【7.2.5】【auth】更新登录时密码加密的校验开关

2022-10-16 23:58:09 +08:00 · 2022-10-16 23:58:09 +08:00 · 644bc7a94a
parent b4249585b2
commit 644bc7a94a
4 changed files with 41 additions and 6 deletions
--- a/kernel-d-auth/auth-api/pom.xml
+++ b/kernel-d-auth/auth-api/pom.xml
@ -17,6 +17,14 @@

    <dependencies>

+        <!--jwt模块的api-->
+        <!--AuthServiceApi解析token的结果需要用到jwt模块-->
+        <dependency>
+            <groupId>cn.stylefeng.roses</groupId>
+            <artifactId>jwt-api</artifactId>
+            <version>${roses.version}</version>
+        </dependency>
+
        <!--解析需要转化时间-->
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/AuthServiceApi.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/AuthServiceApi.java
@ -28,6 +28,7 @@ import cn.stylefeng.roses.kernel.auth.api.exception.AuthException;
 import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginRequest;
 import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginResponse;
 import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginWithTokenRequest;
+import cn.stylefeng.roses.kernel.jwt.api.pojo.payload.DefaultJwtPayload;

 /**
 * 认证服务的接口，包括基本的登录退出操作和校验token等操作
@ -98,11 +99,12 @@ public interface AuthServiceApi {
     * 结果有三种，第一是jwt过期了，第二是用户随便写的错误token，第三种是token正确，token正确不会抛出异常
     *
     * @param token 某个用户的登录token
+     * @return token解析出的用户基本信息
     * @throws AuthException 认证异常，如果token错误或过期，会有相关的异常抛出
     * @author fengshuonan
     * @date 2020/10/19 14:16
     */
-    void validateToken(String token) throws AuthException;
+    DefaultJwtPayload validateToken(String token) throws AuthException;

    /**
     * 校验用户是否认证通过，认证是校验token的过程，校验失败会抛出异常
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/expander/AuthConfigExpander.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/expander/AuthConfigExpander.java
@ -235,4 +235,16 @@ public class AuthConfigExpander {
        return ConfigContext.me().getSysConfigValueWithDefault("SYS_AUTH_SSO_HOST", String.class, SYS_AUTH_SSO_HOST);
    }

+    /**
+     * 登录密码是否进行RSA加密校验，默认关闭
+     * <p>
+     * 需要前端配合加密后再打开开关
+     *
+     * @author fengshuonan
+     * @date 2022/10/16 23:28
+     */
+    public static Boolean getPasswordRsaValidateFlag() {
+        return ConfigContext.me().getSysConfigValueWithDefault("SYS_AUTH_PASSWORD_RSA_VALIDATE", Boolean.class, false);
+    }
+
 }
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
@ -216,16 +216,26 @@ public class AuthServiceImpl implements AuthServiceApi {
    }

    @Override
-    public void validateToken(String token) throws AuthException {
+    public DefaultJwtPayload validateToken(String token) throws AuthException {
        try {
            // 1. 先校验jwt token本身是否有问题
            JwtContext.me().validateTokenWithException(token);

-            // 2. 判断session里是否有这个token
+            // 2. 获取jwt的payload
+            DefaultJwtPayload defaultPayload = JwtContext.me().getDefaultPayload(token);
+
+            // 3. 如果是7天免登陆，则不校验session过期
+            if (defaultPayload.getRememberMe()) {
+                return defaultPayload;
+            }
+
+            // 4. 判断session里是否有这个token
            LoginUser session = sessionManagerApi.getSession(token);
            if (session == null) {
                throw new AuthException(AUTH_EXPIRED_ERROR);
            }
+
+            return defaultPayload;
        } catch (JwtException jwtException) {
            // jwt token本身过期的话，返回 AUTH_EXPIRED_ERROR
            if (JwtExceptionEnum.JWT_EXPIRED_ERROR.getErrorCode().equals(jwtException.getErrorCode())) {
@ -316,8 +326,11 @@ public class AuthServiceImpl implements AuthServiceApi {
            throw new ScannerException(ScannerExceptionEnum.SYSTEM_RESOURCE_URL_NOT_INIT);
        }

-        // 3. 解密密码的密文
-        String decryptPassword = passwordTransferEncryptApi.decrypt(loginRequest.getPassword());
+        // 3. 解密密码的密文，需要sys_config相关配置打开
+        if (loginRequest.getPassword() != null && AuthConfigExpander.getPasswordRsaValidateFlag()) {
+            String decryptPassword = passwordTransferEncryptApi.decrypt(loginRequest.getPassword());
+            loginRequest.setPassword(decryptPassword);
+        }

        // 4. 如果开启了单点登录，并且CaToken没有值，走单点登录，获取loginCode
        if (ssoProperties.getOpenFlag() && StrUtil.isEmpty(caToken)) {
@ -330,7 +343,7 @@ public class AuthServiceImpl implements AuthServiceApi {
                SsoServerApi ssoServerApi = SpringUtil.getBean(SsoServerApi.class);
                SsoLoginCodeRequest ssoLoginCodeRequest = new SsoLoginCodeRequest();
                ssoLoginCodeRequest.setAccount(loginRequest.getAccount());
-                ssoLoginCodeRequest.setPassword(decryptPassword);
+                ssoLoginCodeRequest.setPassword(loginRequest.getPassword());
                String remoteLoginCode = ssoServerApi.createSsoLoginCode(ssoLoginCodeRequest);
                return new LoginResponse(remoteLoginCode);
            }