新增知学cas单点登录

distributed-print/src/main/java/com/qmth/distributed/print/api/OpenApiController.java

@@ -1,14 +1,21 @@
 package com.qmth.distributed.print.api;
 
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.qmth.boot.api.annotation.Aac;
 import com.qmth.boot.api.annotation.BOOL;
 import com.qmth.boot.api.constant.ApiConstant;
 import com.qmth.distributed.print.business.bean.params.open.GradeOpenPageParams;
 import com.qmth.distributed.print.business.bean.params.open.GradeOpenParams;
 import com.qmth.distributed.print.business.service.OpenApiService;
+import com.qmth.teachcloud.common.bean.params.OpenParams;
+import com.qmth.teachcloud.common.bean.result.LoginResult;
 import com.qmth.teachcloud.common.contant.SystemConstant;
 import com.qmth.teachcloud.common.entity.BasicSchool;
+import com.qmth.teachcloud.common.entity.SysUser;
+import com.qmth.teachcloud.common.enums.AppSourceEnum;
 import com.qmth.teachcloud.common.enums.ExceptionResultEnum;
+import com.qmth.teachcloud.common.service.SysUserService;
+import com.qmth.teachcloud.common.service.TeachcloudCommonService;
 import com.qmth.teachcloud.common.util.AuthThirdUtil;
 import com.qmth.teachcloud.common.util.JacksonUtil;
 import com.qmth.teachcloud.common.util.Result;
@@ -17,14 +24,13 @@ import io.swagger.annotations.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 
 import javax.annotation.Resource;
 import java.io.UnsupportedEncodingException;
 import java.net.URLDecoder;
+import java.security.NoSuchAlgorithmException;
+import java.util.Objects;
 import java.util.Optional;
 
 /**
@@ -45,6 +51,12 @@ public class OpenApiController {
     @Resource
     private OpenApiService openApiService;
 
+    @Resource
+    SysUserService sysUserService;
+
+    @Resource
+    TeachcloudCommonService teachcloudCommonService;
+
     @ApiOperation(value = "试卷基础配置查询")
     @ApiResponses({@ApiResponse(code = 200, message = "试卷基础配置查询", response = Object.class)})
     @PostMapping("/paper_config")
@@ -120,4 +132,47 @@ public class OpenApiController {
         BasicSchool basicSchool = AuthThirdUtil.hasPermission();
         return ResultUtil.ok(openApiService.listExamStudentScore(basicSchool, gradeOpenPageParams.getThirdExamId(), gradeOpenPageParams.getGradeCourseCode(), gradeOpenPageParams.getPageNumber(), gradeOpenPageParams.getPageSize()));
     }
+
+    @ApiOperation(value = "单点登录")
+    @ApiResponses({@ApiResponse(code = 200, message = "返回消息", response = Result.class)})
+    @RequestMapping(value = "/account/login", method = RequestMethod.POST)
+    @Aac(auth = BOOL.FALSE)
+    public Result accountLogin(@ApiParam(value = "时间", required = true) @RequestParam String time,
+                               @ApiParam(value = "地址", required = true) @RequestParam String path,
+                               @ApiParam(value = "鉴权信息", required = true) @RequestParam String signature,
+                               @ApiParam(value = "工号", required = true) @RequestParam String account,
+                               @ApiParam(value = "返回url") @RequestParam(required = false) String returnUrl,
+                               @ApiParam(value = "其它参数") @RequestParam(required = false) String params) throws UnsupportedEncodingException, NoSuchAlgorithmException {
+        if (Objects.isNull(time) || Objects.equals(time, "")) {
+            throw ExceptionResultEnum.PARAMS_ERROR.exception("时间不能为空");
+        }
+        if (Objects.isNull(path) || Objects.equals(path, "")) {
+            throw ExceptionResultEnum.PARAMS_ERROR.exception("路径不能为空");
+        }
+        if (Objects.isNull(signature) || Objects.equals(signature, "")) {
+            throw ExceptionResultEnum.PARAMS_ERROR.exception("鉴权信息不能为空");
+        }
+        if (Objects.isNull(account) || Objects.equals(account, "")) {
+            throw ExceptionResultEnum.PARAMS_ERROR.exception("工号不能为空");
+        }
+
+        BasicSchool basicSchool = AuthThirdUtil.hasPermissionCas(time, path, signature);
+        OpenParams openParams = null;
+        if (Objects.nonNull(params) && !Objects.equals(params, "")) {
+            String decodeJson = URLDecoder.decode(params, SystemConstant.CHARSET_NAME);
+            openParams = JacksonUtil.readJson(decodeJson, OpenParams.class);
+        }
+
+        //查询用户是否存在
+        QueryWrapper<SysUser> sysUserQueryWrapper = new QueryWrapper<>();
+        sysUserQueryWrapper.lambda().eq(SysUser::getSchoolId, basicSchool.getId())
+                .eq(SysUser::getLoginName, account)
+                .eq(SysUser::getEnable, true);
+        SysUser sysUser = sysUserService.getOne(sysUserQueryWrapper);
+        Optional.ofNullable(sysUser).orElseThrow(() -> ExceptionResultEnum.ERROR.exception("用户不存在"));
+
+        LoginResult loginResult = teachcloudCommonService.login(sysUser.getPassword(), sysUser, AppSourceEnum.CAS_THIRD);
+        loginResult.setReturnUrl(returnUrl);
+        return ResultUtil.ok(loginResult);
+    }
 }

