */ - @Mapping(target = "desc", source = "type.desc") + @Mapping(target = "desc", expression = "java(IdentityProviderConverter.getIdentityProviderType(entity.getType()).desc())") IdentityProviderListResult entityConverterToIdentityProviderResult(IdentityProviderEntity entity); /** @@ -106,7 +108,9 @@ public interface IdentityProviderConverter { if (param == null) { return null; } - if (!param.getCategory().getProviders().contains(param.getType())) { + IdentityProviderCategory category = IdentityProviderCategory.getType(param.getCategory()); + if (!category.getProviders().stream().map(IdentityProviderType::value).toList() + .contains(param.getType())) { throw new TopIamException("认证源类型与认证源提供商不匹配"); } try { @@ -117,19 +121,17 @@ public interface IdentityProviderConverter { objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(), ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); //封装数据 - IdentityProviderEntity identityProviderEntity = new IdentityProviderEntity(); - identityProviderEntity.setName(param.getName()); - identityProviderEntity.setCode( - org.apache.commons.lang3.RandomStringUtils.randomAlphanumeric(32).toLowerCase()); - identityProviderEntity.setType(param.getType()); - identityProviderEntity.setCategory(param.getCategory()); - identityProviderEntity.setDisplayed(param.getDisplayed()); - identityProviderEntity.setEnabled(Boolean.TRUE); - identityProviderEntity.setRemark(param.getRemark()); + IdentityProviderEntity entity = new IdentityProviderEntity(); + entity.setName(param.getName()); + entity.setCode(RandomStringUtils.randomAlphanumeric(32).toLowerCase()); + entity.setType(param.getType()); + entity.setCategory(param.getCategory()); + entity.setDisplayed(param.getDisplayed()); + entity.setEnabled(Boolean.TRUE); + entity.setRemark(param.getRemark()); //配置 - identityProviderEntity - .setConfig(objectMapper.writeValueAsString(identityProviderConfig)); - return identityProviderEntity; + entity.setConfig(objectMapper.writeValueAsString(identityProviderConfig)); + return entity; } catch (JsonProcessingException e) { throw new RuntimeException(e); } @@ -155,7 +157,8 @@ public interface IdentityProviderConverter { result.setRemark(entity.getRemark()); //回调地址 result.setRedirectUri(ServerContextHelp.getPortalPublicBaseUrl() - + entity.getType().getLoginPathPrefix() + "/" + entity.getCode()); + + getIdentityProviderType(entity.getType()).getLoginPathPrefix() + "/" + + entity.getCode()); try { ObjectMapper objectMapper = new ObjectMapper(); // 指定序列化输入的类型 @@ -181,7 +184,8 @@ public interface IdentityProviderConverter { PageModel pageModel) { QueryDslRequest request = new QueryDslRequest(); QIdentityProviderEntity queryEntity = QIdentityProviderEntity.identityProviderEntity; - Predicate predicate = queryEntity.isNotNull(); + Predicate predicate = ExpressionUtils.and(queryEntity.isNotNull(), + queryEntity.isDeleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off predicate = Objects.isNull(query.getCategory()) ? predicate : ExpressionUtils.and(predicate, queryEntity.category.eq(query.getCategory())); @@ -232,25 +236,29 @@ public interface IdentityProviderConverter { * @param config {@link JSONObject} * @return {@link IdentityProviderConfig} */ - default IdentityProviderConfig getIdentityProviderConfig(IdentityProviderType type, - JSONObject config) { + default IdentityProviderConfig getIdentityProviderConfig(String type, JSONObject config) { //开始处理不同提供商的配置 IdentityProviderConfig identityProviderConfig; - switch (type) { - //微信扫码 - case WECHAT_SCAN_CODE -> - identityProviderConfig = config.to(WeChatIdpScanCodeConfig.class); + //微信扫码 + if (type.equals(WECHAT_QR.value())) { + identityProviderConfig = config.to(WeChatIdpScanCodeConfig.class); //钉钉扫码 - case DINGTALK_SCAN_CODE -> - identityProviderConfig = config.to(DingTalkIdpScanCodeConfig.class); + } else if (type.equals(DINGTALK_QR.value())) { + identityProviderConfig = config.to(DingTalkIdpScanCodeConfig.class); //钉钉Oauth - case DINGTALK_OAUTH -> identityProviderConfig = config.to(DingTalkIdpOauthConfig.class); + } else if (type.equals(DINGTALK_OAUTH.value())) { + identityProviderConfig = config.to(DingTalkIdpOauthConfig.class); //企业微信扫码 - case WECHATWORK_SCAN_CODE -> - identityProviderConfig = config.to(WeChatWorkIdpScanCodeConfig.class); + } else if (type.equals(WECHAT_WORK_QR.value())) { + identityProviderConfig = config.to(WeChatWorkIdpScanCodeConfig.class); //QQ认证 - case QQ -> identityProviderConfig = config.to(QqIdpOauthConfig.class); - default -> throw new TopIamException("不支持此身份提供商"); + } else if (type.equals(QQ.value())) { + identityProviderConfig = config.to(QqIdpOauthConfig.class); + //飞书认证 + } else if (type.equals(FEISHU_OAUTH.value())) { + identityProviderConfig = config.to(FeiShuIdpScanCodeConfig.class); + } else { + throw new TopIamException("不支持此身份提供商"); } if (!Objects.nonNull(identityProviderConfig)) { throw new NullPointerException("提供商配置不能为空"); @@ -262,4 +270,41 @@ public interface IdentityProviderConverter { } return identityProviderConfig; } + + /** + * getIdentityProviderType + * + * @param type {@link String} + * @return {@link IdentityProviderType} + */ + static IdentityProviderType getIdentityProviderType(String type) { + if (type.equals(FEISHU_OAUTH.value())) { + return FEISHU_OAUTH; + } + if (type.equals(DINGTALK_OAUTH.value())) { + return DINGTALK_OAUTH; + } + if (type.equals(DINGTALK_QR.value())) { + return DINGTALK_QR; + } + if (type.equals(WECHAT_QR.value())) { + return WECHAT_QR; + } + if (type.equals(WECHAT_WORK_QR.value())) { + return WECHAT_WORK_QR; + } + if (type.equals(QQ.value())) { + return QQ; + } + if (type.equals(LDAP.value())) { + return LDAP; + } + if (type.equals(USERNAME_PASSWORD.value())) { + return USERNAME_PASSWORD; + } + if (type.equals(SMS.value())) { + return SMS; + } + throw new IllegalArgumentException("未知身份提供商类型"); + } } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceConverter.java index c1804020..4aeccc6d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceConverter.java @@ -17,29 +17,10 @@ */ package cn.topiam.employee.console.converter.identitysource; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; - -import javax.validation.ConstraintViolationException; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.data.domain.Page; -import org.springframework.data.querydsl.QPageRequest; -import org.springframework.util.CollectionUtils; - -import com.alibaba.fastjson2.JSONObject; -import com.alibaba.fastjson2.JSONWriter; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.common.constants.CommonConstants; import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity; import cn.topiam.employee.common.entity.identitysource.QIdentitySourceEntity; -import cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider; +import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider; import cn.topiam.employee.console.pojo.query.identity.IdentitySourceListQuery; import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceConfigGetResult; import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceGetResult; @@ -50,12 +31,28 @@ import cn.topiam.employee.console.pojo.update.identity.IdentitySourceUpdateParam import cn.topiam.employee.core.context.ServerContextHelp; import cn.topiam.employee.identitysource.core.IdentitySourceConfig; import cn.topiam.employee.identitysource.dingtalk.DingTalkConfig; -import cn.topiam.employee.identitysource.feishu.FeiShuConfig; +import cn.topiam.employee.identitysource.ldap.LdapConfig; import cn.topiam.employee.identitysource.wechatwork.WeChatWorkConfig; import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.repository.page.domain.QueryDslRequest; import cn.topiam.employee.support.validation.ValidationHelp; +import com.alibaba.fastjson2.JSONObject; +import com.alibaba.fastjson2.JSONWriter; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.data.domain.Page; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.util.CollectionUtils; + +import javax.validation.ConstraintViolationException; +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; /** * 身份源转换器 @@ -207,7 +204,7 @@ public interface IdentitySourceConverter { } //飞书 if (Objects.equals(provider, IdentitySourceProvider.FEISHU)) { - clientConfig = param.getBasicConfig().to(FeiShuConfig.class); + clientConfig = param.getBasicConfig().to(LdapConfig.class); } //放置参数,并验证参数 if (!Objects.nonNull(clientConfig)) { @@ -236,7 +233,8 @@ public interface IdentitySourceConverter { PageModel pageModel) { QueryDslRequest request = new QueryDslRequest(); QIdentitySourceEntity queryEntity = QIdentitySourceEntity.identitySourceEntity; - Predicate predicate = queryEntity.isNotNull(); + Predicate predicate = ExpressionUtils.and(queryEntity.isNotNull(), + queryEntity.isDeleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off predicate = StringUtils.isBlank(query.getName()) ? predicate : ExpressionUtils.and(predicate, queryEntity.name.like("%" + query.getName() + "%")); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceEventRecordConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceEventRecordConverter.java index 17aa9d05..f5b62ba0 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceEventRecordConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceEventRecordConverter.java @@ -17,17 +17,6 @@ */ package cn.topiam.employee.console.converter.identitysource; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; -import org.springframework.util.CollectionUtils; - -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.common.entity.account.UserGroupEntity; import cn.topiam.employee.common.entity.identitysource.IdentitySourceEventRecordEntity; import cn.topiam.employee.common.entity.identitysource.QIdentitySourceEventRecordEntity; @@ -36,6 +25,15 @@ import cn.topiam.employee.console.pojo.result.account.UserGroupListResult; import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceEventRecordListResult; import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.repository.page.domain.Page; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.springframework.util.CollectionUtils; + +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; /** * 身份源事件记录转换器 @@ -54,7 +52,8 @@ public interface IdentitySourceEventRecordConverter { */ default Predicate queryIdentitySourceEventRecordListQueryConvertToPredicate(IdentitySourceEventRecordListQuery query) { QIdentitySourceEventRecordEntity queryEntity = QIdentitySourceEventRecordEntity.identitySourceEventRecordEntity; - Predicate predicate = queryEntity.isNotNull(); + Predicate predicate = ExpressionUtils.and(queryEntity.isNotNull(), + queryEntity.isDeleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off predicate = StringUtils.isBlank(query.getIdentitySourceId()) ? predicate : ExpressionUtils.and(predicate, queryEntity.identitySourceId.eq(Long.valueOf(query.getIdentitySourceId()))); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceSyncConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceSyncConverter.java index c4b2fddb..f4f8efa1 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceSyncConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/identitysource/IdentitySourceSyncConverter.java @@ -17,18 +17,6 @@ */ package cn.topiam.employee.console.converter.identitysource; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.util.CollectionUtils; - -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.common.entity.account.UserGroupEntity; import cn.topiam.employee.common.entity.identitysource.IdentitySourceSyncHistoryEntity; import cn.topiam.employee.common.entity.identitysource.IdentitySourceSyncRecordEntity; @@ -40,6 +28,16 @@ import cn.topiam.employee.console.pojo.result.account.UserGroupListResult; import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceSyncHistoryListResult; import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceSyncRecordListResult; import cn.topiam.employee.support.repository.page.domain.Page; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; + +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; /** * 身份源转换器 @@ -58,7 +56,8 @@ public interface IdentitySourceSyncConverter { */ default Predicate queryIdentitySourceSyncHistoryListQueryConvertToPredicate(IdentitySourceSyncHistoryListQuery query) { QIdentitySourceSyncHistoryEntity queryEntity = QIdentitySourceSyncHistoryEntity.identitySourceSyncHistoryEntity; - Predicate predicate = queryEntity.isNotNull(); + Predicate predicate = ExpressionUtils.and(queryEntity.isNotNull(), + queryEntity.isDeleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off predicate = StringUtils.isBlank(query.getIdentitySourceId()) ? predicate : ExpressionUtils.and(predicate, queryEntity.identitySourceId.eq(Long.valueOf(query.getIdentitySourceId()))); @@ -156,7 +155,8 @@ public interface IdentitySourceSyncConverter { */ default Predicate queryIdentitySourceSyncRecordListQueryConvertToPredicate(IdentitySourceSyncRecordListQuery query) { QIdentitySourceSyncRecordEntity entity = QIdentitySourceSyncRecordEntity.identitySourceSyncRecordEntity; - Predicate predicate = entity.isNotNull(); + Predicate predicate = ExpressionUtils.and(entity.isNotNull(), + entity.isDeleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off predicate = StringUtils.isBlank(query.getSyncHistoryId()) ? predicate : ExpressionUtils.and(predicate, entity.syncHistoryId.eq(Long.valueOf(query.getSyncHistoryId()))); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/AdministratorConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/AdministratorConverter.java index 4ff19cb4..fbd9b885 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/AdministratorConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/AdministratorConverter.java @@ -17,17 +17,6 @@ */ package cn.topiam.employee.console.converter.setting; -import java.util.ArrayList; -import java.util.List; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.springframework.util.CollectionUtils; - -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.common.entity.account.query.UserListQuery; import cn.topiam.employee.common.entity.setting.AdministratorEntity; import cn.topiam.employee.common.entity.setting.QAdministratorEntity; @@ -37,6 +26,15 @@ import cn.topiam.employee.console.pojo.result.setting.AdministratorResult; import cn.topiam.employee.console.pojo.save.setting.AdministratorCreateParam; import cn.topiam.employee.console.pojo.update.setting.AdministratorUpdateParam; import cn.topiam.employee.support.repository.page.domain.Page; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.springframework.util.CollectionUtils; + +import java.util.ArrayList; +import java.util.List; /** * 管理员映射 @@ -139,7 +137,8 @@ public interface AdministratorConverter { */ default Predicate queryAdministratorListParamConvertToPredicate(AdministratorListQuery query) { QAdministratorEntity user = QAdministratorEntity.administratorEntity; - Predicate predicate = user.isNotNull(); + Predicate predicate = ExpressionUtils.and(user.isNotNull(), + user.isDeleted.eq(Boolean.FALSE)); //查询条件 //@formatter:off predicate = StringUtils.isBlank(query.getUsername()) ? predicate : ExpressionUtils.and(predicate, user.username.eq(query.getUsername())); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/GeoLocationSettingConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/GeoLocationSettingConverter.java index eacc5052..018679c0 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/GeoLocationSettingConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/GeoLocationSettingConverter.java @@ -17,16 +17,7 @@ */ package cn.topiam.employee.console.converter.setting; -import java.util.Objects; - -import javax.validation.ValidationException; - -import org.mapstruct.Mapper; - -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; - +import cn.topiam.employee.common.crypto.EncryptionModule; import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.geo.GeoLocationProviderConfig; import cn.topiam.employee.common.geo.maxmind.MaxmindProviderConfig; @@ -36,6 +27,14 @@ import cn.topiam.employee.console.pojo.result.setting.GeoIpProviderResult; import cn.topiam.employee.console.pojo.save.setting.GeoIpProviderSaveParam; import cn.topiam.employee.console.pojo.save.setting.MailProviderSaveParam; import cn.topiam.employee.support.validation.ValidationHelp; +import com.fasterxml.jackson.annotation.JsonTypeInfo; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.mapstruct.Mapper; + +import javax.validation.ValidationException; +import java.util.Objects; + import static cn.topiam.employee.core.setting.constant.GeoIpProviderConstants.IPADDRESS_SETTING_NAME; /** @@ -53,7 +52,7 @@ public interface GeoLocationSettingConverter { * @return {@link SettingEntity} */ default SettingEntity geoLocationProviderConfigToEntity(GeoIpProviderSaveParam param) { - ObjectMapper objectMapper = new ObjectMapper(); + ObjectMapper objectMapper = EncryptionModule.serializerEncrypt(); // 指定序列化输入的类型 objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(), ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); @@ -95,7 +94,7 @@ public interface GeoLocationSettingConverter { } try { String value = entity.getValue(); - ObjectMapper objectMapper = new ObjectMapper(); + ObjectMapper objectMapper = EncryptionModule.deserializerDecrypt(); // 指定序列化输入的类型 objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(), ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MailTemplateConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MailTemplateConverter.java index ad3cd948..d82bc1f7 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MailTemplateConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MailTemplateConverter.java @@ -17,20 +17,19 @@ */ package cn.topiam.employee.console.converter.setting; -import java.util.ArrayList; -import java.util.List; - -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; - import cn.topiam.employee.common.entity.setting.MailTemplateEntity; import cn.topiam.employee.common.enums.MailType; import cn.topiam.employee.console.pojo.result.setting.EmailTemplateListResult; import cn.topiam.employee.console.pojo.result.setting.EmailTemplateResult; import cn.topiam.employee.console.pojo.save.setting.EmailCustomTemplateSaveParam; -import static org.springframework.web.util.HtmlUtils.htmlUnescape; +import org.mapstruct.Mapper; +import org.mapstruct.Mapping; + +import java.util.ArrayList; +import java.util.List; import static cn.topiam.employee.core.message.mail.MailUtils.readEmailContent; +import static org.springframework.web.util.HtmlUtils.htmlUnescape; /** * 消息服务数据映射 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MessageSettingConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MessageSettingConverter.java index f0461835..fea04195 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MessageSettingConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/MessageSettingConverter.java @@ -17,18 +17,8 @@ */ package cn.topiam.employee.console.converter.setting; -import java.util.Objects; - -import javax.validation.ValidationException; - -import org.mapstruct.Mapper; - -import com.alibaba.fastjson2.JSONObject; -import com.alibaba.fastjson2.JSONWriter; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; - +import cn.topiam.employee.common.crypto.EncryptContextHelp; +import cn.topiam.employee.common.crypto.EncryptionModule; import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.entity.setting.config.SmsConfig; import cn.topiam.employee.common.enums.MessageNoticeChannel; @@ -44,8 +34,17 @@ import cn.topiam.employee.console.pojo.result.setting.EmailProviderConfigResult; import cn.topiam.employee.console.pojo.save.setting.MailProviderSaveParam; import cn.topiam.employee.console.pojo.save.setting.SmsProviderSaveParam; import cn.topiam.employee.console.pojo.setting.SmsProviderConfigResult; -import cn.topiam.employee.support.util.AesUtils; import cn.topiam.employee.support.validation.ValidationHelp; +import com.alibaba.fastjson2.JSONObject; +import com.alibaba.fastjson2.JSONWriter; +import com.fasterxml.jackson.annotation.JsonTypeInfo; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.mapstruct.Mapper; + +import javax.validation.ValidationException; +import java.util.Objects; + import static cn.topiam.employee.core.context.SettingContextHelp.getSmsProviderConfig; import static cn.topiam.employee.core.setting.constant.MessageSettingConstants.MESSAGE_PROVIDER_EMAIL; import static cn.topiam.employee.core.setting.constant.MessageSettingConstants.MESSAGE_SMS_PROVIDER; @@ -73,7 +72,7 @@ public interface MessageSettingConverter { MailProviderConfig.MailProviderConfigBuilder builder = MailProviderConfig.builder() .username(param.getUsername()) - .secret(AesUtils.encrypt(param.getSecret())); + .secret(EncryptContextHelp.encrypt(param.getSecret())); //根据提供商封装参数 if (MailProvider.CUSTOMIZE.equals(param.getProvider())) { desc = desc + MailProvider.CUSTOMIZE.getName(); @@ -134,13 +133,12 @@ public interface MessageSettingConverter { ValidationHelp.ValidationResult validationResult = null; String desc = MessageNoticeChannel.SMS.getDesc(); SmsProviderConfig providerConfig = new SmsProviderConfig(); - ObjectMapper objectMapper = new ObjectMapper(); + ObjectMapper objectMapper = EncryptionModule.deserializerEncrypt(); try { // 七牛云 if (SmsProvider.QINIU.equals(param.getProvider())) { QiNiuSmsProviderConfig smsConfig = objectMapper.readValue(param.getConfig().toJSONString(), QiNiuSmsProviderConfig.class); validationResult = ValidationHelp.validateEntity(smsConfig); - smsConfig.setSecretKey(AesUtils.encrypt(smsConfig.getSecretKey())); providerConfig = smsConfig; desc = desc + SmsProvider.QINIU.getDesc(); } @@ -148,7 +146,6 @@ public interface MessageSettingConverter { else if (SmsProvider.ALIYUN.equals(param.getProvider())) { AliyunSmsProviderConfig smsConfig = objectMapper.readValue(param.getConfig().toJSONString(), AliyunSmsProviderConfig.class); validationResult = ValidationHelp.validateEntity(smsConfig); - smsConfig.setAccessKeySecret(AesUtils.encrypt(smsConfig.getAccessKeySecret())); providerConfig = smsConfig; desc = desc + SmsProvider.ALIYUN.getDesc(); } @@ -156,7 +153,6 @@ public interface MessageSettingConverter { else if (SmsProvider.TENCENT.equals(param.getProvider())) { TencentSmsProviderConfig smsConfig = objectMapper.readValue(param.getConfig().toJSONString(), TencentSmsProviderConfig.class); validationResult = ValidationHelp.validateEntity(smsConfig); - smsConfig.setSecretKey(AesUtils.encrypt(smsConfig.getSecretKey())); providerConfig = smsConfig; desc = desc + SmsProvider.TENCENT.getDesc(); } @@ -205,7 +201,7 @@ public interface MessageSettingConverter { .port(setting.getPort()) .safetyType(setting.getSafetyType()) .username(setting.getUsername()) - .secret(AesUtils.decrypt(setting.getSecret())) + .secret(EncryptContextHelp.decrypt(setting.getSecret())) .smtpUrl(setting.getSmtpUrl()) .enabled(true) .build(); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/PasswordPolicyConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/PasswordPolicyConverter.java index a147cd7e..8acd4589 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/PasswordPolicyConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/PasswordPolicyConverter.java @@ -17,17 +17,17 @@ */ package cn.topiam.employee.console.converter.setting; -import java.util.*; -import java.util.stream.Collectors; - -import org.apache.commons.lang3.ObjectUtils; -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; - import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.console.pojo.result.setting.PasswordPolicyConfigResult; import cn.topiam.employee.console.pojo.save.setting.PasswordPolicySaveParam; import cn.topiam.employee.core.security.password.enums.PasswordComplexityRule; +import org.apache.commons.lang3.ObjectUtils; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; + +import java.util.*; +import java.util.stream.Collectors; + import static cn.topiam.employee.core.setting.constant.PasswordPolicySettingConstants.*; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/SecuritySettingConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/SecuritySettingConverter.java index 0835beab..d4d01d0f 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/SecuritySettingConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/SecuritySettingConverter.java @@ -17,21 +17,7 @@ */ package cn.topiam.employee.console.converter.setting; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.Objects; -import java.util.stream.Collectors; - -import javax.validation.ValidationException; - -import org.apache.commons.lang3.ObjectUtils; -import org.mapstruct.Mapper; - -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; - +import cn.topiam.employee.authentication.captcha.geetest.GeeTestCaptchaProviderConfig; import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.enums.CaptchaProviderType; import cn.topiam.employee.common.enums.MfaFactor; @@ -43,11 +29,22 @@ import cn.topiam.employee.console.pojo.save.setting.SecurityBasicSaveParam; import cn.topiam.employee.console.pojo.save.setting.SecurityCaptchaSaveParam; import cn.topiam.employee.console.pojo.save.setting.SecurityMfaSaveParam; import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig; -import cn.topiam.employee.core.security.captcha.geetest.GeeTestCaptchaProviderConfig; import cn.topiam.employee.support.validation.ValidationHelp; +import com.fasterxml.jackson.annotation.JsonTypeInfo; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.apache.commons.lang3.ObjectUtils; +import org.mapstruct.Mapper; + +import javax.validation.ValidationException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.stream.Collectors; + import static cn.topiam.employee.core.setting.constant.MfaSettingConstants.*; import static cn.topiam.employee.core.setting.constant.SecuritySettingConstants.*; - import static liquibase.sqlgenerator.core.MarkChangeSetRanGenerator.COMMA; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/StorageSettingConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/StorageSettingConverter.java index 75257233..8f849c95 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/StorageSettingConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/StorageSettingConverter.java @@ -17,16 +17,7 @@ */ package cn.topiam.employee.console.converter.setting; -import java.util.Objects; - -import javax.validation.ValidationException; - -import org.mapstruct.Mapper; - -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; - +import cn.topiam.employee.common.crypto.EncryptionModule; import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.storage.StorageConfig; import cn.topiam.employee.common.storage.enums.StorageProvider; @@ -37,6 +28,14 @@ import cn.topiam.employee.common.storage.impl.QiNiuKodoStorage; import cn.topiam.employee.console.pojo.result.setting.StorageProviderConfigResult; import cn.topiam.employee.console.pojo.save.setting.StorageConfigSaveParam; import cn.topiam.employee.support.validation.ValidationHelp; +import com.fasterxml.jackson.annotation.JsonTypeInfo; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.mapstruct.Mapper; + +import javax.validation.ValidationException; +import java.util.Objects; + import static cn.topiam.employee.core.setting.constant.StorageProviderSettingConstants.STORAGE_PROVIDER_KEY; /** @@ -59,7 +58,7 @@ public interface StorageSettingConverter { ValidationHelp.ValidationResult validationResult = null; StorageConfig.StorageConfigBuilder builder = StorageConfig.builder(); builder.provider(provider); - ObjectMapper objectMapper = new ObjectMapper(); + ObjectMapper objectMapper = EncryptionModule.deserializerEncrypt(); try { //阿里云 if (provider.equals(StorageProvider.ALIYUN_OSS)) { @@ -121,7 +120,7 @@ public interface StorageSettingConverter { if (Objects.isNull(entity)) { return StorageProviderConfigResult.builder().enabled(false).build(); } - ObjectMapper objectMapper = new ObjectMapper(); + ObjectMapper objectMapper = EncryptionModule.deserializerDecrypt(); // 指定序列化输入的类型 objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(), ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); @@ -133,7 +132,7 @@ public interface StorageSettingConverter { return StorageProviderConfigResult.builder() .provider(storageConfig.getProvider()) .enabled(true) - .config(storageConfig).build(); + .config(storageConfig.getConfig()).build(); //@formatter:on } catch (JsonProcessingException e) { throw new RuntimeException(e); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAdminPasswordInitializeListener.java b/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAdminPasswordInitializeListener.java index c54c9ff7..f5637cf5 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAdminPasswordInitializeListener.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAdminPasswordInitializeListener.java @@ -17,13 +17,10 @@ */ package cn.topiam.employee.console.listener; -import java.io.BufferedWriter; -import java.io.File; -import java.io.FileWriter; -import java.util.Locale; -import java.util.Optional; -import java.util.concurrent.TimeUnit; - +import cn.topiam.employee.common.entity.setting.AdministratorEntity; +import cn.topiam.employee.common.enums.UserStatus; +import cn.topiam.employee.common.repository.setting.AdministratorRepository; +import cn.topiam.employee.support.trace.TraceUtils; import org.redisson.api.RLock; import org.redisson.api.RedissonClient; import org.slf4j.Logger; @@ -37,10 +34,13 @@ import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Transactional; import org.springframework.util.JdkIdGenerator; -import cn.topiam.employee.common.entity.setting.AdministratorEntity; -import cn.topiam.employee.common.enums.UserStatus; -import cn.topiam.employee.common.repository.setting.AdministratorRepository; -import cn.topiam.employee.support.trace.TraceUtils; +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileWriter; +import java.util.Locale; +import java.util.Optional; +import java.util.concurrent.TimeUnit; + import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_ADMIN_USERNAME; import static cn.topiam.employee.support.lock.LockAspect.getTopiamLockKeyPrefix; import static cn.topiam.employee.support.util.CreateFileUtil.createFile; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAesSecretInitializeListener.java b/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAesSecretInitializeListener.java new file mode 100644 index 00000000..643425bc --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/listener/ConsoleAesSecretInitializeListener.java @@ -0,0 +1,108 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.listener; + +import cn.topiam.employee.common.entity.setting.SettingEntity; +import cn.topiam.employee.common.repository.setting.SettingRepository; +import cn.topiam.employee.support.trace.TraceUtils; +import cn.topiam.employee.support.util.AesUtils; +import org.redisson.api.RLock; +import org.redisson.api.RedissonClient; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.context.event.ApplicationPreparedEvent; +import org.springframework.context.ApplicationListener; +import org.springframework.lang.NonNull; +import org.springframework.stereotype.Component; +import org.springframework.transaction.annotation.Transactional; +import org.springframework.util.JdkIdGenerator; + +import java.util.Objects; +import java.util.concurrent.TimeUnit; + +import static cn.topiam.employee.common.constants.SettingConstants.AES_SECRET; +import static cn.topiam.employee.support.constant.EiamConstants.COLON; +import static cn.topiam.employee.support.lock.LockAspect.getTopiamLockKeyPrefix; + +/** + * ConsoleAesInitializeListener + * + * @author TopIAM + * Created by support@topiam.cn on 2022/12/22 21:44 + */ +@Component +public class ConsoleAesSecretInitializeListener implements + ApplicationListener { + + @Override + @Transactional(rollbackFor = Exception.class) + public void onApplicationEvent(@NonNull ApplicationPreparedEvent applicationPreparedEvent) { + //@formatter:off + String traceId = jdkIdGenerator.generateId().toString(); + TraceUtils.put(traceId); + RLock lock = redissonClient.getLock(getTopiamLockKeyPrefix() + COLON + "aes"); + boolean tryLock = false; + try { + tryLock = lock.tryLock(1, TimeUnit.SECONDS); + if (tryLock){ + SettingEntity optional = settingRepository.findByName(AES_SECRET); + if (Objects.isNull(optional)) { + // 保存AES秘钥 + saveInitAesSecret(AesUtils.generateKey()); + } + } + + } catch (Exception exception) { + int exitCode = SpringApplication.exit(applicationPreparedEvent.getApplicationContext(), + () -> 0); + System.exit(exitCode); + } finally { + if (tryLock && lock.isLocked()) { + lock.unlock(); + } + TraceUtils.remove(); + } + //@formatter:on + } + + /** + * 保存管理员 + * + * @param secret {@link String} + */ + private void saveInitAesSecret(String secret) { + SettingEntity setting = new SettingEntity(); + setting.setName(AES_SECRET); + setting.setValue(secret); + setting.setDesc("Project aes secret"); + setting.setRemark("This aes secret is automatically created during system initialization."); + settingRepository.save(setting); + } + + private final JdkIdGenerator jdkIdGenerator = new JdkIdGenerator(); + + private final SettingRepository settingRepository; + + private final RedissonClient redissonClient; + + public ConsoleAesSecretInitializeListener(SettingRepository settingRepository, + RedissonClient redissonClient) { + this.settingRepository = settingRepository; + this.redissonClient = redissonClient; + } + +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/IdentitySourceConfigValidatorParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/IdentitySourceConfigValidatorParam.java index 0f3e59d4..4b17118d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/IdentitySourceConfigValidatorParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/IdentitySourceConfigValidatorParam.java @@ -17,21 +17,16 @@ */ package cn.topiam.employee.console.pojo.other; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - -import org.springdoc.api.annotations.ParameterObject; - +import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider; import com.alibaba.fastjson2.JSONObject; - -import cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; + +import javax.validation.constraints.NotNull; +import java.io.Serial; +import java.io.Serializable; /** * 身份源配置验证器入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/OrganizationExcelData.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/OrganizationExcelData.java index 070bfb7c..1c427d4d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/OrganizationExcelData.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/other/OrganizationExcelData.java @@ -17,19 +17,15 @@ */ package cn.topiam.employee.console.pojo.other; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - -import org.hibernate.validator.constraints.Length; - +import cn.topiam.employee.common.enums.OrganizationType; import com.alibaba.excel.annotation.ExcelProperty; import com.alibaba.excel.annotation.write.style.ColumnWidth; - -import cn.topiam.employee.common.enums.OrganizationType; - import lombok.Data; +import org.hibernate.validator.constraints.Length; + +import javax.validation.constraints.NotNull; +import java.io.Serial; +import java.io.Serializable; /** * 组织架构Excel diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/account/UserGroupListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/account/UserGroupListQuery.java index 568a739d..2be6c9ab 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/account/UserGroupListQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/account/UserGroupListQuery.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.query.account; -import java.io.Serial; -import java.io.Serializable; - -import org.springdoc.api.annotations.ParameterObject; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; + +import java.io.Serial; +import java.io.Serializable; /** * 查询用户列表入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/analysis/AnalysisQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/analysis/AnalysisQuery.java index 91eaddd3..6ba9bca9 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/analysis/AnalysisQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/analysis/AnalysisQuery.java @@ -17,19 +17,17 @@ */ package cn.topiam.employee.console.pojo.query.analysis; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import lombok.Getter; +import org.elasticsearch.search.aggregations.bucket.histogram.DateHistogramInterval; +import org.springframework.format.annotation.DateTimeFormat; + +import javax.validation.constraints.NotNull; import java.io.Serializable; import java.time.LocalDateTime; import java.time.Period; -import javax.validation.constraints.NotNull; - -import org.elasticsearch.search.aggregations.bucket.histogram.DateHistogramInterval; -import org.springframework.format.annotation.DateTimeFormat; - -import lombok.Data; -import lombok.Getter; - -import io.swagger.v3.oas.annotations.media.Schema; import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN; /** @@ -67,11 +65,17 @@ public class AnalysisQuery implements Serializable { @Getter public enum Interval { - + /** + * HOUR + */ HOUR(DateHistogramInterval.HOUR, "HH时"), - + /** + * DAY + */ DAY(DateHistogramInterval.DAY, "dd日"), - + /** + * MONTH + */ MONTH(DateHistogramInterval.MONTH, "MM月"); private final DateHistogramInterval type; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppCertQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppCertQuery.java index 4098aa57..59cac4e1 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppCertQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppCertQuery.java @@ -17,18 +17,14 @@ */ package cn.topiam.employee.console.pojo.query.app; -import java.io.Serializable; - -import javax.validation.constraints.NotBlank; - -import org.springdoc.api.annotations.ParameterObject; - import cn.topiam.employee.common.enums.app.AppCertUsingType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; + +import javax.validation.constraints.NotBlank; +import java.io.Serializable; /** * 查询应用证书列表入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionActionListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionActionListQuery.java index 554ea08a..6822403f 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionActionListQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionActionListQuery.java @@ -17,17 +17,14 @@ */ package cn.topiam.employee.console.pojo.query.app; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotEmpty; - -import org.springdoc.api.annotations.ParameterObject; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; + +import javax.validation.constraints.NotEmpty; +import java.io.Serial; +import java.io.Serializable; /** * 查询权限列表入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionRoleListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionRoleListQuery.java index f274045c..f3b9835a 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionRoleListQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppPermissionRoleListQuery.java @@ -17,16 +17,13 @@ */ package cn.topiam.employee.console.pojo.query.app; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - -import org.springdoc.api.annotations.ParameterObject; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; + +import javax.validation.constraints.NotNull; +import java.io.Serializable; /** * 分页查询角色入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppQuery.java index a5fd4d81..164e2a62 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppQuery.java @@ -17,16 +17,13 @@ */ package cn.topiam.employee.console.pojo.query.app; -import java.io.Serializable; - -import org.springdoc.api.annotations.ParameterObject; - import cn.topiam.employee.common.enums.app.AppProtocol; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; + +import java.io.Serializable; /** * 查询应用列表入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppResourceListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppResourceListQuery.java index e7c706ff..96bb49a4 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppResourceListQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/app/AppResourceListQuery.java @@ -17,16 +17,13 @@ */ package cn.topiam.employee.console.pojo.query.app; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - -import org.springdoc.api.annotations.ParameterObject; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; + +import javax.validation.constraints.NotNull; +import java.io.Serializable; /** * 分页查询资源入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/authentication/IdentityProviderListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/authentication/IdentityProviderListQuery.java index 2006df03..02cc739e 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/authentication/IdentityProviderListQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/authentication/IdentityProviderListQuery.java @@ -17,19 +17,14 @@ */ package cn.topiam.employee.console.pojo.query.authentication; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - -import org.springdoc.api.annotations.ParameterObject; - -import cn.topiam.employee.common.enums.IdentityProviderCategory; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; + +import javax.validation.constraints.NotNull; +import java.io.Serial; +import java.io.Serializable; /** * @author TopIAM @@ -41,19 +36,19 @@ import io.swagger.v3.oas.annotations.media.Schema; public class IdentityProviderListQuery implements Serializable { @Serial - private static final long serialVersionUID = 1191998425971892318L; + private static final long serialVersionUID = 1191998425971892318L; /** * 认证源ID */ @Parameter(description = "认证源名称") - private String name; + private String name; /** * 认证源类型 */ @Parameter(description = "认证源分类") @NotNull(message = "认证源分类不能为空") - private IdentityProviderCategory category; + private String category; } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceEventRecordListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceEventRecordListQuery.java index 1b7826ea..334dc26c 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceEventRecordListQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceEventRecordListQuery.java @@ -17,19 +17,16 @@ */ package cn.topiam.employee.console.pojo.query.identity; -import java.io.Serial; -import java.io.Serializable; - -import org.springdoc.api.annotations.ParameterObject; - import cn.topiam.employee.common.enums.SyncStatus; import cn.topiam.employee.common.enums.identitysource.IdentitySourceActionType; import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; + +import java.io.Serial; +import java.io.Serializable; /** * 查询身份源事件记录列表入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceListQuery.java index acdd4b50..3c4ccd5e 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceListQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceListQuery.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.query.identity; -import java.io.Serial; -import java.io.Serializable; - -import org.springdoc.api.annotations.ParameterObject; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; + +import java.io.Serial; +import java.io.Serializable; /** * 查询身份源列表入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncHistoryListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncHistoryListQuery.java index 7875ed40..7b7bb3fc 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncHistoryListQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncHistoryListQuery.java @@ -17,21 +17,17 @@ */ package cn.topiam.employee.console.pojo.query.identity; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotBlank; - -import org.springdoc.api.annotations.ParameterObject; - import cn.topiam.employee.common.enums.SyncStatus; import cn.topiam.employee.common.enums.TriggerType; import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; + +import javax.validation.constraints.NotBlank; +import java.io.Serial; +import java.io.Serializable; /** * 查询身份源列表入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncRecordListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncRecordListQuery.java index 990cd980..ece5523e 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncRecordListQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/identity/IdentitySourceSyncRecordListQuery.java @@ -17,21 +17,17 @@ */ package cn.topiam.employee.console.pojo.query.identity; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotBlank; - -import org.springdoc.api.annotations.ParameterObject; - import cn.topiam.employee.common.enums.SyncStatus; import cn.topiam.employee.common.enums.identitysource.IdentitySourceActionType; import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; + +import javax.validation.constraints.NotBlank; +import java.io.Serial; +import java.io.Serializable; /** * 查询身份源同步详情入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/setting/AdministratorListQuery.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/setting/AdministratorListQuery.java index 0df35661..0cfde8ea 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/setting/AdministratorListQuery.