1. 清理 iwork 无用的接口。

2. 整合 iwork 用户的密码管理策略。

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/IWorkIntegrationController.java

@@ -113,12 +113,6 @@ public class IWorkIntegrationController {
 
     // ----------------- 同步到本地 -----------------
 
-    @PostMapping("/hr/full-sync")
-    @Operation(summary = "手动触发 iWork 组织/人员同步")
-    public CommonResult<IWorkFullSyncRespVO> fullSync(@Valid @RequestBody IWorkFullSyncReqVO reqVO) {
-        return success(syncService.fullSync(reqVO));
-    }
-
     @PostMapping("/hr/departments/full-sync")
     @Operation(summary = "手动触发 iWork 部门同步")
     public CommonResult<IWorkFullSyncRespVO> fullSyncDepartments(@Valid @RequestBody IWorkFullSyncReqVO reqVO) {
@@ -142,10 +136,4 @@ public class IWorkIntegrationController {
     public CommonResult<IWorkFullSyncRespVO> fullSyncUsers(@Valid @RequestBody IWorkFullSyncReqVO reqVO) {
         return success(syncService.fullSyncUsers(reqVO));
     }
-
-    @PostMapping("/hr/single-sync")
-    @Operation(summary = "按 iWork ID 同步单条组织/人员")
-    public CommonResult<IWorkSingleSyncRespVO> singleSync(@Valid @RequestBody IWorkSingleSyncReqVO reqVO) {
-        return success(syncService.syncSingle(reqVO));
-    }
 }

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/vo/IWorkHrUserPageRespVO.java

@@ -171,6 +171,10 @@ public class IWorkHrUserPageRespVO {
         @JsonProperty("accounttype")
         private String accounttype;
 
+        @Schema(description = "用户密码（MD5 密文）")
+        @JsonProperty("password")
+        private String password;
+
         @JsonIgnore
         private Map<String, Object> attributes;
 

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/vo/IWorkSingleSyncReqVO.java

@@ -1,26 +0,0 @@
-package com.zt.plat.module.system.controller.admin.integration.iwork.vo;
-
-import com.zt.plat.module.system.enums.integration.IWorkSyncEntityTypeEnum;
-import io.swagger.v3.oas.annotations.media.Schema;
-import jakarta.validation.constraints.Min;
-import jakarta.validation.constraints.NotNull;
-import lombok.Data;
-
-/**
- * iWork 单条同步请求
- */
-@Data
-public class IWorkSingleSyncReqVO {
-
-    @Schema(description = "同步的实体类型", requiredMode = Schema.RequiredMode.REQUIRED, example = "user")
-    @NotNull(message = "实体类型不能为空")
-    private IWorkSyncEntityTypeEnum entityType;
-
-    @Schema(description = "iWork 提供的实体主键 ID", requiredMode = Schema.RequiredMode.REQUIRED, example = "10001")
-    @NotNull(message = "实体 ID 不能为空")
-    @Min(1)
-    private Long entityId;
-
-    @Schema(description = "缺失时是否自动创建", example = "true")
-    private Boolean createIfMissing = Boolean.TRUE;
-}

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/vo/IWorkSingleSyncRespVO.java

@@ -1,27 +0,0 @@
-package com.zt.plat.module.system.controller.admin.integration.iwork.vo;
-
-import com.zt.plat.module.system.enums.integration.IWorkSyncEntityTypeEnum;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-/**
- * iWork 单条同步响应
- */
-@Data
-public class IWorkSingleSyncRespVO {
-
-    @Schema(description = "同步的实体类型")
-    private IWorkSyncEntityTypeEnum entityType;
-
-    @Schema(description = "实体 ID")
-    private Long entityId;
-
-    @Schema(description = "是否创建了新的记录")
-    private boolean created;
-
-    @Schema(description = "是否对已有记录进行了更新")
-    private boolean updated;
-
-    @Schema(description = "提示信息")
-    private String message;
-}

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/auth/AdminAuthServiceImpl.java

@@ -114,7 +114,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
             createLoginLog(null, username, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
             throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
         }
-        if (!userService.isPasswordMatch(password, user.getPassword())) {
+        if (!userService.isPasswordMatch(user, password)) {
             createLoginLog(user.getId(), username, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
             throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
         }
@@ -299,7 +299,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
         if (length < 4 || length > 16) {
             throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
         }
-        if (!userService.isPasswordMatch(password, user.getPassword())) {
+        if (!userService.isPasswordMatch(user, password)) {
             throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
         }
     }
@@ -436,22 +436,11 @@ public class AdminAuthServiceImpl implements AdminAuthService {
     }
 
     /**
-     * 判断是否为内部用户
-     * 根据UserSourceEnum判断：同步用户为内部用户，外部用户为外部用户
+     * 判断是否为内部用户，仅通过 E 办同步（SYNC）来源的账号才视为内部用户
      */
     private boolean isInternalUser(AdminUserDO user) {
-        // 根据userSource字段判断用户类型
         Integer userSource = user.getUserSource();
-        
-        // 同步用户(SYNC = 2)为内部用户，需要使用E办登录
-        if (userSource != null &&
-            (userSource.equals(UserSourceEnum.SYNC.getSource()) ||
-                userSource.equals(UserSourceEnum.IWORK.getSource()))) {
-            return true;
-        }
-        
-        // 外部用户(EXTERNAL = 1)或其他情况为外部用户，使用账号密码登录
-        return false;
+        return Objects.equals(userSource, UserSourceEnum.SYNC.getSource());
     }
 
     /**

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/integration/iwork/IWorkSyncService.java

@@ -2,19 +2,12 @@ package com.zt.plat.module.system.service.integration.iwork;
 
 import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkFullSyncReqVO;
 import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkFullSyncRespVO;
-import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkSingleSyncReqVO;
-import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkSingleSyncRespVO;
 
 /**
  * iWork 组织/人员同步服务
  */
 public interface IWorkSyncService {
 
-    /**
-     * 发起全量分批同步
-     */
-    IWorkFullSyncRespVO fullSync(IWorkFullSyncReqVO reqVO);
-
     /**
      * 仅同步部门
      */
@@ -35,8 +28,4 @@ public interface IWorkSyncService {
      */
     IWorkFullSyncRespVO fullSyncUsers(IWorkFullSyncReqVO reqVO);
 
-    /**
-     * 根据 iWork ID 进行单条同步
-     */
-    IWorkSingleSyncRespVO syncSingle(IWorkSingleSyncReqVO reqVO);
 }

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/user/AdminUserService.java

@@ -190,10 +190,10 @@ public interface AdminUserService {
     /**
      * 判断密码是否匹配
      *
+     * @param user        用户信息（用于决策密码策略）
      * @param rawPassword 未加密的密码
-     * @param encodedPassword 加密后的密码
      * @return 是否匹配
      */
-    boolean isPasswordMatch(String rawPassword, String encodedPassword);
+    boolean isPasswordMatch(AdminUserDO user, String rawPassword);
 
 }