From 2a5c6a4d9ee51fec1180ae2b34cc916c739c99be Mon Sep 17 00:00:00 2001
From: laodaming <11058467+laudamine@user.noreply.gitee.com>
Date: Mon, 20 Nov 2023 11:54:30 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/ldap-admin/internal/handler/routes.go  |  5 ++
 .../handler/updateldapuserpwdhandler.go       | 35 ++++++++
 .../internal/logic/getldapuserinfologic.go    |  6 ++
 .../internal/logic/updateldapuserlogic.go     | 32 ++-----
 .../internal/logic/updateldapuserpwdlogic.go  | 87 +++++++++++++++++++
 server/ldap-admin/internal/types/types.go     |  8 +-
 server_api/ldap-admin.api                     | 11 ++-
 7 files changed, 153 insertions(+), 31 deletions(-)
 create mode 100644 server/ldap-admin/internal/handler/updateldapuserpwdhandler.go
 create mode 100644 server/ldap-admin/internal/logic/updateldapuserpwdlogic.go

diff --git a/server/ldap-admin/internal/handler/routes.go b/server/ldap-admin/internal/handler/routes.go
index 812ba45c..2d1211e5 100644
--- a/server/ldap-admin/internal/handler/routes.go
+++ b/server/ldap-admin/internal/handler/routes.go
@@ -107,6 +107,11 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 				Path:    "/api/ldap-admin/update_ldap_user",
 				Handler: UpdateLdapUserHandler(serverCtx),
 			},
+			{
+				Method:  http.MethodPost,
+				Path:    "/api/ldap-admin/update_ldap_user_pwd",
+				Handler: UpdateLdapUserPwdHandler(serverCtx),
+			},
 			{
 				Method:  http.MethodPost,
 				Path:    "/api/ldap-admin/delete_ldap_user",
diff --git a/server/ldap-admin/internal/handler/updateldapuserpwdhandler.go b/server/ldap-admin/internal/handler/updateldapuserpwdhandler.go
new file mode 100644
index 00000000..9615bbb2
--- /dev/null
+++ b/server/ldap-admin/internal/handler/updateldapuserpwdhandler.go
@@ -0,0 +1,35 @@
+package handler
+
+import (
+	"net/http"
+	"reflect"
+
+	"fusenapi/utils/basic"
+
+	"fusenapi/server/ldap-admin/internal/logic"
+	"fusenapi/server/ldap-admin/internal/svc"
+	"fusenapi/server/ldap-admin/internal/types"
+)
+
+func UpdateLdapUserPwdHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+
+		var req types.UpdateLdapUserPwdReq
+		userinfo, err := basic.RequestParse(w, r, svcCtx, &req)
+		if err != nil {
+			return
+		}
+
+		// 创建一个业务逻辑层实例
+		l := logic.NewUpdateLdapUserPwdLogic(r.Context(), svcCtx)
+
+		rl := reflect.ValueOf(l)
+		basic.BeforeLogic(w, r, rl)
+
+		resp := l.UpdateLdapUserPwd(&req, userinfo)
+
+		if !basic.AfterLogic(w, r, rl, resp) {
+			basic.NormalAfterLogic(w, r, resp)
+		}
+	}
+}
diff --git a/server/ldap-admin/internal/logic/getldapuserinfologic.go b/server/ldap-admin/internal/logic/getldapuserinfologic.go
index ee24e44c..cfd67261 100644
--- a/server/ldap-admin/internal/logic/getldapuserinfologic.go
+++ b/server/ldap-admin/internal/logic/getldapuserinfologic.go
@@ -6,7 +6,9 @@ import (
 	"fusenapi/server/ldap-admin/internal/types"
 	"fusenapi/utils/auth"
 	"fusenapi/utils/basic"
+	"fusenapi/utils/email"
 	"fusenapi/utils/ldap_lib"
+	"strings"
 
 	"github.com/zeromicro/go-zero/core/logx"
 )
@@ -33,6 +35,10 @@ func (l *GetLdapUserInfoLogic) GetLdapUserInfo(req *types.GetLdapUserInfoReq, us
 	if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，用户DN错误")
 	}
+	cnEmail := strings.Split(req.UserDN, ",")[0][3:]
+	if !email.IsEmailValid(cnEmail) {
+		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
+	}
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
 	user, err := ldapServer.GetLdapUserInfo(req.UserDN)
 	if err != nil {
diff --git a/server/ldap-admin/internal/logic/updateldapuserlogic.go b/server/ldap-admin/internal/logic/updateldapuserlogic.go
index a4d14315..3644c393 100644
--- a/server/ldap-admin/internal/logic/updateldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/updateldapuserlogic.go
@@ -5,7 +5,7 @@ import (
 	"fusenapi/utils/auth"
 	"fusenapi/utils/basic"
