管理员关闭用户 mfa

2024-12-02 20:08:40 +08:00 · 2022-02-06 17:04:21 +08:00 · 2022-02-06 17:04:21 +08:00 · ac6a178560
commit ac6a178560
parent dfc5a4f8a4
7 changed files with 116 additions and 44 deletions
--- a/modules/server/src/main/java/io/jpom/controller/LoginControl.java
+++ b/modules/server/src/main/java/io/jpom/controller/LoginControl.java
@ -183,7 +183,7 @@ public class LoginControl extends BaseServerController {
 				}
 				// 验证
 				if (userService.simpleLogin(userName, userPwd) != null) {
-					updateModel = userModel.unLock();
+					updateModel = UserModel.unLock(userName);
 					this.ipSuccess();
 					// 判断是否开启 两步验证
 					boolean bindMfa = userService.hasBindMfa(userName);
--- a/modules/server/src/main/java/io/jpom/controller/user/UserListController.java
+++ b/modules/server/src/main/java/io/jpom/controller/user/UserListController.java
@ -26,6 +26,7 @@ import cn.hutool.core.lang.Validator;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.crypto.SecureUtil;
 import cn.jiangzeyin.common.JsonMessage;
+import cn.jiangzeyin.common.validator.ValidatorItem;
 import com.alibaba.fastjson.JSONArray;
 import io.jpom.common.BaseServerController;
 import io.jpom.common.Const;
@ -40,10 +41,7 @@ import io.jpom.service.user.UserService;
 import io.jpom.system.ServerExtConfigBean;
 import org.springframework.http.MediaType;
 import org.springframework.util.Assert;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;

 import java.util.List;

@ -76,6 +74,12 @@ public class UserListController extends BaseServerController {
 	@Feature(method = MethodFeature.LIST)
 	public String getUserList() {
 		PageResultDto<UserModel> userModelPageResultDto = userService.listPage(getRequest());
+		userModelPageResultDto.each(userModel -> {
+			boolean bindMfa = userService.hasBindMfa(userModel.getId());
+			if (bindMfa) {
+				userModel.setTwoFactorAuthKey("true");
+			}
+		});
 		return JsonMessage.getString(200, "", userModelPageResultDto);
 	}

@ -208,14 +212,27 @@ public class UserListController extends BaseServerController {
 	 * @param id id
 	 * @return json
 	 */
-	@RequestMapping(value = "unlock", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
+	@GetMapping(value = "unlock", produces = MediaType.APPLICATION_JSON_VALUE)
 	@Feature(method = MethodFeature.EDIT)
-	public String unlock(String id) {
-		UserModel userModel = userService.getByKey(id);
-		Assert.notNull(userModel, "修改失败:-1");
-		userService.update(userModel.unLock());
+	public String unlock(@ValidatorItem String id) {
+		UserModel update = UserModel.unLock(id);
+		userService.update(update);
 		return JsonMessage.getString(200, "解锁成功");
 	}

-
+	/**
+	 * 关闭用户 mfa
+	 *
+	 * @param id id
+	 * @return json
+	 */
+	@GetMapping(value = "close_user_mfa", produces = MediaType.APPLICATION_JSON_VALUE)
+	@Feature(method = MethodFeature.EDIT)
+	@SystemPermission(superUser = true)
+	public String closeMfa(@ValidatorItem String id) {
+		UserModel update = new UserModel(id);
+		update.setTwoFactorAuthKey(StrUtil.EMPTY);
+		userService.update(update);
+		return JsonMessage.getString(200, "关闭成功");
+	}
 }
--- a/modules/server/src/main/java/io/jpom/model/data/UserModel.java
+++ b/modules/server/src/main/java/io/jpom/model/data/UserModel.java
@ -127,18 +127,19 @@ public class UserModel extends BaseStrikeDbModel {
 		this.systemUser = ObjectUtil.defaultIfNull(systemUser, 0) == 1 ? systemUser : 0;
 	}

-	/**
-	 * 解锁
-	 */
-	public UserModel unLock() {
-		UserModel newModel = new UserModel(this.getId());
-		return UserModel.unLock(newModel);
-	}
+//	/**
+//	 * 解锁
+//	 */
+//	public UserModel unLock() {
+//		UserModel newModel = new UserModel(this.getId());
+//		return UserModel.unLock(newModel);
+//	}

