mirror of
https://github.com/PowerJob/PowerJob.git
synced 2025-07-17 00:00:04 +08:00
fix: [auth] Bugs in user login module
This commit is contained in:
tjq
parent
6539c66226
commit
9419340829
@ -94,6 +94,7 @@ public class PowerJobLoginServiceImpl implements PowerJobLoginService {
|
|||||||
newUser.setUsername(dbUserName);
|
newUser.setUsername(dbUserName);
|
||||||
// 写入账号体系类型
|
// 写入账号体系类型
|
||||||
newUser.setAccountType(loginType);
|
newUser.setAccountType(loginType);
|
||||||
|
newUser.setOriginUsername(bizUser.getUsername());
|
||||||
|
|
||||||
// 同步素材
|
// 同步素材
|
||||||
newUser.setEmail(bizUser.getEmail());
|
newUser.setEmail(bizUser.getEmail());
|
||||||
|
|||||||
@ -55,10 +55,16 @@ public class UserInfoDO {
|
|||||||
*/
|
*/
|
||||||
private String webHook;
|
private String webHook;
|
||||||
/**
|
/**
|
||||||
* 扩展字段
|
* 扩展字段 for 第三方
|
||||||
|
* PowerJob 内部不允许使用该字段
|
||||||
*/
|
*/
|
||||||
private String extra;
|
private String extra;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 原始账号 username
|
||||||
|
*/
|
||||||
|
private String originUsername;
|
||||||
|
|
||||||
private Date gmtCreate;
|
private Date gmtCreate;
|
||||||
|
|
||||||
private Date gmtModified;
|
private Date gmtModified;
|
||||||
|
|||||||
@ -56,7 +56,7 @@ public class PwjbUserInfoController {
|
|||||||
pwjbUserInfoDO.setGmtModified(new Date());
|
pwjbUserInfoDO.setGmtModified(new Date());
|
||||||
|
|
||||||
// 二次加密密码
|
// 二次加密密码
|
||||||
final String password = pwjbUserInfoDO.getPassword();
|
final String password = request.getPassword();
|
||||||
if (StringUtils.isNotEmpty(password)) {
|
if (StringUtils.isNotEmpty(password)) {
|
||||||
pwjbUserInfoDO.setPassword(DigestUtils.rePassword(password, pwjbUserInfoDO.getUsername()));
|
pwjbUserInfoDO.setPassword(DigestUtils.rePassword(password, pwjbUserInfoDO.getUsername()));
|
||||||
}
|
}
|
||||||
@ -76,9 +76,10 @@ public class PwjbUserInfoController {
|
|||||||
throw new IllegalArgumentException("Inconsistent passwords");
|
throw new IllegalArgumentException("Inconsistent passwords");
|
||||||
}
|
}
|
||||||
|
|
||||||
Optional<PwjbUserInfoDO> userOpt = pwjbUserInfoRepository.findById(changePasswordRequest.getUserId());
|
String username = changePasswordRequest.getUsername();
|
||||||
|
Optional<PwjbUserInfoDO> userOpt = pwjbUserInfoRepository.findByUsername(username);
|
||||||
if (!userOpt.isPresent()) {
|
if (!userOpt.isPresent()) {
|
||||||
throw new IllegalArgumentException("can't find user by userId: " + changePasswordRequest.getUserId());
|
throw new IllegalArgumentException("can't find user by username: " + username);
|
||||||
}
|
}
|
||||||
|
|
||||||
PwjbUserInfoDO dbUser = userOpt.get();
|
PwjbUserInfoDO dbUser = userOpt.get();
|
||||||
|
|||||||
@ -3,13 +3,11 @@ package tech.powerjob.server.web.controller;
|
|||||||
import com.google.common.collect.Lists;
|
import com.google.common.collect.Lists;
|
||||||
import com.google.common.collect.Maps;
|
import com.google.common.collect.Maps;
|
||||||
import com.google.common.collect.Sets;
|
import com.google.common.collect.Sets;
|
||||||
|
import lombok.SneakyThrows;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.springframework.beans.BeanUtils;
|
import org.springframework.beans.BeanUtils;
|
||||||
import org.springframework.util.CollectionUtils;
|
import org.springframework.util.CollectionUtils;
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
|
||||||
import org.springframework.web.bind.annotation.RequestParam;
|
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
|
||||||
import tech.powerjob.common.response.ResultDTO;
|
import tech.powerjob.common.response.ResultDTO;