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/query/setting/AdministratorListQuery.java @@ -17,12 +17,10 @@ */ package cn.topiam.employee.console.pojo.query.setting; -import org.springdoc.api.annotations.ParameterObject; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import org.springdoc.api.annotations.ParameterObject; /** * @author TopIAM diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationChildResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationChildResult.java index 84b10b06..5897d0f5 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationChildResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationChildResult.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.result.account; -import java.io.Serial; -import java.io.Serializable; - import com.fasterxml.jackson.annotation.JsonProperty; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; /** * 获取子组织 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationResult.java index 7be8b617..fb8d1ed2 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationResult.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.result.account; -import java.io.Serial; -import java.io.Serializable; - import cn.topiam.employee.common.enums.OrganizationType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; /** * 获取组织 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationRootResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationRootResult.java index d8443a5a..2ce3b684 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationRootResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationRootResult.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.result.account; -import java.io.Serial; -import java.io.Serializable; - import com.fasterxml.jackson.annotation.JsonProperty; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; /** * 获取根组织 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationTreeResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationTreeResult.java index 86f26cce..1bb15ed7 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationTreeResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/OrganizationTreeResult.java @@ -17,17 +17,15 @@ */ package cn.topiam.employee.console.pojo.result.account; +import com.fasterxml.jackson.annotation.JsonProperty; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + import java.io.Serial; import java.io.Serializable; import java.util.List; -import com.fasterxml.jackson.annotation.JsonProperty; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; - /** * 查询组织架构树结果 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupListResult.java index 5b820eea..a1cfefc3 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupListResult.java @@ -17,14 +17,13 @@ */ package cn.topiam.employee.console.pojo.result.account; -import java.io.Serial; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; import lombok.experimental.Accessors; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 用户分页查询结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupMemberListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupMemberListResult.java index 58aa2152..87d8f014 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupMemberListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupMemberListResult.java @@ -17,13 +17,12 @@ */ package cn.topiam.employee.console.pojo.result.account; -import java.io.Serial; -import java.io.Serializable; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; /** * 查询用户详情结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupResult.java index 1e3ec2ec..b34ff118 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserGroupResult.java @@ -17,13 +17,12 @@ */ package cn.topiam.employee.console.pojo.result.account; -import java.io.Serial; -import java.io.Serializable; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; /** * 查询用户分组详情 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserListResult.java index a4c80d65..57341b48 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserListResult.java @@ -17,17 +17,16 @@ */ package cn.topiam.employee.console.pojo.result.account; +import com.fasterxml.jackson.annotation.JsonFormat; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import lombok.experimental.Accessors; + import java.io.Serial; import java.io.Serializable; import java.time.LocalDateTime; -import com.fasterxml.jackson.annotation.JsonFormat; - -import lombok.Data; -import lombok.experimental.Accessors; - -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserLoginAuditListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserLoginAuditListResult.java index f9791adb..ba1bdbe5 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserLoginAuditListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserLoginAuditListResult.java @@ -17,14 +17,12 @@ */ package cn.topiam.employee.console.pojo.result.account; -import java.time.LocalDateTime; - import cn.topiam.employee.audit.enums.EventStatus; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.time.LocalDateTime; /** * 用户登录日志返回结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserResult.java index 708f5f05..91be82b1 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/account/UserResult.java @@ -17,17 +17,16 @@ */ package cn.topiam.employee.console.pojo.result.account; +import com.fasterxml.jackson.annotation.JsonFormat; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + import java.io.Serial; import java.io.Serializable; import java.time.LocalDate; import java.time.LocalDateTime; -import com.fasterxml.jackson.annotation.JsonFormat; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AppVisitRankResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AppVisitRankResult.java index 23d1516a..92c44d71 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AppVisitRankResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AppVisitRankResult.java @@ -17,12 +17,11 @@ */ package cn.topiam.employee.console.pojo.result.analysis; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.AllArgsConstructor; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; /** * 应用热点访问结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnHotProviderResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnHotProviderResult.java index a21a19ad..f63a03db 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnHotProviderResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnHotProviderResult.java @@ -17,12 +17,11 @@ */ package cn.topiam.employee.console.pojo.result.analysis; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; -import io.swagger.v3.oas.annotations.media.Schema; - /** * 热点认证方式结果 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnQuantityResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnQuantityResult.java index 191a4c0b..ad596eaa 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnQuantityResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnQuantityResult.java @@ -17,12 +17,11 @@ */ package cn.topiam.employee.console.pojo.result.analysis; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.AllArgsConstructor; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; /** * 认证量统计结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnZoneResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnZoneResult.java new file mode 100644 index 00000000..86ce2e78 --- /dev/null +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/AuthnZoneResult.java @@ -0,0 +1,48 @@ +/* + * eiam-console - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.console.pojo.result.analysis; + +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.AllArgsConstructor; +import lombok.Data; +import lombok.NoArgsConstructor; + +/** + * 登录区域结果 + * + * @author TopIAM + * Created by support@topiam.cn on 2023/01/24 23:16 + */ +@Data +@NoArgsConstructor +@AllArgsConstructor +@Schema(description = "登录区域结果") +public class AuthnZoneResult { + + /** + * 省份code + */ + @Schema(description = "省份code") + private String name; + + /** + * 登录次数 + */ + @Schema(description = "登录次数") + private Long count; +} diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/OverviewResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/OverviewResult.java index 428172c0..e5452377 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/OverviewResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/analysis/OverviewResult.java @@ -17,11 +17,10 @@ */ package cn.topiam.employee.console.pojo.result.analysis; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; /** * 概述总计结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccessPolicyResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccessPolicyResult.java index a5d06ce8..c12389a1 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccessPolicyResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccessPolicyResult.java @@ -17,13 +17,11 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.time.LocalDateTime; - import cn.topiam.employee.common.enums.PolicySubjectType; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import java.time.LocalDateTime; /** * 应用访问授权策略结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccountListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccountListResult.java index 7742cd2e..94eecb71 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccountListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppAccountListResult.java @@ -17,11 +17,10 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.time.LocalDateTime; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import java.time.LocalDateTime; /** * AppAccountCreateParam 应用账户查询结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCertListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCertListResult.java index 00080a03..d2cf3414 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCertListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCertListResult.java @@ -18,12 +18,10 @@ package cn.topiam.employee.console.pojo.result.app; import cn.topiam.employee.common.enums.app.AppCertUsingType; - -import lombok.AllArgsConstructor; -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.AllArgsConstructor; +import lombok.Data; /** * 获取应用证书列表结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCreateResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCreateResult.java index 6aa6d725..d9f3ed0b 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCreateResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppCreateResult.java @@ -17,13 +17,12 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.AllArgsConstructor; import lombok.Data; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; /** * 应用创建返回结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppGetResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppGetResult.java index 2b81c5a6..ea0e8183 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppGetResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppGetResult.java @@ -17,16 +17,14 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.io.Serializable; -import java.time.LocalDateTime; - import cn.topiam.employee.common.enums.app.AppProtocol; import cn.topiam.employee.common.enums.app.AppType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; +import java.time.LocalDateTime; /** * 获取应用返回 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppListResult.java index c779299f..2ff4cf33 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppListResult.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.io.Serializable; - import cn.topiam.employee.common.enums.app.AppProtocol; import cn.topiam.employee.common.enums.app.AppType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; /** * 应用列表返回 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionActionListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionActionListResult.java index c6264ab3..2334d404 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionActionListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionActionListResult.java @@ -17,15 +17,14 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.io.Serial; -import java.io.Serializable; -import java.util.List; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; import lombok.experimental.Accessors; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; +import java.util.List; /** * 获取应用资源权限列表 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyGetResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyGetResult.java index 0a906557..e9bc662c 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyGetResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyGetResult.java @@ -17,16 +17,14 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.io.Serializable; - import cn.topiam.employee.common.enums.PolicyEffect; import cn.topiam.employee.common.enums.PolicyObjectType; import cn.topiam.employee.common.enums.PolicySubjectType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; /** * 获取资源 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyListResult.java index 4c51fd9f..2add59cb 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionPolicyListResult.java @@ -20,11 +20,9 @@ package cn.topiam.employee.console.pojo.result.app; import cn.topiam.employee.common.enums.PolicyEffect; import cn.topiam.employee.common.enums.PolicyObjectType; import cn.topiam.employee.common.enums.PolicySubjectType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; /** * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceGetResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceGetResult.java index 36e0a7ae..b9292f07 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceGetResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceGetResult.java @@ -17,17 +17,15 @@ */ package cn.topiam.employee.console.pojo.result.app; +import cn.topiam.employee.common.enums.PermissionActionType; +import io.swagger.v3.oas.annotations.Hidden; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + import java.io.Serial; import java.io.Serializable; import java.util.List; -import cn.topiam.employee.common.enums.PermissionActionType; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.Hidden; -import io.swagger.v3.oas.annotations.media.Schema; - /** * 获取资源 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceListResult.java index 444b737c..ea704be8 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionResourceListResult.java @@ -17,14 +17,13 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.io.Serial; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; import lombok.experimental.Accessors; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 资源分页查询结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleListResult.java index 64fe1136..512d1b9f 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleListResult.java @@ -17,14 +17,13 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.io.Serial; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; import lombok.experimental.Accessors; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 角色分页查询结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleResult.java index 48868e80..34ee6fd6 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppPermissionRoleResult.java @@ -17,12 +17,11 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.io.Serializable; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; /** * 获取角色 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppTemplateResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppTemplateResult.java index 4492969f..a34e2f38 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppTemplateResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/AppTemplateResult.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.io.Serializable; - import cn.topiam.employee.common.enums.app.AppProtocol; import cn.topiam.employee.common.enums.app.AppType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; /** * 应用模板返回 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/ParseSaml2MetadataResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/ParseSaml2MetadataResult.java index 518caad3..5f1e342f 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/ParseSaml2MetadataResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/ParseSaml2MetadataResult.java @@ -17,12 +17,11 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.io.Serializable; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; /** * 解析SAML2 元数据 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/UserIdpBindListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/UserIdpBindListResult.java index 9524e6a5..a37de037 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/UserIdpBindListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/app/UserIdpBindListResult.java @@ -17,13 +17,10 @@ */ package cn.topiam.employee.console.pojo.result.app; -import java.time.LocalDateTime; - -import cn.topiam.employee.common.enums.IdentityProviderType; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import java.time.LocalDateTime; /** * 用户身份提供商绑定列表查询结果 @@ -39,29 +36,29 @@ public class UserIdpBindListResult { * id */ @Schema(description = "id") - private String id; + private String id; /** * open id */ @Schema(description = "open id") - private Long openId; + private String openId; /** * 提供商名称 */ @Schema(description = "提供商名称") - private String idpName; + private String idpName; /** * 提供商类型 */ @Schema(description = "提供商类型") - private IdentityProviderType idpType; + private String idpType; /** * 绑定时间 */ @Schema(description = "绑定时间") - private LocalDateTime bindTime; + private LocalDateTime bindTime; } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderCreateResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderCreateResult.java index a5dd4d0b..7185c1fd 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderCreateResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderCreateResult.java @@ -17,15 +17,12 @@ */ package cn.topiam.employee.console.pojo.result.authentication; -import java.io.Serializable; - -import cn.topiam.employee.common.enums.IdentityProviderType; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Builder; import lombok.Data; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; /** * 身份源创建返回 @@ -42,11 +39,11 @@ public class IdentityProviderCreateResult implements Serializable { * ID */ @Parameter(description = "ID") - private String id; + private String id; /** * 提供商类型 */ @Parameter(description = "提供商类型") - private IdentityProviderType type; + private String type; } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderListResult.java index 04658241..f82324b5 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderListResult.java @@ -17,14 +17,11 @@ */ package cn.topiam.employee.console.pojo.result.authentication; -import java.io.Serializable; - -import cn.topiam.employee.common.enums.IdentityProviderType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; /** * 社交认证源平台列表,带有元素字段,避免前端重复画页面,基本都是input @@ -40,35 +37,35 @@ public class IdentityProviderListResult implements Serializable { * ID */ @Parameter(description = "ID") - private String id; + private String id; /** * name */ @Parameter(description = "名称") - private String name; + private String name; /** * 提供商 */ @Parameter(description = "提供商") - private IdentityProviderType type; + private String type; /** * 是否启用 */ @Parameter(description = "是否启用") - private Boolean enabled; + private Boolean enabled; /** * 描述 */ @Parameter(description = "描述") - private String desc; + private String desc; /** * 备注 */ @Parameter(description = "备注") - private String remark; + private String remark; } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderResult.java index 02e3916f..42df8e1f 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/authentication/IdentityProviderResult.java @@ -17,16 +17,13 @@ */ package cn.topiam.employee.console.pojo.result.authentication; -import java.io.Serial; -import java.io.Serializable; - import cn.topiam.employee.authentication.common.config.IdentityProviderConfig; -import cn.topiam.employee.common.enums.IdentityProviderType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; /** * 认证源详情 @@ -56,7 +53,7 @@ public class IdentityProviderResult implements Serializable { * 提供商类型 */ @Parameter(description = "提供商类型") - private IdentityProviderType type; + private String type; /** * 配置 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceConfigGetResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceConfigGetResult.java index 6869d90b..23c762f8 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceConfigGetResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceConfigGetResult.java @@ -17,16 +17,14 @@ */ package cn.topiam.employee.console.pojo.result.identitysource; -import java.io.Serial; -import java.io.Serializable; - import cn.topiam.employee.common.entity.identitysource.config.JobConfig; import cn.topiam.employee.common.entity.identitysource.config.StrategyConfig; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; /** * 获取身份源配置 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceEventRecordListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceEventRecordListResult.java index 35dca40a..27a8bc7d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceEventRecordListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceEventRecordListResult.java @@ -17,19 +17,17 @@ */ package cn.topiam.employee.console.pojo.result.identitysource; -import java.io.Serializable; -import java.time.LocalDateTime; - -import com.fasterxml.jackson.annotation.JsonFormat; - import cn.topiam.employee.common.enums.SyncStatus; import cn.topiam.employee.common.enums.identitysource.IdentitySourceActionType; import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType; - -import lombok.Data; - +import com.fasterxml.jackson.annotation.JsonFormat; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; +import java.time.LocalDateTime; + import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceGetResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceGetResult.java index 871c9790..571ba21e 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceGetResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceGetResult.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.result.identitysource; -import java.io.Serial; -import java.io.Serializable; - -import cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider; - -import lombok.Data; - +import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; /** * 身份源源详情 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceListResult.java index 0e8623b5..97b3a803 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceListResult.java @@ -17,12 +17,11 @@ */ package cn.topiam.employee.console.pojo.result.identitysource; -import java.io.Serializable; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; /** * 身份源列表 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncHistoryListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncHistoryListResult.java index 01026141..c3f43c0f 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncHistoryListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncHistoryListResult.java @@ -17,18 +17,16 @@ */ package cn.topiam.employee.console.pojo.result.identitysource; +import cn.topiam.employee.common.enums.TriggerType; +import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType; +import com.fasterxml.jackson.annotation.JsonFormat; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + import java.io.Serializable; import java.time.LocalDateTime; -import com.fasterxml.jackson.annotation.JsonFormat; - -import cn.topiam.employee.common.enums.TriggerType; -import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncRecordListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncRecordListResult.java index 7e052d60..35a67095 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncRecordListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/identitysource/IdentitySourceSyncRecordListResult.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.result.identitysource; -import java.io.Serializable; - import cn.topiam.employee.common.enums.identitysource.IdentitySourceActionType; import cn.topiam.employee.common.enums.identitysource.IdentitySourceObjectType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; /** * 身份源同步详情列表 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorListResult.java index 339629c6..8137cf02 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorListResult.java @@ -17,17 +17,16 @@ */ package cn.topiam.employee.console.pojo.result.setting; +import com.fasterxml.jackson.annotation.JsonFormat; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; +import lombok.experimental.Accessors; + import java.io.Serial; import java.io.Serializable; import java.time.LocalDateTime; -import com.fasterxml.jackson.annotation.JsonFormat; - -import lombok.Data; -import lombok.experimental.Accessors; - -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorResult.java index dc85009b..950002bf 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/AdministratorResult.java @@ -17,15 +17,14 @@ */ package cn.topiam.employee.console.pojo.result.setting; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + import java.io.Serial; import java.io.Serializable; import java.time.LocalDateTime; -import lombok.Data; - -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; - /** * 管理员详情 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailProviderConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailProviderConfigResult.java index fc354379..1e3315f2 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailProviderConfigResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailProviderConfigResult.java @@ -17,17 +17,15 @@ */ package cn.topiam.employee.console.pojo.result.setting; -import java.io.Serial; -import java.io.Serializable; - import cn.topiam.employee.common.message.enums.MailProvider; import cn.topiam.employee.common.message.enums.MailSafetyType; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Builder; import lombok.Data; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 邮件服务商配置查询结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateListResult.java index ef74ea3f..dd0bd58a 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateListResult.java @@ -17,13 +17,12 @@ */ package cn.topiam.employee.console.pojo.result.setting; -import java.io.Serial; -import java.io.Serializable; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; /** * 邮件模板类型返回值 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateResult.java index 1726cec1..0ef7a22d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/EmailTemplateResult.java @@ -17,13 +17,12 @@ */ package cn.topiam.employee.console.pojo.result.setting; -import java.io.Serial; -import java.io.Serializable; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; /** * 邮件模板配置结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/GeoIpProviderResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/GeoIpProviderResult.java index d9ab6ecf..c69829f6 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/GeoIpProviderResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/GeoIpProviderResult.java @@ -17,18 +17,15 @@ */ package cn.topiam.employee.console.pojo.result.setting; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - import cn.topiam.employee.common.geo.GeoLocationProviderConfig; import cn.topiam.employee.common.geo.maxmind.enums.GeoLocationProvider; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Builder; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotNull; +import java.io.Serial; +import java.io.Serializable; /** * 获取地理位置服务商配置信息 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/PasswordPolicyConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/PasswordPolicyConfigResult.java index 04e07166..3d566442 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/PasswordPolicyConfigResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/PasswordPolicyConfigResult.java @@ -17,13 +17,11 @@ */ package cn.topiam.employee.console.pojo.result.setting; -import java.io.Serializable; - import cn.topiam.employee.core.security.password.enums.PasswordComplexityRule; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; /** * 设置密码策略配置结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityBasicConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityBasicConfigResult.java index 2ed2dd03..0db62bdb 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityBasicConfigResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityBasicConfigResult.java @@ -17,12 +17,11 @@ */ package cn.topiam.employee.console.pojo.result.setting; -import java.io.Serializable; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; /** * 安全高级配置结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityCaptchaConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityCaptchaConfigResult.java index e4540a23..b86d29f2 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityCaptchaConfigResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityCaptchaConfigResult.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.result.setting; -import java.io.Serializable; - import cn.topiam.employee.common.enums.CaptchaProviderType; import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; /** * 行为验证码配置结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityMfaConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityMfaConfigResult.java index a81e71a9..24c98434 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityMfaConfigResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SecurityMfaConfigResult.java @@ -17,16 +17,14 @@ */ package cn.topiam.employee.console.pojo.result.setting; -import java.io.Serializable; -import java.util.List; - import cn.topiam.employee.common.enums.MfaFactor; import cn.topiam.employee.common.enums.MfaMode; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; +import java.util.List; /** * 安全MFA配置结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SmsTemplateListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SmsTemplateListResult.java index bd382c72..aacdd854 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SmsTemplateListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/SmsTemplateListResult.java @@ -17,16 +17,14 @@ */ package cn.topiam.employee.console.pojo.result.setting; -import java.io.Serial; -import java.io.Serializable; - import cn.topiam.employee.common.enums.Language; import cn.topiam.employee.common.enums.MessageCategory; import cn.topiam.employee.common.enums.SmsType; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 短信配置结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/StorageProviderConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/StorageProviderConfigResult.java index d5e74bb2..d926c888 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/StorageProviderConfigResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/StorageProviderConfigResult.java @@ -17,17 +17,15 @@ */ package cn.topiam.employee.console.pojo.result.setting; -import java.io.Serial; -import java.io.Serializable; - import cn.topiam.employee.common.storage.StorageConfig; import cn.topiam.employee.common.storage.enums.StorageProvider; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Builder; import lombok.Data; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 存储配置查询结果 @@ -41,21 +39,21 @@ import io.swagger.v3.oas.annotations.media.Schema; public class StorageProviderConfigResult implements Serializable { @Serial - private static final long serialVersionUID = -2667374916357438335L; + private static final long serialVersionUID = -2667374916357438335L; /** * 服务商 */ @Parameter(description = "服务商") - private StorageProvider provider; + private StorageProvider provider; /** * 启用 */ @Parameter(description = "是否启用") - private Boolean enabled; + private Boolean enabled; /** * 配置信息 */ @Parameter(description = "配置信息") - private StorageConfig config; + private StorageConfig.Config config; } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/WeakPasswordLibListResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/WeakPasswordLibListResult.java index 7bd466f4..4b551523 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/WeakPasswordLibListResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/result/setting/WeakPasswordLibListResult.java @@ -17,13 +17,12 @@ */ package cn.topiam.employee.console.pojo.result.setting; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; import lombok.RequiredArgsConstructor; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; /** * 弱密码列表查询结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/OrganizationCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/OrganizationCreateParam.java index e36d95f4..014ae0ae 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/OrganizationCreateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/OrganizationCreateParam.java @@ -17,18 +17,15 @@ */ package cn.topiam.employee.console.pojo.save.account; -import java.io.Serial; -import java.io.Serializable; +import cn.topiam.employee.common.enums.OrganizationType; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotEmpty; import javax.validation.constraints.NotNull; - -import cn.topiam.employee.common.enums.OrganizationType; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 创建组织架构入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserCreateParam.java index f13bbcd6..35343b15 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserCreateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserCreateParam.java @@ -17,23 +17,19 @@ */ package cn.topiam.employee.console.pojo.save.account; +import cn.topiam.employee.common.enums.ListEnumDeserializer; +import cn.topiam.employee.common.enums.MessageNoticeChannel; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.Email; +import javax.validation.constraints.NotBlank; import java.io.Serial; import java.io.Serializable; import java.time.LocalDate; import java.util.List; -import javax.validation.constraints.Email; -import javax.validation.constraints.NotBlank; - -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; - -import cn.topiam.employee.common.enums.ListEnumDeserializer; -import cn.topiam.employee.common.enums.MessageNoticeChannel; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; - /** * 用户创建请求入参 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserGroupCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserGroupCreateParam.java index d0ebb545..d2575e92 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserGroupCreateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/account/UserGroupCreateParam.java @@ -17,14 +17,12 @@ */ package cn.topiam.employee.console.pojo.save.account; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotBlank; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotBlank; +import java.io.Serial; +import java.io.Serializable; /** * 用户创建请求入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccessPolicyCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccessPolicyCreateParam.java index 9a36165f..0f8cdd66 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccessPolicyCreateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccessPolicyCreateParam.java @@ -17,15 +17,12 @@ */ package cn.topiam.employee.console.pojo.save.app; -import java.util.List; - -import javax.validation.constraints.NotNull; - import cn.topiam.employee.common.enums.PolicySubjectType; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotNull; +import java.util.List; /** * 应用访问授权策略添加参数 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccountCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccountCreateParam.java index ee69d078..2a3d6c49 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccountCreateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppAccountCreateParam.java @@ -17,12 +17,11 @@ */ package cn.topiam.employee.console.pojo.save.app; -import javax.validation.constraints.NotBlank; -import javax.validation.constraints.NotNull; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotBlank; +import javax.validation.constraints.NotNull; /** * AppAccountCreateParam 应用账户新增入参 @@ -54,4 +53,10 @@ public class AppAccountCreateParam { @Schema(description = "账户名称") @NotBlank(message = "账户名称不能为空") private String account; + + /** + * 账户密码 + */ + @Schema(description = "账户密码") + private String password; } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppCreateParam.java index 2af065ad..b1cc5904 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppCreateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppCreateParam.java @@ -17,14 +17,12 @@ */ package cn.topiam.employee.console.pojo.save.app; -import java.io.Serializable; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; /** * 应用保存入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionPolicyCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionPolicyCreateParam.java index 6af28719..34fb2fde 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionPolicyCreateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionPolicyCreateParam.java @@ -17,18 +17,15 @@ */ package cn.topiam.employee.console.pojo.save.app; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - import cn.topiam.employee.common.enums.PolicyEffect; import cn.topiam.employee.common.enums.PolicyObjectType; import cn.topiam.employee.common.enums.PolicySubjectType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotNull; +import java.io.Serializable; /** * 创建策略入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionResourceCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionResourceCreateParam.java index 205f671c..a8d882b7 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionResourceCreateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionResourceCreateParam.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.save.app; -import java.io.Serializable; -import java.util.List; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; +import java.util.List; /** * 资源创建参数 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionRoleCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionRoleCreateParam.java index 6a0ab79c..ead34107 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionRoleCreateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionRoleCreateParam.java @@ -17,14 +17,12 @@ */ package cn.topiam.employee.console.pojo.save.app; -import java.io.Serializable; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; /** * 角色创建参数 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionsActionParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionsActionParam.java index d1ed3d8d..0f58cb49 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionsActionParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppPermissionsActionParam.java @@ -17,16 +17,14 @@ */ package cn.topiam.employee.console.pojo.save.app; -import java.io.Serial; -import java.io.Serializable; +import cn.topiam.employee.common.enums.PermissionActionType; +import lombok.Data; import javax.validation.Valid; import javax.validation.constraints.NotEmpty; import javax.validation.constraints.NotNull; - -import cn.topiam.employee.common.enums.PermissionActionType; - -import lombok.Data; +import java.io.Serial; +import java.io.Serializable; /** * AppPermissionsActionParam diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppSaveConfigParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppSaveConfigParam.java index a48c8114..0e96ecff 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppSaveConfigParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/app/AppSaveConfigParam.java @@ -17,14 +17,12 @@ */ package cn.topiam.employee.console.pojo.save.app; -import java.io.Serializable; -import java.util.Map; - -import javax.validation.constraints.NotNull; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotNull; +import java.io.Serializable; +import java.util.Map; /** * 更新应用配置入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/IdentityProviderCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/IdentityProviderCreateParam.java index eebb6876..4064af99 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/IdentityProviderCreateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/IdentityProviderCreateParam.java @@ -17,20 +17,14 @@ */ package cn.topiam.employee.console.pojo.save.authentication; -import java.io.Serial; -import java.io.Serializable; +import com.alibaba.fastjson2.JSONObject; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; - -import com.alibaba.fastjson2.JSONObject; - -import cn.topiam.employee.common.enums.IdentityProviderCategory; -import cn.topiam.employee.common.enums.IdentityProviderType; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 源创建参数入参 @@ -42,46 +36,46 @@ import io.swagger.v3.oas.annotations.media.Schema; @Schema(description = "认证源保存入参") public class IdentityProviderCreateParam implements Serializable { @Serial - private static final long serialVersionUID = -1440230086940289961L; + private static final long serialVersionUID = -1440230086940289961L; /** * 认证源名称 */ @NotBlank(message = "认证源名称不能为空") @Schema(description = "认证源名称") - private String name; + private String name; /** * 提供商 */ @NotNull(message = "提供商不能为空") @Schema(description = "提供商") - private IdentityProviderType type; + private String type; /** * 身份源类型 */ @NotNull(message = "身份源类型不能为空") @Schema(description = "身份源类型") - private IdentityProviderCategory category; + private String category; /** * 配置 */ @NotNull(message = "配置不能为空") @Schema(description = "配置JSON") - private JSONObject config; + private JSONObject config; /** * 是否展示 */ @Schema(description = "是否展示") - private Boolean displayed; + private Boolean displayed; /** * 备注 */ @Schema(description = "备注") - private String remark; + private String remark; } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/InitializeAdminSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/InitializeAdminSaveParam.java index 0604fed8..f2cfbfae 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/InitializeAdminSaveParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/authentication/InitializeAdminSaveParam.