简柏林 / thingskit · Commits

Commit 0657018ba34744390e645d805459b80286811d6a

Authored by xp.Huang
2 parents f3ab2fbf 472f4dd1

Merge branch '20220816' into 'master' 

fix: 授权客户获取用户访问系统所需的访问令牌

See merge request huang/thingsboard3.3.2!124
Inline Side-by-side
Showing 4 changed files with 54 additions and 6 deletions
@@ -74,7 +74,7 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt @@ -74,7 +74,7 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
74 74
75 //Thingskit function 75 //Thingskit function
76 public static final String CODE_BASED_LOGIN_ENTRY_POINT = "/api/yt/auth/code/login"; 76 public static final String CODE_BASED_LOGIN_ENTRY_POINT = "/api/yt/auth/code/login";
77 - public static final String[] YT_NOT_AUTH_API = new String[]{"/api/yt/auth/code/login","/api/yt/third/bind","/api/yt/third/login/*","/api/yt/third/login/id/*", "/api/yt/noauth/**"}; 77 + public static final String[] YT_NOT_AUTH_API = new String[]{"/api/yt/auth/code/login","/api/yt/third/bind","/api/yt/third/login/*","/api/yt/third/login/id/*", "/api/yt/third/authorize", "/api/yt/noauth/**"};
78 78
79 public static final String PUBLIC_LOGIN_ENTRY_POINT = "/api/auth/login/public"; 79 public static final String PUBLIC_LOGIN_ENTRY_POINT = "/api/auth/login/public";
80 public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token"; 80 public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";
@@ -9,10 +9,13 @@ import org.springframework.validation.annotation.Validated; @@ -9,10 +9,13 @@ import org.springframework.validation.annotation.Validated;
9 import org.springframework.web.bind.annotation.*; 9 import org.springframework.web.bind.annotation.*;
10 import org.thingsboard.server.common.data.StringUtils; 10 import org.thingsboard.server.common.data.StringUtils;
11 import org.thingsboard.server.common.data.User; 11 import org.thingsboard.server.common.data.User;
  12 +import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
12 import org.thingsboard.server.common.data.exception.ThingsboardException; 13 import org.thingsboard.server.common.data.exception.ThingsboardException;
13 import org.thingsboard.server.common.data.id.UserId; 14 import org.thingsboard.server.common.data.id.UserId;
14 import org.thingsboard.server.common.data.security.UserCredentials; 15 import org.thingsboard.server.common.data.security.UserCredentials;
15 import org.thingsboard.server.common.data.yunteng.common.DeleteGroup; 16 import org.thingsboard.server.common.data.yunteng.common.DeleteGroup;
  17 +import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
  18 +import org.thingsboard.server.common.data.yunteng.dto.AuthorizeDTO;
16 import org.thingsboard.server.common.data.yunteng.dto.UserDTO; 19 import org.thingsboard.server.common.data.yunteng.dto.UserDTO;
17 import org.thingsboard.server.common.data.yunteng.dto.UserDetailsDTO; 20 import org.thingsboard.server.common.data.yunteng.dto.UserDetailsDTO;
18 import org.thingsboard.server.common.data.yunteng.dto.YtThirdUserDTO; 21 import org.thingsboard.server.common.data.yunteng.dto.YtThirdUserDTO;
@@ -21,6 +24,7 @@ import org.thingsboard.server.common.data.yunteng.enums.ThirdPlatformEnum; @@ -21,6 +24,7 @@ import org.thingsboard.server.common.data.yunteng.enums.ThirdPlatformEnum;
21 import org.thingsboard.server.common.data.yunteng.utils.JacksonUtil; 24 import org.thingsboard.server.common.data.yunteng.utils.JacksonUtil;
22 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData; 25 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
23 import org.thingsboard.server.controller.BaseController; 26 import org.thingsboard.server.controller.BaseController;
  27 +import org.thingsboard.server.dao.exception.DataValidationException;
