feat: 添加用户密码重置功能并优化用户创建通知邮件

Author: eryajf

.cnb/workflows/build-docker-images.yml

@@ -15,7 +15,7 @@ main:
         ALIHUB_IMAGE_REPONAME: eryajf
       stages:
         - name: 📦 构建制品
-          image: docker.cnb.cool/znb/images/debian:all
+          image: docker.cnb.cool/znb/images/debian:new
           script: |
             docker cp $(docker create --rm docker.cnb.cool/opsre/go-ldap-admin-ui):/app/dist public/static/dist
             make gox-linux

.github/workflows/build-docker-image.yml

@@ -29,9 +29,9 @@ jobs:
   buildImage:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Inject slug/short variables
-        uses: rlespinasse/github-slug-action@v4
+        uses: rlespinasse/github-slug-action@v5
       - name: Get current date
         id: date
         run: echo "today=$(date +'%Y%m%d-%H%M')" >> $GITHUB_OUTPUT

controller/user_controller.go

@@ -93,6 +93,23 @@ func (m UserController) ChangePwd(c *gin.Context) {
 	})
 }
 
+// ResetPassword 重置用户密码
+// @Summary 重置用户密码
+// @Description 重置用户密码为随机密码并发送邮件通知
+// @Tags 用户管理
+// @Accept application/json
+// @Produce application/json
+// @Param  data body request.UserResetPasswordReq true "重置用户密码的结构体"
+// @Success 200 {object} response.ResponseBody
+// @Router /user/resetPassword [post]
+// @Security ApiKeyAuth
+func (m UserController) ResetPassword(c *gin.Context) {
+	req := new(request.UserResetPasswordReq)
+	Run(c, req, func() (any, any) {
+		return logic.User.ResetPassword(c, req)
+	})
+}
+
 // ChangeUserStatus 更改用户状态
 // @Summary 更改用户状态
 // @Description 更改用户状态

logic/a_logic.go

@@ -123,6 +123,11 @@ func CommonAddUser(user *model.User, groups []*model.Group) error {
 	if err != nil {
 		return tools.NewMySqlError(fmt.Errorf("%s", "向MySQL创建用户失败："+err.Error()))
 	}
+
+	// 发送用户创建成功通知邮件
+	if err := tools.SendUserCreationNotification(user.Username, user.Nickname, user.Mail, tools.NewParPasswd(user.Password)); err != nil {
+		common.Log.Warnf("发送用户创建通知邮件失败，用户: %s, 邮箱: %s, 错误: %v", user.Username, user.Mail, err)
+	}
 	// 再将用户添加到ldap
 	err = ildap.User.Add(user)
 	if err != nil {

logic/user_logic.go

@@ -8,6 +8,7 @@ import (
 	"github.com/eryajf/go-ldap-admin/model"
 	"github.com/eryajf/go-ldap-admin/model/request"
 	"github.com/eryajf/go-ldap-admin/model/response"
+	"github.com/eryajf/go-ldap-admin/public/common"
 	"github.com/eryajf/go-ldap-admin/public/tools"
 	"github.com/eryajf/go-ldap-admin/service/ildap"
 	"github.com/eryajf/go-ldap-admin/service/isql"
@@ -371,6 +372,49 @@ func (l UserLogic) ChangePwd(c *gin.Context, req any) (data any, rspError any) {
 	return nil, nil
 }
 
+// ResetPassword 重置用户密码
+func (l UserLogic) ResetPassword(c *gin.Context, req any) (data any, rspError any) {
+	r, ok := req.(*request.UserResetPasswordReq)
+	if !ok {
+		return nil, ReqAssertErr
+	}
+	_ = c
+
+	// 检查用户是否存在
+	if !isql.User.Exist(tools.H{"username": r.Username}) {
+		return nil, tools.NewValidatorError(fmt.Errorf("用户不存在"))
+	}
+
+	// 获取用户信息
+	user := new(model.User)
+	err := isql.User.Find(tools.H{"username": r.Username}, user)
+	if err != nil {
+		return nil, tools.NewMySqlError(fmt.Errorf("获取用户信息失败: %s", err.Error()))
+	}
+
+	// 生成随机密码
+	newPassword := tools.GenerateRandomPassword()
+
+	// 在LDAP中更新密码
+	err = ildap.User.ChangePwd(user.UserDN, "", newPassword)
+	if err != nil {
+		return nil, tools.NewLdapError(fmt.Errorf("在LDAP更新密码失败: %s", err.Error()))
+	}
+
+	// 在MySQL中更新密码
+	err = isql.User.ChangePwd(user.Username, tools.NewGenPasswd(newPassword))
+	if err != nil {
+		return nil, tools.NewMySqlError(fmt.Errorf("在MySQL更新密码失败: %s", err.Error()))
+	}
+
+	// 发送密码重置通知邮件
+	if err := tools.SendPasswordResetNotification(user.Username, user.Nickname, user.Mail, newPassword); err != nil {
+		common.Log.Warnf("发送密码重置通知邮件失败，用户: %s, 邮箱: %s, 错误: %v", user.Username, user.Mail, err)
+	}
+
+	return map[string]string{"newPassword": newPassword}, nil
+}
+
 // ChangeUserStatus 修改用户状态
 func (l UserLogic) ChangeUserStatus(c *gin.Context, req any) (data any, rspError any) {
 	r, ok := req.(*request.UserChangeUserStatusReq)

model/request/user_req.go

@@ -94,6 +94,11 @@ type UserChangePwdReq struct {
 	NewPassword string `json:"newPassword" validate:"required"`
 }
 
