1. 清理 iwork 无用的接口。

2. 整合 iwork 用户的密码管理策略。

zt-module-system/zt-module-system-api/src/main/java/com/zt/plat/module/system/enums/ErrorCodeConstants.java

@@ -61,6 +61,7 @@ public interface ErrorCodeConstants {
     ErrorCode USER_IMPORT_INIT_PASSWORD = new ErrorCode(1_002_003_009, "初始密码不能为空");
     ErrorCode USER_MOBILE_NOT_EXISTS = new ErrorCode(1_002_003_010, "该手机号尚未注册");
     ErrorCode USER_REGISTER_DISABLED = new ErrorCode(1_002_003_011, "注册功能已关闭");
+    ErrorCode USER_PASSWORD_MODIFY_FORBIDDEN = new ErrorCode(1_002_003_012, "该用户来源不支持修改密码");
 
     // ========== 部门模块 1-002-004-000 ==========
     ErrorCode DEPT_NAME_DUPLICATE = new ErrorCode(1_002_004_000, "当前上级部门已存在同名子部门");

zt-module-system/zt-module-system-api/src/main/java/com/zt/plat/module/system/enums/user/PasswordStrategyEnum.java

@@ -0,0 +1,24 @@
+package com.zt.plat.module.system.enums.user;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+/**
+ * 密码处理策略，用于区分本地账户与外部同步账户的密码存储/校验方式。
+ */
+@AllArgsConstructor
+@Getter
+public enum PasswordStrategyEnum {
+
+    /**
+     * 本地创建或注册用户，使用 Spring Security {@code PasswordEncoder}（BCrypt）。
+     */
+    LOCAL_BCRYPT("LOCAL_BCRYPT"),
+    /**
+     * iWork 同步的 MD5 密文，直接按大写 MD5 存储及校验。
+     */
+    IWORK_MD5("IWORK_MD5");
+
+    private final String label;
+
+}

zt-module-system/zt-module-system-api/src/main/java/com/zt/plat/module/system/enums/user/UserSourceEnum.java

@@ -3,6 +3,9 @@ package com.zt.plat.module.system.enums.user;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 
+import java.util.Arrays;
+import java.util.Objects;
+
 /**
  * 用户来源枚举
  *
@@ -12,9 +15,9 @@ import lombok.Getter;
 @Getter
 public enum UserSourceEnum {
 
-    EXTERNAL(1, "外部用户"),  // 系统创建、注册等方式产生的用户
+    EXTERNAL(1, "外部用户", PasswordStrategyEnum.LOCAL_BCRYPT),  // 系统创建、注册等方式产生的用户
-    SYNC(2, "同步用户"),     // 通过 UserSyncService 同步的用户
+    SYNC(2, "同步用户", PasswordStrategyEnum.LOCAL_BCRYPT),     // 通过 UserSyncService 同步的用户
-    IWORK(3, "iWork 用户");  // 通过 iWork 全量/单条同步产生的用户
+    IWORK(3, "iWork 用户", PasswordStrategyEnum.IWORK_MD5);  // 通过 iWork 全量/单条同步产生的用户
 
     /**
      * 类型
@@ -24,5 +27,28 @@ public enum UserSourceEnum {
      * 名字
      */
     private final String name;
+    /**
+     * 默认密码策略
+     */
+    private final PasswordStrategyEnum passwordStrategy;
+
+    public static UserSourceEnum of(Integer source) {
+        if (source == null) {
+            return null;
+        }
+        return Arrays.stream(values())
+                .filter(item -> Objects.equals(item.source, source))
+                .findFirst()
+                .orElse(null);
+    }
+
+    public static PasswordStrategyEnum resolvePasswordStrategy(Integer source) {
+        UserSourceEnum matched = of(source);
+        return matched == null ? PasswordStrategyEnum.LOCAL_BCRYPT : matched.getPasswordStrategy();
+    }
+
+    public boolean isExternal() {
+        return this == EXTERNAL;
+    }
 
 }

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/IWorkIntegrationController.java

@@ -113,12 +113,6 @@ public class IWorkIntegrationController {
 
     // ----------------- 同步到本地 -----------------
 
-    @PostMapping("/hr/full-sync")
-    @Operation(summary = "手动触发 iWork 组织/人员同步")
-    public CommonResult<IWorkFullSyncRespVO> fullSync(@Valid @RequestBody IWorkFullSyncReqVO reqVO) {
-        return success(syncService.fullSync(reqVO));
-    }
-
     @PostMapping("/hr/departments/full-sync")
     @Operation(summary = "手动触发 iWork 部门同步")
     public CommonResult<IWorkFullSyncRespVO> fullSyncDepartments(@Valid @RequestBody IWorkFullSyncReqVO reqVO) {
@@ -142,10 +136,4 @@ public class IWorkIntegrationController {
     public CommonResult<IWorkFullSyncRespVO> fullSyncUsers(@Valid @RequestBody IWorkFullSyncReqVO reqVO) {
         return success(syncService.fullSyncUsers(reqVO));
     }
-
-    @PostMapping("/hr/single-sync")
-    @Operation(summary = "按 iWork ID 同步单条组织/人员")
-    public CommonResult<IWorkSingleSyncRespVO> singleSync(@Valid @RequestBody IWorkSingleSyncReqVO reqVO) {
-        return success(syncService.syncSingle(reqVO));
-    }
 }

