diff --git a/others/dev/docker-compose.yml b/others/dev/docker-compose.yml index 9e7a5655..8d1641d1 100644 --- a/others/dev/docker-compose.yml +++ b/others/dev/docker-compose.yml @@ -52,7 +52,7 @@ services: # - powerjob-mongodb environment: PARAMS: "--spring.profiles.active=daily --spring.datasource.core.jdbc-url=jdbc:mysql://powerjob-mysql:3306/powerjob-daily?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai --oms.storage.dfs.mysql_series.url=jdbc:mysql://powerjob-mysql:3306/powerjob-daily?useUnicode=true&characterEncoding=UTF-8&serverTimezone=Asia/Shanghai" - JVMOPTIONS: "-server -XX:+UseG1GC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=7 -XX:GCLogFileSize=100M -Xloggc:/root/powerjob/server/gc.log -Dpowerjob.server.test.mode=true" + JVMOPTIONS: "-server -XX:+UseG1GC -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=7 -XX:GCLogFileSize=100M -Xloggc:/root/powerjob/server/gc.log -Dpowerjob.server.test.mode=true -Dpowerjob.server.test.user.accounts=powerjob" ports: - "7700:7700" - "10086:10086" diff --git a/powerjob-common/src/main/java/tech/powerjob/common/utils/MapUtils.java b/powerjob-common/src/main/java/tech/powerjob/common/utils/MapUtils.java index dd57bfcd..aca255d6 100644 --- a/powerjob-common/src/main/java/tech/powerjob/common/utils/MapUtils.java +++ b/powerjob-common/src/main/java/tech/powerjob/common/utils/MapUtils.java @@ -12,6 +12,37 @@ import java.util.Map; */ public class MapUtils { + public static Boolean getBoolean(Map map, K key, Boolean defaultValue) { + Boolean answer = getBoolean(map, key); + if (answer == null) { + answer = defaultValue; + } + + return answer; + } + + public static Boolean getBoolean(Map map, K key) { + if (map != null) { + Object answer = map.get(key); + if (answer != null) { + if (answer instanceof Boolean) { + return (Boolean)answer; + } + + if (answer instanceof String) { + return Boolean.valueOf((String)answer); + } + + if (answer instanceof Number) { + Number n = (Number)answer; + return n.intValue() != 0 ? Boolean.TRUE : Boolean.FALSE; + } + } + } + + return null; + } + public static String getString(Map map, K key) { if (map != null) { Object answer = map.get(key); diff --git a/powerjob-server/powerjob-server-common/src/main/java/tech/powerjob/server/common/constants/ExtensionKey.java b/powerjob-server/powerjob-server-common/src/main/java/tech/powerjob/server/common/constants/ExtensionKey.java new file mode 100644 index 00000000..e05a1806 --- /dev/null +++ b/powerjob-server/powerjob-server-common/src/main/java/tech/powerjob/server/common/constants/ExtensionKey.java @@ -0,0 +1,18 @@ +package tech.powerjob.server.common.constants; + +/** + * 扩展 key + * + * @author tjq + * @since 2024/12/8 + */ +public interface ExtensionKey { + + interface App { + String allowedBecomeAdminByPassword = "allowedBecomeAdminByPassword"; + } + + interface PwjbUser { + String allowedChangePwd = "allowedChangePwd"; + } +} diff --git a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/initializer/SystemInitializeServiceImpl.java b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/initializer/SystemInitializeServiceImpl.java index 8ecb61aa..15bcfd91 100644 --- a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/initializer/SystemInitializeServiceImpl.java +++ b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/initializer/SystemInitializeServiceImpl.java @@ -18,6 +18,7 @@ import tech.powerjob.server.auth.service.login.LoginRequest; import tech.powerjob.server.auth.service.login.PowerJobLoginService; import tech.powerjob.server.auth.service.permission.PowerJobPermissionService; import tech.powerjob.server.common.SJ; +import tech.powerjob.server.common.constants.ExtensionKey; import tech.powerjob.server.persistence.remote.model.AppInfoDO; import tech.powerjob.server.persistence.remote.model.NamespaceDO; import tech.powerjob.server.persistence.remote.model.PwjbUserInfoDO; @@ -142,7 +143,7 @@ public class SystemInitializeServiceImpl implements SystemInitializeService { if (!allowedChangePwd) { Map extra = Maps.newHashMap(); - extra.put("allowedChangePwd", false); + extra.put(ExtensionKey.PwjbUser.allowedChangePwd, false); createUser.setExtra(JsonUtils.toJSONString(extra)); } @@ -188,7 +189,7 @@ public class SystemInitializeServiceImpl implements SystemInitializeService { // 禁用靠密码成为管理员 Map extra = Maps.newHashMap(); - extra.put("allowedBecomeAdminByPassword", false); + extra.put(ExtensionKey.App.allowedBecomeAdminByPassword, false); modifyAppInfoRequest.setExtra(JsonUtils.toJSONString(extra)); ComponentUserRoleInfo componentUserRoleInfo = new ComponentUserRoleInfo(); diff --git a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/AppInfoController.java b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/AppInfoController.java index 991bf58b..394dd254 100644 --- a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/AppInfoController.java +++ b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/AppInfoController.java @@ -5,15 +5,19 @@ import com.google.common.collect.Maps; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.BeanUtils; import org.springframework.data.domain.Page; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import tech.powerjob.common.enums.ErrorCodes; +import tech.powerjob.common.exception.PowerJobException; import tech.powerjob.common.response.ResultDTO; import tech.powerjob.common.serialize.JsonUtils; import tech.powerjob.common.utils.CommonUtils; +import tech.powerjob.common.utils.MapUtils; import tech.powerjob.server.auth.Permission; import tech.powerjob.server.auth.Role; import tech.powerjob.server.auth.RoleScope; @@ -22,6 +26,7 @@ import tech.powerjob.server.auth.interceptor.ApiPermission; import tech.powerjob.server.auth.plugin.ModifyOrCreateDynamicPermission; import tech.powerjob.server.auth.plugin.SaveAppGrantPermissionPlugin; import tech.powerjob.server.auth.service.WebAuthService; +import tech.powerjob.server.common.constants.ExtensionKey; import tech.powerjob.server.core.service.AppInfoService; import tech.powerjob.server.persistence.PageResult; import tech.powerjob.server.persistence.remote.model.AppInfoDO; @@ -101,6 +106,20 @@ public class AppInfoController { public ResultDTO becomeAdminByAppNameAndPassword(@RequestBody AppAssertRequest appAssertRequest) { String appName = appAssertRequest.getAppName(); + Optional appOpt = appWebService.findByAppName(appName); + if (!appOpt.isPresent()) { + throw new PowerJobException(ErrorCodes.ILLEGAL_ARGS_ERROR, "can't find appInfo by appName: " + appName); + } + + String appExtra = appOpt.get().getExtra(); + if (StringUtils.isNotBlank(appExtra)) { + Map appExtraMap = JsonUtils.parseMap(appExtra); + Boolean allowedBecomeAdminByPassword = MapUtils.getBoolean(appExtraMap, ExtensionKey.App.allowedBecomeAdminByPassword, true); + if (!allowedBecomeAdminByPassword) { + throw new PowerJobException(ErrorCodes.OPERATION_NOT_PERMITTED, "allowedBecomeAdminByPassword=false"); + } + } + Long appId = appInfoService.assertApp(appName, appAssertRequest.getPassword(), appAssertRequest.getEncryptType()); Map extra = Maps.newHashMap(); diff --git a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/service/impl/PwjbUserWebServiceImplImpl.java b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/service/impl/PwjbUserWebServiceImplImpl.java index f09fdf16..6dda1d6b 100644 --- a/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/service/impl/PwjbUserWebServiceImplImpl.java +++ b/powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/service/impl/PwjbUserWebServiceImplImpl.java @@ -7,11 +7,14 @@ import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Service; import tech.powerjob.common.PowerJobDKey; import tech.powerjob.common.enums.ErrorCodes; +import tech.powerjob.common.exception.PowerJobException; import tech.powerjob.common.serialize.JsonUtils; import tech.powerjob.common.utils.CommonUtils; import tech.powerjob.common.utils.DigestUtils; +import tech.powerjob.common.utils.MapUtils; import tech.powerjob.server.auth.common.PowerJobAuthException; import tech.powerjob.server.common.SJ; +import tech.powerjob.server.common.constants.ExtensionKey; import tech.powerjob.server.persistence.remote.model.PwjbUserInfoDO; import tech.powerjob.server.persistence.remote.repository.PwjbUserInfoRepository; import tech.powerjob.server.web.request.ChangePasswordRequest; @@ -20,6 +23,7 @@ import tech.powerjob.server.web.service.PwjbUserWebService; import javax.annotation.Resource; import java.util.Date; +import java.util.Map; import java.util.Optional; import java.util.Set; @@ -95,6 +99,16 @@ public class PwjbUserWebServiceImplImpl implements PwjbUserWebService { throw new PowerJobAuthException(ErrorCodes.INCORRECT_PASSWORD); } + // 不允许修改密码判定 + String extra = dbUser.getExtra(); + if (StringUtils.isNotEmpty(extra)) { + Map extraMap = JsonUtils.parseMap(extra); + Boolean allowedChangePwd = MapUtils.getBoolean(extraMap, ExtensionKey.PwjbUser.allowedChangePwd, true); + if (!allowedChangePwd) { + throw new PowerJobException(ErrorCodes.OPERATION_NOT_PERMITTED, "notAllowedChangePassword"); + } + } + // 测试账号特殊处理 Set testAccounts = Sets.newHashSet(NOT_ALLOWED_CHANGE_PASSWORD_ACCOUNTS); String testAccountsStr = System.getProperty(PowerJobDKey.SERVER_TEST_ACCOUNT_USERNAME); @@ -102,7 +116,7 @@ public class PwjbUserWebServiceImplImpl implements PwjbUserWebService { testAccounts.addAll(Lists.newArrayList(SJ.COMMA_SPLITTER.split(testAccountsStr))); } if (testAccounts.contains(username)) { - throw new IllegalArgumentException("this account not allowed change the password"); + throw new PowerJobException(ErrorCodes.OPERATION_NOT_PERMITTED, "notAllowedChangePassword"); } dbUser.setPassword(DigestUtils.rePassword(changePasswordRequest.getNewPassword(), dbUser.getUsername()));