This commit is contained in:
YuleiLan 2020-08-18 13:18:01 +08:00
commit c13ec39382
8 changed files with 106 additions and 43 deletions

View File

@ -2,6 +2,7 @@ package system
import ( import (
"ferry/models/system" "ferry/models/system"
"ferry/pkg/ldap"
"ferry/pkg/logger" "ferry/pkg/logger"
"ferry/tools" "ferry/tools"
"ferry/tools/app" "ferry/tools/app"
@ -288,12 +289,22 @@ func SysUserUpdatePwd(c *gin.Context) {
app.Error(c, -1, err, "") app.Error(c, -1, err, "")
return return
} }
sysuser := system.SysUser{} if pwd.PasswordType == 0 {
sysuser.UserId = tools.GetUserId(c) sysuser := system.SysUser{}
_, err = sysuser.SetPwd(pwd) sysuser.UserId = tools.GetUserId(c)
if err != nil { _, err = sysuser.SetPwd(pwd)
app.Error(c, -1, err, "") if err != nil {
return app.Error(c, -1, err, "")
return
}
} else if pwd.PasswordType == 1 {
// 修改ldap密码
err = ldap.LdapUpdatePwd(tools.GetUserName(c), pwd.OldPassword, pwd.NewPassword)
if err != nil {
app.Error(c, -1, err, "")
return
}
} }
app.OK(c, "", "密码修改成功") app.OK(c, "", "密码修改成功")
} }

1
go.mod
View File

@ -33,6 +33,7 @@ require (
github.com/unrolled/secure v1.0.8 github.com/unrolled/secure v1.0.8
go.uber.org/zap v1.10.0 go.uber.org/zap v1.10.0
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
golang.org/x/text v0.3.3
gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect
gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df

View File

@ -1,6 +1,7 @@
package handler package handler
import ( import (
"errors"
"ferry/global/orm" "ferry/global/orm"
"ferry/models/system" "ferry/models/system"
jwt "ferry/pkg/jwtauth" jwt "ferry/pkg/jwtauth"
@ -9,6 +10,7 @@ import (
"ferry/tools" "ferry/tools"
"fmt" "fmt"
"net/http" "net/http"
"time"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/mojocn/base64Captcha" "github.com/mojocn/base64Captcha"
@ -60,15 +62,9 @@ func Authenticator(c *gin.Context) (interface{}, error) {
loginLog system.LoginLog loginLog system.LoginLog
roleValue system.SysRole roleValue system.SysRole
authUserCount int authUserCount int
l = ldap.Connection{} addUserInfo system.SysUser
userInfo system.SysUser
addUserInfo struct {
Username string `json:"username"`
RoleId int `json:"role_id"`
}
) )
loginType := c.DefaultQuery("login_type", "0")
ua := user_agent.New(c.Request.UserAgent()) ua := user_agent.New(c.Request.UserAgent())
loginLog.Ipaddr = c.ClientIP() loginLog.Ipaddr = c.ClientIP()
location := tools.GetLocation(c.ClientIP()) location := tools.GetLocation(c.ClientIP())
@ -84,7 +80,6 @@ func Authenticator(c *gin.Context) (interface{}, error) {
// 获取前端过来的数据 // 获取前端过来的数据
if err := c.ShouldBind(&loginVal); err != nil { if err := c.ShouldBind(&loginVal); err != nil {
fmt.Println("********** " + err.Error() + " **********")
loginLog.Status = "1" loginLog.Status = "1"
loginLog.Msg = "数据解析失败" loginLog.Msg = "数据解析失败"
loginLog.Username = loginVal.Username loginLog.Username = loginVal.Username
@ -102,30 +97,33 @@ func Authenticator(c *gin.Context) (interface{}, error) {
} }
// ldap 验证 // ldap 验证
if loginType == "1" { if loginVal.LoginType == 1 {
// ldap登陆 // ldap登陆
err = l.LdapLogin(loginVal.Username, loginVal.Password) err = ldap.LdapLogin(loginVal.Username, loginVal.Password)
if err != nil { if err != nil {
return nil, jwt.ErrInvalidVerificationode return nil, err
} }
// 2. 将ldap用户信息写入到用户数据表中 // 2. 将ldap用户信息写入到用户数据表中
err = orm.Eloquent.Table("sys_user"). err = orm.Eloquent.Table("sys_user").
Where("username = ?", userInfo.Username). Where("username = ?", loginVal.Username).
Count(&authUserCount).Error Count(&authUserCount).Error
if err != nil { if err != nil {
return nil, jwt.ErrInvalidVerificationode return nil, errors.New(fmt.Sprintf("查询用户失败,%v", err))
} }
if authUserCount == 0 { if authUserCount == 0 {
addUserInfo.Username = userInfo.Username addUserInfo.Username = loginVal.Username
// 获取默认权限ID // 获取默认权限ID
err = orm.Eloquent.Table("sys_role").Where("role_key = 'common'").Find(&roleValue).Error err = orm.Eloquent.Table("sys_role").Where("role_key = 'common'").Find(&roleValue).Error
if err != nil { if err != nil {
return nil, jwt.ErrInvalidVerificationode return nil, errors.New(fmt.Sprintf("查询角色失败,%v", err))
} }
addUserInfo.RoleId = roleValue.RoleId // 绑定通用角色 addUserInfo.RoleId = roleValue.RoleId // 绑定通用角色
addUserInfo.Status = "0"
addUserInfo.CreatedAt = time.Now()
addUserInfo.UpdatedAt = time.Now()
err = orm.Eloquent.Table("sys_user").Create(&addUserInfo).Error err = orm.Eloquent.Table("sys_user").Create(&addUserInfo).Error
if err != nil { if err != nil {
return nil, jwt.ErrInvalidVerificationode return nil, errors.New(fmt.Sprintf("创建本地用户失败,%v", err))
} }
} }
} }

