用户的两种登录模式
1.LDAP登录
//ldapLogin 通过LDAP登陆
func (m *Member) ldapLogin(account string, password string) (*Member, error) {
if beego.AppConfig.DefaultBool("ldap_enable", false) == false {
return m, ErrMemberAuthMethodInvalid
}
var err error
lc, err := ldap.Dial("tcp", fmt.Sprintf("%s:%d", beego.AppConfig.String("ldap_host"), beego.AppConfig.DefaultInt("ldap_port", 3268)))
if err != nil {
beego.Error("绑定 LDAP 用户失败 ->", err)
return m, ErrLDAPConnect
}
defer lc.Close()
err = lc.Bind(beego.AppConfig.String("ldap_user"), beego.AppConfig.String("ldap_password"))
if err != nil {
beego.Error("绑定 LDAP 用户失败 ->", err)
return m, ErrLDAPFirstBind
}
searchRequest := ldap.NewSearchRequest(
beego.AppConfig.String("ldap_base"),
ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false,
//修改objectClass通过配置文件获取值
fmt.Sprintf("(&(%s)(%s=%s))", beego.AppConfig.String("ldap_filter"), beego.AppConfig.String("ldap_attribute"), account),
[]string{"dn", "mail"},
nil,
)
searchResult, err := lc.Search(searchRequest)
if err != nil {
beego.Error("绑定 LDAP 用户失败 ->", err)
return m, ErrLDAPSearch
}
if len(searchResult.Entries) != 1 {
return m, ErrLDAPUserNotFoundOrTooMany
}
userdn := searchResult.Entries[0].DN
err = lc.Bind(userdn, password)
if err != nil {
beego.Error("绑定 LDAP 用户失败 ->", err)
return m, ErrorMemberPasswordError
}
if m.MemberId <= 0 {
m.Account = account
m.Email = searchResult.Entries[0].GetAttributeValue("mail")
m.AuthMethod = "ldap"
m.Avatar = "/static/images/headimgurl.jpg"
m.Role = conf.SystemRole(beego.AppConfig.DefaultInt("ldap_user_role", 2))
m.CreateTime = time.Now()
err = m.Add()
if err != nil {
beego.Error("自动注册LDAP用户错误", err)
return m, ErrorMemberPasswordError
}
m.ResolveRoleName()
}
return m, nil
}
2.Http登录
func (m *Member) httpLogin(account, password string) (*Member, error) {
urlStr := beego.AppConfig.String("http_login_url")
if urlStr == "" {
return nil, ErrMemberAuthMethodInvalid
}
val := url.Values{
"account": []string{account},
"password": []string{password},
"time": []string{strconv.FormatInt(time.Now().Unix(), 10)},
}
h := md5.New()
h.Write([]byte(val.Encode() + beego.AppConfig.DefaultString("http_login_secret","")))
val.Add("sn", hex.EncodeToString(h.Sum(nil)))
resp, err := http.PostForm(urlStr, val)
if err != nil {
beego.Error("通过接口登录失败 -> ", urlStr, account, err)
return nil, err
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
beego.Error("读取接口返回值失败 -> ", urlStr, account, err)
return nil, err
}
beego.Info("HTTP 登录接口返回数据 ->", string(body))
var result map[string]interface{}
if err := json.Unmarshal(body, &result); err != nil {
beego.Error("解析接口返回值失败 -> ", urlStr, account, string(body))
return nil, errors.New("解析接口返回值失败")
}
if code, ok := result["errcode"]; !ok || code.(float64) != 200 {
if msg, ok := result["message"]; ok {
return nil, errors.New(msg.(string))
}
return nil, errors.New("接口返回值格式不正确")
}
if m.MemberId <= 0 {
member := NewMember()
if email, ok := result["email"]; !ok || email == "" {
return nil, errors.New("接口返回的数据缺少邮箱字段")
} else {
member.Email = email.(string)
}
if avatar, ok := result["avater"]; ok && avatar != "" {
member.Avatar = avatar.(string)
} else {
member.Avatar = conf.URLForWithCdnImage("/static/images/headimgurl.jpg")
}
if realName, ok := result["real_name"]; ok && realName != "" {
member.RealName = realName.(string)
}
member.Account = account
member.Password = password
member.AuthMethod = "http"
member.Role = conf.SystemRole(beego.AppConfig.DefaultInt("ldap_user_role", 2))
member.CreateTime = time.Now()
if err := member.Add(); err != nil {
beego.Error("自动注册用户错误", err)
return m, ErrorMemberPasswordError
}
member.ResolveRoleName()
*m = *member
}
return m, nil
}
