Merge branch 'master' into 20200307

+package org.thingsboard.server.controller.yunteng;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.thingsboard.server.common.data.edge.EdgeEventActionType;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.security.UserCredentials;
+import org.thingsboard.server.common.data.security.event.UserAuthDataChangedEvent;
+import org.thingsboard.server.controller.BaseController;
+import org.thingsboard.server.dao.user.UserService;
+import org.thingsboard.server.service.security.model.SecurityUser;
+import org.thingsboard.server.service.security.system.SystemSecurityService;
+
+@RequiredArgsConstructor
+public class AbstractUserAccount extends BaseController {
+    protected final UserService tbUserService;
+    protected final ApplicationEventPublisher eventPublisher;
+    protected final SystemSecurityService systemSecurityService;
+    protected final BCryptPasswordEncoder passwordEncoder;
+    protected void updatePassword(String resetPassword,SecurityUser securityUser) throws ThingsboardException {
+        try {
+            UserCredentials userCredentials =
+                    tbUserService.findUserCredentialsByUserId(TenantId.SYS_TENANT_ID, securityUser.getId());
+            systemSecurityService.validatePassword(
+                    securityUser.getTenantId(), resetPassword, userCredentials);
+            userCredentials.setPassword(passwordEncoder.encode(resetPassword));
+            tbUserService.replaceUserCredentials(securityUser.getTenantId(), userCredentials);
+            sendEntityNotificationMsg(
+                    getTenantId(), userCredentials.getUserId(), EdgeEventActionType.CREDENTIALS_UPDATED);
+            eventPublisher.publishEvent(new UserAuthDataChangedEvent(securityUser.getId()));
+        } catch (Exception e) {
+            throw handleException(e);
+        }
+    }
+}

 package org.thingsboard.server.controller.yunteng;
 
 import lombok.RequiredArgsConstructor;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.bind.annotation.*;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.yunteng.core.exception.YtDataValidationException;
+import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
+import org.thingsboard.server.common.data.yunteng.core.utils.AccountProperties;
+import org.thingsboard.server.common.data.yunteng.dto.UserDTO;
 import org.thingsboard.server.common.data.yunteng.dto.request.SendResetPasswordEmailMsg;
 import org.thingsboard.server.controller.BaseController;
+import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.dao.yunteng.service.YtUserService;
+import org.thingsboard.server.service.security.model.SecurityUser;
+import org.thingsboard.server.service.security.system.SystemSecurityService;
+
+import java.util.UUID;
 
 @RestController
 @RequestMapping("/api/yt/tenant")
-@RequiredArgsConstructor
-@Deprecated
-public class YtTenantController extends BaseController {
+public class YtTenantController extends AbstractUserAccount {
 
   private final YtUserService userService;
+  private final AccountProperties accountProperties;
+  public YtTenantController(UserService tbUserService, ApplicationEventPublisher eventPublisher,
+                          SystemSecurityService systemSecurityService,
+                          BCryptPasswordEncoder passwordEncoder,
+                          YtUserService userService,
+                          AccountProperties accountProperties) {
+    super(tbUserService,eventPublisher,systemSecurityService,passwordEncoder);
+    this.userService = userService;
+    this.accountProperties = accountProperties;
+  }
 
   @PostMapping("/resetPassword/{userId}")
+  @PreAuthorize("hasAnyAuthority('SYS_ADMIN')")
   public void resetPassword(@PathVariable("userId") String userId) throws ThingsboardException {
-    userService.resetPassword(
-        userId, getCurrentUser().isPtSysadmin(), getCurrentUser().getCurrentTenantId());
+    //check is tenant account
+    UserDTO userDTO = userService.checkAccount(userId,2);
+    if(null == userDTO){
+      throw new YtDataValidationException(ErrorMessage.INVALID_PARAMETER.getMessage());
+    }
+    //update
+    String resetPassword = accountProperties.getDefaultPassword();
+    SecurityUser securityUser = new SecurityUser();
+    securityUser.setId(new UserId(UUID.fromString(userDTO.getTbUser())));
+    securityUser.setTenantId(new TenantId(UUID.fromString(userDTO.getTenantId())));
+    updatePassword(resetPassword,securityUser);
+    userService.resetPassword(userId, getCurrentUser().getCurrentTenantId(),resetPassword);
   }
 
+
   @PostMapping("/sendRestPasswordMsg")
   public void resetPassword(@RequestBody SendResetPasswordEmailMsg msg) {
     userService.sendRestPasswordMsg(msg);