|
||||||
import tech.powerjob.common.serialize.JsonUtils;
|
import tech.powerjob.common.serialize.JsonUtils;
|
||||||
import tech.powerjob.server.auth.PowerJobUser;
|
import tech.powerjob.server.auth.PowerJobUser;
|
||||||
@ -19,7 +17,6 @@ import tech.powerjob.server.auth.common.AuthErrorCode;
|
|||||||
import tech.powerjob.server.auth.common.PowerJobAuthException;
|
import tech.powerjob.server.auth.common.PowerJobAuthException;
|
||||||
import tech.powerjob.server.auth.service.WebAuthService;
|
import tech.powerjob.server.auth.service.WebAuthService;
|
||||||
import tech.powerjob.server.auth.service.login.PowerJobLoginService;
|
import tech.powerjob.server.auth.service.login.PowerJobLoginService;
|
||||||
import tech.powerjob.server.core.service.UserService;
|
|
||||||
import tech.powerjob.server.persistence.remote.model.AppInfoDO;
|
import tech.powerjob.server.persistence.remote.model.AppInfoDO;
|
||||||
import tech.powerjob.server.persistence.remote.model.NamespaceDO;
|
import tech.powerjob.server.persistence.remote.model.NamespaceDO;
|
||||||
import tech.powerjob.server.persistence.remote.model.UserInfoDO;
|
import tech.powerjob.server.persistence.remote.model.UserInfoDO;
|
||||||
@ -28,6 +25,7 @@ import tech.powerjob.server.persistence.remote.repository.NamespaceRepository;
|
|||||||
import tech.powerjob.server.persistence.remote.repository.UserInfoRepository;
|
import tech.powerjob.server.persistence.remote.repository.UserInfoRepository;
|
||||||
import tech.powerjob.server.web.converter.NamespaceConverter;
|
import tech.powerjob.server.web.converter.NamespaceConverter;
|
||||||
import tech.powerjob.server.web.converter.UserConverter;
|
import tech.powerjob.server.web.converter.UserConverter;
|
||||||
|
import tech.powerjob.server.web.request.ModifyUserInfoRequest;
|
||||||
import tech.powerjob.server.web.response.AppBaseVO;
|
import tech.powerjob.server.web.response.AppBaseVO;
|
||||||
import tech.powerjob.server.web.response.NamespaceBaseVO;
|
import tech.powerjob.server.web.response.NamespaceBaseVO;
|
||||||
import tech.powerjob.server.web.response.UserBaseVO;
|
import tech.powerjob.server.web.response.UserBaseVO;
|
||||||
@ -35,10 +33,7 @@ import tech.powerjob.server.web.response.UserDetailVO;
|
|||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import java.util.List;
|
import java.util.*;
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Optional;
|
|
||||||
import java.util.Set;
|
|
||||||
import java.util.stream.Collectors;
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -50,8 +45,6 @@ import java.util.stream.Collectors;
|
|||||||
@RestController
|
@RestController
|
||||||
@RequestMapping("/user")
|
@RequestMapping("/user")
|
||||||
public class UserInfoController {
|
public class UserInfoController {
|
||||||
@Resource
|
|
||||||
private UserService userService;
|
|
||||||
@Resource
|
@Resource
|
||||||
private UserInfoRepository userInfoRepository;
|
private UserInfoRepository userInfoRepository;
|
||||||
@Resource
|
@Resource
|
||||||
@ -63,6 +56,50 @@ public class UserInfoController {
|
|||||||
@Resource
|
@Resource
|
||||||
private AppInfoRepository appInfoRepository;
|
private AppInfoRepository appInfoRepository;
|
||||||
|
|
||||||
|
@SneakyThrows
|
||||||
|
@PostMapping("/modify")
|
||||||
|
public ResultDTO<Void> modifyUser(@RequestBody ModifyUserInfoRequest modifyUserInfoRequest, HttpServletRequest httpServletRequest) {
|
||||||
|
|
||||||
|
Optional<PowerJobUser> powerJobUserOpt = powerJobLoginService.ifLogin(httpServletRequest);
|
||||||
|
if (!powerJobUserOpt.isPresent()) {
|
||||||
|
