Merge branch 'dev' of github.com:dataease/dataease into dev

2022-06-17 11:36:55 +08:00 · 2022-06-17 11:36:55 +08:00 · 1e12eb5b64
commit 1e12eb5b64
parent 20bb6f4ea5 c59591515d
15 changed files with 81 additions and 95 deletions
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@ -1,72 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ "dev" ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "dev" ]
-  schedule:
-    - cron: '36 10 * * 2'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'java', 'javascript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
-        
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #   echo "Run, Build Application using script"
-    #   ./location_of_script_within_repo/buildscript.sh
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
--- a/backend/src/main/java/io/dataease/auth/service/AuthUserService.java
+++ b/backend/src/main/java/io/dataease/auth/service/AuthUserService.java
@ -34,5 +34,7 @@ public interface AuthUserService {

    Boolean pluginLoaded();

+    void checkAdmin(String uname, String pwd);
+

 }
--- a/backend/src/main/java/io/dataease/auth/service/impl/AuthUserServiceImpl.java
+++ b/backend/src/main/java/io/dataease/auth/service/impl/AuthUserServiceImpl.java
@ -2,10 +2,13 @@ package io.dataease.auth.service.impl;

 import io.dataease.auth.api.dto.CurrentRoleDto;
 import io.dataease.auth.entity.SysUserEntity;
+import io.dataease.commons.utils.CodingUtil;
+import io.dataease.exception.DataEaseException;
 import io.dataease.ext.*;
 import io.dataease.auth.service.AuthUserService;
 import io.dataease.commons.constants.AuthConstants;
 import io.dataease.commons.utils.LogUtil;
+import io.dataease.i18n.Translator;
 import io.dataease.plugins.common.base.domain.SysUser;
 import io.dataease.plugins.common.base.mapper.SysUserMapper;
 import io.dataease.plugins.common.service.PluginCommonService;
@ -171,5 +174,20 @@ public class AuthUserServiceImpl implements AuthUserService {
        return pluginCommonService.isPluginLoaded();
    }

+    @Override
+    public void checkAdmin(String uname, String pwd) {

+        SysUserEntity user = getUserByName(uname);
+        if (ObjectUtils.isEmpty(user)) {
+            DataEaseException.throwException(Translator.get("i18n_user_not_exist"));
+        }
+        if (!user.getIsAdmin()) {
+            DataEaseException.throwException(Translator.get("i18n_not_admin_error"));
+        }
+        String realPwd = user.getPassword();
+        pwd = CodingUtil.md5(pwd);
+        if (!StringUtils.equals(pwd, realPwd)) {
+            DataEaseException.throwException(Translator.get("i18n_id_or_pwd_error"));
+        }
+    }
 }
--- a/backend/src/main/java/io/dataease/auth/service/impl/ShiroServiceImpl.java
+++ b/backend/src/main/java/io/dataease/auth/service/impl/ShiroServiceImpl.java
@ -85,7 +85,7 @@ public class ShiroServiceImpl implements ShiroService {
        filterChainDefinitionMap.put("/plugin/oidc/authInfo", ANON);
        filterChainDefinitionMap.put("/sso/callBack*", ANON);
        filterChainDefinitionMap.put("/cas/callBack*", ANON);
-        filterChainDefinitionMap.put("/cas/reset", ANON);
+        filterChainDefinitionMap.put("/cas/reset/**", ANON);

        filterChainDefinitionMap.put("/unauth", ANON);
        filterChainDefinitionMap.put("/display/**", ANON);
--- a/backend/src/main/java/io/dataease/plugins/server/CasServer.java
+++ b/backend/src/main/java/io/dataease/plugins/server/CasServer.java
@ -9,6 +9,8 @@ import io.dataease.commons.utils.CodingUtil;
 import io.dataease.commons.utils.LogUtil;
 import io.dataease.commons.utils.ServletUtils;

+import io.dataease.controller.ResultHolder;
+import io.dataease.i18n.Translator;
 import io.dataease.service.sys.SysUserService;
 import io.dataease.service.system.SystemParameterService;
 import org.apache.commons.lang3.StringUtils;
@ -17,6 +19,7 @@ import org.jasig.cas.client.util.AssertionHolder;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.servlet.ModelAndView;
@ -87,17 +90,26 @@ public class CasServer {
        return modelAndView;
    }