 	/**
 	 * 解锁
 	 */
-	public static UserModel unLock(UserModel newModel) {
+	public static UserModel unLock(String id) {
+		UserModel newModel = new UserModel(id);
 		newModel.setPwdErrorCount(0);
 		newModel.setLockTime(0L);
 		newModel.setLastPwdErrorTime(0L);
--- a/modules/server/src/main/java/io/jpom/service/user/UserService.java
+++ b/modules/server/src/main/java/io/jpom/service/user/UserService.java
@ -131,11 +131,10 @@ public class UserService extends BaseDbService<UserModel> {
 	 */
 	public void updatePwd(String id, String newPwd) {
 		String salt = this.generateSalt();
-		UserModel userModel = new UserModel();
-		userModel.setId(id);
+		UserModel userModel = UserModel.unLock(id);
+		//		userModel.setId(id);
 		userModel.setSalt(salt);
 		userModel.setPassword(SecureUtil.sha1(newPwd + salt));
-		UserModel.unLock(userModel);
 		super.update(userModel);
 	}

--- a/web-vue/src/api/user.js
+++ b/web-vue/src/api/user.js
@ -46,7 +46,6 @@ export function closeMfa() {
  });
 }

-
 // 生成 两步验证信息
 export function generateMfa() {
  return axios({
@ -177,8 +176,21 @@ export function sendEmailCode(email) {
 export function unlockUser(id) {
  return axios({
    url: "/user/unlock",
-    method: "post",
-    data: { id },
+    method: "get",
+    params: { id },
+  });
+}
+
+/**
+ * 关闭用户 mfa 两步验证
+ * @param {String} id 管理员 ID
+ * @returns
+ */
+export function closeUserMfa(id) {
+  return axios({
+    url: "/user/close_user_mfa",
+    method: "get",
+    params: { id },
  });
 }

