using DocumentFormat.OpenXml.Spreadsheet; using DocumentFormat.OpenXml.Wordprocessing; using IP2Region.Net.Abstractions; using IRaCIS.Application.Contracts; using IRaCIS.Core.Application.Auth; using IRaCIS.Core.Application.Contracts; using IRaCIS.Core.Application.Helper; using IRaCIS.Core.Application.Service.OAuth; using IRaCIS.Core.Application.ViewModel; using IRaCIS.Core.Domain.Models; using IRaCIS.Core.Domain.Share; using IRaCIS.Core.Infrastructure; using MassTransit; using Medallion.Threading; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Options; using Org.BouncyCastle.Utilities.Encoders; using Panda.DynamicWebApi.Attributes; using System.Text.RegularExpressions; using ZiggyCreatures.Caching.Fusion; using LoginReturnDTO = IRaCIS.Application.Contracts.LoginReturnDTO; namespace IRaCIS.Core.Application.Service { [ApiExplorerSettings(GroupName = "Management")] public class UserService(IRepository _userRoleRepository, IMailVerificationService _mailVerificationService, IRepository _verificationCodeRepository, IRepository _userTrialRepository, IRepository _userLogRepository, IRepository _userPassWordLogRepository, IDistributedLockProvider _distributedLockProvider, IRepository _trialRepository, IOptionsMonitor _verifyConfig, IOptionsMonitor systemEmailConfig, IRepository _identityUserRepository, IRepository _doctorRepository, ISearcher _searcher, IMapper _mapper, IUserInfo _userInfo, IStringLocalizer _localizer, IFusionCache _fusionCache) : BaseService, IUserService { private SystemEmailSendConfig _systemEmailConfig = systemEmailConfig.CurrentValue; private async Task VerifyUserNameAsync(Guid? identityUserId, string userName) { if (await _identityUserRepository.WhereIf(identityUserId != null, t => t.Id != identityUserId).AnyAsync(t => t.UserName == userName)) { //---用户名已经存在。 throw new BusinessValidationFailedException(_localizer["User_UsernameExist"]); } } private async Task VerifyUserPhoneAsync(Guid? identityUserId, string phone) { if (await _identityUserRepository.WhereIf(identityUserId != null, t => t.Id != identityUserId).AnyAsync(t => (t.Phone == phone))) { //---该用户类型中已存在具有相同的电话的用户。 throw new BusinessValidationFailedException(_localizer["User_PhoneDup"]); } } private async Task VerifyUserEmailAsync(Guid? identityUserId, string email) { if (await _identityUserRepository.WhereIf(identityUserId != null, t => t.Id != identityUserId).AnyAsync(t => t.EMail == email)) { //---该用户类型中已存在具有相同邮箱的用户。 throw new BusinessValidationFailedException(_localizer["User_EmailDup"]); } } private async Task VerifyUserPwdAsync(Guid identityUserId, string newPwd, string? oldPwd = null) { //var dbUser = (await _userRoleRepository.FirstOrDefaultAsync(t => t.Id == userId)).IfNullThrowException(); if (_verifyConfig.CurrentValue.OpenUserComplexPassword) { if (oldPwd != null && oldPwd == newPwd) { //---新密码与旧密码相同。 throw new BusinessValidationFailedException(_localizer["User_NewOldPwdSame"]); } var dbUser = (await _identityUserRepository.Where(t => t.Id == identityUserId).FirstOrDefaultAsync()).IfNullThrowException(); if (oldPwd != null && dbUser.Password != oldPwd) { //---旧密码验证失败。 throw new BusinessValidationFailedException(_localizer["User_OldPwdInvalid"]); } if (dbUser.Password == newPwd) { //---新密码与旧密码相同。 throw new BusinessValidationFailedException(_localizer["User_NewOldPwdSame"]); } var passWordList = await _userPassWordLogRepository.Where(x => x.IdentityUserId == identityUserId).OrderByDescending(x => x.CreateTime).Take(3).ToListAsync(); if (passWordList.Any(x => x.PassWord == newPwd)) { throw new BusinessValidationFailedException(_localizer["User_PassWordRepeat"]); } } await _identityUserRepository.BatchUpdateNoTrackingAsync(x => x.Id == identityUserId, x => new IdentityUser() { LastChangePassWordTime = DateTime.Now, }); await _userPassWordLogRepository.SaveChangesAsync(); } /// 发送验证码 修改邮箱(已经登陆修改) New [HttpGet("{email}")] public async Task SendVerificationCode(string email) { //检查手机或者邮箱是否有效 if (!Regex.IsMatch(email, @"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$")) { //---Please input a legal email return ResponseOutput.NotOk(_localizer["User_LegalEmail"]); } //验证码 6位 int verificationCode = new Random().Next(100000, 1000000); await _mailVerificationService.SendMailEditEmail(_userInfo.IdentityUserId, _userInfo.FullName, email, verificationCode); return ResponseOutput.Ok(); } [HttpPut("{newEmail}/{verificationCode}")] [UnitOfWork] public async Task SetNewEmail(string newEmail, string verificationCode) { var verificationRecord = await _verificationCodeRepository .FirstOrDefaultAsync(t => t.UserId == _userInfo.IdentityUserId && t.Code == verificationCode && t.CodeType == 0); //检查数据库是否存在该验证码 if (verificationRecord == null) { //---验证码错误。 