fusen/fusenapi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'develop' of gitee.com:fusenpack/fusenapi into develop

Browse Source
This commit is contained in:
momo 2023-11-22 15:01:23 +08:00
commit 86bf47ce61
3 changed files with 93 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
server/ldap-admin/internal/logic/getldaporganizationmemberslogic.go
View File

@ -59,26 +59,33 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
//遍历成员提取cn用于从用户基础组中获取用户信息列表 //遍历成员提取cn用于从用户基础组中获取用户信息列表
filterBuilder := strings.Builder{} filterBuilder := strings.Builder{}
memberCount := 0 memberCount := 0
for _, entry := range result.Entries { memberDNList := make([]string, 0, 100)
if entry.DN != req.OrganizationDN { if len(result.Entries) == 0 {
return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
List: []types.GetLdapOrganizationMembersItem{},
})
}
teamGroup := result.Entries[0]
if teamGroup.DN != req.OrganizationDN {
return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
List: []types.GetLdapOrganizationMembersItem{},
})
}
//查到用户信息了
for _, attr := range teamGroup.Attributes {
if attr.Name != "uniqueMember" {
continue continue
} }
//查到用户信息了 memberCount = len(attr.Values)
for _, attr := range entry.Attributes { memberDNList = attr.Values
if attr.Name != "uniqueMember" { for _, memberDn := range attr.Values {
//不需要根用户
if memberDn == l.svcCtx.Config.Ldap.RootDN {
continue continue
} }
memberCount = len(attr.Values) //解析dn成每个小的单元
for _, memberDn := range attr.Values { cellList := strings.Split(memberDn, ",") //取cn邮箱
//不需要根用户 filterBuilder.WriteString(fmt.Sprintf("(%s)", cellList[0]))
if memberDn == l.svcCtx.Config.Ldap.RootDN {
continue
}
//解析dn成每个小的单元
cellList := strings.Split(memberDn, ",") //取cn邮箱
filterBuilder.WriteString(fmt.Sprintf("(%s)", cellList[0]))
}
break
} }
break break
} }
@ -91,6 +98,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap帐号信息失败,"+err.Error()) return resp.SetStatusWithMessage(basic.CodeServiceErr, "查询ldap帐号信息失败,"+err.Error())
} }
list := make([]types.GetLdapOrganizationMembersItem, 0, memberCount) list := make([]types.GetLdapOrganizationMembersItem, 0, memberCount)
mapUser := make(map[string]struct{})
for _, user := range userList { for _, user := range userList {
if user.Status != 1 { if user.Status != 1 {
//从部门member中移出 //从部门member中移出
@ -99,6 +107,7 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
} }
continue continue
} }
mapUser[user.UserDN] = struct{}{}
list = append(list, types.GetLdapOrganizationMembersItem{ list = append(list, types.GetLdapOrganizationMembersItem{
UserId: user.UserId, UserId: user.UserId,
UserDN: user.UserDN, UserDN: user.UserDN,
@ -110,6 +119,18 @@ func (l *GetLdapOrganizationMembersLogic) GetLdapOrganizationMembers(req *types.
Status: user.Status, Status: user.Status,
}) })
} }
//成员组成员DN数跟查出来的不一致有可能是帐号被物理删除了则也把帐号从组织中移除
if memberCount != len(userList) {
for _, memberDN := range memberDNList {
if _, ok := mapUser[memberDN]; ok {
continue
}
//从组织中移除没有帐号的用户
if err = l.svcCtx.Ldap.RemoveUserFromOrganization(req.OrganizationDN, memberDN); err != nil {
logx.Error("移除用户成员失败!:", err)
}
}
}
return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{ return resp.SetStatusWithMessage(basic.CodeOK, "success", types.GetLdapOrganizationMembersRsp{
List: list, List: list,
}) })

