用户增加OTP认证设置

internal/db/models/login_dao.go

@@ -40,7 +40,7 @@ func init() {
 	})
 }
 
-// 启用条目
+// EnableLogin 启用条目
 func (this *LoginDAO) EnableLogin(tx *dbs.Tx, id int64) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -49,7 +49,7 @@ func (this *LoginDAO) EnableLogin(tx *dbs.Tx, id int64) error {
 	return err
 }
 
-// 禁用条目
+// DisableLogin 禁用条目
 func (this *LoginDAO) DisableLogin(tx *dbs.Tx, id int64) error {
 	_, err := this.Query(tx).
 		Pk(id).
@@ -58,7 +58,7 @@ func (this *LoginDAO) DisableLogin(tx *dbs.Tx, id int64) error {
 	return err
 }
 
-// 查找启用中的条目
+// FindEnabledLogin 查找启用中的条目
 func (this *LoginDAO) FindEnabledLogin(tx *dbs.Tx, id int64) (*Login, error) {
 	result, err := this.Query(tx).
 		Pk(id).
@@ -70,7 +70,7 @@ func (this *LoginDAO) FindEnabledLogin(tx *dbs.Tx, id int64) (*Login, error) {
 	return result.(*Login), err
 }
 
-// 创建认证
+// CreateLogin 创建认证
 func (this *LoginDAO) CreateLogin(tx *dbs.Tx, Id int64, loginType LoginType, params maps.Map) (int64, error) {
 	if Id <= 0 {
 		return 0, errors.New("invalid Id")
@@ -87,15 +87,25 @@ func (this *LoginDAO) CreateLogin(tx *dbs.Tx, Id int64, loginType LoginType, par
 	return this.SaveInt64(tx, op)
 }
 
-// 修改认证
-func (this *LoginDAO) UpdateLogin(tx *dbs.Tx, adminId int64, loginType LoginType, params maps.Map, isOn bool) error {
+// UpdateLogin 修改认证
+func (this *LoginDAO) UpdateLogin(tx *dbs.Tx, adminId int64, userId int64, loginType LoginType, params maps.Map, isOn bool) error {
+	if adminId <= 0 && userId <= 0 {
+		return errors.New("invalid adminId and userId")
+	}
+
 	// 是否已经存在
-	loginId, err := this.Query(tx).
-		Attr("adminId", adminId).
+	var query = this.Query(tx).
 		Attr("type", loginType).
 		State(LoginStateEnabled).
-		ResultPk().
-		FindInt64Col(0)
+		ResultPk()
+
+	if adminId > 0 {
+		query.Attr("adminId", adminId)
+	} else if userId > 0 {
+		query.Attr("userId", userId)
+	}
+
+	loginId, err := query.FindInt64Col(0)
 	if err != nil {
 		return err
 	}
@@ -104,6 +114,7 @@ func (this *LoginDAO) UpdateLogin(tx *dbs.Tx, adminId int64, loginType LoginType
 		op.Id = loginId
 	} else {
 		op.AdminId = adminId
+		op.UserId = userId
 		op.Type = loginType
 		op.State = LoginStateEnabled
 	}
@@ -117,35 +128,54 @@ func (this *LoginDAO) UpdateLogin(tx *dbs.Tx, adminId int64, loginType LoginType
 	return this.Save(tx, op)
 }
 
-// 禁用相关认证
-func (this *LoginDAO) DisableLoginWithAdminId(tx *dbs.Tx, adminId int64, loginType LoginType) error {
-	_, err := this.Query(tx).
-		Attr("adminId", adminId).
+// DisableLoginWithType 禁用相关认证
+func (this *LoginDAO) DisableLoginWithType(tx *dbs.Tx, adminId int64, userId int64, loginType LoginType) error {
+	var query = this.Query(tx).
 		Attr("type", loginType).
-		Set("isOn", false).
+		Set("isOn", false)
+
+	if adminId > 0 {
+		query.Attr("adminId", adminId)
+	} else if userId > 0 {
+		query.Attr("userId", userId)
+	}
+
+	_, err := query.
 		Update()
 	return err
 }
 
