|
@@ -33,10 +33,12 @@ import org.thingsboard.server.common.data.security.Authority; |
|
@@ -33,10 +33,12 @@ import org.thingsboard.server.common.data.security.Authority; |
|
33
|
import org.thingsboard.server.common.data.security.UserCredentials;
|
33
|
import org.thingsboard.server.common.data.security.UserCredentials;
|
|
34
|
import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants;
|
34
|
import org.thingsboard.server.common.data.yunteng.constant.FastIotConstants;
|
|
35
|
import org.thingsboard.server.common.data.yunteng.core.cache.CacheUtils;
|
35
|
import org.thingsboard.server.common.data.yunteng.core.cache.CacheUtils;
|
|
|
|
36
|
+import org.thingsboard.server.common.data.yunteng.dto.UserDetailRoleDTO;
|
|
36
|
import org.thingsboard.server.common.data.yunteng.dto.UserDetailsDTO;
|
37
|
import org.thingsboard.server.common.data.yunteng.dto.UserDetailsDTO;
|
|
37
|
import org.thingsboard.server.common.data.yunteng.dto.request.CodeTTL;
|
38
|
import org.thingsboard.server.common.data.yunteng.dto.request.CodeTTL;
|
|
38
|
import org.thingsboard.server.common.data.yunteng.enums.MessageTypeEnum;
|
39
|
import org.thingsboard.server.common.data.yunteng.enums.MessageTypeEnum;
|
|
39
|
import org.thingsboard.server.common.data.yunteng.enums.MsgTemplatePurposeEnum;
|
40
|
import org.thingsboard.server.common.data.yunteng.enums.MsgTemplatePurposeEnum;
|
|
|
|
41
|
+import org.thingsboard.server.common.data.yunteng.enums.RoleEnum;
|
|
40
|
import org.thingsboard.server.dao.audit.AuditLogService;
|
42
|
import org.thingsboard.server.dao.audit.AuditLogService;
|
|
41
|
import org.thingsboard.server.dao.customer.CustomerService;
|
43
|
import org.thingsboard.server.dao.customer.CustomerService;
|
|
42
|
import org.thingsboard.server.service.security.model.SecurityUser;
|
44
|
import org.thingsboard.server.service.security.model.SecurityUser;
|
|
@@ -47,10 +49,8 @@ import org.thingsboard.server.dao.yunteng.service.YtUserService; |
|
@@ -47,10 +49,8 @@ import org.thingsboard.server.dao.yunteng.service.YtUserService; |
|
47
|
import ua_parser.Client;
|
49
|
import ua_parser.Client;
|
|
48
|
|
50
|
|
|
49
|
import java.time.LocalDateTime;
|
51
|
import java.time.LocalDateTime;
|
|
50
|
-import java.util.List;
|
|
|
|
51
|
-import java.util.Objects;
|
|
|
|
52
|
-import java.util.Optional;
|
|
|
|
53
|
-import java.util.UUID;
|
52
|
+import java.util.*;
|
|
|
|
53
|
+import java.util.stream.Collectors;
|
|
54
|
|
54
|
|
|
55
|
import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.CacheConfigKey.MOBILE_LOGIN_SMS_CODE;
|
55
|
import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.CacheConfigKey.MOBILE_LOGIN_SMS_CODE;
|
|
56
|
import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.DEFAULT_DELIMITER;
|
56
|
import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.DEFAULT_DELIMITER;
|
|
@@ -94,6 +94,10 @@ public class RestAuthenticationProvider implements AuthenticationProvider { |
|
@@ -94,6 +94,10 @@ public class RestAuthenticationProvider implements AuthenticationProvider { |
|
94
|
if (!FastIotConstants.EMAIL_PATTERN.matcher(username).matches()) {
|
94
|
if (!FastIotConstants.EMAIL_PATTERN.matcher(username).matches()) {
|
|
95
|
username += FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB;
|
95
|
username += FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB;
|
|
96
|
ytDetailDTO = ytUserDetailsByUserName(ytUserName, password).get();
|
96
|
ytDetailDTO = ytUserDetailsByUserName(ytUserName, password).get();
|
|
|
|
97
|
+ // 如果是平台用户单独处理
|
|
|
|
98
|
+ if (isPlatFormUser(ytDetailDTO)) {
|
|
|
|
99
|
+ return validateByUsernameAndPassword(ytDetailDTO, authentication, userPrincipal);
|
|
|
|
100
|
+ }
|
|
97
|
}
|
101
|
}
|
|
98
|
