public JsonResult GetUserByObjectID(string userCode, string mobileToken, string targetUserId)
{
UserValidator sourceUser = this.UserValidator;
if (sourceUser == null)
{
return(Json(new { }, JsonRequestBehavior.AllowGet));
}
OThinker.Organization.User user = this.Engine.Organization.GetUnit(targetUserId) as OThinker.Organization.User;
if (user == null)
{
return(Json(new { }, JsonRequestBehavior.AllowGet));
}
UserValidator userValidator = UserValidatorFactory.GetUserValidator(this.Engine, user.Code);
MobileAccess mobile = new MobileAccess();
MobileAccess.MobileUser mobileUser = mobile.GetMobileUser(sourceUser, user, user.ImageUrl, userValidator.DepartmentName, string.Empty);
var result = new
{
MobileUser = mobileUser
};
return(Json(result, JsonRequestBehavior.AllowGet));
}
/// <summary>
/// 验证获取信息的用户身份
/// </summary>
/// <param name="userCode"></param>
/// <param name="mobileToken"></param>
/// <returns></returns>
private UserValidator ValidateUserMobileToken(string userCode, string mobileToken)
{
UserValidator userValidator = UserValidatorFactory.GetUserValidator(this.Engine, userCode);
if (userValidator == null)
{
return(null);
}
if (userValidator.User.MobileToken == OThinker.Security.MD5Encryptor.GetMD5(mobileToken))
{
return(userValidator);
}
return(null);
}
/// <summary>
/// 获取当前用户信息
/// </summary>
/// <param name="Page"></param>
/// <returns></returns>
public UserValidator GetUserValidator(Page Page)
{
string message = null;
UserValidator user = UserValidatorFactory.GetUserValidator(Page, this.GetPortalRoot(Page), out message);
if (user == null)
{
//string url = GetNotifyUrl(Page, message);
Page.Response.Redirect("../index.html");
return(null);
}
else
{
return(user);
}
}
/// <summary>
/// 修改密码
/// </summary>
/// <param name="old_pwd"></param>
/// <param name="NewPassword"></param>
/// <returns></returns>
public JsonResult SetPassword(string user_code, string old_pwd, string new_pwd)
{
var result = false;
//验证
old_pwd = old_pwd.Trim();
bool success = UserValidatorFactory.Login(OThinker.Clusterware.AuthenticationType.Forms, null, user_code, old_pwd, OThinker.H3.Site.PortalType.Portal);
if (success)
{
//this.UserValidator.User.Password = new_pwd;
var u = Engine.Organization.GetUserByCode(user_code);
u.Password = new_pwd;
//var user_updated = Engine.Organization.GetUnit(u.ObjectID);
Engine.Organization.UpdateUnit(user_code, u);
result = true;
}
return(Json(result, JsonRequestBehavior.AllowGet));
}
public JsonResult SecureLogin(string userCode, string password)
{
bool loginResult = false;
object result;
string enableCheckCode = System.Configuration.ConfigurationManager.AppSettings["EnableCheckCode"] + string.Empty;
try
{
if (enableCheckCode != "0")
{
string[] wait = System.Configuration.ConfigurationManager.AppSettings["WaitTime"].Split(',');
var sql = "SELECT COUNT(1) FROM OT_CHECKCODE WHERE STATE = 0 AND USERCODE = N'" + userCode.Replace("'", "''") + "'";
int c = Convert.ToInt32(Engine.EngineConfig.CommandFactory.CreateCommand().ExecuteScalar(sql) + string.Empty);
int waits = 0;
int.TryParse(wait[c >= wait.Length ? wait.Length - 1 : c], out waits);