 	"fusenapi/utils/chinese_to_pinyin"
-	"fusenapi/utils/encryption_decryption"
+	"fusenapi/utils/email"
 	"fusenapi/utils/ldap_lib"
 	"strings"
 
@@ -38,7 +38,6 @@ func NewUpdateLdapUserLogic(ctx context.Context, svcCtx *svc.ServiceContext) *Up
 func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, userinfo *auth.UserInfo) (resp *basic.Response) {
 	req.UserDN = strings.Trim(req.UserDN, " ")
 	req.Mobile = strings.Trim(req.Mobile, " ")
-	req.Password = strings.Trim(req.Password, " ")
 	req.Avatar = strings.Trim(req.Avatar, " ")
 	req.UserName = strings.Trim(req.UserName, " ")
 	if req.AuthGroupId < 0 {
@@ -47,6 +46,10 @@ func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, useri
 	if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" {
 		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，无效的用户DN")
 	}
+	cnEmail := strings.Split(req.UserDN, ",")[0][3:]
+	if !email.IsEmailValid(cnEmail) {
+		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
+	}
 	//把用户名转pinyin
 	userNamePinyin := chinese_to_pinyin.ChineseToPinyin(req.UserName)
 	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
@@ -60,31 +63,6 @@ func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, useri
 		"postalAddress":    {req.Avatar},
 		"postalCode":       {fmt.Sprintf("%d", req.Status)},
 	}
-	if req.Password != "" {
-		//查询个人信息
-		user, err := ldapServer.GetLdapUserInfo(req.UserDN)
-		if err != nil {
-			logx.Error(err)
-			return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error())
-		}
-		//解密旧的密码
-		oldPwd, err := encryption_decryption.CBCDecrypt(user.Password[7:])
-		if err != nil {
-			logx.Error(err)
-			return resp.SetStatusWithMessage(basic.CodeServiceErr, "解密旧的密码出错")
-		}
-		//验证旧的密码
-		if oldPwd != req.OldPassword {
-			return resp.SetStatusWithMessage(basic.CodeServiceErr, "旧密码不对，请重新尝试")
-		}
-		//加密新的密码
-		newPwd, err := encryption_decryption.CBCEncrypt(req.Password)
-		if err != nil {
-			logx.Error(err)
-			return resp.SetStatusWithMessage(basic.CodeServiceErr, "加密密码失败")
-		}
-		attr["userPassword"] = []string{"{crypt}" + newPwd}
-	}
 	err := ldapServer.Update(req.UserDN, attr)
 	if err != nil {
 		logx.Error(err)
diff --git a/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go b/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go
new file mode 100644
index 00000000..df159b3c
--- /dev/null
+++ b/server/ldap-admin/internal/logic/updateldapuserpwdlogic.go
@@ -0,0 +1,87 @@
+package logic
+
+import (
+	"fusenapi/utils/auth"
+	"fusenapi/utils/basic"
+	"fusenapi/utils/email"
+	"fusenapi/utils/encryption_decryption"
+	"fusenapi/utils/ldap_lib"
+	"strings"
+
+	"context"
+
+	"fusenapi/server/ldap-admin/internal/svc"
+	"fusenapi/server/ldap-admin/internal/types"
+
+	"github.com/zeromicro/go-zero/core/logx"
+)
+
+type UpdateLdapUserPwdLogic struct {
+	logx.Logger
+	ctx    context.Context
+	svcCtx *svc.ServiceContext
+}
+
+func NewUpdateLdapUserPwdLogic(ctx context.Context, svcCtx *svc.ServiceContext) *UpdateLdapUserPwdLogic {
+	return &UpdateLdapUserPwdLogic{
+		Logger: logx.WithContext(ctx),
+		ctx:    ctx,
+		svcCtx: svcCtx,
+	}
+}
+
+// 处理进入前逻辑w,r
+// func (l *UpdateLdapUserPwdLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) {
+// }
+
+func (l *UpdateLdapUserPwdLogic) UpdateLdapUserPwd(req *types.UpdateLdapUserPwdReq, userinfo *auth.UserInfo) (resp *basic.Response) {
+	req.UserDN = strings.Trim(req.UserDN, " ")
+	req.NewPassword = strings.Trim(req.NewPassword, " ")
+	req.OldPassword = strings.Trim(req.OldPassword, " ")
+	if req.NewPassword == "" || req.OldPassword == "" {
+		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "新/旧密码都不允许为空")
+	}
+	if len(req.UserDN) <= 3 || req.UserDN[:3] != "cn=" {
+		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "参数错误，无效的用户DN")
+	}
+	cnEmail := strings.Split(req.UserDN, ",")[0][3:]
