Showing
2 changed files
with
44 additions
and
5 deletions
| ... | ... | @@ -33,10 +33,12 @@ import org.thingsboard.server.common.data.security.Authority; |
| 33 | 33 | import org.thingsboard.server.common.data.security.UserCredentials; |
| 34 | 34 | import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants; |
| 35 | 35 | import org.thingsboard.server.common.data.yunteng.core.cache.CacheUtils; |
| 36 | +import org.thingsboard.server.common.data.yunteng.dto.UserDetailRoleDTO; | |
| 36 | 37 | import org.thingsboard.server.common.data.yunteng.dto.UserDetailsDTO; |
| 37 | 38 | import org.thingsboard.server.common.data.yunteng.dto.request.CodeTTL; |
| 38 | 39 | import org.thingsboard.server.common.data.yunteng.enums.MessageTypeEnum; |
| 39 | 40 | import org.thingsboard.server.common.data.yunteng.enums.MsgTemplatePurposeEnum; |
| 41 | +import org.thingsboard.server.common.data.yunteng.enums.RoleEnum; | |
| 40 | 42 | import org.thingsboard.server.dao.audit.AuditLogService; |
| 41 | 43 | import org.thingsboard.server.dao.customer.CustomerService; |
| 42 | 44 | import org.thingsboard.server.service.security.model.SecurityUser; |
| ... | ... | @@ -47,10 +49,8 @@ import org.thingsboard.server.dao.yunteng.service.YtUserService; |
| 47 | 49 | import ua_parser.Client; |
| 48 | 50 | |
| 49 | 51 | import java.time.LocalDateTime; |
| 50 | -import java.util.List; | |
| 51 | -import java.util.Objects; | |
| 52 | -import java.util.Optional; | |
| 53 | -import java.util.UUID; | |
| 52 | +import java.util.*; | |
| 53 | +import java.util.stream.Collectors; | |
| 54 | 54 | |
| 55 | 55 | import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.CacheConfigKey.MOBILE_LOGIN_SMS_CODE; |
| 56 | 56 | import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.DEFAULT_DELIMITER; |
| ... | ... | @@ -94,6 +94,10 @@ public class RestAuthenticationProvider implements AuthenticationProvider { |
| 94 | 94 | if (!FastIotConstants.EMAIL_PATTERN.matcher(username).matches()) { |
| 95 | 95 | username += FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB; |
| 96 | 96 | ytDetailDTO = ytUserDetailsByUserName(ytUserName, password).get(); |
| 97 | + // 如果是平台用户单独处理 | |
| 98 | + if (isPlatFormUser(ytDetailDTO)) { | |
| 99 | + return validateByUsernameAndPassword(ytDetailDTO, authentication, userPrincipal); | |
| 100 | + } | |
| 97 | 101 | } |
| 98 | 102 | return authenticateByUsernameAndPassword( |
| 99 | 103 | ytDetailDTO, authentication, userPrincipal, username, password); |
| ... | ... | @@ -109,6 +113,26 @@ public class RestAuthenticationProvider implements AuthenticationProvider { |
| 109 | 113 | } |
| 110 | 114 | } |
| 111 | 115 | |
| 116 | + private Authentication validateByUsernameAndPassword( | |
| 117 | + UserDetailsDTO ytDetailDTO, Authentication authentication, UserPrincipal userPrincipal) { | |
| 118 | + Object principal = authentication.getPrincipal(); | |
| 119 | + if (!(principal instanceof UserPrincipal)) { | |
| 120 | + throw new BadCredentialsException("Authentication Failed. Bad user principal."); | |
| 121 | + } | |
| 122 | + User user = new User(); | |
| 123 | + user.setUserDetailsDTO(ytDetailDTO); | |
| 124 | + user.setAuthority(Authority.PLATFORM_USER); | |
| 125 | + user.setTenantId(new TenantId(EntityId.NULL_UUID)); | |
| 126 | + user.setId(new UserId(UUID.fromString(ytDetailDTO.getId()))); | |
| 127 | + String email = ytDetailDTO.getUsername(); | |
| 128 | + email += FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB; | |
| 129 | + user.setEmail(email); | |
| 130 | + UserCredentials userCredentials = new UserCredentials(); | |
| 131 | + SecurityUser securityUser = new SecurityUser(user, userCredentials.isEnabled(), userPrincipal); | |
| 132 | + return new UsernamePasswordAuthenticationToken( | |
| 133 | + securityUser, null, securityUser.getAuthorities()); | |
| 134 | + } | |
| 135 | + | |
| 112 | 136 | private Authentication authenticateByUsernameAndPassword( |
| 113 | 137 | UserDetailsDTO ytDetailDTO, |
| 114 | 138 | Authentication authentication, |
| ... | ... | @@ -116,7 +140,6 @@ public class RestAuthenticationProvider implements AuthenticationProvider { |
| 116 | 140 | String username, |
| 117 | 141 | String password) { |
| 118 | 142 | |
| 119 | - // TODO 先验证sys_user账号密码是否正确,正确后,在账号后面加上后缀验证TB用户是否正确 | |
| 120 | 143 | Object principal = authentication.getPrincipal(); |
| 121 | 144 | if (!(principal instanceof UserPrincipal)) { |
| 122 | 145 | throw new BadCredentialsException("Authentication Failed. Bad user principal."); |
| ... | ... | @@ -358,4 +381,19 @@ public class RestAuthenticationProvider implements AuthenticationProvider { |
| 358 | 381 | } |
| 359 | 382 | return true; |
| 360 | 383 | } |
| 384 | + | |
| 385 | + /** | |
| 386 | + * 判断是否是平台用户 | |
| 387 | + * | |
| 388 | + * @param ytDetailDTO 用户详情 | |
| 389 | + * @return true是平台用户 false不是平台用户 | |
| 390 | + */ | |
| 391 | + private boolean isPlatFormUser(UserDetailsDTO ytDetailDTO) { | |
| 392 | + Set<String> roles = | |
| 393 | + ytDetailDTO.getRoles().stream() | |
| 394 | + .map(UserDetailRoleDTO::getRoleType) | |
| 395 | + .map(RoleEnum::name) | |
| 396 | + .collect(Collectors.toSet()); | |
| 397 | + return roles.stream().anyMatch(role -> role.equals(RoleEnum.PLATFORM_ADMIN.name())); | |
| 398 | + } | |
| 361 | 399 | } | ... | ... |