string ret = Engine.EngineConfig.CommandFactory.CreateCommand().ExecuteScalar("SELECT Max(CREATETIME) FROM OT_CHECKCODE WHERE STATE = 0 AND USERCODE = N'" + userCode.Replace("'", "''") + "'") + string.Empty;
DateTime dt = Convert.ToDateTime(string.IsNullOrWhiteSpace(ret) ? "2019-01-01 00:00:00" : ret);
if (waits > 0 && (DateTime.Now - dt).TotalSeconds < waits)
{
return(Json(new { Success = false, Message = "NeedCheckCode" }, JsonRequestBehavior.AllowGet));
}
}
loginResult = UserValidatorFactory.Login(
OThinker.Clusterware.AuthenticationType.Forms,
string.Empty,
userCode,
password,
OThinker.H3.Site.PortalType.Portal);
}
catch (Exception ex)
{
//ConnectionFailed
if (ex.Message.Contains("ConnectionFailed"))
{
return(Json(new { Success = false, Message = "ConnectionFailed" }, JsonRequestBehavior.AllowGet));
}
else if (ex.Message.Contains("PasswordInvalid"))
{
return(Json(new { Success = false, Message = "EnginePasswordInvalid" }, JsonRequestBehavior.AllowGet));
}
}
if (loginResult)
{
if (enableCheckCode != "0")
{
string sql = "UPDATE OT_CHECKCODE SET STATE = 1 WHERE USERCODE = N'" + userCode.Replace("'", "''") + "'";
Engine.EngineConfig.CommandFactory.CreateCommand().ExecuteNonQuery(sql);
}
#region 校验密码复杂度
//Regex reg = new Regex(@"^(((?=.*[0-9])(?=.*[a-zA-Z]))|((?=.*[0-9])(?=.*[!@#$%\^&*\(\)]))|((?=.*[a-zA-Z])(?=.*[!@#$%\^&*\(\)]))).{6,16}$", RegexOptions.None);
if (!RegValidate(password))
{
UserValidatorFactory.Exit(this);
Session.Clear();
Session.Abandon();
result = new
{
Success = false,
ErrorCode = 1,
Message = "密码复杂度不符合要求"
};
}
else
{
result = getCurrentUser();
FormsAuthentication.SetAuthCookie(this.UserValidator.User.Code, false);
}
#endregion
}
else
{
result = new
{
Success = false,
ErrorCode = 2,
Message = "用户名或密码错误"
};
if (enableCheckCode != "0")
{
string model = "INSERT INTO OT_CHECKCODE(OBJECTID,USERCODE,IP,SYSTEMINFO,BROWSER,CODE,STATE,LOGINTIME, CREATETIME)VALUES('[OBJECTID]','" + userCode.Replace("'", "''") + "','" + Request.UserHostAddress.Replace("'", "''") + "','" + Request.UserAgent.Replace("'", "''") + "','" + Request.Browser.Browser.Replace("'", "''") + "/" + Request.Browser.Version.Replace("'", "''") + "','',[STATE],to_date('" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + "','yyyy-MM-dd HH24:mi:ss'),to_date('" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + "','yyyy-MM-dd HH24:mi:ss'))";
string sql = model.Replace("[OBJECTID]", Guid.NewGuid().ToString()).Replace("[STATE]", "0");
Engine.EngineConfig.CommandFactory.CreateCommand().ExecuteNonQuery(sql);
}
UserValidatorFactory.Exit(this);
Session.Clear();
Session.Abandon();
}
return(Json(result, JsonRequestBehavior.AllowGet));
}
public void LoginOut()
{
UserValidatorFactory.Exit(this);
Session.Clear();
Session.Abandon();
}
/// <summary>
/// 启动H3流程实例
/// </summary>
/// <param name="workflowCode">流程模板编码</param>
/// <param name="userCode">启动流程的用户编码</param>
/// <param name="finishStart">是否结束第一个活动</param>
/// <param name="paramValues">流程实例启动初始化数据项集合</param>
/// <returns></returns>
public BPMServiceResult StartWorkflow(string workflowCode, string userCode, bool finishStart, List <DataItemParam> paramValues)
