fix: 允许通过手机验证码登录平台

@@ -52,6 +52,7 @@ import org.thingsboard.server.service.security.auth.oauth2.HttpCookieOAuth2Autho
 import org.thingsboard.server.service.security.auth.rest.RestAuthenticationProvider;
 import org.thingsboard.server.service.security.auth.rest.RestLoginProcessingFilter;
 import org.thingsboard.server.service.security.auth.rest.RestPublicLoginProcessingFilter;
+import org.thingsboard.server.service.security.auth.yunteng.CodeLoginProcessingFilter;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -70,9 +71,10 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
     public static final String WEBJARS_ENTRY_POINT = "/webjars/**";
     public static final String DEVICE_API_ENTRY_POINT = "/api/v1/**";
     public static final String FORM_BASED_LOGIN_ENTRY_POINT = "/api/auth/login";
+    public static final String CODE_BASED_LOGIN_ENTRY_POINT = "/api/yt/auth/code/login";
     public static final String PUBLIC_LOGIN_ENTRY_POINT = "/api/auth/login/public";
     public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";
-    protected static final String[] NON_TOKEN_BASED_AUTH_ENTRY_POINTS = new String[] {"/index.html", "/assets/**", "/static/**", "/api/noauth/**", "/webjars/**",  "/api/license/**"};
+    protected static final String[] NON_TOKEN_BASED_AUTH_ENTRY_POINTS = new String[] {"/index.html", "/assets/**", "/static/**", "/api/noauth/**", "/webjars/**",  "/api/license/**", "/api/yt/noauth/**"};
     public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**";
     public static final String WS_TOKEN_BASED_AUTH_ENTRY_POINT = "/api/ws/**";
 
@@ -125,6 +127,13 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
     }
 
     @Bean
+    protected CodeLoginProcessingFilter buildSmsCodeLoginProcessingFilter() throws Exception{
+        CodeLoginProcessingFilter filter = new CodeLoginProcessingFilter(CODE_BASED_LOGIN_ENTRY_POINT, successHandler, failureHandler, objectMapper);
+        filter.setAuthenticationManager(this.authenticationManager);
+        return filter;
+    }
+
+    @Bean
     protected RestPublicLoginProcessingFilter buildRestPublicLoginProcessingFilter() throws Exception {
         RestPublicLoginProcessingFilter filter = new RestPublicLoginProcessingFilter(PUBLIC_LOGIN_ENTRY_POINT, successHandler, failureHandler, objectMapper);
         filter.setAuthenticationManager(this.authenticationManager);
@@ -133,7 +142,7 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
 
     protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception {
         List<String> pathsToSkip = new ArrayList<>(Arrays.asList(NON_TOKEN_BASED_AUTH_ENTRY_POINTS));
-        pathsToSkip.addAll(Arrays.asList(WS_TOKEN_BASED_AUTH_ENTRY_POINT, TOKEN_REFRESH_ENTRY_POINT, FORM_BASED_LOGIN_ENTRY_POINT,
+        pathsToSkip.addAll(Arrays.asList(WS_TOKEN_BASED_AUTH_ENTRY_POINT, TOKEN_REFRESH_ENTRY_POINT, FORM_BASED_LOGIN_ENTRY_POINT,CODE_BASED_LOGIN_ENTRY_POINT,
                 PUBLIC_LOGIN_ENTRY_POINT, DEVICE_API_ENTRY_POINT, WEBJARS_ENTRY_POINT));
         SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT);
         JwtTokenAuthenticationProcessingFilter filter
@@ -200,6 +209,7 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
                 .antMatchers(WEBJARS_ENTRY_POINT).permitAll() // Webjars
                 .antMatchers(DEVICE_API_ENTRY_POINT).permitAll() // Device HTTP Transport API
                 .antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll() // Login end-point
+                .antMatchers(CODE_BASED_LOGIN_ENTRY_POINT).permitAll() // SmsCode Login end-point
                 .antMatchers(PUBLIC_LOGIN_ENTRY_POINT).permitAll() // Public login end-point
                 .antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token refresh end-point
                 .antMatchers(NON_TOKEN_BASED_AUTH_ENTRY_POINTS).permitAll() // static resources, user activation and password reset end-points
@@ -211,6 +221,7 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
                 .exceptionHandling().accessDeniedHandler(restAccessDeniedHandler)
                 .and()
                 .addFilterBefore(buildRestLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(buildSmsCodeLoginProcessingFilter(),UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(buildRestPublicLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(buildJwtTokenAuthenticationProcessingFilter(), UsernamePasswordAuthenticationFilter.class)
                 .addFilterBefore(buildRefreshTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class)