throw new PowerJobAuthException(AuthErrorCode.USER_NOT_LOGIN);
|
||||||
|
}
|
||||||
|
|
||||||
|
Long userId = modifyUserInfoRequest.getId();
|
||||||
|
Optional<UserInfoDO> userOpt = userInfoRepository.findById(userId);
|
||||||
|
if (!userOpt.isPresent()) {
|
||||||
|
throw new IllegalArgumentException("can't find user by userId:" + userId);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!Objects.equals(powerJobUserOpt.get().getId(), userId)) {
|
||||||
|
throw new IllegalAccessException("no permission to change others user info");
|
||||||
|
}
|
||||||
|
|
||||||
|
UserInfoDO dbUser = userOpt.get();
|
||||||
|
|
||||||
|
// 拷入允许修改的内容
|
||||||
|
if (StringUtils.isNotEmpty(modifyUserInfoRequest.getNick())) {
|
||||||
|
dbUser.setNick(modifyUserInfoRequest.getNick());
|
||||||
|
}
|
||||||
|
if (StringUtils.isNotEmpty(modifyUserInfoRequest.getPhone())) {
|
||||||
|
dbUser.setPhone(modifyUserInfoRequest.getPhone());
|
||||||
|
}
|
||||||
|
if (StringUtils.isNotEmpty(modifyUserInfoRequest.getEmail())) {
|
||||||
|
dbUser.setEmail(modifyUserInfoRequest.getEmail());
|
||||||
|
}
|
||||||
|
if (StringUtils.isNotEmpty(modifyUserInfoRequest.getWebHook())) {
|
||||||
|
dbUser.setWebHook(modifyUserInfoRequest.getWebHook());
|
||||||
|
}
|
||||||
|
if (StringUtils.isNotEmpty(modifyUserInfoRequest.getExtra())) {
|
||||||
|
dbUser.setExtra(modifyUserInfoRequest.getExtra());
|
||||||
|
}
|
||||||
|
|
||||||
|
dbUser.setGmtModified(new Date());
|
||||||
|
userInfoRepository.saveAndFlush(dbUser);
|
||||||
|
|
||||||
|
return ResultDTO.success(null);
|
||||||
|
}
|
||||||
|
|
||||||
@GetMapping("/list")
|
@GetMapping("/list")
|
||||||
public ResultDTO<List<UserBaseVO>> list(@RequestParam(required = false) String name) {
|
public ResultDTO<List<UserBaseVO>> list(@RequestParam(required = false) String name) {
|
||||||
|
|
||||||
@ -106,8 +143,10 @@ public class UserInfoController {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
NamespaceBaseVO namespaceBaseVO = JsonUtils.parseObjectIgnoreException(JsonUtils.toJSONString(NamespaceConverter.do2BaseVo(namespaceDO)), NamespaceBaseVO.class);
|
NamespaceBaseVO namespaceBaseVO = JsonUtils.parseObjectIgnoreException(JsonUtils.toJSONString(NamespaceConverter.do2BaseVo(namespaceDO)), NamespaceBaseVO.class);
|
||||||
namespaceBaseVO.genFrontName();
|
if (namespaceBaseVO != null) {
|
||||||
namespaceBaseVOS.add(namespaceBaseVO);
|
namespaceBaseVO.genFrontName();
|
||||||
|
namespaceBaseVOS.add(namespaceBaseVO);
|
||||||
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
userDetailVO.setRole2NamespaceList(role2NamespaceBaseVo);
|
userDetailVO.setRole2NamespaceList(role2NamespaceBaseVo);
|
||||||
|
|||||||
@ -13,7 +13,7 @@ import java.io.Serializable;
|
|||||||
@Data
|
@Data
|
||||||
public class ChangePasswordRequest implements Serializable {
|
public class ChangePasswordRequest implements Serializable {
|
||||||
|
|
||||||
private Long userId;
|
private String username;
|
||||||
|
|
||||||
private String oldPassword;
|
private String oldPassword;
|
||||||
|
|
||||||
|
|||||||
@ -26,4 +26,6 @@ public class ModifyUserInfoRequest {
|
|||||||
* 邮箱地址
|
* 邮箱地址
|
||||||
*/
|
*/
|
||||||
private String email;
|
private String email;
|
||||||
|
|
||||||
|
private String extra;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -39,6 +39,8 @@ public class UserDetailVO extends UserBaseVO {
|
|||||||
* webHook
|
* webHook
|
||||||
*/
|
*/
|
||||||
private String webHook;
|
private String webHook;
|
||||||
|
|
||||||
|
private String originUsername;
|
||||||
/**
|
/**
|
||||||
* 扩展字段
|
* 扩展字段
|
||||||
*/
|
*/
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user