Merge branch 'master' of http://git.qmth.com.cn/ExamCloud-2/examcloud-core-basic

examcloud-core-basic-api-provider/src/main/java/cn/com/qmth/examcloud/service/core/api/UserApi.java

@@ -239,6 +239,19 @@ public class UserApi {
             return new ResponseEntity(new ErrorMsg(e.getMessage()), HttpStatus.INTERNAL_SERVER_ERROR);
         }
     }
+    
+    @ApiOperation(value = "第三方机构接入", notes = "第三方机构接入")
+    @PostMapping("/thirdPartyAccess/{orgId}")
+    public ResponseEntity thirdPartyAccess(@PathVariable long orgId,
+                                @RequestParam String userid,
+                                @RequestParam String appid,@RequestParam String timestamp,@RequestParam String token) {
+        try {
+            UserInfo userInfo = userService.thirdPartyAccess(orgId, userid, appid,timestamp,token);
+            return new ResponseEntity(userInfo, HttpStatus.OK);
+        } catch (Exception e) {
+            return new ResponseEntity(new ErrorMsg(e.getMessage()), HttpStatus.INTERNAL_SERVER_ERROR);
+        }
+    }
 
     @ApiOperation(value = "登出", notes = "登出")
     @PostMapping("/logout")

examcloud-core-basic-dao/src/main/java/cn/com/qmth/examcloud/core/basic/dao/ThirdPartyAccessDao.java

@@ -0,0 +1,12 @@
+package cn.com.qmth.examcloud.core.basic.dao;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.repository.query.QueryByExampleExecutor;
+
+import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccess;
+import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccessPK;
+
+public interface ThirdPartyAccessDao
+		extends JpaRepository<ThirdPartyAccess, ThirdPartyAccessPK>, QueryByExampleExecutor<ThirdPartyAccess> {
+
+}

examcloud-core-basic-dao/src/main/java/cn/com/qmth/examcloud/core/basic/dao/entity/ThirdPartyAccess.java

@@ -0,0 +1,71 @@
+package cn.com.qmth.examcloud.core.basic.dao.entity;
+
+import java.io.Serializable;
+
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.IdClass;
+import javax.persistence.Table;
+
+/**
+ * 第三方接入信息
+ * 
+ * @author WANGWEI
+ *
+ */
+@Entity
+@IdClass(ThirdPartyAccessPK.class)
+@Table(name = "ecs_core_third_party_access")
+public class ThirdPartyAccess implements Serializable {
+
+	private static final long serialVersionUID = -4967242922242580681L;
+
+	@Id
+	private Long orgId;
+
+	@Id
+	private String appId;
+
+	/**
+	 * 密钥
+	 */
+	private String secretKey;
+
+	/**
+	 * 时间差范围
+	 */
+	private long timeRange;
+
+	public Long getOrgId() {
+		return orgId;
+	}
+
+	public void setOrgId(Long orgId) {
+		this.orgId = orgId;
+	}
+
+	public String getAppId() {
+		return appId;
+	}
+
+	public void setAppId(String appId) {
+		this.appId = appId;
+	}
+
+	public String getSecretKey() {
+		return secretKey;
+	}
+
+	public void setSecretKey(String secretKey) {
+		this.secretKey = secretKey;
+	}
+
+	public long getTimeRange() {
+		return timeRange;
+	}
+
+	public void setTimeRange(long timeRange) {
+		this.timeRange = timeRange;
+	}
+
+}

examcloud-core-basic-dao/src/main/java/cn/com/qmth/examcloud/core/basic/dao/entity/ThirdPartyAccessPK.java

