public BaasUser register(String appId, String plat, BaasUser user) {
   String username = user.getUsername();
   String password = user.getPassword();
   if (StringUtils.isEmpty(password)) {
     // 密码禁止为空
     throw new SimpleError(SimpleCode.USER_EMPTY_PASSWORD);
   }
   if (StringUtils.isEmpty(username)) {
     // 用户名禁止为空
     throw new SimpleError(SimpleCode.USER_EMPTY_USERNAME);
   }
   if (!isNameValid(username)) {
     // 用户名不合法
     throw new SimpleError(SimpleCode.USER_INVALID_USERNAME);
   }
   BaasUser exist = get(appId, plat, username, null, true);
   if (exist != null) {
     // 用户已存在
     throw new SimpleError(SimpleCode.USER_ALREADY_EXIST);
   }
   user.setPassword(encrypt(username, password));
   user.setSessionToken(getSessionToken());
   // 禁止设置ACL字段
   user.remove("acl");
   BaasObject object = objectService.insert(appId, plat, USER_CLASS_NAME, user, null, true);
   return new BaasUser(object);
 }
 public void resetSessionToken(String appId, String plat, String id) {
   BaasObject object = objectService.get(appId, plat, USER_CLASS_NAME, id);
   BaasUser user = new BaasUser(object);
   String sessionToken = user.getSessionToken();
   // 更新用户信息
   user.setSessionToken(getSessionToken());
   objectService.update(appId, plat, UserService.USER_CLASS_NAME, id, user, null, true);
   // 清除缓存的用户信息
   deleteUserCache(appId, sessionToken);
 }
 public BaasUser updatePassword(
     String appId,
     String plat,
     String id,
     String oldPassword,
     String newPassword,
     BaasUser currentUser) {
   if (currentUser == null || !currentUser.getId().equals(id)) {
     // 非本人禁止修改用户信息
     throw new SimpleError(SimpleCode.USER_NOT_MATCH);
   }
   if (StringUtils.isEmpty(oldPassword) || StringUtils.isEmpty(newPassword)) {
     throw new SimpleError(SimpleCode.REQUEST_PARAM_ERROR);
     // 参数不足
   }
   BaasUser user = get(appId, plat, currentUser.getUsername(), null, true);
   String username = user.getUsername();
   String passwordMd5 = encrypt(username, oldPassword);
   String passwordExist = user.getPassword();
   if (!passwordMd5.equals(passwordExist)) {
     // 密码错误
     throw new SimpleError(SimpleCode.USER_WRONG_PASSWORD);
   }
   // 修改密码
   user.setPassword(encrypt(username, newPassword));
   // 重置SessionToken
   String oldSessionToken = user.getSessionToken();
   user.setSessionToken(getSessionToken());
   objectService.update(appId, plat, UserService.USER_CLASS_NAME, id, user, null, true);
   // 更新成功 清除用户缓存
   deleteUserCache(appId, oldSessionToken);
   return user;
 }
 /**
  * 用户登录
  *
  * @param username 用户名
  * @param password 密码
  */
 public BaasUser login(String appId, String plat, String username, String password) {
   if (StringUtils.isEmpty(password)) {
     // 密码禁止为空
     throw new SimpleError(SimpleCode.USER_EMPTY_PASSWORD);
   }
   BaasUser user = get(appId, plat, username, null, true);
   if (user == null) {
     throw new SimpleError(SimpleCode.USER_NOT_EXIST);
   }
   String passwordMd5 = encrypt(username, password);
   String passwordExist = user.getPassword();
   if (!passwordMd5.equals(passwordExist)) {
     // 密码错误
     throw new SimpleError(SimpleCode.USER_WRONG_PASSWORD);
   }
   user.remove("password");
   return user;
 }
 public void releaseSns(
     String appId,
     String plat,
     String id,
     String platform,
     BaasUser currentUser,
     boolean isMaster) {
   if (!isMaster) {
     // 非管理权限