{
//ValidateSoapHeader();
BPMServiceResult result = new BPMServiceResult();
try
{
// 获取模板
OThinker.H3.WorkflowTemplate.PublishedWorkflowTemplateHeader workflowTemplate = GetWorkflowTemplate(workflowCode);
if (workflowTemplate == null)
{
return(new BPMServiceResult(false, "流程启动失败,流程模板不存在,模板编码:" + workflowCode + "。"));
}
// 查找流程发起人
//OThinker.Organization.User user = Engine.Organization.GetUnitByCode(userCode) as Organization.User;
//string user = GetUserIDByCode(userCode);
string user = UserValidatorFactory.GetUserValidator(Engine, userCode)?.UserID;
if (user == null)
{
return(new BPMServiceResult(false, "流程启动失败,用户{" + userCode + "}不存在。"));
}
OThinker.H3.DataModel.BizObjectSchema schema = Engine.BizObjectManager.GetPublishedSchema(workflowTemplate.BizObjectSchemaCode);
OThinker.H3.DataModel.BizObject bo = new OThinker.H3.DataModel.BizObject(Engine.Organization, Engine.MetadataRepository, Engine.BizObjectManager, null, schema, user);
if (paramValues != null)
{
// 这里可以在创建流程的时候赋值
foreach (DataItemParam param in paramValues)
{
if (bo.Schema.GetProperty(param.ItemName).LogicType == OThinker.H3.Data.DataLogicType.BizObjectArray)
{
var t = new List <OThinker.H3.DataModel.BizObject>();
foreach (List <DataItemParam> list in (System.Collections.IEnumerable)param.ItemValue)
{
var m = new OThinker.H3.DataModel.BizObject(Engine.Organization, Engine.MetadataRepository, Engine.BizObjectManager, null, schema.Fields.FirstOrDefault(x => x.ChildSchemaCode == param.ItemName).Schema, user);
foreach (DataItemParam item in list)
{
if (m.Schema.ContainsField(item.ItemName))
{
m.SetValue(item.ItemName, item.ItemValue);
}
}
t.Add(m);
}
bo[param.ItemName] = t.ToArray();
}
else if (bo.Schema.ContainsField(param.ItemName))
{
bo[param.ItemName] = param.ItemValue;
}
}
}
bo.Create();
// 创建流程实例
//string InstanceId = this.Engine.InstanceManager.CreateInstance(bo.ObjectID,workflowTemplate.WorkflowCode,workflowTemplate.WorkflowVersion,
// null,null,user,null, null, false, OThinker.H3.Instance.InstanceContext.UnspecifiedID,null,OThinker.H3.Instance.Token.UnspecifiedID);
string InstanceId = this.Engine.InstanceManager.CreateInstanceByDefault(bo.ObjectID, workflowTemplate.WorkflowCode, null, user);
// 设置紧急程度为普通
OThinker.H3.Messages.MessageEmergencyType emergency = OThinker.H3.Messages.MessageEmergencyType.Normal;
// 这里也可以在启动流程的时候赋值
Dictionary <string, object> paramTables = new Dictionary <string, object>();
// 启动流程的消息
OThinker.H3.Messages.StartInstanceMessage startInstanceMessage = new OThinker.H3.Messages.StartInstanceMessage(emergency,
InstanceId, null, paramTables, OThinker.H3.Instance.PriorityType.Normal, true, null, false,
OThinker.H3.Instance.Token.UnspecifiedID, null);
Engine.InstanceManager.SendMessage(startInstanceMessage);
result = new BPMServiceResult(true, InstanceId, null, "流程实例启动成功!", "");
}
catch (Exception ex)
{
result = new BPMServiceResult(false, "流程实例启动失败!错误:" + ex.Message);
}
return(result);
}
/// <summary>
/// 提交工作项
/// </summary>
/// <param name="workItemId">工作项ID</param>
/// <param name="approval">审批结果</param>
