Начало Каталог Помощ
Вход
dromara
/
MaxKey
огледало от https://gitee.com/dromara/MaxKey.git
2
0
Разклонения 0
Файлове Задачи 0 Уики
Преглед на файлове

TimeBasedOtpAuthn

MaxKey преди 4 години
родител
d4007dff38
ревизия
5d5ac8dab1
променени са 4 файла, в които са добавени 76 реда и са изтрити 6 реда
Разделен изглед Покажи статистика за разликите
  1. 1 0
      maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java
  2. 5 4
      maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java
  3. 68 0
      maxkey-web-manage/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java
  4. 2 2
      maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java

+ 1 - 0
maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java
Целия файл 

@@ -43,6 +43,7 @@ import org.springframework.context.annotation.ComponentScan;
 
     "org.maxkey.web.contorller",
 
     "org.maxkey.web.apps.contorller",
 
     "org.maxkey.web.endpoint",
 
+    "org.maxkey.web.api.endpoint",
 
     "org.maxkey.authn",
 
     "org.maxkey.persistence",
 
     "org.maxkey.web",

+ 5 - 4
maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java
Целия файл 

@@ -26,6 +26,7 @@ import org.maxkey.authz.oauth2.provider.token.store.JdbcTokenStore;
 
 import org.maxkey.authz.oauth2.provider.token.store.RedisTokenStore;
 
 import org.maxkey.constants.ConstantsProperties;
 
 import org.maxkey.jobs.DynamicGroupsJob;
 
+import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
 
 import org.maxkey.password.onetimepwd.impl.TimeBasedOtpAuthn;
 
 import org.maxkey.persistence.db.LoginHistoryService;
 
 import org.maxkey.persistence.db.LoginService;
 
@@ -131,11 +132,11 @@ public class MaxKeyMgtConfig  implements InitializingBean {
 
         return authenticationRealm;
 
     }
 
 
-	@Bean(name = "tfaOptAuthn")
 
-    public TimeBasedOtpAuthn tfaOptAuthn() {
 
-	    TimeBasedOtpAuthn tfaOptAuthn = new TimeBasedOtpAuthn();
 
+	@Bean(name = "timeBasedOtpAuthn")
 
+    public AbstractOtpAuthn timeBasedOtpAuthn() {
 
+		AbstractOtpAuthn tfaOtpAuthn = new TimeBasedOtpAuthn();
 
 	    _logger.debug("TimeBasedOtpAuthn inited.");
 
-        return tfaOptAuthn;
 
+        return tfaOtpAuthn;
 
     }
 
 	
     /**

+ 68 - 0
maxkey-web-manage/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java
Целия файл 

@@ -0,0 +1,68 @@
 
+/*
 
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
 
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
 
+ * you may not use this file except in compliance with the License.
 
+ * You may obtain a copy of the License at
 
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
 
+ * 
+ * Unless required by applicable law or agreed to in writing, software
 
+ * distributed under the License is distributed on an "AS IS" BASIS,
 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
+ * See the License for the specific language governing permissions and
 
+ * limitations under the License.
 
+ */
 
+ 
+
 
+package org.maxkey.web.api.endpoint;
 
+
 
+import org.maxkey.crypto.password.PasswordReciprocal;
 
+import org.maxkey.domain.UserInfo;
 
+import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
 
+import org.maxkey.persistence.service.UserInfoService;
 
+import org.springframework.beans.factory.annotation.Autowired;
 
+import org.springframework.beans.factory.annotation.Qualifier;
 
+import org.springframework.stereotype.Controller;
 
+import org.springframework.web.bind.annotation.RequestMapping;
 
+import org.springframework.web.bind.annotation.RequestMethod;
 
+import org.springframework.web.bind.annotation.RequestParam;
 
+import org.springframework.web.bind.annotation.ResponseBody;
 
+import io.swagger.annotations.Api;
 
+import io.swagger.annotations.ApiOperation;
 
+
 
+@Api(tags = "基于时间令牌验证 API文档模块")
 
+@Controller
 
+@RequestMapping(value={"/im/api/otp"})
 
+public class RestTimeBasedOtpController {
 
+
 
+	@Autowired
 
+    @Qualifier("timeBasedOtpAuthn")
 
+    protected AbstractOtpAuthn timeBasedOtpAuthn;
 
+    
+    @Autowired
 
+    @Qualifier("userInfoService")
 
+    private UserInfoService userInfoService;
 
+    
+    @ApiOperation(value = "基于时间令牌验证 API文档模块", notes = "传递参数username和token",httpMethod="GET")
 
+    @ResponseBody
 
+    @RequestMapping(value = "/timebased/validate", method = RequestMethod.GET)
 
+    public boolean getUser(@RequestParam String username,
 
+    							 @RequestParam String token) {
 
+    	
+    	UserInfo validUserInfo = userInfoService.loadByUsername(username);
 
+    	if(validUserInfo != null) {
 
+    		 String sharedSecret = 
+                     PasswordReciprocal.getInstance().decoder(validUserInfo.getSharedSecret());
 
+             validUserInfo.setSharedSecret(sharedSecret);
 
+             validUserInfo.setSharedCounter(validUserInfo.getSharedCounter());
 
+    		if(timeBasedOtpAuthn.validate(validUserInfo, token)) {
 
+    			return true;
 
+    		}
 
+    	}
 
+    	
+        return false;
 
+    }
 
+
 
+ 
+}

+ 2 - 2
maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
Целия файл 

@@ -164,8 +164,8 @@ public class MaxKeyConfig  implements InitializingBean {
 
         return authenticationRealm;
 
     }
 
     
-	@Bean(name = "tfaOtpAuthn")
 
-    public TimeBasedOtpAuthn tfaOptAuthn() {
 
+	@Bean(name = "timeBasedOtpAuthn")
 
+    public TimeBasedOtpAuthn timeBasedOtpAuthn() {
 
 	    TimeBasedOtpAuthn tfaOtpAuthn = new TimeBasedOtpAuthn();
 
 	    _logger.debug("TimeBasedOtpAuthn inited.");
 
         return tfaOtpAuthn;