View File

@ -10,10 +10,11 @@ import (
*/ */
type Login struct { type Login struct {
Username string `form:"UserName" json:"username" binding:"required"` Username string `form:"UserName" json:"username" binding:"required"`
Password string `form:"Password" json:"password" binding:"required"` Password string `form:"Password" json:"password" binding:"required"`
Code string `form:"Code" json:"code" binding:"required"` Code string `form:"Code" json:"code" binding:"required"`
UUID string `form:"UUID" json:"uuid" binding:"required"` UUID string `form:"UUID" json:"uuid" binding:"required"`
LoginType int `form:"LoginType" json:"loginType"`
} }
func (u *Login) GetUser() (user SysUser, role SysRole, e error) { func (u *Login) GetUser() (user SysUser, role SysRole, e error) {
@ -22,10 +23,15 @@ func (u *Login) GetUser() (user SysUser, role SysRole, e error) {
if e != nil { if e != nil {
return return
} }
_, e = tools.CompareHashAndPassword(user.Password, u.Password)
if e != nil { // 验证密码
return if u.LoginType == 0 {
_, e = tools.CompareHashAndPassword(user.Password, u.Password)
if e != nil {
return
}
} }
e = orm.Eloquent.Table("sys_role").Where("role_id = ? ", user.RoleId).First(&role).Error e = orm.Eloquent.Table("sys_role").Where("role_id = ? ", user.RoleId).First(&role).Error
if e != nil { if e != nil {
return return

View File

@ -73,8 +73,9 @@ func (SysUser) TableName() string {
} }
type SysUserPwd struct { type SysUserPwd struct {
OldPassword string `json:"oldPassword"` OldPassword string `json:"oldPassword" form:"oldPassword"`
NewPassword string `json:"newPassword"` NewPassword string `json:"newPassword" form:"newPassword"`
PasswordType int `json:"passwordType" form:"passwordType"`
} }
type SysUserPage struct { type SysUserPage struct {

View File

@ -2,6 +2,7 @@ package ldap
import ( import (
"crypto/tls" "crypto/tls"
"errors"
"ferry/pkg/logger" "ferry/pkg/logger"
"fmt" "fmt"
"time" "time"
@ -15,34 +16,33 @@ import (
@Author : lanyulei @Author : lanyulei
*/ */
type Connection struct { var conn *ldap.Conn
Conn *ldap.Conn
}
// ldap连接 // ldap连接
func (c *Connection) ldapConnection() (err error) { func ldapConnection() (err error) {
var ldapConn = fmt.Sprintf("%v:%v", viper.GetString("settings.ldap.host"), viper.GetString("settings.ldap.port")) var ldapConn = fmt.Sprintf("%v:%v", viper.GetString("settings.ldap.host"), viper.GetString("settings.ldap.port"))
if viper.GetInt("settings.ldap.port") == 636 { if viper.GetInt("settings.ldap.port") == 636 {
c.Conn, err = ldap.DialTLS( conn, err = ldap.DialTLS(
"tcp", "tcp",
ldapConn, ldapConn,
&tls.Config{InsecureSkipVerify: true}, &tls.Config{InsecureSkipVerify: true},
) )
} else { } else {
c.Conn, err = ldap.Dial( conn, err = ldap.Dial(
"tcp", "tcp",
ldapConn, ldapConn,
) )
} }
if err != nil { if err != nil {
logger.Errorf("无法连接到ldap服务器%v", err) err = errors.New(fmt.Sprintf("无法连接到ldap服务器%v", err))
logger.Error(err)
return return
} }
//设置超时时间 //设置超时时间
c.Conn.SetTimeout(5 * time.Second) conn.SetTimeout(5 * time.Second)
return return
} }

View File

@ -11,14 +11,14 @@ import (
@Author : lanyulei @Author : lanyulei
*/ */
func (c *Connection) LdapLogin(username string, password string) (err error) { func LdapLogin(username string, password string) (err error) {
err = c.ldapConnection() err = ldapConnection()
if err != nil { if err != nil {
return return
} }
defer c.Conn.Close() defer conn.Close()
err = c.Conn.Bind(fmt.Sprintf("cn=%v,%v", username, viper.GetString("settings.ldap.baseDn")), password) err = conn.Bind(fmt.Sprintf("cn=%v,%v", username, viper.GetString("settings.ldap.baseDn")), password)
if err != nil { if err != nil {
logger.Error("用户或密码错误。", err) logger.Error("用户或密码错误。", err)
return return

46
pkg/ldap/updatePwd.go Normal file
View File

@ -0,0 +1,46 @@
package ldap
import (
"ferry/pkg/logger"
"fmt"
"github.com/go-ldap/ldap/v3"
"golang.org/x/text/encoding/unicode"
"github.com/spf13/viper"
)
/*
@Author : lanyulei
*/
func LdapUpdatePwd(username string, oldPassword string, newPassword string) (err error) {
err = ldapConnection()
if err != nil {
return
}
defer conn.Close()
var userDn = fmt.Sprintf("cn=%v,%v", username, viper.GetString("settings.ldap.baseDn"))
err = conn.Bind(userDn, oldPassword)
if err != nil {
logger.Error("用户或密码错误。", err)
return
}
sql2 := ldap.NewModifyRequest(userDn, nil)
utf16 := unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM)
pwdEncoded, _ := utf16.NewEncoder().String(newPassword)
sql2.Replace("unicodePwd", []string{pwdEncoded})
sql2.Replace("userAccountControl", []string{"512"})
if err = conn.Modify(sql2); err != nil {
logger.Error("密码修改失败,%v", err.Error())
return
}
return
}