16
utils/ldap_lib/auth.go
View File

@ -5,11 +5,21 @@ import (
"net/http" "net/http"
) )
type LdapVerifyType string
const (
API_PATH LdapVerifyType = "api_path"
MENU_PATH LdapVerifyType = "menu_path"
)
type LdapOptions struct { type LdapOptions struct {
Type LdapVerifyType
Value string
} }
// 验证权限 // 验证权限
func (l *Ldap) VerifyAuthority(r *http.Request, options ...string) bool { func (l *Ldap) VerifyAuthority(r *http.Request, options ...LdapOptions) bool {
return true
token := r.Header.Get("Ldap-Authorization") token := r.Header.Get("Ldap-Authorization")
info, err := l.ParseJwtToken(token, l.jwtSecret) info, err := l.ParseJwtToken(token, l.jwtSecret)
if err != nil { if err != nil {
@ -27,9 +37,5 @@ func (l *Ldap) VerifyAuthority(r *http.Request, options ...string) bool {
if len(options) == 0 { if len(options) == 0 {
return true return true
} }
// todo 获取分组信息
/*for _, option := range options {
}*/
return true return true
} }

88
utils/ldap_lib/ldap_user.go
View File

@ -29,51 +29,53 @@ func (l *Ldap) GetLdapUserInfo(userDN string) (*LdapUserInfo, error) {
if len(res.Entries) != 1 { if len(res.Entries) != 1 {
return nil, errors.New("查询到不到用户信息") return nil, errors.New("查询到不到用户信息")
} }
user := &LdapUserInfo{} if len(res.Entries) == 0 {
for _, entry := range res.Entries { return nil, errors.New("ldap user not exists(entry not exists)")
if entry.DN != userDN { }
continue userEntry := res.Entries[0]
} if userEntry.DN != userDN {
user.UserDN = entry.DN return nil, errors.New("ldap user not exists(DN not match)")
for _, attr := range entry.Attributes { }
switch attr.Name { user := &LdapUserInfo{
case "uidNumber": //用户id UserDN: userEntry.DN,
if len(attr.Values) == 0 { }
return nil, errors.New("用户id不存在") for _, attr := range userEntry.Attributes {
} switch attr.Name {
user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64) case "uidNumber": //用户id
if err != nil { if len(attr.Values) == 0 {
return nil, err return nil, errors.New("用户id不存在")
} }
case "sn": //用户真名 user.UserId, err = strconv.ParseInt(attr.Values[0], 10, 64)
user.UserName = strings.Join(attr.Values, "") if err != nil {
case "mail": //邮箱 return nil, err
user.Email = strings.Join(attr.Values, "") }
case "mobile": //手机号 case "sn": //用户真名
user.Mobile = strings.Join(attr.Values, "") user.UserName = strings.Join(attr.Values, "")
case "postalAddress": //头像 case "mail": //邮箱
user.Avatar = strings.Join(attr.Values, "") user.Email = strings.Join(attr.Values, "")
case "userPassword": //密码 case "mobile": //手机号
user.Password = strings.Join(attr.Values, ",") user.Mobile = strings.Join(attr.Values, "")
case "employeeType": //员工类型 case "postalAddress": //头像
if len(attr.Values) == 0 { user.Avatar = strings.Join(attr.Values, "")
return nil, errors.New("用户类型不存在") case "userPassword": //密码
} user.Password = strings.Join(attr.Values, ",")
user.EmployeeType, err = strconv.ParseInt(attr.Values[0], 10, 64) case "employeeType": //员工类型
if err != nil { if len(attr.Values) == 0 {
return nil, err return nil, errors.New("用户类型不存在")
} }
case "postalCode": //状态 user.EmployeeType, err = strconv.ParseInt(attr.Values[0], 10, 64)
if len(attr.Values) == 0 { if err != nil {
return nil, errors.New("用户状态不存在") return nil, err
} }
user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64) case "postalCode": //状态
if err != nil { if len(attr.Values) == 0 {
return nil, err return nil, errors.New("用户状态不存在")
} }
user.Status, err = strconv.ParseInt(attr.Values[0], 10, 64)
if err != nil {
return nil, err
} }
} }
break
} }
if user.UserId == 0 { if user.UserId == 0 {
return nil, errors.New("查询到的不是用户信息!!!") return nil, errors.New("查询到的不是用户信息!!!")