Merge pull request #9093 from dataease/pr@dev@feat_xpack_change_pwd_r…

…egularly feat(X-Pack): 企业版支持定期改密 #8050
dataease · Apr 15, 2024 · a18aa08 · a18aa08
2 parents 281c66d + e322e13
commit a18aa08
Show file tree

Hide file tree

Showing 12 changed files with 203 additions and 55 deletions.
diff --git a/core/backend/src/main/java/io/dataease/auth/entity/SysUserEntity.java b/core/backend/src/main/java/io/dataease/auth/entity/SysUserEntity.java
@@ -44,4 +44,6 @@ public class SysUserEntity implements Serializable {
 
     @ApiModelProperty(hidden = true)
     private Integer from;
+    @ApiModelProperty(hidden = true)
+    private Long pwdResetTime;
 }
diff --git a/core/backend/src/main/java/io/dataease/auth/server/AuthServer.java b/core/backend/src/main/java/io/dataease/auth/server/AuthServer.java
@@ -111,7 +111,7 @@ public Object login(@RequestBody LoginDto loginDto) throws Exception {
         String pwd = RsaUtil.decryptByPrivateKey(RsaProperties.privateKey, loginDto.getPassword());
 
         // 增加ldap登录方式
-        Integer loginType = loginDto.getLoginType();
+        int loginType = loginDto.getLoginType();
         boolean isSupportLdap = authUserService.supportLdap();
         if (loginType == 1 && isSupportLdap) {
             AccountLockStatus accountLockStatus = authUserService.lockStatus(username, 1);
@@ -195,11 +195,19 @@ public Object login(@RequestBody LoginDto loginDto) throws Exception {
                 result.put("passwordModified", false);
                 result.put("defaultPwd", "dataease");
             }
-
             if (!user.getIsAdmin() && user.getPassword().equals(CodingUtil.md5(DEFAULT_PWD))) {
                 result.put("passwordModified", false);
                 result.put("defaultPwd", DEFAULT_PWD);
             }
+            if (user.getIsAdmin()) {
+                result.put("validityPeriod", -1);
+            } else {
+                Integer validityPeriod = systemParameterService.pwdValidityPeriod(user.getPwdResetTime());
+                if (validityPeriod.equals(0)) {
+                    DataEaseException.throwException("pwdValidityPeriod");
+                }
+                result.put("validityPeriod", validityPeriod);
+            }
         }
         Long expireTime = System.currentTimeMillis() + JWTUtils.getExpireTime();
         TokenInfo tokenInfo = TokenInfo.builder().userId(user.getUserId()).username(username).build();

diff --git a/core/backend/src/main/java/io/dataease/commons/constants/ParamConstants.java b/core/backend/src/main/java/io/dataease/commons/constants/ParamConstants.java
@@ -126,6 +126,8 @@ enum BASIC implements ParamConstants {
         LOGIN_LIMIT_RELIEVETIMES("loginlimit.relieveTimes"),
 
         LOGIN_LIMIT_OPEN("loginlimit.open"),
+        LOGIN_LIMIT_OPEN_MODIFY_PWD("loginlimit.openModifyPwd"),
+        LOGIN_LIMIT_PWD_CYCLE("loginlimit.pwdCycle"),
         LOCKED_EMAIL("loginlimit.lockedEmail"),
 
         SCAN_CREATE_USER("loginlimit.scanCreateUser"),

diff --git a/core/backend/src/main/java/io/dataease/ext/AuthMapper.xml b/core/backend/src/main/java/io/dataease/ext/AuthMapper.xml
@@ -14,6 +14,7 @@
         <result column="is_admin" jdbcType="BIT" property="isAdmin"/>
         <result column="from" property="from"/>
         <result column="dept_name" property="deptName"/>
+        <result column="pwd_reset_time" jdbcType="BIGINT" property="pwdResetTime"/>
     </resultMap>
 
     <resultMap id="roleMap" type="io.dataease.auth.api.dto.CurrentRoleDto">
@@ -48,7 +49,11 @@
                password,
                enabled,
                email,
-               phone, language, is_admin, `from`
+               pwd_reset_time,
+               phone,
+               language,
+               is_admin,
+               `from`
         from sys_user
         where username = #{username}
     </select>
@@ -61,9 +66,13 @@
                password,
                enabled,
                email,
-               phone, language, is_admin, `from`
+               phone,
+               language,
+               is_admin,
+               `from`
         from sys_user a
-        where username = #{username} and a.from = 1
+        where username = #{username}
+          and a.from = 1
     </select>
 
