Bladeren bron

未导入域用户数据采用原本登录机制

徐少年 2 jaren geleden
bovenliggende
commit
907cf165af

+ 31 - 8
Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs

@@ -19,6 +19,7 @@ public class SysAuthService : IDynamicApiController, ITransient
 {
     private readonly UserManager _userManager;
     private readonly SqlSugarRepository<SysUser> _sysUserRep;
+    private readonly SqlSugarRepository<SysUserLdap> _sysUserLdap;
     private readonly IHttpContextAccessor _httpContextAccessor;
     private readonly SysMenuService _sysMenuService;
     private readonly SysOnlineUserService _sysOnlineUserService;
@@ -29,6 +30,7 @@ public class SysAuthService : IDynamicApiController, ITransient
 
     public SysAuthService(UserManager userManager,
         SqlSugarRepository<SysUser> sysUserRep,
+        SqlSugarRepository<SysUserLdap> sysUserLdapRep,
         IHttpContextAccessor httpContextAccessor,
         SysMenuService sysMenuService,
         SysOnlineUserService sysOnlineUserService,
@@ -39,6 +41,7 @@ public class SysAuthService : IDynamicApiController, ITransient
     {
         _userManager = userManager;
         _sysUserRep = sysUserRep;
+        _sysUserLdap = sysUserLdapRep;
         _httpContextAccessor = httpContextAccessor;
         _sysMenuService = sysMenuService;
         _sysOnlineUserService = sysOnlineUserService;
@@ -94,15 +97,39 @@ public class SysAuthService : IDynamicApiController, ITransient
         // 是否开启域登录验证
         if (await _sysConfigService.GetConfigValue<bool>(CommonConst.SysDomainLogin))
         {
-            // 判断验证码
-            if (!await _sysLdapService.Auth(tenant.Id, user.Id, input.Password))
+            var userLdap = await _sysUserLdap.GetFirstAsync(u => u.UserId == user.Id && u.TenantId == tenant.Id);
+            if (userLdap == null)
+            {
+                //不存在用户信息则采用原本密码验证规则
+                UserPasswordValid(input, keyErrorPasswordCount, errorPasswordCount, user);
+            }
+            // 域验证
+            else if (!await _sysLdapService.Auth(tenant.Id, userLdap.Account, input.Password))
             {
                 _sysCacheService.Set(keyErrorPasswordCount, ++errorPasswordCount, TimeSpan.FromMinutes(30));
                 throw Oops.Oh(ErrorCodeEnum.D1000);
             }
         }
         // 密码是否正确
-        else if (CryptogramUtil.CryptoType == CryptogramEnum.MD5.ToString())
+        else
+            UserPasswordValid(input, keyErrorPasswordCount, errorPasswordCount, user);
+
+        // 登录成功则清空密码错误次数
+        _sysCacheService.Remove(keyErrorPasswordCount);
+
+        return await CreateToken(user);
+    }
+
+    /// <summary>
+    /// 用户密码验证
+    /// </summary>
+    /// <param name="input"></param>
+    /// <param name="keyErrorPasswordCount"></param>
+    /// <param name="errorPasswordCount"></param>
+    /// <param name="user"></param>
+    private void UserPasswordValid(LoginInput input, string keyErrorPasswordCount, int errorPasswordCount, SysUser user)
+    {
+        if (CryptogramUtil.CryptoType == CryptogramEnum.MD5.ToString())
         {
             if (!user.Password.Equals(MD5Encryption.Encrypt(input.Password)))
             {
@@ -118,13 +145,9 @@ public class SysAuthService : IDynamicApiController, ITransient
                 throw Oops.Oh(ErrorCodeEnum.D1000);
             }
         }
-
-        // 登录成功则清空密码错误次数
-        _sysCacheService.Remove(keyErrorPasswordCount);
-
-        return await CreateToken(user);
     }
 
+
     /// <summary>
     /// 验证锁屏密码 🔖
     /// </summary>

+ 3 - 4
Admin.NET/Admin.NET.Core/Service/Auth/SysLdapService.cs

@@ -106,21 +106,20 @@ public class SysLdapService : IDynamicApiController, ITransient
     /// <summary>
     /// 账号验证
     /// </summary>
-    /// <param name="userId">用户Id</param>
+    /// <param name="account">域用户</param>
     /// <param name="password">密码</param>
     /// <param name="tenantId">租户</param>
     /// <returns></returns>
     [NonAction]
-    public async Task<bool> Auth(long tenantId, long userId, string password)
+    public async Task<bool> Auth(long tenantId, string account, string password)
     {
-        var user = await _repUserLdap.GetFirstAsync(u => u.UserId == userId && u.TenantId == tenantId) ?? throw Oops.Oh(ErrorCodeEnum.D0009);
         var ldap = await _rep.GetFirstAsync(u => u.TenantId == tenantId) ?? throw Oops.Oh(ErrorCodeEnum.D1002);
         LdapConnection conn = new LdapConnection();
         try
         {
             conn.Connect(ldap.Host, ldap.Port);
             conn.Bind(ldap.Version, ldap.BindDn, ldap.BindPass);
-            var userEntitys = conn.Search(ldap.BaseDn, LdapConnection.ScopeSub, $"{ldap.AuthFilter}={user.Account}", null, false);
+            var userEntitys = conn.Search(ldap.BaseDn, LdapConnection.ScopeSub, $"{ldap.AuthFilter}={account}", null, false);
             string dn = string.Empty;
             while (userEntitys.HasMore())
             {