This commit is contained in:
chenjianxing 2020-07-07 09:13:56 +08:00
commit 86077b91e2
7 changed files with 44 additions and 21 deletions

View File

@ -6,6 +6,7 @@ import io.metersphere.commons.exception.MSException;
import io.metersphere.controller.ResultHolder;
import io.metersphere.controller.request.LoginRequest;
import io.metersphere.i18n.Translator;
import io.metersphere.ldap.domain.Person;
import io.metersphere.ldap.service.LdapService;
import io.metersphere.ldap.domain.LdapInfo;
import io.metersphere.service.SystemParameterService;
@ -34,20 +35,25 @@ public class LdapController {
MSException.throwException(Translator.get("ldap_authentication_not_enabled"));
}
ldapService.authenticate(request);
Person person = ldapService.authenticate(request);
SecurityUtils.getSubject().getSession().setAttribute("authenticate", "ldap");
String username = request.getUsername();
String password = request.getPassword();
String email = person.getEmail();
if (StringUtils.isBlank(email)) {
MSException.throwException(Translator.get("login_fail_email_null"));
}
User u = userService.selectUser(request.getUsername());
if (u == null) {
User user = new User();
user.setId(username);
user.setName(username);
// todo user email ?
user.setEmail(username + "@fit2cloud.com");
user.setEmail(email);
user.setPassword(password);
userService.createUser(user);
} else {

View File

@ -32,6 +32,10 @@ public class PersonRepoImpl implements PersonRepo {
public boolean authenticate(String dn, String credentials) {
LdapTemplate ldapTemplate = getConnection();
return authenticate(dn, credentials, ldapTemplate);
}
private boolean authenticate(String dn, String credentials, LdapTemplate ldapTemplate) {
DirContext ctx = null;
try {
ctx = ldapTemplate.getContextSource().getContext(dn, credentials);
@ -58,9 +62,8 @@ public class PersonRepoImpl implements PersonRepo {
}
@Override
public List findByName(String name) {
public List<Person> findByName(String name) {
LdapTemplate ldapTemplate = getConnection();
ldapTemplate.setIgnorePartialResultException(true);
LdapQuery query = query().where("cn").is(name);
return ldapTemplate.search(query, getContextMapper());
}
@ -68,7 +71,6 @@ public class PersonRepoImpl implements PersonRepo {
@Override
public String getDnForUser(String uid) {
LdapTemplate ldapTemplate = getConnection();
ldapTemplate.setIgnorePartialResultException(true);
List<String> result = ldapTemplate.search(
query().where("cn").is(uid),
new AbstractContextMapper() {
@ -112,7 +114,6 @@ public class PersonRepoImpl implements PersonRepo {
String credentials = EncryptUtils.aesDecrypt(password).toString();
LdapContextSource sourceLdapCtx = new LdapContextSource();
sourceLdapCtx.setUrl(url);
sourceLdapCtx.setUserDn(dn);
@ -120,8 +121,13 @@ public class PersonRepoImpl implements PersonRepo {
sourceLdapCtx.setBase(ou);
sourceLdapCtx.setDirObjectFactory(DefaultDirObjectFactory.class);
sourceLdapCtx.afterPropertiesSet();
LdapTemplate ldapTemplate = new LdapTemplate(sourceLdapCtx);
ldapTemplate.setIgnorePartialResultException(true);
return new LdapTemplate(sourceLdapCtx);
// ldapTemplate 是否可用
authenticate(dn, credentials, ldapTemplate);
return ldapTemplate;
}
private void preConnect(String url, String dn, String ou, String password) {

View File

@ -5,6 +5,7 @@ import io.metersphere.controller.request.LoginRequest;
import io.metersphere.i18n.Translator;
import io.metersphere.ldap.dao.PersonRepoImpl;
import io.metersphere.ldap.domain.LdapInfo;
import io.metersphere.ldap.domain.Person;
import org.springframework.ldap.CommunicationException;
import org.springframework.stereotype.Service;
@ -18,18 +19,19 @@ public class LdapService {
private PersonRepoImpl personRepo;
public void authenticate(LoginRequest request) {
public Person authenticate(LoginRequest request) {
String dn = null;
String username = request.getUsername();
String credentials = request.getPassword();
List<Person> personList = null;
try {
// select user by sAMAccountName
List user = personRepo.findByName(username);
personList = personRepo.findByName(username);
if (user.size() == 1) {
if (personList.size() == 1) {
dn = personRepo.getDnForUser(username);
} else if (user.size() == 0) {
} else if (personList.size() == 0) {
MSException.throwException(Translator.get("user_not_exist") + username);
} else {
MSException.throwException(Translator.get("find_more_user"));
@ -38,6 +40,8 @@ public class LdapService {
MSException.throwException(Translator.get("ldap_connect_fail"));
}
personRepo.authenticate(dn, credentials);
return personList.get(0);
}
public void testConnect(LdapInfo ldap) {