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.save.authentication; -import java.io.Serial; -import java.io.Serializable; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; import javax.validation.constraints.Email; import javax.validation.constraints.NotBlank; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 初始化管理员入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceConfigSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceConfigSaveParam.java index b4865786..8a988c96 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceConfigSaveParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceConfigSaveParam.java @@ -17,22 +17,18 @@ */ package cn.topiam.employee.console.pojo.save.identitysource; -import java.io.Serial; -import java.io.Serializable; +import cn.topiam.employee.common.entity.identitysource.config.JobConfig; +import cn.topiam.employee.common.entity.identitysource.config.StrategyConfig; +import com.alibaba.fastjson2.JSONObject; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; import javax.validation.Valid; import javax.validation.constraints.NotEmpty; import javax.validation.constraints.NotNull; - -import com.alibaba.fastjson2.JSONObject; - -import cn.topiam.employee.common.entity.identitysource.config.JobConfig; -import cn.topiam.employee.common.entity.identitysource.config.StrategyConfig; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 身份源保存配置入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateParam.java index b6e611c9..369f0c77 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateParam.java @@ -17,18 +17,15 @@ */ package cn.topiam.employee.console.pojo.save.identitysource; -import java.io.Serial; -import java.io.Serializable; +import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider; +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; import javax.validation.constraints.NotEmpty; import javax.validation.constraints.NotNull; - -import cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 身份源保存入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateResult.java index 54e72046..55da553d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/identitysource/IdentitySourceCreateResult.java @@ -17,13 +17,12 @@ */ package cn.topiam.employee.console.pojo.save.identitysource; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.AllArgsConstructor; import lombok.Data; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; /** * 身份源创建返回结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/AdministratorCreateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/AdministratorCreateParam.java index fc1ea449..0d945584 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/AdministratorCreateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/AdministratorCreateParam.java @@ -17,11 +17,10 @@ */ package cn.topiam.employee.console.pojo.save.setting; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; /** * 权限创建参数 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/EmailCustomTemplateSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/EmailCustomTemplateSaveParam.java index b09cca1c..6ecb50e6 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/EmailCustomTemplateSaveParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/EmailCustomTemplateSaveParam.java @@ -17,14 +17,12 @@ */ package cn.topiam.employee.console.pojo.save.setting; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotBlank; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotBlank; +import java.io.Serial; +import java.io.Serializable; /** * 邮件模板配置更新参数 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/GeoIpProviderSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/GeoIpProviderSaveParam.java index 8a405701..90a2e7ad 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/GeoIpProviderSaveParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/GeoIpProviderSaveParam.java @@ -17,18 +17,14 @@ */ package cn.topiam.employee.console.pojo.save.setting; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - -import com.alibaba.fastjson2.JSONObject; - import cn.topiam.employee.common.geo.maxmind.enums.GeoLocationProvider; - +import com.alibaba.fastjson2.JSONObject; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotNull; +import java.io.Serial; +import java.io.Serializable; /** * 保存地理位置服务商配置入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/MailProviderSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/MailProviderSaveParam.java index 7f6ac829..0bd6933a 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/MailProviderSaveParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/MailProviderSaveParam.java @@ -17,17 +17,14 @@ */ package cn.topiam.employee.console.pojo.save.setting; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - import cn.topiam.employee.common.message.enums.MailProvider; import cn.topiam.employee.common.message.enums.MailSafetyType; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotNull; +import java.io.Serial; +import java.io.Serializable; /** * 保存邮件服务商配置入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/PasswordPolicySaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/PasswordPolicySaveParam.java index 8834d0ee..b6298ae9 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/PasswordPolicySaveParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/PasswordPolicySaveParam.java @@ -17,13 +17,11 @@ */ package cn.topiam.employee.console.pojo.save.setting; -import java.io.Serializable; - import cn.topiam.employee.core.security.password.enums.PasswordComplexityRule; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serializable; /** * 设置密码策略保存参数 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityBasicSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityBasicSaveParam.java index 5926a960..ea906e80 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityBasicSaveParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityBasicSaveParam.java @@ -17,12 +17,11 @@ */ package cn.topiam.employee.console.pojo.save.setting; -import java.io.Serializable; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serializable; /** * 安全高级保存参数 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityCaptchaSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityCaptchaSaveParam.java index dc2fdd09..9ec7925c 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityCaptchaSaveParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityCaptchaSaveParam.java @@ -17,18 +17,14 @@ */ package cn.topiam.employee.console.pojo.save.setting; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - -import com.alibaba.fastjson2.JSONObject; - import cn.topiam.employee.common.enums.CaptchaProviderType; - -import lombok.Data; - +import com.alibaba.fastjson2.JSONObject; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotNull; +import java.io.Serializable; /** * 行为验证码保存入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityMfaSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityMfaSaveParam.java index 27ee74cb..ff1fc51b 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityMfaSaveParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SecurityMfaSaveParam.java @@ -17,18 +17,15 @@ */ package cn.topiam.employee.console.pojo.save.setting; -import java.io.Serializable; -import java.util.List; - -import javax.validation.constraints.NotNull; - import cn.topiam.employee.common.enums.MfaFactor; import cn.topiam.employee.common.enums.MfaMode; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotNull; +import java.io.Serializable; +import java.util.List; /** * 安全MFA配置保存入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SmsProviderSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SmsProviderSaveParam.java index 32e499f0..4c890ccb 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SmsProviderSaveParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/SmsProviderSaveParam.java @@ -17,21 +17,17 @@ */ package cn.topiam.employee.console.pojo.save.setting; -import java.io.Serial; -import java.io.Serializable; -import java.util.List; - -import javax.validation.constraints.NotNull; - -import com.alibaba.fastjson2.JSONObject; - import cn.topiam.employee.common.entity.setting.config.SmsConfig; import cn.topiam.employee.common.enums.Language; import cn.topiam.employee.common.message.enums.SmsProvider; - +import com.alibaba.fastjson2.JSONObject; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotNull; +import java.io.Serial; +import java.io.Serializable; +import java.util.List; /** * 保存短信服务商创建请求入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/StorageConfigSaveParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/StorageConfigSaveParam.java index afdec428..e212a789 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/StorageConfigSaveParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/save/setting/StorageConfigSaveParam.java @@ -17,18 +17,14 @@ */ package cn.topiam.employee.console.pojo.save.setting; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - -import com.alibaba.fastjson2.JSONObject; - import cn.topiam.employee.common.storage.enums.StorageProvider; - +import com.alibaba.fastjson2.JSONObject; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotNull; +import java.io.Serial; +import java.io.Serializable; /** * 保存存储配置入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/setting/SmsProviderConfigResult.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/setting/SmsProviderConfigResult.java index f9c66153..9a77d334 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/setting/SmsProviderConfigResult.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/setting/SmsProviderConfigResult.java @@ -17,19 +17,17 @@ */ package cn.topiam.employee.console.pojo.setting; -import java.io.Serial; -import java.io.Serializable; -import java.util.List; - import cn.topiam.employee.common.entity.setting.config.SmsConfig; import cn.topiam.employee.common.message.enums.SmsProvider; import cn.topiam.employee.common.message.sms.SmsProviderConfig; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Builder; import lombok.Data; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; +import java.util.List; /** * 短信服务商配置查询结果 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/OrganizationUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/OrganizationUpdateParam.java index 2b914e61..ae16ee3c 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/OrganizationUpdateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/OrganizationUpdateParam.java @@ -17,17 +17,14 @@ */ package cn.topiam.employee.console.pojo.update.account; -import java.io.Serial; -import java.io.Serializable; +import cn.topiam.employee.common.enums.OrganizationType; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; - -import cn.topiam.employee.common.enums.OrganizationType; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 编辑组织架构入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/ResetPasswordParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/ResetPasswordParam.java index a1bdaf59..b8c36cf0 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/ResetPasswordParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/ResetPasswordParam.java @@ -17,21 +17,17 @@ */ package cn.topiam.employee.console.pojo.update.account; +import cn.topiam.employee.common.enums.ListEnumDeserializer; +import cn.topiam.employee.common.enums.MessageNoticeChannel; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotBlank; import java.io.Serial; import java.io.Serializable; import java.util.List; -import javax.validation.constraints.NotBlank; - -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; - -import cn.topiam.employee.common.enums.ListEnumDeserializer; -import cn.topiam.employee.common.enums.MessageNoticeChannel; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; - /** * 重置密码入参 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserGroupUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserGroupUpdateParam.java index 596d186c..0813be15 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserGroupUpdateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserGroupUpdateParam.java @@ -17,14 +17,12 @@ */ package cn.topiam.employee.console.pojo.update.account; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotBlank; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotBlank; +import java.io.Serial; +import java.io.Serializable; /** * 编辑用户入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserUpdateParam.java index 711765f2..d1eccf92 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserUpdateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/account/UserUpdateParam.java @@ -17,18 +17,15 @@ */ package cn.topiam.employee.console.pojo.update.account; +import cn.topiam.employee.common.enums.UserStatus; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotBlank; import java.io.Serial; import java.io.Serializable; import java.time.LocalDate; -import javax.validation.constraints.NotBlank; - -import cn.topiam.employee.common.enums.UserStatus; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; - /** * 编辑用户入参 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionPolicyUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionPolicyUpdateParam.java index 849c57a9..5d36b6d1 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionPolicyUpdateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionPolicyUpdateParam.java @@ -17,18 +17,15 @@ */ package cn.topiam.employee.console.pojo.update.app; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - import cn.topiam.employee.common.enums.PolicyEffect; import cn.topiam.employee.common.enums.PolicyObjectType; import cn.topiam.employee.common.enums.PolicySubjectType; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotNull; +import java.io.Serializable; /** * 修改策略入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionResourceUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionResourceUpdateParam.java index ccba0893..db8b3f3a 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionResourceUpdateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppPermissionResourceUpdateParam.java @@ -17,18 +17,16 @@ */ package cn.topiam.employee.console.pojo.update.app; +import cn.topiam.employee.console.pojo.save.app.AppPermissionsActionParam; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotBlank; +import javax.validation.constraints.NotNull; import java.io.Serial; import java.io.Serializable; import java.util.List; -import javax.validation.constraints.NotBlank; -import javax.validation.constraints.NotNull; - -import cn.topiam.employee.console.pojo.save.app.AppPermissionsActionParam; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; import static io.swagger.v3.oas.annotations.media.Schema.AccessMode.READ_ONLY; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppSaveConfigParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppSaveConfigParam.java index 5fff2680..01f3691b 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppSaveConfigParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppSaveConfigParam.java @@ -17,14 +17,12 @@ */ package cn.topiam.employee.console.pojo.update.app; -import java.io.Serializable; -import java.util.Map; - -import javax.validation.constraints.NotNull; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotNull; +import java.io.Serializable; +import java.util.Map; /** * 更新应用配置入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppUpdateParam.java index e42dbd73..a42cbb89 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppUpdateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/AppUpdateParam.java @@ -17,13 +17,11 @@ */ package cn.topiam.employee.console.pojo.update.app; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotNull; +import java.io.Serializable; /** * 应用修改入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/PermissionRoleUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/PermissionRoleUpdateParam.java index 8ec61065..9cd3c4c3 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/PermissionRoleUpdateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/app/PermissionRoleUpdateParam.java @@ -17,14 +17,13 @@ */ package cn.topiam.employee.console.pojo.update.app; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotBlank; import java.io.Serial; import java.io.Serializable; -import javax.validation.constraints.NotBlank; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; import static io.swagger.v3.oas.annotations.media.Schema.AccessMode.READ_ONLY; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/authentication/IdpUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/authentication/IdpUpdateParam.java index 8ee8e6dc..aa08084b 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/authentication/IdpUpdateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/authentication/IdpUpdateParam.java @@ -17,19 +17,14 @@ */ package cn.topiam.employee.console.pojo.update.authentication; -import java.io.Serial; -import java.io.Serializable; +import com.alibaba.fastjson2.JSONObject; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; - -import com.alibaba.fastjson2.JSONObject; - -import cn.topiam.employee.common.enums.IdentityProviderType; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 认证源修改参数入参 @@ -41,44 +36,44 @@ import io.swagger.v3.oas.annotations.media.Schema; @Schema(description = "认证源修改参数") public class IdpUpdateParam implements Serializable { @Serial - private static final long serialVersionUID = -1440230086940289961L; + private static final long serialVersionUID = -1440230086940289961L; /** * ID */ @NotBlank(message = "ID不能为空") @Schema(description = "ID") - private String id; + private String id; /** * 名称 */ @NotBlank(message = "名称不能为空") @Schema(description = "名称") - private String name; + private String name; /** * 平台 */ @NotNull(message = "平台不能为空") @Schema(description = "平台") - private IdentityProviderType type; + private String type; /** * 配置 */ @NotNull(message = "配置JSON不能为空") @Schema(description = "配置JSON") - private JSONObject config; + private JSONObject config; /** * 备注 */ @Schema(description = "备注") - private String remark; + private String remark; /** * 是否显示 */ @Schema(description = "是否显示") - private Boolean displayed; + private Boolean displayed; } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/identity/IdentitySourceUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/identity/IdentitySourceUpdateParam.java index 017d1374..f3ded15c 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/identity/IdentitySourceUpdateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/identity/IdentitySourceUpdateParam.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.console.pojo.update.identity; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotEmpty; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotEmpty; +import java.io.Serial; +import java.io.Serializable; /** * 身份源修改参数入参 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/setting/AdministratorUpdateParam.java b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/setting/AdministratorUpdateParam.java index 7e7e93d2..ae716ec4 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/setting/AdministratorUpdateParam.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/pojo/update/setting/AdministratorUpdateParam.java @@ -17,14 +17,13 @@ */ package cn.topiam.employee.console.pojo.update.setting; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotBlank; import java.io.Serial; import java.io.Serializable; -import javax.validation.constraints.NotBlank; - -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; import static io.swagger.v3.oas.annotations.media.Schema.AccessMode.READ_ONLY; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAccessDeniedHandler.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAccessDeniedHandler.java index 43761efd..2f7098ac 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAccessDeniedHandler.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAccessDeniedHandler.java @@ -17,20 +17,17 @@ */ package cn.topiam.employee.console.security.handler; -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import cn.topiam.employee.core.security.util.SecurityUtils; +import lombok.AllArgsConstructor; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.web.access.AccessDeniedHandler; -import cn.topiam.employee.core.security.util.SecurityUtils; - -import lombok.AllArgsConstructor; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; /** * 访问拒绝处理程序 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationEntryPoint.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationEntryPoint.java index abdf021d..79dd46a2 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationEntryPoint.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationEntryPoint.java @@ -17,17 +17,17 @@ */ package cn.topiam.employee.console.security.handler; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.AuthenticationEntryPoint; -import cn.topiam.employee.support.result.ApiRestResult; -import cn.topiam.employee.support.util.HttpResponseUtils; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import static org.springframework.http.HttpStatus.UNAUTHORIZED; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationFailureHandler.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationFailureHandler.java index 29b7d0c4..db8211e0 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationFailureHandler.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationFailureHandler.java @@ -17,18 +17,18 @@ */ package cn.topiam.employee.console.security.handler; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import cn.topiam.employee.common.enums.SecretType; +import cn.topiam.employee.support.exception.enums.ExceptionStatus; +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpStatus; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.authentication.AuthenticationFailureHandler; -import cn.topiam.employee.common.enums.SecretType; -import cn.topiam.employee.support.exception.enums.ExceptionStatus; -import cn.topiam.employee.support.result.ApiRestResult; -import cn.topiam.employee.support.util.HttpResponseUtils; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import static cn.topiam.employee.support.constant.EiamConstants.CAPTCHA_CODE_SESSION; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationSuccessHandler.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationSuccessHandler.java index 1557aef8..8ba75011 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationSuccessHandler.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleAuthenticationSuccessHandler.java @@ -17,18 +17,18 @@ */ package cn.topiam.employee.console.security.handler; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import cn.topiam.employee.common.enums.SecretType; +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.AuthenticationSuccessHandler; -import cn.topiam.employee.common.enums.SecretType; -import cn.topiam.employee.support.result.ApiRestResult; -import cn.topiam.employee.support.util.HttpResponseUtils; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import static cn.topiam.employee.support.constant.EiamConstants.CAPTCHA_CODE_SESSION; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleLogoutSuccessHandler.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleLogoutSuccessHandler.java index 88fa28ff..0efd0c52 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleLogoutSuccessHandler.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/handler/ConsoleLogoutSuccessHandler.java @@ -17,21 +17,20 @@ */ package cn.topiam.employee.console.security.handler; -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import cn.topiam.employee.core.context.ServerContextHelp; +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; +import cn.topiam.employee.support.util.HttpUrlUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.security.core.Authentication; import org.springframework.security.web.authentication.logout.LogoutSuccessHandler; -import cn.topiam.employee.core.context.ServerContextHelp; -import cn.topiam.employee.support.result.ApiRestResult; -import cn.topiam.employee.support.util.HttpResponseUtils; -import cn.topiam.employee.support.util.HttpUrlUtils; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN; import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml; import static cn.topiam.employee.support.result.ApiRestResult.SUCCESS; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationFailureEventListener.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationFailureEventListener.java index 06d3c14c..e88f9dfb 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationFailureEventListener.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationFailureEventListener.java @@ -17,15 +17,6 @@ */ package cn.topiam.employee.console.security.listener; -import java.util.Optional; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.context.ApplicationListener; -import org.springframework.lang.NonNull; -import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; - import cn.topiam.employee.audit.entity.Actor; import cn.topiam.employee.audit.enums.EventStatus; import cn.topiam.employee.audit.enums.EventType; @@ -35,6 +26,15 @@ import cn.topiam.employee.common.enums.UserType; import cn.topiam.employee.common.repository.setting.AdministratorRepository; import cn.topiam.employee.core.security.userdetails.UserDetails; import cn.topiam.employee.support.context.ApplicationContextHelp; +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.context.ApplicationListener; +import org.springframework.lang.NonNull; +import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; + +import java.util.Optional; + import static cn.topiam.employee.core.security.util.SecurityUtils.getFailureMessage; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationSuccessEventListener.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationSuccessEventListener.java index 73f6fcc2..6fa0b3b0 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationSuccessEventListener.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleAuthenticationSuccessEventListener.java @@ -17,31 +17,27 @@ */ package cn.topiam.employee.console.security.listener; -import java.time.LocalDateTime; -import java.util.List; -import java.util.Objects; - -import org.springframework.context.ApplicationListener; -import org.springframework.lang.NonNull; -import org.springframework.security.authentication.event.AuthenticationSuccessEvent; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import com.google.common.collect.Lists; - import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.EventStatus; import cn.topiam.employee.audit.enums.TargetType; import cn.topiam.employee.audit.event.AuditEventPublish; +import cn.topiam.employee.authentication.common.util.AuthenticationUtils; import cn.topiam.employee.common.geo.GeoLocationService; +import cn.topiam.employee.console.service.setting.AdministratorService; import cn.topiam.employee.core.security.userdetails.UserDetails; import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.context.ServletContextHelp; import cn.topiam.employee.support.util.IpUtils; -import cn.topiam.employee.support.web.useragent.UserAgent; -import cn.topiam.employee.support.web.useragent.UserAgentUtils; - +import com.google.common.collect.Lists; import lombok.AllArgsConstructor; +import org.springframework.context.ApplicationListener; +import org.springframework.lang.NonNull; +import org.springframework.security.authentication.event.AuthenticationSuccessEvent; +import org.springframework.security.core.Authentication; + +import java.time.LocalDateTime; +import java.util.List; + import static cn.topiam.employee.audit.enums.EventType.LOGIN_CONSOLE; /** @@ -61,24 +57,24 @@ public class ConsoleAuthenticationSuccessEventListener implements */ @Override public void onApplicationEvent(@NonNull AuthenticationSuccessEvent event) { - ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder - .getRequestAttributes(); - AuditEventPublish auditEventPublish = ApplicationContextHelp - .getBean(AuditEventPublish.class); - Object principal = event.getAuthentication().getPrincipal(); //@formatter:off + AuditEventPublish auditEventPublish = ApplicationContextHelp.getBean(AuditEventPublish.class); + AdministratorService administratorService = ApplicationContextHelp.getBean(AdministratorService.class); + Authentication authentication = event.getAuthentication(); + Object principal = authentication.getPrincipal(); //@formatter:on if (principal instanceof UserDetails) { + //认证类型 + ((UserDetails) principal).setAuthType(AuthenticationUtils.geAuthType(authentication)); //登录事件 ((UserDetails) principal).setLoginTime(LocalDateTime.now()); //区域 ((UserDetails) principal).setGeoLocation(geoLocationService .getGeoLocation(IpUtils.getIpAddr(ServletContextHelp.getRequest()))); - //浏览器 - UserAgent agent = UserAgentUtils - .getUserAgent(Objects.requireNonNull(attributes).getRequest()); - ((UserDetails) principal).setUserAgent(agent); - + //认证次数+1 + administratorService.updateAuthSucceedInfo(((UserDetails) principal).getId(), + ((UserDetails) principal).getGeoLocation().getIp(), + ((UserDetails) principal).getLoginTime()); // 审计事件 //@formatter:off List targets= Lists.newArrayList(Target.builder().type(TargetType.CONSOLE).build()); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleLogoutSuccessEventListener.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleLogoutSuccessEventListener.java index f9cd1e4f..3fbf6e4a 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleLogoutSuccessEventListener.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleLogoutSuccessEventListener.java @@ -17,20 +17,19 @@ */ package cn.topiam.employee.console.security.listener; -import java.util.List; - -import org.springframework.context.ApplicationListener; -import org.springframework.lang.NonNull; -import org.springframework.security.authentication.event.LogoutSuccessEvent; - -import com.google.common.collect.Lists; - import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.EventStatus; import cn.topiam.employee.audit.enums.TargetType; import cn.topiam.employee.audit.event.AuditEventPublish; import cn.topiam.employee.support.context.ApplicationContextHelp; -import static cn.topiam.employee.audit.enums.EventType.*; +import com.google.common.collect.Lists; +import org.springframework.context.ApplicationListener; +import org.springframework.lang.NonNull; +import org.springframework.security.authentication.event.LogoutSuccessEvent; + +import java.util.List; + +import static cn.topiam.employee.audit.enums.EventType.LOGOUT_CONSOLE; /** * 退出成功 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleSessionInformationExpiredStrategy.java b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleSessionInformationExpiredStrategy.java index 44dfa115..526b956f 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleSessionInformationExpiredStrategy.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/security/listener/ConsoleSessionInformationExpiredStrategy.java @@ -17,16 +17,15 @@ */ package cn.topiam.employee.console.security.listener; -import javax.servlet.http.HttpServletResponse; - +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; +import com.alibaba.fastjson2.JSONObject; import org.springframework.http.HttpStatus; import org.springframework.security.web.session.SessionInformationExpiredEvent; import org.springframework.security.web.session.SessionInformationExpiredStrategy; -import com.alibaba.fastjson2.JSONObject; +import javax.servlet.http.HttpServletResponse; -import cn.topiam.employee.support.result.ApiRestResult; -import cn.topiam.employee.support.util.HttpResponseUtils; import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX000203; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/OrganizationService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/OrganizationService.java index b9d8a2ba..46921bd2 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/OrganizationService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/OrganizationService.java @@ -17,8 +17,6 @@ */ package cn.topiam.employee.console.service.account; -import java.util.List; - import cn.topiam.employee.common.entity.account.OrganizationEntity; import cn.topiam.employee.common.enums.DataOrigin; import cn.topiam.employee.console.pojo.result.account.OrganizationChildResult; @@ -28,6 +26,8 @@ import cn.topiam.employee.console.pojo.result.account.OrganizationTreeResult; import cn.topiam.employee.console.pojo.save.account.OrganizationCreateParam; import cn.topiam.employee.console.pojo.update.account.OrganizationUpdateParam; +import java.util.List; + /** *

* 组织架构 服务类 @@ -146,4 +146,12 @@ public interface OrganizationService { * @return {@link Boolean} */ Boolean batchDeleteOrg(String[] ids); + + /** + * 查询组织成员数量 + * + * @param orgId {@link String} + * @return {@link Long} + */ + Long getOrgMemberCount(String orgId); } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserGroupService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserGroupService.java index e6277c3f..9a675f56 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserGroupService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserGroupService.java @@ -17,8 +17,6 @@ */ package cn.topiam.employee.console.service.account; -import java.util.List; - import cn.topiam.employee.common.entity.account.UserGroupEntity; import cn.topiam.employee.common.entity.account.query.UserGroupMemberListQuery; import cn.topiam.employee.console.pojo.query.account.UserGroupListQuery; @@ -29,6 +27,8 @@ import cn.topiam.employee.console.pojo.update.account.UserGroupUpdateParam; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; +import java.util.List; + /** * 用户组service * @@ -113,4 +113,12 @@ public interface UserGroupService { * @return {@link Boolean} */ Boolean batchRemoveMember(String id, List userIds); + + /** + * 查询用户组成员数量 + * + * @param groupId {@link String} + * @return {@link Long} + */ + Long getUserGroupMemberCount(String groupId); } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserService.java index d4db4880..f545120d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/UserService.java @@ -17,9 +17,6 @@ */ package cn.topiam.employee.console.service.account; -import java.io.Serializable; -import java.util.List; - import cn.topiam.employee.common.entity.account.UserEntity; import cn.topiam.employee.common.entity.account.query.UserListNotInGroupQuery; import cn.topiam.employee.common.entity.account.query.UserListQuery; @@ -34,6 +31,9 @@ import cn.topiam.employee.console.pojo.update.account.UserUpdateParam; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; +import java.io.Serializable; +import java.util.List; + /** *

* 用户表 服务类 @@ -146,14 +146,6 @@ public interface UserService { */ Boolean userParamCheck(CheckValidityType type, String value, Long id); - /** - * 查询组织成员数量 - * - * @param orgId {@link String} - * @return {@link Long} - */ - Long getOrgMemberCount(String orgId); - /** * 批量删除 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/OrganizationServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/OrganizationServiceImpl.java index f885c0b6..1cb35641 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/OrganizationServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/OrganizationServiceImpl.java @@ -17,19 +17,13 @@ */ package cn.topiam.employee.console.service.account.impl; -import java.util.*; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; -import org.springframework.util.CollectionUtils; - -import com.google.common.collect.Lists; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.TargetType; import cn.topiam.employee.common.entity.account.OrganizationEntity; +import cn.topiam.employee.common.entity.account.QOrganizationEntity; +import cn.topiam.employee.common.entity.account.QOrganizationMemberEntity; +import cn.topiam.employee.common.entity.account.QUserEntity; import cn.topiam.employee.common.enums.DataOrigin; import cn.topiam.employee.common.repository.account.OrganizationRepository; import cn.topiam.employee.console.converter.account.OrganizationConverter; @@ -40,12 +34,23 @@ import cn.topiam.employee.console.pojo.result.account.OrganizationTreeResult; import cn.topiam.employee.console.pojo.save.account.OrganizationCreateParam; import cn.topiam.employee.console.pojo.update.account.OrganizationUpdateParam; import cn.topiam.employee.console.service.account.OrganizationService; -import cn.topiam.employee.console.service.account.UserService; -import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.util.BeanUtils; - +import com.google.common.collect.Lists; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import com.querydsl.core.types.dsl.BooleanExpression; +import com.querydsl.core.types.dsl.Expressions; +import com.querydsl.jpa.impl.JPAQuery; +import com.querydsl.jpa.impl.JPAQueryFactory; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; +import org.springframework.util.CollectionUtils; + +import java.util.*; + import static cn.topiam.employee.support.constant.EiamConstants.ROOT_NODE; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; @@ -207,8 +212,7 @@ public class OrganizationServiceImpl implements OrganizationService { List list = organizationRepository.findByParentId(id); if (CollectionUtils.isEmpty(list)) { //查询当前机构和当前机构下子机构下是否存在用户,不存在删除,存在抛出异常 - Long count = ApplicationContextHelp.getBean(UserService.class) - .getOrgMemberCount(id); + Long count = getOrgMemberCount(id); if (count > 0) { throw new RuntimeException("删除机构失败,当前机构下存在用户"); } @@ -251,8 +255,6 @@ public class OrganizationServiceImpl implements OrganizationService { */ @Override public Boolean moveOrganization(String id, String parentId) { - AuditContext.setTarget(Target.builder().type(TargetType.ORGANIZATION).id(id).build(), - Target.builder().type(TargetType.ORGANIZATION).id(parentId).build()); Optional organization = organizationRepository.findById(id); if (organization.isPresent()) { OrganizationEntity entity = organization.get(); @@ -282,6 +284,13 @@ public class OrganizationServiceImpl implements OrganizationService { organizationRepository.save(oldParentOrganization.get()); } } + AuditContext.setTarget( + Target.builder().type(TargetType.ORGANIZATION) + .typeName(TargetType.ORGANIZATION.getDesc()).id(id) + .name(organization.get().getName()).build(), + Target.builder().type(TargetType.ORGANIZATION) + .typeName(TargetType.ORGANIZATION.getDesc()).id(parentId) + .name(parent.get().getName()).build()); //存在子组织,递归更改子组织 path 和 displayPath recursiveUpdateChildNodePathAndDisplayPath(entity.getId()); return true; @@ -403,10 +412,43 @@ public class OrganizationServiceImpl implements OrganizationService { return true; } + /** + * 查询组织成员数量 + * + * @param orgId {@link String} + * @return {@link Long} + */ + @Override + public Long getOrgMemberCount(String orgId) { + //条件 + QUserEntity user = QUserEntity.userEntity; + QOrganizationEntity qOrganization = QOrganizationEntity.organizationEntity; + Predicate predicate = ExpressionUtils.and(user.isNotNull(), + user.isDeleted.eq(Boolean.FALSE)); + //FIND_IN_SET函数 + BooleanExpression template = Expressions.booleanTemplate( + "FIND_IN_SET({0}, replace({1}, '/', ','))> 0", orgId, qOrganization.path); + predicate = ExpressionUtils.and(predicate, qOrganization.id.eq(orgId).or(template)); + //构造查询 + JPAQuery jpaQuery = jpaQueryFactory.selectFrom(user).select(user.count()) + .innerJoin(QOrganizationMemberEntity.organizationMemberEntity) + .on(user.id.eq(QOrganizationMemberEntity.organizationMemberEntity.userId)) + .innerJoin(qOrganization) + .on(qOrganization.id.eq(QOrganizationMemberEntity.organizationMemberEntity.orgId)) + .where(predicate); + return jpaQuery.fetch().get(0); + } + + /** + * JPAQueryFactory + */ + private final JPAQueryFactory jpaQueryFactory; + /** * 组织架构数据映射器 */ private final OrganizationConverter orgDataConverter; + /** * OrganizationRepository */ diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserAccountAssociateServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserAccountAssociateServiceImpl.java index 44a65a54..32d6dff2 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserAccountAssociateServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserAccountAssociateServiceImpl.java @@ -17,11 +17,9 @@ */ package cn.topiam.employee.console.service.account.impl; -import org.springframework.stereotype.Service; - import cn.topiam.employee.console.service.account.UserAccountAssociateService; - import lombok.AllArgsConstructor; +import org.springframework.stereotype.Service; /** * @author TopIAM diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserGroupServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserGroupServiceImpl.java index 67fee32c..258e9726 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserGroupServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserGroupServiceImpl.java @@ -17,24 +17,10 @@ */ package cn.topiam.employee.console.service.account.impl; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.Optional; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.data.domain.PageRequest; -import org.springframework.data.querydsl.QPageRequest; -import org.springframework.stereotype.Service; - -import com.google.common.collect.Lists; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.TargetType; -import cn.topiam.employee.common.entity.account.UserGroupEntity; -import cn.topiam.employee.common.entity.account.UserGroupMemberEntity; +import cn.topiam.employee.common.entity.account.*; import cn.topiam.employee.common.entity.account.po.UserPO; import cn.topiam.employee.common.entity.account.query.UserGroupMemberListQuery; import cn.topiam.employee.common.repository.account.UserGroupMemberRepository; @@ -50,9 +36,22 @@ import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.util.BeanUtils; - +import com.google.common.collect.Lists; +import com.querydsl.core.types.ExpressionUtils; +import com.querydsl.core.types.Predicate; +import com.querydsl.jpa.impl.JPAQuery; +import com.querydsl.jpa.impl.JPAQueryFactory; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.data.domain.PageRequest; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Optional; + import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; @@ -132,6 +131,11 @@ public class UserGroupServiceImpl implements UserGroupService { log.warn(AuditContext.getContent()); throw new TopIamException(AuditContext.getContent()); } + //用户组存在用户 + Long count = getUserGroupMemberCount(id); + if (count > 0) { + throw new RuntimeException("删除用户组失败,当前用户组下存在用户"); + } userGroupRepository.deleteById(Long.valueOf(id)); AuditContext.setTarget(Target.builder().id(id).type(TargetType.USER_GROUP).build()); return true; @@ -176,6 +180,13 @@ public class UserGroupServiceImpl implements UserGroupService { */ @Override public Boolean addMember(String groupId, String[] userIds) { + Optional optional = userGroupRepository.findById(Long.valueOf(groupId)); + //用户组不存在 + if (optional.isEmpty()) { + AuditContext.setContent("操作失败,用户组不存在"); + log.warn(AuditContext.getContent()); + throw new TopIamException(AuditContext.getContent()); + } List list = new ArrayList<>(); Lists.newArrayList(userIds).forEach(id -> { UserGroupMemberEntity member = new UserGroupMemberEntity(); @@ -183,12 +194,14 @@ public class UserGroupServiceImpl implements UserGroupService { member.setUserId(Long.valueOf(id)); list.add(member); }); - List targets = new ArrayList<>(Arrays.stream(userIds) - .map(i -> Target.builder().id(i).type(TargetType.USER).build()).toList()); - targets.add(Target.builder().id(groupId).type(TargetType.USER_GROUP).build()); - AuditContext.setTarget(targets); //添加 userGroupMemberRepository.saveAll(list); + + List targets = new ArrayList<>(Arrays.stream(userIds) + .map(i -> Target.builder().id(i).type(TargetType.USER).build()).toList()); + + targets.add(Target.builder().id(groupId).type(TargetType.USER_GROUP).build()); + AuditContext.setTarget(targets); return true; } @@ -212,14 +225,46 @@ public class UserGroupServiceImpl implements UserGroupService { */ @Override public Boolean batchRemoveMember(String id, List userIds) { + Optional optional = userGroupRepository.findById(Long.valueOf(id)); + //用户组不存在 + if (optional.isEmpty()) { + AuditContext.setContent("操作失败,用户组不存在"); + log.warn(AuditContext.getContent()); + throw new TopIamException(AuditContext.getContent()); + } userIds.forEach(userId -> userGroupMemberRepository .deleteByGroupIdAndUserId(Long.valueOf(id), Long.valueOf(userId))); - AuditContext.setTarget( - Target.builder().id(StringUtils.join(userIds)).type(TargetType.USER).build(), - Target.builder().id(id).type(TargetType.USER_GROUP).build()); + + List targets = new ArrayList<>(userIds.stream() + .map(i -> Target.builder().id(i).type(TargetType.USER).build()).toList()); + + targets.add(Target.builder().id(id).type(TargetType.USER_GROUP).build()); + AuditContext.setTarget(targets); return true; } + @Override + public Long getUserGroupMemberCount(String groupId) { + //条件 + QUserEntity user = QUserEntity.userEntity; + QUserGroupEntity qUserGroup = QUserGroupEntity.userGroupEntity; + Predicate predicate = ExpressionUtils.and(user.isNotNull(), + user.isDeleted.eq(Boolean.FALSE)); + predicate = ExpressionUtils.and(predicate, qUserGroup.id.eq(Long.valueOf(groupId))); + //构造查询 + JPAQuery jpaQuery = jpaQueryFactory.selectFrom(user).select(user.count()) + .innerJoin(QUserGroupMemberEntity.userGroupMemberEntity) + .on(user.id.eq(QUserGroupMemberEntity.userGroupMemberEntity.userId)) + .innerJoin(qUserGroup) + .on(qUserGroup.id.eq(QUserGroupMemberEntity.userGroupMemberEntity.groupId)) + .where(predicate); + return jpaQuery.fetch().get(0); + } + + /** + * JPAQueryFactory + */ + private final JPAQueryFactory jpaQueryFactory; /** * 用户组数据映射 */ diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserServiceImpl.java index d80e0a3b..29d1af73 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserServiceImpl.java @@ -17,34 +17,6 @@ */ package cn.topiam.employee.console.service.account.impl; -import java.io.Serializable; -import java.nio.charset.StandardCharsets; -import java.time.LocalDate; -import java.time.LocalDateTime; -import java.util.*; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.data.domain.PageRequest; -import org.springframework.data.elasticsearch.core.ElasticsearchRestTemplate; -import org.springframework.data.elasticsearch.core.SearchHits; -import org.springframework.data.elasticsearch.core.mapping.IndexCoordinates; -import org.springframework.data.elasticsearch.core.query.NativeSearchQuery; -import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; -import org.springframework.util.CollectionUtils; -import org.springframework.util.ObjectUtils; - -import com.google.i18n.phonenumbers.NumberParseException; -import com.google.i18n.phonenumbers.PhoneNumberUtil; -import com.google.i18n.phonenumbers.Phonenumber; -import com.querydsl.core.types.ExpressionUtils; -import com.querydsl.core.types.Predicate; -import com.querydsl.core.types.dsl.BooleanExpression; -import com.querydsl.core.types.dsl.Expressions; -import com.querydsl.jpa.impl.JPAQuery; -import com.querydsl.jpa.impl.JPAQueryFactory; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.AuditElasticSearchEntity; import cn.topiam.employee.audit.entity.Target; @@ -74,10 +46,32 @@ import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.util.BeanUtils; import cn.topiam.employee.support.validation.annotation.ValidationPhone; - +import com.google.i18n.phonenumbers.NumberParseException; +import com.google.i18n.phonenumbers.PhoneNumberUtil; +import com.google.i18n.phonenumbers.Phonenumber; +import com.querydsl.core.types.dsl.BooleanExpression; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import static cn.topiam.employee.audit.enums.TargetType.*; +import org.apache.commons.lang3.StringUtils; +import org.springframework.data.domain.PageRequest; +import org.springframework.data.elasticsearch.core.ElasticsearchRestTemplate; +import org.springframework.data.elasticsearch.core.SearchHits; +import org.springframework.data.elasticsearch.core.mapping.IndexCoordinates; +import org.springframework.data.elasticsearch.core.query.NativeSearchQuery; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; +import org.springframework.util.CollectionUtils; +import org.springframework.util.ObjectUtils; + +import java.io.Serializable; +import java.nio.charset.StandardCharsets; +import java.time.LocalDate; +import java.time.LocalDateTime; +import java.util.