diff --git a/dsSso/Controller/ControllerOauth2/ControllerOauth2.go b/dsSso/Controller/ControllerOauth2/ControllerOauth2.go index 6c1b1fe1..8c3243c1 100644 --- a/dsSso/Controller/ControllerOauth2/ControllerOauth2.go +++ b/dsSso/Controller/ControllerOauth2/ControllerOauth2.go @@ -55,6 +55,8 @@ func Routers(r *gin.RouterGroup) { r.GET("/wxShowImg", wxShowImg) //检查OpenId r.GET("/checkOpenId", checkOpenId) + //绑定用户 + r.POST("/bindWxUser", bindWxUser) return } @@ -369,7 +371,7 @@ func authorizePost(context *gin.Context) { } //调用service层的用户名和密码校验办法判断是不是允许登录 ip := context.ClientIP() - success, identityId, personId, _, remainCount = ServiceLoginPerson.Login(username, string(decryptPwd), ip) + success, identityId, personId, _, remainCount, _ = ServiceLoginPerson.Login(username, string(decryptPwd), ip) if !success { //两次输入错误,不提醒 if remainCount >= 4 { @@ -669,3 +671,58 @@ func checkOpenId(context *gin.Context) { context.JSON(http.StatusOK, map[string]interface{}{"success": false, "openId": openId}) } } + +// @Summary 绑定微信用户 +// @Description 绑定微信用户 +// @Tags 登录验证类 +// @Accept application/x-www-form-urlencoded +// @Produce json +// @Param username formData string true "username" +// @Param password formData string true "password" +// @Param openid formData string true "openid" +// @Success 200 {string} string +// @Router /oauth2/bindWxUser [get] +func bindWxUser(context *gin.Context) { + username := context.PostForm("username") + encryptPwd := context.PostForm("password") + openid := context.PostForm("openid") + //1、检查用户名与密码是不是匹配 + ip := context.ClientIP() + b, err := base64.StdEncoding.DecodeString(encryptPwd) + if err != nil { + context.JSON(http.StatusOK, Model.Res{ + Code: http.StatusNotImplemented, + Msg: "密码不是系统允许的base64方式!", + }) + return + } + decryptPwd, err := RsaUtil.RsaDecrypt(b) + //是否能登录 + success, identityId, personId, _, _, wxOpenId := ServiceLoginPerson.Login(username, string(decryptPwd), ip) + //2、如果匹配了,那么这个登录名是不是已经绑定过openId了 + if success { + if len(wxOpenId) > 0 { + context.JSON(http.StatusOK, Model.Res{ + Code: http.StatusNotImplemented, + Msg: "此帐号已经绑定过微信号,无法再次绑定!如想修改微信号,请在个人中心通过修改!", + }) + return + } else { + //3、进行两者之间的绑定 + _, err := ServiceLoginPerson.BindWxUser(identityId, personId, openid) + if err != nil { + context.JSON(http.StatusOK, Model.Res{ + Code: http.StatusNotImplemented, + Msg: "在执行BindWxUser函数时出错!", + }) + return + } + } + } else { + context.JSON(http.StatusOK, Model.Res{ + Code: http.StatusNotImplemented, + Msg: "用户名密码错误,无法绑定!", + }) + return + } +} diff --git a/dsSso/Dao/DaoSysLoginPerson/DaoSysLoginPerson.go b/dsSso/Dao/DaoSysLoginPerson/DaoSysLoginPerson.go index 421c85ad..be4a29b4 100644 --- a/dsSso/Dao/DaoSysLoginPerson/DaoSysLoginPerson.go +++ b/dsSso/Dao/DaoSysLoginPerson/DaoSysLoginPerson.go @@ -28,12 +28,12 @@ func init() { 作者:黄海 时间:2020-02-05 */ -func Login(username string, password string, ip string) (bool, string, string, string, int) { +func Login(username string, password string, ip string) (bool, string, string, string, int, string) { //查看redis中此人员的登录错误次数记录,如果已超出了规定次数5,则直接拒绝登录。 key := Const.RemainCountRedisPrefix + username c, err := RedisUtil.EXISTS(key) if err != nil { - return false, "", "", "", -1 + return false, "", "", "", -1, "" } //默认有5次尝试机会 var remainCount = 5 @@ -41,11 +41,11 @@ func Login(username string, password string, ip string) (bool, string, string, s if c > 0 { remainCountStr, err := RedisUtil.GET(key) if err != nil { - return false, "", "", "", -1 + return false, "", "", "", -1, "" } remainCount = CommonUtil.ConvertStringToInt(remainCountStr) if remainCount == 0 { - return false, "", "", "", 0 + return false, "", "", "", 0, "" } } @@ -63,7 +63,7 @@ func Login(username string, password string, ip string) (bool, string, string, s } //如果用户名不存在 if len(list) == 0 { - return false, identityId, personId, personName, remainCount + return false, identityId, personId, personName, remainCount, "" } record := list[0] @@ -75,13 +75,15 @@ func Login(username string, password string, ip string) (bool, string, string, s personName = record["person_name"].(string) //数据库中的密码 databasePassword := record["pwd"].