View File

@ -121,7 +121,8 @@ ldap_dn_is_null=LDAP binding DN is empty
ldap_ou_is_null=LDAP parameter OU is empty
ldap_password_is_null=LDAP password is empty
ldap_connect_fail=Connection failed
authentication_failed=User authentication failed
authentication_failed=User authentication failed,wrong user name or password
user_not_found_or_not_unique=User does not exist or is not unique
find_more_user=Multiple users found
ldap_authentication_not_enabled=LDAP authentication is not enabled
login_fail_email_null=Login failed, user mailbox is empty

View File

@ -121,10 +121,10 @@ ldap_dn_is_null=LDAP绑定DN为空
ldap_ou_is_null=LDAP参数OU为空
ldap_password_is_null=LDAP密码为空
ldap_connect_fail=连接失败
authentication_failed=用户认证失败
authentication_failed=用户认证失败,用户名或密码错误
user_not_found_or_not_unique=用户不存在或者不唯一
find_more_user=查找到多个用户
ldap_authentication_not_enabled=LDAP认证未启用
login_fail_email_null=登录失败,用户邮箱为空

View File

@ -121,7 +121,8 @@ ldap_dn_is_null=LDAP綁定DN為空
ldap_ou_is_null=LDAP參數OU為空
ldap_password_is_null=LDAP密碼為空
ldap_connect_fail=連接失敗
authentication_failed=用戶認證失敗
authentication_failed=用戶認證失敗,用戶名或密碼錯誤
user_not_found_or_not_unique=用戶不存在或者不唯一
find_more_user=查找到多個用戶
ldap_authentication_not_enabled=LDAP認證未啟用
login_fail_email_null=登錄失敗,用戶郵箱為空

View File

@ -18,9 +18,9 @@
<el-form-item :label="$t('ldap.filter')" prop="filter">
<el-input v-model="form.filter" :placeholder="$t('ldap.input_filter_placeholder')"></el-input>
</el-form-item>
<el-form-item :label="$t('ldap.mapping')" prop="mapping">
<el-input v-model="form.mapping" :placeholder="$t('ldap.input_mapping')"></el-input>
</el-form-item>
<!-- <el-form-item :label="$t('ldap.mapping')" prop="mapping">-->
<!-- <el-input v-model="form.mapping" :placeholder="$t('ldap.input_mapping')"></el-input>-->
<!-- </el-form-item>-->
<el-form-item :label="$t('ldap.open')" prop="open">
<el-checkbox v-model="form.open"></el-checkbox>
</el-form-item>
@ -29,7 +29,7 @@
<div>
<el-button type="primary" size="small" :disabled="!show" @click="testConnection">{{$t('ldap.test_connect')}}
</el-button>
<el-button type="primary" size="small" :disabled="!show" @click="testLogin">{{$t('ldap.test_login')}}
<el-button type="primary" size="small" :disabled="!showLogin || !show" @click="testLogin">{{$t('ldap.test_login')}}
</el-button>
<el-button v-if="showEdit" size="small" @click="edit">{{$t('ldap.edit')}}</el-button>
<el-button type="success" v-if="showSave" size="small" @click="save('form')">{{$t('commons.save')}}</el-button>
@ -75,6 +75,7 @@
showEdit: true,
showSave: false,
showCancel: false,
showLogin: false,
loginVisible: false,
rules: {
url: {required: true, message: this.$t('ldap.input_url'), trigger: ['change', 'blur']},
@ -120,6 +121,9 @@
}
this.result = this.$post("/ldap/test/connect", this.form, response => {
this.$success(this.$t('commons.connection_successful'));
this.showLogin = true;
}, () => {
this.showLogin = false;
})
},
testLogin() {
@ -172,6 +176,7 @@
this.showEdit = true;
this.showSave = false;
this.showCancel = false;
this.showLogin = false;
this.$success(this.$t('commons.save_success'));
this.init();
});