[Feature-3392][api-server] (#3403)

* feature user register fix bug fix security problem fix security problem * activate user * fix confilct * fix confilct and fix some bug * fix cr problem Co-authored-by: dev_sky <dev_sky@740051880@qq.com>

[Feature-3392][api-server] (#3403)
* feature user register fix bug fix security problem fix security problem * activate user * fix confilct * fix confilct and fix some bug * fix cr problem Co-authored-by: dev_sky <dev_sky@740051880@qq.com>
6dc50091 · sky · GitHub · 6ecc95a3 · 6dc50091 · 6dc50091
4 changed file
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/UsersController.java
@@ -432,14 +432,34 @@ public class UsersController extends BaseController {
                               @RequestParam(value = "userPassword") String userPassword,
                               @RequestParam(value = "repeatPassword") String repeatPassword,
                               @RequestParam(value = "email") String email) throws Exception {
-        userName = userName.replaceAll("[\n|\r|\t]", "");
-        userPassword = userPassword.replaceAll("[\n|\r|\t]", "");
-        repeatPassword = repeatPassword.replaceAll("[\n|\r|\t]", "");
-        email = email.replaceAll("[\n|\r|\t]", "");
+        userName = ParameterUtils.handleEscapes(userName);
+        userPassword = ParameterUtils.handleEscapes(userPassword);
+        repeatPassword = ParameterUtils.handleEscapes(repeatPassword);
+        email = ParameterUtils.handleEscapes(email);
        logger.info("user self-register, userName: {}, userPassword {}, repeatPassword {}, eamil {}",
-                userName, userPassword, repeatPassword, email);
+                userName, Constants.PASSWORD_DEFAULT, Constants.PASSWORD_DEFAULT, email);
        Map<String, Object> result = usersService.registerUser(userName, userPassword, repeatPassword, email);
        return returnDataList(result);
    }

+    /**
+     * user activate
+     *
+     * @param userName       user name
+     */
+    @ApiOperation(value="activateUser",notes = "ACTIVATE_USER_NOTES")
+    @ApiImplicitParams({
+            @ApiImplicitParam(name = "userName", value = "USER_NAME", type = "String"),
+    })
+    @PostMapping("/activate")
+    @ResponseStatus(HttpStatus.OK)
+    @ApiException(UPDATE_USER_ERROR)
+    public Result<Object> activateUser(@ApiIgnore @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
+                                       @RequestParam(value = "userName") String userName) {
+        userName = ParameterUtils.handleEscapes(userName);
+        logger.info("login user {}, activate user, userName: {}",
+                loginUser.getUserName(), userName);
+        Map<String, Object> result = usersService.activateUser(loginUser, userName);
+        return returnDataList(result);
+    }
 }
--- a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java
+++ b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/UsersService.java
@@ -26,6 +26,7 @@ import org.apache.dolphinscheduler.api.utils.CheckUtils;
 import org.apache.dolphinscheduler.api.utils.PageInfo;
 import org.apache.dolphinscheduler.api.utils.Result;
 import org.apache.dolphinscheduler.common.Constants;
+import org.apache.dolphinscheduler.common.enums.Flag;
 import org.apache.dolphinscheduler.common.enums.ResourceType;
 import org.apache.dolphinscheduler.common.enums.UserType;
 import org.apache.dolphinscheduler.common.utils.*;
@@ -917,10 +918,11 @@ public class UsersService extends BaseService {
     * @param repeatPassword repeat password
     * @param email          email
     * @return register result code
+     * @throws Exception exception
     */
    @Transactional(rollbackFor = RuntimeException.class)
    public Map<String, Object> registerUser(String userName, String userPassword, String repeatPassword, String email) {
-        Map<String, Object> result = new HashMap<>(5);
+        Map<String, Object> result = new HashMap<>();

        //check user params
        String msg = this.checkUserParams(userName, userPassword, email, "");
@@ -934,10 +936,51 @@ public class UsersService extends BaseService {
            putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, "two passwords are not same");
            return result;
        }
-
-        createUser(userName, userPassword, email, 1, "", "", 0);
+        User user = createUser(userName, userPassword, email, 1, "", "", Flag.NO.ordinal());
        putMsg(result, Status.SUCCESS);
+        result.put(Constants.DATA_LIST, user);
        return result;
    }

