diff --git a/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventPublish.java b/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventPublish.java index e32696e5..6c0a7dc8 100644 --- a/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventPublish.java +++ b/eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventPublish.java @@ -36,7 +36,7 @@ import cn.topiam.employee.audit.entity.*; import cn.topiam.employee.audit.enums.EventStatus; import cn.topiam.employee.audit.event.type.EventType; import cn.topiam.employee.support.context.ServletContextService; -import cn.topiam.employee.support.geo.GeoLocationService; +import cn.topiam.employee.support.geo.GeoLocationParser; import cn.topiam.employee.support.security.authentication.WebAuthenticationDetails; import cn.topiam.employee.support.security.userdetails.UserDetails; import cn.topiam.employee.support.security.userdetails.UserType; @@ -272,7 +272,7 @@ public class AuditEventPublish { private UserAgent getUserAgent() { //@formatter:off HttpServletRequest request = ServletContextService.getRequest(); - cn.topiam.employee.support.web.useragent.UserAgent ua = UserAgentParser.getUserAgent(request); + cn.topiam.employee.support.web.useragent.UserAgent ua = userAgentParser.getUserAgent(request); return UserAgent.builder() .browser(ua.getBrowser()) .browserType(ua.getBrowserType()) @@ -293,7 +293,7 @@ public class AuditEventPublish { //@formatter:off HttpServletRequest request = ServletContextService.getRequest(); String ip = IpUtils.getIpAddr(request); - cn.topiam.employee.support.geo.GeoLocation geoLocation = geoLocationService.getGeoLocation(ip); + cn.topiam.employee.support.geo.GeoLocation geoLocation = geoLocationParser.getGeoLocation(ip); if (Objects.isNull(geoLocation)){ return null; } @@ -386,11 +386,17 @@ public class AuditEventPublish { /** * 地理位置 */ - private final GeoLocationService geoLocationService; + private final GeoLocationParser geoLocationParser; + + /** + * UserAgentParser + */ + private final UserAgentParser userAgentParser; public AuditEventPublish(ApplicationEventPublisher applicationEventPublisher, - GeoLocationService geoLocationService) { + GeoLocationParser geoLocationParser, UserAgentParser userAgentParser) { this.applicationEventPublisher = applicationEventPublisher; - this.geoLocationService = geoLocationService; + this.geoLocationParser = geoLocationParser; + this.userAgentParser = userAgentParser; } } diff --git a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/template/BindIdentityProviderTemplate.java b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/template/BindIdentityProviderTemplate.java index c12b266f..7ab9a04d 100644 --- a/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/template/BindIdentityProviderTemplate.java +++ b/eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/template/BindIdentityProviderTemplate.java @@ -18,11 +18,11 @@ package cn.topiam.employee.authentication.common.template; import java.io.IOException; +import java.nio.charset.StandardCharsets; import java.util.HashMap; import java.util.Locale; import java.util.Map; -import org.apache.commons.compress.utils.CharsetNames; import org.apache.http.entity.ContentType; import org.springframework.http.HttpStatus; @@ -60,7 +60,7 @@ public class BindIdentityProviderTemplate { ApiRestResult result) throws IOException { //@formatter:off try { - response.setCharacterEncoding(CharsetNames.UTF_8); + response.setCharacterEncoding(StandardCharsets.UTF_8.name()); response.setContentType(ContentType.TEXT_HTML.getMimeType()); Template template = freemarkerTemplateConfiguration.getTemplate("bind_redirect.ftlh"); Map data = new HashMap<>(16); @@ -82,7 +82,7 @@ public class BindIdentityProviderTemplate { freemarkerTemplateConfiguration .setTemplateLoader(new ClassTemplateLoader(this.getClass(), "/template/")); //编码 - freemarkerTemplateConfiguration.setDefaultEncoding(CharsetNames.UTF_8); + freemarkerTemplateConfiguration.setDefaultEncoding(StandardCharsets.UTF_8.name()); //国际化 freemarkerTemplateConfiguration.setLocale(new Locale("zh_CN")); } catch (Exception exception) { diff --git a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SendSmsOtpFilter.java b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SendSmsOtpFilter.java index c60ebe57..65e421d7 100644 --- a/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SendSmsOtpFilter.java +++ b/eiam-authentication/eiam-authentication-sms/src/main/java/cn/topiam/employee/authentication/otp/sms/filter/SendSmsOtpFilter.java @@ -36,7 +36,7 @@ import cn.topiam.employee.common.repository.account.UserRepository; import cn.topiam.employee.core.security.otp.OtpContextHelp; import cn.topiam.employee.support.result.ApiRestResult; import cn.topiam.employee.support.util.HttpResponseUtils; -import cn.topiam.employee.support.util.PhoneNumberUtils; +import cn.topiam.employee.support.util.PhoneUtils; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; @@ -44,7 +44,7 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import static cn.topiam.employee.common.enums.MessageNoticeChannel.SMS; import static cn.topiam.employee.support.security.constant.SecurityConstants.LOGIN_PATH; -import static cn.topiam.employee.support.util.PhoneNumberUtils.isPhoneValidate; +import static cn.topiam.employee.support.util.PhoneUtils.isPhoneValidate; /** * 发送OTP @@ -85,7 +85,7 @@ public class SendSmsOtpFilter extends OncePerRequestFilter { if (isPhoneValidate(recipient)) { //判断是否存在用户 Optional user = userRepository - .findByPhone(PhoneNumberUtils.getPhoneNumber(recipient)); + .findByPhone(PhoneUtils.getPhoneNumber(recipient)); if (user.isPresent()) { otpContextHelp.sendOtp(recipient, SmsType.LOGIN.getCode(), SMS); HttpResponseUtils.flushResponseJson(response, HttpStatus.OK.value(), diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/authentication/ConsoleAuthenticationEntryPoint.java b/eiam-console/src/main/java/cn/topiam/employee/console/authentication/ConsoleAuthenticationEntryPoint.java index 319c73f0..6b7391e1 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/authentication/ConsoleAuthenticationEntryPoint.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/authentication/ConsoleAuthenticationEntryPoint.java @@ -27,6 +27,7 @@ import org.springframework.security.core.AuthenticationException; import cn.topiam.employee.support.result.ApiRestResult; import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint; import cn.topiam.employee.support.util.HttpResponseUtils; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; @@ -71,4 +72,8 @@ public class ConsoleAuthenticationEntryPoint extends AbstractAuthenticationEntry .build(); HttpResponseUtils.flushResponseJson(response, UNAUTHORIZED.value(), result); } + + public ConsoleAuthenticationEntryPoint(UserAgentParser userAgentParser) { + super(userAgentParser); + } } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleApiConfiguration.java b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleApiConfiguration.java index 91f5b3c2..ec2b764d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleApiConfiguration.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleApiConfiguration.java @@ -22,7 +22,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.core.env.Environment; import cn.topiam.employee.EiamConsoleApplication; -import cn.topiam.employee.support.util.AppVersionUtils; +import cn.topiam.employee.support.util.VersionUtils; import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; @@ -59,7 +59,7 @@ public class ConsoleApiConfiguration { //内容 .contact(contact) //版本 - .version(AppVersionUtils.getVersion(EiamConsoleApplication.class)); + .version(VersionUtils.getVersion(EiamConsoleApplication.class)); } /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleSecurityConfiguration.java b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleSecurityConfiguration.java index 74162cb6..40a318ed 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleSecurityConfiguration.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/configuration/ConsoleSecurityConfiguration.java @@ -58,11 +58,12 @@ import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.repository.setting.AdministratorRepository; import cn.topiam.employee.common.repository.setting.SettingRepository; import cn.topiam.employee.console.authentication.*; -import cn.topiam.employee.support.geo.GeoLocationService; +import cn.topiam.employee.support.geo.GeoLocationParser; import cn.topiam.employee.support.jackjson.SupportJackson2Module; import cn.topiam.employee.support.security.authentication.WebAuthenticationDetailsSource; import cn.topiam.employee.support.security.configurer.FormLoginConfigurer; import cn.topiam.employee.support.security.csrf.SpaCsrfTokenRequestHandler; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import lombok.RequiredArgsConstructor; import static org.springframework.security.config.Customizer.withDefaults; @@ -247,7 +248,8 @@ public class ConsoleSecurityConfiguration implements BeanClassLoaderAware { */ public Customizer> withExceptionConfigurerDefaults() { return configurer -> { - configurer.authenticationEntryPoint(new ConsoleAuthenticationEntryPoint()); + configurer + .authenticationEntryPoint(new ConsoleAuthenticationEntryPoint(userAgentParser)); configurer.accessDeniedHandler(new ConsoleAccessDeniedHandler()); configurer .withObjectPostProcessor(new ObjectPostProcessor() { @@ -353,12 +355,13 @@ public class ConsoleSecurityConfiguration implements BeanClassLoaderAware { /** * WebAuthenticationDetailsSource * - * @param geoLocationService {@link GeoLocationService} + * @param geoLocationParser {@link GeoLocationParser} * @return {@link WebAuthenticationDetailsSource} */ @Bean - public WebAuthenticationDetailsSource authenticationDetailsSource(GeoLocationService geoLocationService) { - return new WebAuthenticationDetailsSource(geoLocationService); + public WebAuthenticationDetailsSource authenticationDetailsSource(GeoLocationParser geoLocationParser, + UserAgentParser userAgentParser) { + return new WebAuthenticationDetailsSource(geoLocationParser, userAgentParser); } private ClassLoader loader; @@ -383,4 +386,9 @@ public class ConsoleSecurityConfiguration implements BeanClassLoaderAware { */ private final AuditEventPublish auditEventPublish; + /** + * UserAgentParser + */ + private final UserAgentParser userAgentParser; + } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/CurrentUserEndpoint.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/CurrentUserEndpoint.java index ec5123d2..373f7ccb 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/CurrentUserEndpoint.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/CurrentUserEndpoint.java @@ -32,15 +32,16 @@ import cn.topiam.employee.common.exception.UserNotFoundException; import cn.topiam.employee.common.repository.setting.AdministratorRepository; import cn.topiam.employee.support.result.ApiRestResult; import cn.topiam.employee.support.security.userdetails.UserDetails; -import cn.topiam.employee.support.util.DesensitizationUtil; import lombok.Data; import lombok.extern.slf4j.Slf4j; import io.swagger.v3.oas.annotations.media.Schema; import static cn.topiam.employee.common.constant.SessionConstants.CURRENT_USER; -import static cn.topiam.employee.support.util.ImageAvatarUtils.bufferedImageToBase64; -import static cn.topiam.employee.support.util.ImageAvatarUtils.generateAvatarImg; +import static cn.topiam.employee.support.util.AvatarUtils.bufferedImageToBase64; +import static cn.topiam.employee.support.util.AvatarUtils.generateAvatarImg; +import static cn.topiam.employee.support.util.DesensitizationUtils.emailEncrypt; +import static cn.topiam.employee.support.util.DesensitizationUtils.phoneEncrypt; /** * 当前用户 @@ -81,9 +82,9 @@ public class CurrentUserEndpoint { result.setAvatar(administrator.getAvatar()); } //邮箱 - result.setEmail(DesensitizationUtil.emailEncrypt(administrator.getEmail())); + result.setEmail(emailEncrypt(administrator.getEmail())); //手机号 - result.setPhone(DesensitizationUtil.phoneEncrypt(administrator.getPhone())); + result.setPhone(phoneEncrypt(administrator.getPhone())); return ApiRestResult.ok(result); } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/OrganizationController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/OrganizationController.java index fb7519f8..e5e43f4f 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/OrganizationController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/OrganizationController.java @@ -31,8 +31,8 @@ import cn.topiam.employee.console.pojo.result.account.