@@ -4,7 +4,6 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
-import lombok.RequiredArgsConstructor;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.http.ResponseEntity;
@@ -22,11 +21,9 @@ import org.thingsboard.server.common.data.id.*;
 import org.thingsboard.server.common.data.plugin.ComponentLifecycleEvent;
 import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.UserCredentials;
-import org.thingsboard.server.common.data.security.event.UserAuthDataChangedEvent;
 import org.thingsboard.server.common.data.yunteng.common.AddGroup;
 import org.thingsboard.server.common.data.yunteng.common.DeleteGroup;
 import org.thingsboard.server.common.data.yunteng.common.UpdateGroup;
-import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants;
 import org.thingsboard.server.common.data.yunteng.core.exception.YtDataValidationException;
 import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
 import org.thingsboard.server.common.data.yunteng.core.utils.AccountProperties;
@@ -41,13 +38,13 @@ import org.thingsboard.server.common.data.yunteng.enums.OrderTypeEnum;
 import org.thingsboard.server.common.data.yunteng.enums.RoleEnum;
 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
 import org.thingsboard.server.common.data.yunteng.utils.tools.ResponseResult;
-import org.thingsboard.server.controller.BaseController;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.dao.yunteng.service.YtUserService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.permission.Operation;
 import org.thingsboard.server.service.security.permission.Resource;
 import org.thingsboard.server.service.security.system.SystemSecurityService;
+
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.HashMap;
@@ -58,16 +55,20 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
 
 @RestController
 @RequestMapping("api/yt/user")
-@RequiredArgsConstructor
 @Api(value = "用户接口")
-public class YtUserController extends BaseController {
-  private final BCryptPasswordEncoder passwordEncoder;
+public class YtUserController extends AbstractUserAccount {
+
   private final YtUserService userService;
-  private final UserService tbUserService;
-  private final ApplicationEventPublisher eventPublisher;
-  private final SystemSecurityService systemSecurityService;
   private final AccountProperties accountProperties;
-
+  public YtUserController(UserService tbUserService, ApplicationEventPublisher eventPublisher,
+                          SystemSecurityService systemSecurityService,
+                          BCryptPasswordEncoder passwordEncoder,
+                          YtUserService userService,
+                          AccountProperties accountProperties) {
+    super(tbUserService,eventPublisher,systemSecurityService,passwordEncoder);
+    this.userService = userService;
+    this.accountProperties = accountProperties;
+  }
   @GetMapping("{userId}")
   public ResponseEntity<UserDTO> getUser(@PathVariable("userId") String userId)
       throws ThingsboardException {
@@ -262,21 +263,7 @@ public class YtUserController extends BaseController {
         userService.validateChangePasswordAccount(accountReqDTO);
     String resetPassword = accountReqDTO.getResetPassword();
     if (!getCurrentUser().isPtAdmin()) {
-      try {
-        // 除开平台管理员，都要调用TB密码修改
-        SecurityUser securityUser = getCurrentUser();
-        UserCredentials userCredentials =
-            tbUserService.findUserCredentialsByUserId(TenantId.SYS_TENANT_ID, securityUser.getId());
-        systemSecurityService.validatePassword(
-            securityUser.getTenantId(), resetPassword, userCredentials);
-        userCredentials.setPassword(passwordEncoder.encode(resetPassword));
-        tbUserService.replaceUserCredentials(securityUser.getTenantId(), userCredentials);
-        sendEntityNotificationMsg(
-            getTenantId(), userCredentials.getUserId(), EdgeEventActionType.CREDENTIALS_UPDATED);
-        eventPublisher.publishEvent(new UserAuthDataChangedEvent(securityUser.getId()));
-      } catch (Exception e) {
-        throw handleException(e);
-      }
+      updatePassword(resetPassword,getCurrentUser());
     }
     return ResponseResult.success(userService.changePassword(user));
   }

@@ -23,8 +23,7 @@ public class UserDTO extends BaseDTO {
   @NotEmpty(message = "姓名不能为空或字符串", groups = AddGroup.class)
   private String realName;
 
-  @JsonInclude(JsonInclude.Include.NON_NULL)
-  private String password;
+  private transient String password;
 
   @JsonInclude(JsonInclude.Include.NON_NULL)
   private String activateToken;

@@ -82,9 +82,9 @@ public class YtUserServiceImpl extends AbstractBaseService<UserMapper, User>
   private final AccountProperties accountProperties;
 
