Merge branch '20220816' into 'master'

fix: 授权客户获取用户访问系统所需的访问令牌

See merge request huang/thingsboard3.3.2!124

@@ -74,7 +74,7 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
 
     //Thingskit function
     public static final String CODE_BASED_LOGIN_ENTRY_POINT = "/api/yt/auth/code/login";
-    public static final String[] YT_NOT_AUTH_API = new String[]{"/api/yt/auth/code/login","/api/yt/third/bind","/api/yt/third/login/*","/api/yt/third/login/id/*", "/api/yt/noauth/**"};
+    public static final String[] YT_NOT_AUTH_API = new String[]{"/api/yt/auth/code/login","/api/yt/third/bind","/api/yt/third/login/*","/api/yt/third/login/id/*", "/api/yt/third/authorize", "/api/yt/noauth/**"};
 
     public static final String PUBLIC_LOGIN_ENTRY_POINT = "/api/auth/login/public";
     public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";

@@ -9,10 +9,13 @@ import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.common.data.yunteng.common.DeleteGroup;
+import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
+import org.thingsboard.server.common.data.yunteng.dto.AuthorizeDTO;
 import org.thingsboard.server.common.data.yunteng.dto.UserDTO;
 import org.thingsboard.server.common.data.yunteng.dto.UserDetailsDTO;
 import org.thingsboard.server.common.data.yunteng.dto.YtThirdUserDTO;
@@ -21,6 +24,7 @@ import org.thingsboard.server.common.data.yunteng.enums.ThirdPlatformEnum;
 import org.thingsboard.server.common.data.yunteng.utils.JacksonUtil;
 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
 import org.thingsboard.server.controller.BaseController;
+import org.thingsboard.server.dao.exception.DataValidationException;
 import org.thingsboard.server.dao.yunteng.entities.YtThirdUserEntity;
 import org.thingsboard.server.dao.yunteng.service.YtThirdPlatformService;
 import org.thingsboard.server.dao.yunteng.service.YtUserService;
@@ -110,6 +114,22 @@ public class YtThirdPlatformController extends BaseController {
         return buildJwtToken(userDto, userId);
     }
 
+    private String authrizeKey="zhiyun";
+    private String authrizeSecret="zhiyun";
+    @PostMapping("authorize")
+    @ApiOperation("授权客户获取用户访问令牌")
+    public YtLoginResponse authorizeLogin(@Validated @RequestBody AuthorizeDTO dto)
+            throws ThingsboardException {
+        if(!authrizeKey.equals(dto.getAuthrizeKey()) || !authrizeSecret.equals(dto.getAuthrizeSecret())){
+            throw new DataValidationException( ErrorMessage.NO_PERMISSION.getMessage());
+        }
+        UserDTO userDto = ytUserService.accountExist(dto.getUserName());
+        if (userDto == null) {
+            return new YtLoginResponse().setThirdUserId(dto.getAuthrizeKey());
+        }
+        return buildJwtToken(userDto, dto.getAuthrizeKey());
+    }
+
     @NotNull
     private YtLoginResponse buildJwtToken(UserDTO userDto, String thirdUserId) {
         String accessToken = "";

@@ -5,11 +5,11 @@ import com.fasterxml.jackson.annotation.JsonFormat;
 @JsonFormat(shape = JsonFormat.Shape.OBJECT)
 public enum ErrorMessage {
   // ERROR STARTS FROM HERE
-  INTERNAL_ERROR(500000, "internal error"),
-  OPERATION_FAILED(500001, "operation failed"),
-  NO_PERMISSION(403001, "no permission"),
-  ACCOUNT_DISABLED(403002, "account disabled"),
-  ACCESS_DENIED(403003, "access denied"),
+  INTERNAL_ERROR(500000, "网络异常"),
+  OPERATION_FAILED(500001, "操作失败"),
+  NO_PERMISSION(403001, "没有操作权限"),
+  ACCOUNT_DISABLED(403002, "账号已禁用"),
+  ACCESS_DENIED(403003, "拒绝访问"),
   AUTHENTICATION_METHOD_NOT_SUPPORTED(403004, "authentication method not supported"),
   USERNAME_PASSWORD_INCORRECT(401001, "incorrect username or password"),
   TOKEN_EXPIRED(401002, "token has expired"),

+package org.thingsboard.server.common.data.yunteng.dto;
+
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import org.thingsboard.server.common.data.yunteng.enums.LoginMethodEnum;
+import org.thingsboard.server.common.data.yunteng.enums.ThirdPlatformEnum;
+
+import javax.validation.constraints.NotEmpty;
+
+/**
+ * 授权客户的用户登录(认证)
+ *
+ * @author Administrator
+ */
+@Data
+public class AuthorizeDTO {
+
+  @ApiModelProperty(value = "授权客户的唯一标识", required = true)
+  @NotEmpty(message = "系统用户唯一标识不能为空")
+  private String authrizeKey;
+
+  @ApiModelProperty(value = "授权客户的密钥", required = true)
+  private String authrizeSecret;
+
+  @ApiModelProperty(value = "授权客户的用户，应用系统的登录账号", required = true)
+  private String userName;
+}