*; import cn.topiam.employee.console.pojo.save.account.OrganizationCreateParam; import cn.topiam.employee.console.pojo.update.account.OrganizationUpdateParam; import cn.topiam.employee.console.service.account.OrganizationService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; import io.swagger.v3.oas.annotations.Operation; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserController.java index 70bd596d..9f18a46a 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserController.java @@ -41,8 +41,8 @@ import cn.topiam.employee.console.pojo.update.account.UserUpdateParam; import cn.topiam.employee.console.service.account.UserService; import cn.topiam.employee.console.service.app.UserIdpBindService; import cn.topiam.employee.core.security.otp.OtpContextHelp; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserGroupController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserGroupController.java index b4fdee2a..08d6f21e 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserGroupController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/account/UserGroupController.java @@ -38,8 +38,8 @@ import cn.topiam.employee.console.pojo.save.account.UserCreateParam; import cn.topiam.employee.console.pojo.save.account.UserGroupCreateParam; import cn.topiam.employee.console.pojo.update.account.UserGroupUpdateParam; import cn.topiam.employee.console.service.account.UserGroupService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccessPolicyController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccessPolicyController.java index 416ea20b..a450105c 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccessPolicyController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccessPolicyController.java @@ -29,8 +29,8 @@ import cn.topiam.employee.console.pojo.result.app.AppAccessPolicyResult; import cn.topiam.employee.console.pojo.save.app.AppAccessPolicyCreateParam; import cn.topiam.employee.console.pojo.save.app.AppAccountCreateParam; import cn.topiam.employee.console.service.app.AppAccessPolicyService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccountController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccountController.java index aad5caa0..b637a4e7 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccountController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppAccountController.java @@ -28,8 +28,8 @@ import cn.topiam.employee.common.entity.app.query.AppAccountQuery; import cn.topiam.employee.console.pojo.result.app.AppAccountListResult; import cn.topiam.employee.console.pojo.save.app.AppAccountCreateParam; import cn.topiam.employee.console.service.app.AppAccountService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppController.java index db0cd2e5..c13a73df 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppController.java @@ -32,8 +32,8 @@ import cn.topiam.employee.console.pojo.save.app.AppCreateParam; import cn.topiam.employee.console.pojo.update.app.AppSaveConfigParam; import cn.topiam.employee.console.pojo.update.app.AppUpdateParam; import cn.topiam.employee.console.service.app.AppService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppGroupController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppGroupController.java index e6c1fe2c..1ce85ad5 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppGroupController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/app/AppGroupController.java @@ -35,8 +35,8 @@ import cn.topiam.employee.console.pojo.result.app.AppListResult; import cn.topiam.employee.console.pojo.save.app.AppGroupCreateParam; import cn.topiam.employee.console.pojo.update.app.AppGroupUpdateParam; import cn.topiam.employee.console.service.app.AppGroupService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/authn/IdentityProviderController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/authn/IdentityProviderController.java index 29fe464a..79376b77 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/authn/IdentityProviderController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/authn/IdentityProviderController.java @@ -32,8 +32,8 @@ import cn.topiam.employee.console.pojo.result.authn.IdentityProviderResult; import cn.topiam.employee.console.pojo.save.authn.IdentityProviderCreateParam; import cn.topiam.employee.console.pojo.update.authn.IdpUpdateParam; import cn.topiam.employee.console.service.authn.IdentityProviderService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceController.java index f705d774..cbcdd083 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceController.java @@ -37,8 +37,8 @@ import cn.topiam.employee.console.pojo.save.identitysource.IdentitySourceCreateR import cn.topiam.employee.console.pojo.update.identity.IdentitySourceUpdateParam; import cn.topiam.employee.console.service.identitysource.IdentitySourceService; import cn.topiam.employee.identitysource.core.event.IdentitySourceEventUtils; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceSyncController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceSyncController.java index a444a4fb..5181be53 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceSyncController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/identitysource/IdentitySourceSyncController.java @@ -29,8 +29,8 @@ import cn.topiam.employee.console.pojo.query.identity.IdentitySourceSyncRecordLi import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceSyncHistoryListResult; import cn.topiam.employee.console.pojo.result.identitysource.IdentitySourceSyncRecordListResult; import cn.topiam.employee.console.service.identitysource.IdentitySourceSyncService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/session/SessionManageEndpoint.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/session/SessionManageEndpoint.java index b51b56b2..3449cd02 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/session/SessionManageEndpoint.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/session/SessionManageEndpoint.java @@ -46,9 +46,9 @@ import cn.topiam.employee.audit.event.type.EventType; import cn.topiam.employee.core.security.session.ClusterSessionRegistryImpl; import cn.topiam.employee.core.security.session.Session; import cn.topiam.employee.support.context.ApplicationContextService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.geo.GeoLocation; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; import cn.topiam.employee.support.util.HttpResponseUtils; import cn.topiam.employee.support.web.useragent.UserAgent; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/AdministratorController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/AdministratorController.java index c74df49b..8ae566a0 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/AdministratorController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/AdministratorController.java @@ -32,8 +32,8 @@ import cn.topiam.employee.console.pojo.result.setting.AdministratorResult; import cn.topiam.employee.console.pojo.save.setting.AdministratorCreateParam; import cn.topiam.employee.console.pojo.update.setting.AdministratorUpdateParam; import cn.topiam.employee.console.service.setting.AdministratorService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.result.ApiRestResult; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/GeoIpLibraryController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/GeoIpLibraryController.java index 3750530b..9c3ca315 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/GeoIpLibraryController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/GeoIpLibraryController.java @@ -28,9 +28,9 @@ import cn.topiam.employee.console.pojo.result.setting.GeoIpProviderResult; import cn.topiam.employee.console.pojo.save.setting.GeoIpProviderSaveParam; import cn.topiam.employee.console.service.setting.GeoLocationSettingService; import cn.topiam.employee.support.context.ApplicationContextService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.geo.GeoLocation; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; import lombok.AllArgsConstructor; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailProviderController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailProviderController.java index d08453c2..53386877 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailProviderController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailProviderController.java @@ -33,8 +33,8 @@ import cn.topiam.employee.console.service.setting.MessageSettingService; import cn.topiam.employee.core.context.ContextService; import cn.topiam.employee.core.message.MsgVariable; import cn.topiam.employee.core.message.mail.MailMsgEventPublish; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; import lombok.AllArgsConstructor; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailTemplateController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailTemplateController.java index a27ef264..370486f2 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailTemplateController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/MailTemplateController.java @@ -32,8 +32,8 @@ import cn.topiam.employee.console.pojo.result.setting.EmailTemplateListResult; import cn.topiam.employee.console.pojo.result.setting.EmailTemplateResult; import cn.topiam.employee.console.pojo.save.setting.EmailCustomTemplateSaveParam; import cn.topiam.employee.console.service.setting.MailTemplateService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; import lombok.AllArgsConstructor; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityBasicController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityBasicController.java index 957e16c6..716972be 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityBasicController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityBasicController.java @@ -27,8 +27,8 @@ import cn.topiam.employee.audit.event.type.EventType; import cn.topiam.employee.console.pojo.result.setting.SecurityBasicConfigResult; import cn.topiam.employee.console.pojo.save.setting.SecurityBasicSaveParam; import cn.topiam.employee.console.service.setting.SecuritySettingService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; import lombok.AllArgsConstructor; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityDefensePolicyController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityDefensePolicyController.java index 9b81260c..42ca5f04 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityDefensePolicyController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityDefensePolicyController.java @@ -27,8 +27,8 @@ import cn.topiam.employee.audit.event.type.EventType; import cn.topiam.employee.console.pojo.result.setting.SecurityDefensePolicyConfigResult; import cn.topiam.employee.console.pojo.save.setting.SecurityDefensePolicyParam; import cn.topiam.employee.console.service.setting.SecurityDefensePolicyService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; import lombok.AllArgsConstructor; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityPasswordPolicyController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityPasswordPolicyController.java index f184f87b..7bbc033d 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityPasswordPolicyController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SecurityPasswordPolicyController.java @@ -30,8 +30,8 @@ import cn.topiam.employee.console.pojo.result.setting.PasswordPolicyConfigResult import cn.topiam.employee.console.pojo.result.setting.WeakPasswordLibListResult; import cn.topiam.employee.console.pojo.save.setting.PasswordPolicySaveParam; import cn.topiam.employee.console.service.setting.PasswordPolicyService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; import lombok.RequiredArgsConstructor; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsProviderController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsProviderController.java index 56450ca9..0d909524 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsProviderController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/SmsProviderController.java @@ -33,8 +33,8 @@ import cn.topiam.employee.console.pojo.save.setting.SmsProviderSaveParam; import cn.topiam.employee.console.service.setting.MessageSettingService; import cn.topiam.employee.core.message.MsgVariable; import cn.topiam.employee.core.message.sms.SmsMsgEventPublish; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; import cn.topiam.employee.support.security.password.PasswordGenerator; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/StorageController.java b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/StorageController.java index 25292851..29a2ebe6 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/StorageController.