 
@@ -75,9 +84,13 @@
                password,
                enabled,
                email,
-               phone, language, is_admin, `from`
+               phone,
+               language,
+               is_admin,
+               `from`
         from sys_user a
-        where username = #{username} and a.from = 3
+        where username = #{username}
+          and a.from = 3
     </select>
 
     <select id="findUserBySub" resultMap="baseMap">
@@ -88,7 +101,10 @@
                password,
                enabled,
                email,
-               phone, language, is_admin, `from`
+               phone,
+               language,
+               is_admin,
+               `from`
         from sys_user
         where sub = #{sub}
           and `from` = #{userFrom}
@@ -144,12 +160,14 @@
                password,
                enabled,
                email,
-               phone, language, is_admin, `from`
-        from
-            sys_user_assist a
-            left join
-            sys_user u
-        on u.user_id = a.user_id
+               phone,
+               language,
+               is_admin,
+               `from`
+        from sys_user_assist a
+                 left join
+             sys_user u
+             on u.user_id = a.user_id
         where a.wecom_id = #{wecomId}
     </select>
 
@@ -161,12 +179,14 @@
                password,
                enabled,
                email,
-               phone, language, is_admin, `from`
-        from
-            sys_user_assist a
-            left join
-            sys_user u
-        on u.user_id = a.user_id
+               phone,
+               language,
+               is_admin,
+               `from`
+        from sys_user_assist a
+                 left join
+             sys_user u
+             on u.user_id = a.user_id
         where a.dingtalk_id = #{dingtalkId}
     </select>
 
@@ -178,12 +198,14 @@
                password,
                enabled,
                email,
-               phone, language, is_admin, `from`
-        from
-            sys_user_assist a
-            left join
-            sys_user u
-        on u.user_id = a.user_id
+               phone,
+               language,
+               is_admin,
+               `from`
+        from sys_user_assist a
+                 left join
+             sys_user u
+             on u.user_id = a.user_id
         where a.lark_id = #{larkId}
     </select>
 
@@ -195,12 +217,14 @@
                password,
                enabled,
                email,
-               phone, language, is_admin, `from`
-        from
-            sys_user_assist a
-            left join
-            sys_user u
-        on u.user_id = a.user_id
+               phone,
+               language,
+               is_admin,
+               `from`
+        from sys_user_assist a
+                 left join
+             sys_user u
+             on u.user_id = a.user_id
         where a.larksuite_id = #{larksuiteId}
     </select>
 

diff --git a/core/backend/src/main/java/io/dataease/service/sys/SysUserService.java b/core/backend/src/main/java/io/dataease/service/sys/SysUserService.java
@@ -4,7 +4,6 @@
 import io.dataease.auth.service.AuthUserService;
 import io.dataease.auth.service.ExtAuthService;
 import io.dataease.commons.constants.AuthConstants;
-
 import io.dataease.commons.utils.AuthUtils;
 import io.dataease.commons.utils.BeanUtils;
 import io.dataease.commons.utils.CodingUtil;
@@ -101,6 +100,7 @@ public int save(SysUserCreateRequest request) {
         if (StringUtils.isEmpty(user.getLanguage())) {
             user.setLanguage("zh_CN");
         }
+        user.setPwdResetTime(now);
         int insert = sysUserMapper.insert(user);
         SysUser dbUser = findOne(user);
         Long userId = dbUser.getUserId();
@@ -123,6 +123,7 @@ public void saveOIDCUser(SSOUserInfo ssoUserInfo) {
         sysUser.setNickName(ssoUserInfo.getNickName());
         sysUser.setEmail(ssoUserInfo.getEmail());
         sysUser.setPassword(CodingUtil.md5(DEFAULT_PWD));
+        sysUser.setPwdResetTime(System.currentTimeMillis());
         sysUser.setCreateTime(now);
         sysUser.setUpdateTime(now);
         sysUser.setEnabled(1L);
@@ -149,6 +150,7 @@ public void saveWecomCUser(Map<String, Object> userMap, String userId, String em
         sysUser.setNickName(userMap.get("name").toString());
         sysUser.setEmail(email);
         sysUser.setPassword(CodingUtil.md5(DEFAULT_PWD));
+        sysUser.setPwdResetTime(System.currentTimeMillis());
         sysUser.setCreateTime(now);
         sysUser.setUpdateTime(now);
 
