用户增加OTP认证设置

2026-01-02 03:56:34 +08:00 · 2022-07-24 16:14:56 +08:00
parent 7e34e1e69e
commit 78f89ce901
6 changed files with 130 additions and 37 deletions
--- a/internal/rpc/services/service_admin.go
+++ b/internal/rpc/services/service_admin.go
@@ -165,7 +165,7 @@ func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnab
 	// OTP认证
 	var pbOtpAuth *pb.Login = nil
 	{
-		adminAuth, err := models.SharedLoginDAO.FindEnabledLoginWithAdminId(tx, int64(admin.Id), models.LoginTypeOTP)
+		adminAuth, err := models.SharedLoginDAO.FindEnabledLoginWithType(tx, int64(admin.Id), 0, models.LoginTypeOTP)
 		if err != nil {
 			return nil, err
 		}
@@ -385,7 +385,7 @@ func (this *AdminService) ListEnabledAdmins(ctx context.Context, req *pb.ListEna
 	for _, admin := range admins {
 		var pbOtpAuth *pb.Login = nil
 		{
-			adminAuth, err := models.SharedLoginDAO.FindEnabledLoginWithAdminId(tx, int64(admin.Id), models.LoginTypeOTP)
+			adminAuth, err := models.SharedLoginDAO.FindEnabledLoginWithType(tx, int64(admin.Id), 0, models.LoginTypeOTP)
 			if err != nil {
 				return nil, err
 			}
@@ -456,7 +456,7 @@ func (this *AdminService) CheckAdminOTPWithUsername(ctx context.Context, req *pb
 		return &pb.CheckAdminOTPWithUsernameResponse{RequireOTP: false}, nil
 	}

-	otpIsOn, err := models.SharedLoginDAO.CheckLoginIsOn(tx, adminId, "otp")
+	otpIsOn, err := models.SharedLoginDAO.CheckLoginIsOn(tx, adminId, 0, "otp")
 	if err != nil {
 		return nil, err
 	}
--- a/internal/rpc/services/service_login.go
+++ b/internal/rpc/services/service_login.go
@@ -16,14 +16,18 @@ type LoginService struct {

 // FindEnabledLogin 查找认证
 func (this *LoginService) FindEnabledLogin(ctx context.Context, req *pb.FindEnabledLoginRequest) (*pb.FindEnabledLoginResponse, error) {
-	_, err := this.ValidateAdmin(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx)
 	if err != nil {
 		return nil, err
 	}

+	if userId > 0 {
+		req.UserId = userId
+	}
+
 	var tx = this.NullTx()

-	login, err := models.SharedLoginDAO.FindEnabledLoginWithAdminId(tx, req.AdminId, req.Type)
+	login, err := models.SharedLoginDAO.FindEnabledLoginWithType(tx, req.AdminId, req.UserId, req.Type)
 	if err != nil {
 		return nil, err
 	}
@@ -42,7 +46,7 @@ func (this *LoginService) FindEnabledLogin(ctx context.Context, req *pb.FindEnab

 // UpdateLogin 修改认证
 func (this *LoginService) UpdateLogin(ctx context.Context, req *pb.UpdateLoginRequest) (*pb.RPCSuccess, error) {
-	_, err := this.ValidateAdmin(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -53,20 +57,24 @@ func (this *LoginService) UpdateLogin(ctx context.Context, req *pb.UpdateLoginRe

 	var tx = this.NullTx()

+	if userId > 0 {
+		req.Login.UserId = userId
+	}
+
 	if req.Login.IsOn {
-		params := maps.Map{}
+		var params = maps.Map{}
 		if len(req.Login.ParamsJSON) > 0 {
 			err = json.Unmarshal(req.Login.ParamsJSON, &params)
 			if err != nil {
 				return nil, err
 			}
 		}
-		err = models.SharedLoginDAO.UpdateLogin(tx, req.Login.AdminId, req.Login.Type, params, req.Login.IsOn)
+		err = models.SharedLoginDAO.UpdateLogin(tx, req.Login.AdminId, req.Login.UserId, req.Login.Type, params, req.Login.IsOn)
 		if err != nil {
 			return nil, err
 		}
 	} else {
-		err = models.SharedLoginDAO.DisableLoginWithAdminId(tx, req.Login.AdminId, req.Login.Type)
+		err = models.SharedLoginDAO.DisableLoginWithType(tx, req.Login.AdminId, req.Login.UserId, req.Login.Type)
 		if err != nil {
 			return nil, err
 		}
--- a/internal/rpc/services/service_user.go
+++ b/internal/rpc/services/service_user.go
@@ -276,6 +276,23 @@ func (this *UserService) FindEnabledUser(ctx context.Context, req *pb.FindEnable
 		return nil, err
 	}

+	// OTP认证
+	var pbOtpAuth *pb.Login = nil
+	{
+		userAuth, err := models.SharedLoginDAO.FindEnabledLoginWithType(tx, 0, req.UserId, models.LoginTypeOTP)
+		if err != nil {
+			return nil, err
+		}
+		if userAuth != nil {
+			pbOtpAuth = &pb.Login{
+				Id:         int64(userAuth.Id),
+				Type:       userAuth.Type,
+				ParamsJSON: userAuth.Params,
+				IsOn:       userAuth.IsOn,
+			}
+		}
+	}
+
 	return &pb.FindEnabledUserResponse{User: &pb.User{
 		Id:                     int64(user.Id),
 		Username:               user.Username,
@@ -293,6 +310,7 @@ func (this *UserService) FindEnabledUser(ctx context.Context, req *pb.FindEnable
 		NodeCluster:            pbCluster,
 		IsIndividualIdentified: isIndividualIdentified,
 		IsEnterpriseIdentified: isEnterpriseIdentified,
+		OtpLogin:               pbOtpAuth,
 	}}, nil
 }

@@ -700,3 +718,31 @@ func (this *UserService) ComposeUserGlobalBoard(ctx context.Context, req *pb.Com

 	return result, nil
 }
+
+// CheckUserOTPWithUsername 检查是否需要输入OTP
+func (this *UserService) CheckUserOTPWithUsername(ctx context.Context, req *pb.CheckUserOTPWithUsernameRequest) (*pb.CheckUserOTPWithUsernameResponse, error) {
+	_, err := this.ValidateUserNode(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(req.Username) == 0 {
+		return &pb.CheckUserOTPWithUsernameResponse{RequireOTP: false}, nil
+	}
+
+	var tx = this.NullTx()
+
+	userId, err := models.SharedUserDAO.FindEnabledUserIdWithUsername(tx, req.Username)
+	if err != nil {
+		return nil, err
+	}
+	if userId <= 0 {
+		return &pb.CheckUserOTPWithUsernameResponse{RequireOTP: false}, nil
+	}
+
+	otpIsOn, err := models.SharedLoginDAO.CheckLoginIsOn(tx, 0, userId, "otp")
+	if err != nil {
+		return nil, err
+	}
+	return &pb.CheckUserOTPWithUsernameResponse{RequireOTP: otpIsOn}, nil
+}