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/controller/setting/StorageController.java @@ -27,8 +27,8 @@ import cn.topiam.employee.audit.event.type.EventType; import cn.topiam.employee.console.pojo.result.setting.StorageProviderConfigResult; import cn.topiam.employee.console.pojo.save.setting.StorageConfigSaveParam; import cn.topiam.employee.console.service.setting.StorageSettingService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; import lombok.AllArgsConstructor; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java index 787c62dd..12fc3823 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/account/UserConverter.java @@ -56,9 +56,9 @@ import static cn.topiam.employee.audit.enums.TargetType.PORTAL; import static cn.topiam.employee.audit.event.type.EventType.APP_SSO; import static cn.topiam.employee.audit.event.type.EventType.LOGIN_PORTAL; import static cn.topiam.employee.audit.service.converter.AuditDataConverter.SORT_EVENT_TIME; -import static cn.topiam.employee.support.util.ImageAvatarUtils.*; -import static cn.topiam.employee.support.util.PhoneNumberUtils.getPhoneAreaCode; -import static cn.topiam.employee.support.util.PhoneNumberUtils.getPhoneNumber; +import static cn.topiam.employee.support.util.AvatarUtils.*; +import static cn.topiam.employee.support.util.PhoneUtils.getPhoneAreaCode; +import static cn.topiam.employee.support.util.PhoneUtils.getPhoneNumber; /** * 用户映射 diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/AdministratorConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/AdministratorConverter.java index 67e89046..35001d61 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/AdministratorConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/AdministratorConverter.java @@ -35,15 +35,15 @@ import cn.topiam.employee.console.pojo.save.setting.AdministratorCreateParam; import cn.topiam.employee.console.pojo.update.setting.AdministratorUpdateParam; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.util.BeanUtils; -import cn.topiam.employee.support.util.ImageAvatarUtils; import jakarta.persistence.criteria.Predicate; import static cn.topiam.employee.common.entity.setting.AdministratorEntity.*; import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIED_TIME; -import static cn.topiam.employee.support.util.ImageAvatarUtils.generateAvatarImg; -import static cn.topiam.employee.support.util.PhoneNumberUtils.getPhoneAreaCode; -import static cn.topiam.employee.support.util.PhoneNumberUtils.getPhoneNumber; +import static cn.topiam.employee.support.util.AvatarUtils.bufferedImageToBase64; +import static cn.topiam.employee.support.util.AvatarUtils.generateAvatarImg; +import static cn.topiam.employee.support.util.PhoneUtils.getPhoneAreaCode; +import static cn.topiam.employee.support.util.PhoneUtils.getPhoneNumber; /** * 管理员映射 @@ -69,8 +69,7 @@ public interface AdministratorConverter { user); //头像 if (StringUtils.isEmpty(user.getAvatar())) { - convert.setAvatar(ImageAvatarUtils - .bufferedImageToBase64(generateAvatarImg(user.getUsername()))); + convert.setAvatar(bufferedImageToBase64(generateAvatarImg(user.getUsername()))); } else { convert.setAvatar(user.getAvatar()); } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/GeoLocationSettingConverter.java b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/GeoLocationSettingConverter.java index 99292c55..649a6bb8 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/GeoLocationSettingConverter.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/converter/setting/GeoLocationSettingConverter.java @@ -44,8 +44,8 @@ import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.validation.ValidationUtils; import jakarta.validation.ValidationException; -import static cn.topiam.employee.common.geo.maxmind.MaxmindGeoLocationServiceImpl.MAXMIND; -import static cn.topiam.employee.common.geo.maxmind.MaxmindGeoLocationServiceImpl.SHA256_URL; +import static cn.topiam.employee.common.geo.maxmind.MaxmindGeoLocationParserImpl.MAXMIND; +import static cn.topiam.employee.common.geo.maxmind.MaxmindGeoLocationParserImpl.SHA256_URL; import static cn.topiam.employee.core.setting.GeoIpProviderConstants.IPADDRESS_SETTING_NAME; /** diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserServiceImpl.java index f9437922..6e55acef 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/impl/UserServiceImpl.java @@ -70,8 +70,7 @@ import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.security.password.PasswordPolicyManager; import cn.topiam.employee.support.util.BeanUtils; -import cn.topiam.employee.support.util.PhoneNumberUtils; -import cn.topiam.employee.support.validation.annotation.ValidationPhone; +import cn.topiam.employee.support.util.PhoneUtils; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -80,7 +79,8 @@ import static cn.topiam.employee.audit.enums.TargetType.USER_DETAIL; import static cn.topiam.employee.core.message.sms.SmsMsgEventPublish.USERNAME; import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIED_TIME; -import static cn.topiam.employee.support.util.PhoneNumberUtils.getPhoneNumber; +import static cn.topiam.employee.support.util.PhoneUtils.PHONE_REGEXP; +import static cn.topiam.employee.support.util.PhoneUtils.getPhoneNumber; /** *

@@ -216,7 +216,7 @@ public class UserServiceImpl implements UserService { } //手机号 if (StringUtils.isNotEmpty(param.getPhone())) { - if (!getPhoneNumber(param.getPhone()).matches(ValidationPhone.PHONE_REGEXP)) { + if (!getPhoneNumber(param.getPhone()).matches(PHONE_REGEXP)) { throw new InfoValidityFailException("手机号格式错误"); } Boolean validityPhone = userParamCheck(CheckValidityType.PHONE, param.getPhone(), null); @@ -306,8 +306,8 @@ public class UserServiceImpl implements UserService { detail.orElse(null)); if (Objects.nonNull(userEntity) && StringUtils.isNotEmpty(userEntity.getPhone())) { StringBuilder phoneAreaCode = new StringBuilder( - userEntity.getPhoneAreaCode().replace(PhoneNumberUtils.PLUS_SIGN, "")); - phoneAreaCode.insert(0, PhoneNumberUtils.PLUS_SIGN); + userEntity.getPhoneAreaCode().replace(PhoneUtils.PLUS_SIGN, "")); + phoneAreaCode.insert(0, PhoneUtils.PLUS_SIGN); userResult.setPhone(phoneAreaCode + userEntity.getPhone()); } return userResult; @@ -324,7 +324,7 @@ public class UserServiceImpl implements UserService { public boolean updateUser(UserUpdateParam param) { if (StringUtils.isNotBlank(param.getPhone())) { String phoneNumber = getPhoneNumber(param.getPhone()); - if (!phoneNumber.matches(ValidationPhone.PHONE_REGEXP)) { + if (!phoneNumber.matches(PHONE_REGEXP)) { throw new InfoValidityFailException("手机号格式错误"); } Boolean validityPhone = userParamCheck(CheckValidityType.PHONE, param.getPhone(), @@ -440,7 +440,7 @@ public class UserServiceImpl implements UserService { if (CheckValidityType.PHONE.equals(type)) { try { //手机号未修改 - if (StringUtils.equals(value.replace(PhoneNumberUtils.PLUS_SIGN, ""), + if (StringUtils.equals(value.replace(PhoneUtils.PLUS_SIGN, ""), entity.getPhoneAreaCode() + entity.getPhone())) { return true; } @@ -514,70 +514,70 @@ public class UserServiceImpl implements UserService { /** * 用户数据映射器 */ - private final UserConverter userConverter; + private final UserConverter userConverter; /** * UserRepository */ - private final UserRepository userRepository; + private final UserRepository userRepository; /** * UserIdpRepository */ - private final UserIdpRepository userIdpRepository; + private final UserIdpRepository userIdpRepository; /** * AppAccessPolicyRepository */ - private final AppAccessPolicyRepository appAccessPolicyRepository; + private final AppAccessPolicyRepository appAccessPolicyRepository; /** * password encoder */ - private final PasswordEncoder passwordEncoder; + private final PasswordEncoder passwordEncoder; /** * 组织 */ - private final OrganizationRepository organizationRepository; + private final OrganizationRepository organizationRepository; /** * 组织成员 */ - private final OrganizationMemberRepository organizationMemberRepository; + private final OrganizationMemberRepository organizationMemberRepository; /** * 部门成员 */ - private final UserGroupMemberRepository userGroupMemberRepository; + private final UserGroupMemberRepository userGroupMemberRepository; /** * 用户详情Repository */ - private final UserDetailRepository userDetailsRepository; + private final UserDetailRepository userDetailsRepository; /** * 修改密码历史Repository */ - private final UserHistoryPasswordRepository userHistoryPasswordRepository; + private final UserHistoryPasswordRepository userHistoryPasswordRepository; /** * 邮件消息发布 */ - private final MailMsgEventPublish mailMsgEventPublish; + private final MailMsgEventPublish mailMsgEventPublish; /** * 短信消息发送 */ - private final SmsMsgEventPublish smsMsgEventPublish; + private final SmsMsgEventPublish smsMsgEventPublish; /** * PasswordPolicyManager */ - private final PasswordPolicyManager passwordPolicyManager; + private final PasswordPolicyManager passwordPolicyManager; /** * AuditRepository */ - private final AuditRepository auditRepository; + private final AuditRepository auditRepository; } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/userdetail/UserDetailsServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/userdetail/UserDetailsServiceImpl.java index 1b201185..262fd086 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/account/userdetail/UserDetailsServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/account/userdetail/UserDetailsServiceImpl.java @@ -17,6 +17,7 @@ */ package cn.topiam.employee.console.service.account.userdetail; +import java.time.LocalDateTime; import java.util.Optional; import org.slf4j.Logger; @@ -25,8 +26,13 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Component; +import cn.topiam.employee.audit.context.AuditContext; +import cn.topiam.employee.audit.entity.Target; +import cn.topiam.employee.audit.enums.TargetType; import cn.topiam.employee.common.entity.setting.AdministratorEntity; +import cn.topiam.employee.common.repository.setting.AdministratorRepository; import cn.topiam.employee.console.service.setting.AdministratorService; +import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.security.password.exception.PasswordValidatedFailException; import cn.topiam.employee.support.security.userdetails.UserDetails; import cn.topiam.employee.support.security.userdetails.UserDetailsService; @@ -75,36 +81,103 @@ public class UserDetailsServiceImpl implements UserDetailsService { return administratorService.getUserDetails(administrator); } + @Override + public UserDetails loadUserByPhone(String phone) throws UsernameNotFoundException { + Optional optional = administratorRepository.findByPhone(phone); + //不存在该用户 + if (optional.isEmpty()) { + logger.info("根据手机号未查询该管理员【{}】", phone); + throw new UsernameNotFoundException("用户名或密码错误"); + } + return getUserDetails(optional.get()); + } + + @Override + public UserDetails loadUserByEmail(String email) throws UsernameNotFoundException { + Optional optional = administratorRepository.findByEmail(email); + //不存在该用户 + if (optional.isEmpty()) { + logger.info("根据邮箱未查询该管理员【{}】", email); + throw new UsernameNotFoundException("用户名或密码错误"); + } + return getUserDetails(optional.get()); + } + @Override public void changePassword(String username, String newPassword) { - administratorService.forceResetAdministratorPassword(username, newPassword); + AdministratorEntity administrator = findByUsername(username); + forceResetUserPassword(administrator, newPassword); } @Override public void changePassword(String username, String oldPassword, String newPassword) { - AdministratorEntity admin = administratorService.getAdministratorByUsername(username); - boolean matches = passwordEncoder.matches(oldPassword, admin.getPassword()); + AdministratorEntity administrator = findByUsername(username); + boolean matches = passwordEncoder.matches(oldPassword, administrator.getPassword()); if (!matches) { - logger.error("用户ID: [{}] 用户名: [{}] 旧密码匹配失败", admin.getId(), admin.getUsername()); + logger.error("用户ID: [{}] 用户名: [{}] 旧密码匹配失败", administrator.getId(), + administrator.getUsername()); throw new PasswordValidatedFailException(); } - // 重置密码 - administratorService.forceResetAdministratorPassword(admin, newPassword); + forceResetUserPassword(administrator, newPassword); + } + + private UserDetails getUserDetails(AdministratorEntity administrator) { + //锁定 + if (administrator.isLocked()) { + logger.info("用户【{}】被锁定", administrator.getUsername()); + } + //禁用 + if (administrator.isDisabled()) { + logger.info("用户【{}】被禁用", administrator.getUsername()); + } + return