*; + +import static cn.topiam.employee.audit.enums.TargetType.USER; +import static cn.topiam.employee.audit.enums.TargetType.USER_DETAIL; import static cn.topiam.employee.common.constants.AuditConstants.getAuditIndexPrefix; import static cn.topiam.employee.core.message.sms.SmsMsgEventPublish.PASSWORD; import static cn.topiam.employee.core.message.sms.SmsMsgEventPublish.USERNAME; @@ -398,13 +392,14 @@ public class UserServiceImpl implements UserService { * @return {@link Boolean} */ @Override + @Transactional(rollbackFor = Exception.class) public Boolean batchDeleteUser(String[] ids) { //删除用户 userRepository .deleteAllById(Arrays.stream(ids).map(s -> Long.parseLong(s.trim())).toList()); //删除用户详情 userDetailsRepository - .deleteAllByUserId(Arrays.stream(ids).map(s -> Long.parseLong(s.trim())).toList()); + .deleteAllByUserIds(Arrays.stream(ids).map(s -> Long.parseLong(s.trim())).toList()); //删除组织用户关系 organizationMemberRepository .deleteAllByUserId(Arrays.stream(ids).map(s -> Long.parseLong(s.trim())).toList()); @@ -471,33 +466,6 @@ public class UserServiceImpl implements UserService { return result; } - /** - * 查询组织成员数量 - * - * @param orgId {@link String} - * @return {@link Long} - */ - @Override - public Long getOrgMemberCount(String orgId) { - //条件 - QUserEntity user = QUserEntity.userEntity; - QOrganizationEntity qOrganization = QOrganizationEntity.organizationEntity; - Predicate predicate = user.isNotNull(); - //FIND_IN_SET函数 - BooleanExpression template = Expressions.booleanTemplate( - "FIND_IN_SET({0}, replace({1}, '/', ','))> 0", orgId, qOrganization.path); - predicate = StringUtils.isBlank(orgId) ? predicate - : ExpressionUtils.and(predicate, qOrganization.id.eq(orgId).or(template)); - //构造查询 - JPAQuery jpaQuery = jpaQueryFactory.selectFrom(user).select(user.count()) - .innerJoin(QOrganizationMemberEntity.organizationMemberEntity) - .on(user.id.eq(QOrganizationMemberEntity.organizationMemberEntity.userId)) - .innerJoin(qOrganization) - .on(qOrganization.id.eq(QOrganizationMemberEntity.organizationMemberEntity.orgId)) - .where(predicate); - return jpaQuery.fetch().get(0); - } - @Override @Transactional(rollbackFor = Exception.class) public void deleteBatchUser(List removeIds) { @@ -572,11 +540,6 @@ public class UserServiceImpl implements UserService { */ private final UserDetailRepository userDetailsRepository; - /** - * JPAQueryFactory - */ - private final JPAQueryFactory jpaQueryFactory; - /** * 修改密码历史Repository */ diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserSocialBindServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserSocialBindServiceImpl.java index c812fa26..1d698300 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserSocialBindServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserSocialBindServiceImpl.java @@ -17,11 +17,9 @@ */ package cn.topiam.employee.console.service.account.impl; -import org.springframework.stereotype.Service; - import cn.topiam.employee.console.service.account.UserSocialBindService; - import lombok.AllArgsConstructor; +import org.springframework.stereotype.Service; /** * @author TopIAM diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/userdetail/UserDetailsServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/userdetail/UserDetailsServiceImpl.java index dadfe055..914f3b06 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/userdetail/UserDetailsServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/userdetail/UserDetailsServiceImpl.java @@ -17,10 +17,13 @@ */ package cn.topiam.employee.console.service.account.userdetail; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Optional; - +import cn.topiam.employee.common.entity.setting.AdministratorEntity; +import cn.topiam.employee.common.enums.UserStatus; +import cn.topiam.employee.common.enums.UserType; +import cn.topiam.employee.common.repository.setting.AdministratorRepository; +import cn.topiam.employee.core.security.authorization.Roles; +import cn.topiam.employee.core.security.userdetails.UserDetails; +import cn.topiam.employee.core.security.userdetails.UserDetailsService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.authentication.AccountExpiredException; @@ -29,13 +32,9 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; import org.springframework.util.ObjectUtils; -import cn.topiam.employee.common.entity.setting.AdministratorEntity; -import cn.topiam.employee.common.enums.UserStatus; -import cn.topiam.employee.common.enums.UserType; -import cn.topiam.employee.common.repository.setting.AdministratorRepository; -import cn.topiam.employee.core.security.authorization.Roles; -import cn.topiam.employee.core.security.userdetails.UserDetails; -import cn.topiam.employee.core.security.userdetails.UserDetailsService; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Optional; /** * FortressUserDetailsService diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/AnalysisService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/AnalysisService.java index 119da66a..7b0afbf3 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/AnalysisService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/AnalysisService.java @@ -17,12 +17,10 @@ */ package cn.topiam.employee.console.service.analysis; -import java.util.List; - import cn.topiam.employee.console.pojo.query.analysis.AnalysisQuery; -import cn.topiam.employee.console.pojo.result.analysis.AppVisitRankResult; -import cn.topiam.employee.console.pojo.result.analysis.AuthnQuantityResult; -import cn.topiam.employee.console.pojo.result.analysis.OverviewResult; +import cn.topiam.employee.console.pojo.result.analysis.*; + +import java.util.List; /** * 统计 service @@ -40,7 +38,7 @@ public interface AnalysisService { OverviewResult overview(); /** - * 认证统计 + * 认证量统计 * * @param params {@link AnalysisQuery} * @return {@link List} @@ -48,10 +46,26 @@ public interface AnalysisService { List authnQuantity(AnalysisQuery params); /** - * 认证统计 + * 应用热点统计 * * @param params {@link AnalysisQuery} - * @return {@link List< AppVisitRankResult >} + * @return {@link List} */ List appVisitRank(AnalysisQuery params); + + /** + * 热门认证方式统计 + * + * @param params {@link AnalysisQuery} + * @return {@link List} + */ + List authnHotProvider(AnalysisQuery params); + + /** + * 登录区域统计 + * + * @param params {@link AnalysisQuery} + * @return {@link List} + */ + List authnZone(AnalysisQuery params); } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/impl/AnalysisServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/impl/AnalysisServiceImpl.java index e6c5a897..02124f31 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/impl/AnalysisServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/analysis/impl/AnalysisServiceImpl.java @@ -17,15 +17,20 @@ */ package cn.topiam.employee.console.service.analysis.impl; -import java.time.LocalDate; -import java.time.LocalDateTime; -import java.time.LocalTime; -import java.time.ZoneId; -import java.time.format.DateTimeFormatter; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; - +import cn.topiam.employee.audit.entity.AuditElasticSearchEntity; +import cn.topiam.employee.audit.enums.EventStatus; +import cn.topiam.employee.audit.enums.EventType; +import cn.topiam.employee.authentication.common.IdentityProviderType; +import cn.topiam.employee.common.entity.app.AppEntity; +import cn.topiam.employee.common.repository.account.UserRepository; +import cn.topiam.employee.common.repository.app.AppRepository; +import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import cn.topiam.employee.console.pojo.query.analysis.AnalysisQuery; +import cn.topiam.employee.console.pojo.result.analysis.*; +import cn.topiam.employee.console.service.analysis.AnalysisService; +import cn.topiam.employee.core.configuration.EiamSupportProperties; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; import org.elasticsearch.index.query.BoolQueryBuilder; import org.elasticsearch.index.query.QueryBuilders; import org.elasticsearch.index.query.RangeQueryBuilder; @@ -33,7 +38,10 @@ import org.elasticsearch.search.aggregations.Aggregation; import org.elasticsearch.search.aggregations.AggregationBuilders; import org.elasticsearch.search.aggregations.Aggregations; import org.elasticsearch.search.aggregations.BucketOrder; -import org.elasticsearch.search.aggregations.bucket.histogram.*; +import org.elasticsearch.search.aggregations.bucket.histogram.DateHistogramAggregationBuilder; +import org.elasticsearch.search.aggregations.bucket.histogram.Histogram; +import org.elasticsearch.search.aggregations.bucket.histogram.LongBounds; +import org.elasticsearch.search.aggregations.bucket.histogram.ParsedDateHistogram; import org.elasticsearch.search.aggregations.bucket.terms.ParsedStringTerms; import org.elasticsearch.search.aggregations.bucket.terms.Terms; import org.elasticsearch.search.aggregations.bucket.terms.TermsAggregationBuilder; @@ -48,25 +56,21 @@ import org.springframework.stereotype.Service; import org.springframework.util.Assert; import org.springframework.util.StringUtils; -import cn.topiam.employee.audit.entity.AuditElasticSearchEntity; -import cn.topiam.employee.audit.enums.EventStatus; -import cn.topiam.employee.audit.enums.EventType; -import cn.topiam.employee.common.entity.app.AppEntity; -import cn.topiam.employee.common.repository.account.UserRepository; -import cn.topiam.employee.common.repository.app.AppRepository; -import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; -import cn.topiam.employee.console.pojo.query.analysis.AnalysisQuery; -import cn.topiam.employee.console.pojo.result.analysis.AppVisitRankResult; -import cn.topiam.employee.console.pojo.result.analysis.AuthnQuantityResult; -import cn.topiam.employee.console.pojo.result.analysis.OverviewResult; -import cn.topiam.employee.console.service.analysis.AnalysisService; -import cn.topiam.employee.core.configuration.EiamSupportProperties; +import java.time.LocalDate; +import java.time.LocalDateTime; +import java.time.LocalTime; +import java.time.ZoneId; +import java.time.format.DateTimeFormatter; +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; +import static cn.topiam.employee.audit.entity.Actor.ACTOR_AUTH_TYPE; import static cn.topiam.employee.audit.entity.Event.*; +import static cn.topiam.employee.audit.entity.GeoLocation.GEO_LOCATION_PROVINCE_CODE; import static cn.topiam.employee.audit.entity.Target.TARGET_ID_KEYWORD; import static cn.topiam.employee.common.constants.AuditConstants.getAuditIndexPrefix; +import static cn.topiam.employee.console.converter.authentication.IdentityProviderConverter.getIdentityProviderType; import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN; /** @@ -78,21 +82,21 @@ import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIM @RequiredArgsConstructor public class AnalysisServiceImpl implements AnalysisService { - // void testLog(Query query) { - // try { - // Method searchRequest = ReflectionUtils.findMethod(Class.forName("org.springframework.data.elasticsearch.core.RequestFactory"), "searchRequest", Query.class, Class.class, IndexCoordinates.class); - // searchRequest.setAccessible(true); - // Object o = ReflectionUtils.invokeMethod(searchRequest, elasticsearchRestTemplate.getRequestFactory(), query, AuditElasticSearchEntity.class, IndexCoordinates.of(AUDIT_INDEX_PREFIX + "*")); + // void testLog(Query query) { + // try { + // Method searchRequest = ReflectionUtils.findMethod(Class.forName("org.springframework.data.elasticsearch.core.RequestFactory"), "searchRequest", Query.class, Class.class, IndexCoordinates.class); + // searchRequest.setAccessible(true); + // Object o = ReflectionUtils.invokeMethod(searchRequest, elasticsearchRestTemplate.getRequestFactory(), query, AuditElasticSearchEntity.class, IndexCoordinates.of(getAuditIndexPrefix(eiamSupportProperties.getDemo().isOpen()) + "*")); // - // Field source = ReflectionUtils.findField(Class.forName("org.elasticsearch.action.search.SearchRequest"), "source"); - // source.setAccessible(true); - // Object s = ReflectionUtils.getField(source, o); - // log.error("dsl:{}", s); - // } - // catch (Exception e) { - // e.printStackTrace(); - // } + // Field source = ReflectionUtils.findField(Class.forName("org.elasticsearch.action.search.SearchRequest"), "source"); + // source.setAccessible(true); + // Object s = ReflectionUtils.getField(source, o); + // log.error("dsl:{}", s); // } + // catch (Exception e) { + // e.printStackTrace(); + // } + // } /** * 概述 * @@ -117,7 +121,7 @@ public class AnalysisServiceImpl implements AnalysisService { } /** - * 认证统计 + * 认证量统计 * * @param params {@link AnalysisQuery} * @return {@link List} @@ -146,7 +150,6 @@ public class AnalysisServiceImpl implements AnalysisService { BoolQueryBuilder queryBuilder = getBoolQueryBuilder(builder, EventType.LOGIN_PORTAL); NativeSearchQuery authCountBuild = new NativeSearchQueryBuilder().withQuery(queryBuilder) .withAggregations(groupBuilder).build(); - // testLog(authCountBuild); SearchHits authCountResult = elasticsearchRestTemplate .search(authCountBuild, AuditElasticSearchEntity.class, IndexCoordinates .of(getAuditIndexPrefix(eiamSupportProperties.getDemo().isOpen()) + "*")); @@ -174,20 +177,13 @@ public class AnalysisServiceImpl implements AnalysisService { */ @Override public List appVisitRank(AnalysisQuery params) { - String min = params.getStartTime() - .format(DateTimeFormatter.ofPattern(DEFAULT_DATE_TIME_FORMATTER_PATTERN)); - String max = params.getEndTime() - .format(DateTimeFormatter.ofPattern(DEFAULT_DATE_TIME_FORMATTER_PATTERN)); - // 查询条件 - RangeQueryBuilder builder = QueryBuilders.rangeQuery(EVENT_TIME).timeZone(ZONE_ID) - .format(DEFAULT_DATE_TIME_FORMATTER_PATTERN).gt(min).lt(max); + RangeQueryBuilder builder = getRangeQueryBuilder(params); BoolQueryBuilder queryBuilder = getBoolQueryBuilder(builder, EventType.APP_SSO); // 应用访问频次前10条 TermsAggregationBuilder groupAppVisit = AggregationBuilders.terms("count") .field(TARGET_ID_KEYWORD).order(BucketOrder.count(false)).size(10); NativeSearchQuery appVisitBuild = new NativeSearchQueryBuilder().withQuery(queryBuilder) .withAggregations(groupAppVisit).build(); - // testLog(appVisitBuild); SearchHits appVisitResult = elasticsearchRestTemplate .search(appVisitBuild, AuditElasticSearchEntity.class, IndexCoordinates .of(getAuditIndexPrefix(eiamSupportProperties.getDemo().isOpen()) + "*")); @@ -196,13 +192,88 @@ public class AnalysisServiceImpl implements AnalysisService { List applicationVisitList = new ArrayList<>(); for (Terms.Bucket bucket : appVisitStringTerms.getBuckets()) { String key = String.valueOf(bucket.getKey()); - //单点登录 + // 单点登录 String name = getAppName(key); applicationVisitList.add(new AppVisitRankResult(name, bucket.getDocCount())); } return applicationVisitList; } + /** + * 时间查询条件 + * + * @param params {@link AnalysisQuery} + * @return {@link RangeQueryBuilder} + */ + private RangeQueryBuilder getRangeQueryBuilder(AnalysisQuery params) { + String min = params.getStartTime() + .format(DateTimeFormatter.ofPattern(DEFAULT_DATE_TIME_FORMATTER_PATTERN)); + String max = params.getEndTime() + .format(DateTimeFormatter.ofPattern(DEFAULT_DATE_TIME_FORMATTER_PATTERN)); + // 查询条件 + return QueryBuilders.rangeQuery(EVENT_TIME).timeZone(ZONE_ID) + .format(DEFAULT_DATE_TIME_FORMATTER_PATTERN).gt(min).lt(max); + } + + /** + * 热门认证方式 + * @param params {@link AnalysisQuery} + * @return {@link List} + */ + @Override + public List authnHotProvider(AnalysisQuery params) { + RangeQueryBuilder builder = getRangeQueryBuilder(params); + BoolQueryBuilder queryBuilder = getBoolQueryBuilder(builder, EventType.LOGIN_PORTAL); + queryBuilder.must(QueryBuilders.existsQuery(ACTOR_AUTH_TYPE)); + // 授权类型频次 + TermsAggregationBuilder groupAuthType = AggregationBuilders.terms("count") + .field(ACTOR_AUTH_TYPE).size(IdentityProviderType.size()); + NativeSearchQuery appVisitBuild = new NativeSearchQueryBuilder().withQuery(queryBuilder) + .withAggregations(groupAuthType).build(); + SearchHits authTypeResult = elasticsearchRestTemplate + .search(appVisitBuild, AuditElasticSearchEntity.class, IndexCoordinates + .of(getAuditIndexPrefix(eiamSupportProperties.getDemo().isOpen()) + "*")); + ParsedStringTerms authTypeStringTerms = (ParsedStringTerms) getAggregation(authTypeResult, + "count"); + List authTypeList = new ArrayList<>(); + for (Terms.Bucket bucket : authTypeStringTerms.getBuckets()) { + String key = String.valueOf(bucket.getKey()); + // 授权类型 + String name = getIdentityProviderType(key).name(); + authTypeList.add(new AuthnHotProviderResult(name, bucket.getDocCount())); + } + return authTypeList; + } + + /** + * 登录区域统计 + * + * @param params {@link AnalysisQuery} + * @return {@link List} + */ + @Override + public List authnZone(AnalysisQuery params) { + RangeQueryBuilder builder = getRangeQueryBuilder(params); + BoolQueryBuilder queryBuilder = getBoolQueryBuilder(builder, EventType.LOGIN_PORTAL); + queryBuilder.must(QueryBuilders.existsQuery(GEO_LOCATION_PROVINCE_CODE)); + // 登录城市分组统计 + TermsAggregationBuilder groupAuthZone = AggregationBuilders.terms("count") + .field(GEO_LOCATION_PROVINCE_CODE).size(36).minDocCount(0); + NativeSearchQuery appVisitBuild = new NativeSearchQueryBuilder().withQuery(queryBuilder) + .withAggregations(groupAuthZone).build(); + SearchHits authZoneResult = elasticsearchRestTemplate + .search(appVisitBuild, AuditElasticSearchEntity.class, IndexCoordinates + .of(getAuditIndexPrefix(eiamSupportProperties.getDemo().isOpen()) + "*")); + ParsedStringTerms authZoneStringTerms = (ParsedStringTerms) getAggregation(authZoneResult, + "count"); + List authnZoneResults = new ArrayList<>(); + for (Terms.Bucket bucket : authZoneStringTerms.getBuckets()) { + String key = String.valueOf(bucket.getKey()); + authnZoneResults.add(new AuthnZoneResult(key, bucket.getDocCount())); + } + return authnZoneResults; + } + /** * 获取应用名称 * @@ -217,6 +288,13 @@ public class AnalysisServiceImpl implements AnalysisService { return app.getName(); } + /** + * ES聚合查询 + * + * @param searchHits {@link SearchHits} + * @param groupName {@link String} + * @return {@link Aggregation} + */ private Aggregation getAggregation(SearchHits searchHits, String groupName) { ElasticsearchAggregations elasticsearchAggregations = (ElasticsearchAggregations) searchHits @@ -226,9 +304,16 @@ public class AnalysisServiceImpl implements AnalysisService { return aggregations.asMap().get(groupName); } + /** + * 拼装查询条件 + * + * @param builder {@link RangeQueryBuilder} + * @param eventType {@link EventType} + * @return {@link BoolQueryBuilder} + */ @NotNull private BoolQueryBuilder getBoolQueryBuilder(RangeQueryBuilder builder, EventType eventType) { - // 查询今日认证量条件 + // 查询条件 BoolQueryBuilder queryBuilder = QueryBuilders.boolQuery(); // 事件类型 queryBuilder.must(QueryBuilders.termsQuery(EVENT_TYPE, eventType.getCode())); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppCertService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppCertService.java index d4c364ad..bbe8fbe8 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppCertService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppCertService.java @@ -17,11 +17,11 @@ */ package cn.topiam.employee.console.service.app; -import java.util.List; - import cn.topiam.employee.console.pojo.query.app.AppCertQuery; import cn.topiam.employee.console.pojo.result.app.AppCertListResult; +import java.util.List; + /** * APP 证书 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionActionService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionActionService.java index f8fbea59..bcc2ac6f 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionActionService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppPermissionActionService.java @@ -17,11 +17,11 @@ */ package cn.topiam.employee.console.service.app; -import java.util.List; - import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery; import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult; +import java.util.List; + /** *

* 权限 服务类 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppSaml2Service.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppSaml2Service.java index ee1cf29e..f095d36c 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppSaml2Service.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppSaml2Service.java @@ -17,11 +17,11 @@ */ package cn.topiam.employee.console.service.app; +import cn.topiam.employee.console.pojo.result.app.ParseSaml2MetadataResult; + import java.io.IOException; import java.io.InputStream; -import cn.topiam.employee.console.pojo.result.app.ParseSaml2MetadataResult; - /** * 应用 Saml2 详情 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppService.java index aa53de0e..1b020b78 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppService.java @@ -17,8 +17,6 @@ */ package cn.topiam.employee.console.service.app; -import java.util.Map; - import cn.topiam.employee.console.pojo.query.app.AppQuery; import cn.topiam.employee.console.pojo.result.app.AppCreateResult; import cn.topiam.employee.console.pojo.result.app.AppGetResult; @@ -29,6 +27,8 @@ import cn.topiam.employee.console.pojo.update.app.AppUpdateParam; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; +import java.util.Map; + /** *

* 应用管理 服务类 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppTemplateService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppTemplateService.java index 413fade9..c1c6414a 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppTemplateService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/AppTemplateService.java @@ -17,12 +17,12 @@ */ package cn.topiam.employee.console.service.app; -import java.util.List; -import java.util.Map; - import cn.topiam.employee.common.enums.app.AppType; import cn.topiam.employee.console.pojo.result.app.AppTemplateResult; +import java.util.List; +import java.util.Map; + /** * 应用模板服务 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/UserIdpBindService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/UserIdpBindService.java index a530b17f..7ee0a17d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/UserIdpBindService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/UserIdpBindService.java @@ -17,10 +17,10 @@ */ package cn.topiam.employee.console.service.app; -import java.util.List; - import cn.topiam.employee.console.pojo.result.app.UserIdpBindListResult; +import java.util.List; + /** * 用户身份提供商绑定 * diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccessPolicyServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccessPolicyServiceImpl.java index d9d594d7..7a595fdf 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccessPolicyServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccessPolicyServiceImpl.java @@ -17,13 +17,6 @@ */ package cn.topiam.employee.console.service.app.impl; -import java.util.List; -import java.util.Optional; - -import org.springframework.data.querydsl.QPageRequest; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.TargetType; @@ -39,9 +32,15 @@ import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.util.BeanUtils; - import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.List; +import java.util.Optional; + import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; @@ -124,7 +123,7 @@ public class AppAccessPolicyServiceImpl implements AppAccessPolicyService { public Boolean deleteAppAccessPolicy(String id) { Optional optional = appAccessPolicyRepository .findById(Long.valueOf(id)); - //管理员不存在 + //策略不存在 if (optional.isEmpty()) { AuditContext.setContent("删除失败,应用授权策略不存在"); log.warn(AuditContext.getContent()); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccountServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccountServiceImpl.java index 512e34d9..b741bb12 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccountServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppAccountServiceImpl.java @@ -17,15 +17,10 @@ */ package cn.topiam.employee.console.service.app.impl; -import java.util.Optional; - -import org.springframework.data.querydsl.QPageRequest; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.TargetType; +import cn.topiam.employee.common.crypto.EncryptContextHelp; import cn.topiam.employee.common.entity.app.AppAccountEntity; import cn.topiam.employee.common.entity.app.po.AppAccountPO; import cn.topiam.employee.common.entity.app.query.AppAccountQuery; @@ -38,9 +33,16 @@ import cn.topiam.employee.console.service.app.AppAccountService; import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; - +import com.alibaba.excel.util.StringUtils; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; +import org.springframework.util.Base64Utils; + +import java.nio.charset.StandardCharsets; +import java.util.Optional; /** * 应用账户 @@ -86,9 +88,16 @@ public class AppAccountServiceImpl implements AppAccountService { throw new AppAccountExistException(); } AppAccountEntity entity = appAccountConverter.appAccountCreateParamConvertToEntity(param); + //密码不为空 + if (!StringUtils.isBlank(param.getPassword())) { + String password = new String(Base64Utils.decodeFromString(param.getPassword()), + StandardCharsets.UTF_8); + entity.setPassword(EncryptContextHelp.encrypt(password)); + } appAccountRepository.save(entity); AuditContext.setTarget( - Target.builder().id(entity.getAccount()).type(TargetType.USER).build(), + Target.builder().id(entity.getUserId().toString()).type(TargetType.USER).build(), + Target.builder().id(entity.getAccount()).type(TargetType.APPLICATION_ACCOUNT).build(), Target.builder().id(entity.getAppId().toString()).type(TargetType.APPLICATION).build()); return true; } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppCertServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppCertServiceImpl.java index 77e71f7d..0838db2a 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppCertServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppCertServiceImpl.java @@ -17,18 +17,16 @@ */ package cn.topiam.employee.console.service.app.impl; -import java.util.List; - -import org.springframework.stereotype.Service; - import cn.topiam.employee.common.entity.app.AppCertEntity; import cn.topiam.employee.common.repository.app.AppCertRepository; import cn.topiam.employee.console.converter.app.AppCertConverter; import cn.topiam.employee.console.pojo.query.app.AppCertQuery; import cn.topiam.employee.console.pojo.result.app.AppCertListResult; import cn.topiam.employee.console.service.app.AppCertService; - import lombok.AllArgsConstructor; +import org.springframework.stereotype.Service; + +import java.util.List; /** * 应用证书 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionActionServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionActionServiceImpl.java index 2430bc4c..94fa42c4 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionActionServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionActionServiceImpl.java @@ -17,20 +17,17 @@ */ package cn.topiam.employee.console.service.app.impl; -import java.util.List; - -import org.springframework.stereotype.Service; - -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.common.entity.app.AppPermissionResourceEntity; import cn.topiam.employee.common.repository.app.AppPermissionResourceRepository; import cn.topiam.employee.console.converter.app.AppPermissionActionConverter; import cn.topiam.employee.console.pojo.query.app.AppPermissionActionListQuery; import cn.topiam.employee.console.pojo.result.app.AppPermissionActionListResult; import cn.topiam.employee.console.service.app.AppPermissionActionService; - +import com.querydsl.core.types.Predicate; import lombok.RequiredArgsConstructor; +import org.springframework.stereotype.Service; + +import java.util.List; /** *

diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionPolicyServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionPolicyServiceImpl.java index 2a31d7cf..5ea522a7 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionPolicyServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionPolicyServiceImpl.java @@ -17,10 +17,6 @@ */ package cn.topiam.employee.console.service.app.impl; -import org.springframework.data.querydsl.QPageRequest; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - import cn.topiam.employee.common.entity.app.AppPermissionPolicyEntity; import cn.topiam.employee.common.entity.app.po.AppPermissionPolicyPO; import cn.topiam.employee.common.entity.app.query.AppPolicyQuery; @@ -34,8 +30,10 @@ import cn.topiam.employee.console.pojo.update.app.AppPermissionPolicyUpdateParam import cn.topiam.employee.console.service.app.AppPermissionPolicyService; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; - import lombok.RequiredArgsConstructor; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; /** *

diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionResourceServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionResourceServiceImpl.java index 506d0ca4..79cce90d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionResourceServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionResourceServiceImpl.java @@ -17,20 +17,6 @@ */ package cn.topiam.employee.console.service.app.impl; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; -import java.util.Set; -import java.util.stream.Collectors; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.data.querydsl.QPageRequest; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -import com.querydsl.core.types.Predicate; -import com.querydsl.core.types.dsl.BooleanExpression; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.TargetType; @@ -54,8 +40,20 @@ import cn.topiam.employee.support.exception.BadParamsException; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.util.BeanUtils; - +import com.querydsl.core.types.Predicate; +import com.querydsl.core.types.dsl.BooleanExpression; import lombok.RequiredArgsConstructor; +import org.apache.commons.lang3.StringUtils; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; + import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; @@ -231,8 +229,7 @@ public class AppPermissionResourceServiceImpl implements AppPermissionResourceSe if (StringUtils.equals(entity.getName(), value)) { return true; } - BooleanExpression eq = role.name.eq(value); - eq.and(role.appId.eq(appId)); + BooleanExpression eq = role.name.eq(value).and(role.appId.eq(appId)); result = !appResourceRepository.exists(eq); } //资源编码 @@ -240,8 +237,7 @@ public class AppPermissionResourceServiceImpl implements AppPermissionResourceSe if (StringUtils.equals(entity.getCode(), value)) { return true; } - BooleanExpression eq = role.code.eq(value); - eq.and(role.appId.eq(appId)); + BooleanExpression eq = role.code.eq(value).and(role.appId.eq(appId)); result = !appResourceRepository.exists(eq); } return result; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionRoleServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionRoleServiceImpl.java index dfe9a780..116825ab 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionRoleServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppPermissionRoleServiceImpl.java @@ -17,19 +17,6 @@ */ package cn.topiam.employee.console.service.app.impl; -import java.util.Arrays; -import java.util.List; -import java.util.Objects; -import java.util.Optional; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.data.querydsl.QPageRequest; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -import com.querydsl.core.types.Predicate; -import com.querydsl.core.types.dsl.BooleanExpression; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.TargetType; @@ -49,8 +36,19 @@ import cn.topiam.employee.console.service.app.AppPermissionRoleService; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.util.BeanUtils; - +import com.querydsl.core.types.Predicate; +import com.querydsl.core.types.dsl.BooleanExpression; import lombok.RequiredArgsConstructor; +import org.apache.commons.lang3.StringUtils; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.Arrays; +import java.util.List; +import java.util.Objects; +import java.util.Optional; + import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppSaml2ServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppSaml2ServiceImpl.java index 112606a3..4c00072e 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppSaml2ServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppSaml2ServiceImpl.java @@ -17,15 +17,21 @@ */ package cn.topiam.employee.console.service.app.impl; -import java.io.IOException; -import java.io.InputStream; -import java.security.cert.X509Certificate; -import java.util.List; -import java.util.Objects; -import java.util.Optional; - -import javax.servlet.http.HttpServletResponse; - +import cn.topiam.employee.application.ApplicationService; +import cn.topiam.employee.application.ApplicationServiceLoader; +import cn.topiam.employee.application.exception.AppNotExistException; +import cn.topiam.employee.application.exception.ParseSaml2MetadataException; +import cn.topiam.employee.application.saml2.Saml2ApplicationService; +import cn.topiam.employee.application.saml2.model.Saml2ProtocolConfig; +import cn.topiam.employee.common.entity.app.AppEntity; +import cn.topiam.employee.common.repository.app.AppRepository; +import cn.topiam.employee.common.repository.app.AppSaml2ConfigRepository; +import cn.topiam.employee.console.pojo.result.app.ParseSaml2MetadataResult; +import cn.topiam.employee.console.service.app.AppSaml2Service; +import cn.topiam.employee.protocol.saml2.idp.util.Saml2Utils; +import cn.topiam.employee.support.context.ServletContextHelp; +import cn.topiam.employee.support.util.CertUtils; +import lombok.AllArgsConstructor; import org.apache.commons.lang3.StringUtils; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; @@ -38,28 +44,19 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; -import cn.topiam.employee.application.ApplicationService; -import cn.topiam.employee.application.ApplicationServiceLoader; -import cn.topiam.employee.application.Saml2ApplicationService; -import cn.topiam.employee.application.exception.AppNotExistException; -import cn.topiam.employee.application.exception.ParseSaml2MetadataException; -import cn.topiam.employee.common.entity.app.AppEntity; -import cn.topiam.employee.common.repository.app.AppRepository; -import cn.topiam.employee.common.repository.app.AppSaml2ConfigRepository; -import cn.topiam.employee.console.pojo.result.app.ParseSaml2MetadataResult; -import cn.topiam.employee.console.service.app.AppSaml2Service; -import cn.topiam.employee.core.protocol.Saml2ProtocolConfig; -import cn.topiam.employee.protocol.saml2.idp.util.Saml2Utils; -import cn.topiam.employee.support.context.ServletContextHelp; -import cn.topiam.employee.support.util.CertUtils; - -import lombok.AllArgsConstructor; -import static org.opensaml.saml.common.xml.SAMLConstants.SAML20P_NS; -import static org.opensaml.security.credential.UsageType.SIGNING; -import static org.springframework.http.HttpHeaders.CONTENT_DISPOSITION; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.InputStream; +import java.security.cert.X509Certificate; +import java.util.List; +import java.util.Objects; +import java.util.Optional; import static cn.topiam.employee.common.util.SamlKeyStoreProvider.getEntityDescriptors; import static cn.topiam.employee.common.util.SamlUtils.transformSamlObject2String; +import static org.opensaml.saml.common.xml.SAMLConstants.SAML20P_NS; +import static org.opensaml.security.credential.UsageType.SIGNING; +import static org.springframework.http.HttpHeaders.CONTENT_DISPOSITION; /** * 应用SAML详情 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppServiceImpl.java index 72aa01d0..479a4ec5 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppServiceImpl.java @@ -17,17 +17,6 @@ */ package cn.topiam.employee.console.service.app.impl; -import java.time.LocalDateTime; -import java.util.Map; -import java.util.Optional; - -import org.springframework.data.querydsl.QPageRequest; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -import com.querydsl.core.types.OrderSpecifier; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.application.ApplicationService; import cn.topiam.employee.application.ApplicationServiceLoader; import cn.topiam.employee.application.exception.AppNotExistException; @@ -53,9 +42,18 @@ import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.util.BeanUtils; - +import com.querydsl.core.types.OrderSpecifier; +import com.querydsl.core.types.Predicate; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.time.LocalDateTime; +import java.util.Map; +import java.util.Optional; + import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; @@ -175,6 +173,12 @@ public class AppServiceImpl implements AppService { */ @Override public Boolean enableApp(String id) { + Optional optional = appRepository.findById(Long.valueOf(id)); + if (optional.isEmpty()) { + AuditContext.setContent("操作失败,应用不存在"); + log.warn(AuditContext.getContent()); + throw new TopIamException(AuditContext.getContent()); + } Integer count = appRepository.updateAppStatus(Long.valueOf(id), Boolean.TRUE); AuditContext.setTarget(Target.builder().id(id).type(TargetType.APPLICATION).build()); return count > 0; @@ -188,6 +192,12 @@ public class AppServiceImpl implements AppService { */ @Override public Boolean disableApp(String id) { + Optional optional = appRepository.findById(Long.valueOf(id)); + if (optional.isEmpty()) { + AuditContext.setContent("操作失败,应用不存在"); + log.warn(AuditContext.getContent()); + throw new TopIamException(AuditContext.getContent()); + } Integer count = appRepository.updateAppStatus(Long.valueOf(id), Boolean.FALSE); AuditContext.setTarget(Target.builder().id(id).type(TargetType.APPLICATION).build()); return count > 0; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppTemplateServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppTemplateServiceImpl.java index 41f113f3..18a10ac6 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppTemplateServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/AppTemplateServiceImpl.java @@ -17,19 +17,17 @@ */ package cn.topiam.employee.console.service.app.impl; -import java.util.*; -import java.util.stream.Collectors; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.stereotype.Service; - import cn.topiam.employee.application.ApplicationService; import cn.topiam.employee.application.ApplicationServiceLoader; import cn.topiam.employee.common.enums.app.AppType; import cn.topiam.employee.console.pojo.result.app.AppTemplateResult; import cn.topiam.employee.console.service.app.AppTemplateService; - import lombok.AllArgsConstructor; +import org.apache.commons.lang3.StringUtils; +import org.springframework.stereotype.Service; + +import java.util.*; +import java.util.stream.Collectors; /** * ApplicationTemplateServiceImpl diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/UserIdpBindServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/UserIdpBindServiceImpl.java index 2d7d09bc..b0fba1e0 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/UserIdpBindServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/app/impl/UserIdpBindServiceImpl.java @@ -17,12 +17,6 @@ */ package cn.topiam.employee.console.service.app.impl; -import java.util.List; -import java.util.Optional; - -import org.springframework.stereotype.Component; -import org.springframework.transaction.annotation.Transactional; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.TargetType; @@ -33,9 +27,13 @@ import cn.topiam.employee.console.pojo.result.app.UserIdpBindListResult; import cn.topiam.employee.console.service.app.UserIdpBindService; import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.repository.page.domain.Page; - import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; +import org.springframework.transaction.annotation.Transactional; + +import java.util.List; +import java.util.Optional; /** * 用户身份提供商绑定 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/IdentityProviderService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/IdentityProviderService.java index a7a221dc..37a8b8c0 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/IdentityProviderService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/IdentityProviderService.java @@ -17,10 +17,7 @@ */ package cn.topiam.employee.console.service.authentication; -import java.util.List; - import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; -import cn.topiam.employee.common.enums.IdentityProviderType; import cn.topiam.employee.console.pojo.query.authentication.IdentityProviderListQuery; import cn.topiam.employee.console.pojo.result.authentication.IdentityProviderCreateResult; import cn.topiam.employee.console.pojo.result.authentication.IdentityProviderListResult; @@ -30,6 +27,8 @@ import cn.topiam.employee.console.pojo.update.authentication.IdpUpdateParam; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; +import java.util.List; + /** *

* 身份认证源配置 服务类 @@ -50,10 +49,10 @@ public interface IdentityProviderService { /** * 通过平台类型获取 * - * @param provider {@link IdentityProviderType} + * @param provider {@link String} * @return {@link IdentityProviderEntity} */ - List getByIdentityProvider(IdentityProviderType provider); + List getByIdentityProvider(String provider); /** * 认证源列表 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/impl/IdentityProviderServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/impl/IdentityProviderServiceImpl.java index 230e462a..c789bd13 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/impl/IdentityProviderServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/authentication/impl/IdentityProviderServiceImpl.java @@ -17,17 +17,10 @@ */ package cn.topiam.employee.console.service.authentication.impl; -import java.util.List; -import java.util.Optional; - -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.TargetType; import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; -import cn.topiam.employee.common.enums.IdentityProviderType; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; import cn.topiam.employee.console.converter.authentication.IdentityProviderConverter; import cn.topiam.employee.console.pojo.query.authentication.IdentityProviderListQuery; @@ -43,9 +36,14 @@ import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.repository.page.domain.QueryDslRequest; import cn.topiam.employee.support.util.BeanUtils; - import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.List; +import java.util.Optional; + import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.DEFAULT_SECURITY_FILTER_CHAIN; /** @@ -77,11 +75,11 @@ public class IdentityProviderServiceImpl implements IdentityProviderService { /** * 通过平台类型获取 * - * @param provider {@link IdentityProviderType} + * @param provider {@link String} * @return {@link IdentityProviderEntity} */ @Override - public List getByIdentityProvider(IdentityProviderType provider) { + public List getByIdentityProvider(String provider) { return identityProviderRepository.findByType(provider); } @@ -158,7 +156,8 @@ public class IdentityProviderServiceImpl implements IdentityProviderService { identityProviderRepository.save(entity); ApplicationContextHelp.refresh(DEFAULT_SECURITY_FILTER_CHAIN); AuditContext.setTarget(Target.builder().id(entity.getId().toString()) - .type(TargetType.IDENTITY_PROVIDER).build()); + .name(entity.getName()).type(TargetType.IDENTITY_PROVIDER) + .typeName(TargetType.IDENTITY_PROVIDER.getDesc()).build()); return true; } throw new NullPointerException("系统不存在该身份源"); @@ -195,6 +194,14 @@ public class IdentityProviderServiceImpl implements IdentityProviderService { */ @Override public Boolean updateIdentityProviderStatus(String id, Boolean enabled) { + Optional optional = identityProviderRepository + .findById(Long.valueOf(id)); + //管理员不存在 + if (optional.isEmpty()) { + AuditContext.setContent("删除失败,认证源不存在"); + log.warn(AuditContext.getContent()); + throw new TopIamException(AuditContext.getContent()); + } boolean result = identityProviderRepository.updateIdentityProviderStatus(Long.valueOf(id), enabled) > 0; ApplicationContextHelp.refresh(DEFAULT_SECURITY_FILTER_CHAIN); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/IdentitySourceService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/IdentitySourceService.java index f2b51d12..4ff1b704 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/IdentitySourceService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/IdentitySourceService.java @@ -17,8 +17,6 @@ */ package cn.topiam.employee.console.service.identitysource; -import java.util.List; - import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity; import cn.topiam.employee.console.pojo.other.IdentitySourceConfigValidatorParam; import cn.topiam.employee.console.pojo.query.identity.IdentitySourceListQuery; @@ -30,6 +28,8 @@ import cn.topiam.employee.console.pojo.update.identity.IdentitySourceUpdateParam import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; +import java.util.List; + /** *

