feat: 增加sso用户flyway,完善单点登出

4ef83c47 · fit2cloud-chenyw · b2fef914 · 4ef83c47 · 4ef83c47 · 4ef83c47
--- a/backend/src/main/java/io/dataease/auth/server/AuthServer.java
+++ b/backend/src/main/java/io/dataease/auth/server/AuthServer.java
@@ -119,9 +119,12 @@ public class AuthServer implements AuthApi {
        if (isOpenOidc()) {
            HttpServletRequest request = ServletUtils.request();
            String idToken = request.getHeader("IdToken");
+            if (StringUtils.isNotBlank(idToken)) {
                OidcXpackService oidcXpackService = SpringContextUtil.getBean(OidcXpackService.class);
                oidcXpackService.logout(idToken);
            }
+        }
        if (StringUtils.isEmpty(token) || StringUtils.equals("null", token) || StringUtils.equals("undefined", token)) {
            return "success";
        }

--- a/backend/src/main/java/io/dataease/auth/service/AuthUserService.java
+++ b/backend/src/main/java/io/dataease/auth/service/AuthUserService.java
@@ -13,6 +13,8 @@ public interface AuthUserService {
    SysUserEntity getUserByName(String username);
+    SysUserEntity getUserBySub(String sub);
    List<String> roles(Long userId);
    List<String> permissions(Long userId);

--- a/backend/src/main/java/io/dataease/auth/service/impl/AuthUserServiceImpl.java
+++ b/backend/src/main/java/io/dataease/auth/service/impl/AuthUserServiceImpl.java
@@ -52,6 +52,11 @@ public class AuthUserServiceImpl implements AuthUserService {
        return authMapper.findUserByName(username);
    }
+    @Override
+    public SysUserEntity getUserBySub(String sub) {
+        return authMapper.findUserBySub(sub);
+    }
    @Override
    public List<String> roles(Long userId){
        return authMapper.roleCodes(userId);

--- a/backend/src/main/java/io/dataease/auth/service/impl/DynamicMenuServiceImpl.java
+++ b/backend/src/main/java/io/dataease/auth/service/impl/DynamicMenuServiceImpl.java
@@ -13,7 +13,6 @@ import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import javax.annotation.Resource;
 import java.util.ArrayList;
 import java.util.List;

--- a/backend/src/main/java/io/dataease/base/domain/SysUser.java
+++ b/backend/src/main/java/io/dataease/base/domain/SysUser.java
@@ -39,5 +39,7 @@ public class SysUser implements Serializable {
    private Integer from;
+    private String sub;
    private static final long serialVersionUID = 1L;
 }
\ No newline at end of file
--- a/backend/src/main/java/io/dataease/base/domain/SysUserExample.java
+++ b/backend/src/main/java/io/dataease/base/domain/SysUserExample.java
@@ -1213,6 +1213,76 @@ public class SysUserExample {
            addCriterion("`from` not between", value1, value2, "from");
            return (Criteria) this;
        }
+        public Criteria andSubIsNull() {
+            addCriterion("sub is null");
+            return (Criteria) this;
+        }
+        public Criteria andSubIsNotNull() {
+            addCriterion("sub is not null");
+            return (Criteria) this;
+        }
+        public Criteria andSubEqualTo(String value) {
+            addCriterion("sub =", value, "sub");
+            return (Criteria) this;
+        }
+        public Criteria andSubNotEqualTo(String value) {
+            addCriterion("sub <>", value, "sub");
+            return (Criteria) this;
+        }
+        public Criteria andSubGreaterThan(String value) {
+            addCriterion("sub >", value, "sub");
+            return (Criteria) this;
+        }
+        public Criteria andSubGreaterThanOrEqualTo(String value) {
+            addCriterion("sub >=", value, "sub");
+            return (Criteria) this;
+        }
+        public Criteria andSubLessThan(String value) {
+            addCriterion("sub <", value, "sub");
+            return (Criteria) this;
+        }
+        public Criteria andSubLessThanOrEqualTo(String value) {
+            addCriterion("sub <=", value, "sub");
+            return (Criteria) this;
+        }
+        public Criteria andSubLike(String value) {
+            addCriterion("sub like", value, "sub");
+            return (Criteria) this;
+        }
+        public Criteria andSubNotLike(String value) {
+            addCriterion("sub not like", value, "sub");
+            return (Criteria) this;
+        }
+        public Criteria andSubIn(List<String> values) {
+            addCriterion("sub in", values, "sub");
+            return (Criteria) this;
+        }
+        public Criteria andSubNotIn(List<String> values) {
+            addCriterion("sub not in", values, "sub");
+            return (Criteria) this;
+        }
+        public Criteria andSubBetween(String value1, String value2) {
+            addCriterion("sub between", value1, value2, "sub");
+            return (Criteria) this;
+        }
+        public Criteria andSubNotBetween(String value1, String value2) {
+            addCriterion("sub not between", value1, value2, "sub");
+            return (Criteria) this;
+        }
    }
    public static class Criteria extends GeneratedCriteria {