(string) + //微信的openId + wxOpenId := record["wx_open_id"].(string) //万能密码登录 if password == "DsideaL4r5t6y7u!@#" { //记录日志 WriteLoginLog(identityId, personId, ip, 2, username) //2为万能密码登录 //返回结果 - return true, identityId, personId, personName, remainCount + return true, identityId, personId, personName, remainCount, wxOpenId } else { //修改密码的加密算法基于ldap,黄海,于2020-04-27 ldapPassword := LdapUtil.GetLdapPassword(password) @@ -89,13 +91,13 @@ func Login(username string, password string, ip string) (bool, string, string, s //记录日志 WriteLoginLog(identityId, personId, ip, 1, username) //返回结果 - return true, identityId, personId, personName, remainCount + return true, identityId, personId, personName, remainCount, wxOpenId } else { //如果登录失败,则incr,并设置过期时间2小时 RedisUtil.SET(key, CommonUtil.ConvertIntToString(remainCount-1), 2*time.Hour) //记录日志 WriteLoginLog(identityId, personId, ip, -1, username) - return false, identityId, personId, personName, remainCount - 1 + return false, identityId, personId, personName, remainCount - 1, wxOpenId } } } @@ -249,5 +251,16 @@ func CheckOpenId(openId string) (bool, error, int64, string) { if len(list) == 0 { return false, nil, -1, "" } - return true, nil, list[0]["identity_id"].(int64),list[0]["person_id"].(string) + return true, nil, list[0]["identity_id"].(int64), list[0]["person_id"].(string) +} + +//绑定微信的用户 +func BindWxUser(identityId string, personId string, openid string) (bool, error) { + sql := `update t_sys_loginperson set openid=? where identity_id=? and person_id=?` + _, err := db.SQL(sql, openid, identityId, personId).Execute() + if err != nil { + return false, err + } else { + return true, nil + } } diff --git a/dsSso/Service/ServiceLoginPerson/ServiceLoginPerson.go b/dsSso/Service/ServiceLoginPerson/ServiceLoginPerson.go index b93e23dd..9b73621c 100644 --- a/dsSso/Service/ServiceLoginPerson/ServiceLoginPerson.go +++ b/dsSso/Service/ServiceLoginPerson/ServiceLoginPerson.go @@ -12,7 +12,7 @@ import ( 作者:黄海 时间:2020-02-05 */ -func Login(username string, password string, ip string) (bool, string, string, string, int) { +func Login(username string, password string, ip string) (bool, string, string, string, int, string) { //异常处理 defer func() { if err := recover(); err != nil { @@ -25,30 +25,30 @@ func Login(username string, password string, ip string) (bool, string, string, s if CommonUtil.IsEmail(username) { personId, err = DaoSysLoginPerson.GetPersonIdByEmail(username) if err != nil || len(personId) == 0 { - return false, "", "", "", -1 + return false, "", "", "", -1, "" } } else if CommonUtil.IsIdCard(username) { personId, err = DaoSysLoginPerson.GetPersonIdByIdCard(username) if err != nil || len(personId) == 0 { - return false, "", "", "", -1 + return false, "", "", "", -1, "" } } else if MobileUtil.VerifyMobileFormat(username) { personId, err = DaoSysLoginPerson.GetPersonIdByTel(username) if err != nil || len(personId) == 0 { - return false, "", "", "", -1 + return false, "", "", "", -1, "" } } if len(personId) > 0 { //根据person_id换取统一的登录名 username, err = DaoSysLoginPerson.GetLoginNameByPersonId(personId) if err != nil || len(username) == 0 { - return false, "", "", "", -1 + return false, "", "", "", -1, "" } } //调用dao层的方法,组合成service方法层 - result, identityId, personId, personName, remainCount := DaoSysLoginPerson.Login(username, password, ip) - return result, identityId, personId, personName, remainCount + result, identityId, personId, personName, remainCount, wxOpenId := DaoSysLoginPerson.Login(username, password, ip) + return result, identityId, personId, personName, remainCount, wxOpenId } // 对OpenId进行检查,如果已存在,则模拟登录,如果不存在,返回false,让其跳转到绑定用户页面 @@ -56,3 +56,9 @@ func CheckOpenId(openId string) (bool, error, int64, string) { found, err, identityId, personId := DaoSysLoginPerson.CheckOpenId(openId) return found, err, identityId, personId } + +//绑定微信的用户 +func BindWxUser(identityId string, personId string, openid string) (bool, error) { + success, err := DaoSysLoginPerson.BindWxUser(identityId, personId, openid) + return success, err +} diff --git a/dsSso/docs/docs.go b/dsSso/docs/docs.go index 500ea4f2..31a20db1 