/// <param name="commentText">审批意见</param>
/// <param name="userId">处理人</param>
private BPMServiceResult SubmitItem(string workflowCode, string instanceId, string workItemId, OThinker.Data.BoolMatchValue approval, string commentText, string userId, List <DataItemParam> values)
{
BPMServiceResult result = new BPMServiceResult();
try
{
string user = UserValidatorFactory.GetUserValidator(Engine, userId)?.UserID;
if (user == null)
{
return(new BPMServiceResult(false, "流程启动失败,用户{" + userId + "}不存在。"));
}
OThinker.H3.WorkflowTemplate.PublishedWorkflowTemplate workflowTemplate = Engine.WorkflowManager.GetDefaultWorkflow(workflowCode);
InstanceContext ic = Engine.InstanceManager.GetInstanceContext(instanceId);
if (ic == null)
{
return(new BPMServiceResult(false, "InstanceID错误,此ID在H3系统中不存在,请检查"));
}
OThinker.H3.DataModel.BizObjectSchema schema = Engine.BizObjectManager.GetPublishedSchema(workflowTemplate.BizObjectSchemaCode);
OThinker.H3.DataModel.BizObject bo = new OThinker.H3.DataModel.BizObject(Engine.Organization, Engine.MetadataRepository, Engine.BizObjectManager, null, schema, user);
bo.ObjectID = ic.BizObjectId;
bo.Load();
foreach (DataItemParam value in values)
{
OThinker.H3.DataModel.PropertySchema property = schema.GetProperty(value.ItemName);
if (property.LogicType == OThinker.H3.Data.DataLogicType.BizObjectArray)
{
var t = new List <OThinker.H3.DataModel.BizObject>();
foreach (List <DataItemParam> list in (IEnumerable)value.ItemValue)
{
var m = new OThinker.H3.DataModel.BizObject(Engine.Organization, Engine.MetadataRepository, Engine.BizObjectManager, null, property.ChildSchema, bo.OwnerId);
foreach (DataItemParam dataItem in list)
{
if (m.Schema.ContainsField(dataItem.ItemName))
{
m.SetValue(dataItem.ItemName, dataItem.ItemValue);
}
}
t.Add(m);
}
bo[value.ItemName] = t.ToArray();
}
else if (bo.Schema.ContainsField(value.ItemName))
{
bo[value.ItemName] = value.ItemValue;
}
}
bo.Update();
// 获取工作项
OThinker.H3.WorkItem.WorkItem item = Engine.WorkItemManager.GetWorkItem(workItemId);
OThinker.H3.Instance.InstanceContext instance = Engine.InstanceManager.GetInstanceContext(item.InstanceId);
// 结束工作项
Engine.WorkItemManager.FinishWorkItem(item.ObjectID, userId, OThinker.H3.WorkItem.AccessPoint.ExternalSystem, null, approval,
commentText, null, OThinker.H3.WorkItem.ActionEventType.Forward, (int)OThinker.H3.Controllers.SheetButtonType.Submit);
// 需要通知实例事件管理器结束事件
OThinker.H3.Messages.AsyncEndMessage endMessage = new OThinker.H3.Messages.AsyncEndMessage(OThinker.H3.Messages.MessageEmergencyType.Normal,
item.InstanceId, item.ActivityCode, item.TokenId, approval, false, approval, true, null);
Engine.InstanceManager.SendMessage(endMessage);
result = new BPMServiceResult(true, "", null, "流程实例启动成功!", "");
}
catch (Exception ex)
{
result = new BPMServiceResult(false, "流程实例启动失败!错误:" + ex.Message);
}
return(result);
}
/// <summary>
/// 登录事件
/// </summary>
/// <param name="usercode"></param>
/// <param name="password"></param>
/// <param name="systemcode"></param>
/// <returns></returns>
public string DoLogin(string usercode, string password, string systemcode)
