Merge branch 'dev' of yeshijie/wlyy2.0 into dev

server/svr-authentication/src/main/java/com/yihu/jw/security/core/userdetails/jdbc/WlyyUserDetailsService.java

@@ -57,8 +57,8 @@ public class WlyyUserDetailsService extends JdbcDaoSupport implements UserDetail
    private static final String DEFAULT_PATIENT_INSERT_STATEMENT =
            "INSERT into base_patient (id,photo,idcard,password,salt,name,birthday,sex,mobile," +
                    "province_code,province_name,city_code,city_name,town_code,town_name,street_code,street_name,address," +
                    "del,locked,enabled,login_failure_count,login_date,card_type) " +
                    " values(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
                    "del,locked,enabled,login_failure_count,login_date,card_type,alipay_id) " +
                    " values(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)";
    private static final String PATIENT_INSERT_WEHCAT = "insert into base_patient_wechat (id,wechat_id,patient_id,openid,create_time) values(?,?,?,?,?)";
@@ -144,7 +144,7 @@ public class WlyyUserDetailsService extends JdbcDaoSupport implements UserDetail
     * 用户登录判读接口
     * 判断loginType查找用户信息
     * 用户类型 1或默认为user，2：医生登录，3：患者登录，4：i健康系统-患者登录（i健康患者可以不注册直接登录互联网系统，首次使用，根据i健康居民code去i健康查询居民信息，然后保存到base.base_patient）
     *
     * 用户类型 5 中山医院支付宝-患者登录（可以不注册直接登录）
     * @param username
     * @return
     */
@@ -229,7 +229,9 @@ public class WlyyUserDetailsService extends JdbcDaoSupport implements UserDetail
                                        0,
                                        1,
                                        0,
                                        new Date()
                                        new Date(),
                                        null,
                                        null
                                }
                        );
                    }catch (Exception e){
@@ -331,7 +333,8 @@ public class WlyyUserDetailsService extends JdbcDaoSupport implements UserDetail
                                            1,
                                            0,
                                            new Date(),
                                            idtype
                                            idtype,
                                            null
                                    }
                            );
                        }catch (Exception e){
@@ -379,6 +382,102 @@ public class WlyyUserDetailsService extends JdbcDaoSupport implements UserDetail
                    familyMemberDao.save(basePatientFamilyMemberDO);
                }
            }
        }else if("5".equals(loginType)){
            //中山医院支付宝-患者登录（可以不注册直接登录）
            // 姓名，电话，证件类型，证件号和⽀付宝open_id以冒号组合，如：
            //张三:13012341234:01:350000200112231234:123456
            String data[] = username.split(":");
            String name = data[0];
            username = data[1];
            String idcard = data[3];
            users = this.getJdbcTemplate().query(DEFAULT_PATIENT_DETAILS_STATEMENT, new BeanPropertyRowMapper(WlyyUserDetails.class),username,idcard);
            if (null == users || users.size() == 0) {
                String patientId = UUID.randomUUID().toString();
                String salt = randomString(5);
                String pw = idcard.substring(idcard.length()-6);
                String password = MD5.md5Hex(pw + "{" + salt + "}");
                int sex = 0;
                try {
                    sex = Integer.parseInt(IdCardUtil.getSexForIdcard_new(idcard));
                    this.getJdbcTemplate().update(DEFAULT_PATIENT_INSERT_STATEMENT,
                            new Object[]{patientId,
                                    null,
                                    idcard,
                                    password,
                                    salt,
                                    name,
                                    IdCardUtil.getBirthdayForIdcard(idcard),
                                    sex,
                                    username,
                                    null,
                                    null,