@@ -0,0 +1,45 @@
+package cn.com.qmth.examcloud.core.basic.dao.entity;
+
+import java.io.Serializable;
+
+/**
+ * 第三方接入信息
+ * 
+ * @author WANGWEI
+ *
+ */
+public class ThirdPartyAccessPK implements Serializable {
+
+	private static final long serialVersionUID = -2564683239937634130L;
+
+	private Long orgId;
+
+	private String appId;
+
+	public ThirdPartyAccessPK() {
+		super();
+	}
+
+	public ThirdPartyAccessPK(Long orgId, String appId) {
+		super();
+		this.orgId = orgId;
+		this.appId = appId;
+	}
+
+	public Long getOrgId() {
+		return orgId;
+	}
+
+	public void setOrgId(Long orgId) {
+		this.orgId = orgId;
+	}
+
+	public String getAppId() {
+		return appId;
+	}
+
+	public void setAppId(String appId) {
+		this.appId = appId;
+	}
+
+}

examcloud-core-basic-service/src/main/java/cn/com/qmth/examcloud/core/basic/service/impl/UserServiceImpl.java

@@ -21,13 +21,19 @@ import org.springframework.data.jpa.domain.Specification;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Service;
 
+import com.esotericsoftware.minlog.Log;
+
 import cn.com.qmth.examcloud.common.uac.AccessCtrlUtil;
 import cn.com.qmth.examcloud.common.uac.AccessUserOps;
 import cn.com.qmth.examcloud.common.uac.AccessUserOpsForRedis;
 import cn.com.qmth.examcloud.common.uac.entity.AccessUser;
 import cn.com.qmth.examcloud.common.uac.enums.RoleMeta;
+import cn.com.qmth.examcloud.common.util.ByteUtil;
+import cn.com.qmth.examcloud.common.util.SHA256;
+import cn.com.qmth.examcloud.common.util.StringUtil;
 import cn.com.qmth.examcloud.core.basic.dao.OrgRepo;
 import cn.com.qmth.examcloud.core.basic.dao.StudentRepo;
+import cn.com.qmth.examcloud.core.basic.dao.ThirdPartyAccessDao;
 import cn.com.qmth.examcloud.core.basic.dao.UserLoginRepo;
 import cn.com.qmth.examcloud.core.basic.dao.UserOpsLogRepo;
 import cn.com.qmth.examcloud.core.basic.dao.UserRepo;
@@ -35,6 +41,8 @@ import cn.com.qmth.examcloud.core.basic.dao.UserRoleRepo;
 import cn.com.qmth.examcloud.core.basic.dao.constants.Consts;
 import cn.com.qmth.examcloud.core.basic.dao.entity.Org;
 import cn.com.qmth.examcloud.core.basic.dao.entity.Student;
+import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccess;
+import cn.com.qmth.examcloud.core.basic.dao.entity.ThirdPartyAccessPK;
 import cn.com.qmth.examcloud.core.basic.dao.entity.User;
 import cn.com.qmth.examcloud.core.basic.dao.entity.UserLogin;
 import cn.com.qmth.examcloud.core.basic.dao.entity.UserOpsLog;
@@ -71,6 +79,9 @@ public class UserServiceImpl  implements UserService{
 
     @Autowired
     UserOpsLogRepo userOpsLogRepo;
+    
+    @Autowired
+    ThirdPartyAccessDao thirdPartyAccessDao;
 
     RedisTemplate redisTemplate;
 
@@ -91,7 +102,9 @@ public class UserServiceImpl  implements UserService{
     public Page<User> findAll(User userCriteria, Pageable pageable){
         Specification<User> userSpecification = (root, query, cb) -> {
             List<Predicate> predicates = new ArrayList<>();
-            predicates.add(cb.equal(root.get("type"),userCriteria.getType()));
+            if(userCriteria.getType() != null){
+            	predicates.add(cb.equal(root.get("type"),userCriteria.getType()));
+            }
             predicates.add(cb.equal(root.get("rootOrgId"),userCriteria.getRootOrgId()));
             if(StringUtils.isNotEmpty(userCriteria.getLoginName())){
                 predicates.add(cb.like(root.get("loginName"),"%"+userCriteria.getLoginName()+"%"));
@@ -170,7 +183,9 @@ public class UserServiceImpl  implements UserService{
         Specification<User> userSpecification = (root, query, cb) -> {
             List<Predicate> predicates = new ArrayList<>();
             predicates.add(cb.equal(root.get("rootOrgId"),root.get("orgId")));
-            predicates.add(cb.equal(root.get("type"),userCriteria.getType()));
+            if(userCriteria.getType() != null){
+            	predicates.add(cb.equal(root.get("type"),userCriteria.getType()));
+            }
             if(userCriteria.getOrgId() != null){
                 predicates.add(cb.equal(root.get("rootOrgId"),userCriteria.getOrgId()));
             }
@@ -235,7 +250,14 @@ public class UserServiceImpl  implements UserService{
     public UserInfo login(String loginName,
                           String password)throws Exception{
         User user = userRepo.findByLoginName(loginName);
-        return loginProcess(user,password);
+        if(user == null){
+        	throw new RuntimeException("该用户不存在");
+        }else if(!user.getPassword().equals(password)){
+        	throw new RuntimeException("密码错误");
+        }else if(!user.getEnable()){
+            throw new RuntimeException("该用户被禁用");
+		}
+		return loginProcess(user);
 