* 身份源配置 服务类 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceEventRecordServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceEventRecordServiceImpl.java index eaad562f..9f47527b 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceEventRecordServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceEventRecordServiceImpl.java @@ -17,14 +17,6 @@ */ package cn.topiam.employee.console.service.identitysource.impl; -import java.time.LocalDateTime; - -import org.springframework.data.querydsl.QPageRequest; -import org.springframework.stereotype.Service; - -import com.querydsl.core.types.OrderSpecifier; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.common.entity.identitysource.IdentitySourceEventRecordEntity; import cn.topiam.employee.common.entity.identitysource.QIdentitySourceEventRecordEntity; import cn.topiam.employee.common.repository.identitysource.IdentitySourceEventRecordRepository; @@ -34,8 +26,13 @@ import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceEvent import cn.topiam.employee.console.service.identitysource.IdentitySourceEventRecordService; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; - +import com.querydsl.core.types.OrderSpecifier; +import com.querydsl.core.types.Predicate; import lombok.AllArgsConstructor; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; + +import java.time.LocalDateTime; /** * 身份源事件记录 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceServiceImpl.java index fcf930e4..d52b8bd7 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceServiceImpl.java @@ -17,15 +17,6 @@ */ package cn.topiam.employee.console.service.identitysource.impl; -import java.util.List; -import java.util.Optional; - -import org.springframework.cache.annotation.CacheConfig; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -import com.alibaba.fastjson2.JSONObject; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.TargetType; @@ -52,9 +43,16 @@ import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.repository.page.domain.QueryDslRequest; import cn.topiam.employee.support.util.BeanUtils; - +import com.alibaba.fastjson2.JSONObject; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.cache.annotation.CacheConfig; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.List; +import java.util.Optional; + import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; @@ -228,6 +226,13 @@ public class IdentitySourceServiceImpl implements IdentitySourceService { */ @Override public void updateStrategyConfig(Long id, String strategyConfig) { + Optional optional = identitySourceRepository.findById(id); + //用户不存在 + if (optional.isEmpty()) { + AuditContext.setContent("操作失败,身份源不存在"); + log.warn(AuditContext.getContent()); + throw new TopIamException(AuditContext.getContent()); + } identitySourceRepository.updateStrategyConfig(id, strategyConfig); AuditContext .setTarget(Target.builder().id(id.toString()).type(TargetType.IDENTITY_SOURCE).build()); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceSyncServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceSyncServiceImpl.java index 728acc2d..6bf61efb 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceSyncServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/identitysource/impl/IdentitySourceSyncServiceImpl.java @@ -17,16 +17,6 @@ */ package cn.topiam.employee.console.service.identitysource.impl; -import java.time.LocalDateTime; -import java.util.Objects; - -import org.apache.commons.lang3.ObjectUtils; -import org.springframework.data.querydsl.QPageRequest; -import org.springframework.stereotype.Service; - -import com.querydsl.core.types.OrderSpecifier; -import com.querydsl.core.types.Predicate; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.common.entity.identitysource.IdentitySourceEntity; @@ -46,9 +36,17 @@ import cn.topiam.employee.identitysource.core.event.IdentitySourceEventUtils; import cn.topiam.employee.identitysource.core.exception.IdentitySourceNotExistException; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; - +import com.querydsl.core.types.OrderSpecifier; +import com.querydsl.core.types.Predicate; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.ObjectUtils; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; + +import java.time.LocalDateTime; +import java.util.Objects; + import static cn.topiam.employee.audit.enums.TargetType.IDENTITY_SOURCE; /** @@ -113,8 +111,8 @@ public class IdentitySourceSyncServiceImpl implements IdentitySourceSyncService */ @Override public void executeIdentitySourceSync(String id) { - AuditContext.setTarget(Target.builder().id(id).type(IDENTITY_SOURCE).build()); IdentitySourceEntity entity = identitySourceService.getIdentitySource(id); + AuditContext.setTarget(Target.builder().id(id).type(IDENTITY_SOURCE).build()); if (!ObjectUtils.isEmpty(entity)) { if (Objects.isNull(entity.getBasicConfig())) { throw new NullPointerException("请完善参数配置"); diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/AdministratorService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/AdministratorService.java index f1fc0191..b4bbd60c 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/AdministratorService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/AdministratorService.java @@ -27,6 +27,8 @@ import cn.topiam.employee.console.pojo.update.setting.AdministratorUpdateParam; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; +import java.time.LocalDateTime; + /** * 管理员 * @@ -103,4 +105,13 @@ public interface AdministratorService { * @return {@link Boolean} */ Boolean administratorParamCheck(CheckValidityType type, String value, Long id); + + /** + * 更新认证成功信息 + * + * @param id {@link String} + * @param ip {@link String} + * @param loginTime {@link LocalDateTime} + */ + Boolean updateAuthSucceedInfo(String id, String ip, LocalDateTime loginTime); } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/MailTemplateService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/MailTemplateService.java index e0226817..ee13c1fd 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/MailTemplateService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/MailTemplateService.java @@ -17,14 +17,14 @@ */ package cn.topiam.employee.console.service.setting; -import java.util.List; - import cn.topiam.employee.common.entity.setting.MailTemplateEntity; import cn.topiam.employee.common.enums.MailType; import cn.topiam.employee.console.pojo.result.setting.EmailTemplateListResult; import cn.topiam.employee.console.pojo.result.setting.EmailTemplateResult; import cn.topiam.employee.console.pojo.save.setting.EmailCustomTemplateSaveParam; +import java.util.List; + /** *

* 邮件模板 服务类 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/PasswordPolicyService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/PasswordPolicyService.java index d90c3e64..e9079176 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/PasswordPolicyService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/PasswordPolicyService.java @@ -17,12 +17,12 @@ */ package cn.topiam.employee.console.service.setting; -import java.util.List; - import cn.topiam.employee.console.pojo.result.setting.PasswordPolicyConfigResult; import cn.topiam.employee.console.pojo.result.setting.WeakPasswordLibListResult; import cn.topiam.employee.console.pojo.save.setting.PasswordPolicySaveParam; +import java.util.List; + /** *

* 密码策略 服务类 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SettingService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SettingService.java index 8d32d701..6d57f493 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SettingService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SettingService.java @@ -17,10 +17,10 @@ */ package cn.topiam.employee.console.service.setting; -import java.util.List; - import cn.topiam.employee.common.entity.setting.SettingEntity; +import java.util.List; + /** * @author TopIAM * Created by support@topiam.cn on 2021/11/9 22:30 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SmsTemplateService.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SmsTemplateService.java index a75d581b..ca555c9e 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SmsTemplateService.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/SmsTemplateService.java @@ -17,11 +17,11 @@ */ package cn.topiam.employee.console.service.setting; -import java.util.List; - import cn.topiam.employee.common.enums.Language; import cn.topiam.employee.console.pojo.result.setting.SmsTemplateListResult; +import java.util.List; + /** *

* 短信模版 服务类 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/AdministratorServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/AdministratorServiceImpl.java index abcf8738..fe5df7b5 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/AdministratorServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/AdministratorServiceImpl.java @@ -17,25 +17,6 @@ */ package cn.topiam.employee.console.service.setting.impl; -import java.nio.charset.StandardCharsets; -import java.util.Base64; -import java.util.List; -import java.util.Objects; -import java.util.Optional; -import java.util.concurrent.Executor; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.data.querydsl.QPageRequest; -import org.springframework.scheduling.annotation.AsyncConfigurer; -import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.session.Session; -import org.springframework.session.security.SpringSessionBackedSessionRegistry; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - -import com.querydsl.core.types.Predicate; -import com.querydsl.core.types.dsl.BooleanExpression; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.TargetType; @@ -59,8 +40,26 @@ import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.util.BeanUtils; - +import com.querydsl.core.types.Predicate; +import com.querydsl.core.types.dsl.BooleanExpression; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.scheduling.annotation.AsyncConfigurer; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.session.Session; +import org.springframework.session.security.SpringSessionBackedSessionRegistry; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.nio.charset.StandardCharsets; +import java.time.LocalDateTime; +import java.util.Base64; +import java.util.List; +import java.util.Objects; +import java.util.Optional; +import java.util.concurrent.Executor; + import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; @@ -118,8 +117,9 @@ public class AdministratorServiceImpl implements AdministratorService { AdministratorEntity entity = administratorConverter .administratorCreateParamConvertToEntity(param); administratorRepository.save(entity); - AuditContext.setTarget( - Target.builder().id(entity.getId().toString()).type(TargetType.ADMINISTRATOR).build()); + AuditContext.setTarget(Target.builder().id(entity.getId().toString()) + .name(entity.getUsername()).type(TargetType.ADMINISTRATOR) + .typeName(TargetType.ADMINISTRATOR.getDesc()).build()); return true; } @@ -138,8 +138,9 @@ public class AdministratorServiceImpl implements AdministratorService { AuditContext.setContent(source.getUsername()); BeanUtils.merge(source, target, LAST_MODIFIED_TIME, LAST_MODIFIED_BY); administratorRepository.save(target); - AuditContext.setTarget( - Target.builder().id(target.getId().toString()).type(TargetType.ADMINISTRATOR).build()); + AuditContext.setTarget(Target.builder().id(target.getId().toString()) + .name(target.getUsername()).type(TargetType.ADMINISTRATOR) + .typeName(TargetType.ADMINISTRATOR.getDesc()).build()); return true; } @@ -203,6 +204,13 @@ public class AdministratorServiceImpl implements AdministratorService { */ @Override public Boolean resetAdministratorPassword(String id, String password) { + Optional optional = administratorRepository.findById(Long.valueOf(id)); + //管理员不存在 + if (optional.isEmpty()) { + AuditContext.setContent("删除失败,管理员不存在"); + log.warn(AuditContext.getContent()); + throw new TopIamException("操作失败"); + } password = new String( Base64.getUrlDecoder().decode(password.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8); @@ -269,6 +277,19 @@ public class AdministratorServiceImpl implements AdministratorService { return result; } + + /** + * 更新认证成功信息 + * + * @param id {@link String} + * @param ip {@link String} + * @param loginTime {@link LocalDateTime} + */ + public Boolean updateAuthSucceedInfo(String id, String ip, LocalDateTime loginTime) { + administratorRepository.updateAuthSucceedInfo(id,ip,loginTime); + return true; + } + /** * 查询管理员详情 * @@ -278,7 +299,7 @@ public class AdministratorServiceImpl implements AdministratorService { @Override public AdministratorResult getAdministrator(String id) { AdministratorEntity entity = administratorRepository.findById(Long.valueOf(id)) - .orElse(null); + .orElse(null); return administratorConverter.entityConvertToAdministratorDetailsResult(entity); } @@ -291,7 +312,7 @@ public class AdministratorServiceImpl implements AdministratorService { /** * AdministratorConverter */ - private final AdministratorConverter administratorConverter; + private final AdministratorConverter administratorConverter; /** * AdministratorRepository @@ -301,7 +322,7 @@ public class AdministratorServiceImpl implements AdministratorService { /** * PasswordEncoder */ - private final PasswordEncoder passwordEncoder; + private final PasswordEncoder passwordEncoder; /** * SessionRegistry diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/GeoLocationSettingServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/GeoLocationSettingServiceImpl.java index 1eee44bc..9280cd49 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/GeoLocationSettingServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/GeoLocationSettingServiceImpl.java @@ -17,9 +17,6 @@ */ package cn.topiam.employee.console.service.setting.impl; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.geo.GeoLocation; import cn.topiam.employee.common.geo.GeoLocationService; @@ -29,8 +26,10 @@ import cn.topiam.employee.console.pojo.result.setting.GeoIpProviderResult; import cn.topiam.employee.console.pojo.save.setting.GeoIpProviderSaveParam; import cn.topiam.employee.console.service.setting.GeoLocationSettingService; import cn.topiam.employee.support.context.ApplicationContextHelp; - import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.GEO_LOCATION; import static cn.topiam.employee.core.setting.constant.GeoIpProviderConstants.IPADDRESS_SETTING_NAME; @@ -57,7 +56,6 @@ public class GeoLocationSettingServiceImpl extends SettingServiceImpl SettingEntity settingEntity = geoLocationSettingsConverter .geoLocationProviderConfigToEntity(param); Boolean success = saveSetting(settingEntity); - downloadDbFile(); ApplicationContextHelp.refresh(GEO_LOCATION); return success; } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MailTemplateServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MailTemplateServiceImpl.java index a0a55f18..dc054f91 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MailTemplateServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MailTemplateServiceImpl.java @@ -17,19 +17,6 @@ */ package cn.topiam.employee.console.service.setting.impl; -import java.util.Arrays; -import java.util.List; -import java.util.Objects; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.cache.annotation.CacheConfig; -import org.springframework.cache.annotation.CacheEvict; -import org.springframework.cache.annotation.CachePut; -import org.springframework.cache.annotation.Cacheable; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.TargetType; @@ -43,6 +30,19 @@ import cn.topiam.employee.console.pojo.result.setting.EmailTemplateResult; import cn.topiam.employee.console.pojo.save.setting.EmailCustomTemplateSaveParam; import cn.topiam.employee.console.service.setting.MailTemplateService; import cn.topiam.employee.support.util.BeanUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.cache.annotation.CacheConfig; +import org.springframework.cache.annotation.CacheEvict; +import org.springframework.cache.annotation.CachePut; +import org.springframework.cache.annotation.Cacheable; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.Arrays; +import java.util.List; +import java.util.Objects; + import static cn.topiam.employee.core.setting.constant.MessageSettingConstants.SETTING_EMAIL_TEMPLATE_CACHE_NAME; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MessageSettingServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MessageSettingServiceImpl.java index 04fc3b43..4deae7c9 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MessageSettingServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/MessageSettingServiceImpl.java @@ -17,8 +17,6 @@ */ package cn.topiam.employee.console.service.setting.impl; -import org.springframework.stereotype.Service; - import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.repository.setting.SettingRepository; import cn.topiam.employee.console.converter.setting.MessageSettingConverter; @@ -28,6 +26,8 @@ import cn.topiam.employee.console.pojo.save.setting.SmsProviderSaveParam; import cn.topiam.employee.console.pojo.setting.SmsProviderConfigResult; import cn.topiam.employee.console.service.setting.MessageSettingService; import cn.topiam.employee.support.context.ApplicationContextHelp; +import org.springframework.stereotype.Service; + import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.MAIL_PROVIDER_SEND; import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.SMS_PROVIDER_SEND; import static cn.topiam.employee.core.setting.constant.MessageSettingConstants.MESSAGE_PROVIDER_EMAIL; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/PasswordPolicyServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/PasswordPolicyServiceImpl.java index 1c99a15d..5b2124aa 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/PasswordPolicyServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/PasswordPolicyServiceImpl.java @@ -17,12 +17,6 @@ */ package cn.topiam.employee.console.service.setting.impl; -import java.util.ArrayList; -import java.util.List; - -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - import cn.topiam.employee.common.constants.ConfigBeanNameConstants; import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.repository.setting.SettingRepository; @@ -33,6 +27,12 @@ import cn.topiam.employee.console.pojo.save.setting.PasswordPolicySaveParam; import cn.topiam.employee.console.service.setting.PasswordPolicyService; import cn.topiam.employee.core.security.password.weak.PasswordWeakLib; import cn.topiam.employee.support.context.ApplicationContextHelp; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.ArrayList; +import java.util.List; + import static cn.topiam.employee.core.setting.constant.PasswordPolicySettingConstants.PASSWORD_POLICY_KEYS; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SecuritySettingServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SecuritySettingServiceImpl.java index bcf70245..5d45bc4d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SecuritySettingServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SecuritySettingServiceImpl.java @@ -17,15 +17,6 @@ */ package cn.topiam.employee.console.service.setting.impl; -import java.util.List; -import java.util.concurrent.Executor; - -import org.springframework.scheduling.annotation.AsyncConfigurer; -import org.springframework.session.Session; -import org.springframework.session.security.SpringSessionBackedSessionRegistry; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; - import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.enums.MfaMode; import cn.topiam.employee.common.repository.setting.SettingRepository; @@ -40,6 +31,15 @@ import cn.topiam.employee.console.service.setting.SecuritySettingService; import cn.topiam.employee.core.security.session.SessionDetails; import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.context.ServletContextHelp; +import org.springframework.scheduling.annotation.AsyncConfigurer; +import org.springframework.session.Session; +import org.springframework.session.security.SpringSessionBackedSessionRegistry; +import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; + +import java.util.List; +import java.util.concurrent.Executor; + import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.CAPTCHA_VALIDATOR; import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.DEFAULT_SECURITY_FILTER_CHAIN; import static cn.topiam.employee.core.setting.constant.MfaSettingConstants.MFA_SETTING_KEYS; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SettingServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SettingServiceImpl.java index 9621e5ea..a97f0dcf 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SettingServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SettingServiceImpl.java @@ -17,17 +17,16 @@ */ package cn.topiam.employee.console.service.setting.impl; -import java.util.List; -import java.util.Objects; - -import org.springframework.transaction.annotation.Transactional; - import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.repository.setting.SettingRepository; import cn.topiam.employee.console.service.setting.SettingService; import cn.topiam.employee.support.util.BeanUtils; - import lombok.AllArgsConstructor; +import org.springframework.transaction.annotation.Transactional; + +import java.util.List; +import java.util.Objects; + import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SmsTemplateServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SmsTemplateServiceImpl.java index b8f54b6c..eb76e970 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SmsTemplateServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/SmsTemplateServiceImpl.java @@ -17,19 +17,17 @@ */ package cn.topiam.employee.console.service.setting.impl; -import java.util.List; -import java.util.Locale; -import java.util.ResourceBundle; - -import org.springframework.stereotype.Service; - -import com.google.common.collect.Lists; - import cn.topiam.employee.common.enums.Language; import cn.topiam.employee.common.enums.SmsType; import cn.topiam.employee.common.repository.setting.SettingRepository; import cn.topiam.employee.console.pojo.result.setting.SmsTemplateListResult; import cn.topiam.employee.console.service.setting.SmsTemplateService; +import com.google.common.collect.Lists; +import org.springframework.stereotype.Service; + +import java.util.List; +import java.util.Locale; +import java.util.ResourceBundle; /** *

diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/StorageSettingServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/StorageSettingServiceImpl.java index c6a4ca06..ab1b6b76 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/StorageSettingServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/StorageSettingServiceImpl.java @@ -17,8 +17,6 @@ */ package cn.topiam.employee.console.service.setting.impl; -import org.springframework.stereotype.Service; - import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.repository.setting.SettingRepository; import cn.topiam.employee.console.converter.setting.StorageSettingConverter; @@ -26,6 +24,8 @@ import cn.topiam.employee.console.pojo.result.setting.StorageProviderConfigResul import cn.topiam.employee.console.pojo.save.setting.StorageConfigSaveParam; import cn.topiam.employee.console.service.setting.StorageSettingService; import cn.topiam.employee.support.context.ApplicationContextHelp; +import org.springframework.stereotype.Service; + import static cn.topiam.employee.core.setting.constant.StorageProviderSettingConstants.STORAGE_BEAN_NAME; import static cn.topiam.employee.core.setting.constant.StorageProviderSettingConstants.STORAGE_PROVIDER_KEY; diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/CustomRedisSessionRepository.java b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/CustomRedisSessionRepository.java new file mode 100644 index 00000000..4c2a9d26 --- /dev/null +++ b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/CustomRedisSessionRepository.java @@ -0,0 +1,78 @@ +/* + * eiam-core - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.core.configuration; + +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import org.springframework.data.redis.core.RedisOperations; +import org.springframework.session.FindByIndexNameSessionRepository; +import org.springframework.session.Session; +import org.springframework.session.data.redis.RedisIndexedSessionRepository; + +public class CustomRedisSessionRepository extends RedisIndexedSessionRepository { + + /** + * The default namespace for each key and channel in Redis used by Spring Session. + */ + public static final String DEFAULT_NAMESPACE = "spring:session"; + + /** + * The namespace for every key used by Spring Session in Redis. + */ + private String namespace = DEFAULT_NAMESPACE + ":"; + + private final RedisOperations sessionRedisOperations; + + public CustomRedisSessionRepository(RedisOperations sessionRedisOperations) { + super(sessionRedisOperations); + this.sessionRedisOperations = sessionRedisOperations; + } + + @Override + public Map findByIndexNameAndIndexValue(String indexName, String indexValue) { + if (!PRINCIPAL_NAME_INDEX_NAME.equals(indexName)) { + return Collections.emptyMap(); + } + String principalKey = getPrincipalKey(indexValue); + + Set sessionIds = this.sessionRedisOperations.boundSetOps(principalKey).members(); + Map sessions = new HashMap<>(sessionIds.size()); + for (Object id : sessionIds) { + // TODO + Session session = findById((String) id); + if (session != null) { + sessions.put(session.getId(), session); + } + } + return sessions; + } + + String getPrincipalKey(String principalName) { + return this.namespace + "index:" + + FindByIndexNameSessionRepository.PRINCIPAL_NAME_INDEX_NAME + ":" + principalName; + } + + @Override + public void setRedisKeyNamespace(String namespace) { + super.setRedisKeyNamespace(namespace); + this.namespace = namespace.trim() + ":"; + } +} diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamCacheConfiguration.java b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamCacheConfiguration.java index 63d0fa57..5681b008 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamCacheConfiguration.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamCacheConfiguration.java @@ -17,6 +17,7 @@ */ package cn.topiam.employee.core.configuration; +import java.nio.charset.StandardCharsets; import java.util.LinkedHashSet; import java.util.List; @@ -27,8 +28,13 @@ import org.springframework.cache.interceptor.KeyGenerator; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.data.redis.cache.RedisCacheConfiguration; +import org.springframework.data.redis.connection.RedisConnectionFactory; +import org.springframework.data.redis.core.RedisTemplate; +import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.data.redis.serializer.GenericJackson2JsonRedisSerializer; import org.springframework.data.redis.serializer.RedisSerializationContext; +import org.springframework.data.redis.serializer.RedisSerializer; +import org.springframework.lang.Nullable; import com.fasterxml.jackson.annotation.JsonAutoDetect; import com.fasterxml.jackson.annotation.JsonTypeInfo; @@ -113,6 +119,64 @@ public class EiamCacheConfiguration { return config; } + /** + * 自定义 RedisTemplate + * + * @param redisConnectionFactory {@link RedisConnectionFactory} + * @return {@link RedisTemplate} + */ + @Bean + public RedisTemplate redisTemplate(RedisConnectionFactory redisConnectionFactory) { + RedisTemplate redisTemplate = new RedisTemplate<>(); + redisTemplate.setConnectionFactory(redisConnectionFactory); + ObjectMapper objectMapper = jacksonObjectMapper.copy(); + // 指定要序列化的域,field,get和set,以及修饰符范围,ANY是都有包括private和public + objectMapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY); + // 指定序列化输入的类型 + objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(), + ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); + GenericJackson2JsonRedisSerializer serializer = new GenericJackson2JsonRedisSerializer( + objectMapper); + // 设置value的序列化规则和 key的序列化规则 + redisTemplate.setKeySerializer( + new KeyStringRedisSerializer(cacheProperties.getRedis().getKeyPrefix())); + redisTemplate.setHashKeySerializer( + new KeyStringRedisSerializer(cacheProperties.getRedis().getKeyPrefix())); + //jackson2JsonRedisSerializer就是JSON序列号规则, + redisTemplate.setValueSerializer(serializer); + redisTemplate.afterPropertiesSet(); + return redisTemplate; + } + + /** + * 配置 StringRedisTemplate + * + * @param redisConnectionFactory {@link RedisConnectionFactory} + * @return {@link StringRedisTemplate} + */ + @Bean + public StringRedisTemplate stringRedisTemplate(RedisConnectionFactory redisConnectionFactory) { + StringRedisTemplate template = new StringRedisTemplate(); + template.setConnectionFactory(redisConnectionFactory); + ObjectMapper objectMapper = jacksonObjectMapper.copy(); + // 指定要序列化的域,field,get和set,以及修饰符范围,ANY是都有包括private和public + objectMapper.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.ANY); + // 指定序列化输入的类型 + objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(), + ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); + GenericJackson2JsonRedisSerializer serializer = new GenericJackson2JsonRedisSerializer( + objectMapper); + //key配置 + template.setKeySerializer( + new KeyStringRedisSerializer(cacheProperties.getRedis().getKeyPrefix())); + template.setHashKeySerializer( + new KeyStringRedisSerializer(cacheProperties.getRedis().getKeyPrefix())); + //value配置 + template.setValueSerializer(serializer); + template.setHashValueSerializer(serializer); + return template; + } + private final CacheProperties cacheProperties; private final ObjectMapper jacksonObjectMapper; @@ -122,4 +186,23 @@ public class EiamCacheConfiguration { this.cacheProperties = cacheProperties; this.jacksonObjectMapper = jacksonObjectMapper; } + + private class KeyStringRedisSerializer implements RedisSerializer { + private final String keyPrefix; + + private KeyStringRedisSerializer(String keyPrefix) { + this.keyPrefix = keyPrefix + COLON; + } + + @Override + public String deserialize(@Nullable byte[] bytes) { + return (bytes == null ? null + : new String(bytes, StandardCharsets.UTF_8).replaceFirst(keyPrefix, "")); + } + + @Override + public byte[] serialize(@Nullable String string) { + return (string == null ? null : (keyPrefix + string).getBytes(StandardCharsets.UTF_8)); + } + } } diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamGeoLocationConfiguration.java b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamGeoLocationConfiguration.java index 3f290288..828eddad 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamGeoLocationConfiguration.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamGeoLocationConfiguration.java @@ -31,6 +31,7 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo; import com.fasterxml.jackson.databind.ObjectMapper; import cn.topiam.employee.common.constants.SettingConstants; +import cn.topiam.employee.common.crypto.EncryptionModule; import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.geo.GeoLocationProviderConfig; import cn.topiam.employee.common.geo.GeoLocationService; @@ -57,7 +58,7 @@ public class EiamGeoLocationConfiguration { public GeoLocationService geoLocation(SettingRepository settingRepository, RestTemplate restTemplate) { try { - ObjectMapper objectMapper = new ObjectMapper(); + ObjectMapper objectMapper = EncryptionModule.deserializerDecrypt(); // 指定序列化输入的类型 objectMapper.activateDefaultTyping(objectMapper.getPolymorphicTypeValidator(), ObjectMapper.DefaultTyping.NON_FINAL, JsonTypeInfo.As.PROPERTY); diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamSchedulingConfiguration.java b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamSchedulingConfiguration.java index 0f9ca7d7..c639ddb4 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamSchedulingConfiguration.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamSchedulingConfiguration.java @@ -17,10 +17,6 @@ */ package cn.topiam.employee.core.configuration; -import org.springframework.boot.autoconfigure.AutoConfigureAfter; -import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; -import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; -import org.springframework.boot.autoconfigure.task.TaskSchedulingAutoConfiguration; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.scheduling.TaskScheduler; @@ -34,7 +30,6 @@ import cn.topiam.employee.support.task.TaskSchedulerRegistrarHelp; */ @Configuration @EnableScheduling -@AutoConfigureAfter(value = TaskSchedulingAutoConfiguration.class) public class EiamSchedulingConfiguration { /** @@ -44,8 +39,6 @@ public class EiamSchedulingConfiguration { * @return {@link TaskSchedulerRegistrarHelp} */ @Bean - @ConditionalOnBean(TaskScheduler.class) - @ConditionalOnMissingBean public TaskSchedulerRegistrarHelp taskSchedulerRegistrarHelp(TaskScheduler taskScheduler) { return new TaskSchedulerRegistrarHelp(taskScheduler); } diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/RedisSessionConfiguration.java b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/RedisSessionConfiguration.java new file mode 100644 index 00000000..6d8d099f --- /dev/null +++ b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/RedisSessionConfiguration.java @@ -0,0 +1,248 @@ +/* + * eiam-core - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.core.configuration; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.concurrent.Executor; +import java.util.stream.Collectors; + +import org.apache.commons.logging.LogFactory; +import org.springframework.beans.factory.BeanClassLoaderAware; +import org.springframework.beans.factory.InitializingBean; +import org.springframework.beans.factory.ObjectProvider; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.context.ApplicationEventPublisher; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.data.redis.connection.RedisConnection; +import org.springframework.data.redis.connection.RedisConnectionFactory; +import org.springframework.data.redis.connection.jedis.JedisConnectionFactory; +import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory; +import org.springframework.data.redis.core.RedisTemplate; +import org.springframework.data.redis.listener.ChannelTopic; +import org.springframework.data.redis.listener.PatternTopic; +import org.springframework.data.redis.listener.RedisMessageListenerContainer; +import org.springframework.data.redis.serializer.RedisSerializer; +import org.springframework.data.redis.serializer.StringRedisSerializer; +import org.springframework.session.*; +import org.springframework.session.config.SessionRepositoryCustomizer; +import org.springframework.session.data.redis.RedisIndexedSessionRepository; +import org.springframework.session.data.redis.config.ConfigureNotifyKeyspaceEventsAction; +import org.springframework.session.data.redis.config.ConfigureRedisAction; +import org.springframework.session.data.redis.config.annotation.SpringSessionRedisConnectionFactory; +import org.springframework.util.ClassUtils; + +@Configuration +public class RedisSessionConfiguration implements BeanClassLoaderAware { + + private Integer maxInactiveIntervalInSeconds = MapSession.DEFAULT_MAX_INACTIVE_INTERVAL_SECONDS; + + private String redisNamespace = RedisIndexedSessionRepository.DEFAULT_NAMESPACE; + + private FlushMode flushMode = FlushMode.ON_SAVE; + + private SaveMode saveMode = SaveMode.ON_SET_ATTRIBUTE; + + private RedisConnectionFactory redisConnectionFactory; + + private IndexResolver indexResolver; + + private RedisSerializer defaultRedisSerializer; + + private ApplicationEventPublisher applicationEventPublisher; + + private List> sessionRepositoryCustomizers; + + private ConfigureRedisAction configureRedisAction = new ConfigureNotifyKeyspaceEventsAction(); + + private ClassLoader classLoader; + + private Executor redisTaskExecutor; + + private Executor redisSubscriptionExecutor; + + @Autowired(required = false) + @Qualifier("springSessionRedisSubscriptionExecutor") + public void setRedisSubscriptionExecutor(Executor redisSubscriptionExecutor) { + this.redisSubscriptionExecutor = redisSubscriptionExecutor; + } + + /** + * Sets the action to perform for configuring Redis. + * @param configureRedisAction the configureRedis to set. The default is + * {@link ConfigureNotifyKeyspaceEventsAction}. + */ + @Autowired(required = false) + public void setConfigureRedisAction(ConfigureRedisAction configureRedisAction) { + this.configureRedisAction = configureRedisAction; + } + + @Autowired(required = false) + @Qualifier("springSessionDefaultRedisSerializer") + public void setDefaultRedisSerializer(RedisSerializer defaultRedisSerializer) { + this.defaultRedisSerializer = defaultRedisSerializer; + } + + @Autowired + public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) { + this.applicationEventPublisher = applicationEventPublisher; + } + + @Autowired + public void setRedisConnectionFactory(@SpringSessionRedisConnectionFactory ObjectProvider springSessionRedisConnectionFactory, + ObjectProvider redisConnectionFactory) { + RedisConnectionFactory redisConnectionFactoryToUse = springSessionRedisConnectionFactory + .getIfAvailable(); + if (redisConnectionFactoryToUse == null) { + redisConnectionFactoryToUse = redisConnectionFactory.getObject(); + } + this.redisConnectionFactory = redisConnectionFactoryToUse; + } + + @Autowired(required = false) + public void setIndexResolver(IndexResolver indexResolver) { + this.indexResolver = indexResolver; + } + + @Autowired(required = false) + public void setSessionRepositoryCustomizer(ObjectProvider> sessionRepositoryCustomizers) { + this.sessionRepositoryCustomizers = sessionRepositoryCustomizers.orderedStream() + .collect(Collectors.toList()); + } + + @Autowired(required = false) + @Qualifier("springSessionRedisTaskExecutor") + public void setRedisTaskExecutor(Executor redisTaskExecutor) { + this.redisTaskExecutor = redisTaskExecutor; + } + + @Bean + public RedisIndexedSessionRepository sessionRepository() { + RedisTemplate redisTemplate = createRedisTemplate(); + CustomRedisSessionRepository sessionRepository = new CustomRedisSessionRepository( + redisTemplate); + sessionRepository.setApplicationEventPublisher(this.applicationEventPublisher); + if (this.indexResolver != null) { + sessionRepository.setIndexResolver(this.indexResolver); + } + if (this.defaultRedisSerializer != null) { + sessionRepository.setDefaultSerializer(this.defaultRedisSerializer); + } + sessionRepository.setDefaultMaxInactiveInterval(this.maxInactiveIntervalInSeconds); + // TODO + // if (StringUtils.hasText(this.redisNamespace)) { + sessionRepository.setRedisKeyNamespace("topiam:session"); + // } + sessionRepository.setFlushMode(this.flushMode); + sessionRepository.setSaveMode(this.saveMode); + int database = resolveDatabase(); + sessionRepository.setDatabase(database); + this.sessionRepositoryCustomizers + .forEach((sessionRepositoryCustomizer) -> sessionRepositoryCustomizer + .customize(sessionRepository)); + return sessionRepository; + } + + @Bean + public RedisMessageListenerContainer springSessionRedisMessageListenerContainer(RedisIndexedSessionRepository sessionRepository) { + RedisMessageListenerContainer container = new RedisMessageListenerContainer(); + container.setConnectionFactory(this.redisConnectionFactory); + if (this.redisTaskExecutor != null) { + container.setTaskExecutor(this.redisTaskExecutor); + } + if (this.redisSubscriptionExecutor != null) { + container.setSubscriptionExecutor(this.redisSubscriptionExecutor); + } + container.addMessageListener(sessionRepository, + Arrays.asList(new ChannelTopic(sessionRepository.getSessionDeletedChannel()), + new ChannelTopic(sessionRepository.getSessionExpiredChannel()))); + container.addMessageListener(sessionRepository, Collections.singletonList( + new PatternTopic(sessionRepository.getSessionCreatedChannelPrefix() + "*"))); + return container; + } + + @Bean + public InitializingBean enableRedisKeyspaceNotificationsInitializer() { + return new EnableRedisKeyspaceNotificationsInitializer(this.redisConnectionFactory, + this.configureRedisAction); + } + + static class EnableRedisKeyspaceNotificationsInitializer implements InitializingBean { + + private final RedisConnectionFactory connectionFactory; + + private ConfigureRedisAction configure; + + EnableRedisKeyspaceNotificationsInitializer(RedisConnectionFactory connectionFactory, + ConfigureRedisAction configure) { + this.connectionFactory = connectionFactory; + this.configure = configure; + } + + @Override + public void afterPropertiesSet() { + if (this.configure == ConfigureRedisAction.NO_OP) { + return; + } + RedisConnection connection = this.connectionFactory.getConnection(); + try { + this.configure.configure(connection); + } finally { + try { + connection.close(); + } catch (Exception ex) { + LogFactory.getLog(getClass()).error("Error closing RedisConnection", ex); + } + } + } + + } + + private RedisTemplate createRedisTemplate() { + RedisTemplate redisTemplate = new RedisTemplate<>(); + redisTemplate.setKeySerializer(new StringRedisSerializer()); + redisTemplate.setHashKeySerializer(new StringRedisSerializer()); + if (this.defaultRedisSerializer != null) { + redisTemplate.setDefaultSerializer(this.defaultRedisSerializer); + } + redisTemplate.setConnectionFactory(this.redisConnectionFactory); + redisTemplate.setBeanClassLoader(this.classLoader); + redisTemplate.afterPropertiesSet(); + return redisTemplate; + } + + private int resolveDatabase() { + if (ClassUtils.isPresent("io.lettuce.core.RedisClient", null) + && this.redisConnectionFactory instanceof LettuceConnectionFactory) { + return ((LettuceConnectionFactory) this.redisConnectionFactory).getDatabase(); + } + if (ClassUtils.isPresent("redis.clients.jedis.Jedis", null) + && this.redisConnectionFactory instanceof JedisConnectionFactory) { + return ((JedisConnectionFactory) this.redisConnectionFactory).getDatabase(); + } + return RedisIndexedSessionRepository.DEFAULT_DATABASE; + } + + @Override + public void setBeanClassLoader(ClassLoader classLoader) { + this.classLoader = classLoader; + } +} diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/context/SettingContextHelp.java b/eiam-core/src/main/java/cn/topiam/employee/core/context/SettingContextHelp.java index 2185c877..41c4d865 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/context/SettingContextHelp.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/context/SettingContextHelp.java @@ -27,6 +27,7 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import cn.topiam.employee.common.constants.SettingConstants; +import cn.topiam.employee.common.crypto.EncryptContextHelp; import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.entity.setting.config.SmsConfig; import cn.topiam.employee.common.enums.MfaFactor; @@ -40,7 +41,6 @@ import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig; import cn.topiam.employee.core.setting.constant.SecuritySettingConstants; import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.exception.TopIamException; -import cn.topiam.employee.support.util.AesUtils; import static cn.topiam.employee.core.setting.constant.MessageSettingConstants.MESSAGE_SMS_PROVIDER; import static cn.topiam.employee.core.setting.constant.MfaSettingConstants.*; import static cn.topiam.employee.core.setting.constant.SecuritySettingConstants.*; @@ -127,20 +127,21 @@ public class SettingContextHelp { if (SmsProvider.ALIYUN.equals(provider)) { AliyunSmsProviderConfig smsConfig = (AliyunSmsProviderConfig) config .getConfig(); - smsConfig.setAccessKeySecret(AesUtils.decrypt(smsConfig.getAccessKeySecret())); + smsConfig.setAccessKeySecret( + EncryptContextHelp.decrypt(smsConfig.getAccessKeySecret())); return config; } //腾讯 else if (SmsProvider.TENCENT.equals(provider)) { TencentSmsProviderConfig smsConfig = (TencentSmsProviderConfig) config .getConfig(); - smsConfig.setSecretKey(AesUtils.decrypt(smsConfig.getSecretKey())); + smsConfig.setSecretKey(EncryptContextHelp.decrypt(smsConfig.getSecretKey())); return config; } //七牛 else if (SmsProvider.QINIU.equals(provider)) { QiNiuSmsProviderConfig smsConfig = (QiNiuSmsProviderConfig) config.getConfig(); - smsConfig.setSecretKey(AesUtils.decrypt(smsConfig.getSecretKey())); + smsConfig.setSecretKey(EncryptContextHelp.decrypt(smsConfig.getSecretKey())); return config; } throw new TopIamException("暂未支持此短信 [" + provider + "] 提供商配置获取"); diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/endpoint/security/CurrentSessionStatusEndpoint.java b/eiam-core/src/main/java/cn/topiam/employee/core/endpoint/security/CurrentSessionStatusEndpoint.java index fe87457f..43033b0c 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/endpoint/security/CurrentSessionStatusEndpoint.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/endpoint/security/CurrentSessionStatusEndpoint.java @@ -77,7 +77,7 @@ public class CurrentSessionStatusEndpoint extends HttpServlet { builder.status(Status.require_bind_idp); } //其他信息 - ApiRestResult build = ApiRestResult. builder() + ApiRestResult build = ApiRestResult. builder() .result(builder.build()).build(); build.setSuccess(true); HttpResponseUtils.flushResponse(resp, JSONObject.toJSONString(build)); diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/logger/LogAspect.java b/eiam-core/src/main/java/cn/topiam/employee/core/logger/LogAspect.java index fc581d63..feb22067 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/logger/LogAspect.