distributed-print/src/main/resources/application-dev.properties

@@ -191,4 +191,6 @@ report.open.calculateApi=/api/report/open/calculate
 report.open.publishApi=/api/report/open/publish
 report.open.ssoLoginApi=/api/report/sso/login
 
-print.open.callbackPwd=123456
+print.open.callbackPwd=123456
+
+cas.config.questionLoginUrl=http://*.teach-cloud-test.com/#/login-open

teachcloud-common/src/main/java/com/qmth/teachcloud/common/bean/params/OpenParams.java

@@ -0,0 +1,48 @@
+package com.qmth.teachcloud.common.bean.params;
+
+import io.swagger.annotations.ApiModelProperty;
+
+import java.io.Serializable;
+
+/**
+ * @Description: 开放接口参数
+ * @Param:
+ * @return:
+ * @Author: wangliang
+ * @Date: 2022/10/20
+ */
+public class OpenParams implements Serializable {
+
+    @ApiModelProperty("姓名")
+    private String name;
+
+    @ApiModelProperty("角色名")
+    private String roleName;
+
+    @ApiModelProperty("机构名")
+    private String orgName;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getRoleName() {
+        return roleName;
+    }
+
+    public void setRoleName(String roleName) {
+        this.roleName = roleName;
+    }
+
+    public String getOrgName() {
+        return orgName;
+    }
+
+    public void setOrgName(String orgName) {
+        this.orgName = orgName;
+    }
+}

teachcloud-common/src/main/java/com/qmth/teachcloud/common/config/DictionaryConfig.java

@@ -37,6 +37,17 @@ public class DictionaryConfig {
         return new SysDomain();
     }
 
+    /**
+     * cas配置
+     *
+     * @return
+     */
+    @Bean
+    @ConfigurationProperties(prefix = "cas.config")
+    public CasDomain casDomain() {
+        return new CasDomain();
+    }
+
     /**
      * 短信配置
      *

teachcloud-common/src/main/java/com/qmth/teachcloud/common/contant/SystemConstant.java

@@ -124,6 +124,7 @@ public class SystemConstant {
     public static final String PUSH_OPERATE_NOTICE = "操作成功，请去基础配置 -> 系统设置 -> 同步管理中查看结果";
     public static final String EXCEL_PROTECT_KEY = "Qmth87863577";
     public static final String ZIP_ENCRYPT_PWD = "qmthzip";
+    public static final String GET = "get";
 
     /**
      * oss url过期时间

teachcloud-common/src/main/java/com/qmth/teachcloud/common/domain/CasDomain.java

@@ -0,0 +1,23 @@
+package com.qmth.teachcloud.common.domain;
+
+import java.io.Serializable;
+
+/**
+ * @Description: cas配置
+ * @Param:
+ * @return:
+ * @Author: wangliang
+ * @Date: 2020/4/10
+ */
+public class CasDomain implements Serializable {
+
+    String questionLoginUrl;
+
+    public String getQuestionLoginUrl() {
+        return questionLoginUrl;
+    }
+
+    public void setQuestionLoginUrl(String questionLoginUrl) {
+        this.questionLoginUrl = questionLoginUrl;
+    }
+}

teachcloud-common/src/main/java/com/qmth/teachcloud/common/enums/AppSourceEnum.java