return ResponseOutput.NotOk(_localizer["User_VerificationCodeError"]); } else { //检查验证码是否失效 if (verificationRecord.ExpirationTime < DateTime.Now) { //---验证码已经过期。 return ResponseOutput.NotOk(_localizer["User_VerificationCodeExpired"]); } else if (verificationRecord.EmailOrPhone.Trim() != newEmail.Trim()) { //发送验证嘛的和提交的邮箱不一致 return ResponseOutput.NotOk(_localizer["User_VerificationEmailNotSameWithBefore"]); } else //验证码正确 并且 没有超时 { await VerifyUserEmailAsync(_userInfo.IdentityUserId, newEmail); // 修改用户邮箱的时候 需要修改医生表的邮箱 var oldEmail = await _identityUserRepository.Where(t => t.Id == _userInfo.IdentityUserId).Select(t => t.EMail).FirstOrDefaultAsync(); await _doctorRepository.UpdatePartialFromQueryAsync(x => x.EMail == oldEmail, u => new Doctor() { EMail = newEmail }); await _identityUserRepository.UpdatePartialFromQueryAsync(_userInfo.IdentityUserId, u => new IdentityUser() { EMail = newEmail }); //删除验证码历史记录 await _verificationCodeRepository.BatchDeleteNoTrackingAsync(t => t.UserId == _userInfo.UserRoleId && t.CodeType == 0); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = _userInfo.IdentityUserId, ActionUserName = _userInfo.UserName, TargetIdentityUserId = _userInfo.IdentityUserId, OptType = UserOptType.UpdateUser }, true); return ResponseOutput.Ok(); } } } [HttpPut("{newPhone}")] public async Task SetNewPhone(string newPhone) { await VerifyUserPhoneAsync(_userInfo.IdentityUserId, newPhone); await _identityUserRepository.UpdatePartialFromQueryAsync(_userInfo.IdentityUserId, u => new IdentityUser() { Phone = newPhone }); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = _userInfo.IdentityUserId, ActionUserName = _userInfo.UserName, TargetIdentityUserId = _userInfo.IdentityUserId, OptType = UserOptType.UpdateUser }, true); return ResponseOutput.Ok(); } [HttpPut("{newUserName}")] public async Task SetNewUserName(string newUserName) { await VerifyUserNameAsync(_userInfo.IdentityUserId, newUserName); await _identityUserRepository.UpdatePartialFromQueryAsync(_userInfo.IdentityUserId, u => new IdentityUser() { UserName = newUserName }); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = _userInfo.IdentityUserId, ActionUserName = _userInfo.UserName, TargetIdentityUserId = _userInfo.IdentityUserId, OptType = UserOptType.UpdateUser }, true); return ResponseOutput.Ok(); } [HttpGet] public async Task InitSetUserNameAndPwd(string newUserName, string newPWd) { await VerifyUserPwdAsync(_userInfo.IdentityUserId, newPWd); await VerifyUserNameAsync(_userInfo.IdentityUserId, newUserName); await _identityUserRepository.UpdatePartialFromQueryAsync(_userInfo.IdentityUserId, u => new IdentityUser() { UserName = newUserName, Password = newPWd, IsFirstAdd = false, EmailToken = String.Empty }, true); await _userPassWordLogRepository.AddAsync(new UserPassWordLog() { CreateTime = DateTime.Now, PassWord = newPWd, IdentityUserId = _userInfo.IdentityUserId, }); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = _userInfo.IdentityUserId, ActionUserName = _userInfo.UserName, TargetIdentityUserId = _userInfo.IdentityUserId, OptType = UserOptType.UpdateUser }, true); return ResponseOutput.Ok(); } /// /// 重置密码为 默认密码 /// /// /// [HttpGet("{identityUserId:guid}")] [UnitOfWork] public async Task ResetPassword(Guid identityUserId) { var pwd = IRCEmailPasswordHelper.GenerateRandomPassword(10); await _mailVerificationService.AdminResetPwdSendEmailAsync(identityUserId, pwd); await _identityUserRepository.UpdatePartialFromQueryAsync(t => t.Id == identityUserId, u => new IdentityUser() { Password = MD5Helper.Md5(pwd), IsFirstAdd = true }); var userName = _identityUserRepository.Where(t => t.Id == identityUserId).Select(t => t.UserName).FirstOrDefault(); await _fusionCache.RemoveAsync(CacheKeys.UserLoginError(userName)); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = _userInfo.IdentityUserId, ActionUserName = _userInfo.UserName, TargetIdentityUserId = identityUserId, OptType = UserOptType.ResetPassword }, true); return ResponseOutput.Ok(); } /// /// 重置密码发邮件 (未登陆修改) /// /// /// [AllowAnonymous] [HttpGet("{email}")] public async Task AnonymousSendVerificationCode(string email) { //检查手机或者邮箱是否有效 if (!Regex.IsMatch(email, @"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$")) { //---请输入一个正确的邮箱。 