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/logger/LogAspect.java @@ -42,6 +42,7 @@ import org.springframework.web.context.request.ServletRequestAttributes; import com.alibaba.fastjson2.JSONObject; import com.beust.jcommander.internal.Maps; +import com.fasterxml.jackson.databind.ObjectMapper; import cn.topiam.employee.support.util.IpUtils; import cn.topiam.employee.support.web.useragent.UserAgent; @@ -106,6 +107,7 @@ public class LogAspect implements Ordered { log.setIp(IpUtils.getIpAddr(request)); } log.setMethod(signature.getDeclaringTypeName() + "." + signature.getName()); + ObjectMapper mapper = new ObjectMapper(); try { for (int i = 0; i < parameters.length; i++) { if (args[i] instanceof BindingResult || args[i] instanceof ServletRequest @@ -114,7 +116,7 @@ public class LogAspect implements Ordered { } parameterMap.put(parameters[i], args[i]); } - log.setParameter(replaceBlank(JSONObject.toJSONString(parameterMap))); + log.setParameter(replaceBlank(mapper.writeValueAsString(parameterMap))); } catch (Exception e) { log.setParameter(parameterMap); } @@ -126,7 +128,7 @@ public class LogAspect implements Ordered { returnValue = ""; } try { - log.setResult(replaceBlank(JSONObject.toJSONString(returnValue))); + log.setResult(replaceBlank(mapper.writeValueAsString(returnValue))); } catch (Exception e) { log.setResult(returnValue); } diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/message/mail/MailMsgEventListener.java b/eiam-core/src/main/java/cn/topiam/employee/core/message/mail/MailMsgEventListener.java index 69724448..1113dbfc 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/message/mail/MailMsgEventListener.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/message/mail/MailMsgEventListener.java @@ -31,13 +31,13 @@ import org.springframework.lang.NonNull; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Component; -import cn.topiam.employee.common.entity.MailSendRecordEntity; +import cn.topiam.employee.common.entity.message.MailSendRecordEntity; import cn.topiam.employee.common.entity.setting.MailTemplateEntity; import cn.topiam.employee.common.enums.MailType; import cn.topiam.employee.common.exception.MailMessageSendException; import cn.topiam.employee.common.message.mail.MailProviderSend; import cn.topiam.employee.common.message.mail.SendMailRequest; -import cn.topiam.employee.common.repository.MailSendRecordRepository; +import cn.topiam.employee.common.repository.message.MailSendRecordRepository; import cn.topiam.employee.core.message.MsgVariable; import cn.topiam.employee.core.setting.constant.MessageSettingConstants; diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/message/sms/SmsMsgEventListener.java b/eiam-core/src/main/java/cn/topiam/employee/core/message/sms/SmsMsgEventListener.java index f4e2be55..54659d82 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/message/sms/SmsMsgEventListener.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/message/sms/SmsMsgEventListener.java @@ -29,13 +29,13 @@ import org.springframework.stereotype.Component; import com.alibaba.fastjson2.JSON; -import cn.topiam.employee.common.entity.SmsSendRecordEntity; +import cn.topiam.employee.common.entity.message.SmsSendRecordEntity; import cn.topiam.employee.common.enums.MessageCategory; import cn.topiam.employee.common.exception.MessageSendException; import cn.topiam.employee.common.message.sms.SendSmsRequest; import cn.topiam.employee.common.message.sms.SmsProviderSend; import cn.topiam.employee.common.message.sms.SmsResponse; -import cn.topiam.employee.common.repository.SmsSendRecordRepository; +import cn.topiam.employee.common.repository.message.SmsSendRecordRepository; /** * 短信消息通知事件 diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/CaptchaValidatorFilter.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/CaptchaValidatorFilter.java deleted file mode 100644 index a3c548ff..00000000 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/CaptchaValidatorFilter.java +++ /dev/null @@ -1,120 +0,0 @@ -/* - * eiam-core - Employee Identity and Access Management Program - * Copyright © 2020-2023 TopIAM (support@topiam.cn) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package cn.topiam.employee.core.security.captcha; - -import java.io.IOException; -import java.util.Objects; -import java.util.UUID; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.http.HttpMethod; -import org.springframework.http.HttpStatus; -import org.springframework.lang.NonNull; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; -import org.springframework.security.web.util.matcher.OrRequestMatcher; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; -import org.springframework.web.filter.OncePerRequestFilter; - -import com.alibaba.fastjson2.JSONObject; - -import cn.topiam.employee.common.constants.AuthorizeConstants; -import cn.topiam.employee.support.result.ApiRestResult; -import cn.topiam.employee.support.trace.TraceUtils; -import static cn.topiam.employee.common.constants.AuthorizeConstants.FORM_LOGIN; -import static cn.topiam.employee.support.constant.EiamConstants.CAPTCHA_CODE_SESSION; -import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX000102; -import static cn.topiam.employee.support.util.HttpResponseUtils.flushResponse; - -/** - * 验证码过滤器 - * - * @author TopIAM - * Created by support@topiam.cn on 2020/10/23 22:34 - */ -public class CaptchaValidatorFilter extends OncePerRequestFilter { - - @Override - protected void doFilterInternal(@NonNull HttpServletRequest request, - @NonNull HttpServletResponse response, - @NonNull FilterChain filterChain) throws ServletException, - IOException { - if (requiresAuthentication(request)) { - TraceUtils.put(UUID.randomUUID().toString()); - boolean validate = captchaValidator.validate(request, response); - if (!validate) { - response.setStatus(HttpStatus.BAD_REQUEST.value()); - flushResponse(response, JSONObject.toJSONString(ApiRestResult.builder() - .status(EX000102.getCode()).message(EX000102.getMessage()).build())); - return; - } - filterChain.doFilter(request, response); - TraceUtils.remove(); - return; - } - filterChain.doFilter(request, response); - } - - /** - * 校验验证码 - * - * @param captcha {@link String} - * @return boolean - */ - public boolean validate(String captcha) { - ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder - .getRequestAttributes(); - HttpServletRequest request = Objects.requireNonNull(attributes).getRequest(); - String value = String.valueOf(request.getSession().getAttribute(CAPTCHA_CODE_SESSION)); - return StringUtils.equals(value, captcha); - } - - /** - * 需要认证 - * - * @param request {@link HttpServletRequest} - * @return {@link Boolean} - */ - protected boolean requiresAuthentication(HttpServletRequest request) { - OrRequestMatcher requestMatcher = new OrRequestMatcher( - //登录 - new AntPathRequestMatcher(FORM_LOGIN, HttpMethod.POST.name()), - //发送OTP - new AntPathRequestMatcher(AuthorizeConstants.LOGIN_OTP_SEND, HttpMethod.POST.name())); - return requestMatcher.matches(request); - } - - /** - * CaptchaValidator - */ - private final CaptchaValidator captchaValidator; - - /** - * - * @param captchaValidator {@link CaptchaValidator} - */ - public CaptchaValidatorFilter(CaptchaValidator captchaValidator) { - this.captchaValidator = captchaValidator; - } - -} diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/geetest/GeeTestCaptchaValidator.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/geetest/GeeTestCaptchaValidator.java deleted file mode 100644 index 0664a3f2..00000000 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/geetest/GeeTestCaptchaValidator.java +++ /dev/null @@ -1,120 +0,0 @@ -/* - * eiam-core - Employee Identity and Access Management Program - * Copyright © 2020-2023 TopIAM (support@topiam.cn) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package cn.topiam.employee.core.security.captcha.geetest; - -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.codec.digest.HmacAlgorithms; -import org.apache.commons.codec.digest.HmacUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.*; -import org.springframework.util.LinkedMultiValueMap; -import org.springframework.util.MultiValueMap; -import org.springframework.web.client.RestTemplate; - -import com.alibaba.fastjson2.JSONObject; - -import cn.topiam.employee.common.util.RequestUtils; -import cn.topiam.employee.core.security.captcha.CaptchaValidator; - -/** - * 极速验证 - * - * @author TopIAM - * Created by support@topiam.cn on 2022/8/14 19:11 - */ -public class GeeTestCaptchaValidator implements CaptchaValidator { - private static final String RESULT = "result"; - private static final String SUCCESS = "success"; - - private final Logger logger = LoggerFactory.getLogger(GeeTestCaptchaValidator.class); - - /** - * 验证 - * - * @param request {@link HttpServletRequest} - * @param response {@link HttpServletResponse} - * @return {@link Boolean} - */ - @Override - public boolean validate(HttpServletRequest request, HttpServletResponse response) { - Map getParams = RequestUtils.getParams(request); - // 1.初始化极验参数信息 - String captchaId = config.getCaptchaId(); - String captchaKey = config.getCaptchaKey(); - String domain = "https://gcaptcha4.geetest.com"; - - // 2.获取用户验证后前端传过来的验证流水号等参数 - String lotNumber = getParams.get("lot_number"); - String captchaOutput = getParams.get("captcha_output"); - String passToken = getParams.get("pass_token"); - String genTime = getParams.get("gen_time"); - - // 3.生成签名 - // 生成签名使用标准的hmac算法,使用用户当前完成验证的流水号lot_number作为原始消息message,使用客户验证私钥作为key - // 采用sha256散列算法将message和key进行单向散列生成最终的签名 - String signToken = new HmacUtils(HmacAlgorithms.HMAC_SHA_256, captchaKey) - .hmacHex(lotNumber); - - // 4.上传校验参数到极验二次验证接口, 校验用户验证状态 - MultiValueMap queryParams = new LinkedMultiValueMap<>(); - queryParams.add("lot_number", lotNumber); - queryParams.add("captcha_output", captchaOutput); - queryParams.add("pass_token", passToken); - queryParams.add("gen_time", genTime); - queryParams.add("sign_token", signToken); - // captcha_id 参数建议放在 url 后面, 方便请求异常时可以在日志中根据id快速定位到异常请求 - String url = String.format(domain + "/validate" + "?captcha_id=%s", captchaId); - HttpHeaders headers = new HttpHeaders(); - HttpMethod method = HttpMethod.POST; - headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED); - JSONObject jsonObject; - //注意处理接口异常情况,当请求极验二次验证接口异常时做出相应异常处理 - //保证不会因为接口请求超时或服务未响应而阻碍业务流程 - try { - HttpEntity> requestEntity = new HttpEntity<>(queryParams, - headers); - ResponseEntity responseEntity = restTemplate.exchange(url, method, - requestEntity, String.class); - String resBody = responseEntity.getBody(); - jsonObject = JSONObject.parseObject(resBody); - } catch (Exception e) { - logger.error("验证发生异常: {}", e.getMessage()); - return false; - } - // 5.根据极验返回的用户验证状态, 网站主进行自己的业务逻辑 - if (SUCCESS.equals(jsonObject.getString(RESULT))) { - logger.info("验证成功: {}", jsonObject.toJSONString()); - return true; - } - logger.info("验证失败: {}", jsonObject.toJSONString()); - return true; - } - - private final GeeTestCaptchaProviderConfig config; - private final RestTemplate restTemplate; - - public GeeTestCaptchaValidator(GeeTestCaptchaProviderConfig config, RestTemplate restTemplate) { - this.config = config; - this.restTemplate = restTemplate; - } -} diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/geetest/package-info.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/geetest/package-info.java deleted file mode 100644 index 7f596dcf..00000000 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/geetest/package-info.java +++ /dev/null @@ -1,18 +0,0 @@ -/* - * eiam-core - Employee Identity and Access Management Program - * Copyright © 2020-2023 TopIAM (support@topiam.cn) - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package cn.topiam.employee.core.security.captcha.geetest; \ No newline at end of file diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/jackson2/UserDetailsDeserializer.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/jackson2/UserDetailsDeserializer.java index 042c73fa..123a47b3 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/jackson2/UserDetailsDeserializer.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/jackson2/UserDetailsDeserializer.java @@ -82,13 +82,15 @@ class UserDetailsDeserializer extends JsonDeserializer { boolean accountNonExpired = readJsonNode(jsonNode, "accountNonExpired").asBoolean(); boolean credentialsNonExpired = readJsonNode(jsonNode, "credentialsNonExpired").asBoolean(); boolean accountNonLocked = readJsonNode(jsonNode, "accountNonLocked").asBoolean(); + String authType = readJsonNode(jsonNode, "authType").asText(null); //用户类型 String userType = readJsonNode(jsonNode, "userType").asText(null); // 封装值 UserDetails result = new UserDetails(id, username, password, StringUtils.isNoneBlank(userType) ? UserType.getType(userType) : null, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); - + //认证类型 + result.setAuthType(authType); //IP地址、设备相关 result.setGeoLocation(geoLocation); result.setUserAgent(userAgent); diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/otp/OtpContextHelp.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/otp/OtpContextHelp.java index c7307958..b7356120 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/otp/OtpContextHelp.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/otp/OtpContextHelp.java @@ -174,7 +174,7 @@ public class OtpContextHelp { MessageNoticeChannel channel) { String keyPrefix = cacheProperties.getRedis().getKeyPrefix(); return keyPrefix + COLON + "otp" + COLON + prefix + COLON + channel.getCode() + COLON + type - + recipient; + + COLON + recipient; } /** diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/password/validator/PasswordComplexityRuleValidator.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/password/validator/PasswordComplexityRuleValidator.java index b0713e93..affef382 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/password/validator/PasswordComplexityRuleValidator.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/password/validator/PasswordComplexityRuleValidator.java @@ -45,7 +45,7 @@ public class PasswordComplexityRuleValidator implements //必须包含数字和字母 if (rule.equals(PasswordComplexityRule.MUST_NUMBERS_AND_LETTERS)) { //校验 - org.passay.PasswordValidator validator = new org.passay.PasswordValidator( + PasswordValidator validator = new PasswordValidator( new CharacterRule(EnglishCharacterData.Digit, 1), new CharacterRule(EnglishCharacterData.Alphabetical, 1)); RuleResult validate = validator.validate(new PasswordData(password)); @@ -57,7 +57,7 @@ public class PasswordComplexityRuleValidator implements //必须包含数字和大写字母 if (rule.equals(PasswordComplexityRule.MUST_NUMBERS_AND_CAPITAL_LETTERS)) { //校验 - org.passay.PasswordValidator validator = new org.passay.PasswordValidator( + PasswordValidator validator = new PasswordValidator( new CharacterRule(EnglishCharacterData.Digit, 1), new CharacterRule(EnglishCharacterData.UpperCase, 1)); RuleResult validate = validator.validate(new PasswordData(password)); @@ -70,7 +70,7 @@ public class PasswordComplexityRuleValidator implements if (rule.equals( PasswordComplexityRule.MUST_CONTAIN_NUMBERS_UPPERCASE_LETTERS_LOWERCASE_LETTERS_AND_SPECIAL_CHARACTERS)) { //校验 - org.passay.PasswordValidator validator = new org.passay.PasswordValidator( + PasswordValidator validator = new PasswordValidator( new CharacterRule(EnglishCharacterData.Alphabetical, 1), new CharacterRule(EnglishCharacterData.Digit, 1), new CharacterRule(EnglishCharacterData.Special, 1)); @@ -90,7 +90,7 @@ public class PasswordComplexityRuleValidator implements new CharacterRule(EnglishCharacterData.Alphabetical, 1)); rule.setNumberOfCharacteristics(2); //校验 - org.passay.PasswordValidator validator = new org.passay.PasswordValidator(rule); + PasswordValidator validator = new PasswordValidator(rule); RuleResult validate = validator.validate(new PasswordData(password)); if (!validate.isValid()) { throw new PasswordComplexityRuleException("密码至少包含数字、字母、和特殊字符中的两种"); @@ -107,7 +107,7 @@ public class PasswordComplexityRuleValidator implements new CharacterRule(EnglishCharacterData.UpperCase, 1)); rule.setNumberOfCharacteristics(3); //校验 - org.passay.PasswordValidator validator = new org.passay.PasswordValidator(rule); + PasswordValidator validator = new PasswordValidator(rule); RuleResult validate = validator.validate(new PasswordData(password)); if (!validate.isValid()) { throw new PasswordComplexityRuleException("密码至少包含数字、字母、和特殊字符中的两种"); diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/password/weak/DefaultPasswordWeakLibImpl.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/password/weak/DefaultPasswordWeakLibImpl.java index f144afdc..10c1af4b 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/password/weak/DefaultPasswordWeakLibImpl.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/password/weak/DefaultPasswordWeakLibImpl.java @@ -107,7 +107,6 @@ public class DefaultPasswordWeakLibImpl implements PasswordWeakLib { } } - @Override public Boolean wordExists(String word) { synchronized (dictionary) { return Boolean.TRUE.equals(dictionary.get(word)); diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/HttpSessionRedirectCache.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/HttpSessionRedirectCache.java index f284c7ca..0bd95022 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/HttpSessionRedirectCache.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/HttpSessionRedirectCache.java @@ -55,7 +55,7 @@ public class HttpSessionRedirectCache implements RedirectCache { String redirectUri = request.getParameter(OAuth2ParameterNames.REDIRECT_URI); if (StringUtils.isNotBlank(redirectUri)) { //saved session - cn.topiam.employee.core.security.savedredirect.SavedRedirect redirect = new cn.topiam.employee.core.security.savedredirect.SavedRedirect(); + SavedRedirect redirect = new SavedRedirect(); int index = redirectUri.indexOf("?"); if (index > -1) { redirect.setAction(redirectUri.substring(0, index)); @@ -70,7 +70,7 @@ public class HttpSessionRedirectCache implements RedirectCache { } //REQUEST if (type.equals(RedirectType.REQUEST)) { - cn.topiam.employee.core.security.savedredirect.SavedRedirect redirect = new cn.topiam.employee.core.security.savedredirect.SavedRedirect(); + SavedRedirect redirect = new SavedRedirect(); redirect.setParameters(getParametersByArray(request.getParameterMap())); redirect.setMethod(request.getMethod()); redirect.setAction(UrlUtils.buildFullRequestUrl(request.getScheme(), @@ -86,10 +86,10 @@ public class HttpSessionRedirectCache implements RedirectCache { * @param map {@link Map} * @return {@link List} */ - public static List getParameters(Map map) { - List parameters = new ArrayList<>(); + public static List getParameters(Map map) { + List parameters = new ArrayList<>(); for (String key : map.keySet()) { - cn.topiam.employee.core.security.savedredirect.SavedRedirect.Parameter parameter = new cn.topiam.employee.core.security.savedredirect.SavedRedirect.Parameter(); + SavedRedirect.Parameter parameter = new SavedRedirect.Parameter(); parameter.setKey(key); parameter.setValue(map.get(key)); parameters.add(parameter); @@ -97,10 +97,10 @@ public class HttpSessionRedirectCache implements RedirectCache { return parameters; } - public List getParametersByArray(Map map) { - List parameters = new ArrayList<>(); + public List getParametersByArray(Map map) { + List parameters = new ArrayList<>(); for (String key : map.keySet()) { - cn.topiam.employee.core.security.savedredirect.SavedRedirect.Parameter parameter = new cn.topiam.employee.core.security.savedredirect.SavedRedirect.Parameter(); + SavedRedirect.Parameter parameter = new SavedRedirect.Parameter(); String[] paramValues = map.get(key); if (paramValues.length == 1) { String paramValue = paramValues[0]; @@ -119,10 +119,10 @@ public class HttpSessionRedirectCache implements RedirectCache { * * @param request {@link HttpServletRequest} * @param response {@link HttpServletResponse} - * @return {@link cn.topiam.employee.core.security.savedredirect.SavedRedirect} + * @return {@link SavedRedirect} */ @Override - public cn.topiam.employee.core.security.savedredirect.SavedRedirect getRedirect(HttpServletRequest request, + public SavedRedirect getRedirect(HttpServletRequest request, HttpServletResponse response) { return (SavedRedirect) request.getSession(false) .getAttribute(TOPIAM_SECURITY_SAVED_REDIRECT); diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/LoginRedirectParameterFilter.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/LoginRedirectParameterFilter.java index 032a25db..e9f1bd66 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/LoginRedirectParameterFilter.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/LoginRedirectParameterFilter.java @@ -38,7 +38,7 @@ public class LoginRedirectParameterFilter extends OncePerRequestFilter { /** * RedirectCache */ - private final cn.topiam.employee.core.security.savedredirect.RedirectCache redirectCache = new HttpSessionRedirectCache(); + private final RedirectCache redirectCache = new HttpSessionRedirectCache(); private final RequestMatcher requestMatcher; public LoginRedirectParameterFilter(RequestMatcher requestMatcher) { diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/RedirectCache.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/RedirectCache.java index ceb0ec6e..30eedb80 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/RedirectCache.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/savedredirect/RedirectCache.java @@ -56,7 +56,7 @@ public interface RedirectCache { * * @param request {@link HttpServletRequest} * @param response {@link HttpServletResponse} - * @return {@link cn.topiam.employee.core.security.savedredirect.SavedRedirect} + * @return {@link SavedRedirect} */ SavedRedirect getRedirect(HttpServletRequest request, HttpServletResponse response); diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/session/SessionDetails.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/session/SessionDetails.java index 9ae4ad14..34b63c9e 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/session/SessionDetails.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/session/SessionDetails.java @@ -84,4 +84,9 @@ public class SessionDetails implements Serializable { */ private UserType userType; + /** + * 认证类型 + */ + private String authType; + } diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/session/TopIamSessionBackedSessionRegistry.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/session/TopIamSessionBackedSessionRegistry.java index a1de8779..3cd4c8b6 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/session/TopIamSessionBackedSessionRegistry.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/session/TopIamSessionBackedSessionRegistry.java @@ -83,7 +83,7 @@ public class TopIamSessionBackedSessionRegistry } private List getTopIamUserDetails(List infos) { - List details = new ArrayList<>(); + List details = new ArrayList<>(); for (SessionInformation information : infos) { //根据session id 获取缓存信息 Session session = sessionRepository.findById(information.getSessionId()); @@ -97,7 +97,7 @@ public class TopIamSessionBackedSessionRegistry //转为实体 UserDetails principal = (UserDetails) securityContext.getAuthentication() .getPrincipal(); - cn.topiam.employee.core.security.session.SessionDetails sessionDetails = new SessionDetails( + SessionDetails sessionDetails = new SessionDetails( principal.getId(), principal.getUsername()); //last request Instant instant = information.getLastRequest().toInstant(); @@ -107,6 +107,8 @@ public class TopIamSessionBackedSessionRegistry sessionDetails.setLastRequestTime(lastRequestTime); //登录时间 sessionDetails.setLoginTime(principal.getLoginTime()); + //登录时间 + sessionDetails.setAuthType(principal.getAuthType()); //用户类型 sessionDetails.setUserType(principal.getUserType()); //地理位置 diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/userdetails/UserDetails.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/userdetails/UserDetails.java index f21cd930..13c8fe9b 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/userdetails/UserDetails.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/userdetails/UserDetails.java @@ -74,6 +74,11 @@ public class UserDetails extends User { @JsonFormat(pattern = EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN) private LocalDateTime loginTime; + /** + * 身份验证类型 + */ + private String authType; + /** * 用户类型 */ diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/setting/constant/MessageSettingConstants.java b/eiam-core/src/main/java/cn/topiam/employee/core/setting/constant/MessageSettingConstants.java index ef4e115e..51a5c8af 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/setting/constant/MessageSettingConstants.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/setting/constant/MessageSettingConstants.java @@ -46,7 +46,7 @@ public final class MessageSettingConstants { /** * 邮件内容路径 */ - public static final String MAIL_CONTENT_PATH = CLASSPATH_URL_PREFIX + public final static String MAIL_CONTENT_PATH = CLASSPATH_URL_PREFIX + "mail/content/"; /** diff --git a/eiam-identity-source/eiam-identity-source-core/src/main/java/cn/topiam/employee/identitysource/core/IdentitySource.java b/eiam-identity-source/eiam-identity-source-core/src/main/java/cn/topiam/employee/identitysource/core/IdentitySource.java index ede8da4b..d86d0646 100644 --- a/eiam-identity-source/eiam-identity-source-core/src/main/java/cn/topiam/employee/identitysource/core/IdentitySource.java +++ b/eiam-identity-source/eiam-identity-source-core/src/main/java/cn/topiam/employee/identitysource/core/IdentitySource.java @@ -23,6 +23,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import cn.topiam.employee.common.enums.TriggerType; +import cn.topiam.employee.support.exception.TopIamException; /** * 身份源Provider @@ -66,6 +67,8 @@ public interface IdentitySource { * @param response {@link HttpServletResponse} * @return {@link Map} */ - Object event(HttpServletRequest request, HttpServletResponse response); + default Object event(HttpServletRequest request, HttpServletResponse response) { + throw new TopIamException("暂未实现"); + } } diff --git a/eiam-identity-source/eiam-identity-source-core/src/main/java/cn/topiam/employee/identitysource/core/processor/modal/IdentitySourceEventProcessData.java b/eiam-identity-source/eiam-identity-source-core/src/main/java/cn/topiam/employee/identitysource/core/processor/modal/IdentitySourceEventProcessData.java index 6095d5e5..9523d7aa 100644 --- a/eiam-identity-source/eiam-identity-source-core/src/main/java/cn/topiam/employee/identitysource/core/processor/modal/IdentitySourceEventProcessData.java +++ b/eiam-identity-source/eiam-identity-source-core/src/main/java/cn/topiam/employee/identitysource/core/processor/modal/IdentitySourceEventProcessData.java @@ -21,7 +21,7 @@ import java.io.Serializable; import java.time.LocalDateTime; import java.util.List; -import cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider; +import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider; import cn.topiam.employee.identitysource.core.enums.IdentitySourceEventReceiveType; import lombok.AllArgsConstructor; diff --git a/eiam-identity-source/eiam-identity-source-dingtalk/src/main/java/cn/topiam/employee/identitysource/dingtalk/DingTalkIdentitySource.java b/eiam-identity-source/eiam-identity-source-dingtalk/src/main/java/cn/topiam/employee/identitysource/dingtalk/DingTalkIdentitySource.java index 4d732194..b40de306 100644 --- a/eiam-identity-source/eiam-identity-source-dingtalk/src/main/java/cn/topiam/employee/identitysource/dingtalk/DingTalkIdentitySource.java +++ b/eiam-identity-source/eiam-identity-source-dingtalk/src/main/java/cn/topiam/employee/identitysource/dingtalk/DingTalkIdentitySource.java @@ -36,7 +36,7 @@ import com.fasterxml.jackson.annotation.JsonAlias; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; -import cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider; +import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider; import cn.topiam.employee.common.util.RequestUtils; import cn.topiam.employee.identitysource.core.AbstractDefaultIdentitySource; import cn.topiam.employee.identitysource.core.client.IdentitySourceClient; @@ -77,7 +77,7 @@ public class DingTalkIdentitySource extends AbstractDefaultIdentitySource params = RequestUtils.getParams(request); + Map params = RequestUtils.getParams(request); String json = RequestUtils.getBody(request); if (StringUtils.isNoneBlank(json)) { String encrypt = JSON.parseObject(json).getString(ENCRYPT); @@ -99,13 +99,13 @@ public class DingTalkIdentitySource extends AbstractDefaultIdentitySource syncMap, + private Object eventCallBack(LocalDateTime eventTime, Map syncMap, String encrypt) { try { DingTalkConfig config = getConfig(); - String msgSignature = syncMap.get(MSG_SIGNATURE); - String timeStamp = syncMap.get(TIMESTAMP); - String nonce = syncMap.get(NONCE); + String msgSignature = (String) syncMap.get(MSG_SIGNATURE); + String timeStamp = (String) syncMap.get(TIMESTAMP); + String nonce = (String) syncMap.get(NONCE); DingTalkEventCryptoUtils eventCryptoUtils = new DingTalkEventCryptoUtils( config.getToken(), config.getAesKey(), config.getAppKey()); String decryptMsg = eventCryptoUtils.getDecryptMsg(msgSignature, timeStamp, nonce, diff --git a/eiam-identity-source/eiam-identity-source-feishu/src/main/java/cn/topiam/employee/identitysource/feishu/FieShuIdentitySource.java b/eiam-identity-source/eiam-identity-source-feishu/src/main/java/cn/topiam/employee/identitysource/feishu/FieShuIdentitySource.java index a8acd90a..457dc6a8 100644 --- a/eiam-identity-source/eiam-identity-source-feishu/src/main/java/cn/topiam/employee/identitysource/feishu/FieShuIdentitySource.java +++ b/eiam-identity-source/eiam-identity-source-feishu/src/main/java/cn/topiam/employee/identitysource/feishu/FieShuIdentitySource.java @@ -26,7 +26,7 @@ import javax.servlet.http.HttpServletResponse; import com.alibaba.fastjson2.JSON; import com.alibaba.fastjson2.JSONObject; -import cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider; +import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider; import cn.topiam.employee.common.util.RequestUtils; import cn.topiam.employee.identitysource.core.AbstractDefaultIdentitySource; import cn.topiam.employee.identitysource.core.client.IdentitySourceClient; diff --git a/eiam-identity-source/eiam-identity-source-wechatwork/src/main/java/cn/topiam/employee/identitysource/wechatwork/WeChatWorkIdentitySource.java b/eiam-identity-source/eiam-identity-source-wechatwork/src/main/java/cn/topiam/employee/identitysource/wechatwork/WeChatWorkIdentitySource.java index 61d99371..6dc97971 100644 --- a/eiam-identity-source/eiam-identity-source-wechatwork/src/main/java/cn/topiam/employee/identitysource/wechatwork/WeChatWorkIdentitySource.java +++ b/eiam-identity-source/eiam-identity-source-wechatwork/src/main/java/cn/topiam/employee/identitysource/wechatwork/WeChatWorkIdentitySource.java @@ -38,7 +38,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.alibaba.fastjson2.JSON; -import cn.topiam.employee.common.enums.identityprovider.IdentitySourceProvider; +import cn.topiam.employee.common.enums.identitysource.IdentitySourceProvider; import cn.topiam.employee.common.util.RequestUtils; import cn.topiam.employee.identitysource.core.AbstractDefaultIdentitySource; import cn.topiam.employee.identitysource.core.client.IdentitySourceClient; @@ -79,7 +79,7 @@ public class WeChatWorkIdentitySource extends AbstractDefaultIdentitySource params = RequestUtils.getParams(request); + Map params = RequestUtils.getParams(request); WeChatWorkRequest weWorkResult = null; try { if (RequestMethod.POST.name().equals(request.getMethod())) { @@ -108,14 +108,14 @@ public class WeChatWorkIdentitySource extends AbstractDefaultIdentitySource params, + private String eventCallBack(LocalDateTime eventTime, Map params, WeChatWorkRequest weWorkResult) throws IllegalArgumentException { try { - String msgSignature = params.get(MSG_SIGNATURE); - String timeStamp = params.get(TIMESTAMP); - String nonce = params.get(NONCE); + String msgSignature = (String) params.get(MSG_SIGNATURE); + String timeStamp = (String) params.get(TIMESTAMP); + String nonce = (String) params.get(NONCE); if (params.containsKey(ECHOSTR)) { - String echoStr = params.get(ECHOSTR); + String echoStr = (String) params.get(ECHOSTR); return verifyUrl(msgSignature, timeStamp, nonce, echoStr); } else { EventParameter callBackDTO = processMessage(msgSignature, timeStamp, nonce, diff --git a/eiam-identity-source/eiam-identity-source-wechatwork/src/main/java/cn/topiam/employee/identitysource/wechatwork/util/AesException.java b/eiam-identity-source/eiam-identity-source-wechatwork/src/main/java/cn/topiam/employee/identitysource/wechatwork/util/AesException.java index 83a9dcae..01e3b4ee 100644 --- a/eiam-identity-source/eiam-identity-source-wechatwork/src/main/java/cn/topiam/employee/identitysource/wechatwork/util/AesException.java +++ b/eiam-identity-source/eiam-identity-source-wechatwork/src/main/java/cn/topiam/employee/identitysource/wechatwork/util/AesException.java @@ -25,14 +25,14 @@ package cn.topiam.employee.identitysource.wechatwork.util; */ public class AesException extends Exception { - public static final int VALIDATE_SIGNATURE_ERROR = -40001; - public static final int PARSE_XML_ERROR = -40002; - public static final int COMPUTE_SIGNATURE_ERROR = -40003; - public static final int ILLEGAL_AES_KEY = -40004; - public static final int VALIDATE_CORP_ID_ERROR = -40005; - public static final int ENCRYPT_AES_ERROR = -40006; - public static final int DECRYPT_AES_ERROR = -40007; - public static final int ILLEGAL_BUFFER = -40008; + public final static int VALIDATE_SIGNATURE_ERROR = -40001; + public final static int PARSE_XML_ERROR = -40002; + public final static int COMPUTE_SIGNATURE_ERROR = -40003; + public final static int ILLEGAL_AES_KEY = -40004; + public final static int VALIDATE_CORP_ID_ERROR = -40005; + public final static int ENCRYPT_AES_ERROR = -40006; + public final static int DECRYPT_AES_ERROR = -40007; + public final static int ILLEGAL_BUFFER = -40008; private final int code; diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamCaptchaValidatorConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/EiamCaptchaValidatorConfiguration.java similarity index 85% rename from eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamCaptchaValidatorConfiguration.java rename to eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/EiamCaptchaValidatorConfiguration.java index da8b81be..4bf32787 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamCaptchaValidatorConfiguration.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/EiamCaptchaValidatorConfiguration.java @@ -1,5 +1,5 @@ /* - * eiam-core - Employee Identity and Access Management Program + * eiam-portal - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,10 +15,14 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.core.configuration; - -import java.util.Objects; +package cn.topiam.employee.portal.configuration; +import cn.topiam.employee.authentication.captcha.CaptchaValidator; +import cn.topiam.employee.authentication.captcha.NoneCaptchaProvider; +import cn.topiam.employee.authentication.captcha.geetest.GeeTestCaptchaProviderConfig; +import cn.topiam.employee.authentication.captcha.geetest.GeeTestCaptchaValidator; +import cn.topiam.employee.common.constants.ConfigBeanNameConstants; +import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.cloud.context.config.annotation.RefreshScope; @@ -26,12 +30,8 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.client.RestTemplate; -import cn.topiam.employee.common.constants.ConfigBeanNameConstants; -import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig; -import cn.topiam.employee.core.security.captcha.CaptchaValidator; -import cn.topiam.employee.core.security.captcha.NoneCaptchaProvider; -import cn.topiam.employee.core.security.captcha.geetest.GeeTestCaptchaProviderConfig; -import cn.topiam.employee.core.security.captcha.geetest.GeeTestCaptchaValidator; +import java.util.Objects; + import static cn.topiam.employee.common.enums.CaptchaProviderType.GEE_TEST; import static cn.topiam.employee.core.context.SettingContextHelp.getCaptchaProviderConfig; diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalApiConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalApiConfiguration.java index f1e5e857..f8bce492 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalApiConfiguration.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalApiConfiguration.java @@ -17,19 +17,17 @@ */ package cn.topiam.employee.portal.configuration; +import cn.topiam.employee.EiamPortalApplication; +import cn.topiam.employee.support.util.AppVersionUtils; +import io.swagger.v3.oas.models.OpenAPI; +import io.swagger.v3.oas.models.info.Contact; +import io.swagger.v3.oas.models.info.Info; +import lombok.RequiredArgsConstructor; import org.springdoc.core.GroupedOpenApi; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.env.Environment; -import cn.topiam.employee.EiamPortalApplication; -import cn.topiam.employee.support.util.AppVersionUtils; - -import lombok.RequiredArgsConstructor; - -import io.swagger.v3.oas.models.OpenAPI; -import io.swagger.v3.oas.models.info.Contact; -import io.swagger.v3.oas.models.info.Info; import static cn.topiam.employee.support.constant.EiamConstants.API_PATH; /** diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalFrontendConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalFrontendConfiguration.java index 5ffcd6e1..184b6617 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalFrontendConfiguration.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalFrontendConfiguration.java @@ -17,8 +17,6 @@ */ package cn.topiam.employee.portal.configuration; -import java.io.IOException; - import org.jetbrains.annotations.NotNull; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.Resource; @@ -26,6 +24,8 @@ import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.resource.PathResourceResolver; +import java.io.IOException; + /** * 控制台前端配置 * diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalSecurityConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalSecurityConfiguration.java index 9dd43c2c..54d295d5 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalSecurityConfiguration.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalSecurityConfiguration.java @@ -17,11 +17,53 @@ */ package cn.topiam.employee.portal.configuration; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; -import java.util.stream.Collectors; - +import cn.topiam.employee.audit.event.AuditEventPublish; +import cn.topiam.employee.authentication.captcha.CaptchaValidator; +import cn.topiam.employee.authentication.captcha.filter.CaptchaValidatorFilter; +import cn.topiam.employee.authentication.common.service.UserIdpService; +import cn.topiam.employee.authentication.dingtalk.configurer.DingtalkOAuth2AuthenticationConfigurer; +import cn.topiam.employee.authentication.dingtalk.configurer.DingtalkScanCodeAuthenticationConfigurer; +import cn.topiam.employee.authentication.feishu.configurer.FeiShuScanCodeAuthenticationConfigurer; +import cn.topiam.employee.authentication.mfa.MfaAuthenticationConfigurer; +import cn.topiam.employee.authentication.mfa.MfaAuthenticationHandler; +import cn.topiam.employee.authentication.qq.configurer.QqOauthAuthenticationConfigurer; +import cn.topiam.employee.authentication.sms.SmsAuthenticationConfigurer; +import cn.topiam.employee.authentication.sms.SmsAuthenticationFilter; +import cn.topiam.employee.authentication.wechat.configurer.WeChatScanCodeAuthenticationConfigurer; +import cn.topiam.employee.authentication.wechatwork.configurer.WeChatWorkScanCodeAuthenticationConfigurer; +import cn.topiam.employee.common.constants.AuthorizeConstants; +import cn.topiam.employee.common.entity.setting.SettingEntity; +import cn.topiam.employee.common.geo.GeoLocationService; +import cn.topiam.employee.common.repository.account.UserIdpRepository; +import cn.topiam.employee.common.repository.account.UserRepository; +import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; +import cn.topiam.employee.common.repository.setting.SettingRepository; +import cn.topiam.employee.core.endpoint.security.PublicSecretEndpoint; +import cn.topiam.employee.core.message.mail.MailMsgEventPublish; +import cn.topiam.employee.core.message.sms.SmsMsgEventPublish; +import cn.topiam.employee.core.security.authentication.AuthenticationTrustResolverImpl; +import cn.topiam.employee.core.security.form.FormLoginSecretFilter; +import cn.topiam.employee.core.security.otp.OtpContextHelp; +import cn.topiam.employee.core.security.password.task.PasswordExpireTask; +import cn.topiam.employee.core.security.password.task.impl.PasswordExpireLockTask; +import cn.topiam.employee.core.security.password.task.impl.PasswordExpireWarnTask; +import cn.topiam.employee.core.security.savedredirect.LoginRedirectParameterFilter; +import cn.topiam.employee.core.security.task.UserExpireLockTask; +import cn.topiam.employee.core.security.task.UserUnlockTask; +import cn.topiam.employee.core.setting.constant.SecuritySettingConstants; +import cn.topiam.employee.portal.handler.*; +import cn.topiam.employee.portal.idp.IdpRedirectParameterMatcher; +import cn.topiam.employee.portal.idp.bind.IdpAuthenticationConfigurer; +import cn.topiam.employee.portal.listener.PortalAuthenticationFailureEventListener; +import cn.topiam.employee.portal.listener.PortalAuthenticationSuccessEventListener; +import cn.topiam.employee.portal.listener.PortalLogoutSuccessEventListener; +import cn.topiam.employee.portal.listener.PortalSessionInformationExpiredStrategy; +import cn.topiam.employee.protocol.cas.idp.CasIdpConfigurer; +import cn.topiam.employee.protocol.form.FormProtocolConfigurer; +import cn.topiam.employee.protocol.oidc.token.EiamOpaqueTokenIntrospector; +import cn.topiam.employee.protocol.saml2.idp.Saml2IdpConfigurer; +import cn.topiam.employee.protocol.tsa.TsaProtocolConfigurer; +import lombok.RequiredArgsConstructor; import org.springframework.boot.actuate.autoconfigure.endpoint.web.WebEndpointProperties; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.cloud.context.config.annotation.RefreshScope; @@ -29,26 +71,19 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.http.HttpMethod; -import org.springframework.jdbc.core.JdbcTemplate; -import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.ObjectPostProcessor; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configurers.*; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.jackson2.SecurityJackson2Modules; import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter; -import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationConsentService; -import org.springframework.security.oauth2.server.authorization.JdbcOAuth2AuthorizationService; -import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; -import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository; import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.EiamOAuth2AuthorizationServerConfigurer; -import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.ExceptionTranslationFilter; -import org.springframework.security.web.access.intercept.RequestAuthorizationContext; +import org.springframework.security.web.authentication.AuthenticationFailureHandler; +import org.springframework.security.web.authentication.AuthenticationSuccessHandler; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.csrf.CookieCsrfTokenRepository; import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter; @@ -58,71 +93,19 @@ import org.springframework.security.web.util.matcher.RequestMatcher; import org.springframework.session.security.web.authentication.SpringSessionRememberMeServices; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; -import com.fasterxml.jackson.databind.Module; -import com.fasterxml.jackson.databind.ObjectMapper; +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; +import java.util.stream.Collectors; -import cn.topiam.employee.audit.event.AuditEventPublish; -import cn.topiam.employee.authentication.common.service.UserIdpService; -import cn.topiam.employee.authentication.dingtalk.configurer.DingtalkOAuth2AuthenticationConfigurer; -import cn.topiam.employee.authentication.dingtalk.configurer.DingtalkScanCodeAuthenticationConfigurer; -import cn.topiam.employee.authentication.qq.configurer.QqOauthAuthenticationConfigurer; -import cn.topiam.employee.authentication.sms.configurer.SmsAuthenticationConfigurer; -import cn.topiam.employee.authentication.wechat.configurer.WeChatScanCodeAuthenticationConfigurer; -import cn.topiam.employee.authentication.wechatwork.configurer.WeChatWorkScanCodeAuthenticationConfigurer; -import cn.topiam.employee.common.constants.AuthorizeConstants; -import cn.topiam.employee.common.entity.setting.SettingEntity; -import cn.topiam.employee.common.geo.GeoLocationService; -import cn.topiam.employee.common.repository.account.UserIdpRepository; -import cn.topiam.employee.common.repository.account.UserRepository; -import cn.topiam.employee.common.repository.app.AppOidcConfigRepository; -import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; -import cn.topiam.employee.common.repository.setting.SettingRepository; -import cn.topiam.employee.core.endpoint.security.PublicSecretEndpoint; -import cn.topiam.employee.core.message.mail.MailMsgEventPublish; -import cn.topiam.employee.core.message.sms.SmsMsgEventPublish; -import cn.topiam.employee.core.security.authentication.AuthenticationTrustResolverImpl; -import cn.topiam.employee.core.security.authentication.IdpAuthorizationManager; -import cn.topiam.employee.core.security.captcha.CaptchaValidator; -import cn.topiam.employee.core.security.captcha.CaptchaValidatorFilter; -import cn.topiam.employee.core.security.form.FormLoginSecretFilter; -import cn.topiam.employee.core.security.jackson2.CoreJackson2Module; -import cn.topiam.employee.core.security.mfa.MfaAuthorizationManager; -import cn.topiam.employee.core.security.password.task.PasswordExpireTask; -import cn.topiam.employee.core.security.password.task.impl.PasswordExpireLockTask; -import cn.topiam.employee.core.security.password.task.impl.PasswordExpireWarnTask; -import cn.topiam.employee.core.security.savedredirect.LoginRedirectParameterFilter; -import cn.topiam.employee.core.security.task.UserExpireLockTask; -import cn.topiam.employee.core.security.task.UserUnlockTask; -import cn.topiam.employee.core.setting.constant.SecuritySettingConstants; -import cn.topiam.employee.portal.handler.PortalAccessDeniedHandler; -import cn.topiam.employee.portal.handler.PortalAuthenticationEntryPoint; -import cn.topiam.employee.portal.handler.PortalAuthenticationHandler; -import cn.topiam.employee.portal.handler.PortalLogoutSuccessHandler; -import cn.topiam.employee.portal.idp.IdpRedirectParameterMatcher; -import cn.topiam.employee.portal.idp.bind.IdpAuthenticationConfigurer; -import cn.topiam.employee.portal.listener.PortalAuthenticationFailureEventListener; -import cn.topiam.employee.portal.listener.PortalAuthenticationSuccessEventListener; -import cn.topiam.employee.portal.listener.PortalLogoutSuccessEventListener; -import cn.topiam.employee.portal.listener.PortalSessionInformationExpiredStrategy; -import cn.topiam.employee.portal.mfa.MfaAuthenticationConfigurer; -import cn.topiam.employee.protocol.cas.idp.CasIdpConfigurer; -import cn.topiam.employee.protocol.oidc.authentication.EiamOAuth2AuthorizationService; -import cn.topiam.employee.protocol.oidc.repository.OidcConfigRegisteredClientRepository; -import cn.topiam.employee.protocol.oidc.token.ApplicationOpaqueTokenIntrospector; -import cn.topiam.employee.protocol.saml2.idp.Saml2IdpConfigurer; - -import lombok.RequiredArgsConstructor; -import static org.springframework.boot.autoconfigure.security.StaticResourceLocation.