-    @GetMapping("/reset")
+    @GetMapping("/reset/{uname}/{pwd}")
    @ResponseBody
-    public String reset() {
-        systemParameterService.resetCas();
-        String token = ServletUtils.getToken();
-        if (StringUtils.isNotBlank(token)) {
-            Long userId = JWTUtils.tokenInfoByToken(token).getUserId();
-            authUserService.clearCache(userId);
+    public ResultHolder reset(@PathVariable(value = "uname", required = true) String uname, @PathVariable(value = "pwd", required = true) String pwd) {
+        try {
+            authUserService.checkAdmin(uname, pwd);
+            systemParameterService.resetCas();
+            String token = ServletUtils.getToken();
+            if (StringUtils.isNotBlank(token)) {
+                Long userId = JWTUtils.tokenInfoByToken(token).getUserId();
+                authUserService.clearCache(userId);
+            }
+            HttpServletRequest request = ServletUtils.request();
+            request.getSession().invalidate();
+            ResultHolder success = ResultHolder.success(null);
+            success.setMessage(Translator.get("i18n_default_login_reset"));
+            return success;
+        }catch (Exception e) {
+            LogUtil.error(e.getMessage(), e);
+            ResultHolder error = ResultHolder.error(e.getMessage());
+            return error;
        }
-        HttpServletRequest request = ServletUtils.request();
-        request.getSession().invalidate();
-        return "已经切换默认登录方式";
    }
 }
--- a/backend/src/main/resources/i18n/messages_en_US.properties
+++ b/backend/src/main/resources/i18n/messages_en_US.properties
@ -156,4 +156,10 @@ SOURCE_TYPE_MENU=MENU

 I18N_DRIVER_NOT_DELETE=Drivers in use cannot be deleted
 I18N_DRIVER_REPEAT_NAME=Driver name cannot be same.
-I18N_DRIVER_NOT_FOUND=Cannot find driver.
+I18N_DRIVER_NOT_FOUND=Cannot find driver.
+
+i18n_not_admin_error=Not an administrator account
+i18n_user_not_exist=user does not exist
+i18n_default_login_reset=Switched back to default login mode
+
+
--- a/backend/src/main/resources/i18n/messages_zh_CN.properties
+++ b/backend/src/main/resources/i18n/messages_zh_CN.properties
@ -160,3 +160,10 @@ I18N_TIME=操作时间
 I18N_DRIVER_NOT_DELETE=使用中的驱动不允许删除
 I18N_DRIVER_REPEAT_NAME=名称重复
 I18N_DRIVER_NOT_FOUND=未找到驱动
+
+
+i18n_not_admin_error=不是管理员账号
+
+i18n_user_not_exist=用户不存在
+
+i18n_default_login_reset=已切换回默认登录方式
--- a/backend/src/main/resources/i18n/messages_zh_TW.properties
+++ b/backend/src/main/resources/i18n/messages_zh_TW.properties
@ -155,4 +155,8 @@ SOURCE_TYPE_MENU=菜單

 I18N_DRIVER_NOT_DELETE=使用中的驅動不允許删除
 I18N_DRIVER_REPEAT_NAME=名稱重複
-I18N_DRIVER_NOT_FOUND=未找到驅動
+I18N_DRIVER_NOT_FOUND=未找到驅動
+
+i18n_not_admin_error=不是管理員賬號
+i18n_user_not_exist=用戶不存在
+i18n_default_login_reset=已切換回默認登錄方式
--- a/frontend/mock/user.js
+++ b/frontend/mock/user.js
@ -49,7 +49,7 @@ export default [

