企业门户集成每刻审批数据方案
企业密码
目前是每刻管理员为企业生成企业密码secretKey以及entCode,然后企业用密码为员工工号或邮箱或手机号进行签名;
企业签名员工帐号
ssoToken = sha256(secretKey:userId:timestamp)
访问SSO地址获得authToken
使用entCode, userId, timestamp, ssoToken访问地址,
https://uat.maycur.com/api/web/auth/sso?entCode={entCode}&userId={userId}×tamp={timestamp}&token={ssoToken}
假设得到以下的结果,从中得到tokenId:
{
"code":"ACK",
"message":"",
"data":{
"tokenId":"VUkxNjA4MDQxMU9ENjdFTzpXRUI6V0VCNjNBOEU5RDYtQjA4NS00QkQwLUIzRDQtRUU2OTgxMTAwQUJE"
}
data结构中可能包括其他字段,请忽略; 获得的auth token可用于获取审批列表
Demo
Java代码生成ssoToken
String secret = "c358d871d9b1f22f008df05ed4c7f7325ce7babaeb0d998470e23c3c2d6b0d7c";
long timestamp = System.currentTimeMillis();
String userId = "10001"; --工号或者邮箱
String ssoToken = DigestUtils.sha256Hex((secret + ":" + userId + ":" + timestamp).getBytes());
C#代码生成ssoToken
protected IRestResponse GetAuthToken()
{
DateTime Jan1st1970 = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
string secret = "AAAAAAA";
long timestamp= (long)((DateTime.UtcNow - Jan1st1970).TotalMilliseconds);
string userId = "000001";
string ssoToken = SHA256(secret + ":" + userId + ":" + timestamp);
var client = new RestClient("https://uat.maycur.com/api/web/auth/sso?entCode=YYYYYY&userId="+ userId + "×tamp=" + timestamp +"&token=" + ssoToken);
var request = new RestRequest(Method.GET);
request.AddHeader("cache-control", "no-cache");
return client.Execute(request);
}
public static string SHA256(string str)
{
byte[] SHA256Data = Encoding.UTF8.GetBytes(str);
SHA256Managed Sha256 = new SHA256Managed();
byte[] by = Sha256.ComputeHash(SHA256Data);
return BitConverter.ToString(by).Replace("-", "").ToLower(); //64
}
....
每刻SSO单点登陆方案
通过SSO跳转每刻主页(此地址和前面获取sso token地址不同)
Java代码生成ssoToken
String secret = "c358d871d9b1f22f008df05ed4c7f7325ce7babaeb0d998470e23c3c2d6b0d7c";
long timestamp = System.currentTimeMillis();
String userId = "10001"; --工号或者邮箱
String ssoToken = DigestUtils.sha256Hex((secret + ":" + userId + ":" + timestamp).getBytes());
web端sso链接后缀
{url}可以设置为跳转后的页面,
- 对私报销为 approve
- 对公报销为 approve/corp
- 消费申请为 approve/consume
- 待审批的普通报销单 --- approve/personal_sso/{reimburse_code}
- 待审批的消费申请单 --- approve/consume_sso/{pre_consume_code}
- 待审批的对公报销单 --- approve/corp_sso/{corp_reimburse_code}
- 待审批的采购合同 --- approve/corp_contract_sso/{business_code}
创建差旅申请单 --- reim/consume_sso/{单据号(新增时则为空)}/{单据小类编号}
对私报销审核列表为 audit
- 对公报销审核列表为 audit/corp
- 消费申请审核列表为 audit/consume
- 待审核的普通报销单 --- audit/personal_sso/{reimburse_code}
- 待审核的消费申请单 --- audit/consume_sso/{pre_consume_code}
- 待审核的对公报销单 --- audit/corp_sso/{corp_reimburse_code}
- 待审核的还款单 audit/repayment_sso/{repayment_data_code}
待审核的对公收款 audit/corp_repayment_sso/{corp_repayment_data_code}
审批抄送报销单 approve/copy_form/REIMBURSE/{reimburse_code}
- 审批抄送申请单 approve/copy_form/PRECONSUME/{pre_consume_code}
审批抄送对公单据 approve/copy_form/CORP_REIMBURSE/{corp_reimburse_code}
新建报销单 reim/personal_create/{formTypeCode}
- 新建申请单 reim/consume_create/{formTypeCode}
- 新建还款单 reim/repayment_create/{formTypeCode}
移动端sso链接后缀
{url}可以设置为跳转后的页面,
审批模块
- 待审批的报销单 approve/personal_sso/{reimburse_code}
- 待审批的申请单 approve/consume_sso/{pre_consume_code}
- 待审批的对公报销单 approve/corp_sso/{corp_reimburse_code}
- 待审批的采购合同 approve/corp_contract_sso/{business_code}
审核模块
- 待审核的报销单 audit/personal_sso/{reimburse_code}
- 待审核的申请单 audit/consume_sso/{pre_consume_code}
- 待审核的对公报销单 audit/corp_sso/{corp_reimburse_code}
单据模块
- 报销单 reimbursements/personal_sso?code={reimburse_data_code}&status={reimburse_status}
- 申请单 reimbursements/consume_sso?code={pre_consume_data_code}&status={status}
- 还款单 reimbursements/repayment_sso?code={data_code}&status={status}
- 对公支付单 reimbursements/corp_sso?code={corp_reimburse_data_code}&status={reimburse_status}
特别说明: 此参数需要进行encode处理,拼接好链接后使用javascript的encodeURIComponent方法加密。示例如下:
- var url = encodeURIComponent('reimbursements/personal_sso?code=BX2108201JGYZGG0&status=REJECTED')