-// 查找管理员相关的认证
-func (this *LoginDAO) FindEnabledLoginWithAdminId(tx *dbs.Tx, adminId int64, loginType LoginType) (*Login, error) {
-	one, err := this.Query(tx).
-		Attr("adminId", adminId).
+// FindEnabledLoginWithType 查找管理员和用户相关的认证
+func (this *LoginDAO) FindEnabledLoginWithType(tx *dbs.Tx, adminId int64, userId int64, loginType LoginType) (*Login, error) {
+	var query = this.Query(tx).
 		Attr("type", loginType).
-		State(LoginStateEnabled).
-		Find()
+		State(LoginStateEnabled)
+
+	if adminId > 0 {
+		query.Attr("adminId", adminId)
+	} else if userId > 0 {
+		query.Attr("userId", userId)
+	}
+
+	one, err := query.Find()
 	if err != nil || one == nil {
 		return nil, err
 	}
 	return one.(*Login), nil
 }
 
-// 检查某个认证是否启用
-func (this *LoginDAO) CheckLoginIsOn(tx *dbs.Tx, adminId int64, loginType LoginType) (bool, error) {
-	return this.Query(tx).
-		Attr("adminId", adminId).
+// CheckLoginIsOn 检查某个认证是否启用
+func (this *LoginDAO) CheckLoginIsOn(tx *dbs.Tx, adminId int64, userId int64, loginType LoginType) (bool, error) {
+	var query = this.Query(tx).
 		Attr("type", loginType).
 		State(LoginStateEnabled).
-		Attr("isOn", true).
-		Exist()
+		Attr("isOn", true)
+
+	if adminId > 0 {
+		query.Attr("adminId", adminId)
+	} else if userId > 0 {
+		query.Attr("userId", userId)
+	}
+
+	return query.Exist()
 }

internal/db/models/user_dao.go

@@ -108,6 +108,15 @@ func (this *UserDAO) FindBasicUserWithoutState(tx *dbs.Tx, id int64) (*User, err
 	return result.(*User), err
 }
 
+// FindEnabledUserIdWithUsername 根据用户名查找用户ID
+func (this *UserDAO) FindEnabledUserIdWithUsername(tx *dbs.Tx, username string) (int64, error) {
+	return this.Query(tx).
+		ResultPk().
+		State(UserStateEnabled).
+		Attr("username", username).
+		FindInt64Col(0)
+}
+
 // FindUserFullname 获取管理员名称
 func (this *UserDAO) FindUserFullname(tx *dbs.Tx, userId int64) (string, error) {
 	return this.Query(tx).

internal/rpc/services/service_admin.go

@@ -165,7 +165,7 @@ func (this *AdminService) FindEnabledAdmin(ctx context.Context, req *pb.FindEnab
 	// OTP认证
 	var pbOtpAuth *pb.Login = nil
 	{
-		adminAuth, err := models.SharedLoginDAO.FindEnabledLoginWithAdminId(tx, int64(admin.Id), models.LoginTypeOTP)
+		adminAuth, err := models.SharedLoginDAO.FindEnabledLoginWithType(tx, int64(admin.Id), 0, models.LoginTypeOTP)
 		if err != nil {
 			return nil, err
 		}
@@ -385,7 +385,7 @@ func (this *AdminService) ListEnabledAdmins(ctx context.Context, req *pb.ListEna
 	for _, admin := range admins {
 		var pbOtpAuth *pb.Login = nil
 		{
-			adminAuth, err := models.SharedLoginDAO.FindEnabledLoginWithAdminId(tx, int64(admin.Id), models.LoginTypeOTP)
+			adminAuth, err := models.SharedLoginDAO.FindEnabledLoginWithType(tx, int64(admin.Id), 0, models.LoginTypeOTP)
 			if err != nil {
 				return nil, err
 			}
@@ -456,7 +456,7 @@ func (this *AdminService) CheckAdminOTPWithUsername(ctx context.Context, req *pb
 		return &pb.CheckAdminOTPWithUsernameResponse{RequireOTP: false}, nil
 	}
 
-	otpIsOn, err := models.SharedLoginDAO.CheckLoginIsOn(tx, adminId, "otp")
+	otpIsOn, err := models.SharedLoginDAO.CheckLoginIsOn(tx, adminId, 0, "otp")
 	if err != nil {
 		return nil, err
 	}

internal/rpc/services/service_login.go

@@ -16,14 +16,18 @@ type LoginService struct {
 
 // FindEnabledLogin 查找认证
 func (this *LoginService) FindEnabledLogin(ctx context.Context, req *pb.FindEnabledLoginRequest) (*pb.FindEnabledLoginResponse, error) {
-	_, err := this.ValidateAdmin(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx)
 	if err != nil {
 		return nil, err
 	}
 
+	if userId > 0 {
+		req.UserId = userId
+	}
+
 	var tx = this.NullTx()
 