@@ -172,6 +174,7 @@ public void saveDingtalkCUser(DingUserEntity dingUserEntity, String email) {
         sysUser.setNickName(dingUserEntity.getName());
         sysUser.setEmail(email);
         sysUser.setPassword(CodingUtil.md5(DEFAULT_PWD));
+        sysUser.setPwdResetTime(System.currentTimeMillis());
         sysUser.setCreateTime(now);
         sysUser.setUpdateTime(now);
 
@@ -194,6 +197,7 @@ public void saveLarkCUser(LarkUserInfo larkUserInfo, String email) {
         sysUser.setNickName(larkUserInfo.getName());
         sysUser.setEmail(email);
         sysUser.setPassword(CodingUtil.md5(DEFAULT_PWD));
+        sysUser.setPwdResetTime(System.currentTimeMillis());
         sysUser.setCreateTime(now);
         sysUser.setUpdateTime(now);
 
@@ -216,6 +220,7 @@ public void saveLarksuiteCUser(UserData larkUserInfo, String email) {
         sysUser.setNickName(larkUserInfo.getName());
         sysUser.setEmail(email);
         sysUser.setPassword(CodingUtil.md5(DEFAULT_PWD));
+        sysUser.setPwdResetTime(System.currentTimeMillis());
         sysUser.setCreateTime(now);
         sysUser.setUpdateTime(now);
 
@@ -236,6 +241,7 @@ public void saveCASUser(String name, String email) {
         sysUser.setUsername(name);
         sysUser.setNickName(name);
         sysUser.setEmail(email);
+        sysUser.setPwdResetTime(System.currentTimeMillis());
         sysUser.setPassword(CodingUtil.md5(DEFAULT_PWD));
         sysUser.setCreateTime(now);
         sysUser.setUpdateTime(now);
@@ -267,6 +273,7 @@ public void saveLdapUsers(LdapAddRequest request) {
             sysUser.setUsername(user.getUsername());
             sysUser.setNickName(user.getNickname());
             sysUser.setDeptId(request.getDeptId());
+            sysUser.setPwdResetTime(System.currentTimeMillis());
             sysUser.setPassword(CodingUtil.md5(DEFAULT_PWD));
             sysUser.setCreateTime(now);
             sysUser.setUpdateTime(now);
@@ -403,13 +410,15 @@ public int updatePwd(SysUserPwdRequest request) {
             DataEaseException.throwException(Translator.get(msg));
         }
         sysUser.setPassword(CodingUtil.md5(request.getNewPassword()));
+        sysUser.setPwdResetTime(System.currentTimeMillis());
         return sysUserMapper.updateByPrimaryKeySelective(sysUser);
     }
 
     @CacheEvict(value = AuthConstants.USER_CACHE_NAME, key = "'user' + #request.userId")
     public int adminUpdatePwd(SysUserPwdRequest request) {
         SysUser sysUser = new SysUser();
         sysUser.setUserId(request.getUserId());
+        sysUser.setPwdResetTime(System.currentTimeMillis());
         sysUser.setPassword(CodingUtil.md5(new String(java.util.Base64.getDecoder().decode(request.getNewPassword()))));
         return sysUserMapper.updateByPrimaryKeySelective(sysUser);
     }

diff --git a/core/backend/src/main/java/io/dataease/service/system/SystemParameterService.java b/core/backend/src/main/java/io/dataease/service/system/SystemParameterService.java
@@ -1,7 +1,6 @@
 package io.dataease.service.system;
 
 import io.dataease.commons.constants.ParamConstants;
-;
 import io.dataease.commons.utils.BeanUtils;
 import io.dataease.commons.utils.EncryptUtils;
 import io.dataease.controller.sys.response.BasicInfo;
@@ -36,6 +35,9 @@
 import java.util.*;
 import java.util.concurrent.atomic.AtomicReference;
 