--- a/backend/src/main/java/io/dataease/base/mapper/SysUserMapper.xml
+++ b/backend/src/main/java/io/dataease/base/mapper/SysUserMapper.xml
@@ -19,6 +19,7 @@
    <result column="update_time" jdbcType="BIGINT" property="updateTime" />
    <result column="language" jdbcType="VARCHAR" property="language" />
    <result column="from" jdbcType="INTEGER" property="from" />
+    <result column="sub" jdbcType="VARCHAR" property="sub" />
  </resultMap>
  <sql id="Example_Where_Clause">
    <where>
@@ -81,7 +82,7 @@
  <sql id="Base_Column_List">
    user_id, dept_id, username, nick_name, gender, phone, email, `password`, is_admin, 
    enabled, create_by, update_by, pwd_reset_time, create_time, update_time, `language`, 
-    `from`
+    `from`, sub
  </sql>
  <select id="selectByExample" parameterType="io.dataease.base.domain.SysUserExample" resultMap="BaseResultMap">
    select
@@ -119,13 +120,15 @@
      email, `password`, is_admin, 
      enabled, create_by, update_by, 
      pwd_reset_time, create_time, update_time, 
-      `language`, `from`)
+      `language`, `from`, sub
+      )
    values (#{userId,jdbcType=BIGINT}, #{deptId,jdbcType=BIGINT}, #{username,jdbcType=VARCHAR}, 
      #{nickName,jdbcType=VARCHAR}, #{gender,jdbcType=VARCHAR}, #{phone,jdbcType=VARCHAR}, 
      #{email,jdbcType=VARCHAR}, #{password,jdbcType=VARCHAR}, #{isAdmin,jdbcType=BIT}, 
      #{enabled,jdbcType=BIGINT}, #{createBy,jdbcType=VARCHAR}, #{updateBy,jdbcType=VARCHAR}, 
      #{pwdResetTime,jdbcType=BIGINT}, #{createTime,jdbcType=BIGINT}, #{updateTime,jdbcType=BIGINT}, 
-      #{language,jdbcType=VARCHAR}, #{from,jdbcType=INTEGER})
+      #{language,jdbcType=VARCHAR}, #{from,jdbcType=INTEGER}, #{sub,jdbcType=VARCHAR}
+      )
  </insert>
  <insert id="insertSelective" parameterType="io.dataease.base.domain.SysUser">
    insert into sys_user
@@ -181,6 +184,9 @@
      <if test="from != null">
        `from`,
      </if>
+      <if test="sub != null">
+        sub,
+      </if>
    </trim>
    <trim prefix="values (" suffix=")" suffixOverrides=",">
      <if test="userId != null">
@@ -234,6 +240,9 @@
      <if test="from != null">
        #{from,jdbcType=INTEGER},
      </if>
+      <if test="sub != null">
+        #{sub,jdbcType=VARCHAR},
+      </if>
    </trim>
  </insert>
  <select id="countByExample" parameterType="io.dataease.base.domain.SysUserExample" resultType="java.lang.Long">
@@ -296,6 +305,9 @@
      <if test="record.from != null">
        `from` = #{record.from,jdbcType=INTEGER},
      </if>
+      <if test="record.sub != null">
+        sub = #{record.sub,jdbcType=VARCHAR},
+      </if>
    </set>
    <if test="_parameter != null">
      <include refid="Update_By_Example_Where_Clause" />
@@ -319,7 +331,8 @@
      create_time = #{record.createTime,jdbcType=BIGINT},
      update_time = #{record.updateTime,jdbcType=BIGINT},
      `language` = #{record.language,jdbcType=VARCHAR},
-      `from` = #{record.from,jdbcType=INTEGER}
+      `from` = #{record.from,jdbcType=INTEGER},
+      sub = #{record.sub,jdbcType=VARCHAR}
    <if test="_parameter != null">
      <include refid="Update_By_Example_Where_Clause" />
    </if>
@@ -375,6 +388,9 @@
      <if test="from != null">
        `from` = #{from,jdbcType=INTEGER},
      </if>
+      <if test="sub != null">
+        sub = #{sub,jdbcType=VARCHAR},
+      </if>
    </set>
    where user_id = #{userId,jdbcType=BIGINT}
  </update>
@@ -395,7 +411,8 @@
      create_time = #{createTime,jdbcType=BIGINT},
      update_time = #{updateTime,jdbcType=BIGINT},
      `language` = #{language,jdbcType=VARCHAR},
-      `from` = #{from,jdbcType=INTEGER}
+      `from` = #{from,jdbcType=INTEGER},
+      sub = #{sub,jdbcType=VARCHAR}
    where user_id = #{userId,jdbcType=BIGINT}
  </update>
 </mapper>
\ No newline at end of file
--- a/backend/src/main/java/io/dataease/base/mapper/ext/AuthMapper.java
+++ b/backend/src/main/java/io/dataease/base/mapper/ext/AuthMapper.java
@@ -25,6 +25,8 @@ public interface AuthMapper {
    SysUserEntity findUserByName(@Param("username") String username);
+    SysUserEntity findUserBySub(@Param("sub") String sub);
    List<CurrentRoleDto> roles(@Param("userId") Long userId);