administratorService.getUserDetails(administrator); + } + + public void forceResetUserPassword(AdministratorEntity administrator, String password) { + boolean matches = passwordEncoder.matches(password, administrator.getPassword()); + if (matches) { + logger.error("用户ID: [{}] 用户名: [{}] 新密码与旧密码相同", administrator.getId(), + administrator.getUsername()); + throw new PasswordValidatedFailException("新密码不允许与旧密码相同"); + } + password = passwordEncoder.encode(password); + administrator.setPassword(password); + administrator.setLastUpdatePasswordTime(LocalDateTime.now()); + administrator.setNeedChangePassword(false); + // 更新密码 + administratorRepository.save(administrator); + AuditContext.setTarget(Target.builder().id(administrator.getId()) + .name(administrator.getUsername()).type(TargetType.USER).build()); + } + + public AdministratorEntity findByUsername(String username) { + return administratorRepository.findByUsername(username).orElseThrow(() -> { + AuditContext.setContent("重置密码失败,用户不存在"); + logger.warn(AuditContext.getContent()); + return new TopIamException("操作失败"); + }); } /** - * AdministratorService + * AdministratorRepository */ - private final AdministratorService administratorService; + private final AdministratorRepository administratorRepository; /** * PasswordEncoder */ - private final PasswordEncoder passwordEncoder; + private final PasswordEncoder passwordEncoder; - public UserDetailsServiceImpl(AdministratorService administratorService, - PasswordEncoder passwordEncoder) { - this.administratorService = administratorService; + /** + * UserService + */ + private final AdministratorService administratorService; + + public UserDetailsServiceImpl(AdministratorRepository administratorRepository, + PasswordEncoder passwordEncoder, + AdministratorService administratorService) { + this.administratorRepository = administratorRepository; this.passwordEncoder = passwordEncoder; + this.administratorService = administratorService; } } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/AdministratorServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/AdministratorServiceImpl.java index 3a62de32..13a46d64 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/AdministratorServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/AdministratorServiceImpl.java @@ -69,10 +69,9 @@ import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.security.password.exception.PasswordValidatedFailException; import cn.topiam.employee.support.security.userdetails.UserDetails; import cn.topiam.employee.support.security.userdetails.UserType; -import cn.topiam.employee.support.util.PhoneNumberUtils; -import cn.topiam.employee.support.validation.annotation.ValidationPhone; +import cn.topiam.employee.support.util.PhoneUtils; import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_ADMIN_USERNAME; -import static cn.topiam.employee.support.util.PhoneNumberUtils.getPhoneNumber; +import static cn.topiam.employee.support.util.PhoneUtils.*; /** * @author TopIAM @@ -115,7 +114,7 @@ public class AdministratorServiceImpl implements AdministratorService { } //手机号 if (StringUtils.isNotEmpty(param.getPhone())) { - if (!getPhoneNumber(param.getPhone()).matches(ValidationPhone.PHONE_REGEXP)) { + if (!getPhoneNumber(param.getPhone()).matches(PHONE_REGEXP)) { throw new InfoValidityFailException("手机号格式错误"); } Boolean validityPhone = administratorParamCheck(CheckValidityType.PHONE, param.getPhone(), null); @@ -331,7 +330,7 @@ public class AdministratorServiceImpl implements AdministratorService { if (CheckValidityType.PHONE.equals(type)) { try { //手机号未修改 - if (StringUtils.equals(value.replace(PhoneNumberUtils.PLUS_SIGN, ""), + if (StringUtils.equals(value.replace(PLUS_SIGN, ""), entity.getPhoneAreaCode() + entity.getPhone())) { return true; } @@ -443,8 +442,8 @@ public class AdministratorServiceImpl implements AdministratorService { .entityConvertToAdministratorDetailsResult(administrator); if (Objects.nonNull(administrator) && StringUtils.isNotEmpty(administrator.getPhone())) { StringBuilder phoneAreaCode = new StringBuilder( - administrator.getPhoneAreaCode().replace(PhoneNumberUtils.PLUS_SIGN, "")); - phoneAreaCode.insert(0, PhoneNumberUtils.PLUS_SIGN); + administrator.getPhoneAreaCode().replace(PhoneUtils.PLUS_SIGN, "")); + phoneAreaCode.insert(0, PhoneUtils.PLUS_SIGN); result.setPhone(phoneAreaCode + administrator.getPhone()); } return result; diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/GeoLocationSettingServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/GeoLocationSettingServiceImpl.java index dfa05038..8d71e603 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/GeoLocationSettingServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/setting/impl/GeoLocationSettingServiceImpl.java @@ -28,7 +28,7 @@ import cn.topiam.employee.console.pojo.save.setting.GeoIpProviderSaveParam; import cn.topiam.employee.console.service.setting.GeoLocationSettingService; import cn.topiam.employee.support.context.ApplicationContextService; import cn.topiam.employee.support.geo.GeoLocation; -import cn.topiam.employee.support.geo.GeoLocationService; +import cn.topiam.employee.support.geo.GeoLocationParser; import lombok.extern.slf4j.Slf4j; import static cn.topiam.employee.common.constant.ConfigBeanNameConstants.GEO_LOCATION; @@ -80,17 +80,17 @@ public class GeoLocationSettingServiceImpl extends SettingServiceImpl */ @Override public GeoLocation getGeoLocation(String ip) { - return geoLocationService.getGeoLocation(ip); + return geoLocationParser.getGeoLocation(ip); } - private final GeoLocationService geoLocationService; + private final GeoLocationParser geoLocationParser; private final GeoLocationSettingConverter geoLocationSettingsConverter; public GeoLocationSettingServiceImpl(SettingRepository settingsRepository, - GeoLocationService geoLocationService, + GeoLocationParser geoLocationParser, GeoLocationSettingConverter geoLocationSettingsConverter) { super(settingsRepository); - this.geoLocationService = geoLocationService; + this.geoLocationParser = geoLocationParser; this.geoLocationSettingsConverter = geoLocationSettingsConverter; } } diff --git a/eiam-console/src/main/java/cn/topiam/employee/console/service/user/impl/UserProfileServiceImpl.java b/eiam-console/src/main/java/cn/topiam/employee/console/service/user/impl/UserProfileServiceImpl.java index 4232b602..00f498a7 100644 --- a/eiam-console/src/main/java/cn/topiam/employee/console/service/user/impl/UserProfileServiceImpl.java +++ b/eiam-console/src/main/java/cn/topiam/employee/console/service/user/impl/UserProfileServiceImpl.java @@ -55,7 +55,7 @@ import cn.topiam.employee.support.exception.TopIamException; import cn.topiam.employee.support.security.password.exception.PasswordValidatedFailException; import cn.topiam.employee.support.security.util.SecurityUtils; import cn.topiam.employee.support.util.BeanUtils; -import cn.topiam.employee.support.util.PhoneNumberUtils; +import cn.topiam.employee.support.util.PhoneUtils; import jakarta.servlet.http.HttpSession; import static cn.topiam.employee.core.message.sms.SmsMsgEventPublish.USERNAME; @@ -64,7 +64,7 @@ import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX00010 import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIED_TIME; import static cn.topiam.employee.support.util.EmailUtils.isEmailValidate; -import static cn.topiam.employee.support.util.PhoneNumberUtils.isPhoneValidate; +import static cn.topiam.employee.support.util.PhoneUtils.isPhoneValidate; /** * @@ -229,7 +229,7 @@ public class UserProfileServiceImpl implements UserProfileService { } else if (isPhoneValidate(recipient)) { // 验证在库中是否有手机号 Optional byPhone = administratorRepository - .findByPhone(PhoneNumberUtils.getPhoneNumber(recipient)); + .findByPhone(PhoneUtils.getPhoneNumber(recipient)); if (byPhone.isPresent()) { otpContextHelp.sendOtp(recipient, SmsType.FORGET_PASSWORD.getCode(), MessageNoticeChannel.SMS); @@ -253,7 +253,7 @@ public class UserProfileServiceImpl implements UserProfileService { MessageNoticeChannel.MAIL, recipient, code); } } else if (isPhoneValidate(recipient)) { - user = administratorRepository.findByPhone(PhoneNumberUtils.getPhoneNumber(recipient)); + user = administratorRepository.findByPhone(PhoneUtils.getPhoneNumber(recipient)); if (user.isPresent()) { checkOtp = otpContextHelp.checkOtp(SmsType.FORGET_PASSWORD.getCode(), MessageNoticeChannel.SMS, recipient, code); diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamGeoLocationConfiguration.java b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamGeoLocationConfiguration.java index ed759472..b4761096 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamGeoLocationConfiguration.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamGeoLocationConfiguration.java @@ -33,17 +33,17 @@ import com.fasterxml.jackson.databind.ObjectMapper; import cn.topiam.employee.common.entity.setting.SettingEntity; import cn.topiam.employee.common.geo.GeoLocationProviderConfig; -import cn.topiam.employee.common.geo.NoneGeoLocationServiceImpl; -import cn.topiam.employee.common.geo.ip2region.Ip2regionGeoLocationServiceImpl; -import cn.topiam.employee.common.geo.maxmind.MaxmindGeoLocationServiceImpl; +import cn.topiam.employee.common.geo.NoneGeoLocationParserImpl; +import cn.topiam.employee.common.geo.ip2region.Ip2regionGeoLocationParserImpl; +import cn.topiam.employee.common.geo.maxmind.MaxmindGeoLocationParserImpl; import cn.topiam.employee.common.geo.maxmind.MaxmindProviderConfig; import cn.topiam.employee.common.jackjson.encrypt.EncryptionModule; import cn.topiam.employee.common.repository.setting.SettingRepository; import cn.topiam.employee.core.setting.GeoIpProviderConstants; -import cn.topiam.employee.support.geo.GeoLocationService; +import cn.topiam.employee.support.geo.GeoLocationParser; import static cn.topiam.employee.common.constant.ConfigBeanNameConstants.GEO_LOCATION; -import static cn.topiam.employee.common.geo.ip2region.Ip2regionGeoLocationServiceImpl.IP2REGION; -import static cn.topiam.employee.common.geo.maxmind.MaxmindGeoLocationServiceImpl.MAXMIND; +import static cn.topiam.employee.common.geo.ip2region.Ip2regionGeoLocationParserImpl.IP2REGION; +import static cn.topiam.employee.common.geo.maxmind.MaxmindGeoLocationParserImpl.MAXMIND; /** * 地理位置库 @@ -57,8 +57,8 @@ public class EiamGeoLocationConfiguration { @RefreshScope @Bean(value = GEO_LOCATION) - public GeoLocationService geoLocation(SettingRepository settingRepository, - RestTemplate restTemplate) { + public GeoLocationParser geoLocation(SettingRepository settingRepository, + RestTemplate restTemplate) { try { ObjectMapper objectMapper = EncryptionModule.deserializerDecrypt(); // 指定序列化输入的类型 @@ -72,19 +72,19 @@ public class EiamGeoLocationConfiguration { GeoLocationProviderConfig.class); // maxmind if (MAXMIND.equals(provider.getProvider())) { - return new MaxmindGeoLocationServiceImpl( + return new MaxmindGeoLocationParserImpl( (MaxmindProviderConfig) provider.getConfig(), restTemplate); } // ip2region if (IP2REGION.equals(provider.getProvider())) { - return new Ip2regionGeoLocationServiceImpl(); + return new Ip2regionGeoLocationParserImpl(); } } //没有数据默认使用 ip2region - return new Ip2regionGeoLocationServiceImpl(); + return new Ip2regionGeoLocationParserImpl(); } catch (IOException e) { logger.error("Create geo location Exception: {}", e.getMessage(), e); } - return new NoneGeoLocationServiceImpl(); + return new NoneGeoLocationParserImpl(); } } diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamPasswordConfiguration.java b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamPasswordConfiguration.java index 43a12469..1692b83f 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamPasswordConfiguration.