public function dispatchAction($container, $user, $pass, $comefrom = "00", $datascope = "", $portalversion = "")
{
$request = $container->get("request");
$clientdatetime = $request->get("clientdatetime");
$appid = $request->get("appid");
//判断是否集成登录,是则同时返回OAuth2的code,用于客户端获取token
$db = $this->get("we_data_access");
$db_im = $this->get("we_data_access_im");
try {
//获取当前企业的认证方式:默认认证、ldap认证、ad认证、统一接口认证
$authobj = new Enterprise($db, $this->get("logger"), $container->container);
//
if ($comefrom == "03") {
$classname = "DefaultAuth";
//业务代理登录默认采用wefafa认证
} else {
$authConfig = $authobj->getUserAuth();
$classname = $authConfig["ssoauthmodule"];
if (empty($classname) || $classname == "null") {
$re = array("msg" => "invalid ssoauthmodule");
$re["returncode"] = ReturnCode::$SYSERROR;
return $re;
}
}
$classname = "\\Justsy\\InterfaceBundle\\SsoAuth\\Sso" . $classname;
$re = call_user_func(array($classname, 'userAuthAction'), $container->container, $request, $db, $db_im, $user, $pass, $comefrom);
if ($re["returncode"] == ReturnCode::$SUCCESS) {
if (!empty($appid)) {
$appMgr = new \Justsy\BaseBundle\Management\App($container->container);
$appinfo = $appMgr->getappinfo(array('appid' => $appid));
if (empty($appinfo)) {
$re = array("msg" => "无效的应用标识号");
$re["returncode"] = ReturnCode::$SYSERROR;
return $re;
}
$appkey = $appinfo['appkey'];
$code = strtolower(MD5($appid . $appkey));
$re['auth2_code'] = $code;
}
$this->getLoginAppendData($re, $re["login_account"], $portalversion, $comefrom, $db, $db_im, $clientdatetime);
if (!empty($re["info"])) {
$einfo = $authobj->getInfo($re["info"]["eno"]);
if (!empty($einfo)) {
$re["info"]["ename"] = $einfo["ename"];
$re["info"]["circle_id"] = $einfo["circle_id"];
$re["info"]["circle_name"] = $einfo["circle_name"];
}
}
$this->setLoginDate($re["openid"], $db);
}
return $re;
} catch (\Exception $e) {
$this->get("logger")->err($e);
$re = array("msg" => "invalid ssoauthmodule");
$re["returncode"] = ReturnCode::$SYSERROR;
return $re;
}
}
public static function userAuthAction($container, $request, $dbcon, $con_im, $login_account, $password, $comefrom)
{
//判断是门户登录还是独立登录
if (strlen($login_account) < 32) {
//独立登录模式
$classname = "\\Justsy\\InterfaceBundle\\SsoAuth\\SsoWefafaMd5Auth";
$re = call_user_func(array($classname, 'userAuthAction'), $container, $request, $dbcon, $con_im, $login_account, $password, $comefrom);
return $re;
}
//解密token和pass
$token = DES::decrypt_crv_fortoken($login_account, "cn.com.crv.ivv");
if ($token === false) {
$container->get("logger")->err("decrypt token error:" . $login_account);
$re["returncode"] = ReturnCode::$SYSERROR;
return $re;
}
$pass = DES::decrypt_crv_fortoken($password, "cn.com.crv.ivv");
if ($pass === false) {
$container->get("logger")->err("decrypt password error:" . $password);
$re["returncode"] = ReturnCode::$SYSERROR;
return $re;
}
$defaultPostURl = "http://cremobile.crc.com.cn:9090/conn/CrvSecurityWS/userresource/userprofile";
$cacheobj = new Enterprise($dbcon, $container->get("logger"), $container);
//
$authConfig = $cacheobj->getUserAuth();
$httpUrlConfig = $authConfig["ssoauthurl"];
if (empty($httpUrlConfig)) {
$httpUrlConfig = $defaultPostURl;
$eno = "100001";
} else {
$ldapConfgiObject = json_decode($httpUrlConfig, true);
$eno = $ldapConfgiObject["ENO"];
$httpUrlConfig = $ldapConfgiObject["URL"];
}
try {
$para = "access_token=" . $token;
$container->get("logger")->err("SOA URL:" . $httpUrlConfig . "?" . $para);
$postresult = Utils::getUrlContent($httpUrlConfig . "?" . $para, null);
$container->get("logger")->err("SOA Result:" . $postresult);
$resultObject = json_decode($postresult, true);
//$resultObject=array("empUid"=>"test101","empName"=>"TEST101"); //集成测试
if (!isset($resultObject["empUid"])) {
$container->get("logger")->err("get user info error." . $postresult);
$re["returncode"] = ReturnCode::$SYSERROR;
return $re;
}
$crvuser = $resultObject["empUid"];
$email = $resultObject["email"];
$fafa_account = !empty($crvuser) ? strtolower($crvuser) : $email;
$Obj = new \Justsy\BaseBundle\Login\UserProvider($container);
$user = $Obj->loadUserByUsername($fafa_account, $comefrom);