*; -import static org.springframework.security.config.Customizer.withDefaults; - -import static cn.topiam.employee.authentication.sms.filter.SmsAuthenticationFilter.SMS_LOGIN_MATCHER; import static cn.topiam.employee.common.constants.AuthorizeConstants.*; import static cn.topiam.employee.common.constants.ConfigBeanNameConstants.*; import static cn.topiam.employee.common.constants.SessionConstants.CURRENT_STATUS; import static cn.topiam.employee.core.setting.constant.SecuritySettingConstants.SECURITY_BASIC_REMEMBER_ME_VALID_TIME; import static cn.topiam.employee.core.setting.constant.SecuritySettingConstants.SECURITY_SESSION_MAXIMUM; -import static cn.topiam.employee.portal.mfa.MfaAuthenticationFilter.MFA_LOGIN_MATCHER; import static cn.topiam.employee.support.constant.EiamConstants.*; +import static org.springframework.boot.autoconfigure.security.StaticResourceLocation.*; +import static org.springframework.security.config.Customizer.withDefaults; /** * PortalSecurityConfiguration @@ -134,8 +117,12 @@ import static cn.topiam.employee.support.constant.EiamConstants.*; @RequiredArgsConstructor public class PortalSecurityConfiguration { + private final AuthenticationSuccessHandler successHandler = new PortalAuthenticationSuccessHandler(); + + private final AuthenticationFailureHandler failureHandler = new PortalAuthenticationFailureHandler(); + /** - * portalSocialSecurityFilterChain + * IDP SecurityFilterChain * * @param http {@link HttpSecurity} * @return {@link SecurityFilterChain} @@ -143,40 +130,46 @@ public class PortalSecurityConfiguration { */ @Order(1) @RefreshScope - @Bean(name = SOCIAL_SECURITY_FILTER_CHAIN) - public SecurityFilterChain socialAuthenticationSecurityFilterChain(HttpSecurity http) throws Exception { + @Bean(name = IDP_SECURITY_FILTER_CHAIN) + public SecurityFilterChain idpAuthenticationSecurityFilterChain(HttpSecurity http) throws Exception { // @formatter:off List requestMatchers = new ArrayList<>(); //QQ QqOauthAuthenticationConfigurer qqOauthAuthenticationConfigurer = new QqOauthAuthenticationConfigurer<>(identityProviderRepository, userIdpService); requestMatchers.add(qqOauthAuthenticationConfigurer.getRequestMatcher()); - qqOauthAuthenticationConfigurer.successHandler(new PortalAuthenticationHandler()); - qqOauthAuthenticationConfigurer.failureHandler(new PortalAuthenticationHandler()); + qqOauthAuthenticationConfigurer.successHandler(successHandler); + qqOauthAuthenticationConfigurer.failureHandler(failureHandler); http.apply(qqOauthAuthenticationConfigurer); //微信扫码 WeChatScanCodeAuthenticationConfigurer weChatScanCodeAuthenticationConfigurer = new WeChatScanCodeAuthenticationConfigurer<>(identityProviderRepository, userIdpService); requestMatchers.add(weChatScanCodeAuthenticationConfigurer.getRequestMatcher()); - weChatScanCodeAuthenticationConfigurer.successHandler(new PortalAuthenticationHandler()); - weChatScanCodeAuthenticationConfigurer.failureHandler(new PortalAuthenticationHandler()); + weChatScanCodeAuthenticationConfigurer.successHandler(successHandler); + weChatScanCodeAuthenticationConfigurer.failureHandler(failureHandler); http.apply(weChatScanCodeAuthenticationConfigurer); //企业微信 WeChatWorkScanCodeAuthenticationConfigurer weChatWorkScanCodeAuthenticationConfigurer = new WeChatWorkScanCodeAuthenticationConfigurer<>(identityProviderRepository, userIdpService); requestMatchers.add(weChatWorkScanCodeAuthenticationConfigurer.getRequestMatcher()); - weChatWorkScanCodeAuthenticationConfigurer.successHandler(new PortalAuthenticationHandler()); - weChatWorkScanCodeAuthenticationConfigurer.failureHandler(new PortalAuthenticationHandler()); + weChatWorkScanCodeAuthenticationConfigurer.successHandler(successHandler); + weChatWorkScanCodeAuthenticationConfigurer.failureHandler(failureHandler); http.apply(weChatWorkScanCodeAuthenticationConfigurer); //钉钉OAuth2 DingtalkOAuth2AuthenticationConfigurer dingtalkOauth2AuthenticationConfigurer = new DingtalkOAuth2AuthenticationConfigurer<>(identityProviderRepository, userIdpService); requestMatchers.add(dingtalkOauth2AuthenticationConfigurer.getRequestMatcher()); - dingtalkOauth2AuthenticationConfigurer.successHandler(new PortalAuthenticationHandler()); - dingtalkOauth2AuthenticationConfigurer.failureHandler(new PortalAuthenticationHandler()); + dingtalkOauth2AuthenticationConfigurer.successHandler(successHandler); + dingtalkOauth2AuthenticationConfigurer.failureHandler(failureHandler); http.apply(dingtalkOauth2AuthenticationConfigurer); //钉钉扫码 DingtalkScanCodeAuthenticationConfigurer dingtalkScanCodeAuthenticationConfigurer = new DingtalkScanCodeAuthenticationConfigurer<>(identityProviderRepository, userIdpService); requestMatchers.add(dingtalkScanCodeAuthenticationConfigurer.getRequestMatcher()); - dingtalkScanCodeAuthenticationConfigurer.successHandler(new PortalAuthenticationHandler()); - dingtalkScanCodeAuthenticationConfigurer.failureHandler(new PortalAuthenticationHandler()); + dingtalkScanCodeAuthenticationConfigurer.successHandler(successHandler); + dingtalkScanCodeAuthenticationConfigurer.failureHandler(failureHandler); http.apply(dingtalkScanCodeAuthenticationConfigurer); + //飞书扫码 + FeiShuScanCodeAuthenticationConfigurer feiShuScanCodeAuthenticationConfigurer = new FeiShuScanCodeAuthenticationConfigurer<>(identityProviderRepository, userIdpService); + requestMatchers.add(feiShuScanCodeAuthenticationConfigurer.getRequestMatcher()); + feiShuScanCodeAuthenticationConfigurer.successHandler(successHandler); + feiShuScanCodeAuthenticationConfigurer.failureHandler(failureHandler); + http.apply(feiShuScanCodeAuthenticationConfigurer); //RequestMatcher OrRequestMatcher requestMatcher = new OrRequestMatcher(requestMatchers); @@ -218,7 +211,7 @@ public class PortalSecurityConfiguration { .authorizeHttpRequests( authorizeRequests -> authorizeRequests.anyRequest().authenticated()) .oauth2ResourceServer(configurer -> configurer.opaqueToken() - .introspector(new ApplicationOpaqueTokenIntrospector())) + .introspector(new EiamOpaqueTokenIntrospector(oAuth2AuthorizationService))) //CSRF .csrf(withCsrfConfigurerDefaults(requestMatcher)) //headers @@ -293,6 +286,70 @@ public class PortalSecurityConfiguration { //@formatter:on } + /** + * FormProtocolSecurityFilterChain + * + * @param http {@link HttpSecurity} + * @return {@link SecurityFilterChain} + * @throws Exception Exception + */ + @Order(5) + @Bean(value = FORM_PROTOCOL_SECURITY_FILTER_CHAIN) + @RefreshScope + public SecurityFilterChain formProtocolSecurityFilterChain(HttpSecurity http) throws Exception { + //@formatter:off + //Form IDP 配置 + FormProtocolConfigurer configurer = new FormProtocolConfigurer<>(); + RequestMatcher endpointsMatcher = configurer.getEndpointsMatcher(); + http.requestMatcher(endpointsMatcher) + .authorizeHttpRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()) + //异常处理 + .exceptionHandling(withExceptionConfigurerDefaults()) + //CSRF + .csrf(withCsrfConfigurerDefaults(endpointsMatcher)) + //headers + .headers(withHeadersConfigurerDefaults()) + //cors + .cors(withCorsConfigurerDefaults()) + //会话管理器 + .sessionManagement(withSessionManagementConfigurerDefaults(settingRepository)) + .apply(configurer); + return http.build(); + //@formatter:on + } + + /** + * TsaProtocolSecurityFilterChain + * + * @param http {@link HttpSecurity} + * @return {@link SecurityFilterChain} + * @throws Exception Exception + */ + @Order(6) + @Bean(value = TSA_PROTOCOL_SECURITY_FILTER_CHAIN) + @RefreshScope + public SecurityFilterChain tsaProtocolSecurityFilterChain(HttpSecurity http) throws Exception { + //@formatter:off + //TSA IDP 配置 + TsaProtocolConfigurer configurer = new TsaProtocolConfigurer<>(); + RequestMatcher endpointsMatcher = configurer.getEndpointsMatcher(); + http.requestMatcher(endpointsMatcher) + .authorizeHttpRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()) + //异常处理 + .exceptionHandling(withExceptionConfigurerDefaults()) + //CSRF + .csrf(withCsrfConfigurerDefaults(endpointsMatcher)) + //headers + .headers(withHeadersConfigurerDefaults()) + //cors + .cors(withCorsConfigurerDefaults()) + //会话管理器 + .sessionManagement(withSessionManagementConfigurerDefaults(settingRepository)) + .apply(configurer); + return http.build(); + //@formatter:on + } + /** * SecurityFilterChain * @@ -300,7 +357,7 @@ public class PortalSecurityConfiguration { * @return {@link SecurityFilterChain} * @throws Exception Exception */ - @Order(5) + @Order(7) @RefreshScope @Bean(name = DEFAULT_SECURITY_FILTER_CHAIN) public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { @@ -331,17 +388,17 @@ public class PortalSecurityConfiguration { .sessionManagement(withSessionManagementConfigurerDefaults(settingRepository)); //表单登录解密过滤器 http.addFilterBefore(new FormLoginSecretFilter(), UsernamePasswordAuthenticationFilter.class); - //短信OPT认证 - SmsAuthenticationConfigurer smsAuthenticationConfigurer = new SmsAuthenticationConfigurer<>(userDetailsService); - smsAuthenticationConfigurer.successHandler(new PortalAuthenticationHandler()); - smsAuthenticationConfigurer.failureHandler(new PortalAuthenticationHandler()); + //短信OTP认证 + SmsAuthenticationConfigurer smsAuthenticationConfigurer = new SmsAuthenticationConfigurer<>(userRepository, userDetailsService, otpContextHelp); + smsAuthenticationConfigurer.successHandler(successHandler); + smsAuthenticationConfigurer.failureHandler(failureHandler); http.apply(smsAuthenticationConfigurer); //MFA - http.apply(new MfaAuthenticationConfigurer<>()); + http.apply(new MfaAuthenticationConfigurer<>(otpContextHelp, successHandler,failureHandler)); //IDP 绑定用户 http.apply(new IdpAuthenticationConfigurer<>(userIdpService, userIdpRepository, passwordEncoder,auditEventPublish)); //Form 、SMS 授权请求重定向参数过滤器 - http.addFilterBefore(new LoginRedirectParameterFilter(new OrRequestMatcher(new AntPathRequestMatcher(FORM_LOGIN), SMS_LOGIN_MATCHER,MFA_LOGIN_MATCHER)), OAuth2AuthorizationRequestRedirectFilter.class); + http.addFilterBefore(new LoginRedirectParameterFilter(new OrRequestMatcher(new AntPathRequestMatcher(FORM_LOGIN), SmsAuthenticationFilter.getRequestMatcher(),MfaAuthenticationConfigurer.getRequestMatcher())), OAuth2AuthorizationRequestRedirectFilter.class); //验证码验证过滤器 http.addFilterBefore(new CaptchaValidatorFilter(captchaValidator), FormLoginSecretFilter.class); // @formatter:on @@ -354,14 +411,8 @@ public class PortalSecurityConfiguration { * @return {@link AuthorizeHttpRequestsConfigurer} */ public Customizer.AuthorizationManagerRequestMatcherRegistry> withHttpAuthorizeRequests() { - final AuthorizationManager mfaAuthorizationManager = new MfaAuthorizationManager(); - final AuthorizationManager idpAuthorizationManager = new IdpAuthorizationManager(); //@formatter:off return registry -> { - //MFA验证 - registry.mvcMatchers(HttpMethod.POST, MFA_VALIDATE).access(mfaAuthorizationManager); - //绑定账号 - registry.mvcMatchers(HttpMethod.POST, USER_BIND_IDP).access(idpAuthorizationManager); //静态资源 registry.antMatchers( CSS.getPatterns().collect(Collectors.joining()), @@ -375,10 +426,6 @@ public class PortalSecurityConfiguration { registry.antMatchers(HttpMethod.GET, PublicSecretEndpoint.PUBLIC_SECRET_PATH).permitAll(); //登录配置 registry.antMatchers(HttpMethod.GET, LOGIN_CONFIG).permitAll(); - //MFA Provider - registry.antMatchers(HttpMethod.GET, LOGIN_MFA_FACTORS).permitAll(); - //登录 OPT - registry.antMatchers(HttpMethod.POST, LOGIN_OTP_SEND).permitAll(); //健康检查端点 registry.antMatchers(webEndpointProperties.getBasePath()+"/**").permitAll(); //其他请求认证 @@ -438,12 +485,12 @@ public class PortalSecurityConfiguration { configurer.xssProtection(xssProtection -> xssProtection.block(false)); configurer.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin); configurer.contentSecurityPolicy( - "default-src 'self'; " + - "frame-src 'self' data:; " + - "frame-ancestors 'self' https://eiam.topiam.cn data:; " + - "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; " + + "default-src 'self' data:; " + + "frame-src 'self' login.dingtalk.com open.weixin.qq.com open.work.weixin.qq.com passport.feishu.cn data:; " + + "frame-ancestors 'self' eiam.topiam.cn data:; " + + "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com sf3-cn.feishucdn.com;" + "style-src 'self' https://fonts.googleapis.com https://cdn.jsdelivr.net 'unsafe-inline'; " + - "img-src 'self' https://img.alicdn.com https://static-legacy.dingtalk.com https://joeschmoe.io data:; " + + "img-src 'self' https://img.alicdn.com https://static-legacy.dingtalk.com https://joeschmoe.io https://api.multiavatar.com data:; " + "font-src 'self' https://fonts.gstatic.com data:; "+ "worker-src 'self' https://storage.googleapis.com blob:;"); configurer.referrerPolicy( @@ -549,13 +596,14 @@ public class PortalSecurityConfiguration { * * @return {@link FormLoginConfigurer} */ - public static Customizer> withFormLoginConfigurerDefaults() { + public Customizer> withFormLoginConfigurerDefaults() { // @formatter:off return configurer -> { configurer.loginPage(FE_LOGIN); configurer.loginProcessingUrl(FORM_LOGIN); - configurer.successHandler(new PortalAuthenticationHandler()); - configurer.failureHandler(new PortalAuthenticationHandler()); + MfaAuthenticationHandler authenticationHandler = new MfaAuthenticationHandler(successHandler, failureHandler); + configurer.successHandler(authenticationHandler); + configurer.failureHandler(authenticationHandler); }; // @formatter:on } @@ -570,54 +618,6 @@ public class PortalSecurityConfiguration { }; } - /** - * 注册客户端 Repository - * - * @return {@link RegisteredClientRepository} - */ - @Bean - public RegisteredClientRepository registeredClientRepository(AppOidcConfigRepository appOidcConfigRepository) { - return new OidcConfigRegisteredClientRepository(appOidcConfigRepository); - } - - /** - * Authorization Service - * - * @param jdbcTemplate {@link JdbcTemplate} - * @param registeredClientRepository {@link RegisteredClientRepository} - * @return {@link OAuth2AuthorizationService} - */ - @Bean - public OAuth2AuthorizationService authorizationService(JdbcTemplate jdbcTemplate, - RegisteredClientRepository registeredClientRepository) { - EiamOAuth2AuthorizationService authorizationService = new EiamOAuth2AuthorizationService( - jdbcTemplate, registeredClientRepository); - EiamOAuth2AuthorizationService.OAuth2AuthorizationRowMapper authorizationRowMapper = new JdbcOAuth2AuthorizationService.OAuth2AuthorizationRowMapper( - registeredClientRepository); - ClassLoader classLoader = EiamOAuth2AuthorizationService.class.getClassLoader(); - List securityModules = SecurityJackson2Modules.getModules(classLoader); - ObjectMapper objectMapper = new ObjectMapper(); - objectMapper.registerModules(securityModules); - objectMapper.registerModule(new OAuth2AuthorizationServerJackson2Module()); - objectMapper.registerModule(new CoreJackson2Module()); - authorizationRowMapper.setObjectMapper(objectMapper); - authorizationService.setAuthorizationRowMapper(authorizationRowMapper); - return authorizationService; - } - - /** - * OAuth2 Authorization Consent Service - * - * @param jdbcTemplate {@link JdbcTemplate} - * @param registeredClientRepository {@link RegisteredClientRepository} - * @return {@link OAuth2AuthorizationConsentService} - */ - @Bean - public OAuth2AuthorizationConsentService authorizationConsentService(JdbcTemplate jdbcTemplate, - RegisteredClientRepository registeredClientRepository) { - return new JdbcOAuth2AuthorizationConsentService(jdbcTemplate, registeredClientRepository); - } - /** * 密码过期锁定任务 * @@ -672,6 +672,7 @@ public class PortalSecurityConfiguration { return new UserExpireLockTask(settingRepository, userRepository); } + private final OAuth2AuthorizationService oAuth2AuthorizationService; /** * WebEndpointProperties */ @@ -682,11 +683,21 @@ public class PortalSecurityConfiguration { */ private final CaptchaValidator captchaValidator; + /** + * UserRepository + */ + private final UserRepository userRepository; + /** * UserDetailsService */ private final UserDetailsService userDetailsService; + /** + * OtpContextHelp + */ + private final OtpContextHelp otpContextHelp; + /** * PasswordEncoder */ diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AccountController.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AccountController.java index 5fc674f7..34385da7 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AccountController.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AccountController.java @@ -17,18 +17,16 @@ */ package cn.topiam.employee.portal.controller; -import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.*; - import cn.topiam.employee.core.security.decrypt.DecryptRequestBody; import cn.topiam.employee.portal.pojo.request.*; import cn.topiam.employee.portal.pojo.result.PrepareBindMfaResult; import cn.topiam.employee.portal.service.AccountService; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; +import lombok.AllArgsConstructor; +import org.springframework.validation.annotation.Validated; +import org.springframework.web.bind.annotation.*; + import static cn.topiam.employee.support.constant.EiamConstants.API_PATH; /** @@ -65,6 +63,17 @@ public class AccountController { return ApiRestResult.ok(accountService.changePassword(param)); } + /** + * 准备修改手机 + * + * @return {@link ApiRestResult} + */ + @Operation(summary = "准备修改手机") + @PostMapping("/prepare_change_phone") + public ApiRestResult prepareChangePhone(@DecryptRequestBody @RequestBody @Validated PrepareChangePhoneRequest param) { + return ApiRestResult.ok(accountService.prepareChangePhone(param)); + } + /** * 修改手机 * @@ -76,6 +85,17 @@ public class AccountController { return ApiRestResult.ok(accountService.changePhone(param)); } + /** + * 准备修改邮箱 + * + * @return {@link ApiRestResult} + */ + @Operation(summary = "准备修改邮箱") + @PostMapping("/prepare_change_email") + public ApiRestResult prepareChangeEmail(@DecryptRequestBody @RequestBody @Validated PrepareChangeEmailRequest param) { + return ApiRestResult.ok(accountService.prepareChangeEmail(param)); + } + /** * 修改邮箱 * diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppController.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppController.java index 84db26b1..b79f82fb 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppController.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppController.java @@ -17,21 +17,19 @@ */ package cn.topiam.employee.portal.controller; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; - import cn.topiam.employee.portal.pojo.query.GetAppListQuery; import cn.topiam.employee.portal.pojo.result.GetAppListResult; import cn.topiam.employee.portal.service.AppService; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.AllArgsConstructor; - import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.AllArgsConstructor; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + import static cn.topiam.employee.support.constant.EiamConstants.API_PATH; /** diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/CurrentUserController.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/CurrentUserController.java index 1c39ea31..2461281b 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/CurrentUserController.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/CurrentUserController.java @@ -17,31 +17,27 @@ */ package cn.topiam.employee.portal.controller; -import java.io.Serializable; -import java.util.List; - -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.stereotype.Component; - -import com.alibaba.fastjson2.JSON; -import com.google.common.collect.Lists; - +import cn.topiam.employee.authentication.common.IdentityProviderType; import cn.topiam.employee.common.entity.account.UserEntity; -import cn.topiam.employee.common.enums.IdentityProviderType; import cn.topiam.employee.common.enums.PasswordStrength; import cn.topiam.employee.core.security.util.UserUtils; import cn.topiam.employee.support.result.ApiRestResult; import cn.topiam.employee.support.util.DesensitizationUtil; import cn.topiam.employee.support.util.HttpResponseUtils; - +import com.alibaba.fastjson2.JSON; +import com.google.common.collect.Lists; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.Serializable; +import java.util.List; -import io.swagger.v3.oas.annotations.media.Schema; import static cn.topiam.employee.common.constants.SessionConstants.CURRENT_USER; /** diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/SessionManageEndpoint.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/SessionManageEndpoint.java index b601d06e..176ccc05 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/SessionManageEndpoint.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/SessionManageEndpoint.java @@ -17,28 +17,6 @@ */ package cn.topiam.employee.portal.controller; -import java.io.Serial; -import java.io.Serializable; -import java.time.LocalDateTime; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; -import org.springframework.security.core.session.SessionRegistry; -import org.springframework.web.bind.annotation.DeleteMapping; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; - -import com.alibaba.fastjson2.JSON; -import com.alibaba.fastjson2.annotation.JSONField; -import com.fasterxml.jackson.annotation.JsonTypeInfo; - import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.context.AuditContext; import cn.topiam.employee.audit.entity.Target; @@ -53,16 +31,33 @@ import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.result.ApiRestResult; import cn.topiam.employee.support.util.HttpResponseUtils; import cn.topiam.employee.support.web.useragent.UserAgent; - -import lombok.Data; -import lombok.experimental.Accessors; - +import com.alibaba.fastjson2.JSON; +import com.alibaba.fastjson2.annotation.JSONField; +import com.fasterxml.jackson.annotation.JsonTypeInfo; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; -import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.USERNAME; +import lombok.Data; +import lombok.experimental.Accessors; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.springframework.security.core.session.SessionRegistry; +import org.springframework.web.bind.annotation.DeleteMapping; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.Serial; +import java.io.Serializable; +import java.time.LocalDateTime; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; import static cn.topiam.employee.common.constants.SessionConstants.SESSION_PATH; import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN; +import static org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames.USERNAME; /** * 会话管理 @@ -188,6 +183,11 @@ class OnlineSession implements Serializable { @JsonTypeInfo(use = JsonTypeInfo.Id.NONE) private UserAgent userAgent; + /** + * 认证类型 + */ + private String authType; + /** * 登录时间 */ @@ -231,6 +231,8 @@ interface OnlineUserConverter { onlineSession.setGeoLocation(sessionDetails.getGeoLocation()); //用户代理 onlineSession.setUserAgent(sessionDetails.getUserAgent()); + //认证类型 + onlineSession.setAuthType(sessionDetails.getAuthType()); //登录时间 onlineSession.setLoginTime(sessionDetails.getLoginTime()); //最后请求时间 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/login/LoginConfigController.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/login/LoginConfigController.java index 84983e1a..21f8019a 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/login/LoginConfigController.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/login/LoginConfigController.java @@ -17,18 +17,16 @@ */ package cn.topiam.employee.portal.controller.login; +import cn.topiam.employee.portal.pojo.result.LoginConfigResult; +import cn.topiam.employee.portal.service.LoginConfigService; +import cn.topiam.employee.support.result.ApiRestResult; +import io.swagger.v3.oas.annotations.tags.Tag; +import lombok.extern.slf4j.Slf4j; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; -import cn.topiam.employee.portal.pojo.result.LoginConfigResult; -import cn.topiam.employee.portal.service.LoginConfigService; -import cn.topiam.employee.support.result.ApiRestResult; - -import lombok.extern.slf4j.Slf4j; - -import io.swagger.v3.oas.annotations.tags.Tag; import static cn.topiam.employee.common.constants.AuthorizeConstants.LOGIN_CONFIG; /** diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AccountConverter.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AccountConverter.java index d783893e..4b840524 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AccountConverter.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AccountConverter.java @@ -17,21 +17,19 @@ */ package cn.topiam.employee.portal.converter; -import java.time.LocalDateTime; - +import cn.topiam.employee.authentication.common.modal.IdpUser; +import cn.topiam.employee.common.entity.account.UserDetailEntity; +import cn.topiam.employee.common.entity.account.UserEntity; +import cn.topiam.employee.common.entity.account.UserIdpBindEntity; +import cn.topiam.employee.portal.pojo.request.UpdateUserInfoRequest; +import com.alibaba.fastjson2.JSONObject; import org.apache.commons.collections4.MapUtils; import org.mapstruct.Mapper; import org.mapstruct.Mapping; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.alibaba.fastjson2.JSONObject; - -import cn.topiam.employee.authentication.common.modal.IdpUser; -import cn.topiam.employee.common.entity.account.UserDetailEntity; -import cn.topiam.employee.common.entity.account.UserEntity; -import cn.topiam.employee.common.entity.account.UserIdpBindEntity; -import cn.topiam.employee.portal.pojo.request.UpdateUserInfoRequest; +import java.time.LocalDateTime; /** * AccountConverter @@ -111,7 +109,7 @@ public interface AccountConverter { entity.setUserId(Long.valueOf(userId)); entity.setOpenId(idpUser.getOpenId()); entity.setIdpId(idpUser.getProviderId()); - entity.setIdpType(idpUser.getProviderType()); + entity.setIdpType(idpUser.getProviderType().value()); if (MapUtils.isNotEmpty(idpUser.getAdditionalInfo())) { entity.setAdditionInfo(JSONObject.toJSONString(idpUser.getAdditionalInfo())); } diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppConverter.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppConverter.java index 29617910..62ffbfb5 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppConverter.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/AppConverter.java @@ -17,14 +17,6 @@ */ package cn.topiam.employee.portal.converter; -import java.util.ArrayList; -import java.util.List; -import java.util.Objects; - -import org.apache.commons.lang3.StringUtils; -import org.mapstruct.Mapper; -import org.mapstruct.MappingConstants; - import cn.topiam.employee.application.ApplicationService; import cn.topiam.employee.application.ApplicationServiceLoader; import cn.topiam.employee.common.entity.app.AppEntity; @@ -33,8 +25,15 @@ import cn.topiam.employee.portal.constant.PortalConstants; import cn.topiam.employee.portal.pojo.result.GetAppListResult; import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.repository.page.domain.Page; +import org.apache.commons.lang3.StringUtils; +import org.mapstruct.Mapper; +import org.mapstruct.MappingConstants; + +import java.util.ArrayList; +import java.util.List; +import java.util.Objects; + import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE_VARIABLE; -import static cn.topiam.employee.common.enums.app.InitLoginType.APP; import static cn.topiam.employee.common.enums.app.InitLoginType.PORTAL_OR_APP; /** @@ -62,9 +61,11 @@ public interface AppConverter { result.setType(entity.getType()); result.setProtocol(entity.getProtocol()); result.setTemplate(entity.getTemplate()); - result.setIdpInit(APP.equals(entity.getInitLoginType()) | PORTAL_OR_APP.equals(entity.getInitLoginType())); + result.setInitLoginType(entity.getInitLoginType()); //登录发起URL - result.setIdpInitUrl(StringUtils.defaultString(entity.getInitLoginUrl(), getIdpInitUrl(entity.getProtocol(), entity.getCode()))); + if (PORTAL_OR_APP.equals(entity.getInitLoginType())){ + result.setInitLoginUrl(StringUtils.defaultString(entity.getInitLoginUrl(), getIdpInitUrl(entity.getProtocol(), entity.getCode()))); + } result.setIcon(entity.getIcon()); //图标未配置,所以先从模版中拿 if (StringUtils.isBlank(entity.getIcon())){ @@ -84,7 +85,7 @@ public interface AppConverter { results.add(result); } page.setList(results); - page.setPagination(cn.topiam.employee.support.repository.page.domain.Page.Pagination.builder() + page.setPagination(Page.Pagination.builder() .total(list.getTotalElements()) .totalPages(list.getTotalPages()) .current(list.getPageable().getPageNumber() + 1) diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/LoginConfigConverter.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/LoginConfigConverter.java index 727f8b99..5490a4e7 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/LoginConfigConverter.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/converter/LoginConfigConverter.java @@ -17,13 +17,12 @@ */ package cn.topiam.employee.portal.converter; -import java.util.ArrayList; -import java.util.List; - -import org.mapstruct.Mapper; - import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; import cn.topiam.employee.portal.pojo.result.LoginConfigResult; +import org.mapstruct.Mapper; + +import java.util.ArrayList; +import java.util.List; /** * AuthenticationConverter @@ -44,7 +43,7 @@ public interface LoginConfigConverter { List result = new ArrayList<>(); for (IdentityProviderEntity entity : list) { LoginConfigResult.Idps idp = new LoginConfigResult.Idps(); - idp.setId(String.valueOf(entity.getId())); + idp.setCode(entity.getCode()); idp.setName(entity.getName()); idp.setType(entity.getType()); idp.setCategory(entity.getCategory()); diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAccessDeniedHandler.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAccessDeniedHandler.java index 8c3e3f3c..968151fc 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAccessDeniedHandler.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAccessDeniedHandler.java @@ -17,19 +17,16 @@ */ package cn.topiam.employee.portal.handler; -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import cn.topiam.employee.core.security.util.SecurityUtils; +import lombok.AllArgsConstructor; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.security.access.AccessDeniedException; -import cn.topiam.employee.core.security.util.SecurityUtils; - -import lombok.AllArgsConstructor; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; /** * 访问拒绝处理程序 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java index 88b7e523..ca4aa311 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationEntryPoint.java @@ -17,23 +17,21 @@ */ package cn.topiam.employee.portal.handler; -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import cn.topiam.employee.core.context.ServerContextHelp; +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.AuthenticationException; -import cn.topiam.employee.core.context.ServerContextHelp; -import cn.topiam.employee.support.result.ApiRestResult; -import cn.topiam.employee.support.util.HttpResponseUtils; -import static org.springframework.http.HttpStatus.UNAUTHORIZED; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN; import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml; +import static org.springframework.http.HttpStatus.UNAUTHORIZED; /** * 认证入口点 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationFailureHandler.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationFailureHandler.java index ac827aeb..5fbda663 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationFailureHandler.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationFailureHandler.java @@ -17,12 +17,12 @@ */ package cn.topiam.employee.portal.handler; -import java.io.IOException; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import cn.topiam.employee.common.enums.SecretType; +import cn.topiam.employee.common.repository.account.UserRepository; +import cn.topiam.employee.support.context.ApplicationContextHelp; +import cn.topiam.employee.support.exception.enums.ExceptionStatus; +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -31,18 +31,15 @@ import org.springframework.http.HttpStatus; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.WebAttributes; -import cn.topiam.employee.common.enums.SecretType; -import cn.topiam.employee.common.repository.account.UserRepository; -import cn.topiam.employee.support.context.ApplicationContextHelp; -import cn.topiam.employee.support.exception.enums.ExceptionStatus; -import cn.topiam.employee.support.result.ApiRestResult; -import cn.topiam.employee.support.util.HttpResponseUtils; -import static javax.servlet.RequestDispatcher.*; - -import static org.springframework.boot.web.servlet.support.ErrorPageFilter.ERROR_REQUEST_URI; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; import static cn.topiam.employee.support.constant.EiamConstants.CAPTCHA_CODE_SESSION; import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml; +import static javax.servlet.RequestDispatcher.*; +import static org.springframework.boot.web.servlet.support.ErrorPageFilter.ERROR_REQUEST_URI; /** * 认证失败 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationSuccessHandler.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationSuccessHandler.java index 3d7e2d5a..bbb4df2d 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationSuccessHandler.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalAuthenticationSuccessHandler.java @@ -17,12 +17,13 @@ */ package cn.topiam.employee.portal.handler; -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - +import cn.topiam.employee.common.constants.AuthorizeConstants; +import cn.topiam.employee.common.enums.SecretType; +import cn.topiam.employee.core.context.ServerContextHelp; +import cn.topiam.employee.core.security.authentication.IdpAuthentication; +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; +import cn.topiam.employee.support.util.HttpUrlUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; @@ -30,11 +31,11 @@ import org.springframework.security.core.Authentication; import org.springframework.security.web.WebAttributes; import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler; -import cn.topiam.employee.common.enums.SecretType; -import cn.topiam.employee.core.context.ServerContextHelp; -import cn.topiam.employee.support.result.ApiRestResult; -import cn.topiam.employee.support.util.HttpResponseUtils; -import cn.topiam.employee.support.util.HttpUrlUtils; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.IOException; + import static cn.topiam.employee.support.constant.EiamConstants.*; import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml; import static cn.topiam.employee.support.result.ApiRestResult.SUCCESS; @@ -52,7 +53,9 @@ public class PortalAuthenticationSuccessHandler extends implements org.springframework.security.web.authentication.AuthenticationSuccessHandler { - private final Logger logger = LoggerFactory.getLogger(PortalAuthenticationSuccessHandler.class); + private final Logger logger = LoggerFactory + .getLogger(PortalAuthenticationSuccessHandler.class); + private static final String REQUIRE_USER_BIND = "require_user_bind"; /** * Called when a user has been successfully authenticated. @@ -74,6 +77,7 @@ public class PortalAuthenticationSuccessHandler extends @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException { + //@formatter:off boolean isTextHtml = acceptIncludeTextHtml(request); //Clear Authentication Attributes @@ -81,6 +85,19 @@ public class PortalAuthenticationSuccessHandler extends if (response.isCommitted()) { return; } + //TODO IDP 未关联 + if (authentication instanceof IdpAuthentication && !((IdpAuthentication) authentication).getAssociated()) { + if (!isTextHtml) { + HttpResponseUtils.flushResponseJson(response, HttpStatus.BAD_REQUEST.value(), + ApiRestResult.builder().status(REQUIRE_USER_BIND).message(REQUIRE_USER_BIND) + .build()); + return; + } + //跳转登录,前端会有接口获取状态,并进行展示绑定页面 + response.sendRedirect(HttpUrlUtils + .format(ServerContextHelp.getPortalPublicBaseUrl() + AuthorizeConstants.FE_LOGIN)); + return; + } if (!isTextHtml) { HttpResponseUtils.flushResponseJson(response, HttpStatus.OK.value(), ApiRestResult.builder().status(SUCCESS).build()); diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalLogoutSuccessHandler.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalLogoutSuccessHandler.java index 873ff506..2846f92c 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalLogoutSuccessHandler.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/handler/PortalLogoutSuccessHandler.java @@ -17,20 +17,19 @@ */ package cn.topiam.employee.portal.handler; -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import cn.topiam.employee.core.context.ServerContextHelp; +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; +import cn.topiam.employee.support.util.HttpUrlUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.security.core.Authentication; -import cn.topiam.employee.core.context.ServerContextHelp; -import cn.topiam.employee.support.result.ApiRestResult; -import cn.topiam.employee.support.util.HttpResponseUtils; -import cn.topiam.employee.support.util.HttpUrlUtils; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN; import static cn.topiam.employee.support.context.ServletContextHelp.acceptIncludeTextHtml; import static cn.topiam.employee.support.result.ApiRestResult.SUCCESS; diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/IdpRedirectParameterMatcher.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/IdpRedirectParameterMatcher.java index da8ec5c2..9e9b15bf 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/IdpRedirectParameterMatcher.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/IdpRedirectParameterMatcher.java @@ -17,16 +17,15 @@ */ package cn.topiam.employee.portal.idp; -import javax.servlet.http.HttpServletRequest; - -import org.springframework.security.web.util.matcher.OrRequestMatcher; -import org.springframework.security.web.util.matcher.RequestMatcher; - import cn.topiam.employee.authentication.dingtalk.filter.DingtalkOAuth2AuthorizationRequestRedirectFilter; import cn.topiam.employee.authentication.dingtalk.filter.DingtalkScanCodeAuthorizationRequestGetFilter; import cn.topiam.employee.authentication.qq.filter.QqOAuth2AuthorizationRequestRedirectFilter; import cn.topiam.employee.authentication.wechat.filter.WeChatScanCodeAuthorizationRequestRedirectFilter; import cn.topiam.employee.authentication.wechatwork.filter.WeChatWorkScanCodeAuthorizationRequestRedirectFilter; +import org.springframework.security.web.util.matcher.OrRequestMatcher; +import org.springframework.security.web.util.matcher.RequestMatcher; + +import javax.servlet.http.HttpServletRequest; /** * IDP重定向参数授权请求重定向匹配器 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpAuthenticationConfigurer.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpAuthenticationConfigurer.java index 9d52590b..9899d851 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpAuthenticationConfigurer.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpAuthenticationConfigurer.java @@ -17,6 +17,11 @@ */ package cn.topiam.employee.portal.idp.bind; +import cn.topiam.employee.audit.event.AuditEventPublish; +import cn.topiam.employee.authentication.common.service.UserIdpService; +import cn.topiam.employee.common.repository.account.UserIdpRepository; +import cn.topiam.employee.portal.handler.PortalAuthenticationFailureHandler; +import cn.topiam.employee.portal.handler.PortalAuthenticationSuccessHandler; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.configurers.AbstractAuthenticationFilterConfigurer; import org.springframework.security.crypto.password.PasswordEncoder; @@ -24,11 +29,6 @@ import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationF import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.security.web.util.matcher.RequestMatcher; -import cn.topiam.employee.audit.event.AuditEventPublish; -import cn.topiam.employee.authentication.common.service.UserIdpService; -import cn.topiam.employee.common.repository.account.UserIdpRepository; -import cn.topiam.employee.portal.handler.PortalAuthenticationHandler; - /** * IDP Authentication Configurer * @@ -53,8 +53,8 @@ public final class IdpAuthenticationConfigurer> @Override public void init(H http) throws Exception { //设置登录成功失败处理器 - super.successHandler(new PortalAuthenticationHandler()); - super.failureHandler(new PortalAuthenticationHandler()); + super.successHandler(new PortalAuthenticationSuccessHandler()); + super.failureHandler(new PortalAuthenticationFailureHandler()); //MFA认证 IdpBindUserAuthenticationFilter loginAuthenticationFilter = new IdpBindUserAuthenticationFilter( userIdpService, userIdpRepository, passwordEncoder, auditEventPublish); @@ -70,10 +70,6 @@ public final class IdpAuthenticationConfigurer> super.configure(http); } - public RequestMatcher getRequestMatcher() { - return IdpBindUserAuthenticationFilter.getRequestMatcher(); - } - private final UserIdpService userIdpService; private final UserIdpRepository userIdpRepository; private final PasswordEncoder passwordEncoder; diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpBindUserAuthenticationFilter.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpBindUserAuthenticationFilter.java index 8ade6911..3b98e8dc 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpBindUserAuthenticationFilter.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/IdpBindUserAuthenticationFilter.java @@ -17,29 +17,6 @@ */ package cn.topiam.employee.portal.idp.bind; -import java.io.IOException; -import java.util.Objects; -import java.util.Optional; -import java.util.UUID; - -import javax.servlet.ServletException; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.http.HttpMethod; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; -import org.springframework.security.web.util.matcher.AntPathRequestMatcher; -import org.springframework.security.web.util.matcher.RequestMatcher; -import org.springframework.util.Assert; - -import com.alibaba.fastjson2.JSONObject; - import cn.topiam.employee.audit.enums.EventStatus; import cn.topiam.employee.audit.enums.EventType; import cn.topiam.employee.audit.event.AuditEventPublish; @@ -50,16 +27,36 @@ import cn.topiam.employee.common.entity.account.po.UserIdpBindPo; import cn.topiam.employee.common.enums.SecretType; import cn.topiam.employee.common.repository.account.UserIdpRepository; import cn.topiam.employee.common.repository.account.UserRepository; -import cn.topiam.employee.common.util.RequestUtils; import cn.topiam.employee.core.security.authentication.IdpAuthentication; import cn.topiam.employee.core.security.userdetails.UserDetails; +import cn.topiam.employee.core.security.util.SecurityUtils; import cn.topiam.employee.portal.pojo.request.AccountBindIdpRequest; import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.context.ServletContextHelp; import cn.topiam.employee.support.trace.TraceUtils; import cn.topiam.employee.support.util.AesUtils; - +import cn.topiam.employee.support.validation.ValidationHelp; +import com.alibaba.fastjson2.JSONObject; import lombok.extern.slf4j.Slf4j; +import org.springframework.http.HttpMethod; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import org.springframework.security.web.util.matcher.RequestMatcher; +import org.springframework.util.Assert; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.validation.ConstraintViolationException; +import java.util.Objects; +import java.util.Optional; +import java.util.UUID; + import static cn.topiam.employee.authentication.common.filter.AbstractIdpAuthenticationProcessingFilter.TOPIAM_USER_BIND_IDP; import static cn.topiam.employee.common.constants.AuthorizeConstants.USER_BIND_IDP; import static cn.topiam.employee.portal.constant.PortalConstants.BIND_ACCOUNT; @@ -73,14 +70,10 @@ import static cn.topiam.employee.support.constant.EiamConstants.TOPIAM_BIND_MFA_ */ @Slf4j public class IdpBindUserAuthenticationFilter extends AbstractAuthenticationProcessingFilter { - public static final String DEFAULT_FILTER_PROCESSES_URI = USER_BIND_IDP; + public final static String DEFAULT_FILTER_PROCESSES_URI = USER_BIND_IDP; public static final RequestMatcher IDP_BIND_USER_MATCHER = new AntPathRequestMatcher( DEFAULT_FILTER_PROCESSES_URI, HttpMethod.POST.name()); - public static RequestMatcher getRequestMatcher() { - return IDP_BIND_USER_MATCHER; - } - /** * Performs actual authentication. *