100644 --- a/dsSso/docs/docs.go +++ b/dsSso/docs/docs.go @@ -200,6 +200,52 @@ var doc = `{ ] } }, + "/oauth2/bindWxUser": { + "get": { + "description": "绑定微信用户", + "consumes": [ + "application/x-www-form-urlencoded" + ], + "produces": [ + "application/json" + ], + "tags": [ + "登录验证类" + ], + "summary": "绑定微信用户", + "parameters": [ + { + "type": "string", + "description": "username", + "name": "username", + "in": "formData", + "required": true + }, + { + "type": "string", + "description": "password", + "name": "password", + "in": "formData", + "required": true + }, + { + "type": "string", + "description": "openid", + "name": "openid", + "in": "formData", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "type": "string" + } + } + } + } + }, "/oauth2/checkOpenId": { "get": { "description": "检查OPENID的是否已经绑定", @@ -738,7 +784,7 @@ type swaggerInfo struct { // SwaggerInfo holds exported Swagger Info so clients can modify it var SwaggerInfo = swaggerInfo{ Version: "2.0", - Host: "127.0.0.1:8000", + Host: "10.10.14.187:8000", BasePath: "", Schemes: []string{}, Title: "东师理想统一认证中心(OAuth2+Sso)", diff --git a/dsSso/docs/swagger.json b/dsSso/docs/swagger.json index ea832a93..d4ed6e49 100644 --- a/dsSso/docs/swagger.json +++ b/dsSso/docs/swagger.json @@ -7,7 +7,7 @@ "license": {}, "version": "2.0" }, - "host": "127.0.0.1:8000", + "host": "10.10.14.187:8000", "paths": { "/oauth2/access_token": { "post": { @@ -184,6 +184,52 @@ ] } }, + "/oauth2/bindWxUser": { + "get": { + "description": "绑定微信用户", + "consumes": [ + "application/x-www-form-urlencoded" + ], + "produces": [ + "application/json" + ], + "tags": [ + "登录验证类" + ], + "summary": "绑定微信用户", + "parameters": [ + { + "type": "string", + "description": "username", + "name": "username", + "in": "formData", + "required": true + }, + { + "type": "string", + "description": "password", + "name": "password", + "in": "formData", + "required": true + }, + { + "type": "string", + "description": "openid", + "name": "openid", + "in": "formData", + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "schema": { + "type": "string" + } + } + } + } + }, "/oauth2/checkOpenId": { "get": { "description": "检查OPENID的是否已经绑定", diff --git a/dsSso/docs/swagger.yaml b/dsSso/docs/swagger.yaml index a74ef14e..959f1af5 100644 --- a/dsSso/docs/swagger.yaml +++ b/dsSso/docs/swagger.yaml @@ -32,7 +32,7 @@ definitions: description: 个数 type: object type: object -host: 127.0.0.1:8000 +host: 10.10.14.187:8000 info: contact: {} description: 参考自xxl-sso @@ -160,6 +160,37 @@ paths: - value x-intlimit: - device_id + /oauth2/bindWxUser: + get: + consumes: + - application/x-www-form-urlencoded + description: 绑定微信用户 + parameters: + - description: username + in: formData + name: username + required: true + type: string + - description: password + in: formData + name: password + required: true + type: string + - description: openid + in: formData + name: openid + required: true + type: string + produces: + - application/json + responses: + "200": + description: OK + schema: + type: string + summary: 绑定微信用户 + tags: + - 登录验证类 /oauth2/checkOpenId: get: consumes: diff --git a/dsSso/main.go b/dsSso/main.go index 72b22ec9..2b257b82 100644 --- a/dsSso/main.go +++ b/dsSso/main.go @@ -67,7 +67,7 @@ func startOAuth2Server() { // @title 东师理想统一认证中心(OAuth2+Sso) // @version 2.0 // @description 参考自xxl-sso -// @host 127.0.0.1:8000 +// @host 10.10.14.187:8000 func main() { // 发布模式 //gin.SetMode(gin.ReleaseMode) diff --git a/dsSso/static/jumpWx.html b/dsSso/static/jumpWx.html index 793d4fd0..c7331c2b 100644 --- a/dsSso/static/jumpWx.html +++ b/dsSso/static/jumpWx.html @@ -34,13 +34,12 @@ }, async: false, success: function (result) { - //if identityId == 1 { - // context.Redirect(301, "/dsBaseWeb/#/organization/bureau") - //} else { - // context.Redirect(301, "/dsBaseWeb/pages/personPortal/") - //} - //context.Redirect(301, "/sso/static/bindUser.html?openId="+openId) - + if(result.success){ + window.location.href="/dsBaseWeb/#/organization/bureau"; + }else{ + var openId=result.openId; + window.location.href="/sso/static/bindUser.html?openId="+openId; + } } }); } else {