简柏林 / thingskit · Commits

Commit 08b808a356444c9f3dd902ac1f812ac10f44ba03

Authored by xp.Huang
1 parent 80c80f5f

feat: 增加平台管理员、用户的密码重置功能

Inline Side-by-side
Showing 1 changed file with 55 additions and 12 deletions
@@ -21,6 +21,7 @@ import org.thingsboard.server.common.data.id.*; @@ -21,6 +21,7 @@ import org.thingsboard.server.common.data.id.*;
21 import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent; 21 import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
22 import org.thingsboard.server.common.data.security.Authority; 22 import org.thingsboard.server.common.data.security.Authority;
23 import org.thingsboard.server.common.data.security.UserCredentials; 23 import org.thingsboard.server.common.data.security.UserCredentials;
  24 +import org.thingsboard.server.common.data.security.event.UserAuthDataChangedEvent;
24 import org.thingsboard.server.common.data.yunteng.common.AddGroup; 25 import org.thingsboard.server.common.data.yunteng.common.AddGroup;
25 import org.thingsboard.server.common.data.yunteng.common.DeleteGroup; 26 import org.thingsboard.server.common.data.yunteng.common.DeleteGroup;
26 import org.thingsboard.server.common.data.yunteng.common.UpdateGroup; 27 import org.thingsboard.server.common.data.yunteng.common.UpdateGroup;
@@ -50,6 +51,7 @@ import javax.servlet.http.HttpServletResponse; @@ -50,6 +51,7 @@ import javax.servlet.http.HttpServletResponse;
50 import java.io.IOException; 51 import java.io.IOException;
51 import java.util.HashMap; 52 import java.util.HashMap;
52 import java.util.List; 53 import java.util.List;
  54 +import java.util.Objects;
53 import java.util.UUID; 55 import java.util.UUID;
54 56
55 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*; 57 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
@@ -113,8 +115,8 @@ public class TkUserController extends AbstractUserAccount { @@ -113,8 +115,8 @@ public class TkUserController extends AbstractUserAccount {
113 queryMap.put(PAGE_SIZE, pageSize); 115 queryMap.put(PAGE_SIZE, pageSize);
114 queryMap.put(PAGE, page); 116 queryMap.put(PAGE, page);
115 queryMap.put(ORDER_FILED, orderBy); 117 queryMap.put(ORDER_FILED, orderBy);
116 - queryMap.put("realName",realName);  
117 - queryMap.put("username",username); 118 + queryMap.put("realName", realName);
  119 + queryMap.put("username", username);
118 if (null != roleType && roleType.equals(RoleEnum.TENANT_ADMIN)) { 120 if (null != roleType && roleType.equals(RoleEnum.TENANT_ADMIN)) {
119 queryMap.put("roleType", roleType.name()); 121 queryMap.put("roleType", roleType.name());
120 } else { 122 } else {
@@ -200,7 +202,7 @@ public class TkUserController extends AbstractUserAccount { @@ -200,7 +202,7 @@ public class TkUserController extends AbstractUserAccount {
200 createTBUser( 202 createTBUser(
201 tbUser, userDTO, customer.getTenantId(), customer.getId(), Authority.CUSTOMER_USER); 203 tbUser, userDTO, customer.getTenantId(), customer.getId(), Authority.CUSTOMER_USER);
202 // 激活CUSTOMER_USER的管理员 204 // 激活CUSTOMER_USER的管理员
203 - activeTBUser(tbUser.getId(), userDTO.getPassword(),null,false); 205 + activeTBUser(tbUser.getId(), userDTO.getPassword(), null, false);
204 } 206 }
205 return ResponseEntity.ok( 207 return ResponseEntity.ok(
206 userService.saveAccount( 208 userService.saveAccount(
@@ -211,7 +213,8 @@ public class TkUserController extends AbstractUserAccount { @@ -211,7 +213,8 @@ public class TkUserController extends AbstractUserAccount {
211 getCurrentUser().getCurrentTenantId())); 213 getCurrentUser().getCurrentTenantId()));
212 } 214 }
213 215
214 - @PreAuthorize("@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:user:saveTenantAdmin:post'})") 216 + @PreAuthorize(
  217 + "@check.checkPermissions({'SYS_ADMIN','PLATFORM_ADMIN'},{'api:yt:user:saveTenantAdmin:post'})")
215 @PostMapping("save_tenant_admin") 218 @PostMapping("save_tenant_admin")
216 public UserDTO saveTenantAdmin(@Validated(AddGroup.class) @RequestBody UserDTO userDTO) 219 public UserDTO saveTenantAdmin(@Validated(AddGroup.class) @RequestBody UserDTO userDTO)
217 throws ThingsboardException { 220 throws ThingsboardException {
@@ -230,14 +233,20 @@ public class TkUserController extends AbstractUserAccount { @@ -230,14 +233,20 @@ public class TkUserController extends AbstractUserAccount {
230 if (null == userDTO.getId()) { 233 if (null == userDTO.getId()) {
231 tbUser = createTBUser(tbUser, userDTO, tenantId, customerId, Authority.TENANT_ADMIN); 234 tbUser = createTBUser(tbUser, userDTO, tenantId, customerId, Authority.TENANT_ADMIN);