24 import org.thingsboard.server.dao.yunteng.entities.YtThirdUserEntity; 28 import org.thingsboard.server.dao.yunteng.entities.YtThirdUserEntity;
25 import org.thingsboard.server.dao.yunteng.service.YtThirdPlatformService; 29 import org.thingsboard.server.dao.yunteng.service.YtThirdPlatformService;
26 import org.thingsboard.server.dao.yunteng.service.YtUserService; 30 import org.thingsboard.server.dao.yunteng.service.YtUserService;
@@ -110,6 +114,22 @@ public class YtThirdPlatformController extends BaseController { @@ -110,6 +114,22 @@ public class YtThirdPlatformController extends BaseController {
110 return buildJwtToken(userDto, userId); 114 return buildJwtToken(userDto, userId);
111 } 115 }
112 116
  117 + private String authrizeKey="zhiyun";
  118 + private String authrizeSecret="zhiyun";
  119 + @PostMapping("authorize")
  120 + @ApiOperation("授权客户获取用户访问令牌")
  121 + public YtLoginResponse authorizeLogin(@Validated @RequestBody AuthorizeDTO dto)
  122 + throws ThingsboardException {
  123 + if(!authrizeKey.equals(dto.getAuthrizeKey()) || !authrizeSecret.equals(dto.getAuthrizeSecret())){
  124 + throw new DataValidationException( ErrorMessage.NO_PERMISSION.getMessage());
  125 + }
  126 + UserDTO userDto = ytUserService.accountExist(dto.getUserName());
  127 + if (userDto == null) {
  128 + return new YtLoginResponse().setThirdUserId(dto.getAuthrizeKey());
  129 + }
  130 + return buildJwtToken(userDto, dto.getAuthrizeKey());
  131 + }
  132 +
113 @NotNull 133 @NotNull
114 private YtLoginResponse buildJwtToken(UserDTO userDto, String thirdUserId) { 134 private YtLoginResponse buildJwtToken(UserDTO userDto, String thirdUserId) {
115 String accessToken = ""; 135 String accessToken = "";
@@ -5,11 +5,11 @@ import com.fasterxml.jackson.annotation.JsonFormat; @@ -5,11 +5,11 @@ import com.fasterxml.jackson.annotation.JsonFormat;
5 @JsonFormat(shape = JsonFormat.Shape.OBJECT) 5 @JsonFormat(shape = JsonFormat.Shape.OBJECT)
6 public enum ErrorMessage { 6 public enum ErrorMessage {
7 // ERROR STARTS FROM HERE 7 // ERROR STARTS FROM HERE
8 - INTERNAL_ERROR(500000, "internal error"),  
9 - OPERATION_FAILED(500001, "operation failed"),  
10 - NO_PERMISSION(403001, "no permission"),  
11 - ACCOUNT_DISABLED(403002, "account disabled"),  
12 - ACCESS_DENIED(403003, "access denied"), 8 + INTERNAL_ERROR(500000, "网络异常"),
  9 + OPERATION_FAILED(500001, "操作失败"),
  10 + NO_PERMISSION(403001, "没有操作权限"),
  11 + ACCOUNT_DISABLED(403002, "账号已禁用"),
  12 + ACCESS_DENIED(403003, "拒绝访问"),
13 AUTHENTICATION_METHOD_NOT_SUPPORTED(403004, "authentication method not supported"), 13 AUTHENTICATION_METHOD_NOT_SUPPORTED(403004, "authentication method not supported"),
14 USERNAME_PASSWORD_INCORRECT(401001, "incorrect username or password"), 14 USERNAME_PASSWORD_INCORRECT(401001, "incorrect username or password"),
15 TOKEN_EXPIRED(401002, "token has expired"), 15 TOKEN_EXPIRED(401002, "token has expired"),
  1 +package org.thingsboard.server.common.data.yunteng.dto;
  2 +
  3 +import io.swagger.annotations.ApiModelProperty;
  4 +import lombok.Data;
  5 +import lombok.EqualsAndHashCode;
  6 +import org.thingsboard.server.common.data.yunteng.enums.LoginMethodEnum;
  7 +import org.thingsboard.server.common.data.yunteng.enums.ThirdPlatformEnum;
  8 +
  9 +import javax.validation.constraints.NotEmpty;
  10 +
  11 +/**
  12 + * 授权客户的用户登录(认证)
  13 + *
  14 + * @author Administrator
  15 + */
  16 +@Data
  17 +public class AuthorizeDTO {
  18 +
  19 + @ApiModelProperty(value = "授权客户的唯一标识", required = true)
  20 + @NotEmpty(message = "系统用户唯一标识不能为空")
  21 + private String authrizeKey;
  22 +
  23 + @ApiModelProperty(value = "授权客户的密钥", required = true)
  24 + private String authrizeSecret;
  25 +
  26 + @ApiModelProperty(value = "授权客户的用户,应用系统的登录账号", required = true)
  27 + private String userName;
  28 +}