{
var context = HttpContext.Current;
//使用H3的认证方式,支持Form认证和AD认证
var loginResult = UserValidatorFactory.Login(
OThinker.Clusterware.AuthenticationType.Forms,
string.Empty,
usercode,
password,
OThinker.H3.Site.PortalType.Portal);
if (loginResult)
{
var user = OThinker.H3.Controllers.AppUtility.Engine.Organization.GetUserByCode(usercode);
//此处客户要求每个系统单独生成Token,做的处理,只要任一系统登录成功,都为接入单点登录的所有网站生成Token
//查找注册在H3单点登录列表中的所有站点
var systemlist = OThinker.H3.Controllers.AppUtility.Engine.SSOManager.GetSSOSystemList();
foreach (var item in systemlist)
{
//5 登录成功,创建用户账号对应的token xxx
//Token的加密组合:系统编码+登录名+时间戳
var p_param = string.Format("{0}|{1}|{2}", item.SystemCode, usercode, System.DateTime.Now.Ticks);
var key = GetSecretBySystemcode(item.SystemCode);
var token = EncryptHelper.Encrypt(p_param, key);
//更改系统状态,允许调用接口进行Token验证
item.AllowGetToken = true;
OThinker.H3.Controllers.AppUtility.Engine.SSOManager.UpdateSSOSystem(item);
//6 把token写到本站cookie;
context.Response.SetCookie(new HttpCookie(item.SystemCode, token));
}
//这个cookie和sso流程无关,是方便SSO的login.html前端页面显示用户名用的。
context.Response.SetCookie(new HttpCookie("username", user.Name));
var mesg = new Message {
UserCode = user.Code
};
if (!string.IsNullOrEmpty(systemcode))
{
//7 跳转到returnurl并带上token。此处只输出token,在前端页面回调中执行跳转。
mesg.Url = GetSystemUrl(systemcode);
mesg.Token = context.Request.Cookies[systemcode] != null ? context.Request.Cookies[systemcode].Value : "";
}
return(Newtonsoft.Json.JsonConvert.SerializeObject(mesg));
}
else
{
var mesg = new Message {
UserCode = "", ErrCode = "1000", ErrMsg = "用户名或密码错误"
};
return(Newtonsoft.Json.JsonConvert.SerializeObject(mesg));
}
}
public JsonResult LoginIn(string userCode, string password)
{
ActionResultEntity result = new ActionResultEntity();
try
{
if (userCode == "testUser")
{
//开发测试用
UserValidator uservalidator = new UserValidator();
uservalidator.IsAdmin = true;
uservalidator.UserCode = "testUser";
uservalidator.UserName = "******";
this.Session[Sessions.GetUserValidator()] = uservalidator;
result.Result = true;
result.Message = "验证成功";
return(Json(result, JsonRequestBehavior.AllowGet));
}
// 用户名和密码不为空,则使用用户名和密码登录
if (string.IsNullOrEmpty(userCode) || string.IsNullOrEmpty(password))
{
result.Result = false;
if (string.IsNullOrEmpty(userCode))
{
result.Message += "用户账号为空";
}
if (string.IsNullOrEmpty(password))
{
result.Message += "用户密码为空";
}
return(Json(result, JsonRequestBehavior.AllowGet));
}
User loginuser = UserHelper.GetUserbyCode(userCode);
if (loginuser == null)
{
result.Result = false;
result.Message = "当前用户不存在";
return(Json(result, JsonRequestBehavior.AllowGet));
}
if (loginuser.Password == password)//如果用户密码一致 登录成功
{
UserValidator uservalidator = UserValidatorFactory.GetUserValidatorByUser(loginuser);
//设置session的值
this.Session[Sessions.GetUserValidator()] = uservalidator;
result.Result = true;
result.Message = "验证成功";
}
else
{
result.Result = false;
result.Message = "用户密码不正确";
}
return(Json(result, JsonRequestBehavior.AllowGet));
}
catch (Exception ex)
{
result.Result = false;
result.Message = ex.ToString();