                                    null,
                                    null,
                                    null,
                                    null,
                                    null,
                                    null,
                                    null,
                                    1,
                                    0,
                                    1,
                                    0,
                                    new Date(),
                                    data[2],
                                    data[4]
                            }
                    );
                }catch (Exception e){
                    logger.error("将中山医院支付宝登录数据同步到互联网医院居民表失败：" + e.getMessage());
                    return users;
                }
                try {
                    this.getJdbcTemplate().update(PATIENT_INSERT_WEHCAT,
                            new Object[]{
                                    UUID.randomUUID().toString(),
                                    getWechatId(),
                                    patientId,
                                    getOpenid(),
                                    new Date()
                            }
                    );
                }catch (Exception e){
                    logger.error("将中山医院支付宝登录数据同步到互联网医院居民微信关联表失败：" + e.getMessage());
                    return users;
                }
                WlyyUserDetails user = new WlyyUserDetails();
                user.setName(name);
                user.setPassword(password);
                if(sex == 1){
                    user.setGender(WlyyUserDetails.Gender.male);
                }else if(sex == 2){
                    user.setGender(WlyyUserDetails.Gender.female);
                }
                user.setId(username);
                user.setIdcard(idcard);
                user.setMobile(username);
                user.setEnabled(true);
                user.setLocked(false);
                user.setLockedDate(null);
                users.add(user);
                BasePatientDO patientDO = patientDao.findByIdcardAndDel(idcard,"1");
                WlyyPatientFamilyMemberDO basePatientFamilyMemberDO = familyMemberDao.findFamilyMemberByPatientAndRelationCode(patientDO.getId(),"7");
                if (basePatientFamilyMemberDO==null){
                    basePatientFamilyMemberDO = new WlyyPatientFamilyMemberDO();
                    basePatientFamilyMemberDO.setPatient(patientDO.getId());
                    basePatientFamilyMemberDO.setFamilyRelation("7");
                    basePatientFamilyMemberDO.setFamilyRelationName("自己");
                    basePatientFamilyMemberDO.setCardType("身份证");
                    basePatientFamilyMemberDO.setCardNo(patientDO.getIdcard());
                    basePatientFamilyMemberDO.setCreateTime(new Date());
                    basePatientFamilyMemberDO.setUpdateTime(new Date());
                    basePatientFamilyMemberDO.setIsAuthorize(1);
                    basePatientFamilyMemberDO.setIsDel(1);
                    basePatientFamilyMemberDO.setFamilyMember(patientDO.getId());
                    familyMemberDao.save(basePatientFamilyMemberDO);
                }
            }
        }
        return users;
    }
@@ -533,6 +632,10 @@ public class WlyyUserDetailsService extends JdbcDaoSupport implements UserDetail
            //更新登录时间
            this.getJdbcTemplate().update("update base_patient p set p.login_failure_count = 0, p.login_date = ? where p.mobile = ? or p.idcard = ?", new Date(), username, getIdcard());
            users = this.getJdbcTemplate().query(DEFAULT_PATIENT_DETAILS_IDCARD_STATEMENT, new BeanPropertyRowMapper(WlyyUserSimple.class), getIdcard());
        }else if("5".equals(loginType)){
            //更新登录时间
            this.getJdbcTemplate().update("update base_patient p set p.login_failure_count = 0, p.login_date = ? where p.mobile = ? or p.idcard = ?", new Date(), username, username);
            users = this.getJdbcTemplate().query(DEFAULT_PATIENT_DETAILS_STATEMENT, new BeanPropertyRowMapper(WlyyUserSimple.class), username,username);
        }
        logger.info("login:登录进入6");

