From 5db55ed7af5b451c4eb11bf266cff5c47f2f13a8 Mon Sep 17 00:00:00 2001
From: laodaming <11058467+laudamine@user.noreply.gitee.com>
Date: Mon, 20 Nov 2023 11:37:03 +0800
Subject: [PATCH] fix

---
 .../internal/logic/createldapuserlogic.go     |  8 ++++++-
 .../internal/logic/updateldapuserlogic.go     | 22 +++++++++++++++----
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/server/ldap-admin/internal/logic/createldapuserlogic.go b/server/ldap-admin/internal/logic/createldapuserlogic.go
index f7b4e851..ce952bc4 100644
--- a/server/ldap-admin/internal/logic/createldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/createldapuserlogic.go
@@ -7,6 +7,7 @@ import (
 	"fusenapi/utils/basic"
 	"fusenapi/utils/chinese_to_pinyin"
 	"fusenapi/utils/email"
+	"fusenapi/utils/encryption_decryption"
 	"fusenapi/utils/ldap_lib"
 	"strings"
 
@@ -60,6 +61,11 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, useri
 		return resp.SetStatusWithMessage(basic.CodeDbSqlErr, "获取自增用户id失败")
 	}
 	userDN := fmt.Sprintf("cn=%s,%s", req.Email, l.svcCtx.Config.Ldap.PeopleGroupDN)
+	pwd, err := encryption_decryption.CBCEncrypt(req.Password)
+	if err != nil {
+		logx.Error(err)
+		return resp.SetStatusWithMessage(basic.CodeServiceErr, "加密密码失败")
+	}
 	if err := ldapServer.Create(userDN, map[string][]string{
 		"objectClass":      {"person", "organizationalPerson", "inetOrgPerson", "posixAccount", "top", "shadowAccount"}, //固有属性
 		"shadowLastChange": {"19676"},                                                                                   //固有属性
@@ -78,7 +84,7 @@ func (l *CreateLdapUserLogic) CreateLdapUser(req *types.CreateLdapUserReq, useri
 		"departmentNumber": {"0"},
 		"postalAddress":    {req.Avatar},
 		"mobile":           {req.Mobile},
-		"userPassword":     {req.Password},
+		"userPassword":     {"{crypt}" + pwd},
 	}); err != nil {
 		logx.Error(err)
 		return resp.SetStatusWithMessage(basic.CodeServiceErr, "添加用户失败,"+err.Error())
diff --git a/server/ldap-admin/internal/logic/updateldapuserlogic.go b/server/ldap-admin/internal/logic/updateldapuserlogic.go
index 406d1c40..a4d14315 100644
--- a/server/ldap-admin/internal/logic/updateldapuserlogic.go
+++ b/server/ldap-admin/internal/logic/updateldapuserlogic.go
@@ -5,6 +5,7 @@ import (
 	"fusenapi/utils/auth"
 	"fusenapi/utils/basic"
 	"fusenapi/utils/chinese_to_pinyin"
+	"fusenapi/utils/encryption_decryption"
 	"fusenapi/utils/ldap_lib"
 	"strings"
 
@@ -61,15 +62,28 @@ func (l *UpdateLdapUserLogic) UpdateLdapUser(req *types.UpdateLdapUserReq, useri
 	}
 	if req.Password != "" {
 		//查询个人信息
-		/*user, err := ldapServer.GetLdapUserInfo(req.UserDN)
+		user, err := ldapServer.GetLdapUserInfo(req.UserDN)
 		if err != nil {
 			logx.Error(err)
 			return resp.SetStatusWithMessage(basic.CodeServiceErr, err.Error())
-		}*/
+		}
+		//解密旧的密码
+		oldPwd, err := encryption_decryption.CBCDecrypt(user.Password[7:])
+		if err != nil {
+			logx.Error(err)
+			return resp.SetStatusWithMessage(basic.CodeServiceErr, "解密旧的密码出错")
+		}
 		//验证旧的密码
+		if oldPwd != req.OldPassword {
+			return resp.SetStatusWithMessage(basic.CodeServiceErr, "旧密码不对，请重新尝试")
+		}
 		//加密新的密码
-		//赋值属性
-		//attr["userPassword"] = []string{""}
+		newPwd, err := encryption_decryption.CBCEncrypt(req.Password)
+		if err != nil {
+			logx.Error(err)
+			return resp.SetStatusWithMessage(basic.CodeServiceErr, "加密密码失败")
+		}
+		attr["userPassword"] = []string{"{crypt}" + newPwd}
 	}
 	err := ldapServer.Update(req.UserDN, attr)
 	if err != nil {