return ResponseOutput.NotOk(_localizer["User_InvalidEmail"]); } ////查找改邮箱或者手机的用户 var existUser = await _identityUserRepository.Where(t => t.EMail == email && t.Status == UserStateEnum.Enable).FirstOrDefaultAsync(); if (existUser == null) { //---邮箱错误。 return ResponseOutput.NotOk(_localizer["User_EmailError"]); } else { if (existUser.IsFirstAdd && existUser.UserName.IsNullOrEmpty()) { return ResponseOutput.NotOk(_localizer["User_Notinitialized"]); } } //验证码 6位 int verificationCode = new Random().Next(100000, 1000000); await _mailVerificationService.AnolymousSendEmailForResetAccount(email, verificationCode); return ResponseOutput.Ok(); } /// /// 验证验证码,没问题就返回用户所有的账户 /// /// /// /// /// [AllowAnonymous] [HttpGet("{email}/{verifyCode}")] public async Task VerifyAnonymousVerifyCode(string email, string verifyCode) { var verificationRecord = await _verificationCodeRepository .Where(t => t.UserId == Guid.Empty && t.Code == verifyCode && t.CodeType == VerifyType.Email && t.EmailOrPhone == email).OrderByDescending(t => t.CreateTime).FirstOrDefaultAsync(); //检查数据库是否存在该验证码 if (verificationRecord == null) { //---验证码错误。 throw new BusinessValidationFailedException(_localizer["User_VerificationCodeError"]); } else { //检查验证码是否失效 if (verificationRecord.ExpirationTime < DateTime.Now) { //---验证码已经过期。 throw new BusinessValidationFailedException(_localizer["User_VerificationCodeExpired"]); } else //验证码正确 并且 没有超时 { //删除验证码历史记录 await _verificationCodeRepository.BatchDeleteNoTrackingAsync(t => t.Id == verificationRecord.Id); } } var userInfo = await _identityUserRepository.Where(t => t.EMail == email && t.Status == UserStateEnum.Enable).Select(t => new UserAccountDto() { Id = t.Id, UserName = t.UserName, UserRealName = t.FullName }).FirstOrDefaultAsync(); return userInfo; } /// /// (未登陆) 设置新密码 /// /// /// /// [AllowAnonymous] [HttpGet("{identityUserId:guid}/{newPwd}")] public async Task AnonymousSetPassword(Guid identityUserId, string newPwd) { await VerifyUserPwdAsync(identityUserId, newPwd); await _identityUserRepository.UpdatePartialFromQueryAsync(t => t.Id == identityUserId, u => new IdentityUser() { Password = newPwd, LastChangePassWordTime = DateTime.Now, IsFirstAdd = false }); await _userPassWordLogRepository.AddAsync(new UserPassWordLog() { CreateTime = DateTime.Now, PassWord = newPwd, IdentityUserId = identityUserId, }); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = identityUserId, ActionUserName = _userInfo.UserName, TargetIdentityUserId = identityUserId, OptType = UserOptType.UnloginModifyPasswoed }, true); return ResponseOutput.Ok(); } /// /// 修改密码,当前支持旧密码修改密码 /// /// [HttpPost] [UnitOfWork] public async Task ModifyPassword(EditPasswordCommand editPwModel) { await VerifyUserPwdAsync(_userInfo.IdentityUserId, editPwModel.NewPassWord, editPwModel.OldPassWord); if (!string.IsNullOrEmpty(editPwModel.NewUserName)) { await VerifyUserNameAsync(_userInfo.IdentityUserId, editPwModel.NewUserName); await _identityUserRepository.UpdatePartialFromQueryAsync(t => t.Id == _userInfo.IdentityUserId, u => new IdentityUser() { UserName = editPwModel.NewUserName, }); } var success = await _identityUserRepository.BatchUpdateNoTrackingAsync(t => t.Id == _userInfo.IdentityUserId, u => new IdentityUser() { Password = editPwModel.NewPassWord, LastChangePassWordTime = DateTime.Now, IsFirstAdd = false }); await _userPassWordLogRepository.AddAsync(new UserPassWordLog() { CreateTime = DateTime.Now, PassWord = editPwModel.NewPassWord, IdentityUserId = _userInfo.IdentityUserId, }); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = _userInfo.IdentityUserId, ActionUserName = _userInfo.UserName, TargetIdentityUserId = _userInfo.IdentityUserId, OptType = UserOptType.LoginModifyPassword }, true); return ResponseOutput.Result(success); } /// /// 获取用户列表 /// /// /// [HttpPost] public async Task> GetUserList(UserListQueryDTO inQuery) { var userQueryable = _identityUserRepository.Where(x => x.UserRoleList.Any(x => x.UserTypeEnum != UserTypeEnum.SuperAdmin)) .WhereIf(!string.IsNullOrWhiteSpace(inQuery.UserName), t => t.UserName.Contains(inQuery.UserName)) .WhereIf(!string.IsNullOrWhiteSpace(inQuery.RealName), t => t.FullName.Contains(inQuery.RealName)) .WhereIf(!string.IsNullOrWhiteSpace(inQuery.Phone), t => t.Phone.Contains(inQuery.Phone)) .WhereIf(!string.IsNullOrWhiteSpace(inQuery.OrganizationName), t => t.OrganizationName.Contains(inQuery.OrganizationName)) .WhereIf(!string.IsNullOrWhiteSpace(inQuery.EMail), t => t.EMail.Contains(inQuery.EMail)) .WhereIf(inQuery.BeginCreateTime != null, t => t.CreateTime >= inQuery.BeginCreateTime) .WhereIf(inQuery.EndCreateTime != null, t => t.CreateTime <= inQuery.EndCreateTime) .WhereIf(inQuery.BeginLastLoginTime != null, t => t.LastLoginTime >= inQuery.BeginLastLoginTime) .WhereIf(inQuery.EndLastLoginTime != null, t => t.LastLoginTime <= inQuery.EndLastLoginTime) .WhereIf(inQuery.BeginLastChangePassWordTime != null, t => t.LastChangePassWordTime >= inQuery.BeginLastChangePassWordTime) .WhereIf(inQuery.EndLastChangePassWordTime != null, t => t.LastChangePassWordTime <= inQuery.EndLastChangePassWordTime) .WhereIf(inQuery.UserType != null, t => t.UserRoleList.Any(t => t.UserTypeId == inQuery.UserType && t.IsUserRoleDisabled==false)) .WhereIf(inQuery.UserState != null, t => t.Status == inQuery.UserState) .WhereIf(inQuery.IsTestUser != null, t => t.IsTestUser == inQuery.IsTestUser) .WhereIf(inQuery.IsZhiZhun != null, t => t.IsZhiZhun == inQuery.IsZhiZhun) .WhereIf(inQuery.UserCeateSource != null, t => t.UserCeateSource == inQuery.UserCeateSource) .ProjectTo(_mapper.ConfigurationProvider); return await userQueryable.ToPagedListAsync(inQuery); } /// /// 根据用户Id获取用户详细信息[New] /// /// xiuga public async Task GetUser(Guid identityUserId) { identityUserId = identityUserId != Guid.Empty ? identityUserId : _userInfo.IdentityUserId; var user = await _identityUserRepository.Where(t => t.Id == identityUserId).ProjectTo(_mapper.ConfigurationProvider).FirstOrDefaultAsync(); if (user != null) { user.AccountList = await _userRoleRepository.Where(t => t.IdentityUserId == identityUserId).ProjectTo(_mapper.ConfigurationProvider).OrderBy(t => t.UserTypeShortName).ToListAsync(); } return user; } /// /// 添加用户 /// /// /// [UnitOfWork] public async Task> AddUser(UserCommand userAddModel) { await VerifyUserNameAsync(null, userAddModel.UserName); await VerifyUserEmailAsync(null, userAddModel.EMail); //await VerifyUserPhoneAsync(null, userAddModel.UserTypeId, userAddModel.Phone); var saveItem = _mapper.Map(userAddModel); var @lock = _distributedLockProvider.CreateLock($"UserAccount"); using (await @lock.AcquireAsync()) { saveItem.Code = await _identityUserRepository.Select(t => t.Code).DefaultIfEmpty().MaxAsync() + 1; saveItem.UserCode = AppSettings.GetCodeStr(saveItem.Code, nameof(IdentityUser)); if (saveItem.IsZhiZhun) { var organizationName = _userInfo.IsEn_Us ? _systemEmailConfig.OrganizationName : _systemEmailConfig.OrganizationNameCN; saveItem.OrganizationName = organizationName; } saveItem.UserCeateSource = UserCeateSource.AdminCreate; saveItem.Password = MD5Helper.Md5(IRCEmailPasswordHelper.GenerateRandomPassword(10)); var addRoleList = new List(); foreach (var role in userAddModel.UserRoleList) { var addRole = _mapper.Map(userAddModel); addRole.UserTypeEnum = role.UserTypeEnum; addRole.UserTypeId = role.UserTypeId; addRole.IsUserRoleDisabled = role.IsUserRoleDisabled; addRoleList.Add(addRole); } saveItem.UserRoleList = addRoleList; await _identityUserRepository.AddAsync(saveItem); var success = await _identityUserRepository.SaveChangesAsync(); } await _mailVerificationService.AddUserSendEmailAsync(saveItem.Id, userAddModel.BaseUrl, userAddModel.RouteUrl); return ResponseOutput.Ok(new UserAddedReturnDTO { Id = saveItem.Id, UserCode = saveItem.UserCode }); } [HttpPost] public async Task AddNewUserSendEmail(NewUserSendEmailCommand incommand) { await _mailVerificationService.AddUserSendEmailAsync(incommand.IdentityUserId, incommand.BaseUrl, incommand.RouteUrl); return ResponseOutput.Ok(); } /// /// 更新用户 /// /// /// public async Task UpdateUser(UserCommand model) { await VerifyUserNameAsync(model.Id, model.UserName); await VerifyUserEmailAsync(model.Id, model.EMail); //await VerifyUserPhoneAsync(model.Id, model.UserTypeId, model.Phone); var user = await _identityUserRepository.Where(t => t.Id == model.Id, true).Include(t => t.UserRoleList).FirstOrDefaultAsync(); if (user == null) return Null404NotFound(user); if (user.Status != model.Status) { await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = _userInfo.IdentityUserId, ActionUserName = _userInfo.UserName, TargetIdentityUserId = model.Id, OptType = model.Status == UserStateEnum.Enable ? UserOptType.AccountEnable : UserOptType.AccountLocked }, true); await _fusionCache.SetAsync(CacheKeys.UserDisable(user.Id), model.Status == UserStateEnum.Disable, TimeSpan.FromHours(1)); } _mapper.Map(model, user); if (user.IsZhiZhun) { user.OrganizationName = _userInfo.IsEn_Us ? _systemEmailConfig.OrganizationName : _systemEmailConfig.OrganizationNameCN; } await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, LoginUserId = _userInfo.UserRoleId, OptUserId = model.Id, OptType = UserOptType.UpdateUser }); //处理角色的添加、禁用 foreach (var role in model.UserRoleList) { var find = user.UserRoleList.FirstOrDefault(t => t.UserTypeEnum == role.UserTypeEnum && t.UserTypeId == role.UserTypeId); if (find != null) { find.IsUserRoleDisabled = role.IsUserRoleDisabled; await _fusionCache.SetAsync(CacheKeys.UserRoleDisable(find.Id), find.IsUserRoleDisabled, TimeSpan.FromHours(1)); } else { var addRole = _mapper.Map(model); addRole.Id = NewId.NextSequentialGuid(); addRole.IdentityUserId = user.Id; addRole.UserTypeEnum = role.UserTypeEnum; addRole.UserTypeId = role.UserTypeId; user.UserRoleList.Add(addRole); } } var success = await _userRoleRepository.SaveChangesAsync(); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = _userInfo.IdentityUserId, ActionUserName = _userInfo.UserName, TargetIdentityUserId = model.Id, OptType = UserOptType.UpdateUser }, true); return ResponseOutput.Ok(success); } [HttpPut] public async Task UpdateUserBasicInfo(UserBasicInfoCommand command) { var user = await _identityUserRepository.Where(t => t.Id == command.Id, true).FirstOrDefaultAsync(); if (user == null) return Null404NotFound(user); _mapper.Map(command, user); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = _userInfo.IdentityUserId, ActionUserName = _userInfo.UserName, TargetIdentityUserId = command.Id, OptType = UserOptType.UpdateUser }, true); await _identityUserRepository.SaveChangesAsync(); return ResponseOutput.Ok(); } [HttpPut] public async Task UpdateUserRoleInfo(UpdateUserRolesDto command) { var user = await _identityUserRepository.Where(t => t.Id == command.Id, true).Include(t => t.UserRoleList).FirstOrDefaultAsync(); if (user == null) return Null404NotFound(user); foreach (var role in command.UserRoleList) { var find = user.UserRoleList.FirstOrDefault(t => t.UserTypeEnum == role.UserTypeEnum && t.UserTypeId == role.UserTypeId); if (find != null) { find.IsUserRoleDisabled = role.IsUserRoleDisabled; await _fusionCache.SetAsync(CacheKeys.UserRoleDisable(find.Id), find.IsUserRoleDisabled, TimeSpan.FromHours(1)); } else { var addRole = _mapper.Map(user); addRole.Id = NewId.NextSequentialGuid(); addRole.IdentityUserId = user.Id; addRole.UserTypeEnum = role.UserTypeEnum; addRole.UserTypeId = role.UserTypeId; addRole.IsUserRoleDisabled = role.IsUserRoleDisabled; user.UserRoleList.Add(addRole); } } var success = await _userRoleRepository.SaveChangesAsync(); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = _userInfo.IdentityUserId, ActionUserName = _userInfo.UserName, TargetIdentityUserId = command.Id, OptType = UserOptType.UpdateUserRole }, true); return ResponseOutput.Ok(); } ///// ///// 禁用或者启用账户 ///// ///// ///// ///// //[HttpPost("{userId:guid}/{state:int}")] //public async Task UpdateUserState(Guid