Unverified Commit 6dc50091 authored by sky's avatar sky Committed by GitHub
Browse files

[Feature-3392][api-server] (#3403) 

* feature user register

fix bug

fix security problem

fix security problem

* activate user

* fix confilct

* fix confilct and fix some bug

* fix cr problem

Co-authored-by: dev_sky <dev_sky@740051880@qq.com>
parent 6ecc95a3

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java

+25 −5
Original line number Diff line number Diff line
@@ -432,14 +432,34 @@ public class UsersController extends BaseController { 
                               @RequestParam(value = "userPassword") String userPassword,

                               @RequestParam(value = "repeatPassword") String repeatPassword,

                               @RequestParam(value = "email") String email) throws Exception {

        userName = userName.replaceAll("[\n|\r|\t]", "");

        userPassword = userPassword.replaceAll("[\n|\r|\t]", "");

        repeatPassword = repeatPassword.replaceAll("[\n|\r|\t]", "");

        email = email.replaceAll("[\n|\r|\t]", "");

        userName = ParameterUtils.handleEscapes(userName);

        userPassword = ParameterUtils.handleEscapes(userPassword);

        repeatPassword = ParameterUtils.handleEscapes(repeatPassword);

        email = ParameterUtils.handleEscapes(email);

        logger.info("user self-register, userName: {}, userPassword {}, repeatPassword {}, eamil {}",

                userName, userPassword, repeatPassword, email);

                userName, Constants.PASSWORD_DEFAULT, Constants.PASSWORD_DEFAULT, email);

        Map<String, Object> result = usersService.registerUser(userName, userPassword, repeatPassword, email);

        return returnDataList(result);

    }



    /**

     * user activate

     *

     * @param userName       user name

     */

    @ApiOperation(value="activateUser",notes = "ACTIVATE_USER_NOTES")

    @ApiImplicitParams({

            @ApiImplicitParam(name = "userName", value = "USER_NAME", type = "String"),

    })

    @PostMapping("/activate")

    @ResponseStatus(HttpStatus.OK)

    @ApiException(UPDATE_USER_ERROR)

    public Result<Object> activateUser(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,

                                       @RequestParam(value = "userName") String userName) {

        userName = ParameterUtils.handleEscapes(userName);

        logger.info("login user {}, activate user, userName: {}",

                loginUser.getUserName(), userName);

        Map<String, Object> result = usersService.activateUser(loginUser, userName);

        return returnDataList(result);

    }

}

dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java

+46 −3
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ import org.apache.dolphinscheduler.api.utils.CheckUtils; 
import org.apache.dolphinscheduler.api.utils.PageInfo;

import org.apache.dolphinscheduler.api.utils.Result;

import org.apache.dolphinscheduler.common.Constants;

import org.apache.dolphinscheduler.common.enums.Flag;

import org.apache.dolphinscheduler.common.enums.ResourceType;

import org.apache.dolphinscheduler.common.enums.UserType;

import org.apache.dolphinscheduler.common.utils.*;
@@ -917,10 +918,11 @@ public class UsersService extends BaseService { 
     * @param repeatPassword repeat password

     * @param email          email

     * @return register result code

     * @throws Exception exception

     */

    @Transactional(rollbackFor = RuntimeException.class)

    public Map<String, Object> registerUser(String userName, String userPassword, String repeatPassword, String email) {

        Map<String, Object> result = new HashMap<>(5);

        Map<String, Object> result = new HashMap<>();



        //check user params

        String msg = this.checkUserParams(userName, userPassword, email, "");
@@ -934,10 +936,51 @@ public class UsersService extends BaseService { 
            putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, "two passwords are not same");

            return result;

        }



        createUser(userName, userPassword, email, 1, "", "", 0);

        User user = createUser(userName, userPassword, email, 1, "", "", Flag.NO.ordinal());

        putMsg(result, Status.SUCCESS);

        result.put(Constants.DATA_LIST, user);

        return result;

    }



    /**

     * activate user, only system admin have permission, change user state code 0 to 1

     *

     * @param loginUser login user

     * @return create result code

     */

    public Map<String, Object> activateUser(User loginUser, String userName) {

        Map<String, Object> result = new HashMap<>();

        result.put(Constants.STATUS, false);



        if (!isAdmin(loginUser)) {

            putMsg(result, Status.USER_NO_OPERATION_PERM);

            return result;

