protected function getAuthAccountId()
{
$params = $this->params ? $this->params : \mysoft\pubservice\BasicParams::get($this->orgcode, 'third_app_user_code_params');
if (empty($params)) {
throw new AuthException("未设置third_app_user_code_params参数,无法被第三方应用集成");
} else {
$authcode = I($params);
}
if (empty($authcode)) {
$user_code = cookie('user_code@' . $this->orgcode);
if (empty($user_code)) {
throw new AuthException('authcode不存在');
} else {
return $user_code;
}
} else {
$curl = $this->curl ? $this->curl : new \mysoft\http\Curl();
$url = $this->params ? "" : \mysoft\pubservice\BasicParams::get($this->orgcode, 'third_app_authcode_url');
$ret = json_decode($curl->get($url . $authcode), true);
if (!empty($ret) && isset($ret['errcode']) && $ret['errcode'] == 0 && isset($ret['user_code'])) {
$user_code = $ret['user_code'];
cookie('user_code@' . $this->orgcode, $user_code, time() + 30 * 24 * 60 * 60);
return $user_code;
} else {
if (empty($ret)) {
throw new AuthException('第三方接口未返回');
} else {
throw new AuthException('第三方接口返回:' . json_encode($ret));
}
}
}
}
public function beforeAction($action)
{
if (parent::beforeAction($action)) {
if (!\Yii::$app->user->getIdentity() instanceof MicroIdentity || \Yii::$app->user->getIdentity()->orgcode != $this->orgcode) {
try {
$auth = AuthFactory::getAuth($this->orgcode, $this->from);
if (YII_ENV == "dev" || YII_ENV == "ci") {
$dev_account_id = I('dev_account_id', cookie('dev_account_id@' . $this->orgcode));
if (!empty($dev_account_id)) {
cookie('dev_account_id@' . $this->orgcode, $dev_account_id);
}
$auth->setDevAccountId($dev_account_id);
}
return $auth->login();
} catch (AuthException $e) {
//正式环境下,对于frontend里面抛出的异常进行捕获并友好化展示。开发环境,或者其他的异常编码向上抛出
if (YII_ENV != 'dev') {
\Yii::error($e->getMessage(), __METHOD__);
\Yii::$app->response->content = $this->renderPartial('@vendor/mysoft/web/views/unAuthorized/selfexception', ['msg' => $e->getMessage()]);
return false;
} else {
throw $e;
}
}
} else {
//针对第三方集成的场景,将authcode自动通过跳转的方式隐藏掉
$authparams = \mysoft\pubservice\BasicParams::get($this->orgcode, 'third_app_user_code_params');
if (!empty($authparams)) {
$authcode = I($authparams);
if (!empty($authcode)) {
$query = \Yii::$app->request->getQueryParams();
if (isset($query[$authparams])) {
unset($query[$authparams]);
}
\Yii::$app->response->redirect(\Yii::$app->request->getHostInfo() . \Yii::$app->params['static_host'] . '/' . \Yii::$app->request->getPathInfo() . "?" . http_build_query($query))->send();
return false;
}
}
}
//首先验证租户的应用授权
if ($this->check_access_appauth()) {
return true;
} else {
$msg = '该应用还没有授权哦!';
}
\Yii::$app->response->content = $this->renderPartial('@vendor/mysoft/web/views/unAuthorized/unAuthorized', ['msg' => $msg]);
}
return false;
}
protected function getAuthAccountId()
{
$cookie = $_COOKIE['LtpaToken'];
$cookie = str_replace(' ', '+', $cookie);
$secret = $this->secret ? $this->secret : \mysoft\pubservice\BasicParams::get($this->orgcode, 'landray_secret');
if (empty($secret)) {
throw new AuthException('未设置蓝凌密钥,无法支持蓝凌oa集成');
}
$usercode = \mysoft\third\landray\Helper::decode_sso($cookie, $secret);
if (empty($usercode)) {
throw new AuthException("解析username失败:" . $cookie);
} else {
return $usercode;
}
}
protected function getAuthAccountId()
{
$params = $this->params ? $this->params : \mysoft\pubservice\BasicParams::get($this->orgcode, 'third_app_user_code_params');
if (empty($params)) {
throw new AuthException("未设置第三方应用集成标识,无法被第三方应用集成");
} else {
$authcode = I($params);
}
if (empty($authcode)) {
$usercode = cookie('user_code@' . $this->orgcode);
if (!empty($usercode)) {
return $usercode;
} else {
throw new AuthException('authcode不存在');
}
} else {
$authcode = \mysoft\helpers\AesHelper::decrypt($authcode);
$authcode = json_decode($authcode, true);
if (!empty($authcode) && isset($authcode['user_code']) && isset($authcode['timestamp']) && isset($authcode['orgcode'])) {
if (time() - $authcode['timestamp'] > self::FXT_EXPIRE) {
throw new AuthException('authcode已经过期');
}
if ($authcode['orgcode'] !== $this->orgcode) {
throw new AuthException('租户ID不匹配');
}
cookie('user_code@' . $this->orgcode, $authcode['user_code'], time() + 24 * 60 * 60);
//复兴通的cookie只存一天
if (YII_ENV != 'unittest') {
$query = \Yii::$app->request->getQueryParams();
if (isset($query[$params])) {
unset($query[$params]);
}
\Yii::$app->response->redirect(\Yii::$app->request->getHostInfo() . \Yii::$app->params['static_host'] . '/' . \Yii::$app->request->getPathInfo() . "?" . http_build_query($query))->send();
//return false;
}
return $authcode['user_code'];
} else {
throw new AuthException('authcode解析失败');
}
}
}
protected function getAuthAccountId()
{
$params = $this->params !== null ? $this->params : \mysoft\pubservice\BasicParams::get($this->orgcode, 'third_app_user_code_params');
$secret = $this->secret !== null ? $this->secret : \mysoft\pubservice\BasicParams::get($this->orgcode, 'third_app_auth_secret');
if (empty($params)) {
throw new AuthException("未设置third_app_user_code_params参数,无法被第三方应用集成");
} else {
$usercode = I($params);
}
if (empty($user_code)) {
$user_code = cookie('user_code@' . $this->orgcode);
} else {
if (!empty($secret)) {
$user_code = \mysoft\helpers\AesHelper::decrypt($user_code, $secret);
}
cookie('user_code@' . $this->orgcode, $user_code, time() + 30 * 24 * 60 * 60);
}
if (empty($usercode)) {
throw new AuthException("无法从参数{$params}中获取用户code");
} else {
return $usercode;
}
}