return(Json(result, JsonRequestBehavior.AllowGet));
}
}
public JsonResult WorkItemSheets(string paramString)
{
ActionResult result = new ActionResult(false, "");
Dictionary <string, string> dicParams = JsonConvert.DeserializeObject <Dictionary <string, string> >(paramString);
bool isMobile = false;
string LoginName = string.Empty;
string LoginPassword = string.Empty;
string MobileToken = string.Empty;
string WechatCode = string.Empty;
string EngineCode = string.Empty;
foreach (string key in dicParams.Keys)
{
if (key == Param_WorkItemID)
{
WorkItemID = dicParams[key]; continue;
}
if (key == Param_Mode)
{
SheetMode = (SheetMode)Enum.Parse(typeof(SheetMode), dicParams[key]); continue;
}
if (key == Param_IsMobile)
{
bool.TryParse(dicParams[key], out isMobile);
IsMobile = isMobile;
continue;
}
if (key.ToLower() == "loginname")
{
LoginName = dicParams[key];
}
if (key.ToLower() == "loginpassword")
{
LoginPassword = dicParams[key];
}
if (key.ToLower() == "mobiletoken")
{
MobileToken = dicParams[key];
}
if (key.ToLower() == "code")
{
WechatCode = dicParams[key];
}
if (key.ToLower() == "state")
{
EngineCode = dicParams[key];
}
}
//TODO:微信不需要做单点登录
////实现微信单点登录
//if (!string.IsNullOrEmpty(WechatCode) && !string.IsNullOrEmpty(EngineCode)
// && System.Web.HttpContext.Current.Session[Sessions.GetUserValidator()] != null)
//{
// IsMobile = true;
// UserValidatorFactory.LoginAsWeChat(EngineCode, WechatCode);
//}
//APP打开表单验证
if (!string.IsNullOrEmpty(LoginName) && !string.IsNullOrEmpty(MobileToken) && this.UserValidator == null)
{
if (!SSOopenSheet(LoginName, MobileToken))
{
result = new ActionResult(false, "登录超时!", null, ExceptionCode.NoAuthorize);
return(Json(result, JsonRequestBehavior.AllowGet));
}
}
if (this.UserValidator == null && !string.IsNullOrEmpty(LoginName) && !string.IsNullOrEmpty(LoginPassword))
{ // 实现登录验证
OThinker.Organization.User user = this.Engine.Organization.GetUserByCode(LoginName);
if (user.ValidatePassword(LoginPassword))
{
Session[Sessions.GetUserValidator()] = UserValidatorFactory.GetUserValidator(this.Engine, user.Code);
}
}
if (this.UserValidator == null)
{
result = new ActionResult(false, "登录超时!", null, ExceptionCode.NoAuthorize);
return(Json(result, JsonRequestBehavior.AllowGet));
}
// 解析Url地址
if (SheetMode == SheetMode.Work)
{
if (CurrentWorkItem != null)
{
url = this.GetWorkSheetUrl(
CurrentWorkItem,
WorkItemSheet,
IsMobile);
}
else
{
url = this.GetViewCirculateItemSheetUrl(
CurrentCirculateItem,
WorkItemSheet,
SheetMode,
IsMobile);
}
}
else
{
if (CurrentWorkItem != null)
{
url = this.GetViewSheetUrl(
CurrentWorkItem,
WorkItemSheet,
SheetMode,
IsMobile);
}
else
{
url = this.GetViewCirculateItemSheetUrl(
CurrentCirculateItem,
WorkItemSheet,
SheetMode,
IsMobile);
}
}
// 将其中的数据参数做转换
if (url.Contains(OThinker.H3.Math.Variant.VariablePrefix.ToString()))
{
url = InstanceData.ParseText(url);
}
// 处理缓存
DateTime t = DateTime.Now;
url += "&T=" + t.ToString("HHmmss") + WorkItemID.Substring(0, 8);
if (SheetMode == SheetMode.Print)
{
url += "Print";
}
result.Success = true;
result.Message = url;
return(Json(result, JsonRequestBehavior.AllowGet));
}