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/configuration/EiamPasswordConfiguration.java @@ -23,7 +23,6 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.crypto.password.PasswordEncoder; import cn.topiam.employee.common.constant.ConfigBeanNameConstants; -import cn.topiam.employee.common.entity.account.UserEntity; import cn.topiam.employee.common.repository.account.UserHistoryPasswordRepository; import cn.topiam.employee.common.repository.account.UserRepository; import cn.topiam.employee.common.repository.setting.SettingRepository; @@ -54,11 +53,11 @@ public class EiamPasswordConfiguration { */ @Bean(ConfigBeanNameConstants.DEFAULT_PASSWORD_POLICY_MANAGER) @RefreshScope - public PasswordPolicyManager passwordPolicyManager(UserRepository userRepository, - UserHistoryPasswordRepository userHistoryPasswordRepository, - SettingRepository settingRepository, - PasswordWeakLib passwordWeakLib, - PasswordEncoder passwordEncoder) { + public PasswordPolicyManager passwordPolicyManager(UserRepository userRepository, + UserHistoryPasswordRepository userHistoryPasswordRepository, + SettingRepository settingRepository, + PasswordWeakLib passwordWeakLib, + PasswordEncoder passwordEncoder) { return new DefaultPasswordPolicyManager(userRepository, userHistoryPasswordRepository, settingRepository, passwordWeakLib, passwordEncoder); } diff --git a/eiam-core/src/main/java/cn/topiam/employee/core/security/password/manager/DefaultPasswordPolicyManager.java b/eiam-core/src/main/java/cn/topiam/employee/core/security/password/manager/DefaultPasswordPolicyManager.java index 00ddbd60..5597c0d8 100644 --- a/eiam-core/src/main/java/cn/topiam/employee/core/security/password/manager/DefaultPasswordPolicyManager.java +++ b/eiam-core/src/main/java/cn/topiam/employee/core/security/password/manager/DefaultPasswordPolicyManager.java @@ -23,6 +23,7 @@ import org.springframework.data.domain.Example; import org.springframework.data.domain.Page; import org.springframework.data.domain.PageRequest; import org.springframework.data.domain.Sort; +import org.springframework.lang.NonNull; import org.springframework.security.crypto.password.PasswordEncoder; import cn.topiam.employee.common.entity.account.UserEntity; @@ -46,7 +47,7 @@ import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIE * @author TopIAM * Created by support@topiam.cn on 2022/4/17 22:21 */ -public class DefaultPasswordPolicyManager implements PasswordPolicyManager { +public class DefaultPasswordPolicyManager implements PasswordPolicyManager { public DefaultPasswordPolicyManager(UserRepository userRepository, UserHistoryPasswordRepository userHistoryPasswordRepository, @@ -71,19 +72,20 @@ public class DefaultPasswordPolicyManager implements PasswordPolicyManager validators = new ArrayList<>(providers); - if (userId.getId() != null) { + public void validate(@NonNull Object principal, String password) { + if (principal instanceof UserEntity) { + String userId = ((UserEntity) principal).getId(); + List validators = new ArrayList<>(providers); //@formatter:off - validators.add(getPasswordIncludeUserInfoValidator(userId.getId())); - validators.add(getHistoryPasswordValidator(String.valueOf(userId.getId()))); + validators.add(getPasswordIncludeUserInfoValidator(userId)); + validators.add(getHistoryPasswordValidator(userId)); //@formatter:on + validators.forEach(passwordValidator -> passwordValidator.validate(password)); } - validators.forEach(passwordValidator -> passwordValidator.validate(password)); } /** @@ -104,6 +106,7 @@ public class DefaultPasswordPolicyManager implements PasswordPolicyManager entities = userHistoryPasswordRepository.findAll( - Example.of(new UserHistoryPasswordEntity().setUserId(userId)), - PageRequest.of(0, count, Sort.by(Sort.Direction.DESC, LAST_MODIFIED_TIME))); + Example.of(new UserHistoryPasswordEntity().setUserId(userId)), + PageRequest.of(0, count, Sort.by(Sort.Direction.DESC, LAST_MODIFIED_TIME))); //构建历史密码验证器 - new HistoryPasswordValidator(entities.getContent().stream().map(UserHistoryPasswordEntity::getPassword).toList(), passwordEncoder); + return new HistoryPasswordValidator( + entities.getContent().stream().map(UserHistoryPasswordEntity::getPassword).toList(), + passwordEncoder); } return new HistoryPasswordValidator(false); } - /** * 获取密码长度规则验证器 * @@ -142,16 +150,18 @@ public class DefaultPasswordPolicyManager implements PasswordPolicyManager list = new ArrayList<>(); //自定义弱密码 - SettingEntity customWeakCipher = settingRepository.findByName(PASSWORD_POLICY_CUSTOM_WEAK_PASSWORD); + SettingEntity customWeakCipher = settingRepository + .findByName(PASSWORD_POLICY_CUSTOM_WEAK_PASSWORD); if (!Objects.isNull(customWeakCipher)) { list.addAll(Arrays.asList(customWeakCipher.getValue().split("\n"))); } @@ -194,6 +207,22 @@ public class DefaultPasswordPolicyManager implements PasswordPolicyManager validators = new ArrayList<>(providers); + //@formatter:off + validators.add(getPasswordIncludeUserInfoValidator(userId)); + validators.add(getHistoryPasswordValidator(userId)); + //@formatter:on + validators.forEach(passwordValidator -> passwordValidator.validate(password)); + } + /** * 获取密码连续相同字符验证器 * @@ -202,8 +231,9 @@ public class DefaultPasswordPolicyManager implements PasswordPolicyManager providers; + private final List providers; /** * 用户 */ - private final UserRepository userRepository; + private final UserRepository userRepository; /** * 历史密码 */ @@ -235,13 +266,13 @@ public class DefaultPasswordPolicyManager implements PasswordPolicyManager httpSecuritySessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS)); //异常处理器 - http.exceptionHandling(httpSecurityExceptionHandlingConfigurer -> httpSecurityExceptionHandlingConfigurer.authenticationEntryPoint(new AccessTokenAuthenticationEntryPoint())); + http.exceptionHandling(httpSecurityExceptionHandlingConfigurer -> httpSecurityExceptionHandlingConfigurer.authenticationEntryPoint(new AccessTokenAuthenticationEntryPoint(userAgentParser))); http.addFilterBefore(new AccessTokenAuthenticationFilter(providerManager),BasicAuthenticationFilter.class); return http.build(); //@formatter:on @@ -90,4 +91,11 @@ public class OpenApiSecurityConfiguration { public AccessTokenStore tokenStore(RedisTemplate redisTemplate) { return new RedisAccessTokenStore(redisTemplate); } + + private final UserAgentParser userAgentParser; + + public OpenApiSecurityConfiguration(UserAgentParser userAgentParser) { + this.userAgentParser = userAgentParser; + } + } diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/UserConverter.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/UserConverter.java index 3a4142ac..1e206b28 100644 --- a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/UserConverter.java +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/converter/UserConverter.java @@ -37,9 +37,9 @@ import cn.topiam.employee.openapi.pojo.update.UserUpdateParam; import cn.topiam.employee.support.context.ApplicationContextService; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.security.userdetails.DataOrigin; -import static cn.topiam.employee.support.util.ImageAvatarUtils.getRandomAvatar; -import static cn.topiam.employee.support.util.PhoneNumberUtils.getPhoneAreaCode; -import static cn.topiam.employee.support.util.PhoneNumberUtils.getPhoneNumber; +import static cn.topiam.employee.support.util.AvatarUtils.getRandomAvatar; +import static cn.topiam.employee.support.util.PhoneUtils.getPhoneAreaCode; +import static cn.topiam.employee.support.util.PhoneUtils.getPhoneNumber; /** * 用户映射 diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/AppAccountController.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/AppAccountController.java index 22e84aed..bc5c145a 100644 --- a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/AppAccountController.java +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/AppAccountController.java @@ -28,8 +28,8 @@ import cn.topiam.employee.openapi.common.OpenApiResponse; import cn.topiam.employee.openapi.pojo.result.AppAccountListResult; import cn.topiam.employee.openapi.pojo.save.AppAccountCreateParam; import cn.topiam.employee.openapi.service.AppAccountService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/OrganizationController.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/OrganizationController.java index 85fbebe1..110b03e6 100644 --- a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/OrganizationController.java +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/OrganizationController.java @@ -31,8 +31,8 @@ import cn.topiam.employee.openapi.pojo.result.OrganizationResult; import cn.topiam.employee.openapi.pojo.save.OrganizationCreateParam; import cn.topiam.employee.openapi.pojo.update.OrganizationUpdateParam; import cn.topiam.employee.openapi.service.OrganizationService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import lombok.RequiredArgsConstructor; diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/UserController.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/UserController.java index 0392caad..60e5515d 100644 --- a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/UserController.java +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/endpoint/UserController.java @@ -31,8 +31,8 @@ import cn.topiam.employee.openapi.pojo.result.UserResult; import cn.topiam.employee.openapi.pojo.save.UserCreateParam; import cn.topiam.employee.openapi.pojo.update.UserUpdateParam; import cn.topiam.employee.openapi.service.UserService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; diff --git a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/UserServiceImpl.java b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/UserServiceImpl.java index e880c030..e71f972f 100644 --- a/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/UserServiceImpl.java +++ b/eiam-openapi/src/main/java/cn/topiam/employee/openapi/service/impl/UserServiceImpl.java @@ -59,8 +59,7 @@ import cn.topiam.employee.support.repository.page.domain.Page; import cn.topiam.employee.support.repository.page.domain.PageModel; import cn.topiam.employee.support.security.password.PasswordPolicyManager; import cn.topiam.employee.support.util.BeanUtils; -import cn.topiam.employee.support.util.PhoneNumberUtils; -import cn.topiam.employee.support.validation.annotation.ValidationPhone; +import cn.topiam.employee.support.util.PhoneUtils; import lombok.extern.slf4j.Slf4j; import static cn.topiam.employee.audit.enums.TargetType.USER; @@ -68,7 +67,8 @@ import static cn.topiam.employee.audit.enums.TargetType.USER_DETAIL; import static cn.topiam.employee.core.message.sms.SmsMsgEventPublish.USERNAME; import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIED_TIME; -import static cn.topiam.employee.support.util.PhoneNumberUtils.getPhoneNumber; +import static cn.topiam.employee.support.util.PhoneUtils.PHONE_REGEXP; +import static cn.topiam.employee.support.util.PhoneUtils.getPhoneNumber; /** *

@@ -128,7 +128,7 @@ public class UserServiceImpl implements UserService { } //手机号 if (StringUtils.isNotEmpty(param.getPhone())) { - if (!getPhoneNumber(param.getPhone()).matches(ValidationPhone.PHONE_REGEXP)) { + if (!getPhoneNumber(param.getPhone()).matches(PHONE_REGEXP)) { throw new OpenApiException(OpenApiStatus.MOBILE_NOT_VALID); } Boolean validityPhone = userParamCheck(CheckValidityType.PHONE, param.getPhone(), null); @@ -206,8 +206,8 @@ public class UserServiceImpl implements UserService { detail.orElse(null)); if (Objects.nonNull(userEntity) && StringUtils.isNotEmpty(userEntity.getPhone())) { StringBuilder phoneAreaCode = new StringBuilder( - userEntity.getPhoneAreaCode().replace(PhoneNumberUtils.PLUS_SIGN, "")); - phoneAreaCode.insert(0, PhoneNumberUtils.PLUS_SIGN); + userEntity.getPhoneAreaCode().replace(PhoneUtils.PLUS_SIGN, "")); + phoneAreaCode.insert(0, PhoneUtils.PLUS_SIGN); userResult.setPhone(phoneAreaCode + userEntity.getPhone()); } return userResult; @@ -223,7 +223,7 @@ public class UserServiceImpl implements UserService { public void updateUser(UserUpdateParam param) { if (StringUtils.isNotBlank(param.getPhone())) { String phoneNumber = getPhoneNumber(param.getPhone()); - if (!phoneNumber.matches(ValidationPhone.PHONE_REGEXP)) { + if (!phoneNumber.matches(PHONE_REGEXP)) { throw new OpenApiException(OpenApiStatus.MOBILE_NOT_VALID); } Boolean validityPhone = userParamCheck(CheckValidityType.PHONE, param.getPhone(), @@ -342,7 +342,7 @@ public class UserServiceImpl implements UserService { if (CheckValidityType.PHONE.equals(type)) { try { //手机号未修改 - if (StringUtils.equals(value.replace(PhoneNumberUtils.PLUS_SIGN, ""), + if (StringUtils.equals(value.replace(PhoneUtils.PLUS_SIGN, ""), entity.getPhoneAreaCode() + entity.getPhone())) { return true; } @@ -377,42 +377,42 @@ public class UserServiceImpl implements UserService { /** * 用户数据映射器 */ - private final UserConverter userConverter; + private final UserConverter userConverter; /** * UserRepository */ - private final UserRepository userRepository; + private final UserRepository userRepository; /** * 组织成员 */ - private final OrganizationMemberRepository organizationMemberRepository; + private final OrganizationMemberRepository organizationMemberRepository; /** * 部门成员 */ - private final UserGroupMemberRepository userGroupMemberRepository; + private final UserGroupMemberRepository userGroupMemberRepository; /** * 用户详情Repository */ - private final UserDetailRepository userDetailsRepository; + private final UserDetailRepository userDetailsRepository; /** * 邮件消息发布 */ - private final MailMsgEventPublish mailMsgEventPublish; + private final MailMsgEventPublish mailMsgEventPublish; /** * 短信消息发送 */ - private final SmsMsgEventPublish smsMsgEventPublish; + private final SmsMsgEventPublish smsMsgEventPublish; /** * PasswordPolicyManager */ - private final PasswordPolicyManager passwordPolicyManager; + private final PasswordPolicyManager passwordPolicyManager; public UserServiceImpl(UserConverter userConverter, UserRepository userRepository, OrganizationMemberRepository organizationMemberRepository, @@ -420,7 +420,7 @@ public class UserServiceImpl implements UserService { UserDetailRepository userDetailsRepository, MailMsgEventPublish mailMsgEventPublish, SmsMsgEventPublish smsMsgEventPublish, - PasswordPolicyManager passwordPolicyManager) { + PasswordPolicyManager passwordPolicyManager) { this.userConverter = userConverter; this.userRepository = userRepository; this.organizationMemberRepository = organizationMemberRepository; diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/authentication/PortalAuthenticationEntryPoint.