+	if !email.IsEmailValid(cnEmail) {
+		return resp.SetStatusWithMessage(basic.CodeRequestParamsErr, "错误的用户cn")
+	}
+	ldapServer := ldap_lib.NewLdap(l.svcCtx.Ldap, l.svcCtx.Config.Ldap.BaseDN, l.svcCtx.Config.Ldap.RootDN)
+	//查询个人信息
+	user, err := ldapServer.GetLdapUserInfo(req.UserDN)
+	if err != nil {
+		logx.Error(err)
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error())
+	}
+	//解密旧的密码
+	oldPwd, err := encryption_decryption.CBCDecrypt(user.Password[7:])
+	if err != nil {
+		logx.Error(err)
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, "解密旧的密码出错")
+	}
+	//验证旧的密码
+	if oldPwd != req.OldPassword {
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, "旧密码不对，请重新尝试")
+	}
+	//加密新的密码
+	newPwd, err := encryption_decryption.CBCEncrypt(req.NewPassword)
+	if err != nil {
+		logx.Error(err)
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, "加密密码失败")
+	}
+	err = ldapServer.Update(req.UserDN, map[string][]string{
+		"userPassword": {"{crypt}" + newPwd},
+	})
+	if err != nil {
+		logx.Error(err)
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, "修改密码失败")
+	}
+	return resp.SetStatusWithMessage(basic.CodeOK, "修改密码成功")
+}
+
+// 处理逻辑后 w,r 如:重定向, resp 必须重新处理
+// func (l *UpdateLdapUserPwdLogic) AfterLogic(w http.ResponseWriter, r *http.Request, resp *basic.Response) {
+// // httpx.OkJsonCtx(r.Context(), w, resp)
+// }
diff --git a/server/ldap-admin/internal/types/types.go b/server/ldap-admin/internal/types/types.go
index 119bc005..08fb2651 100644
--- a/server/ldap-admin/internal/types/types.go
+++ b/server/ldap-admin/internal/types/types.go
@@ -142,14 +142,18 @@ type CreateLdapUserReq struct {
 type UpdateLdapUserReq struct {
 	UserDN      string `json:"user_dn"`                //用户dn
 	UserName    string `json:"user_name"`              //用户名
-	Password    string `json:"password,optional"`      //密码
-	OldPassword string `json:"old_password"`           //旧的密码
 	Mobile      string `json:"mobile,optional"`        //手机号
 	Avatar      string `json:"avatar,optional"`        //头像地址
 	Status      int64  `json:"status,options=0|1"`     //状态 1正常0离职
 	AuthGroupId int64  `json:"auth_group_id,optional"` //权限分组id
 }
 
+type UpdateLdapUserPwdReq struct {
+	UserDN      string `json:"user_dn"` //用户dn
+	NewPassword string `json:"new_password"`
+	OldPassword string `json:"old_password"`
+}
+
 type DeleteLdapUserReq struct {
 	UserDN string `json:"user_dn"` //用户dn
 }
diff --git a/server_api/ldap-admin.api b/server_api/ldap-admin.api
index 32fd269b..e4e5c80b 100644
--- a/server_api/ldap-admin.api
+++ b/server_api/ldap-admin.api
@@ -68,6 +68,9 @@ service ldap-admin {
 	//修改ldap用户信息
 	@handler UpdateLdapUserHandler
 	post /api/ldap-admin/update_ldap_user(UpdateLdapUserReq) returns (response);
+	//修改ldap用户密码
+	@handler UpdateLdapUserPwdHandler
+	post /api/ldap-admin/update_ldap_user_pwd(UpdateLdapUserPwdReq) returns (response);
 	//删除ldap用户
 	@handler DeleteLdapUserHandler
 	post /api/ldap-admin/delete_ldap_user(DeleteLdapUserReq) returns (response);
@@ -220,13 +223,17 @@ type CreateLdapUserReq {
 type UpdateLdapUserReq {
 	UserDN      string `json:"user_dn"`                //用户dn
 	UserName    string `json:"user_name"`              //用户名
-	Password    string `json:"password,optional"`      //密码
-	OldPassword string `json:"old_password"`           //旧的密码
 	Mobile      string `json:"mobile,optional"`        //手机号
 	Avatar      string `json:"avatar,optional"`        //头像地址
 	Status      int64  `json:"status,options=0|1"`     //状态 1正常0离职
 	AuthGroupId int64  `json:"auth_group_id,optional"` //权限分组id
 }
+//修改用户密码
+type UpdateLdapUserPwdReq {
+	UserDN      string `json:"user_dn"` //用户dn
+	NewPassword string `json:"new_password"`
+	OldPassword string `json:"old_password"`
+}
 //删除ldap用户
 type DeleteLdapUserReq {
 	UserDN string `json:"user_dn"` //用户dn