+import static io.dataease.commons.constants.ParamConstants.BASIC.LOGIN_LIMIT_OPEN_MODIFY_PWD;
+import static io.dataease.commons.constants.ParamConstants.BASIC.LOGIN_LIMIT_PWD_CYCLE;
+
 @Service
 @Transactional(rollbackFor = Exception.class)
 public class SystemParameterService {
@@ -70,7 +72,7 @@ public BasicInfo basicInfo() {
         BasicInfo result = new BasicInfo();
         result.setOpenHomePage("true");
         Map<String, LoginLimitXpackService> beansOfType = SpringContextUtil.getApplicationContext().getBeansOfType((LoginLimitXpackService.class));
-        Boolean loginLimitPluginLoaded = beansOfType.keySet().size() > 0;
+        boolean loginLimitPluginLoaded = beansOfType.keySet().size() > 0;
         if (!CollectionUtils.isEmpty(paramList)) {
             for (SystemParameter param : paramList) {
                 if (StringUtils.equals(param.getParamKey(), ParamConstants.BASIC.FRONT_TIME_OUT.getValue())) {
@@ -132,6 +134,16 @@ public BasicInfo basicInfo() {
                         boolean open = StringUtils.equals("true", param.getParamValue());
                         result.setOpen(open ? "true" : "false");
                     }
+                    if (StringUtils.equals(param.getParamKey(), LOGIN_LIMIT_OPEN_MODIFY_PWD.getValue())) {
+                        boolean open = StringUtils.equals("true", param.getParamValue());
+                        result.setOpenModifyPwd(open ? "true" : "false");
+                    }
+                    if (StringUtils.equals(param.getParamKey(), ParamConstants.BASIC.LOGIN_LIMIT_PWD_CYCLE.getValue())) {
+                        String paramValue = param.getParamValue();
+                        if (StringUtils.isNotBlank(paramValue)) {
+                            result.setPwdCycle(paramValue);
+                        }
+                    }
                     if (StringUtils.equals(param.getParamKey(), ParamConstants.BASIC.LOCKED_EMAIL.getValue())) {
                         boolean open = StringUtils.equals("true", param.getParamValue());
                         result.setLockedEmail(open ? "true" : "false");
@@ -286,6 +298,38 @@ public String getValue(String key) {
         return param.getParamValue();
     }
 
+    public Integer pwdValidityPeriod(Long pwdTime) {
+        if (ObjectUtils.isEmpty(pwdTime)) {
+            return -1;
+        }
+        Map<String, LoginLimitXpackService> beansOfType = SpringContextUtil.getApplicationContext().getBeansOfType((LoginLimitXpackService.class));
+        boolean loginLimitPluginLoaded = beansOfType.keySet().size() > 0;
+        if (!loginLimitPluginLoaded) return -1;
+        String value = getValue(LOGIN_LIMIT_OPEN_MODIFY_PWD.getValue());
+        if (StringUtils.isNotBlank(value) && StringUtils.equals("true", value)) {
+            long dayTime = 24 * 3600L * 1000L;
+            String pwdCycle = getValue(LOGIN_LIMIT_PWD_CYCLE.getValue());
+            Long expireCycle = null;
+            if (StringUtils.isBlank(pwdCycle) || StringUtils.equals("1", pwdCycle)) {
+                expireCycle = 90L * dayTime;
+            } else if (StringUtils.equals("2", pwdCycle)) {
+                expireCycle = 180L * dayTime;
+            } else {
+                expireCycle = 365L * dayTime;
+            }
+            long now = System.currentTimeMillis();
+            long validityPeriod = pwdTime + expireCycle - now;
+            if (validityPeriod < 0L) return 0;
+            long validityDays = validityPeriod / dayTime;
+            if (validityPeriod % dayTime != 0) {
+                validityDays++;
+            }
+            return (int) validityDays;
+        }
+        return -1;
+    }
+
+
     public void disabledLockedEmail() {
         SystemParameter param = systemParameterMapper.selectByPrimaryKey(ParamConstants.BASIC.LOCKED_EMAIL.getValue());
         if (ObjectUtils.isNotEmpty(param)) {