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/authentication/PortalAuthenticationEntryPoint.java index 8a9d5ca6..e6af5964 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/authentication/PortalAuthenticationEntryPoint.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/authentication/PortalAuthenticationEntryPoint.java @@ -28,6 +28,7 @@ import cn.topiam.employee.core.context.ContextService; import cn.topiam.employee.support.result.ApiRestResult; import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint; import cn.topiam.employee.support.util.HttpResponseUtils; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; @@ -86,4 +87,8 @@ public class PortalAuthenticationEntryPoint extends AbstractAuthenticationEntryP response.sendRedirect(ContextService.getPortalLoginUrl()); } } + + public PortalAuthenticationEntryPoint(UserAgentParser userAgentParser) { + super(userAgentParser); + } } diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/authentication/PortalAuthenticationSuccessHandler.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/authentication/PortalAuthenticationSuccessHandler.java index 715b6156..8ab6edf3 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/authentication/PortalAuthenticationSuccessHandler.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/authentication/PortalAuthenticationSuccessHandler.java @@ -61,7 +61,7 @@ import static cn.topiam.employee.core.context.ContextService.getPortalPublicBase import static cn.topiam.employee.support.constant.EiamConstants.CAPTCHA_CODE_SESSION; import static cn.topiam.employee.support.context.ServletContextService.isHtmlRequest; import static cn.topiam.employee.support.security.authentication.AuthenticationProvider.USERNAME_PASSWORD; -import static cn.topiam.employee.support.security.savedredirect.JumpController.JUMP_PATH; +import static cn.topiam.employee.support.security.savedredirect.JumpConstants.JUMP_PATH; /** * 认证成功处理程序 diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalApiConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalApiConfiguration.java index 522fa272..4ff04c0b 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalApiConfiguration.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/PortalApiConfiguration.java @@ -22,7 +22,7 @@ import org.springframework.context.annotation.Configuration; import org.springframework.core.env.Environment; import cn.topiam.employee.EiamPortalApplication; -import cn.topiam.employee.support.util.AppVersionUtils; +import cn.topiam.employee.support.util.VersionUtils; import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; @@ -59,7 +59,7 @@ public class PortalApiConfiguration { //内容 .contact(contact) //版本 - .version(AppVersionUtils.getVersion(EiamPortalApplication.class)); + .version(VersionUtils.getVersion(EiamPortalApplication.class)); } /** diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/AbstractSecurityConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/AbstractSecurityConfiguration.java index 4cf22ad6..685c7dc2 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/AbstractSecurityConfiguration.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/AbstractSecurityConfiguration.java @@ -48,6 +48,7 @@ import cn.topiam.employee.core.setting.SecuritySettingConstants; import cn.topiam.employee.portal.authentication.*; import cn.topiam.employee.support.redis.KeyStringRedisSerializer; import cn.topiam.employee.support.security.csrf.SpaCsrfTokenRequestHandler; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import static org.springframework.security.web.header.writers.XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK; import static org.springframework.web.cors.CorsConfiguration.ALL; @@ -150,7 +151,8 @@ public class AbstractSecurityConfiguration { */ public Customizer> withExceptionConfigurerDefaults() { return configurer -> { - configurer.authenticationEntryPoint(new PortalAuthenticationEntryPoint()); + configurer + .authenticationEntryPoint(new PortalAuthenticationEntryPoint(userAgentParser)); configurer.accessDeniedHandler(new PortalAccessDeniedHandler()); configurer .withObjectPostProcessor(new ObjectPostProcessor() { @@ -219,11 +221,15 @@ public class AbstractSecurityConfiguration { }; } + private final UserAgentParser userAgentParser; private final SettingRepository settingRepository; - public AbstractSecurityConfiguration(SettingRepository settingRepository) { + public AbstractSecurityConfiguration(UserAgentParser userAgentParser, + SettingRepository settingRepository) { + Assert.notNull(settingRepository, "The userAgentParser cannot be null"); Assert.notNull(settingRepository, "The settingRepository cannot be null"); this.settingRepository = settingRepository; + this.userAgentParser = userAgentParser; } } diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/FormProtocolSecurityConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/FormProtocolSecurityConfiguration.java index 1da5cee2..5a22ee76 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/FormProtocolSecurityConfiguration.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/FormProtocolSecurityConfiguration.java @@ -41,6 +41,7 @@ import cn.topiam.employee.protocol.form.RedisFormAuthorizationService; import cn.topiam.employee.protocol.form.authentication.FormAuthenticationFailureEventListener; import cn.topiam.employee.protocol.form.authentication.FormAuthenticationSuccessEventListener; import cn.topiam.employee.protocol.form.configurers.FormAuthorizationServerConfigurer; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import static org.springframework.security.config.http.SessionCreationPolicy.NEVER; import static cn.topiam.employee.common.constant.ConfigBeanNameConstants.FORM_PROTOCOL_SECURITY_FILTER_CHAIN; @@ -54,10 +55,6 @@ import static cn.topiam.employee.common.constant.ConfigBeanNameConstants.FORM_PR @Configuration(proxyBeanMethods = false) public class FormProtocolSecurityConfiguration extends AbstractSecurityConfiguration { - public FormProtocolSecurityConfiguration(SettingRepository settingRepository) { - super(settingRepository); - } - /** * FormProtocolSecurityFilterChain * @@ -71,7 +68,7 @@ public class FormProtocolSecurityConfiguration extends AbstractSecurityConfigura //@formatter:off httpSecurity.getSharedObject(AuthenticationManagerBuilder.class).parentAuthenticationManager(null); //Form IDP 配置 - FormAuthorizationServerConfigurer serverConfigurer = new FormAuthorizationServerConfigurer(); + FormAuthorizationServerConfigurer serverConfigurer = new FormAuthorizationServerConfigurer(userAgentParser); RequestMatcher endpointsMatcher = serverConfigurer.getEndpointsMatcher(); httpSecurity.securityMatcher(endpointsMatcher) .authorizeHttpRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()) @@ -123,4 +120,12 @@ public class FormProtocolSecurityConfiguration extends AbstractSecurityConfigura applicationServiceLoader); } + public FormProtocolSecurityConfiguration(SettingRepository settingRepository, + UserAgentParser userAgentParser) { + super(userAgentParser, settingRepository); + this.userAgentParser = userAgentParser; + } + + private final UserAgentParser userAgentParser; + } diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/JwtProtocolSecurityConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/JwtProtocolSecurityConfiguration.java index 5552b6ad..e31d3eda 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/JwtProtocolSecurityConfiguration.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/JwtProtocolSecurityConfiguration.java @@ -41,6 +41,7 @@ import cn.topiam.employee.protocol.jwt.RedisJwtAuthorizationService; import cn.topiam.employee.protocol.jwt.authentication.JwtAuthenticationFailureEventListener; import cn.topiam.employee.protocol.jwt.authentication.JwtAuthenticationSuccessEventListener; import cn.topiam.employee.protocol.jwt.configurers.JwtAuthorizationServerConfigurer; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import static org.springframework.security.config.http.SessionCreationPolicy.NEVER; import static cn.topiam.employee.common.constant.ConfigBeanNameConstants.JWT_PROTOCOL_SECURITY_FILTER_CHAIN; @@ -54,10 +55,6 @@ import static cn.topiam.employee.common.constant.ConfigBeanNameConstants.JWT_PRO @Configuration(proxyBeanMethods = false) public class JwtProtocolSecurityConfiguration extends AbstractSecurityConfiguration { - public JwtProtocolSecurityConfiguration(SettingRepository settingRepository) { - super(settingRepository); - } - /** * JwtProtocolSecurityFilterChain * @@ -71,7 +68,7 @@ public class JwtProtocolSecurityConfiguration extends AbstractSecurityConfigurat //@formatter:off httpSecurity.getSharedObject(AuthenticationManagerBuilder.class).parentAuthenticationManager(null); //Jwt IDP 配置 - JwtAuthorizationServerConfigurer serverConfigurer = new JwtAuthorizationServerConfigurer(); + JwtAuthorizationServerConfigurer serverConfigurer = new JwtAuthorizationServerConfigurer(userAgentParser); RequestMatcher endpointsMatcher = serverConfigurer.getEndpointsMatcher(); httpSecurity.securityMatcher(endpointsMatcher) .authorizeHttpRequests(authorizeRequests -> authorizeRequests.anyRequest().authenticated()) @@ -123,4 +120,12 @@ public class JwtProtocolSecurityConfiguration extends AbstractSecurityConfigurat applicationServiceLoader); } + private final UserAgentParser userAgentParser; + + public JwtProtocolSecurityConfiguration(SettingRepository settingRepository, + UserAgentParser userAgentParser) { + super(userAgentParser, settingRepository); + this.userAgentParser = userAgentParser; + } + } diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/OidcProtocolSecurityConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/OidcProtocolSecurityConfiguration.java index fc50e7bd..ff00f98a 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/OidcProtocolSecurityConfiguration.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/OidcProtocolSecurityConfiguration.java @@ -61,6 +61,7 @@ import cn.topiam.employee.common.repository.app.AppOidcConfigRepository; import cn.topiam.employee.common.repository.setting.SettingRepository; import cn.topiam.employee.support.jackjson.SupportJackson2Module; import cn.topiam.employee.support.redis.KeyStringRedisSerializer; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import static org.springframework.security.config.http.SessionCreationPolicy.NEVER; import static cn.topiam.employee.common.constant.ConfigBeanNameConstants.OIDC_PROTOCOL_SECURITY_FILTER_CHAIN; @@ -75,10 +76,6 @@ import static cn.topiam.employee.common.constant.ConfigBeanNameConstants.OIDC_PR @Configuration(proxyBeanMethods = false) public class OidcProtocolSecurityConfiguration extends AbstractSecurityConfiguration { - public OidcProtocolSecurityConfiguration(SettingRepository settingRepository) { - super(settingRepository); - } - /** * OIDC 协议 * @@ -91,7 +88,7 @@ public class OidcProtocolSecurityConfiguration extends AbstractSecurityConfigura AccessTokenAuthenticationManagerResolver authenticationManagerResolver) throws Exception { //@formatter:off httpSecurity.getSharedObject(AuthenticationManagerBuilder.class).parentAuthenticationManager(null); - OAuth2AuthorizationServerConfigurer serverConfigurer = new OAuth2AuthorizationServerConfigurer(); + OAuth2AuthorizationServerConfigurer serverConfigurer = new OAuth2AuthorizationServerConfigurer(userAgentParser); RequestMatcher endpointsMatcher = serverConfigurer.getEndpointsMatcher(); OrRequestMatcher requestMatcher = new OrRequestMatcher(endpointsMatcher); httpSecurity @@ -245,4 +242,12 @@ public class OidcProtocolSecurityConfiguration extends AbstractSecurityConfigura public OidcOpenApiCustomizer oidcOpenApiCustomizer() { return new OidcOpenApiCustomizer(); } + + public OidcProtocolSecurityConfiguration(SettingRepository settingRepository, + UserAgentParser userAgentParser) { + super(userAgentParser, settingRepository); + this.userAgentParser = userAgentParser; + } + + private final UserAgentParser userAgentParser; } diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/PortalSecurityConfiguration.