  // get user info
  {
-    url: '/dataease/user/info\.*',
+    url: '/dataease/user/info*',
    type: 'get',
    response: config => {
      const { token } = config.query
--- a/frontend/src/lang/en.js
+++ b/frontend/src/lang/en.js
@ -659,7 +659,8 @@ export default {
    tip: 'Tip: use as test mail recipient only',
    engine_mode_setting: 'Engine Setting',
    kettle_setting: 'Kettle Setting',
-    cas_selected_warn: 'Selecting CAS will cause you to login again'
+    cas_selected_warn: 'Selecting CAS will cause you to login again',
+    cas_reset: 'CAS switches back to the default login mode to access API:'
  },
  chart: {
    view_reset: 'View Reset',
--- a/frontend/src/lang/tw.js
+++ b/frontend/src/lang/tw.js
@ -661,7 +661,8 @@ export default {
    tip: '提示：僅用來作爲測試郵件收件人',
    engine_mode_setting: '引擎設置',
    kettle_setting: 'Kettle 設置',
-    cas_selected_warn: '選擇CAS方式保存後會註銷當前回話，重新登錄'
+    cas_selected_warn: '選擇CAS方式保存後會註銷當前回話，重新登錄',
+    cas_reset: 'CAS切換回默認登錄方式訪問API：'
  },
  chart: {
    view_reset: '视图重置',
--- a/frontend/src/lang/zh.js
+++ b/frontend/src/lang/zh.js
@ -662,7 +662,8 @@ export default {
    tip: '提示：仅用来作为测试邮件收件人',
    engine_mode_setting: '引擎设置',
    kettle_setting: 'Kettle 设置',
-    cas_selected_warn: '选择CAS方式保存后会注销当前回话，重新登录'
+    cas_selected_warn: '选择CAS方式保存后会注销当前回话，重新登录',
+    cas_reset: 'CAS切换回默认登录方式访问API：'
  },
  chart: {
    view_reset: '视图重置',
--- a/frontend/src/views/chart/view/ChartEdit.vue
+++ b/frontend/src/views/chart/view/ChartEdit.vue
@ -1075,7 +1075,7 @@ import { pluginTypes } from '@/api/chart/chart'
 import ValueFormatterEdit from '@/views/chart/components/value-formatter/ValueFormatterEdit'
 import ChartStyle from '@/views/chart/view/ChartStyle'
 import CustomSortEdit from '@/views/chart/components/compare/CustomSortEdit'
-import {delGroup} from "@/api/panel/panel";
+import { delGroup } from '@/api/panel/panel'
 import ChartFieldEdit from '@/views/chart/view/ChartFieldEdit'
 import CalcChartFieldEdit from '@/views/chart/view/CalcChartFieldEdit'

@ -2483,7 +2483,7 @@ export default {
    reset() {
      const _this = this

-      this.$confirm(this.$t('chart.view_reset'), this.$t('chart.view_reset_tips'), {
+      this.$confirm(this.$t('chart.view_reset_tips'), this.$t('chart.view_reset'), {
        confirmButtonText: this.$t('commons.confirm'),
        cancelButtonText: this.$t('commons.cancel'),
        type: 'warning'
--- a/frontend/src/views/system/SysParam/BasicSetting.vue
+++ b/frontend/src/views/system/SysParam/BasicSetting.vue
@ -40,9 +40,14 @@
              <el-radio v-if="loginTypes.includes(2)" :label="2" size="mini">OIDC</el-radio>
              <el-radio v-if="loginTypes.includes(3)" :label="3" size="mini">CAS</el-radio>
            </el-radio-group>
+
          </el-form-item>
+
        </el-col>
      </el-row>
+      <el-row v-show="loginTypes.includes(3)">
+        <el-button class="pwd-tips" type="text">{{ $t('system_parameter_setting.cas_reset') + '[/cas/reset/{adminAcount}/{adminPwd}]' }}</el-button>
+      </el-row>

      <el-row>
        <el-col>
@ -102,6 +107,9 @@ export default {
      },
      originLoginType: null
    }
+  },
+  computed: {
+
  },
  beforeCreate() {
    ldapStatus().then(res => {
--- a/frontend/src/views/system/datasource/ApiVariable.vue
+++ b/frontend/src/views/system/datasource/ApiVariable.vue
@ -58,6 +58,7 @@

 <script>
 import {KeyValue, Scenario} from "./ApiTestModel";
+import { uuid } from 'vue-uuid'

 import Vue from 'vue';

@ -159,7 +160,7 @@ export default {
        this.parameters.push(new KeyValue({
          type: 'text',
          enable: true,
-          uuid: this.uuid(),
+          uuid: uuid.v1(),
          contentType: 'text/plain'
        }));
      }
@ -183,9 +184,6 @@ export default {
        return (func.name.toLowerCase().indexOf(queryString.toLowerCase()) > -1);
      };
    },
-    uuid: function () {
-      return (((1 + Math.random()) * 0x100000) | 0).toString(16).substring(1);
-    },
    advanced(item) {
      if (item.type === 'json') {
        this.$refs.variableJson.open(item);