diff --git a/backend/basic/src/rbum/domain/rbum_cert_conf.rs b/backend/basic/src/rbum/domain/rbum_cert_conf.rs index 99eb77508..13cf37fe3 100644 --- a/backend/basic/src/rbum/domain/rbum_cert_conf.rs +++ b/backend/basic/src/rbum/domain/rbum_cert_conf.rs @@ -149,7 +149,6 @@ pub struct Model { /// 同一个`rel_rbum_item_id`下最多只能有一个基础认证,如果为true,则该记录的sk将为同一个`rel_rbum_item_id`下的公共sk,支持同一个`rel_rbum_item_id`下不同凭证配置的ak + 该记录的sk的登录方式。 /// 比如可以将密码作为基础sk,这样可以实现手机号验证码、用户名密码以及手机号+密码的登录方式。 pub is_basic: bool, - pub is_ak_repeatable: bool, /// Support reset the cert configuration type(corresponding to the ``code`` value) of the basic sk /// /// 支持重置基础sk的凭证配置类型(对应`code`值) @@ -261,7 +260,6 @@ impl TardisActiveModel for ActiveModel { .col(ColumnDef::new(Column::SkEncrypted).not_null().boolean()) .col(ColumnDef::new(Column::Repeatable).not_null().boolean()) .col(ColumnDef::new(Column::IsBasic).not_null().boolean()) - .col(ColumnDef::new(Column::IsAkRepeatable).not_null().boolean()) .col(ColumnDef::new(Column::RestByKinds).not_null().string()) .col(ColumnDef::new(Column::ExpireSec).not_null().big_integer()) .col(ColumnDef::new(Column::SkLockCycleSec).not_null().integer()) diff --git a/backend/basic/src/rbum/dto/rbum_cert_conf_dto.rs b/backend/basic/src/rbum/dto/rbum_cert_conf_dto.rs index 4690edce1..4ece71445 100644 --- a/backend/basic/src/rbum/dto/rbum_cert_conf_dto.rs +++ b/backend/basic/src/rbum/dto/rbum_cert_conf_dto.rs @@ -34,7 +34,6 @@ pub struct RbumCertConfAddReq { pub sk_encrypted: Option, pub repeatable: Option, pub is_basic: Option, - pub is_ak_repeatable: Option, #[cfg_attr(feature = "default", oai(validator(min_length = "2", max_length = "2000")))] pub rest_by_kinds: Option, #[cfg_attr(feature = "default", oai(validator(minimum(value = "1", exclusive = "false"))))] @@ -104,7 +103,6 @@ pub struct RbumCertConfSummaryResp { pub sk_encrypted: bool, pub repeatable: bool, pub is_basic: bool, - pub is_ak_repeatable: bool, pub rest_by_kinds: String, pub expire_sec: i64, pub sk_lock_cycle_sec: i32, @@ -140,7 +138,6 @@ pub struct RbumCertConfDetailResp { pub sk_encrypted: bool, pub repeatable: bool, pub is_basic: bool, - pub is_ak_repeatable: bool, pub rest_by_kinds: String, pub expire_sec: i64, pub sk_lock_cycle_sec: i32, diff --git a/backend/basic/src/rbum/serv/rbum_cert_serv.rs b/backend/basic/src/rbum/serv/rbum_cert_serv.rs index 82e63b367..2e0281fb9 100644 --- a/backend/basic/src/rbum/serv/rbum_cert_serv.rs +++ b/backend/basic/src/rbum/serv/rbum_cert_serv.rs @@ -51,7 +51,6 @@ impl RbumCrudOperation 0 + if funs + .db() + .count( + Query::select() + .column(rbum_cert::Column::Id) + .from(rbum_cert::Entity) + .and_where(Expr::col(rbum_cert::Column::RelRbumKind).eq(add_req.rel_rbum_kind.to_int())) + .and_where(Expr::col(rbum_cert::Column::Ak).eq(add_req.ak.as_str())) + .and_where(Expr::col(rbum_cert::Column::RelRbumCertConfId).eq(add_req.rel_rbum_cert_conf_id.clone())) + .and_where(Expr::col(rbum_cert::Column::OwnPaths).like(format!("{}%", ctx.own_paths).as_str())), + ) + .await? + > 0 { return Err(funs.err().conflict(&Self::get_obj_name(), "add", "ak is used", "409-rbum-cert-ak-duplicate")); } @@ -1266,8 +1263,7 @@ impl RbumCertServ { )); } } - if !rbum_cert_conf.is_ak_repeatable - && modify_req.ak.is_some() + if modify_req.ak.is_some() && funs .db() .count( diff --git a/backend/basic/tests/test_rbum_cert.rs b/backend/basic/tests/test_rbum_cert.rs index fd670bf8d..57c553ace 100644 --- a/backend/basic/tests/test_rbum_cert.rs +++ b/backend/basic/tests/test_rbum_cert.rs @@ -19,7 +19,7 @@ pub async fn test(context: &TardisContext) -> TardisResult<()> { test_rbum_cert_conf(context).await?; test_rbum_cert_basic(context).await?; test_rbum_cert_sk_dynamic(context).await?; - test_rbum_cert_conf_is_ak_repeatable(context).await?; + test_rbum_cert_conf_ak_duplicate(context).await?; Ok(()) } @@ -60,7 +60,6 @@ async fn test_rbum_cert_conf(context: &TardisContext) -> TardisResult<()> { sk_encrypted: None, repeatable: None, is_basic: None, - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: None, coexist_num: None, @@ -94,7 +93,6 @@ async fn test_rbum_cert_conf(context: &TardisContext) -> TardisResult<()> { sk_encrypted: None, repeatable: None, is_basic: None, - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: None, coexist_num: None, @@ -128,7 +126,6 @@ async fn test_rbum_cert_conf(context: &TardisContext) -> TardisResult<()> { sk_encrypted: Some(true), repeatable: None, is_basic: None, - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: None, coexist_num: None, @@ -161,7 +158,6 @@ async fn test_rbum_cert_conf(context: &TardisContext) -> TardisResult<()> { sk_encrypted: Some(true), repeatable: None, is_basic: None, - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: None, coexist_num: None, @@ -244,11 +240,11 @@ async fn test_rbum_cert_conf(context: &TardisContext) -> TardisResult<()> { Ok(()) } -async fn test_rbum_cert_conf_is_ak_repeatable(context: &TardisContext) -> TardisResult<()> { +async fn test_rbum_cert_conf_ak_duplicate(context: &TardisContext) -> TardisResult<()> { let mut funs = TardisFuns::inst_with_db_conn("".to_string(), None); funs.begin().await?; - info!("【test_rbum_cert_conf_is_ak_repeatable】 : Prepare Domain : RbumDomainServ::add_rbum"); + info!("test_rbum_cert_conf_ak_duplicate : Prepare Domain : RbumDomainServ::add_rbum"); let domain_iam_id = RbumDomainServ::add_rbum( &mut RbumDomainAddReq { code: TrimString("iam2".to_string()), @@ -262,12 +258,12 @@ async fn test_rbum_cert_conf_is_ak_repeatable(context: &TardisContext) -> Tardis context, ) .await?; - info!("【test_rbum_cert_conf_is_ak_repeatable】 : add cert conf true as repeateable : RbumCertConfServ::add_rbum"); - let ak_repeatable_true_test_id = RbumCertConfServ::add_rbum( + info!("test_rbum_cert_conf_ak_duplicate : add cert conf : RbumCertConfServ::add_rbum"); + let ak_duplicate_cert_conf_id = RbumCertConfServ::add_rbum( &mut RbumCertConfAddReq { - kind: TrimString("Test1".to_string()), + kind: TrimString("Test".to_string()), supplier: None, - name: TrimString("akRepeatableTest1".to_string()), + name: TrimString("akRepeatableTest".to_string()), note: None, ak_note: None, ak_rule: None, @@ -279,7 +275,6 @@ async fn test_rbum_cert_conf_is_ak_repeatable(context: &TardisContext) -> Tardis sk_encrypted: Some(false), repeatable: None, is_basic: None, - is_ak_repeatable: Some(true), rest_by_kinds: None, expire_sec: None, coexist_num: None, @@ -297,106 +292,6 @@ async fn test_rbum_cert_conf_is_ak_repeatable(context: &TardisContext) -> Tardis .await?; let cert_test_id1 = RbumCertServ::add_rbum( - &mut RbumCertAddReq { - ak: "test".into(), - sk: Some("test".into()), - kind: None, - supplier: None, - vcode: None, - ext: None, - start_time: None, - end_time: None, - conn_uri: None, - status: RbumCertStatusKind::Enabled, - rel_rbum_cert_conf_id: Some(ak_repeatable_true_test_id.clone()), - rel_rbum_kind: RbumCertRelKind::Item, - rel_rbum_id: context.owner.to_string(), - is_outside: false, - is_ignore_check_sk: false, - sk_invisible: None, - }, - &funs, - context, - ) - .await?; - - RbumCertServ::add_rbum( - &mut RbumCertAddReq { - ak: "test".into(), - sk: Some("test1".into()), - kind: None, - supplier: None, - vcode: None, - ext: None, - start_time: None, - end_time: None, - conn_uri: None, - status: RbumCertStatusKind::Enabled, - rel_rbum_cert_conf_id: Some(ak_repeatable_true_test_id.clone()), - rel_rbum_kind: RbumCertRelKind::Item, - rel_rbum_id: context.owner.to_string(), - is_outside: false, - is_ignore_check_sk: false, - sk_invisible: None, - }, - &funs, - context, - ) - .await?; - - RbumCertServ::modify_rbum( - &cert_test_id1, - &mut RbumCertModifyReq { - ak: Some("test".into()), - sk: None, - sk_invisible: None, - ext: None, - start_time: None, - end_time: None, - conn_uri: None, - status: None, - is_ignore_check_sk: false, - }, - &funs, - context, - ) - .await?; - - info!("【test_rbum_cert_conf_is_ak_repeatable】 : add cert conf false as repeateable : RbumCertConfServ::add_rbum"); - let ak_repeatable_false_test_id = RbumCertConfServ::add_rbum( - &mut RbumCertConfAddReq { - kind: TrimString("Test2".to_string()), - supplier: None, - name: TrimString("akRepeatableTest2".to_string()), - note: None, - ak_note: None, - ak_rule: None, - sk_note: None, - sk_rule: None, - ext: None, - sk_need: Some(true), - sk_dynamic: None, - sk_encrypted: Some(false), - repeatable: None, - is_basic: None, - is_ak_repeatable: Some(false), - rest_by_kinds: None, - expire_sec: None, - coexist_num: None, - conn_uri: None, - rel_rbum_domain_id: domain_iam_id.to_string(), - rel_rbum_item_id: None, - sk_lock_cycle_sec: None, - sk_lock_err_times: None, - sk_lock_duration_sec: None, - status: RbumCertConfStatusKind::Enabled, - }, - &funs, - context, - ) - .await?; - - let cert_test_id2 = RbumCertServ::add_rbum( &mut RbumCertAddReq { ak: "test".into(), sk: Some("test".into()), @@ -406,7 +301,7 @@ async fn test_rbum_cert_conf_is_ak_repeatable(context: &TardisContext) -> Tardis end_time: None, conn_uri: None, status: RbumCertStatusKind::Enabled, - rel_rbum_cert_conf_id: Some(ak_repeatable_false_test_id.clone()), + rel_rbum_cert_conf_id: Some(ak_duplicate_cert_conf_id.clone()), rel_rbum_kind: RbumCertRelKind::Item, rel_rbum_id: context.owner.to_string(), is_outside: false, @@ -430,7 +325,7 @@ async fn test_rbum_cert_conf_is_ak_repeatable(context: &TardisContext) -> Tardis end_time: None, conn_uri: None, status: RbumCertStatusKind::Enabled, - rel_rbum_cert_conf_id: Some(ak_repeatable_false_test_id.clone()), + rel_rbum_cert_conf_id: Some(ak_duplicate_cert_conf_id.clone()), rel_rbum_kind: RbumCertRelKind::Item, rel_rbum_id: context.owner.to_string(), is_outside: false, @@ -446,7 +341,7 @@ async fn test_rbum_cert_conf_is_ak_repeatable(context: &TardisContext) -> Tardis .is_err()); assert!(RbumCertServ::modify_rbum( - &cert_test_id2, + &cert_test_id1, &mut RbumCertModifyReq { ak: Some("test".into()), sk: None, @@ -517,7 +412,6 @@ async fn test_rbum_cert_basic(context: &TardisContext) -> TardisResult<()> { sk_encrypted: Some(true), repeatable: None, is_basic: Some(true), - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: Some(2), coexist_num: None, @@ -550,7 +444,6 @@ async fn test_rbum_cert_basic(context: &TardisContext) -> TardisResult<()> { sk_encrypted: Some(false), repeatable: None, is_basic: Some(false), - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: None, coexist_num: None, @@ -914,7 +807,6 @@ async fn test_rbum_cert_sk_dynamic(context: &TardisContext) -> TardisResult<()> sk_encrypted: Some(false), repeatable: None, is_basic: Some(false), - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: Some(2), coexist_num: None, diff --git a/backend/supports/iam/src/basic/serv/iam_cert_aksk_serv.rs b/backend/supports/iam/src/basic/serv/iam_cert_aksk_serv.rs