@@ -15,7 +15,9 @@ public enum AppSourceEnum {
 
     WHU_THIRD("武汉大学"),
 
-    PRINT_THIRD("知学知考-分布式印刷");
+    PRINT_THIRD("知学知考-分布式印刷"),
+
+    CAS_THIRD("知学知考-CAS登录");
 
     private String title;
 

teachcloud-common/src/main/java/com/qmth/teachcloud/common/util/AuthThirdUtil.java

@@ -4,6 +4,7 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.qmth.boot.tools.signature.SignatureEntity;
 import com.qmth.boot.tools.signature.SignatureType;
 import com.qmth.teachcloud.common.contant.SpringContextHolder;
+import com.qmth.teachcloud.common.contant.SystemConstant;
 import com.qmth.teachcloud.common.entity.BasicSchool;
 import com.qmth.teachcloud.common.entity.TBSession;
 import com.qmth.teachcloud.common.enums.ExceptionResultEnum;
@@ -88,6 +89,18 @@ public class AuthThirdUtil {
         return commonHasPermission(ServletUtil.getRequestTime(), ServletUtil.getRequestAuthorization());
     }
 
+    /**
+     * 鉴权
+     *
+     * @param time
+     * @param path
+     * @param signature
+     * @return
+     */
+    public static BasicSchool hasPermissionCas(String time, String path, String signature) {
+        return commonHasPermissionCas(time, path, signature);
+    }
+
     /**
      * 公用方法
      *
@@ -133,4 +146,44 @@ public class AuthThirdUtil {
         }
         return basicSchool;
     }
+
+    /**
+     * 公用方法
+     *
+     * @param time
+     * @param path
+     * @param signature
+     * @return
+     */
+    protected static BasicSchool commonHasPermissionCas(String time, String path, String signature) {
+        BasicSchoolService basicSchoolService = SpringContextHolder.getBean(BasicSchoolService.class);
+        final SignatureEntity info = SignatureEntity.parse(signature, SystemConstant.GET, path, Long.parseLong(time));
+        Optional.ofNullable(info).orElseThrow(() -> ExceptionResultEnum.AUTHORIZATION_ERROR.exception());
+
+        if (!path.equalsIgnoreCase(info.getUri())) {
+            log.warn("url faile: url error");
+            throw ExceptionResultEnum.AUTHORIZATION_ERROR.exception();
+        }
+        if (!SystemConstant.GET.equalsIgnoreCase(info.getMethod())) {
+            log.warn("method faile: method error");
+            throw ExceptionResultEnum.AUTHORIZATION_ERROR.exception();
+        }
+        if (info.getTimestamp() > Long.parseLong(time)) {
+            log.warn("Authorization faile: session has expired, expire time=" + time);
+            throw ExceptionResultEnum.TIME_INVALID.exception();
+        }
+        if (SignatureType.SECRET != info.getType()) {
+            log.warn("Authorization faile: signature type is not Secret");
+            throw ExceptionResultEnum.AUTHORIZATION_ERROR.exception();
+        }
+        QueryWrapper<BasicSchool> basicSchoolQueryWrapper = new QueryWrapper<>();
+        basicSchoolQueryWrapper.lambda().eq(BasicSchool::getAccessKey, info.getInvoker());
+        BasicSchool basicSchool = basicSchoolService.getOne(basicSchoolQueryWrapper);
+        Optional.ofNullable(basicSchool).orElseThrow(() -> ExceptionResultEnum.AUTHORIZATION_ERROR.exception("没有学校信息"));
+        if (!info.validate(basicSchool.getAccessSecret())) {
+            log.warn("Authorization faile: secret invalid, secret is " + basicSchool.getAccessSecret());
+            throw ExceptionResultEnum.AUTHORIZATION_ERROR.exception();
+        }
+        return basicSchool;
+    }
 }