@@ -103,33 +96,38 @@ public class IdpBindUserAuthenticationFilter extends AbstractAuthenticationProce */ @Override public Authentication attemptAuthentication(HttpServletRequest request, - HttpServletResponse response) throws AuthenticationException, - IOException, - ServletException { + HttpServletResponse response) throws AuthenticationException { //@formatter:off TraceUtils.put(UUID.randomUUID().toString()); - IdpAuthentication context = (IdpAuthentication) SecurityContextHolder.getContext(); - UserDetails principal = (UserDetails) context.getPrincipal(); + SecurityContext securityContext = SecurityUtils.getSecurityContext(); + Authentication authentication = securityContext.getAuthentication(); + if (!(authentication instanceof IdpAuthentication)){ + return null; + } Object value = request.getSession().getAttribute(TOPIAM_USER_BIND_IDP); + AccountBindIdpRequest idpRequest = new AccountBindIdpRequest(request.getParameter("username"),request.getParameter("password")); + ValidationHelp.ValidationResult requestValidationResult = ValidationHelp.validateEntity(idpRequest); + if (requestValidationResult.isHasErrors()){ + throw new ConstraintViolationException(requestValidationResult.getConstraintViolations()); + } //参数为空 if (Objects.isNull(value)) { - String content = "用户 [" + principal.getUsername() + "] 绑定 IDP 失败, 参数无效"; + String content = "用户 [" + idpRequest.getUsername() + "] 绑定 IDP 失败, 参数无效"; log.error(content); auditEventPublish.publish(EventType.BIND_IDP_USER, content, EventStatus.SUCCESS); throw new UserBindIdpException("user_bind_idp_invalid_argument_error", content); } - AccountBindIdpRequest idpRequest = JSONObject.parseObject(RequestUtils.getBody(request), AccountBindIdpRequest.class); idpRequest.setPassword(idpRequest.getPassword()); //会话上下文数据转 UserInfo IdpUser idpUserInfo = JSONObject.parseObject((String) value, IdpUser.class); //验证 - UserEntity user = authnUserBindValidate(idpRequest, idpUserInfo.getProviderId(),idpUserInfo.getOpenId(),principal); + UserEntity user = authnUserBindValidate(idpRequest, idpUserInfo.getProviderId(),idpUserInfo.getOpenId()); //认证 Boolean bind = userIdpService.bindUserIdp(user.getId().toString(),idpUserInfo); if (bind){ - String content="用户 ["+principal.getUsername()+"] 绑定 IDP 成功"; + String content="用户 ["+idpRequest.getUsername()+"] 绑定 IDP 成功"; UserDetails userDetails = userIdpService.getUserDetails(idpUserInfo.getOpenId(), idpUserInfo.getProviderId()); - IdpAuthentication token = new IdpAuthentication(userDetails, idpUserInfo.getProviderType().getCode(), idpUserInfo.getProviderId(), true, userDetails.getAuthorities()); + IdpAuthentication token = new IdpAuthentication(userDetails, idpUserInfo.getProviderType().value(), idpUserInfo.getProviderId(), true, userDetails.getAuthorities()); // Allow subclasses to set the "details" property token.setDetails(this.authenticationDetailsSource.buildDetails(request)); removeState(request,response); @@ -153,13 +151,13 @@ public class IdpBindUserAuthenticationFilter extends AbstractAuthenticationProce } private UserEntity authnUserBindValidate(AccountBindIdpRequest request, String providerId, - String openId, UserDetails principal) { + String openId) { HttpServletRequest servletRequest = ServletContextHelp.getRequest(); //根据用户名查询用户 UserRepository userRepository = ApplicationContextHelp.getBean(UserRepository.class); - UserEntity user = userRepository.findByUsername(principal.getUsername()); + UserEntity user = userRepository.findByUsername(request.getUsername()); if (Objects.isNull(user)) { - String content = "用户 [" + principal.getUsername() + "] 绑定 IDP 失败, 未查询到用户信息"; + String content = "用户 [" + request.getUsername() + "] 绑定 IDP 失败, 未查询到用户信息"; log.error(content); auditEventPublish.publish(EventType.BIND_IDP_USER, content, EventStatus.SUCCESS); throw new UsernameNotFoundException("用户名或密码错误"); @@ -170,14 +168,14 @@ public class IdpBindUserAuthenticationFilter extends AbstractAuthenticationProce .getAttribute(SecretType.LOGIN.getKey()); request.setPassword(AesUtils.decrypt(request.getPassword(), secret)); } catch (Exception exception) { - String content = "用户 [" + principal.getUsername() + "] 绑定 IDP 失败, 密码解密异常"; + String content = "用户 [" + request.getUsername() + "] 绑定 IDP 失败, 密码解密异常"; log.error(content, exception); auditEventPublish.publish(EventType.BIND_IDP_USER, content, EventStatus.SUCCESS); throw new UserBindIdpException(); } boolean matches = passwordEncoder.matches(request.getPassword(), user.getPassword()); if (!matches) { - String content = "用户 [" + principal.getUsername() + "] 绑定 IDP 失败, 用户密码验证失败"; + String content = "用户 [" + request.getUsername() + "] 绑定 IDP 失败, 用户密码验证失败"; log.error(content); auditEventPublish.publish(EventType.BIND_IDP_USER, content, EventStatus.SUCCESS); throw new UsernameNotFoundException("用户名或密码错误"); @@ -186,7 +184,7 @@ public class IdpBindUserAuthenticationFilter extends AbstractAuthenticationProce Optional bindEntity = userIdpRepository.findByIdpIdAndUserId(providerId, user.getId()); if (bindEntity.isPresent()) { - String content = "用户 [" + principal.getUsername() + "] 绑定 IDP 失败, 用户已存在绑定"; + String content = "用户 [" + request.getUsername() + "] 绑定 IDP 失败, 用户已存在绑定"; log.error(content); auditEventPublish.publish(EventType.BIND_IDP_USER, content, EventStatus.SUCCESS); throw new UsernameNotFoundException("用户已存在绑定"); @@ -194,7 +192,7 @@ public class IdpBindUserAuthenticationFilter extends AbstractAuthenticationProce //是否绑定 bindEntity = userIdpRepository.findByIdpIdAndOpenId(providerId, openId); if (bindEntity.isPresent()) { - String content = "用户 [" + principal.getUsername() + "] 绑定 IDP 失败, 已存在其他用户绑定"; + String content = "用户 [" + request.getUsername() + "] 绑定 IDP 失败, 已存在其他用户绑定"; log.error(content); auditEventPublish.publish(EventType.BIND_IDP_USER, content, EventStatus.SUCCESS); throw new UsernameNotFoundException("已存在其他用户绑定"); diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/UserBindIdpException.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/UserBindIdpException.java index a2ed0677..04216893 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/UserBindIdpException.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/idp/bind/UserBindIdpException.java @@ -17,9 +17,8 @@ */ package cn.topiam.employee.portal.idp.bind; -import org.springframework.http.HttpStatus; - import cn.topiam.employee.support.exception.TopIamException; +import org.springframework.http.HttpStatus; /** * diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationFailureEventListener.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationFailureEventListener.java index 6e63d14b..7c0545d6 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationFailureEventListener.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationFailureEventListener.java @@ -17,17 +17,6 @@ */ package cn.topiam.employee.portal.listener; -import java.time.LocalDateTime; -import java.util.Objects; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.context.ApplicationListener; -import org.springframework.lang.NonNull; -import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; -import org.springframework.util.ObjectUtils; - import cn.topiam.employee.audit.entity.Actor; import cn.topiam.employee.audit.enums.EventStatus; import cn.topiam.employee.audit.enums.EventType; @@ -40,6 +29,17 @@ import cn.topiam.employee.common.repository.account.UserRepository; import cn.topiam.employee.core.context.SettingContextHelp; import cn.topiam.employee.core.security.userdetails.UserDetails; import cn.topiam.employee.support.context.ApplicationContextHelp; +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.context.ApplicationListener; +import org.springframework.lang.NonNull; +import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; +import org.springframework.util.ObjectUtils; + +import java.time.LocalDateTime; +import java.util.Objects; + import static cn.topiam.employee.core.context.SettingContextHelp.getLoginFailureDuration; import static cn.topiam.employee.core.security.util.SecurityUtils.getFailureMessage; diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationSuccessEventListener.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationSuccessEventListener.java index cc388931..5084507e 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationSuccessEventListener.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalAuthenticationSuccessEventListener.java @@ -17,33 +17,31 @@ */ package cn.topiam.employee.portal.listener; -import java.time.Instant; -import java.time.LocalDateTime; -import java.time.ZoneId; -import java.util.List; -import java.util.Objects; - -import org.springframework.context.ApplicationListener; -import org.springframework.lang.NonNull; -import org.springframework.security.authentication.event.AuthenticationSuccessEvent; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import com.google.common.collect.Lists; - import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.EventStatus; import cn.topiam.employee.audit.enums.TargetType; import cn.topiam.employee.audit.event.AuditEventPublish; +import cn.topiam.employee.authentication.common.util.AuthenticationUtils; import cn.topiam.employee.common.geo.GeoLocationService; +import cn.topiam.employee.common.repository.account.UserRepository; import cn.topiam.employee.core.security.userdetails.UserDetails; import cn.topiam.employee.support.context.ApplicationContextHelp; import cn.topiam.employee.support.context.ServletContextHelp; import cn.topiam.employee.support.util.IpUtils; -import cn.topiam.employee.support.web.useragent.UserAgent; -import cn.topiam.employee.support.web.useragent.UserAgentUtils; - +import com.google.common.collect.Lists; import lombok.AllArgsConstructor; +import org.springframework.context.ApplicationListener; +import org.springframework.lang.NonNull; +import org.springframework.security.authentication.event.AuthenticationSuccessEvent; +import org.springframework.security.core.Authentication; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import java.time.Instant; +import java.time.LocalDateTime; +import java.time.ZoneId; +import java.util.List; + import static cn.topiam.employee.audit.enums.EventType.LOGIN_PORTAL; /** @@ -67,19 +65,20 @@ public class PortalAuthenticationSuccessEventListener implements .getRequestAttributes(); AuditEventPublish auditEventPublish = ApplicationContextHelp .getBean(AuditEventPublish.class); + UserRepository userRepository = ApplicationContextHelp.getBean(UserRepository.class); + Authentication authentication = event.getAuthentication(); Object principal = event.getAuthentication().getPrincipal(); //@formatter:off if (principal instanceof UserDetails) { - //登录事件 - ((UserDetails) principal).setLoginTime(LocalDateTime.now()); + //认证类型 + ((UserDetails) principal).setAuthType(AuthenticationUtils.geAuthType(authentication)); //区域 ((UserDetails) principal).setGeoLocation(geoLocationService.getGeoLocation(IpUtils.getIpAddr(ServletContextHelp.getRequest()))); - //浏览器 - UserAgent agent = UserAgentUtils - .getUserAgent(Objects.requireNonNull(attributes).getRequest()); - ((UserDetails) principal).setUserAgent(agent); //登录时间 ((UserDetails) principal).setLoginTime(getDateTimeOfTimestamp(event.getTimestamp())); + //认证次数+1 + userRepository.updateAuthSucceedInfo(((UserDetails) principal).getId() + ,((UserDetails) principal).getGeoLocation().getIp(),((UserDetails) principal).getLoginTime()); // 审计事件 List targets= Lists.newArrayList(Target.builder().type(TargetType.PORTAL).build()); auditEventPublish.publish(LOGIN_PORTAL, event.getAuthentication(), EventStatus.SUCCESS,targets); diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalLogoutSuccessEventListener.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalLogoutSuccessEventListener.java index 24869bff..abce61a4 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalLogoutSuccessEventListener.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalLogoutSuccessEventListener.java @@ -17,19 +17,18 @@ */ package cn.topiam.employee.portal.listener; -import java.util.List; - -import org.springframework.context.ApplicationListener; -import org.springframework.lang.NonNull; -import org.springframework.security.authentication.event.LogoutSuccessEvent; - -import com.google.common.collect.Lists; - import cn.topiam.employee.audit.entity.Target; import cn.topiam.employee.audit.enums.EventStatus; import cn.topiam.employee.audit.enums.TargetType; import cn.topiam.employee.audit.event.AuditEventPublish; import cn.topiam.employee.support.context.ApplicationContextHelp; +import com.google.common.collect.Lists; +import org.springframework.context.ApplicationListener; +import org.springframework.lang.NonNull; +import org.springframework.security.authentication.event.LogoutSuccessEvent; + +import java.util.List; + import static cn.topiam.employee.audit.enums.EventType.LOGOUT_PORTAL; /** diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalSessionInformationExpiredStrategy.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalSessionInformationExpiredStrategy.java index 8d2d4df6..7e9a90a5 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalSessionInformationExpiredStrategy.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/listener/PortalSessionInformationExpiredStrategy.java @@ -17,15 +17,14 @@ */ package cn.topiam.employee.portal.listener; -import javax.servlet.http.HttpServletResponse; - +import cn.topiam.employee.support.result.ApiRestResult; +import cn.topiam.employee.support.util.HttpResponseUtils; +import com.alibaba.fastjson2.JSONObject; import org.springframework.http.HttpStatus; import org.springframework.security.web.session.SessionInformationExpiredEvent; -import com.alibaba.fastjson2.JSONObject; +import javax.servlet.http.HttpServletResponse; -import cn.topiam.employee.support.result.ApiRestResult; -import cn.topiam.employee.support.util.HttpResponseUtils; import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX000203; /** diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/query/GetAppListQuery.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/query/GetAppListQuery.java index 14997125..f8a5dce2 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/query/GetAppListQuery.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/query/GetAppListQuery.java @@ -17,14 +17,12 @@ */ package cn.topiam.employee.portal.pojo.query; -import java.io.Serial; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; import org.springdoc.api.annotations.ParameterObject; -import lombok.Data; - -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 查询应用列表 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AccountBindIdpRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AccountBindIdpRequest.java index cb1ef761..d98fe124 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AccountBindIdpRequest.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/AccountBindIdpRequest.java @@ -17,20 +17,20 @@ */ package cn.topiam.employee.portal.pojo.request; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotBlank; - +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.AllArgsConstructor; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import javax.validation.constraints.NotBlank; +import java.io.Serial; +import java.io.Serializable; /** * @author TopIAM * Created by support@topiam.cn on 2022/4/3 22:22 */ @Data +@AllArgsConstructor @Schema(description = "账户绑定IDP入参") public class AccountBindIdpRequest implements Serializable { diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/BindTotpRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/BindTotpRequest.java index bf77cfe6..4dbc749a 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/BindTotpRequest.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/BindTotpRequest.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.portal.pojo.request; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotNull; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotNull; +import java.io.Serial; +import java.io.Serializable; /** * 绑定MFA入参 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangeEmailRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangeEmailRequest.java index 2831d6e8..585bedbf 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangeEmailRequest.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangeEmailRequest.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.portal.pojo.request; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotEmpty; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotEmpty; +import java.io.Serial; +import java.io.Serializable; /** * 更改电子邮件入参 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePasswordRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePasswordRequest.java index 0425ec29..580c87bd 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePasswordRequest.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePasswordRequest.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.portal.pojo.request; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotEmpty; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotEmpty; +import java.io.Serial; +import java.io.Serializable; /** * 更改密码入参 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePhoneRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePhoneRequest.java index 64df4011..01e555a2 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePhoneRequest.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/ChangePhoneRequest.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.portal.pojo.request; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotEmpty; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotEmpty; +import java.io.Serial; +import java.io.Serializable; /** * 更改手机号入参 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareBindTotpRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareBindTotpRequest.java index 20cc02bf..49db931b 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareBindTotpRequest.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareBindTotpRequest.java @@ -17,15 +17,13 @@ */ package cn.topiam.employee.portal.pojo.request; -import java.io.Serial; -import java.io.Serializable; - -import javax.validation.constraints.NotEmpty; - -import lombok.Data; - import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotEmpty; +import java.io.Serial; +import java.io.Serializable; /** * 准备绑定MFA入参 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangeEmailRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangeEmailRequest.java new file mode 100644 index 00000000..1e0003bd --- /dev/null +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangeEmailRequest.java @@ -0,0 +1,54 @@ +/* + * eiam-portal - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.portal.pojo.request; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotEmpty; +import java.io.Serial; +import java.io.Serializable; + +/** + * + * @author TopIAM + * Created by support@topiam.cn on 2022/8/8 19:15 + */ +@Data +@Schema(description = "准备更改电子邮件入参") +public class PrepareChangeEmailRequest implements Serializable { + + @Serial + private static final long serialVersionUID = 5681761697876754485L; + + /** + * 邮箱 + */ + @NotEmpty(message = "邮箱不能为空") + @Parameter(description = "邮箱") + private String email; + + /** + * 密码 + */ + @NotEmpty(message = "密码不能为空") + @Parameter(description = "密码") + private String password; + +} diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangePhoneRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangePhoneRequest.java new file mode 100644 index 00000000..81f57667 --- /dev/null +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/PrepareChangePhoneRequest.java @@ -0,0 +1,62 @@ +/* + * eiam-portal - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.portal.pojo.request; + +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import javax.validation.constraints.NotEmpty; +import java.io.Serial; +import java.io.Serializable; + +/** + *准备更改手机号入参 + * + * @author TopIAM + * Created by support@topiam.cn on 2022/8/8 19:15 + */ +@Data +@Schema(description = "准备更改手机号入参") +public class PrepareChangePhoneRequest implements Serializable { + + @Serial + private static final long serialVersionUID = 5681761697876754485L; + + /** + * 手机号 + */ + @NotEmpty(message = "手机号不能为空") + @Parameter(description = "手机号") + private String phone; + + /** + * 手机号区域 + */ + @NotEmpty(message = "手机号区域不能为空") + @Parameter(description = "手机号区域") + private String phoneRegion; + + /** + * 密码 + */ + @NotEmpty(message = "密码不能为空") + @Parameter(description = "密码") + private String password; + +} diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/UpdateUserInfoRequest.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/UpdateUserInfoRequest.java index 3887a861..151fe726 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/UpdateUserInfoRequest.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/request/UpdateUserInfoRequest.java @@ -17,12 +17,11 @@ */ package cn.topiam.employee.portal.pojo.request; -import java.io.Serial; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 编辑用户入参 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/GetAppListResult.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/GetAppListResult.java index 45ce499f..6377de24 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/GetAppListResult.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/GetAppListResult.java @@ -17,16 +17,15 @@ */ package cn.topiam.employee.portal.pojo.result; -import java.io.Serial; -import java.io.Serializable; - import cn.topiam.employee.common.enums.app.AppProtocol; import cn.topiam.employee.common.enums.app.AppType; - -import lombok.Data; - +import cn.topiam.employee.common.enums.app.InitLoginType; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Schema; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; /** * 获取应用列表 @@ -82,16 +81,16 @@ public class GetAppListResult implements Serializable { private String icon; /** - * IDP发起 + * Sso 发起方 */ - @Parameter(description = "IDP发起") - private Boolean idpInit; + @Parameter(description = "SSO 发起方") + private InitLoginType initLoginType; /** - * IDP发起URL + * SSO 发起URL */ - @Parameter(description = "IDP发起URL") - private String idpInitUrl; + @Parameter(description = "SSO 发起URL") + private String initLoginUrl; /** * 应用描述 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/LoginConfigResult.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/LoginConfigResult.java index fba9929a..cebd729c 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/LoginConfigResult.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/LoginConfigResult.java @@ -17,19 +17,15 @@ */ package cn.topiam.employee.portal.pojo.result; -import java.io.Serial; -import java.io.Serializable; -import java.util.List; - import cn.topiam.employee.common.enums.CaptchaProviderType; -import cn.topiam.employee.common.enums.IdentityProviderCategory; -import cn.topiam.employee.common.enums.IdentityProviderType; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Builder; import lombok.Data; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; +import java.util.List; /** * LoginConfigResult @@ -72,30 +68,30 @@ public class LoginConfigResult implements Serializable { @Data public static class Idps implements Serializable { @Serial - private static final long serialVersionUID = -6482651783349719888L; + private static final long serialVersionUID = -6482651783349719888L; /** - * ID + * CODE */ - @Schema(description = "ID") - private String id; + @Schema(description = "CODE") + private String code; /** * name */ @Parameter(description = "名称") - private String name; + private String name; /** * 提供商 */ @Parameter(description = "提供商") - private IdentityProviderType type; + private String type; /** * 提供商类型 */ @Parameter(description = "提供商类型") - private IdentityProviderCategory category; + private String category; } } diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/PrepareBindMfaResult.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/PrepareBindMfaResult.java index 09f38dd2..43a50718 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/PrepareBindMfaResult.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/pojo/result/PrepareBindMfaResult.java @@ -17,14 +17,13 @@ */ package cn.topiam.employee.portal.pojo.result; -import java.io.Serial; -import java.io.Serializable; - +import io.swagger.v3.oas.annotations.Parameter; +import io.swagger.v3.oas.annotations.media.Schema; import lombok.Builder; import lombok.Data; -import io.swagger.v3.oas.annotations.Parameter; -import io.swagger.v3.oas.annotations.media.Schema; +import java.io.Serial; +import java.io.Serializable; /** * 准备绑定TOTP 结果 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/AccountService.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/AccountService.java index 6cfeb4aa..c49094c4 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/AccountService.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/AccountService.java @@ -44,6 +44,14 @@ public interface AccountService { */ Boolean changePassword(ChangePasswordRequest param); + /** + * 修改手机 + * + * @param param {@link PrepareChangePhoneRequest} + * @return {@link Boolean} + */ + Boolean prepareChangePhone(PrepareChangePhoneRequest param); + /** * 修改手机 * @@ -52,6 +60,14 @@ public interface AccountService { */ Boolean changePhone(ChangePhoneRequest param); + /** + * 准备修改邮箱 + * + * @param param {@link PrepareChangeEmailRequest} + * @return {@link Boolean} + */ + Boolean prepareChangeEmail(PrepareChangeEmailRequest param); + /** * 修改邮箱 * diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AccountServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AccountServiceImpl.java index 0ab079f6..60d3c433 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AccountServiceImpl.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AccountServiceImpl.java @@ -17,11 +17,31 @@ */ package cn.topiam.employee.portal.service.impl; -import java.time.LocalDateTime; -import java.util.List; -import java.util.Optional; -import java.util.concurrent.Executor; - +import cn.topiam.employee.common.entity.account.UserDetailEntity; +import cn.topiam.employee.common.entity.account.UserEntity; +import cn.topiam.employee.common.enums.MailType; +import cn.topiam.employee.common.enums.MessageNoticeChannel; +import cn.topiam.employee.common.enums.SmsType; +import cn.topiam.employee.common.exception.BindMfaNotFoundSecretException; +import cn.topiam.employee.common.exception.InvalidMfaCodeException; +import cn.topiam.employee.common.exception.PasswordValidatedFailException; +import cn.topiam.employee.common.exception.UserNotFoundException; +import cn.topiam.employee.common.repository.account.UserDetailRepository; +import cn.topiam.employee.common.repository.account.UserRepository; +import cn.topiam.employee.core.context.ServerContextHelp; +import cn.topiam.employee.core.security.mfa.provider.TotpAuthenticator; +import cn.topiam.employee.core.security.otp.OtpContextHelp; +import cn.topiam.employee.core.security.session.SessionDetails; +import cn.topiam.employee.core.security.session.TopIamSessionBackedSessionRegistry; +import cn.topiam.employee.core.security.util.SecurityUtils; +import cn.topiam.employee.portal.converter.AccountConverter; +import cn.topiam.employee.portal.pojo.request.*; +import cn.topiam.employee.portal.pojo.result.PrepareBindMfaResult; +import cn.topiam.employee.portal.service.AccountService; +import cn.topiam.employee.support.context.ApplicationContextHelp; +import cn.topiam.employee.support.context.ServletContextHelp; +import cn.topiam.employee.support.util.BeanUtils; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -33,27 +53,11 @@ import org.springframework.session.security.SpringSessionBackedSessionRegistry; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; -import cn.topiam.employee.common.entity.account.UserDetailEntity; -import cn.topiam.employee.common.entity.account.UserEntity; -import cn.topiam.employee.common.exception.BindMfaNotFoundSecretException; -import cn.topiam.employee.common.exception.InvalidMfaCodeException; -import cn.topiam.employee.common.exception.PasswordValidatedFailException; -import cn.topiam.employee.common.exception.UserNotFoundException; -import cn.topiam.employee.common.repository.account.UserDetailRepository; -import cn.topiam.employee.common.repository.account.UserRepository; -import cn.topiam.employee.core.context.ServerContextHelp; -import cn.topiam.employee.core.security.mfa.provider.TotpAuthenticator; -import cn.topiam.employee.core.security.session.SessionDetails; -import cn.topiam.employee.core.security.session.TopIamSessionBackedSessionRegistry; -import cn.topiam.employee.core.security.util.SecurityUtils; -import cn.topiam.employee.portal.converter.AccountConverter; -import cn.topiam.employee.portal.pojo.request.*; -import cn.topiam.employee.portal.pojo.result.PrepareBindMfaResult; -import cn.topiam.employee.portal.service.AccountService; -import cn.topiam.employee.support.context.ServletContextHelp; -import cn.topiam.employee.support.util.BeanUtils; +import java.time.LocalDateTime; +import java.util.List; +import java.util.Optional; +import java.util.concurrent.Executor; -import lombok.extern.slf4j.Slf4j; import static cn.topiam.employee.support.constant.EiamConstants.TOPIAM_BIND_MFA_SECRET; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME; @@ -120,6 +124,23 @@ public class AccountServiceImpl implements AccountService { return true; } + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean prepareChangePhone(PrepareChangePhoneRequest param) { + UserEntity user = validatedPassword(param.getPassword()); + OtpContextHelp otpContextHelp = ApplicationContextHelp.getApplicationContext() + .getBean(OtpContextHelp.class); + // 发送短信验证码 + if (StringUtils.isNotBlank(user.getPhone())) { + otpContextHelp.sendOtp(param.getPhone(), SmsType.UPDATE_PHONE.getCode(), + MessageNoticeChannel.SMS); + } else { + otpContextHelp.sendOtp(param.getPhone(), SmsType.BIND_PHONE.getCode(), + MessageNoticeChannel.SMS); + } + return true; + } + /** * 修改手机 * @@ -206,6 +227,28 @@ public class AccountServiceImpl implements AccountService { return false; } + /** + * 准备修改邮箱 + * + * @param param {@link PrepareChangeEmailRequest} + * @return {@link Boolean} + */ + @Override + public Boolean prepareChangeEmail(PrepareChangeEmailRequest param) { + UserEntity user = validatedPassword(param.getPassword()); + OtpContextHelp otpContextHelp = ApplicationContextHelp.getApplicationContext() + .getBean(OtpContextHelp.class); + // 发送邮箱验证码 + if (StringUtils.isNotBlank(user.getPhone())) { + otpContextHelp.sendOtp(param.getEmail(), MailType.UPDATE_BIND_MAIL.getCode(), + MessageNoticeChannel.MAIL); + } else { + otpContextHelp.sendOtp(param.getEmail(), MailType.BIND_EMAIL.getCode(), + MessageNoticeChannel.MAIL); + } + return true; + } + /** * 更改邮箱 * diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppServiceImpl.java index 2f61637c..3c73b7f6 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppServiceImpl.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AppServiceImpl.java @@ -17,9 +17,6 @@ */ package cn.topiam.employee.portal.service.impl; -import org.springframework.data.querydsl.QPageRequest; -import org.springframework.stereotype.Service; - import cn.topiam.employee.common.entity.app.AppEntity; import cn.topiam.employee.common.repository.app.AppRepository; import cn.topiam.employee.core.security.util.SecurityUtils; @@ -29,6 +26,8 @@ import cn.topiam.employee.portal.pojo.result.GetAppListResult; import cn.topiam.employee.portal.service.AppService; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; +import org.springframework.data.querydsl.QPageRequest; +import org.springframework.stereotype.Service; /** * AppService diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/LoginConfigServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/LoginConfigServiceImpl.java index b7f31bb1..5373ea4a 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/LoginConfigServiceImpl.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/LoginConfigServiceImpl.java @@ -17,21 +17,20 @@ */ package cn.topiam.employee.portal.service.impl; -import java.util.List; -import java.util.Objects; - -import org.springframework.stereotype.Service; - +import cn.topiam.employee.authentication.captcha.geetest.GeeTestCaptchaProviderConfig; import cn.topiam.employee.common.entity.authentication.IdentityProviderEntity; import cn.topiam.employee.common.repository.authentication.IdentityProviderRepository; import cn.topiam.employee.common.repository.setting.SettingRepository; import cn.topiam.employee.core.security.captcha.CaptchaProviderConfig; -import cn.topiam.employee.core.security.captcha.geetest.GeeTestCaptchaProviderConfig; import cn.topiam.employee.portal.converter.LoginConfigConverter; import cn.topiam.employee.portal.pojo.result.LoginConfigResult; import cn.topiam.employee.portal.service.LoginConfigService; - import lombok.AllArgsConstructor; +import org.springframework.stereotype.Service; + +import java.util.List; +import java.util.Objects; + import static cn.topiam.employee.common.enums.CaptchaProviderType.GEE_TEST; import static cn.topiam.employee.core.context.SettingContextHelp.getCaptchaProviderConfig; diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/UserIdpServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/UserIdpServiceImpl.java index 3619bd6b..76bc3323 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/UserIdpServiceImpl.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/UserIdpServiceImpl.java @@ -17,13 +17,6 @@ */ package cn.topiam.employee.portal.service.impl; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Optional; - -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.stereotype.Component; - import cn.topiam.employee.authentication.common.modal.IdpUser; import cn.topiam.employee.authentication.common.service.UserIdpService; import cn.topiam.employee.common.entity.account.UserDetailEntity; @@ -39,9 +32,14 @@ import cn.topiam.employee.core.security.userdetails.UserDetails; import cn.topiam.employee.portal.converter.AccountConverter; import cn.topiam.employee.portal.service.userdetail.UserDetailsServiceImpl; import cn.topiam.employee.support.exception.TopIamException; - import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.stereotype.Component; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Optional; /** * 身份验证用户详细信息实现 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/userdetail/UserDetailsServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/userdetail/UserDetailsServiceImpl.java index a012c8ff..5a978728 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/userdetail/UserDetailsServiceImpl.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/userdetail/UserDetailsServiceImpl.java @@ -17,18 +17,6 @@ */ package cn.topiam.employee.portal.service.userdetail; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Optional; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.security.authentication.AccountExpiredException; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.stereotype.Component; -import org.springframework.util.ObjectUtils; - import cn.topiam.employee.common.entity.account.UserDetailEntity; import cn.topiam.employee.common.entity.account.UserEntity; import cn.topiam.employee.common.enums.UserStatus; @@ -38,6 +26,17 @@ import cn.topiam.employee.common.repository.account.UserRepository; import cn.topiam.employee.core.security.authorization.Roles; import cn.topiam.employee.core.security.userdetails.UserDetails; import cn.topiam.employee.core.security.userdetails.UserDetailsService; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.authentication.AccountExpiredException; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.stereotype.Component; +import org.springframework.util.ObjectUtils; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Optional; /** * UserDetailsServiceImpl diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/NoneCaptchaProvider.java b/eiam-support/src/main/java/cn/topiam/employee/support/repository/LogicDeleteRepository.java similarity index 54% rename from eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/NoneCaptchaProvider.java rename to eiam-support/src/main/java/cn/topiam/employee/support/repository/LogicDeleteRepository.java index c27812f1..5b228c42 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/captcha/NoneCaptchaProvider.java +++ b/eiam-support/src/main/java/cn/topiam/employee/support/repository/LogicDeleteRepository.java @@ -1,5 +1,5 @@ /* - * eiam-core - Employee Identity and Access Management Program + * eiam-support - Employee Identity and Access Management Program * Copyright © 2020-2023 TopIAM (support@topiam.cn) * * This program is free software: you can redistribute it and/or modify @@ -15,28 +15,24 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ -package cn.topiam.employee.core.security.captcha; +package cn.topiam.employee.support.repository; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; +import java.io.Serializable; + +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.repository.NoRepositoryBean; + +import cn.topiam.employee.support.repository.domain.LogicDeleteEntity; /** - * None + * LogicDeleteRepository * * @author TopIAM - * Created by support@topiam.cn on 2021/9/27 19:06 + * + * @param + * @param */ -public class NoneCaptchaProvider implements CaptchaValidator { - - /** - * 验证 - * - * @param request {@link HttpServletRequest} - * @param response {@link HttpServletResponse} - * @return {@link Boolean} - */ - @Override - public boolean validate(HttpServletRequest request, HttpServletResponse response) { - return true; - } +@NoRepositoryBean +public interface LogicDeleteRepository, PK extends Serializable> + extends JpaRepository { } diff --git a/eiam-support/src/main/java/cn/topiam/employee/support/repository/domain/BaseTenantEntity.java b/eiam-support/src/main/java/cn/topiam/employee/support/repository/domain/BaseTenantEntity.java index 230bb56b..fb558afd 100644 --- a/eiam-support/src/main/java/cn/topiam/employee/support/repository/domain/BaseTenantEntity.java +++ b/eiam-support/src/main/java/cn/topiam/employee/support/repository/domain/BaseTenantEntity.java @@ -37,7 +37,7 @@ import lombok.ToString; @Setter @ToString @MappedSuperclass -public abstract class BaseTenantEntity extends BaseEntity { +public abstract class BaseTenantEntity extends LogicDeleteEntity { @Serial private static final long serialVersionUID = 4720107236271252583L; /** diff --git a/eiam-support/src/main/java/cn/topiam/employee/support/repository/domain/LogicDeleteEntity.java b/eiam-support/src/main/java/cn/topiam/employee/support/repository/domain/LogicDeleteEntity.java new file mode 100644 index 00000000..1c700b4c --- /dev/null +++ b/eiam-support/src/main/java/cn/topiam/employee/support/repository/domain/LogicDeleteEntity.java @@ -0,0 +1,48 @@ +/* + * eiam-support - Employee Identity and Access Management Program + * Copyright © 2020-2023 TopIAM (support@topiam.cn) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package cn.topiam.employee.support.repository.domain; + +import java.io.Serializable; + +import javax.persistence.Column; +import javax.persistence.MappedSuperclass; + +import com.fasterxml.jackson.annotation.JsonIgnore; + +import lombok.Getter; +import lombok.Setter; + +/** + * LogicDeleteEntity + * + * @author TopIAM + * + * @param + */ +@MappedSuperclass +@Setter +@Getter +public class LogicDeleteEntity extends BaseEntity { + public static final String DELETE_FIELD = "is_deleted"; + public static final String SOFT_DELETE_WHERE = "is_deleted = 0"; + public static final String SOFT_DELETE_SET = "is_deleted = null"; + public static final String SOFT_DELETE_HQL_SET = "isDeleted = null"; + @JsonIgnore + @Column(name = "is_deleted") + private Boolean isDeleted = Boolean.FALSE; +} diff --git a/eiam-support/src/main/java/cn/topiam/employee/support/util/AesUtils.java b/eiam-support/src/main/java/cn/topiam/employee/support/util/AesUtils.java index ae671d39..4844118f 100644 --- a/eiam-support/src/main/java/cn/topiam/employee/support/util/AesUtils.java +++ b/eiam-support/src/main/java/cn/topiam/employee/support/util/AesUtils.java @@ -37,7 +37,11 @@ import lombok.SneakyThrows; */ public class AesUtils { private static final String ALGORITHM = "AES"; - private static final String KEY = "fDx/JA3Aw9BIQClUSOddjA=="; + private final String KEY; + + public AesUtils(String key) { + this.KEY = key; + } /** * 生成秘钥 @@ -63,7 +67,7 @@ public class AesUtils { * 加密 */ @SneakyThrows - public static String encrypt(String content) { + public String encrypt(String content) { if (StringUtils.hasText(content)) { return encrypt(content, KEY); } @@ -88,7 +92,7 @@ public class AesUtils { * 解密 */ @SneakyThrows - public static String decrypt(String content) { + public String decrypt(String content) { if (StringUtils.hasText(content)) { return decrypt(content, KEY); } diff --git a/eiam-support/src/main/java/cn/topiam/employee/support/util/HttpClientUtils.java b/eiam-support/src/main/java/cn/topiam/employee/support/util/HttpClientUtils.java index 85ee46e3..a3115e07 100644 --- a/eiam-support/src/main/java/cn/topiam/employee/support/util/HttpClientUtils.java +++ b/eiam-support/src/main/java/cn/topiam/employee/support/util/HttpClientUtils.java @@ -43,6 +43,7 @@ import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.client.HttpClients; +import org.apache.http.message.BasicHeader; import org.apache.http.message.BasicNameValuePair; import org.apache.http.util.EntityUtils; import org.springframework.http.*; @@ -159,7 +160,7 @@ public class HttpClientUtils { * @param paramMap paramMap * @return String */ - public static String get(String url, Map paramMap) { + public static String get(String url, Map paramMap, BasicHeader... basicHeader) { String httpEntityContent; try { @@ -170,6 +171,7 @@ public class HttpClientUtils { RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(5000) .setConnectionRequestTimeout(1000).setSocketTimeout(60000).build(); httpGet.setConfig(requestConfig); + httpGet.setHeaders(basicHeader); List formParams = setHttpParams(paramMap); String param = URLEncodedUtils.format(formParams, UTF8); URL urL = new URL(url + "?" + param); diff --git a/eiam-support/src/main/java/cn/topiam/employee/support/util/HttpResponseUtils.java b/eiam-support/src/main/java/cn/topiam/employee/support/util/HttpResponseUtils.java index a7d03e9b..a8be087d 100644 --- a/eiam-support/src/main/java/cn/topiam/employee/support/util/HttpResponseUtils.java +++ b/eiam-support/src/main/java/cn/topiam/employee/support/util/HttpResponseUtils.java @@ -30,6 +30,7 @@ import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import com.alibaba.fastjson2.JSON; +import com.fasterxml.jackson.databind.ObjectMapper; /** * HttpResponseUtils @@ -38,7 +39,9 @@ import com.alibaba.fastjson2.JSON; * Created by support@topiam.cn on 2020/9/3 21:25 */ public class HttpResponseUtils { - private static final String NULL = "null"; + private static final String NULL = "null"; + + private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper(); /** * 将数据刷新写回web端 @@ -79,7 +82,9 @@ public class HttpResponseUtils { response.setStatus(status); PrintWriter writer = response.getWriter(); if (ObjectUtils.isNotEmpty(data)) { - writer.write(JSON.toJSONString(data)); + String value = OBJECT_MAPPER.writeValueAsString(data); + // 指定序列化输入的类型 + writer.write(value); } else { writer.write(""); } diff --git a/eiam-support/src/main/java/cn/topiam/employee/support/util/IpUtils.java b/eiam-support/src/main/java/cn/topiam/employee/support/util/IpUtils.java index 7dc3dc58..8d0e0862 100644 --- a/eiam-support/src/main/java/cn/topiam/employee/support/util/IpUtils.java +++ b/eiam-support/src/main/java/cn/topiam/employee/support/util/IpUtils.java @@ -24,12 +24,15 @@ import javax.servlet.http.HttpServletRequest; import com.google.common.net.InetAddresses; +import lombok.extern.slf4j.Slf4j; + /** * IpUtil * * @author TopIAM * Created by support@topiam.cn on 2019-01-10 19:50 */ +@Slf4j public class IpUtils { private static final String UNKNOWN = "Unknown";