+package org.thingsboard.server.service.security.auth.yunteng;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
+import org.springframework.security.web.authentication.AuthenticationFailureHandler;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.thingsboard.server.common.data.yunteng.dto.request.CodeLoginRequest;
+import org.thingsboard.server.service.security.exception.AuthMethodNotSupportedException;
+import org.thingsboard.server.service.security.model.UserPrincipal;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Slf4j
+public class CodeLoginProcessingFilter extends AbstractAuthenticationProcessingFilter {
+
+  private final AuthenticationSuccessHandler successHandler;
+  private final AuthenticationFailureHandler failureHandler;
+  private final ObjectMapper objectMapper;
+
+  public CodeLoginProcessingFilter(
+      String defaultProcessUrl,
+      AuthenticationSuccessHandler successHandler,
+      AuthenticationFailureHandler failureHandler,
+      ObjectMapper mapper) {
+    super(defaultProcessUrl);
+    this.successHandler = successHandler;
+    this.failureHandler = failureHandler;
+    this.objectMapper = mapper;
+  }
+
+  @Override
+  public Authentication attemptAuthentication(
+      HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
+    if (!HttpMethod.POST.name().equals(request.getMethod())) {
+      if (log.isDebugEnabled()) {
+        log.debug("Authentication method not supported. Request method: " + request.getMethod());
+      }
+      throw new AuthMethodNotSupportedException("Authentication method not supported");
+    }
+    CodeLoginRequest loginRequest;
+    try {
+      loginRequest = objectMapper.readValue(request.getReader(), CodeLoginRequest.class);
+    } catch (Exception e) {
+      throw new AuthenticationServiceException("Invalid login request payload");
+    }
+    if (StringUtils.isBlank(loginRequest.getCode())
+        || StringUtils.isBlank(loginRequest.getPhoneNumber())) {
+      throw new AuthenticationServiceException("phone number or sms code not provided");
+    }
+    UserPrincipal principal =
+        new UserPrincipal(UserPrincipal.Type.SMS_CODE, loginRequest.getPhoneNumber());
+    UsernamePasswordAuthenticationToken token =
+        new UsernamePasswordAuthenticationToken(principal, loginRequest.getCode());
+    token.setDetails(authenticationDetailsSource.buildDetails(request));
+    return this.getAuthenticationManager().authenticate(token);
+  }
+
+  @Override
+  protected void successfulAuthentication(
+      HttpServletRequest request,
+      HttpServletResponse response,
+      FilterChain chain,
+      Authentication authResult)
+      throws IOException, ServletException {
+    successHandler.onAuthenticationSuccess(request, response, chain, authResult);
+  }
+
+  @Override
+  protected void unsuccessfulAuthentication(
+      HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
+      throws IOException, ServletException {
+    failureHandler.onAuthenticationFailure(request, response, failed);
+  }
+}

@@ -423,6 +423,15 @@ caffeine:
     edges:
       timeToLiveInMinutes: 1440
       maxSize: 10000
+    yunTengIotCache:
+      timeToLiveInMinutes: 1440
+      maxSize: 10000
+    userPermissionFor:
+      timeToLiveInMinutes: 1440
+      maxSize: 10000
+    mobileLoginSmsCode:
+      timeToLiveInMinutes: 2
+      maxSize: 10000
 
 redis:
   # standalone or cluster

@@ -25,7 +25,9 @@ public interface FastIotConstants {
   class ConfigJSONKey {
     public static final String BASE_URL = "baseUrl";
   }
-
+  class Relation {
+    public static final String relationType = "Created";
+  }
   String DEFAULT_DELIMITER = "#";
 
   class StateValue {
@@ -56,10 +58,9 @@ public interface FastIotConstants {
   }
 
   interface CacheConfigKey {
-    String CACHE_CONFIG_KEY = "YUN_TENG_IOT_CACHE";
-    String USER_PERMISSION_PREFIX = "user_permission_for_";
-    String MOBILE_LOGIN_SMS_CODE = "mobile_login_sms_code";
-    String DEFAULT_RULE_CHAIN = "default_rule_chain";
+    String CACHE_CONFIG_KEY = "yunTengIotCache";
+    String USER_PERMISSION_PREFIX = "userPermissionFor_";
+    String MOBILE_LOGIN_SMS_CODE = "mobileLoginSmsCode";
   }
 
   String DEFAULT_EMAIL_SUFFIX_FOR_TB ="@yunteng.com";