fusen/fusenapi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of gitee.com:fusenpack/fusenapi into develop

Browse Source
This commit is contained in:
momo 2023-11-22 15:01:23 +08:00
commit 86bf47ce61
3 changed files with 93 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
View File

@ -59,16 +59,25 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
//遍历成员提取cn用于从用户基础组中获取用户信息列表 //遍历成员提取cn用于从用户基础组中获取用户信息列表
filterBuilder := strings.Builder{} filterBuilder := strings.Builder{}
memberCount := 0 memberCount := 0
for _, entry := range result.Entries { memberDNList := make([]string, 0, 100)
if entry.DN != req.OrganizationDN { if len(result.Entries) == 0 {
continue return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
List: []types.GetLdapOrganizationMembersItem{},
})
}
teamGroup := result.Entries[0]
if teamGroup.DN != req.OrganizationDN {
return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
List: []types.GetLdapOrganizationMembersItem{},
})
} }
//查到用户信息了 //查到用户信息了
for _, attr := range entry.Attributes { for _, attr := range teamGroup.Attributes {
if attr.Name != "uniqueMember" { if attr.Name != "uniqueMember" {
continue continue
} }
memberCount = len(attr.Values) memberCount = len(attr.Values)
memberDNList = attr.Values
for _, memberDn := range attr.Values { for _, memberDn := range attr.Values {
//不需要根用户 //不需要根用户
if memberDn == l.svcCtx.Config.Ldap.RootDN { if memberDn == l.svcCtx.Config.Ldap.RootDN {
@ -80,8 +89,6 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
} }
break break
} }
break
}
//从新赋值filter //从新赋值filter
filter = "(&(objectClass=posixAccount)(objectClass=inetOrgPerson)(|" + filterBuilder.String() + "))" filter = "(&(objectClass=posixAccount)(objectClass=inetOrgPerson)(|" + filterBuilder.String() + "))"
//从用户基本组中找到员工 //从用户基本组中找到员工
@ -91,6 +98,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap帐号信息失败,"+err.Error()) return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap帐号信息失败,"+err.Error())
} }
list := make([]types.GetLdapOrganizationMembersItem, 0, memberCount) list := make([]types.GetLdapOrganizationMembersItem, 0, memberCount)
mapUser := make(map[string]struct{})
for _, user := range userList { for _, user := range userList {
if user.Status != 1 { if user.Status != 1 {
//从部门member中移出 //从部门member中移出
@ -99,6 +107,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
} }
continue continue
} }
mapUser[user.UserDN] = struct{}{}
list = append(list, types.GetLdapOrganizationMembersItem{ list = append(list, types.GetLdapOrganizationMembersItem{
UserId: user.UserId, UserId: user.UserId,
UserDN: user.UserDN, UserDN: user.UserDN,
@ -110,6 +119,18 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
Status: user.Status, Status: user.Status,
}) })
} }
//成员组成员DN数跟查出来的不一致有可能是帐号被物理删除了则也把帐号从组织中移除
if memberCount != len(userList) {
for _, memberDN := range memberDNList {
if _, ok := mapUser[memberDN]; ok {
continue
}
//从组织中移除没有帐号的用户
if err = l.svcCtx.Ldap.RemoveUserFromOrganization(req.OrganizationDN, memberDN); err != nil {
logx.Error("移除用户成员失败!:", err)
}
}
}
return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{ return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
List: list, List: list,
}) })

16
utils/ldap_lib/auth.go
View File

@ -5,11 +5,21 @@ import (
"net/http" "net/http"
) )
type LdapVerifyType string
const (
API_PATH LdapVerifyType = "api_path"
MENU_PATH LdapVerifyType = "menu_path"
)
type LdapOptions struct { type LdapOptions struct {
Type LdapVerifyType
Value string
} }
// 验证权限 // 验证权限
func (l *Ldap) VerifyAuthority(r *http.Request, options ...string) bool { func (l *Ldap) VerifyAuthority(r *http.Request, options ...LdapOptions) bool {
return true
token := r.Header.Get("Ldap-Authorization") token := r.Header.Get("Ldap-Authorization")
info, err := l.ParseJwtToken(token, l.jwtSecret) info, err := l.ParseJwtToken(token, l.jwtSecret)
if err != nil { if err != nil {
@ -27,9 +37,5 @@ func (l *Ldap) VerifyAuthority(r *http.Request, options ...string) bool {
if len(options) == 0 { if len(options) == 0 {
return true return true
} }
// todo 获取分组信息
/*for _, option := range options {
}*/
return true return true
} }

18
utils/ldap_lib/ldap_user.go
View File

@ -29,13 +29,17 @@ func (l *Ldap) GetLdapUserInfo(userDN string) (*LdapUserInfo, error) {
if len(res.Entries) != 1 { if len(res.Entries) != 1 {
return nil, errors.New("查询到不到用户信息") return nil, errors.New("查询到不到用户信息")
} }
user := &LdapUserInfo{} if len(res.Entries) == 0 {
for _, entry := range res.Entries { return nil, errors.New("ldap user not exists(entry not exists)")
if entry.DN != userDN {
continue
} }
user.UserDN = entry.DN userEntry := res.Entries[0]
for _, attr := range entry.Attributes { if userEntry.DN != userDN {
return nil, errors.New("ldap user not exists(DN not match)")
}
user := &LdapUserInfo{
UserDN: userEntry.DN,
}
for _, attr := range userEntry.Attributes {
switch attr.Name { switch attr.Name {
case "uidNumber": //用户id case "uidNumber": //用户id
if len(attr.Values) == 0 { if len(attr.Values) == 0 {
@ -73,8 +77,6 @@ func (l *Ldap) GetLdapUserInfo(userDN string) (*LdapUserInfo, error) {
} }
} }
} }
break
}
if user.UserId == 0 { if user.UserId == 0 {
return nil, errors.New("查询到的不是用户信息!!!") return nil, errors.New("查询到的不是用户信息!!!")
} }