简柏林 / thingskit · Commits

Commit 472f4dd18d286916ecfa5628da0f5bebdcb2083b

Authored by 云中非
1 parent f3ab2fbf

fix: 授权客户获取用户访问系统所需的访问令牌

Inline Side-by-side
Showing 4 changed files with 54 additions and 6 deletions
... ... @@ -74,7 +74,7 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
74 74
75 75 //Thingskit function
76 76 public static final String CODE_BASED_LOGIN_ENTRY_POINT = "/api/yt/auth/code/login";
77   - public static final String[] YT_NOT_AUTH_API = new String[]{"/api/yt/auth/code/login","/api/yt/third/bind","/api/yt/third/login/*","/api/yt/third/login/id/*", "/api/yt/noauth/**"};
  77 + public static final String[] YT_NOT_AUTH_API = new String[]{"/api/yt/auth/code/login","/api/yt/third/bind","/api/yt/third/login/*","/api/yt/third/login/id/*", "/api/yt/third/authorize", "/api/yt/noauth/**"};
78 78
79 79 public static final String PUBLIC_LOGIN_ENTRY_POINT = "/api/auth/login/public";
80 80 public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";
... ...
... ... @@ -9,10 +9,13 @@ import org.springframework.validation.annotation.Validated;
9 9 import org.springframework.web.bind.annotation.*;
10 10 import org.thingsboard.server.common.data.StringUtils;
11 11 import org.thingsboard.server.common.data.User;
  12 +import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
12 13 import org.thingsboard.server.common.data.exception.ThingsboardException;
13 14 import org.thingsboard.server.common.data.id.UserId;
14 15 import org.thingsboard.server.common.data.security.UserCredentials;
15 16 import org.thingsboard.server.common.data.yunteng.common.DeleteGroup;
  17 +import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
  18 +import org.thingsboard.server.common.data.yunteng.dto.AuthorizeDTO;
16 19 import org.thingsboard.server.common.data.yunteng.dto.UserDTO;
17 20 import org.thingsboard.server.common.data.yunteng.dto.UserDetailsDTO;
18 21 import org.thingsboard.server.common.data.yunteng.dto.YtThirdUserDTO;
... ... @@ -21,6 +24,7 @@ import org.thingsboard.server.common.data.yunteng.enums.ThirdPlatformEnum;
21 24 import org.thingsboard.server.common.data.yunteng.utils.JacksonUtil;
22 25 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
23 26 import org.thingsboard.server.controller.BaseController;
  27 +import org.thingsboard.server.dao.exception.DataValidationException;
24 28 import org.thingsboard.server.dao.yunteng.entities.YtThirdUserEntity;
25 29 import org.thingsboard.server.dao.yunteng.service.YtThirdPlatformService;
26 30 import org.thingsboard.server.dao.yunteng.service.YtUserService;
... ... @@ -110,6 +114,22 @@ public class YtThirdPlatformController extends BaseController {
110 114 return buildJwtToken(userDto, userId);
111 115 }
112 116
  117 + private String authrizeKey="zhiyun";
  118 + private String authrizeSecret="zhiyun";
  119 + @PostMapping("authorize")
  120 + @ApiOperation("授权客户获取用户访问令牌")
  121 + public YtLoginResponse authorizeLogin(@Validated @RequestBody AuthorizeDTO dto)
  122 + throws ThingsboardException {
  123 + if(!authrizeKey.equals(dto.getAuthrizeKey()) || !authrizeSecret.equals(dto.getAuthrizeSecret())){
  124 + throw new DataValidationException( ErrorMessage.NO_PERMISSION.getMessage());
  125 + }
  126 + UserDTO userDto = ytUserService.accountExist(dto.getUserName());
  127 + if (userDto == null) {
  128 + return new YtLoginResponse().setThirdUserId(dto.getAuthrizeKey());
  129 + }
  130 + return buildJwtToken(userDto, dto.getAuthrizeKey());
  131 + }
  132 +
113 133 @NotNull
114 134 private YtLoginResponse buildJwtToken(UserDTO userDto, String thirdUserId) {
115 135 String accessToken = "";
... ...
... ... @@ -5,11 +5,11 @@ import com.fasterxml.jackson.annotation.JsonFormat;
5 5 @JsonFormat(shape = JsonFormat.Shape.OBJECT)
6 6 public enum ErrorMessage {
7 7 // ERROR STARTS FROM HERE
8   - INTERNAL_ERROR(500000, "internal error"),
9   - OPERATION_FAILED(500001, "operation failed"),
10   - NO_PERMISSION(403001, "no permission"),
11   - ACCOUNT_DISABLED(403002, "account disabled"),
12   - ACCESS_DENIED(403003, "access denied"),
  8 + INTERNAL_ERROR(500000, "网络异常"),
  9 + OPERATION_FAILED(500001, "操作失败"),
  10 + NO_PERMISSION(403001, "没有操作权限"),
  11 + ACCOUNT_DISABLED(403002, "账号已禁用"),
  12 + ACCESS_DENIED(403003, "拒绝访问"),
13 13 AUTHENTICATION_METHOD_NOT_SUPPORTED(403004, "authentication method not supported"),
14 14 USERNAME_PASSWORD_INCORRECT(401001, "incorrect username or password"),
15 15 TOKEN_EXPIRED(401002, "token has expired"),
... ...
  1 +package org.thingsboard.server.common.data.yunteng.dto;
  2 +
  3 +import io.swagger.annotations.ApiModelProperty;
  4 +import lombok.Data;
  5 +import lombok.EqualsAndHashCode;
  6 +import org.thingsboard.server.common.data.yunteng.enums.LoginMethodEnum;
  7 +import org.thingsboard.server.common.data.yunteng.enums.ThirdPlatformEnum;
  8 +
  9 +import javax.validation.constraints.NotEmpty;
  10 +
  11 +/**
  12 + * 授权客户的用户登录(认证)
  13 + *
  14 + * @author Administrator
  15 + */
  16 +@Data
  17 +public class AuthorizeDTO {
  18 +
  19 + @ApiModelProperty(value = "授权客户的唯一标识", required = true)
  20 + @NotEmpty(message = "系统用户唯一标识不能为空")
  21 + private String authrizeKey;
  22 +
  23 + @ApiModelProperty(value = "授权客户的密钥", required = true)
  24 + private String authrizeSecret;
  25 +
  26 + @ApiModelProperty(value = "授权客户的用户,应用系统的登录账号", required = true)
  27 + private String userName;
  28 +}
... ...