     }
     
@@ -250,31 +272,77 @@ public class UserServiceImpl  implements UserService{
                           String loginName,
                           String password)throws Exception{
         User user = userRepo.findByRootOrgIdAndLoginName(orgId,loginName);
-        return loginProcess(user,password);
-    }
-
-    /**
-     * 登录处理
-     * @param user
-     * @param password
-     * @return
-     */
-    public UserInfo loginProcess(User user, String password)throws Exception{
         if(user == null){
         	throw new RuntimeException("该用户不存在");
         }else if(!user.getPassword().equals(password)){
         	throw new RuntimeException("密码错误");
         }else if(!user.getEnable()){
             throw new RuntimeException("该用户被禁用");
-        }else{
-            String token = AccessCtrlUtil.buildToken();
-            initUserLogin(user);
-            createAccessUser(token,user,null);
-            createUserLogin(token,user);
-            return getUserInfo(user,token);
         }
+		return loginProcess(user);
     }
 
+    /**
+     * 登录处理
+     * @param user
+     * @return
+     */
+	public UserInfo loginProcess(User user) throws Exception {
+		String token = AccessCtrlUtil.buildToken();
+		initUserLogin(user);
+		createAccessUser(token, user, null);
+		createUserLogin(token, user);
+		return getUserInfo(user, token);
+	}
+    
+	/**
+	 *第三方接入
+	 *
+	 * @author WANGWEI
+	 * @param orgId
+	 * @param userid
+	 * @param appid
+	 * @param timestamp
+	 * @param token
+	 * @return
+	 * @throws Exception 
+	 */
+	public UserInfo thirdPartyAccess(long orgId, String userid, String appid, String timestamp, String token)
+			throws Exception {
+		ThirdPartyAccess thirdPartyAccess = thirdPartyAccessDao.findOne(new ThirdPartyAccessPK(orgId, appid));
+
+		if (null == thirdPartyAccess) {
+			throw new RuntimeException("第三方系统接入信息未配置!");
+		}
+		
+		long timestampLong = 0L;
+		try {
+			timestampLong = Long.parseLong(timestamp);
+		} catch (Exception e) {
+			throw new RuntimeException("timestamp错误");
+		}
+		
+		if (Math.abs(System.currentTimeMillis() - timestampLong) > thirdPartyAccess.getTimeRange()) {
+			throw new RuntimeException("第三方系统接入鉴权失败: timestamp超出时间差范围!");
+		}
+
+		String secretKey = thirdPartyAccess.getSecretKey();
+		String joinStr = StringUtil.join(userid, orgId, appid, timestamp, secretKey);
+		byte[] bytes = SHA256.encode(joinStr);
+		String hexAscii = ByteUtil.toHexAscii(bytes);
+
+		if (!hexAscii.equals(token)) {
+			throw new RuntimeException("第三方系统接入鉴权失败: token校验失败!");
+		}
+
+		User user = userRepo.findByRootOrgIdAndLoginName(orgId, userid);
+		if (user == null) {
+			throw new RuntimeException("该用户不存在!");
+		}
+		
+		return loginProcess(user);
+	}
+
     /**
      * 初始化用户登录
      * @param user