--- a/web-vue/src/pages/layout/user-header.vue
+++ b/web-vue/src/pages/layout/user-header.vue
@ -483,6 +483,10 @@ export default {
            });
            this.temp = { ...this.temp };
            this.showQrCode();
+            this.$notification.info({
+              // placement: "",
+              message: "需要输入验证码,确认绑定后才生效奥",
+            });
          }
        });
      } else {
@ -499,7 +503,7 @@ export default {
                this.$notification.success({
                  message: res.msg,
                });
-                this.temp.status = false;
+                this.temp = { ...this.temp, needVerify: false, status: false };
              }
            });
          },
--- a/web-vue/src/pages/user/index.vue
+++ b/web-vue/src/pages/user/index.vue
@ -1,15 +1,6 @@
 <template>
  <div class="full-content">
-    <div ref="filter" class="filter">
-      <a-space>
-        <a-input v-model="listQuery.id" placeholder="用户名ID" class="search-input-item" />
-        <a-input v-model="listQuery['%name%']" placeholder="用户名" class="search-input-item" />
-        <a-tooltip title="按住 Ctr 或者 Alt 键点击按钮快速回到第一页">
-          <a-button type="primary" :loading="loading" @click="loadData">搜索</a-button>
-        </a-tooltip>
-        <a-button type="primary" @click="handleAdd">新增</a-button>
-      </a-space>
-    </div>
+    <!-- <div ref="filter" class="filter"></div> -->
    <!-- 数据表格 -->
    <a-table
      :data-source="list"
@ -19,16 +10,42 @@
      bordered
      :rowKey="(record, index) => index"
    >
+      <template slot="title">
+        <a-space>
+          <a-input v-model="listQuery.id" placeholder="用户名ID" class="search-input-item" />
+          <a-input v-model="listQuery['%name%']" placeholder="用户名" class="search-input-item" />
+          <a-tooltip title="按住 Ctr 或者 Alt 键点击按钮快速回到第一页">
+            <a-button type="primary" :loading="loading" @click="loadData">搜索</a-button>
+          </a-tooltip>
+          <a-button type="primary" @click="handleAdd">新增</a-button>
+        </a-space></template
+      >
      <template slot="operation" slot-scope="text, record">
        <a-space>
          <a-button type="primary" @click="handleEdit(record)">编辑</a-button>
-          <a-button type="danger" @click="handleDelete(record)">删除</a-button>
-          <a-button type="danger" :disabled="record.pwdErrorCount === 0" @click="handleUnlock(record)">解锁</a-button>
+          <a-dropdown>
+            <a class="ant-dropdown-link" @click="(e) => e.preventDefault()"> 更多 <a-icon type="down" /> </a>
+            <a-menu slot="overlay">
+              <a-menu-item>
+                <a-button type="danger" :disabled="record.parent === 'sys'" @click="handleDelete(record)">删除</a-button>
+              </a-menu-item>
+              <a-menu-item>
+                <a-button type="danger" :disabled="record.pwdErrorCount === 0" @click="handleUnlock(record)">解锁</a-button>
+              </a-menu-item>
+              <a-menu-item>
+                <a-button type="danger" :disabled="record.twoFactorAuthKey ? false : true" @click="handleCloseMfa(record)">关闭MFA</a-button>
+              </a-menu-item>
+            </a-menu></a-dropdown
+          >
        </a-space>
      </template>
      <template slot="systemUser" slot-scope="text, record">
        <a-switch size="small" checked-children="是" un-checked-children="否" :checked="record.systemUser == 1" />
      </template>
+      <template slot="twoFactorAuthKey" slot-scope="text, record">
+        <a-switch size="small" checked-children="开" un-checked-children="关" :checked="record.twoFactorAuthKey ? true : false" />
+      </template>
+
      <a-tooltip slot="id" slot-scope="text" :title="text">
        <span>{{ text }}</span>
      </a-tooltip>
@ -114,7 +131,7 @@
  </div>
 </template>
 <script>
-import { getUserList, editUser, deleteUser, unlockUser, workspaceList } from "@/api/user";
+import { getUserList, editUser, deleteUser, unlockUser, closeUserMfa, workspaceList } from "@/api/user";
 import { getWorkSpaceListAll } from "@/api/workspace";
 import { getMonitorOperateTypeList } from "@/api/monitor";
 import { parseTime } from "@/utils/time";
@ -156,10 +173,12 @@ export default {
      editUserVisible: false,
      listQuery: Object.assign({}, PAGE_DEFAULT_LIST_QUERY),
      columns: [
-        { title: "ID", dataIndex: "id", ellipsis: true, width: 150, scopedSlots: { customRender: "id" } },
+        { title: "ID", dataIndex: "id", ellipsis: true, scopedSlots: { customRender: "id" } },
        { title: "昵称", dataIndex: "name", ellipsis: true },
        { title: "管理员", dataIndex: "systemUser", ellipsis: true, width: 90, scopedSlots: { customRender: "systemUser" } },
-        { title: "邮箱", dataIndex: "email", ellipsis: true, width: 150, scopedSlots: { customRender: "email" } },
+        { title: "两步验证", dataIndex: "twoFactorAuthKey", ellipsis: true, width: 90, scopedSlots: { customRender: "twoFactorAuthKey" } },
+
+        { title: "邮箱", dataIndex: "email", ellipsis: true, scopedSlots: { customRender: "email" } },
        { title: "创建人", dataIndex: "parent", ellipsis: true, width: 150 },
        {
          title: "修改时间",
@ -171,7 +190,7 @@ export default {
          },
          width: 170,
        },
-        { title: "操作", dataIndex: "operation", scopedSlots: { customRender: "operation" }, width: 260 },
+        { title: "操作", dataIndex: "operation", scopedSlots: { customRender: "operation" }, width: 150 },
      ],
      // 表单校验规则
      rules: {
@ -399,6 +418,26 @@ export default {
        },
      });
    },
+    //
+    handleCloseMfa(record) {
+      this.$confirm({
+        title: "系统提示",
+        content: "真的关闭当前用户的两步验证么？",
+        okText: "确认",
+        cancelText: "取消",
+        onOk: () => {
+          // 解锁用户
+          closeUserMfa(record.id).then((res) => {
+            if (res.code === 200) {
+              this.$notification.success({
+                message: res.msg,
+              });
+              this.loadData();
+            }
+          });
+        },
+      });
+    },
    // 分页、排序、筛选变化时触发
    changePage(pagination, filters, sorter) {
      this.listQuery.page = pagination.current;
@ -413,7 +452,7 @@ export default {
 };
 </script>
 <style scoped>
-.filter {
+/* .filter {
  margin-bottom: 10px;
-}
+} */
 </style>