return authenticateByUsernameAndPassword(
|
102
|
return authenticateByUsernameAndPassword(
|
|
99
|
ytDetailDTO, authentication, userPrincipal, username, password);
|
103
|
ytDetailDTO, authentication, userPrincipal, username, password);
|
|
@@ -109,6 +113,26 @@ public class RestAuthenticationProvider implements AuthenticationProvider { |
|
@@ -109,6 +113,26 @@ public class RestAuthenticationProvider implements AuthenticationProvider { |
|
109
|
}
|
113
|
}
|
|
110
|
}
|
114
|
}
|
|
111
|
|
115
|
|
|
|
|
116
|
+ private Authentication validateByUsernameAndPassword(
|
|
|
|
117
|
+ UserDetailsDTO ytDetailDTO, Authentication authentication, UserPrincipal userPrincipal) {
|
|
|
|
118
|
+ Object principal = authentication.getPrincipal();
|
|
|
|
119
|
+ if (!(principal instanceof UserPrincipal)) {
|
|
|
|
120
|
+ throw new BadCredentialsException("Authentication Failed. Bad user principal.");
|
|
|
|
121
|
+ }
|
|
|
|
122
|
+ User user = new User();
|
|
|
|
123
|
+ user.setUserDetailsDTO(ytDetailDTO);
|
|
|
|
124
|
+ user.setAuthority(Authority.PLATFORM_USER);
|
|
|
|
125
|
+ user.setTenantId(new TenantId(EntityId.NULL_UUID));
|
|
|
|
126
|
+ user.setId(new UserId(UUID.fromString(ytDetailDTO.getId())));
|
|
|
|
127
|
+ String email = ytDetailDTO.getUsername();
|
|
|
|
128
|
+ email += FastIotConstants.DEFAULT_EMAIL_SUFFIX_FOR_TB;
|
|
|
|
129
|
+ user.setEmail(email);
|
|
|
|
130
|
+ UserCredentials userCredentials = new UserCredentials();
|
|
|
|
131
|
+ SecurityUser securityUser = new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
|
|
|
|
132
|
+ return new UsernamePasswordAuthenticationToken(
|
|
|
|
133
|
+ securityUser, null, securityUser.getAuthorities());
|
|
|
|
134
|
+ }
|
|
|
|
135
|
+
|
|
112
|
private Authentication authenticateByUsernameAndPassword(
|
136
|
private Authentication authenticateByUsernameAndPassword(
|
|
113
|
UserDetailsDTO ytDetailDTO,
|
137
|
UserDetailsDTO ytDetailDTO,
|
|
114
|
Authentication authentication,
|
138
|
Authentication authentication,
|
|
@@ -116,7 +140,6 @@ public class RestAuthenticationProvider implements AuthenticationProvider { |
|
@@ -116,7 +140,6 @@ public class RestAuthenticationProvider implements AuthenticationProvider { |
|
116
|
String username,
|
140
|
String username,
|
|
117
|
String password) {
|
141
|
String password) {
|
|
118
|
|
142
|
|
|
119
|
- // TODO 先验证sys_user账号密码是否正确,正确后,在账号后面加上后缀验证TB用户是否正确
|
|
|
|
120
|
Object principal = authentication.getPrincipal();
|
143
|
Object principal = authentication.getPrincipal();
|
|
121
|
if (!(principal instanceof UserPrincipal)) {
|
144
|
if (!(principal instanceof UserPrincipal)) {
|
|
122
|
throw new BadCredentialsException("Authentication Failed. Bad user principal.");
|
145
|
throw new BadCredentialsException("Authentication Failed. Bad user principal.");
|
|
@@ -358,4 +381,19 @@ public class RestAuthenticationProvider implements AuthenticationProvider { |
|
@@ -358,4 +381,19 @@ public class RestAuthenticationProvider implements AuthenticationProvider { |
|
358
|
}
|
381
|
}
|
|
359
|
return true;
|
382
|
return true;
|
|
360
|
}
|
383
|
}
|
|
|
|
384
|
+
|
|
|
|
385
|
+ /**
|
|
|
|
386
|
+ * 判断是否是平台用户
|
|
|
|
387
|
+ *
|
|
|
|
388
|
+ * @param ytDetailDTO 用户详情
|
|
|
|
389
|
+ * @return true是平台用户 false不是平台用户
|
|
|
|
390
|
+ */
|
|
|
|
391
|
+ private boolean isPlatFormUser(UserDetailsDTO ytDetailDTO) {
|
|
|
|
392
|
+ Set<String> roles =
|
|
|
|
393
|
+ ytDetailDTO.getRoles().stream()
|
|
|
|
394
|
+ .map(UserDetailRoleDTO::getRoleType)
|
|
|
|
395
|
+ .map(RoleEnum::name)
|
|
|
|
396
|
+ .collect(Collectors.toSet());
|
|
|
|
397
|
+ return roles.stream().anyMatch(role -> role.equals(RoleEnum.PLATFORM_ADMIN.name()));
|
|
|
|
398
|
+ }
|
|
361
|
} |
399
|
} |