        }



        if (!CheckUtils.checkUserName(userName)){

            putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, userName);

            return result;

        }



        User user = userMapper.queryByUserNameAccurately(userName);



        if (user == null) {

            putMsg(result, Status.USER_NOT_EXIST, userName);

            return result;

        }



        if (user.getState() != Flag.NO.ordinal()) {

            putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, userName);

            return result;

        }



        user.setState(Flag.YES.ordinal());

        Date now = new Date();

        user.setUpdateTime(now);

        userMapper.updateById(user);

        User responseUser = userMapper.queryByUserNameAccurately(userName);

        putMsg(result, Status.SUCCESS);

        result.put(Constants.DATA_LIST, responseUser);

        return result;

    }

}

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/UsersControllerTest.java

+16 −1
Original line number Diff line number Diff line
@@ -285,6 +285,21 @@ public class UsersControllerTest extends AbstractControllerTest{ 


        Result result = JSONUtils.parseObject(mvcResult.getResponse().getContentAsString(), Result.class);

        Assert.assertEquals(Status.SUCCESS.getCode(),result.getCode().intValue());

        logger.info(mvcResult.getResponse().getContentAsString());

    }



    @Test

    public void testActivateUser() throws Exception {

        MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();

        paramsMap.add("userName","user_test");



        MvcResult mvcResult = mockMvc.perform(post("/users/activate")

                .header(SESSION_ID, sessionId)

                .params(paramsMap))

                .andExpect(status().isOk())

                .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8))

                .andReturn();



        Result result = JSONUtils.parseObject(mvcResult.getResponse().getContentAsString(), Result.class);

        Assert.assertEquals(Status.SUCCESS.getCode(),result.getCode().intValue());

    }

}

dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java

+51 −6
Original line number Diff line number Diff line
@@ -462,42 +462,87 @@ public class UsersServiceTest { 
        try {

            //userName error

            Map<String, Object> result = usersService.registerUser(userName, userPassword, repeatPassword, email);

            logger.info(result.toString());

            Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));



            userName = "userTest0002";

            userPassword = "userTest000111111111111111";

            //password error

            result = usersService.registerUser(userName, userPassword, repeatPassword, email);

            logger.info(result.toString());

            Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));



            userPassword = "userTest0002";

            email = "1q.com";

            //email error

            result = usersService.registerUser(userName, userPassword, repeatPassword, email);

            logger.info(result.toString());

            Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));



            //repeatPassword error

            email = "7400@qq.com";

            repeatPassword = "userPassword";

            result = usersService.registerUser(userName, userPassword, repeatPassword, email);

            logger.info(result.toString());

            Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));



            //success

            repeatPassword = "userTest0002";

            result = usersService.registerUser(userName, userPassword, repeatPassword, email);

            logger.info(result.toString());

            Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));



        } catch (Exception e) {

            logger.error(Status.CREATE_USER_ERROR.getMsg(),e);

            Assert.assertTrue(false);

        }

    }





    @Test

    public void testActivateUser() {

        User user = new User();

        user.setUserType(UserType.GENERAL_USER);

        String userName = "userTest0002~";

        try {

            //not admin

            Map<String, Object> result = usersService.activateUser(user, userName);

            Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));



            //userName error

            user.setUserType(UserType.ADMIN_USER);

            result = usersService.activateUser(user, userName);

            Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));



            //user not exist

            userName = "userTest10013";

            result = usersService.activateUser(user, userName);

            Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS));



            //user state error

            userName = "userTest0001";

            when(userMapper.queryByUserNameAccurately(userName)).thenReturn(getUser());

            result = usersService.activateUser(user, userName);

            Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));



            //success

            when(userMapper.queryByUserNameAccurately(userName)).thenReturn(getDisabledUser());

            result = usersService.activateUser(user, userName);

            Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));

        } catch (Exception e) {

            Assert.assertTrue(false);

        }

    }



    /**

     * get disabled user

     * @return

     */

    private User getDisabledUser() {



        User user = new User();

        user.setUserType(UserType.GENERAL_USER);

        user.setUserName("userTest0001");

        user.setUserPassword("userTest0001");

        user.setState(0);

        return user;

    }





    /**

     * get user

     * @return