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/vo/IWorkHrUserPageRespVO.java

@@ -171,6 +171,10 @@ public class IWorkHrUserPageRespVO {
         @JsonProperty("accounttype")
         private String accounttype;
 
+        @Schema(description = "用户密码（MD5 密文）")
+        @JsonProperty("password")
+        private String password;
+
         @JsonIgnore
         private Map<String, Object> attributes;
 

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/vo/IWorkSingleSyncReqVO.java

@@ -1,26 +0,0 @@
-package com.zt.plat.module.system.controller.admin.integration.iwork.vo;
-
-import com.zt.plat.module.system.enums.integration.IWorkSyncEntityTypeEnum;
-import io.swagger.v3.oas.annotations.media.Schema;
-import jakarta.validation.constraints.Min;
-import jakarta.validation.constraints.NotNull;
-import lombok.Data;
-
-/**
- * iWork 单条同步请求
- */
-@Data
-public class IWorkSingleSyncReqVO {
-
-    @Schema(description = "同步的实体类型", requiredMode = Schema.RequiredMode.REQUIRED, example = "user")
-    @NotNull(message = "实体类型不能为空")
-    private IWorkSyncEntityTypeEnum entityType;
-
-    @Schema(description = "iWork 提供的实体主键 ID", requiredMode = Schema.RequiredMode.REQUIRED, example = "10001")
-    @NotNull(message = "实体 ID 不能为空")
-    @Min(1)
-    private Long entityId;
-
-    @Schema(description = "缺失时是否自动创建", example = "true")
-    private Boolean createIfMissing = Boolean.TRUE;
-}

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/vo/IWorkSingleSyncRespVO.java

@@ -1,27 +0,0 @@
-package com.zt.plat.module.system.controller.admin.integration.iwork.vo;
-
-import com.zt.plat.module.system.enums.integration.IWorkSyncEntityTypeEnum;
-import io.swagger.v3.oas.annotations.media.Schema;
-import lombok.Data;
-
-/**
- * iWork 单条同步响应
- */
-@Data
-public class IWorkSingleSyncRespVO {
-
-    @Schema(description = "同步的实体类型")
-    private IWorkSyncEntityTypeEnum entityType;
-
-    @Schema(description = "实体 ID")
-    private Long entityId;
-
-    @Schema(description = "是否创建了新的记录")
-    private boolean created;
-
-    @Schema(description = "是否对已有记录进行了更新")
-    private boolean updated;
-
-    @Schema(description = "提示信息")
-    private String message;
-}

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/auth/AdminAuthServiceImpl.java

@@ -114,7 +114,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
             createLoginLog(null, username, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
             throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
         }
-        if (!userService.isPasswordMatch(password, user.getPassword())) {
+        if (!userService.isPasswordMatch(user, password)) {
             createLoginLog(user.getId(), username, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
             throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
         }
@@ -299,7 +299,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
         if (length < 4 || length > 16) {
             throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
         }
-        if (!userService.isPasswordMatch(password, user.getPassword())) {
+        if (!userService.isPasswordMatch(user, password)) {
             throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
         }
     }
@@ -436,22 +436,11 @@ public class AdminAuthServiceImpl implements AdminAuthService {
     }
 
     /**
-     * 判断是否为内部用户
+     * 判断是否为内部用户，仅通过 E 办同步（SYNC）来源的账号才视为内部用户
-     * 根据UserSourceEnum判断：同步用户为内部用户，外部用户为外部用户
      */
     private boolean isInternalUser(AdminUserDO user) {
-        // 根据userSource字段判断用户类型
         Integer userSource = user.getUserSource();
-        
+        return Objects.equals(userSource, UserSourceEnum.SYNC.getSource());
-        // 同步用户(SYNC = 2)为内部用户，需要使用E办登录
-        if (userSource != null &&
-            (userSource.equals(UserSourceEnum.SYNC.getSource()) ||
-                userSource.equals(UserSourceEnum.IWORK.getSource()))) {
-            return true;
-        }
-        
-        // 外部用户(EXTERNAL = 1)或其他情况为外部用户，使用账号密码登录
-        return false;
     }
 
     /**

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/integration/iwork/IWorkSyncService.java

@@ -2,19 +2,12 @@ package com.zt.plat.module.system.service.integration.iwork;
 
 import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkFullSyncReqVO;
 import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkFullSyncRespVO;
-import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkSingleSyncReqVO;
-import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkSingleSyncRespVO;
 
 /**
  * iWork 组织/人员同步服务
  */
 public interface IWorkSyncService {
 
-    /**
-     * 发起全量分批同步
-     */
-    IWorkFullSyncRespVO fullSync(IWorkFullSyncReqVO reqVO);
-
     /**
      * 仅同步部门
      */
@@ -35,8 +28,4 @@ public interface IWorkSyncService {
      */
     IWorkFullSyncRespVO fullSyncUsers(IWorkFullSyncReqVO reqVO);
 
-    /**
-     * 根据 iWork ID 进行单条同步
-     */
-    IWorkSingleSyncRespVO syncSingle(IWorkSingleSyncReqVO reqVO);
 }