-	login, err := models.SharedLoginDAO.FindEnabledLoginWithAdminId(tx, req.AdminId, req.Type)
+	login, err := models.SharedLoginDAO.FindEnabledLoginWithType(tx, req.AdminId, req.UserId, req.Type)
 	if err != nil {
 		return nil, err
 	}
@@ -42,7 +46,7 @@ func (this *LoginService) FindEnabledLogin(ctx context.Context, req *pb.FindEnab
 
 // UpdateLogin 修改认证
 func (this *LoginService) UpdateLogin(ctx context.Context, req *pb.UpdateLoginRequest) (*pb.RPCSuccess, error) {
-	_, err := this.ValidateAdmin(ctx)
+	_, userId, err := this.ValidateAdminAndUser(ctx)
 	if err != nil {
 		return nil, err
 	}
@@ -53,20 +57,24 @@ func (this *LoginService) UpdateLogin(ctx context.Context, req *pb.UpdateLoginRe
 
 	var tx = this.NullTx()
 
+	if userId > 0 {
+		req.Login.UserId = userId
+	}
+
 	if req.Login.IsOn {
-		params := maps.Map{}
+		var params = maps.Map{}
 		if len(req.Login.ParamsJSON) > 0 {
 			err = json.Unmarshal(req.Login.ParamsJSON, &params)
 			if err != nil {
 				return nil, err
 			}
 		}
-		err = models.SharedLoginDAO.UpdateLogin(tx, req.Login.AdminId, req.Login.Type, params, req.Login.IsOn)
+		err = models.SharedLoginDAO.UpdateLogin(tx, req.Login.AdminId, req.Login.UserId, req.Login.Type, params, req.Login.IsOn)
 		if err != nil {
 			return nil, err
 		}
 	} else {
-		err = models.SharedLoginDAO.DisableLoginWithAdminId(tx, req.Login.AdminId, req.Login.Type)
+		err = models.SharedLoginDAO.DisableLoginWithType(tx, req.Login.AdminId, req.Login.UserId, req.Login.Type)
 		if err != nil {
 			return nil, err
 		}

internal/rpc/services/service_user.go

@@ -276,6 +276,23 @@ func (this *UserService) FindEnabledUser(ctx context.Context, req *pb.FindEnable
 		return nil, err
 	}
 
+	// OTP认证
+	var pbOtpAuth *pb.Login = nil
+	{
+		userAuth, err := models.SharedLoginDAO.FindEnabledLoginWithType(tx, 0, req.UserId, models.LoginTypeOTP)
+		if err != nil {
+			return nil, err
+		}
+		if userAuth != nil {
+			pbOtpAuth = &pb.Login{
+				Id:         int64(userAuth.Id),
+				Type:       userAuth.Type,
+				ParamsJSON: userAuth.Params,
+				IsOn:       userAuth.IsOn,
+			}
+		}
+	}
+
 	return &pb.FindEnabledUserResponse{User: &pb.User{
 		Id:                     int64(user.Id),
 		Username:               user.Username,
@@ -293,6 +310,7 @@ func (this *UserService) FindEnabledUser(ctx context.Context, req *pb.FindEnable
 		NodeCluster:            pbCluster,
 		IsIndividualIdentified: isIndividualIdentified,
 		IsEnterpriseIdentified: isEnterpriseIdentified,
+		OtpLogin:               pbOtpAuth,
 	}}, nil
 }
 
@@ -700,3 +718,31 @@ func (this *UserService) ComposeUserGlobalBoard(ctx context.Context, req *pb.Com
 
 	return result, nil
 }
+
+// CheckUserOTPWithUsername 检查是否需要输入OTP
+func (this *UserService) CheckUserOTPWithUsername(ctx context.Context, req *pb.CheckUserOTPWithUsernameRequest) (*pb.CheckUserOTPWithUsernameResponse, error) {
+	_, err := this.ValidateUserNode(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(req.Username) == 0 {
+		return &pb.CheckUserOTPWithUsernameResponse{RequireOTP: false}, nil
+	}
+
+	var tx = this.NullTx()
+
+	userId, err := models.SharedUserDAO.FindEnabledUserIdWithUsername(tx, req.Username)
+	if err != nil {
+		return nil, err
+	}
+	if userId <= 0 {
+		return &pb.CheckUserOTPWithUsernameResponse{RequireOTP: false}, nil
+	}
+
+	otpIsOn, err := models.SharedLoginDAO.CheckLoginIsOn(tx, 0, userId, "otp")
+	if err != nil {
+		return nil, err
+	}
+	return &pb.CheckUserOTPWithUsernameResponse{RequireOTP: otpIsOn}, nil
+}