userId, UserStateEnum state) //{ // await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, LoginUserId = _userInfo.Id, OptUserId = userId, OptType = state == UserStateEnum.Enable ? UserOptType.AccountEnable : UserOptType.AccountLocked }, true); // var success = await _identityUserRepository.BatchUpdateNoTrackingAsync(u => u.IdentityUserId == userId, t => new User // { // Status = state // }); // return ResponseOutput.Result(success); //} public async Task GetUserBasicInfo(Guid userId, string pwd) { var info = await _identityUserRepository.Where(u => u.Id == userId && u.Password == pwd).ProjectTo(_mapper.ConfigurationProvider).FirstNotNullAsync(); return info; } /// /// 发送MFA 验证邮件 /// /// public async Task SendMFAEmail(SendMfaCommand sendMfa) { var identityUserId = sendMfa.IdentityUserId == Guid.Empty ? _userInfo.IdentityUserId : sendMfa.IdentityUserId; var userInfo = await _identityUserRepository.Where(u => u.Id == identityUserId).Select(t => new { t.FullName, t.EMail }).FirstOrDefaultAsync(); int verificationCode = new Random().Next(100000, 1000000); await _mailVerificationService.SenMFAVerifyEmail(identityUserId, userInfo.FullName, userInfo.EMail, verificationCode, sendMfa.MFAType); var hiddenEmail = IRCEmailPasswordHelper.MaskEmail(userInfo.EMail); return ResponseOutput.Ok(hiddenEmail); } /// /// 验证MFA 邮件 /// /// /// /// public async Task VerifyMFACodeAsync(string Code) { var identityUserId = _userInfo.IdentityUserId; var verificationRecord = await _verificationCodeRepository.Where(t => t.UserId == identityUserId && t.Code == Code && t.CodeType == VerifyType.Email).OrderByDescending(x => x.ExpirationTime).FirstOrDefaultAsync(); VerifyEmialGetDoctorInfoOutDto result = new VerifyEmialGetDoctorInfoOutDto(); //检查数据库是否存在该验证码 if (verificationRecord == null) { //---验证码错误。 throw new BusinessValidationFailedException(_localizer["TrialSiteSurvey_WrongVerificationCode"]); } else { //检查验证码是否失效 if (verificationRecord.ExpirationTime < DateTime.Now) { //---验证码已经过期。 throw new BusinessValidationFailedException(_localizer["TrialSiteSurvey_ExpiredVerificationCode"]); } else //验证码正确 并且 没有超时 { //删除验证码历史记录 await _verificationCodeRepository.BatchDeleteNoTrackingAsync(t => t.Id == verificationRecord.Id); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionUserName = _userInfo.UserName, ActionIdentityUserId = identityUserId, OptType = UserOptType.MFALogin }, true); } } return ResponseOutput.Ok(); } /// /// 设置是否忽略异地登录 /// /// /// [HttpPost] public async Task SetIsIgnoreUncommonly(SetIsIgnoreUncommonlyInDto inDto) { await _userLogRepository.UpdatePartialFromQueryAsync(inDto.Id, x => new UserLog() { IsIgnoreUncommonly = inDto.IsIgnoreUncommonly }, true); return ResponseOutput.Ok(); } [HttpPost] public async Task> GetUserLogList(UserLogQuery inQuery) { DateTime? trialCreateTime = inQuery.TrialId != null ? _trialRepository.Where(t => t.Id == inQuery.TrialId).Select(t => t.CreateTime).FirstOrDefault() : null; var userLogQueryable = _userLogRepository.AsQueryable().IgnoreQueryFilters() .WhereIf(inQuery.IdentityUserId != null, t => t.ActionIdentityUserId == inQuery.IdentityUserId) .WhereIf(inQuery.TargetIdentityUserId != null, t => t.TargetIdentityUserId == inQuery.TargetIdentityUserId) .WhereIf(inQuery.TrialId != null, t => t.ActionIdentityUser.UserTrialList.Any(c => c.TrialId == inQuery.TrialId) || t.TargetIdentityUser.UserTrialList.Any(c => c.TrialId == inQuery.TrialId)) .WhereIf(trialCreateTime != null, t => t.CreateTime >= trialCreateTime) .WhereIf(inQuery.OptTypeList != null && inQuery.OptTypeList.Count > 0, t => inQuery.OptTypeList.Contains(t.OptType)) .WhereIf(inQuery.BeginDate != null, t => t.CreateTime >= inQuery.BeginDate) .WhereIf(inQuery.EndDate != null, t => t.CreateTime <= inQuery.EndDate) .WhereIf(inQuery.IsLoginUncommonly != null , t => t.IsLoginUncommonly== inQuery.IsLoginUncommonly) .WhereIf(!string.IsNullOrEmpty(inQuery.LoginUserName), t => t.ActionUserName.Contains(inQuery.LoginUserName!)) .WhereIf(!string.IsNullOrEmpty(inQuery.LoginFaildName), t => t.ActionUserName.Contains(inQuery.LoginFaildName!)) .WhereIf(!string.IsNullOrEmpty(inQuery.IP), t => t.IP.Contains(inQuery.IP!)) .WhereIf(!string.IsNullOrEmpty(inQuery.LoginUserType), t => t.ActionUserType == inQuery.LoginUserType) .WhereIf(inQuery.UserTypeId != null, t => t.CreateUserRole.UserTypeId == inQuery.UserTypeId) .ProjectTo(_mapper.ConfigurationProvider); var pageList = await userLogQueryable.ToPagedListAsync(inQuery); //项目创建账户的时候,没有用户名,但是目标用户Id 有值,导致查询出来有名字,所以在此单独处理下 foreach (var item in pageList.CurrentPageData) { if (item.OptType == UserOptType.AddUser) { item.TargetIdentityUserName = item.UserObj.UserName; } } return pageList; } [AllowAnonymous] [HttpGet] public async Task LoginOut(Guid identityUserId, Guid userRoleId) { await _fusionCache.RemoveAsync(CacheKeys.UserToken(identityUserId)); var userName = await _userRoleRepository.Where(t => t.Id == userRoleId).Select(t => t.IdentityUser.UserName).FirstOrDefaultAsync(); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = identityUserId, ActionUserName = userName, OptType = UserOptType.LoginOut }, true); return ResponseOutput.Ok(); } #region 多账号修改 /// /// 账号验证,获取账号角色信息 获取临时token /// /// /// [AllowAnonymous] [HttpPost] public async Task> GetUserLoginRoleList(IRCLoginDto loginDto, [FromServices] ITokenService _tokenService, [FromServices] IOptionsMonitor _emailConfig ) { var userName = loginDto.UserName; var password = loginDto.Password; var emailConfig = _emailConfig.CurrentValue; var companyInfo = new SystemEmailSendConfigView() { CompanyName = emailConfig.CompanyName, CompanyNameCN = emailConfig.CompanyNameCN, CompanyShortName = emailConfig.CompanyShortName, CompanyShortNameCN = emailConfig.CompanyShortNameCN,SystemShortName=emailConfig.SystemShortName }; int maxFailures = _verifyConfig.CurrentValue.LoginMaxFailCount; int lockoutMinutes = _verifyConfig.CurrentValue.LoginFailLockMinutes; // 生成缓存键 string cacheKey = CacheKeys.UserLoginError(userName); // 从缓存中获取登录失败次数 int? failCount = await _fusionCache.GetOrDefaultAsync(cacheKey); if (failCount == null) { failCount = 0; } //每次登录 都重置缓存时间 await _fusionCache.SetAsync(cacheKey, failCount, TimeSpan.FromMinutes(lockoutMinutes)); var userLog = new UserLog(); if (failCount >= maxFailures) { await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionUserName = userName, LoginPassword = password, OptType = UserOptType.TempLockLogin }, true); //$"密码连续错误{maxFailures}次,当前账号已被限制登录,请等待 {lockoutMinutes} 分钟后再试。" throw new BusinessValidationFailedException(_localizer["User_ErrorLimit", maxFailures, lockoutMinutes]); } var userLoginReturnModel = new IRCLoginReturnDTO(); var loginUser = await _identityUserRepository.Where(u => (u.UserName.Equals(userName) || u.EMail.Equals(userName)) && u.Password == password).ProjectTo(_mapper.ConfigurationProvider).FirstOrDefaultAsync(); var existUserLoginInfo = await _identityUserRepository.Where(u => u.UserName == userName || u.EMail == userName).Select(t => new { t.LastLoginIP, t.LastChangePassWordTime, t.Id }).FirstOrDefaultAsync(); var isExistAccount = existUserLoginInfo != null; var isLoginUncommonly = false; #region //登录用户是系统用户的时候,就要要记录异地登录 //账号在系统存在 if (isExistAccount || loginUser != null) { //var ipinfo = _searcher.Search(_userInfo.IP); //var iPRegion = string.Join('|', ipinfo.Split('|').TakeLast(3)); //string SplitAndConcatenate(string input) //{ // string[] parts = input.Split('|'); // return parts.Length >= 3 ? parts[0] + parts[1] : string.Join("", parts); //} var iPRegion = IPCityHelper.GetCityResponse(_userInfo.IP); //设置本次登录的IP await _identityUserRepository.BatchUpdateNoTrackingAsync(x => x.Id == existUserLoginInfo.Id, x => new IdentityUser() { LastLoginIP = iPRegion, LastLoginTime = DateTime.Now }); //超过90天没修改密码 if (loginUser!