+// UserResetPasswordReq 重置密码结构体
+type UserResetPasswordReq struct {
+	Username string `json:"username" validate:"required"`
+}
+
 // UserChangeUserStatusReq 修改用户状态结构体
 type UserChangeUserStatusReq struct {
 	ID     uint `json:"id" validate:"required"`

public/common/init_mysql_data.go

@@ -320,6 +320,13 @@ func InitData() {
 			Remark:   "更新用户登录密码",
 			Creator:  "系统",
 		},
+		{
+			Method:   "POST",
+			Path:     "/user/resetPassword",
+			Category: "user",
+			Remark:   "重置用户密码",
+			Creator:  "系统",
+		},
 		{
 			Method:   "POST",
 			Path:     "/user/add",

public/tools/bcrypt_passwd.go

@@ -1,6 +1,9 @@
 package tools
 
 import (
+	"crypto/rand"
+	"math/big"
+
 	"github.com/eryajf/go-ldap-admin/config"
 )
 
@@ -32,3 +35,21 @@ func NewParPasswd(passwd string) string {
 	pass, _ := RSADecrypt([]byte(passwd), config.Conf.System.RSAPrivateBytes)
 	return string(pass)
 }
+
+const (
+	passwordLength = 8
+	letters        = "abcdefghijklmnopqrstu@vwxyzABCDEFGHIJKL#MNOP*QRSTUVWXYZ0123456789"
+	lettersLength  = len(letters)
+)
+
+// 生成随机密码
+func GenerateRandomPassword() string {
+	password := make([]byte, passwordLength)
+
+	for i := range password {
+		index, _ := rand.Int(rand.Reader, big.NewInt(int64(lettersLength)))
+		password[i] = letters[index.Int64()]
+	}
+
+	return string(password)
+}

public/tools/email.go

@@ -64,3 +64,51 @@ func SendCode(sendto []string) error {
     </div>`, vcode)
 	return email(sendto, subject, body)
 }
+
+// SendUserCreationNotification 发送用户创建成功通知邮件
+func SendUserCreationNotification(username, nickname, mail, password string) error {
+	subject := "LDAP账户创建成功通知"
+	// 邮件正文
+	body := fmt.Sprintf(`<div>
+        <div>
+            尊敬的%s，您好！
+        </div>
+        <div style="padding: 8px 40px 8px 50px;">
+            <p>您的LDAP账户已创建成功，以下是您的账户信息：</p>
+            <ul>
+                <li>用户名：%s</li>
+                <li>昵称：%s</li>
+                <li>初始密码：%s</li>
+            </ul>
+            <p style="color: #ff6600;">请妥善保管您的账户信息，建议首次登录后及时修改密码。</p>
+        </div>
+        <div>
+            <p>此邮箱为系统邮箱，请勿回复。</p>
+        </div>
+    </div>`, nickname, username, nickname, password)
+	return email([]string{mail}, subject, body)
+}
+
+// SendPasswordResetNotification 发送密码重置成功通知邮件
+func SendPasswordResetNotification(username, nickname, mail, newPassword string) error {
+	subject := "LDAP密码重置成功通知"
+	// 邮件正文
+	body := fmt.Sprintf(`<div>
+        <div>
+            尊敬的%s，您好！
+        </div>
+        <div style="padding: 8px 40px 8px 50px;">
+            <p>您的LDAP账户密码已成功重置，以下是您的新密码信息：</p>
+            <ul>
+                <li>用户名：%s</li>
+                <li>新密码：%s</li>
+            </ul>
+            <p style="color: #ff6600;">为了您的账户安全，请尽快登录并修改为您自己的密码。</p>
+            <p style="color: #ff0000;">请妥善保管您的账户信息，切勿泄露给他人。</p>
+        </div>
+        <div>
+            <p>此邮箱为系统邮箱，请勿回复。</p>
+        </div>
+    </div>`, nickname, username, newPassword)
+	return email([]string{mail}, subject, body)
+}

routes/user_routes.go

@@ -22,6 +22,7 @@ func InitUserRoutes(r *gin.RouterGroup, authMiddleware *jwt.GinJWTMiddleware) gi
 		user.POST("/update", controller.User.Update)                     // 更新用户
 		user.POST("/delete", controller.User.Delete)                     // 删除用户
 		user.POST("/changePwd", controller.User.ChangePwd)               // 修改用户密码
+		user.POST("/resetPassword", controller.User.ResetPassword)       // 重置用户密码
 		user.POST("/changeUserStatus", controller.User.ChangeUserStatus) // 修改用户状态
 
 		user.POST("/syncDingTalkUsers", controller.User.SyncDingTalkUsers) // 同步钉钉用户到平台