232 // 激活租户管理员 235 // 激活租户管理员
233 - activeTBUser(tbUser.getId(), accountProperties.getDefaultPassword(),tbUser.getTenantId(),true); 236 + activeTBUser(
  237 + tbUser.getId(), accountProperties.getDefaultPassword(), tbUser.getTenantId(), true);
234 } 238 }
235 } catch (Exception e) { 239 } catch (Exception e) {
236 throw handleException(e); 240 throw handleException(e);
237 } 241 }
238 -  
239 - return userService.saveTenantAdmin(  
240 - userDTO, getCurrentUser().isPtSysadmin(), tenantId.getId().toString()); 242 + UserDTO result =
  243 + userService.saveTenantAdmin(
  244 + userDTO, getCurrentUser().isPtSysadmin(), tenantId.getId().toString());
  245 + userService.updateTenantAdminUserCredentials(
  246 + List.of(new UserId(UUID.fromString(result.getTbUser()))),
  247 + userDTO.getTenantId(),
  248 + userDTO.isEnabled(),false);
  249 + return result;
241 } 250 }
242 251
243 @DeleteMapping 252 @DeleteMapping
@@ -318,6 +327,40 @@ public class TkUserController extends AbstractUserAccount { @@ -318,6 +327,40 @@ public class TkUserController extends AbstractUserAccount {
318 getCurrentUser().getCurrentTenantId(), 327 getCurrentUser().getCurrentTenantId(),
319 getCurrentUser().isPtTenantAdmin())); 328 getCurrentUser().isPtTenantAdmin()));
320 } 329 }
  330 +
  331 + @PostMapping("/reset_password/{userId}")
  332 + @ApiOperation(value = "重置客户密码")
  333 + @PreAuthorize(
  334 + "@check.checkPermissions({'SYS_ADMIN','TENANT_ADMIN'},{'api:yt:user:resetPassword'})")
  335 + public ResponseResult resetPassword(@PathVariable("userId") String userId)
  336 + throws ThingsboardException {
  337 + boolean isSysAdmin = getCurrentUser().isSystemAdmin();
  338 + Integer level = isSysAdmin ? 1 : 3;
  339 + // 检查平台、客户账号
  340 + UserDTO user = userService.checkAccount(userId, level);
  341 + if (null == user) {
  342 + throw new TkDataValidationException(ErrorMessage.INVALID_PARAMETER.getMessage());
  343 + }
  344 + String tenantId = getCurrentUser().getCurrentTenantId();
  345 + if (!Objects.equals(user.getTenantId(), tenantId) && !isSysAdmin) {
  346 + throw new TkDataValidationException(ErrorMessage.NOT_BELONG_CURRENT_TENANT.getMessage());
  347 + }
  348 + // update
  349 + String resetPassword = accountProperties.getDefaultPassword();
  350 + if (!isSysAdmin) {
  351 + // 租户才需要改tb的凭证
  352 + SecurityUser securityUser = new SecurityUser();
  353 + securityUser.setId(new UserId(UUID.fromString(user.getTbUser())));
  354 + securityUser.setTenantId(TenantId.fromUUID(UUID.fromString(user.getTenantId())));
  355 + updatePassword(resetPassword, securityUser);
  356 + }
  357 + userService.resetPassword(userId, tenantId, resetPassword);
  358 + if(isSysAdmin){
  359 + eventPublisher.publishEvent(new UserAuthDataChangedEvent(new UserId(UUID.fromString(userId))));
  360 + }
  361 + return ResponseResult.success(ErrorMessage.RESET_PASSWORD_SUCCESS.getMessage());
  362 + }
  363 +
321 /** 364 /**
322 * 创建租户用户 365 * 创建租户用户
323 * 366 *
@@ -353,17 +396,17 @@ public class TkUserController extends AbstractUserAccount { @@ -353,17 +396,17 @@ public class TkUserController extends AbstractUserAccount {
353 * @param userId 用户ID 396 * @param userId 用户ID
354 * @throws ThingsboardException tb运行异常 397 * @throws ThingsboardException tb运行异常
355 */ 398 */
356 - private void activeTBUser(UserId userId, String password,TenantId tenantId ,boolean isPtAdmin) throws ThingsboardException { 399 + private void activeTBUser(UserId userId, String password, TenantId tenantId, boolean isPtAdmin)
  400 + throws ThingsboardException {
357 try { 401 try {
358 // 1、获取UserCredentials 并获取activateToken 402 // 1、获取UserCredentials 并获取activateToken
359 - if(!isPtAdmin){ 403 + if (!isPtAdmin) {
360 User user = checkUserId(userId, Operation.READ); 404 User user = checkUserId(userId, Operation.READ);
361 userId = user.getId(); 405 userId = user.getId();
362 SecurityUser authUser = getCurrentUser(); 406 SecurityUser authUser = getCurrentUser();
363 tenantId = authUser.getTenantId(); 407 tenantId = authUser.getTenantId();
364 } 408 }
365 - UserCredentials userCredentials =  
366 - tbUserService.findUserCredentialsByUserId(tenantId, userId); 409 + UserCredentials userCredentials = tbUserService.findUserCredentialsByUserId(tenantId, userId);
367 // 2、进行激活 410 // 2、进行激活
368 String encodedPassword = passwordEncoder.encode(password); 411 String encodedPassword = passwordEncoder.encode(password);
369 UserCredentials credentials = 412 UserCredentials credentials =