From b77345222c34be19a6c8a39e636ce1a2119cd956 Mon Sep 17 00:00:00 2001
From: huyueeer <huyueeer@163.com>
Date: Thu, 5 Aug 2021 11:17:38 +0800
Subject: [PATCH] =?UTF-8?q?LDAP=E8=AE=A4=E8=AF=81=E5=BF=BD=E7=95=A5?=
 =?UTF-8?q?=E5=A4=A7=E5=B0=8F=E5=86=99=EF=BC=8C=E4=BF=AE=E6=AD=A3=E5=88=A4?=
 =?UTF-8?q?=E6=96=AD=E9=A1=BA=E5=BA=8F=EF=BC=8C=E7=9B=B8=E5=90=8CLDAP?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=E5=8F=8D=E5=A4=8DREPLACE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../account/component/sso/BaseSessionSignOn.java   | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java
index bb5f415c..c64a1717 100644
--- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java
+++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java
@@ -48,22 +48,22 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
         if (ValidateUtils.isBlank(dto.getUsername()) || ValidateUtils.isNull(dto.getPassword())) {
             return Result.buildFailure("Missing parameters");
         }
-
-        Result<AccountDO> accountResult = accountService.getAccountDO(dto.getUsername());
+        //先创建空对象，看是在LDAP去做填充，还是直接查表填充
+        Result<AccountDO> accountResult;
 
         //判断是否激活了LDAP验证, 若激活则也可使用ldap进行认证
         if(!ValidateUtils.isNull(accountLdapEnabled) && accountLdapEnabled){
             //去LDAP验证账密
-            Map<String, Object> ldapAttrsInfo;
-            ldapAttrsInfo = ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword());
+            Map<String, Object> ldapAttrsInfo = ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword());;
             if(ValidateUtils.isNull(ldapAttrsInfo)){
                 return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED);
             }
+            //LDAP验证通过，拿LDAP的sAMAccountName替换dto对象的值，便于第一次自动注册采用LDAP值，并且第二次也避免REPLACE
+            dto.setUsername(ldapAttrsInfo.get("sAMAccountName").toString());
+            accountResult = accountService.getAccountDO(dto.getUsername());
 
             if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){
                 //自动注册
-                //使用Ldap:sAMAccountName替换用户输入的值
-                dto.setUsername(ldapAttrsInfo.get("sAMAccountName").toString());
                 AccountDO accountDO = new AccountDO();
                 accountDO.setUsername(dto.getUsername());
                 accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole());
@@ -73,6 +73,8 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
 
             return Result.buildSuc(dto.getUsername());
         }
+        //不走LDAP认证直接查表填充
+        accountResult = accountService.getAccountDO(dto.getUsername());
 
         if (ValidateUtils.isNull(accountResult) || accountResult.failed()) {
             return new Result<>(accountResult.getCode(), accountResult.getMessage());