   @Override
-  public List<UserDetailsDTO> findUserDetailsByUsername(String username,String tenantId) {
+  public List<UserDetailsDTO> findUserDetailsByUsername(String username, String tenantId) {
     // 多个租户可能存在多个username相同的情况
-    return baseMapper.findUserDetailsByUserName(username,tenantId);
+    return baseMapper.findUserDetailsByUserName(username, tenantId);
   }
 
   @Override
@@ -167,7 +167,8 @@ public class YtUserServiceImpl extends AbstractBaseService<UserMapper, User>
     if (null != userDTO.getId()) {
       User user = baseMapper.selectById(userDTO.getId());
       if (user.getPhoneNumber().equals(userDTO.getPhoneNumber())
-          && user.getEmail()!=null && user.getEmail().equals(userDTO.getEmail())) {
+          && user.getEmail() != null
+          && user.getEmail().equals(userDTO.getEmail())) {
         needCheck = false;
       }
     }
@@ -342,6 +343,7 @@ public class YtUserServiceImpl extends AbstractBaseService<UserMapper, User>
               record -> {
                 fillUserStatus(record);
                 record.setHasPassword(StringUtils.isNotBlank(record.getActivateToken()));
+                record.setPassword(null);
               });
     }
     return getPageData(userPage, UserDTO.class);
@@ -423,43 +425,37 @@ public class YtUserServiceImpl extends AbstractBaseService<UserMapper, User>
 
   @Override
   @Transactional
-  public void resetPassword(String userId, boolean isPtSysadmin, String tenantId) {
-    if (isPtSysadmin) {
-      baseMapper.setPassword2NullAndInsertActiveToken(
-          userId, RandomStringUtils.randomAlphabetic(10));
-    } else {
-      User user = baseMapper.selectById(userId);
-      if (user == null) {
-        return;
-      }
-      if (tenantId.equals(user.getTenantId())) {
-        baseMapper.setPassword2NullAndInsertActiveToken(
-            userId, RandomStringUtils.randomAlphabetic(10));
-      }
+  public void resetPassword(String userId, String tenantId, String password) {
+    UserDTO userDTO = findUserInfoById(userId);
+    if (null == userDTO) {
+      throw new YtDataValidationException(ErrorMessage.INVALID_PARAMETER.getMessage());
     }
+    userDTO.setPassword(passwordEncoder.encode(password));
+    userDTO.setActivateToken(null);
+    baseMapper.updateById(userDTO.getEntity(User.class));
   }
 
   @Override
-  public void forgetPassword(String phoneNumber,AccountReqDTO forget) {
+  public void forgetPassword(String phoneNumber, AccountReqDTO forget) {
     String key =
-            MsgTemplatePurposeEnum.FOR_FORGET_PASSWORD.name()
-                    + DEFAULT_DELIMITER
-                    + MessageTypeEnum.PHONE_MESSAGE.name()
-                    + DEFAULT_DELIMITER
-                    + phoneNumber;
+        MsgTemplatePurposeEnum.FOR_FORGET_PASSWORD.name()
+            + DEFAULT_DELIMITER
+            + MessageTypeEnum.PHONE_MESSAGE.name()
+            + DEFAULT_DELIMITER
+            + phoneNumber;
     boolean correct =
-            cacheUtils
-                    .get(MOBILE_LOGIN_SMS_CODE, key)
-                    .map(
-                            o -> {
-                              CodeTTL codeTTL = (CodeTTL) o;
-                              if (System.currentTimeMillis() - codeTTL.getSendTs() < 5 * 60 * 1000) {
-                                return Objects.equals(codeTTL.getCode(), forget.getUserId());
-                              } else {
-                                return false;
-                              }
-                            })
-                    .orElse(false);
+        cacheUtils
+            .get(MOBILE_LOGIN_SMS_CODE, key)
+            .map(
+                o -> {
+                  CodeTTL codeTTL = (CodeTTL) o;
+                  if (System.currentTimeMillis() - codeTTL.getSendTs() < 5 * 60 * 1000) {
+                    return Objects.equals(codeTTL.getCode(), forget.getUserId());
+                  } else {
+                    return false;
+                  }
+                })
+            .orElse(false);
     if (!correct) {
       throw new YtDataValidationException(ErrorMessage.MSG_CODE_NOT_MATCHED.getMessage());
     }
@@ -468,16 +464,18 @@ public class YtUserServiceImpl extends AbstractBaseService<UserMapper, User>
       throw new YtDataValidationException(ErrorMessage.INVALID_PARAMETER.getMessage());
     }
 