+    /**
+     * activate user, only system admin have permission, change user state code 0 to 1
+     *
+     * @param loginUser login user
+     * @return create result code
+     */
+    public Map<String, Object> activateUser(User loginUser, String userName) {
+        Map<String, Object> result = new HashMap<>();
+        result.put(Constants.STATUS, false);
+
+        if (!isAdmin(loginUser)) {
+            putMsg(result, Status.USER_NO_OPERATION_PERM);
+            return result;
+        }
+
+        if (!CheckUtils.checkUserName(userName)){
+            putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, userName);
+            return result;
+        }
+
+        User user = userMapper.queryByUserNameAccurately(userName);
+
+        if (user == null) {
+            putMsg(result, Status.USER_NOT_EXIST, userName);
+            return result;
+        }
+
+        if (user.getState() != Flag.NO.ordinal()) {
+            putMsg(result, Status.REQUEST_PARAMS_NOT_VALID_ERROR, userName);
+            return result;
+        }
+
+        user.setState(Flag.YES.ordinal());
+        Date now = new Date();
+        user.setUpdateTime(now);
+        userMapper.updateById(user);
+        User responseUser = userMapper.queryByUserNameAccurately(userName);
+        putMsg(result, Status.SUCCESS);
+        result.put(Constants.DATA_LIST, responseUser);
+        return result;
+    }
 }
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/UsersControllerTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/controller/UsersControllerTest.java
@@ -285,6 +285,21 @@ public class UsersControllerTest extends AbstractControllerTest{

        Result result = JSONUtils.parseObject(mvcResult.getResponse().getContentAsString(), Result.class);
        Assert.assertEquals(Status.SUCCESS.getCode(),result.getCode().intValue());
-        logger.info(mvcResult.getResponse().getContentAsString());
+    }
+
+    @Test
+    public void testActivateUser() throws Exception {
+        MultiValueMap<String, String> paramsMap = new LinkedMultiValueMap<>();
+        paramsMap.add("userName","user_test");
+
+        MvcResult mvcResult = mockMvc.perform(post("/users/activate")
+                .header(SESSION_ID, sessionId)
+                .params(paramsMap))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8))
+                .andReturn();
+
+        Result result = JSONUtils.parseObject(mvcResult.getResponse().getContentAsString(), Result.class);
+        Assert.assertEquals(Status.SUCCESS.getCode(),result.getCode().intValue());
    }
 }
--- a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
+++ b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/service/UsersServiceTest.java
@@ -462,42 +462,87 @@ public class UsersServiceTest {
        try {
            //userName error
            Map<String, Object> result = usersService.registerUser(userName, userPassword, repeatPassword, email);
-            logger.info(result.toString());
            Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));

            userName = "userTest0002";
            userPassword = "userTest000111111111111111";
            //password error
            result = usersService.registerUser(userName, userPassword, repeatPassword, email);
-            logger.info(result.toString());
            Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));

            userPassword = "userTest0002";
            email = "1q.com";
            //email error
            result = usersService.registerUser(userName, userPassword, repeatPassword, email);
-            logger.info(result.toString());
            Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));

            //repeatPassword error
            email = "7400@qq.com";
            repeatPassword = "userPassword";
            result = usersService.registerUser(userName, userPassword, repeatPassword, email);
-            logger.info(result.toString());
            Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));

            //success
            repeatPassword = "userTest0002";
            result = usersService.registerUser(userName, userPassword, repeatPassword, email);
-            logger.info(result.toString());
            Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));

        } catch (Exception e) {
-            logger.error(Status.CREATE_USER_ERROR.getMsg(),e);
            Assert.assertTrue(false);
        }
    }

+
+    @Test
+    public void testActivateUser() {
+        User user = new User();
+        user.setUserType(UserType.GENERAL_USER);
+        String userName = "userTest0002~";
+        try {
+            //not admin
+            Map<String, Object> result = usersService.activateUser(user, userName);
+            Assert.assertEquals(Status.USER_NO_OPERATION_PERM, result.get(Constants.STATUS));
+
+            //userName error
+            user.setUserType(UserType.ADMIN_USER);
+            result = usersService.activateUser(user, userName);
+            Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));
+
+            //user not exist
+            userName = "userTest10013";
+            result = usersService.activateUser(user, userName);
+            Assert.assertEquals(Status.USER_NOT_EXIST, result.get(Constants.STATUS));
+
+            //user state error
+            userName = "userTest0001";
+            when(userMapper.queryByUserNameAccurately(userName)).thenReturn(getUser());
+            result = usersService.activateUser(user, userName);
+            Assert.assertEquals(Status.REQUEST_PARAMS_NOT_VALID_ERROR, result.get(Constants.STATUS));
+
+            //success
+            when(userMapper.queryByUserNameAccurately(userName)).thenReturn(getDisabledUser());
+            result = usersService.activateUser(user, userName);
+            Assert.assertEquals(Status.SUCCESS, result.get(Constants.STATUS));
+        } catch (Exception e) {
+            Assert.assertTrue(false);
+        }
+    }
+
+    /**
+     * get disabled user
+     * @return
+     */
+    private User getDisabledUser() {
+
+        User user = new User();
+        user.setUserType(UserType.GENERAL_USER);
+        user.setUserName("userTest0001");
+        user.setUserPassword("userTest0001");
+        user.setState(0);
+        return user;
+    }
+
+
    /**
     * get user
     * @return