//�Ǽ�seesion
$token = new \Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken($user, $user->getPassword(), "secured_area", $user->getRoles());
$container->get("security.context")->setToken($token);
$session = $request->getSession()->set('_security_' . 'secured_area', serialize($token));
$event = new \Symfony\Component\Security\Http\Event\InteractiveLoginEvent($request, $token);
$container->get("event_dispatcher")->dispatch("security.interactive_login", $event);
$re["returncode"] = ReturnCode::$SUCCESS;
$re["openid"] = $user->openid;
$re["login_account"] = $fafa_account;
$re["ldap_uid"] = $user->ldap_uid;
$re["jid"] = $user->fafa_jid;
//为了避免用户修改密码后只刷新了所在服务器,im密码实时获取
$sql = "select password from users where username=?";
$iminfo = $con_im->GetData("im", $sql, array((string) $user->fafa_jid));
$re["des"] = count($iminfo["im"]["rows"]) > 0 ? $iminfo["im"]["rows"][0]["password"] : "";
} catch (\Symfony\Component\Security\Core\Exception\UsernameNotFoundException $e) {
$re["returncode"] = ReturnCode::$ERROFUSERORPWD;
} catch (\Exception $e) {
$container->get("logger")->err($e);
$re["returncode"] = ReturnCode::$SYSERROR;
}
return $re;
}
public static function registerToPlatform($container, $type, $uid, $openid, $nickName)
{
$defaultPostURl = "http://10.100.20.27/CallCenter/ESB_InvokeService.ashx";
$cacheobj = new Enterprise(null, $container->get("logger"), $container);
//
$authConfig = $cacheobj->getUserAuth();
$httpUrlConfig = $authConfig["ssoauthurl"];
if (empty($httpUrlConfig)) {
$httpUrlConfig = $defaultPostURl;
$eno = "100001";
} else {
$ldapConfgiObject = json_decode($httpUrlConfig, true);
$eno = $ldapConfgiObject["ENO"];
$httpUrlConfig = $ldapConfgiObject["URL"];
}
try {
$data = array();
$data["providerLoginKey"] = $uid;
$data["loginProviderName"] = $type;
$data["nickName"] = $nickName;
$data["openid"] = $openid;
$data["isNeedSyn"] = false;
$para = "ServiceName=WXSC_Account&MethodName=POST:JSON:loginWithRegisterExternal&Message=" . json_encode($data) . "&Version=1";
$container->get("logger")->err("SOA URL:" . $httpUrlConfig . "?" . $para);
$postresult = Utils::do_post_request($httpUrlConfig, $para);
$container->get("logger")->err("SOA Result:" . $postresult);
$resultObject = json_decode($postresult, true);
return $resultObject;
} catch (\Exception $e) {
$container->get("logger")->err("SOA ERROR:" . $e);
}
}
public function createUser($container, $attributes)
{
$createUserRest = $container->getParameter('staff_sync_url');
$defaultPostURl = "https://sso.avicmall.com:8443";
$appcodeConfig = "fafa-app";
$appkeyConfig = "DKGHwqJ5H91noPYNYm9b8EUPQSY";
$cacheobj = new Enterprise(null, $container->get("logger"), $container);
//
$authConfig = $cacheobj->getUserAuth();
$httpUrlConfig = $authConfig["ssoauthurl"];
if (empty($httpUrlConfig)) {
$httpUrlConfig = $defaultPostURl;
$eno = "100001";
} else {
$ldapConfgiObject = json_decode($httpUrlConfig, true);
$eno = $ldapConfgiObject["ENO"];
$httpUrlConfig = $ldapConfgiObject["URL"];
$appcodeConfig = $ldapConfgiObject["AppCode"];
$appkeyConfig = $ldapConfgiObject["AppKey"];
}
$reqHeader = SsoAvicAuth::getHeaders($appcodeConfig, $appkeyConfig);
$data = array();
$data["name"] = "";
$data["attributes"] = array(array("name" => "mobile", "value" => $attributes["mobile"]), array("name" => "smart-securemobile", "value" => $attributes["mobile"]), array("name" => "userpassword", "value" => $attributes["password"]), array("name" => "smart-type", "value" => "2"), array("name" => "cn", "value" => $attributes["nick_name"]));
$para = json_encode($data);
$container->get("logger")->err("SOA URL:" . $createUserRest . "?" . $para);
$postresult = Utils::do_post_request($createUserRest, $para, $reqHeader, $container->get("logger"));
$container->get("logger")->err("SOA Result:" . $postresult);
$resultObject = json_decode($postresult, true);
if (!$resultObject["status"] || $resultObject["status"] == "false") {
throw new \Exception($resultObject["message"]);
}
$resultObject["ldap_uid"] = $resultObject["key"];
$resultObject["deptid"] = "100054";
//默认部门
return $resultObject;
}