index f9e516f2c..993b2aea1 100644 --- a/backend/supports/iam/src/basic/serv/iam_cert_aksk_serv.rs +++ b/backend/supports/iam/src/basic/serv/iam_cert_aksk_serv.rs @@ -38,7 +38,6 @@ impl IamCertAkSkServ { sk_encrypted: Some(false), repeatable: None, is_basic: Some(false), - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: add_req.expire_sec, sk_lock_cycle_sec: None, diff --git a/backend/supports/iam/src/basic/serv/iam_cert_ldap_serv.rs b/backend/supports/iam/src/basic/serv/iam_cert_ldap_serv.rs index 3966ccce6..5a9370935 100644 --- a/backend/supports/iam/src/basic/serv/iam_cert_ldap_serv.rs +++ b/backend/supports/iam/src/basic/serv/iam_cert_ldap_serv.rs @@ -73,7 +73,6 @@ impl IamCertLdapServ { sk_encrypted: Some(false), repeatable: None, is_basic: Some(false), - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: None, sk_lock_cycle_sec: None, diff --git a/backend/supports/iam/src/basic/serv/iam_cert_mail_vcode_serv.rs b/backend/supports/iam/src/basic/serv/iam_cert_mail_vcode_serv.rs index aa8f3e99c..8ee44649b 100644 --- a/backend/supports/iam/src/basic/serv/iam_cert_mail_vcode_serv.rs +++ b/backend/supports/iam/src/basic/serv/iam_cert_mail_vcode_serv.rs @@ -44,7 +44,6 @@ impl IamCertMailVCodeServ { sk_encrypted: Some(false), repeatable: None, is_basic: Some(false), - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: None, sk_lock_cycle_sec: None, diff --git a/backend/supports/iam/src/basic/serv/iam_cert_oauth2_serv.rs b/backend/supports/iam/src/basic/serv/iam_cert_oauth2_serv.rs index 2f926ef47..2499503e1 100644 --- a/backend/supports/iam/src/basic/serv/iam_cert_oauth2_serv.rs +++ b/backend/supports/iam/src/basic/serv/iam_cert_oauth2_serv.rs @@ -55,7 +55,6 @@ impl IamCertOAuth2Serv { sk_encrypted: Some(false), repeatable: None, is_basic: Some(false), - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: None, sk_lock_cycle_sec: None, diff --git a/backend/supports/iam/src/basic/serv/iam_cert_phone_vcode_serv.rs b/backend/supports/iam/src/basic/serv/iam_cert_phone_vcode_serv.rs index 614346a8a..41fcd8b81 100644 --- a/backend/supports/iam/src/basic/serv/iam_cert_phone_vcode_serv.rs +++ b/backend/supports/iam/src/basic/serv/iam_cert_phone_vcode_serv.rs @@ -47,7 +47,6 @@ impl IamCertPhoneVCodeServ { sk_encrypted: Some(false), repeatable: None, is_basic: Some(false), - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: None, sk_lock_cycle_sec: None, diff --git a/backend/supports/iam/src/basic/serv/iam_cert_token_serv.rs b/backend/supports/iam/src/basic/serv/iam_cert_token_serv.rs index 2272d436f..606e96cfc 100644 --- a/backend/supports/iam/src/basic/serv/iam_cert_token_serv.rs +++ b/backend/supports/iam/src/basic/serv/iam_cert_token_serv.rs @@ -45,7 +45,6 @@ impl IamCertTokenServ { sk_encrypted: Some(false), repeatable: None, is_basic: Some(false), - is_ak_repeatable: None, rest_by_kinds: None, expire_sec: add_req.expire_sec, sk_lock_cycle_sec: None, diff --git a/backend/supports/iam/src/basic/serv/iam_cert_user_pwd_serv.rs b/backend/supports/iam/src/basic/serv/iam_cert_user_pwd_serv.rs index dd8d67efc..cf823091d 100644 --- a/backend/supports/iam/src/basic/serv/iam_cert_user_pwd_serv.rs +++ b/backend/supports/iam/src/basic/serv/iam_cert_user_pwd_serv.rs @@ -43,7 +43,6 @@ impl IamCertUserPwdServ { sk_encrypted: Some(true), repeatable: Some(add_req.repeatable), is_basic: Some(true), - is_ak_repeatable: None, rest_by_kinds: Some(format!("{},{}", IamCertKernelKind::MailVCode, IamCertKernelKind::PhoneVCode)), expire_sec: Some(add_req.expire_sec), sk_lock_cycle_sec: Some(add_req.sk_lock_cycle_sec),