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/PortalSecurityConfiguration.java index c66464e8..c534d26c 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/PortalSecurityConfiguration.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/configuration/security/PortalSecurityConfiguration.java @@ -73,10 +73,11 @@ import cn.topiam.employee.core.security.password.task.impl.PasswordExpireWarnTas import cn.topiam.employee.core.security.task.UserExpireLockTask; import cn.topiam.employee.core.security.task.UserUnlockTask; import cn.topiam.employee.portal.authentication.*; -import cn.topiam.employee.support.geo.GeoLocationService; +import cn.topiam.employee.support.geo.GeoLocationParser; import cn.topiam.employee.support.jackjson.SupportJackson2Module; import cn.topiam.employee.support.security.authentication.WebAuthenticationDetailsSource; import cn.topiam.employee.support.security.configurer.FormLoginConfigurer; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import static org.springframework.http.HttpMethod.*; import static org.springframework.security.config.Customizer.withDefaults; @@ -435,12 +436,13 @@ public class PortalSecurityConfiguration extends AbstractSecurityConfiguration /** * WebAuthenticationDetailsSource * - * @param geoLocationService {@link GeoLocationService} + * @param geoLocationParser {@link GeoLocationParser} * @return {@link WebAuthenticationDetailsSource} */ @Bean - public WebAuthenticationDetailsSource authenticationDetailsSource(GeoLocationService geoLocationService) { - return new WebAuthenticationDetailsSource(geoLocationService); + public WebAuthenticationDetailsSource authenticationDetailsSource(GeoLocationParser geoLocationParser, + UserAgentParser userAgentParser) { + return new WebAuthenticationDetailsSource(geoLocationParser, userAgentParser); } /** @@ -478,7 +480,8 @@ public class PortalSecurityConfiguration extends AbstractSecurityConfiguration this.loader = classLoader; } - public PortalSecurityConfiguration(UserRepository userRepository, + public PortalSecurityConfiguration(UserAgentParser userAgentParser, + UserRepository userRepository, UserDetailsService userDetailsService, OtpContextHelp otpContextHelp, PasswordEncoder passwordEncoder, @@ -486,7 +489,7 @@ public class PortalSecurityConfiguration extends AbstractSecurityConfiguration SettingRepository settingRepository, RegisteredIdentityProviderClientRepository registeredIdentityProviderClientRepository, IdentityProviderAuthenticationService identityProviderAuthenticationService) { - super(settingRepository); + super(userAgentParser, settingRepository); this.userRepository = userRepository; this.userDetailsService = userDetailsService; this.otpContextHelp = otpContextHelp; diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppAccountController.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppAccountController.java index 3681e984..25ce31ba 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppAccountController.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/AppAccountController.java @@ -29,8 +29,8 @@ import cn.topiam.employee.audit.annotation.Audit; import cn.topiam.employee.audit.event.type.EventType; import cn.topiam.employee.portal.pojo.request.AppAccountRequest; import cn.topiam.employee.portal.service.AppAccountService; +import cn.topiam.employee.support.demo.Preview; import cn.topiam.employee.support.lock.Lock; -import cn.topiam.employee.support.preview.Preview; import cn.topiam.employee.support.result.ApiRestResult; import lombok.AllArgsConstructor; diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/CurrentUserEndpoint.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/CurrentUserEndpoint.java index 084a1423..8ed0c181 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/CurrentUserEndpoint.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/controller/CurrentUserEndpoint.java @@ -28,15 +28,16 @@ import org.springframework.web.bind.annotation.RestController; import cn.topiam.employee.common.entity.account.UserEntity; import cn.topiam.employee.core.security.util.UserUtils; import cn.topiam.employee.support.result.ApiRestResult; -import cn.topiam.employee.support.util.DesensitizationUtil; import lombok.Data; import lombok.extern.slf4j.Slf4j; import io.swagger.v3.oas.annotations.media.Schema; import static cn.topiam.employee.common.constant.SessionConstants.CURRENT_USER; -import static cn.topiam.employee.support.util.ImageAvatarUtils.bufferedImageToBase64; -import static cn.topiam.employee.support.util.ImageAvatarUtils.generateAvatarImg; +import static cn.topiam.employee.support.util.AvatarUtils.bufferedImageToBase64; +import static cn.topiam.employee.support.util.AvatarUtils.generateAvatarImg; +import static cn.topiam.employee.support.util.DesensitizationUtils.emailEncrypt; +import static cn.topiam.employee.support.util.DesensitizationUtils.phoneEncrypt; /** * 当前用户 @@ -70,9 +71,9 @@ public class CurrentUserEndpoint { result.setAvatar(user.getAvatar()); } //邮箱 - result.setEmail(DesensitizationUtil.emailEncrypt(user.getEmail())); + result.setEmail(emailEncrypt(user.getEmail())); //手机号 - result.setPhone(DesensitizationUtil.phoneEncrypt(user.getPhone())); + result.setPhone(phoneEncrypt(user.getPhone())); return ApiRestResult.ok(result); } diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AccountServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AccountServiceImpl.java index ec4ebcd4..ad4ce6ad 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AccountServiceImpl.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/impl/AccountServiceImpl.java @@ -65,7 +65,7 @@ import cn.topiam.employee.support.security.password.exception.PasswordValidatedF import cn.topiam.employee.support.security.userdetails.UserDetails; import cn.topiam.employee.support.security.util.SecurityUtils; import cn.topiam.employee.support.util.BeanUtils; -import cn.topiam.employee.support.util.PhoneNumberUtils; +import cn.topiam.employee.support.util.PhoneUtils; import lombok.extern.slf4j.Slf4j; @@ -77,7 +77,7 @@ import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX00010 import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIED_BY; import static cn.topiam.employee.support.repository.base.BaseEntity.LAST_MODIFIED_TIME; import static cn.topiam.employee.support.util.EmailUtils.isEmailValidate; -import static cn.topiam.employee.support.util.PhoneNumberUtils.isPhoneValidate; +import static cn.topiam.employee.support.util.PhoneUtils.isPhoneValidate; /** * @author TopIAM @@ -263,7 +263,7 @@ public class AccountServiceImpl implements AccountService { } else if (isPhoneValidate(recipient)) { // 验证在库中是否有手机号 Optional optional = userRepository - .findByPhone(PhoneNumberUtils.getPhoneNumber(recipient)); + .findByPhone(PhoneUtils.getPhoneNumber(recipient)); if (optional.isPresent()) { otpContextHelp.sendOtp(recipient, SmsType.FORGET_PASSWORD.getCode(), MessageNoticeChannel.SMS); @@ -287,7 +287,7 @@ public class AccountServiceImpl implements AccountService { MessageNoticeChannel.MAIL, recipient, code); } } else if (isPhoneValidate(recipient)) { - optional = userRepository.findByPhone(PhoneNumberUtils.getPhoneNumber(recipient)); + optional = userRepository.findByPhone(PhoneUtils.getPhoneNumber(recipient)); if (optional.isPresent()) { checkOtp = otpContextHelp.checkOtp(SmsType.FORGET_PASSWORD.getCode(), MessageNoticeChannel.SMS, recipient, code); @@ -410,62 +410,62 @@ public class AccountServiceImpl implements AccountService { /** * Executor */ - private final Executor executor; + private final Executor executor; /** * AccountConverter */ - private final AccountConverter accountConverter; + private final AccountConverter accountConverter; /** * PasswordEncoder */ - private final PasswordEncoder passwordEncoder; + private final PasswordEncoder passwordEncoder; /** * UserRepository */ - private final UserRepository userRepository; + private final UserRepository userRepository; /** * 用户详情Repository */ - private final UserDetailRepository userDetailsRepository; + private final UserDetailRepository userDetailsRepository; /** * SessionRegistry */ - private final SessionRegistry sessionRegistry; + private final SessionRegistry sessionRegistry; /** * OtpContextHelp */ - private final OtpContextHelp otpContextHelp; + private final OtpContextHelp otpContextHelp; /** * SmsMsgEventPublish */ - private final SmsMsgEventPublish smsMsgEventPublish; + private final SmsMsgEventPublish smsMsgEventPublish; /** * StringRedisTemplate */ - private final StringRedisTemplate stringRedisTemplate; + private final StringRedisTemplate stringRedisTemplate; /** * PasswordPolicyManager */ - private final PasswordPolicyManager passwordPolicyManager; + private final PasswordPolicyManager passwordPolicyManager; /** * IdentityProviderRepository */ - private final IdentityProviderRepository identityProviderRepository; + private final IdentityProviderRepository identityProviderRepository; /** * UserAuthnBindRepository */ - private final UserIdpRepository userIdpRepository; + private final UserIdpRepository userIdpRepository; public AccountServiceImpl(AsyncConfigurer asyncConfigurer, AccountConverter accountConverter, PasswordEncoder passwordEncoder, UserRepository userRepository, @@ -473,7 +473,7 @@ public class AccountServiceImpl implements AccountService { SessionRegistry sessionRegistry, OtpContextHelp otpContextHelp, SmsMsgEventPublish smsMsgEventPublish, StringRedisTemplate stringRedisTemplate, - PasswordPolicyManager passwordPolicyManager, + PasswordPolicyManager passwordPolicyManager, IdentityProviderRepository identityProviderRepository, UserIdpRepository userIdpRepository) { this.executor = asyncConfigurer.getAsyncExecutor(); diff --git a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/userdetail/UserDetailsServiceImpl.java b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/userdetail/UserDetailsServiceImpl.java index b0895453..1144c012 100644 --- a/eiam-portal/src/main/java/cn/topiam/employee/portal/service/userdetail/UserDetailsServiceImpl.java +++ b/eiam-portal/src/main/java/cn/topiam/employee/portal/service/userdetail/UserDetailsServiceImpl.java @@ -17,13 +17,23 @@ */ package cn.topiam.employee.portal.service.userdetail; +import java.time.LocalDateTime; +import java.util.Optional; + import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.userdetails.UsernameNotFoundException; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.stereotype.Component; +import cn.topiam.employee.audit.context.AuditContext; +import cn.topiam.employee.audit.entity.Target; +import cn.topiam.employee.audit.enums.TargetType; import cn.topiam.employee.common.entity.account.UserEntity; +import cn.topiam.employee.common.repository.account.UserRepository; import cn.topiam.employee.portal.service.UserService; +import cn.topiam.employee.support.exception.TopIamException; +import cn.topiam.employee.support.security.password.exception.PasswordValidatedFailException; import cn.topiam.employee.support.security.userdetails.UserDetails; import cn.topiam.employee.support.security.userdetails.UserDetailsService; @@ -60,21 +70,99 @@ public class UserDetailsServiceImpl implements UserDetailsService { } @Override - public void changePassword(String username, String newPassword) { + public UserDetails loadUserByPhone(String phone) throws UsernameNotFoundException { + Optional optional = userRepository.findByPhone(phone); + //不存在该用户 + if (optional.isEmpty()) { + logger.info("根据手机号未查询该管理员【{}】", phone); + throw new UsernameNotFoundException("用户名或密码错误"); + } + return getUserDetails(optional.get()); + } + @Override + public UserDetails loadUserByEmail(String email) throws UsernameNotFoundException { + Optional optional = userRepository.findByEmail(email); + //不存在该用户 + if (optional.isEmpty()) { + logger.info("根据邮箱未查询该管理员【{}】", email); + throw new UsernameNotFoundException("用户名或密码错误"); + } + return getUserDetails(optional.get()); + } + + private UserDetails getUserDetails(UserEntity user) { + //锁定 + if (user.isLocked()) { + logger.info("用户【{}】被锁定", user.getUsername()); + } + //禁用 + if (user.isDisabled()) { + logger.info("用户【{}】被禁用", user.getUsername()); + } + return userService.getUserDetails(user); + } + + public void forceResetUserPassword(UserEntity user, String password) { + boolean matches = passwordEncoder.matches(password, user.getPassword()); + if (matches) { + logger.error("用户ID: [{}] 用户名: [{}] 新密码与旧密码相同", user.getId(), user.getUsername()); + throw new PasswordValidatedFailException("新密码不允许与旧密码相同"); + } + password = passwordEncoder.encode(password); + user.setPassword(password); + user.setLastUpdatePasswordTime(LocalDateTime.now()); + user.setNeedChangePassword(false); + // 更新密码 + userRepository.save(user); + AuditContext.setTarget(Target.builder().id(user.getId()).name(user.getUsername()) + .type(TargetType.USER).build()); + } + + @Override + public void changePassword(String username, String newPassword) { + UserEntity user = findByUsername(username); + forceResetUserPassword(user, newPassword); } @Override public void changePassword(String username, String oldPassword, String newPassword) { + UserEntity user = findByUsername(username); + boolean matches = passwordEncoder.matches(oldPassword, user.getPassword()); + if (!matches) { + logger.error("用户ID: [{}] 用户名: [{}] 旧密码匹配失败", user.getId(), user.getUsername()); + throw new PasswordValidatedFailException(); + } + forceResetUserPassword(user, newPassword); + } + public UserEntity findByUsername(String username) { + return userRepository.findByUsername(username).orElseThrow(() -> { + AuditContext.setContent("重置密码失败,用户不存在"); + logger.warn(AuditContext.getContent()); + return new TopIamException("操作失败"); + }); } /** * UserService */ - private final UserService userService; + private final UserRepository userRepository; - public UserDetailsServiceImpl(UserService userService) { + /** + * PasswordEncoder + */ + private final PasswordEncoder passwordEncoder; + + /** + * UserService + */ + private final UserService userService; + + public UserDetailsServiceImpl(UserRepository userRepository, PasswordEncoder passwordEncoder, + UserService userService) { + this.userRepository = userRepository; + this.passwordEncoder = passwordEncoder; this.userService = userService; } } diff --git a/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/code/UnauthorizedAuthenticationEntryPoint.java b/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/code/UnauthorizedAuthenticationEntryPoint.java index 80930244..067715e9 100644 --- a/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/code/UnauthorizedAuthenticationEntryPoint.java +++ b/eiam-protocol/eiam-protocol-core/src/main/java/cn/topiam/employee/protocol/code/UnauthorizedAuthenticationEntryPoint.java @@ -30,6 +30,7 @@ import cn.topiam.employee.support.security.savedredirect.HttpSessionRedirectCach import cn.topiam.employee.support.security.savedredirect.RedirectCache; import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint; import cn.topiam.employee.support.util.HttpResponseUtils; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; @@ -46,6 +47,10 @@ public class UnauthorizedAuthenticationEntryPoint extends AbstractAuthentication private final Logger logger = LoggerFactory.getLogger(this.getClass()); private final RedirectCache redirectCache = new HttpSessionRedirectCache(); + public UnauthorizedAuthenticationEntryPoint(UserAgentParser userAgentParser) { + super(userAgentParser); + } + @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException { diff --git a/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/configurers/FormAuthorizationServerConfigurer.java b/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/configurers/FormAuthorizationServerConfigurer.java index a69536c4..649dbf51 100644 --- a/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/configurers/FormAuthorizationServerConfigurer.java +++ b/eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/configurers/FormAuthorizationServerConfigurer.java @@ -33,6 +33,7 @@ import cn.topiam.employee.protocol.code.EndpointMatcher; import cn.topiam.employee.protocol.code.UnauthorizedAuthenticationEntryPoint; import cn.topiam.employee.protocol.code.configurer.AbstractConfigurer; import cn.topiam.employee.protocol.form.context.FormAuthorizationServerContextFilter; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import static cn.topiam.employee.protocol.code.configurer.AuthenticationUtils.getApplicationServiceLoader; /** @@ -67,8 +68,8 @@ public final class FormAuthorizationServerConfigurer extends httpSecurity.exceptionHandling(exceptionHandling -> { if (exceptionHandling != null) { //身份验证入口点 - exceptionHandling - .authenticationEntryPoint(new UnauthorizedAuthenticationEntryPoint()); + exceptionHandling.authenticationEntryPoint( + new UnauthorizedAuthenticationEntryPoint(userAgentParser)); } }); } @@ -97,4 +98,9 @@ public final class FormAuthorizationServerConfigurer extends return configurers; } + private final UserAgentParser userAgentParser; + + public FormAuthorizationServerConfigurer(UserAgentParser userAgentParser) { + this.userAgentParser = userAgentParser; + } } diff --git a/eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/configurers/JwtAuthorizationServerConfigurer.java b/eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/configurers/JwtAuthorizationServerConfigurer.java index e245874b..290efaa9 100644 --- a/eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/configurers/JwtAuthorizationServerConfigurer.java +++ b/eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/configurers/JwtAuthorizationServerConfigurer.java @@ -33,6 +33,7 @@ import cn.topiam.employee.protocol.code.EndpointMatcher; import cn.topiam.employee.protocol.code.UnauthorizedAuthenticationEntryPoint; import cn.topiam.employee.protocol.code.configurer.AbstractConfigurer; import cn.topiam.employee.protocol.jwt.context.JwtAuthorizationServerContextFilter; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import static cn.topiam.employee.protocol.code.configurer.AuthenticationUtils.getApplicationServiceLoader; /** @@ -67,8 +68,8 @@ public final class JwtAuthorizationServerConfigurer extends httpSecurity.exceptionHandling(exceptionHandling -> { if (exceptionHandling != null) { //身份验证入口点 - exceptionHandling - .authenticationEntryPoint(new UnauthorizedAuthenticationEntryPoint()); + exceptionHandling.authenticationEntryPoint( + new UnauthorizedAuthenticationEntryPoint(userAgentParser)); } }); @@ -99,4 +100,9 @@ public final class JwtAuthorizationServerConfigurer extends return configurers; } + private final UserAgentParser userAgentParser; + + public JwtAuthorizationServerConfigurer(UserAgentParser userAgentParser) { + this.userAgentParser = userAgentParser; + } } diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/authentication/ClientAuthenticationRequiredEntryPoint.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/authentication/ClientAuthenticationRequiredEntryPoint.java index bb3c8631..cebbd5ff 100644 --- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/authentication/ClientAuthenticationRequiredEntryPoint.java +++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/authentication/ClientAuthenticationRequiredEntryPoint.java @@ -27,6 +27,7 @@ import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter; import cn.topiam.employee.support.security.web.AbstractAuthenticationEntryPoint; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import jakarta.servlet.ServletException; import jakarta.servlet.http.HttpServletRequest; @@ -43,6 +44,10 @@ import static cn.topiam.eiam.protocol.oidc.constant.OidcProtocolConstants.OIDC_E */ public class ClientAuthenticationRequiredEntryPoint extends AbstractAuthenticationEntryPoint { + public ClientAuthenticationRequiredEntryPoint(UserAgentParser userAgentParser) { + super(userAgentParser); + } + @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, diff --git a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/configurers/OAuth2AuthorizationServerConfigurer.java b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/configurers/OAuth2AuthorizationServerConfigurer.java index eb04a040..b6e3e593 100644 --- a/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/configurers/OAuth2AuthorizationServerConfigurer.java +++ b/eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/configurers/OAuth2AuthorizationServerConfigurer.java @@ -52,6 +52,7 @@ import cn.topiam.employee.common.constant.ProtocolConstants; import cn.topiam.employee.protocol.code.EndpointMatcher; import cn.topiam.employee.protocol.code.UnauthorizedAuthenticationEntryPoint; import cn.topiam.employee.protocol.code.configurer.AbstractConfigurer; +import cn.topiam.employee.support.web.useragent.UserAgentParser; import static cn.topiam.employee.protocol.code.configurer.AuthenticationUtils.getApplicationServiceLoader; import static cn.topiam.employee.support.security.util.HttpSecurityConfigUtils.getOptionalBean; @@ -97,10 +98,10 @@ public final class OAuth2AuthorizationServerConfigurer extends if (exceptionHandling != null) { //认证端点异常 exceptionHandling.defaultAuthenticationEntryPointFor( - new UnauthorizedAuthenticationEntryPoint(), new OrRequestMatcher( + new UnauthorizedAuthenticationEntryPoint(userAgentParser), new OrRequestMatcher( getRequestMatcher(OAuth2AuthorizationEndpointConfigurer.class))); exceptionHandling.defaultAuthenticationEntryPointFor( - new ClientAuthenticationRequiredEntryPoint(), + new ClientAuthenticationRequiredEntryPoint(userAgentParser), new OrRequestMatcher(getRequestMatcher(OAuth2TokenEndpointConfigurer.class), getRequestMatcher(OAuth2TokenIntrospectionEndpointConfigurer.class), getRequestMatcher(OAuth2TokenRevocationEndpointConfigurer.class), @@ -200,4 +201,9 @@ public final class OAuth2AuthorizationServerConfigurer extends return configurers; } + private final UserAgentParser userAgentParser; + + public OAuth2AuthorizationServerConfigurer(UserAgentParser userAgentParser) { + this.userAgentParser = userAgentParser; + } } diff --git a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/configuration/IdentitySourceBeanRegistry.java b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/configuration/IdentitySourceBeanRegistry.java index 58deabe2..651dfb37 100644 --- a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/configuration/IdentitySourceBeanRegistry.java +++ b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/configuration/IdentitySourceBeanRegistry.java @@ -68,7 +68,8 @@ import cn.topiam.employee.support.trace.TraceUtils; import cn.topiam.employee.synchronizer.task.IdentitySourceSyncTask; import lombok.extern.slf4j.Slf4j; -import static cn.topiam.employee.support.lock.LockAspect.getTopiamLockKeyPrefix; +import static cn.topiam.employee.support.constant.EiamConstants.CACHE_LOCK_KEY_PREFIX; +import static cn.topiam.employee.support.constant.EiamConstants.COLON; import static cn.topiam.employee.synchronizer.configuration.IdentitySourceBeanUtils.getSourceBeanName; /** @@ -305,7 +306,7 @@ public class IdentitySourceBeanRegistry implements IdentitySourceEventListener { stopWatch.start(); log.info("[手动任务]-同步身份源[{}]数据开始", identitySource.getName()); TraceUtils.put(new JdkIdGenerator().generateId().toString()); - RLock lock = redissonClient.getLock(getTopiamLockKeyPrefix() + id); + RLock lock = redissonClient.getLock(CACHE_LOCK_KEY_PREFIX + COLON + id); boolean tryLock = false; try { tryLock = lock.tryLock(1, TimeUnit.SECONDS); diff --git a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/task/IdentitySourceSyncTask.java b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/task/IdentitySourceSyncTask.java index 91fc6e68..f758093e 100644 --- a/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/task/IdentitySourceSyncTask.java +++ b/eiam-synchronizer/src/main/java/cn/topiam/employee/synchronizer/task/IdentitySourceSyncTask.java @@ -32,7 +32,8 @@ import cn.topiam.employee.identitysource.core.IdentitySourceConfig; import cn.topiam.employee.support.trace.TraceUtils; import lombok.RequiredArgsConstructor; -import static cn.topiam.employee.support.lock.LockAspect.getTopiamLockKeyPrefix; +import static cn.topiam.employee.support.constant.EiamConstants.CACHE_LOCK_KEY_PREFIX; +import static cn.topiam.employee.support.constant.EiamConstants.COLON; /** * 身份源同步任务 @@ -64,7 +65,7 @@ public class IdentitySourceSyncTask implements Runnable { logger.info("[任务触发]-同步身份源[{}]数据开始", name); String traceId = idGenerator.generateId().toString(); TraceUtils.put(traceId); - RLock lock = redissonClient.getLock(getTopiamLockKeyPrefix() + id); + RLock lock = redissonClient.getLock(CACHE_LOCK_KEY_PREFIX + COLON + id); boolean tryLock = false; try { tryLock = lock.tryLock(1, TimeUnit.SECONDS);