--- a/backend/src/main/java/io/dataease/base/mapper/ext/AuthMapper.xml
+++ b/backend/src/main/java/io/dataease/base/mapper/ext/AuthMapper.xml
@@ -28,6 +28,10 @@
        select user_id, username,nick_name, dept_id, password, enabled,email, phone, language ,is_admin from sys_user where username = #{username}
    </select>
+    <select id="findUserBySub" resultMap="baseMap">
+        select user_id, username,nick_name, dept_id, password, enabled,email, phone, language ,is_admin from sys_user where sub = #{sub}
+    </select>
    <select id="roleCodes" resultType="String">
        select r.id from sys_role r
            left join sys_users_roles sur on sur.role_id = r.role_id

--- a/backend/src/main/java/io/dataease/commons/constants/AuthConstants.java
+++ b/backend/src/main/java/io/dataease/commons/constants/AuthConstants.java
@@ -6,6 +6,7 @@ public class AuthConstants {
    public final static String USER_CACHE_NAME = "users_info";
    public final static String USER_ROLE_CACHE_NAME = "users_roles_info";
    public final static String USER_PERMISSION_CACHE_NAME = "users_permissions_info";
+    public final static String ID_TOKEN_KEY = "IdToken";
 }
--- a/backend/src/main/java/io/dataease/plugins/server/SSOServer.java
+++ b/backend/src/main/java/io/dataease/plugins/server/SSOServer.java
@@ -52,10 +52,10 @@ public class SSOServer {
        SSOToken ssoToken = oidcXpackService.requestSsoToken(config, code, state);
        SSOUserInfo ssoUserInfo = oidcXpackService.requestUserInfo(config, ssoToken.getAccessToken());
-        SysUserEntity sysUserEntity = authUserService.getUserByName(ssoUserInfo.getUserName());
+        SysUserEntity sysUserEntity = authUserService.getUserBySub(ssoUserInfo.getSub());
        if(null == sysUserEntity){
            sysUserService.saveOIDCUser(ssoUserInfo);
-            sysUserEntity = authUserService.getUserByName(ssoUserInfo.getUserName());
+            sysUserEntity = authUserService.getUserBySub(ssoUserInfo.getSub());
        }
        TokenInfo tokenInfo = TokenInfo.builder().userId(sysUserEntity.getUserId()).username(sysUserEntity.getUsername()).build();
        String realPwd = CodingUtil.md5(sysUserService.defaultPWD());

--- a/backend/src/main/java/io/dataease/service/sys/SysUserService.java
+++ b/backend/src/main/java/io/dataease/service/sys/SysUserService.java
@@ -111,7 +111,7 @@ public class SysUserService {
    public void saveOIDCUser(SSOUserInfo ssoUserInfo) {
        long now = System.currentTimeMillis();
        SysUser sysUser = new SysUser();
-        sysUser.setUsername(ssoUserInfo.getUserName());
+        sysUser.setUsername(ssoUserInfo.getUsername());
        sysUser.setNickName(ssoUserInfo.getNickName());
        sysUser.setEmail(ssoUserInfo.getEmail());
        sysUser.setPassword(CodingUtil.md5(DEFAULT_PWD));
@@ -120,6 +120,7 @@ public class SysUserService {
        sysUser.setEnabled(1L);
        sysUser.setLanguage("zh_CN");
        sysUser.setFrom(2);
+        sysUser.setSub(ssoUserInfo.getSub());
        sysUserMapper.insert(sysUser);
        SysUser dbUser = findOne(sysUser);
        if (null != dbUser && null != dbUser.getUserId()) {