-    User user = baseMapper.selectOne(new QueryWrapper<User>().lambda().eq(User::getPhoneNumber, phoneNumber));
+    User user =
+        baseMapper.selectOne(
+            new QueryWrapper<User>().lambda().eq(User::getPhoneNumber, phoneNumber));
 
     UserId userId = new UserId(UUID.fromString(user.getTbUser()));
     UserCredentials userCredentials =
-            tbUserService.findUserCredentialsByUserId(TenantId.SYS_TENANT_ID, userId);
-
+        tbUserService.findUserCredentialsByUserId(TenantId.SYS_TENANT_ID, userId);
 
     userCredentials.setPassword(passwordEncoder.encode(pwd));
-    tbUserService.replaceUserCredentials(new TenantId(UUID.fromString(user.getTenantId())), userCredentials);
-//    eventPublisher.publishEvent(new UserAuthDataChangedEvent(userId));
+    tbUserService.replaceUserCredentials(
+        new TenantId(UUID.fromString(user.getTenantId())), userCredentials);
+    //    eventPublisher.publishEvent(new UserAuthDataChangedEvent(userId));
 
     user.setPassword(pwd);
     changePassword(user);
@@ -614,6 +612,14 @@ public class YtUserServiceImpl extends AbstractBaseService<UserMapper, User>
   }
 
   @Override
+  public UserDTO checkAccount(String userId, Integer level) {
+    User user =
+        baseMapper.selectOne(
+            new LambdaQueryWrapper<User>().eq(User::getId, userId).eq(User::getLevel, level));
+    return null != user ? user.getDTO(UserDTO.class) : null;
+  }
+
+  @Override
   public UserDTO accountExist(String userName) {
     if (StringUtils.isEmpty(userName)) {
       throw new YtDataValidationException(ErrorMessage.INVALID_PARAMETER.getMessage());

@@ -28,9 +28,6 @@ public interface UserMapper extends BaseMapper<User> {
 
   Set<String> getAllIdsByTenantId(@Param("tenantIds") Collection<String> tenantIds);
 
-  void setPassword2NullAndInsertActiveToken(
-      @Param("userId") String userId, @Param("activeToken") String activeToken);
-
   UserDTO findUserInfo(UserDTO userDTO);
 
   List<UserDTO> findUserInfoByPhoneNumber(UserDTO userDTO);

@@ -40,7 +40,7 @@ public interface YtUserService {
 
   UserDTO saveTenantAdmin(UserDTO userDTO, boolean isPtSysadmin, String tenantId);
 
-  void resetPassword(String userId, boolean isPtSysadmin, String tenantId);
+  void resetPassword(String userId, String tenantId,String password);
 
   void forgetPassword(String phoneNumber,AccountReqDTO forget);
 
@@ -125,4 +125,12 @@ public interface YtUserService {
    */
   CompletableFuture<TsValue> findUsersAsyncByTs(LocalDateTime startTs, LocalDateTime endTs, long ts);
 
+  /**
+   * 检查账号是否存在
+   * @param userId 用户ID
+   * @param level 级别：0：超级管理员；1：平台管理员；2：租户账号；3：租户下的账号
+   * @return true 存在 false 不存在
+   */
+  UserDTO checkAccount(String userId,Integer level);
+
 }

@@ -38,6 +38,7 @@
         <result property="tbUser" column="tb_user"/>
         <result property="customerId" column="customer_id"/>
         <result property="remark" column="remark"/>
+        <result property="activateToken" column="activate_token"/>
     </resultMap>
 
     <sql id="columns">
@@ -56,7 +57,8 @@
         su.dept_id AS dept_id,
         su.level AS level,
         su.tb_user AS tb_user,
-        su.remark AS remark
+        su.remark AS remark,
+        su.activate_token AS activate_token
     </sql>
 
     <select id="findUserDetailsByUserName" resultMap="userDetailsMap">
@@ -131,13 +133,6 @@
         </foreach>
     </select>
 
-    <update id="setPassword2NullAndInsertActiveToken">
-        UPDATE sys_user
-        SET password=null,
-            activate_token=#{activeToken}
-        WHERE id = #{userId}
-    </update>
-
     <select id="findUserDetailsByPhoneNumber" resultMap="userDetailsMap">
         SELECT su.id                  as id,
                su.username            as username,