server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/WlyyTokenGranter.java

@@ -2,6 +2,7 @@ package com.yihu.jw.security.oauth2.provider;
import com.yihu.jw.security.core.userdetails.SaltUser;
import com.yihu.jw.security.oauth2.core.redis.WlyyRedisVerifyCodeService;
import com.yihu.jw.security.utils.AES;
import org.springframework.security.authentication.*;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
@@ -22,7 +23,9 @@ import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.util.Assert;
import java.util.*;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
/**
 * Token授权器。
@@ -96,6 +99,14 @@ public class WlyyTokenGranter implements TokenGranter {
                        requestFactory,
                        userDetailsService
                ));
        tokenGranters.put(AlipayTokenGranter.GRANT_TYPE,
                new AlipayTokenGranter(
                        authenticationManager,
                        tokenServices,
                        clientDetailsService,
                        requestFactory,
                        userDetailsService
                ));
    }
    public OAuth2AccessToken grant(String grantType, TokenRequest tokenRequest) {
@@ -444,6 +455,62 @@ public class WlyyTokenGranter implements TokenGranter {
                throw new InvalidGrantException("User account is locked");
            }
//            parameters.put("password",userDetails.getPassword());
            Authentication userAuth = new UsernamePasswordAuthenticationToken(username,userDetails.getPassword(),  this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()));
            ((AbstractAuthenticationToken) userAuth).setDetails(parameters);
            OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
            return new OAuth2Authentication(storedOAuth2Request, userAuth);
        }
    }
    /**
     * 支付宝登录
     */
    public static class AlipayTokenGranter extends AbstractTokenGranter {
        private static final String GRANT_TYPE = "alipay";
        private final AuthenticationManager authenticationManager;
        private final UserDetailsService userDetailsService;
        private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
        public AlipayTokenGranter(AuthenticationManager authenticationManager,
                                                  AuthorizationServerTokenServices tokenServices,
                                                  ClientDetailsService clientDetailsService,
                                                  OAuth2RequestFactory requestFactory,
                                                  UserDetailsService userDetailsService) {
            this(authenticationManager, tokenServices, clientDetailsService, requestFactory, userDetailsService, GRANT_TYPE);
        }
        protected AlipayTokenGranter(AuthenticationManager authenticationManager,
                                                     AuthorizationServerTokenServices tokenServices,
                                                     ClientDetailsService clientDetailsService,
                                                     OAuth2RequestFactory requestFactory,
                                                     UserDetailsService userDetailsService,
                                                     String grantType) {
            super(tokenServices, clientDetailsService, requestFactory, grantType);
            this.authenticationManager = authenticationManager;
            this.userDetailsService = userDetailsService;
        }
        @Override
        protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
            Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
            String encdata = parameters.get("encdata");
            encdata = AES.decrypt(encdata);
            //姓名，电话，证件类型，证件号和⽀付宝open_id以冒号组合，如：
            //张三:13012341234:01:350000200112231234:123456
            String data[] = encdata.split(":");
            String username = data[1];
            SaltUser userDetails = (SaltUser)userDetailsService.loadUserByUsername(encdata);
            if (!userDetails.isEnabled()) {
                throw new InvalidGrantException("User is disabled");
            }
            if (!userDetails.isAccountNonLocked()) {
                throw new InvalidGrantException("User account is locked");
            }
//            parameters.put("password",userDetails.getPassword());
            Authentication userAuth = new UsernamePasswordAuthenticationToken(username,userDetails.getPassword(),  this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()));
            ((AbstractAuthenticationToken) userAuth).setDetails(parameters);

server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/endpoint/WlyyLoginEndpoint.java

@@ -192,15 +192,25 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
        }
        logger.info("login:登录进入2");
        String flag = parameters.get("flag");
        String username = parameters.get("username");
        if (StringUtils.isEmpty(username)) {
        if (StringUtils.isEmpty(username)&&StringUtils.isEmpty(flag)) {
            throw new InvalidRequestException("username");
        }
        String client_id = parameters.get("client_id");
        if (StringUtils.isEmpty(client_id)) {
            throw new InvalidRequestException("client_id");
        }
        if (StringUtils.isEmpty(parameters.get("captcha"))) {
        if("alipay".equals(flag)){
            //支付宝登录
            parameters.put("grant_type", flag);
            String encdata = parameters.get("encdata");
            encdata = AES.decrypt(encdata);
            String data[] = encdata.split(":");
            username = data[1];
            parameters.put("username", username);
        }else if (StringUtils.isEmpty(parameters.get("captcha"))) {
            parameters.put("grant_type", "password");
            //解密密码
            if (parameters.get("password") != null) {
@@ -278,6 +288,14 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
        return getResponse(wlyyUserSimple);
    }
    public static void main(String[] args) throws Exception{
        String encodedText = "OiF6sj1G11jLgHrvgPVUilE9IGeqgNZs2EFh%2FiCyFd9uhZqC5vl%2BwyrVXVM9jAEgRvxbi3jYK%2BmFvmRa5s1EQg%3D%3D";
        encodedText = URLDecoder.decode(encodedText,"utf-8");
        String str =  AES.decrypt("3bdc154ed1e44a9c9f44451a16d8e0aa",encodedText);
        System.out.println(str);
    }
    /**
     * 单点登陆第二步 - token验证
     *

server/svr-authentication/src/main/java/com/yihu/jw/security/utils/AES.java

@@ -1,18 +1,31 @@
package com.yihu.jw.security.utils;
import org.apache.commons.lang3.StringUtils;
import sun.misc.BASE64Decoder;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
/**
 * Created by Trick on 2020/2/24.
 */
public class AES {
    /**
     * 中山支付宝加密密钥
     */
    private static final String key = "3bdc154ed1e44a9c9f44451a16d8e0aa";
    public static String decrypt(String strIn){
        try {
            return decrypt(key,strIn);
        }catch (Exception e){
            e.printStackTrace();
        }
        return strIn;
    }
    //AES解密方法
    public static String decrypt(String strKey, String strIn) throws Exception {
        if(StringUtils.isEmpty(strKey)|| StringUtils.isEmpty(strIn)){