fix: Generate Staff during Ldap login (#1286)

* fix: Domain account synchronization backend execution and logic adjustment * close popups * fix: Generate Staff during Ldap login
masastack · Apr 25, 2024 · 8b28ce9 · 8b28ce9
1 parent 99ac087
commit 8b28ce9
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 9 deletions.
diff --git a/src/Contracts/Masa.Auth.Contracts.Admin/Subjects/AddThirdPartyUserDto.cs b/src/Contracts/Masa.Auth.Contracts.Admin/Subjects/AddThirdPartyUserDto.cs
@@ -17,6 +17,8 @@ public class AddThirdPartyUserDto
 
     public Dictionary<string, string> ClaimData { get; set; } = new();
 
+    public bool IsLdap { get; set; }
+
     public AddThirdPartyUserDto()
     {
 

diff --git a/src/Services/Masa.Auth.Service.Admin/Application/Subjects/Jobs/SyncLdapUserJob.cs b/src/Services/Masa.Auth.Service.Admin/Application/Subjects/Jobs/SyncLdapUserJob.cs
@@ -6,6 +6,7 @@ namespace Masa.Auth.Service.Admin.Application.Subjects.Jobs;
 public class SyncLdapUserJob : BackgroundJobBase<SyncLdapUserArgs>
 {
     private readonly LdapDomainService _ldapDomainService;
+
     public SyncLdapUserJob(LdapDomainService ldapDomainService)
     {
         _ldapDomainService = ldapDomainService;

diff --git a/src/Services/Masa.Auth.Service.Admin/Application/Subjects/ThirdPartyCommandHandler.cs b/src/Services/Masa.Auth.Service.Admin/Application/Subjects/ThirdPartyCommandHandler.cs
@@ -177,6 +177,12 @@ public async Task AddThirdPartyUserExternalAsync(AddThirdPartyUserExternalComman
         var identityProvider = identityProviderQuery.Result;
         var addThirdPartyUserDto = model.Adapt<AddThirdPartyUserDto>();
         addThirdPartyUserDto.ThirdPartyIdpId = identityProvider.Id;
+
+        if (identityProvider.ThirdPartyIdpType == ThirdPartyIdpTypes.Ldap)
+        {
+            addThirdPartyUserDto.IsLdap = true;
+        }
+
         var addThirdPartyUserCommand = new AddThirdPartyUserCommand(addThirdPartyUserDto, command.WhenExisReturn);
         await _eventBus.PublishAsync(addThirdPartyUserCommand);
         command.Result = addThirdPartyUserCommand.Result;

diff --git a/src/Services/Masa.Auth.Service.Admin/Domain/Subjects/Services/ThirdPartyUserDomainService.cs b/src/Services/Masa.Auth.Service.Admin/Domain/Subjects/Services/ThirdPartyUserDomainService.cs
@@ -28,6 +28,21 @@ public async Task<UserModel> AddThirdPartyUserAsync(AddThirdPartyUserDto dto)
         _logger.LogWarning("AddThirdPartyUserAsync user {0}", JsonSerializer.Serialize(userDto));
         var user = new User(userDto.Name, userDto.DisplayName ?? "", userDto.Avatar, userDto.Account, userDto.Password, "", userDto.Email, userDto.PhoneNumber ?? "",
              new ThirdPartyUser(dto.ThirdPartyIdpId, dto.ThridPartyIdentity, dto.ExtendedData, dto.ClaimData), Enumeration.FromValue<PasswordType>((int)userDto.PasswordType));
+
+        if (dto.IsLdap)
+        {
+            var options = new JsonSerializerOptions
+            {
+                PropertyNameCaseInsensitive = true
+            };
+            var ldapUser = JsonSerializer.Deserialize<LdapUser>(dto.ExtendedData, options);
+            if (ldapUser != null)
+            {
+                var staff = new Staff(ldapUser.Name, ldapUser.DisplayName, "", "", ldapUser.Company, GenderTypes.Male, ldapUser.Phone, ldapUser.EmailAddress, GetRelativeId(ldapUser.ObjectSid), null, StaffTypes.Internal, true);
+                user.Bind(staff);
+            }
+
+        }
         var (existUser, e) = await _userDomainService.VerifyRepeatAsync(userDto.PhoneNumber, userDto.Email, default, userDto.Account);
         if (e != null)
         {
@@ -42,11 +57,10 @@ public async Task<UserModel> AddThirdPartyUserAsync(AddThirdPartyUserDto dto)
         await _userDomainService.AddAsync(user);
         return user.Adapt<UserModel>();
     }
-
     public async Task<(ThirdPartyUser?, UserFriendlyException?)> VerifyRepeatAsync(Guid thirdPartyIdpId, string thridPartyIdentity)
     {
         var thirdPartyUser = await _authDbContext.Set<ThirdPartyUser>()
-                                                 .Include(tpu => tpu.User)
+        .Include(tpu => tpu.User)
                                                  .ThenInclude(user => user.Roles)
                                                  .FirstOrDefaultAsync(tpu => tpu.ThirdPartyIdpId == thirdPartyIdpId && tpu.ThridPartyIdentity == thridPartyIdentity);
         UserFriendlyException? exception = null;
@@ -56,4 +70,15 @@ public async Task<UserModel> AddThirdPartyUserAsync(AddThirdPartyUserDto dto)
         }
         return (thirdPartyUser, exception);
     }
+
+    string GetRelativeId(string objectSid)
+    {
+        var parts = objectSid.Split('-');
+        if (parts.Length < 3)
+        {
+            return "";
+        }
+
+        return parts[parts.Length - 1];
+    }
 }
diff --git a/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/LdapGrantValidator.cs b/src/Web/Masa.Auth.Web.Sso/Infrastructure/Validations/LdapGrantValidator.cs
@@ -77,12 +77,6 @@ public async Task ValidateAsync(ExtensionGrantValidationContext context)
             });
         }
 
-        var claims = new List<Claim>();
-        foreach (var item in authUser.ClaimData)
-        {
-            claims.Add(new Claim(item.Key, item.Value));
-        }
-
-        context.Result = new GrantValidationResult(authUser.Id.ToString(), "ldap", claims);
+        context.Result = new GrantValidationResult(authUser.Id.ToString(), "ldap");
     }
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -17,6 +17,8 @@ public class AddThirdPartyUserDto @@
         public Dictionary<string, string> ClaimData { get; set; } = new();
+        public bool IsLdap { get; set; }
         public AddThirdPartyUserDto()
         {
@@ Expand Down @@