= null&&_verifyConfig.CurrentValue.IsNeedChangePassWord && loginUser.LastChangePassWordTime != null && DateTime.Now.AddDays(-_verifyConfig.CurrentValue.ChangePassWordDays) > loginUser.LastChangePassWordTime.Value) { loginUser.NeedChangePassWord = true; } if (existUserLoginInfo.LastLoginIP != string.Empty) { // 与上一次区域不一致 //if (SplitAndConcatenate(existUserLoginInfo.LastLoginIP) != SplitAndConcatenate(iPRegion)) if (existUserLoginInfo.LastLoginIP != iPRegion) { isLoginUncommonly = true; if (loginUser != null) { //异地登录 loginUser.LoginState = 2; } } } } #endregion if (loginUser == null) { //错误次数累加 failCount++; await _fusionCache.SetAsync(cacheKey, failCount, TimeSpan.FromMinutes(lockoutMinutes)); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionUserName = userName, LoginPassword = password, OptType = UserOptType.AccountOrPasswordError, IsLoginUncommonly = isLoginUncommonly }, true); return ResponseOutput.NotOk(_localizer["User_CheckNameOrPw"], new IRCLoginReturnDTO()); } //登录成功的,才会算异地登录 if (loginUser.Status == 0) { await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = loginUser.IdentityUserId, ActionUserName = loginUser.UserName, OptType = UserOptType.LoginLockedAccount, IsLoginUncommonly = isLoginUncommonly }, true); //---该用户已经被禁用。 return ResponseOutput.NotOk(_localizer["User_Disabled"], new IRCLoginReturnDTO()); } //登录成功 清除缓存 await _fusionCache.SetAsync(cacheKey, 0, TimeSpan.FromMinutes(lockoutMinutes)); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = loginUser.IdentityUserId, ActionUserName = loginUser.UserName, OptType = UserOptType.Login, IsLoginUncommonly = isLoginUncommonly }, true); userLoginReturnModel.BasicInfo = loginUser; if (loginUser.LastChangePassWordTime == null) { await _identityUserRepository.BatchUpdateNoTrackingAsync(x => x.Id == loginUser.IdentityUserId, x => new IdentityUser() { LastChangePassWordTime = DateTime.Now }); } //返回临时token userLoginReturnModel.JWTStr = _tokenService.GetToken(new UserTokenInfo() { IdentityUserId = loginUser.IdentityUserId, UserName = userName }); var identityUserId = loginUser.IdentityUserId; if (_verifyConfig.CurrentValue.OpenLoginMFA) { //MFA 发送邮件 userLoginReturnModel.IsMFA = true; var email = userLoginReturnModel.BasicInfo.EMail; var hiddenEmail = IRCEmailPasswordHelper.MaskEmail(email); userLoginReturnModel.BasicInfo.EMail = hiddenEmail; //修改密码 || 90天修改密码再mfa 之前 if (userLoginReturnModel.BasicInfo.IsFirstAdd || userLoginReturnModel.BasicInfo.NeedChangePassWord) { //userLoginReturnModel.JWTStr = _tokenService.GetToken(userLoginReturnModel.BasicInfo); } else { //正常登录才发送邮件 await SendMFAEmail(new SendMfaCommand() { IdentityUserId = identityUserId, MFAType = UserMFAType.Login }); } } await _fusionCache.SetAsync(CacheKeys.UserToken(identityUserId), userLoginReturnModel.JWTStr, TimeSpan.FromDays(7)); await _fusionCache.SetAsync(CacheKeys.UserAutoLoginOut(identityUserId), DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss"), TimeSpan.FromMinutes(_verifyConfig.CurrentValue.AutoLoginOutMinutes)); userLoginReturnModel.BasicInfo.AccountList = await _userRoleRepository.Where(t => t.IdentityUserId == identityUserId).ProjectTo(_mapper.ConfigurationProvider).OrderBy(t => t.UserTypeShortName).ToListAsync(); userLoginReturnModel.CompanyInfo = companyInfo; return ResponseOutput.Ok(userLoginReturnModel); } /// /// 验证密码成功后,选定角色,然后获取当前角色的Token /// /// /// /// /// [HttpGet] public async Task LoginSelectUserRole(Guid userRoleId, [FromServices] ITokenService _tokenService, [FromServices] IReadingImageTaskService readingImageTaskService) { var identityUserId = _userInfo.IdentityUserId; var userTokenInfo = await _userRoleRepository.Where(t => t.IdentityUserId == identityUserId && t.Id == userRoleId).Select(t => new UserTokenInfo() { UserRoleId = t.Id, IdentityUserId = t.IdentityUserId, UserTypeEnum = t.UserTypeEnum, UserTypeId = t.UserTypeId, IsTestUser = t.IdentityUser.IsTestUser, IsZhiZhun = t.IdentityUser.IsZhiZhun, FullName = t.IdentityUser.FullName, PermissionStr = t.UserTypeRole.PermissionStr, UserName = t.IdentityUser.UserName, UserTypeShortName = t.UserTypeRole.UserTypeShortName, }).FirstOrDefaultAsync(); await _userLogRepository.AddAsync(new UserLog() { IP = _userInfo.IP, ActionIdentityUserId = userTokenInfo.IdentityUserId, ActionUserName = $"{userTokenInfo.UserName}", ActionUserType = userTokenInfo.UserTypeShortName, OptType = UserOptType.LoginSelectRole }, true); if (userTokenInfo != null) { var jwt = _tokenService.GetToken(userTokenInfo); // 验证阅片休息时间 await readingImageTaskService.ResetReadingRestTime(userTokenInfo.UserRoleId); await _fusionCache.SetAsync(CacheKeys.UserToken(userTokenInfo.IdentityUserId), jwt, TimeSpan.FromDays(7)); return jwt; } else { throw new BusinessValidationFailedException("传递参数查询数据库不存在!"); } } #endregion } }