UserCtrl.java 6.67 KB
package com.ui.ctrl;


import com.ui.User.MD5Util;
import com.ui.User.UserAuthLocal;
import com.ui.contants.HttpUriContants;
import com.ui.http.HttpRestClient;
import com.ui.ldaputil.LdapAuthUtil;
import com.ui.model.BaseResponse;
import com.ui.model.req.AuthModule;
import com.ui.model.req.User;
import org.apache.commons.lang.RandomStringUtils;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

@Controller
@RequestMapping("user")
public class UserCtrl {

    Logger log = LoggerFactory.getLogger(UserCtrl.class);

    @Autowired
    private HttpRestClient httpRestClient;

    @Autowired
    UserAuthLocal userAuthLocal;

    @Autowired
    private LdapAuthUtil ldapAuthenticate;

    @RequestMapping("/toLogin")
    public ModelAndView toLogin(String loginTargetUrl, Model model) {
        if(StringUtils.isNotBlank(loginTargetUrl)){
            model.addAttribute("loginTargetUrl",loginTargetUrl);
        }
        return new ModelAndView("user/login");
    }

    @RequestMapping("/toupdatePwd")
    public ModelAndView toupdatePwd() {
        return new ModelAndView("user/modifypwd");
    }

    @RequestMapping("/login")
    public ModelAndView toLogin(User user, HttpSession session, Model model, HttpServletResponse response) {
        if (StringUtils.isBlank(user.getName())){
            if (session.getAttribute("user") == null){
                return new ModelAndView("user/login");
            }else {
                return new ModelAndView("dashBoard/dashBoard");
            }

        }

        boolean ldapFlag=false;
        // 给admin留一个后门,防止ldap不能验证
        if(!"admin".equals(user.getName())){
            BaseResponse ldapFlagResp=httpRestClient.defaultGet(HttpUriContants.USER_LDAP_FLAG,BaseResponse.class);
            if(ldapFlagResp!=null&&ldapFlagResp.getCode()==200&&ldapFlagResp.getData()!=null&&"1".equals(String.valueOf(ldapFlagResp.getData()))){
                ldapFlag=true;
            }
        }

        User u =null;
        if(ldapFlag){
            //走ldap统一认证接口
            //认证
            //认证不通过,提示
            if(!ldapAuthenticate.login(user.getName(),user.getPwd())){
                model.addAttribute("message", "请使用你的OA账户登陆,登录名或者密码错误");
                return new ModelAndView("user/login");
            }

            //认证通过
            u = userAuthLocal.getUserByLdapName(user.getName());

            if (u == null) {
                //创建默认的用户
                model.addAttribute("message", "用户名不存在,如有需要请联系管理员添加用户");
                return new ModelAndView("user/login");
            }


        }else{
            u = userAuthLocal.getUserByname(user.getName());

            if (u == null) {
                model.addAttribute("message", "用户名不存在,如有需要请联系管理员添加用户");
                return new ModelAndView("user/login");
            }

            if (!u.getPwd().equals(MD5Util.encryption(user.getPwd()))) {
                model.addAttribute("message", "密码错误");
                return new ModelAndView("user/login");
            }

        }

        //用户放到session
        session.setAttribute("user", u);

        if(StringUtils.isBlank(user.getLoginTargetUrl())){
            return new ModelAndView("dashBoard/dashBoard");
        }else{
            try {
                //直接跳转到初始的请求页面
                response.sendRedirect(user.getLoginTargetUrl());
            } catch (IOException e) {
                return new ModelAndView("dashBoard/dashBoard");
            }
            return null;
        }

    }

    @RequestMapping("/logout")
    public ModelAndView toLogin(HttpSession session) {
        session.removeAttribute("user");
        return new ModelAndView("user/login");
    }

    @RequestMapping("/updatePwd")
    public ModelAndView updatePwd(String name, String oldpwd, String newpwd, HttpSession session, Model model) {
        User u = (User) session.getAttribute("user");
        String username = u.getName();
        if ("admin".equals(username) && !"admin".equals(name)) {
            User user = userAuthLocal.getUserByname(name);
            if (user == null) {
                model.addAttribute("message", "当前用户不存在");
                return new ModelAndView("user/modifypwd");
            }
            user.setPwd(RandomStringUtils.random(8,true,true));
            httpRestClient.defaultPost(HttpUriContants.USER_UPDATE_PWD, user, BaseResponse.class);
            userAuthLocal.flushUser(name);
            return new ModelAndView("dashBoard/dashBoard");

        } else if (name.equals(username)) {
            User user = userAuthLocal.getUserByname(name);
            if (!user.getPwd().equals(MD5Util.encryption(oldpwd))) {
                model.addAttribute("message", "旧密码错误");
                return new ModelAndView("user/modifypwd");
            }
            user.setPwd(newpwd);
            httpRestClient.defaultPost(HttpUriContants.USER_UPDATE_PWD, user, BaseResponse.class);
            session.removeAttribute("user");
            userAuthLocal.flushUser(name);
            return new ModelAndView("user/login");
        } else {
            model.addAttribute("message", "无权限修改当前账户");
            return new ModelAndView("user/modifypwd");
        }

    }

    @RequestMapping("/getAllModuleAndGroup")
    @ResponseBody
    public Map getAllModuleAndGroup() {
        //加载mudule信息
        BaseResponse<List<AuthModule>> moduleResponse = httpRestClient.exchangeForget(HttpUriContants.GET_All_MODULE, new ParameterizedTypeReference<BaseResponse<List<AuthModule>>>() {}, null);
        BaseResponse baseResponse = httpRestClient.defaultPost(HttpUriContants.GET_All_MODULEGROUP, null, BaseResponse.class);

        if (moduleResponse != null && baseResponse != null){
            Map map = new HashMap<>();
            map.put("modules",moduleResponse.getData());
            map.put("moduleGroups",baseResponse.getData());
            return map;
        }else {
            return null;
        }
    }


}