--- a/backend/src/main/resources/db/migration/V26__de1.3.sql
+++ b/backend/src/main/resources/db/migration/V26__de1.3.sql
@@ -30,11 +30,23 @@ ALTER TABLE `sys_user` ADD COLUMN `from` int(4) NOT NULL COMMENT '来源' AFTER
 INSERT INTO `sys_menu` VALUES (60, 1, 0, 1, '导入LDAP用户', 'system-user-import', 'system/user/imp-ldap', 11, NULL, 'user-ldap', b'0', b'0', b'1', 'user:import', NULL, NULL, NULL, NULL);
 BEGIN;
+INSERT INTO `system_parameter` VALUES ('ldap.url', NULL, 'text', 1);
 INSERT INTO `system_parameter` VALUES ('ldap.dn', NULL, 'text', 2);
+INSERT INTO `system_parameter` VALUES ('ldap.password', NULL, 'password', 3);
+INSERT INTO `system_parameter` VALUES ('ldap.ou', NULL, 'text', 4);
 INSERT INTO `system_parameter` VALUES ('ldap.mapping', NULL, 'text', 6);
 INSERT INTO `system_parameter` VALUES ('ldap.open', NULL, 'text', 7);
-INSERT INTO `system_parameter` VALUES ('ldap.ou', NULL, 'text', 4);
-INSERT INTO `system_parameter` VALUES ('ldap.password', NULL, 'password', 3);
+INSERT INTO `system_parameter` VALUES ('oidc.authEndpoint', NULL, 'text', 1);
-INSERT INTO `system_parameter` VALUES ('ldap.url', NULL, 'text', 1);
+INSERT INTO `system_parameter` VALUES ('oidc.tokenEndpoint', NULL, 'text', 2);
+INSERT INTO `system_parameter` VALUES ('oidc.userinfoEndpoint', NULL, 'text', 3);
+INSERT INTO `system_parameter` VALUES ('oidc.logoutEndpoint', NULL, 'text', 4);
+INSERT INTO `system_parameter` VALUES ('oidc.clientId', NULL, 'text', 5);
+INSERT INTO `system_parameter` VALUES ('oidc.secret', NULL, 'password', 6);
+INSERT INTO `system_parameter` VALUES ('oidc.scope', NULL, 'text', 7);
+INSERT INTO `system_parameter` VALUES ('oidc.redirectUrl', NULL, 'text', 8);
+INSERT INTO `system_parameter` VALUES ('oidc.open', NULL, 'text', 9);
 COMMIT;
+ALTER TABLE `sys_user` ADD COLUMN `sub` varchar(255)  COMMENT 'oidc用户ID' AFTER `from`;
--- a/frontend/src/settings.js
+++ b/frontend/src/settings.js
@@ -3,6 +3,9 @@ module.exports = {
  RefreshTokenKey: 'refreshauthorization',
  LinkTokenKey: 'LINK-PWD-TOKEN',
  title: 'DataEase',
+  /* for sso */
+  IdTokenKey: 'IdToken',
+  AccessTokenKey: 'AccessToken',
  /**
   * @type {boolean} true | false

--- a/frontend/src/utils/auth.js
+++ b/frontend/src/utils/auth.js
@@ -3,8 +3,16 @@ import Config from '@/settings'
 const TokenKey = Config.TokenKey
+const IdTokenKey = Config.IdTokenKey
+const AccessTokenKey = Config.AccessTokenKey
 const linkTokenKey = Config.LinkTokenKey
+export function getIdToken() {
+  return Cookies.get(IdTokenKey)
+}
 export function getToken() {
  return Cookies.get(TokenKey)
 }
@@ -14,6 +22,8 @@ export function setToken(token) {
 }
 export function removeToken() {
+  Cookies.remove(IdTokenKey)
+  Cookies.remove(AccessTokenKey)
  return Cookies.remove(TokenKey)
 }

--- a/frontend/src/utils/request.js
+++ b/frontend/src/utils/request.js
@@ -2,7 +2,7 @@ import axios from 'axios'
 // import { MessageBox, Message } from 'element-ui'
 import store from '@/store'
 import { $alert, $error } from './message'
-import { getToken } from '@/utils/auth'
+import { getToken, getIdToken } from '@/utils/auth'
 import Config from '@/settings'
 import i18n from '@/lang'
 import { tryShowLoading, tryHideLoading } from './loading'
@@ -23,6 +23,10 @@ const service = axios.create({
 service.interceptors.request.use(
  config => {
    // do something before request is sent
+    const idToken = getIdToken()
+    if (idToken) {
+      config.headers[Config.IdTokenKey] = idToken
+    }
    if (store.getters.token) {
      // let each request carry token