     if (currentUser == null || !currentUser.getId().equals(id)) {
       // 非本人禁止修改社交平台信息
       throw new SimpleError(SimpleCode.USER_NOT_MATCH);
     }
   }
   BaasObject object = objectService.get(appId, plat, USER_CLASS_NAME, id);
   BaasUser userNow = new BaasUser(object);
   BaasObject authNow = userNow.getAuth();
   if (authNow == null) {
     // 当前授权信息为空 无需解绑 直接返回
     return;
   }
   // 清除对应平台的授权信息
   authNow.remove(platform);
   BaasUser userNew = new BaasUser();
   userNew.setAuth(authNow);
   objectService.update(appId, plat, UserService.USER_CLASS_NAME, id, userNew, null, true);
   // 更新成功 清除用户缓存
   deleteUserCache(appId, userNow.getSessionToken());
 }
 public void bindingSns(
     String appId,
     String plat,
     String id,
     String platform,
     BaasAuth auth,
     BaasUser currentUser,
     boolean isMaster) {
   if (!isMaster) {
     // 非管理权限
     if (currentUser == null || !currentUser.getId().equals(id)) {
       // 非本人禁止修改社交平台信息
       throw new SimpleError(SimpleCode.USER_NOT_MATCH);
     }
   }
   // 验证授权信息是否有效
   if (!authUtil.verifyAuthData(platform, auth)) {
     // 授权无效
     throw new SimpleError(SimpleCode.USER_AUTH_REJECT);
   } else {
     // 验证是否已经绑定现有用户
     BaasUser exist = getUserByAuth(appId, plat, platform, auth.getUid());
     if (exist != null) {
       // 该第三方用户信息已经被其他用户绑定,禁止重复绑定
       throw new SimpleError(SimpleCode.USER_AUTH_EXIST);
     }
     // 授权有效 将授权信息与用户绑定
     BaasObject object = objectService.get(appId, plat, USER_CLASS_NAME, id);
     BaasUser userNow = new BaasUser(object);
     BaasObject authNow = userNow.getAuth();
     if (authNow == null) {
       // 当前授权信息为空 创建新的授权信息
       authNow = new BaasObject();
     }
     // 填充授权信息
     authNow.put(platform, auth);
     BaasUser userNew = new BaasUser();
     userNew.setAuth(authNow);
     objectService.update(appId, plat, UserService.USER_CLASS_NAME, id, userNew, null, true);
     // 更新成功 清除用户缓存
     deleteUserCache(appId, userNow.getSessionToken());
   }
 }
 /**
  * 使用第三方平台登录信息进行登录
  *
  * @param appId 应用id
  * @param platform 名称
  * @param auth 授权信息
  * @return 用户信息
  */
 public BaasUser loginWithSns(String appId, String plat, String platform, BaasAuth auth) {
   // 验证授权信息
   if (!authUtil.verifyAuthData(platform, auth)) {
     // 授权无效
     throw new SimpleError(SimpleCode.USER_AUTH_REJECT);
   }
   BaasUser user = getUserByAuth(appId, plat, platform, auth.getUid());
   if (user == null) {
     throw new SimpleError(SimpleCode.USER_NOT_EXIST);
   }
   // 更新accessToken
   BaasObject authNow = user.getAuth();
   // 填充授权信息
   authNow.put(platform, auth);
   BaasUser userNew = new BaasUser();
   userNew.setAuth(authNow);
   objectService.update(
       appId, plat, UserService.USER_CLASS_NAME, user.getId(), userNew, null, true);
   // 返回用户信息
   user.setPassword("");
   return user;
 }
 public void update(
     String appId, String plat, String id, BaasUser user, BaasUser currentUser, boolean isMaster) {
   if (!isMaster) {
     // 非管理权限
     if (currentUser == null || !currentUser.getId().equals(id)) {
       // 非本人禁止修改用户信息
       throw new SimpleError(SimpleCode.USER_NOT_MATCH);
     }
     // 非管理权限,禁止修改敏感信息,敏感信息使用特定接口修改
     user.remove("phone");
     user.remove("email");
     user.remove("auth");
   }
   String newPassword = user.getPassword();
   if (!StringUtils.isEmpty(newPassword)) {
     // 密码字段不为空
     String newPasswordEncrypt = encrypt(currentUser.getUsername(), user.getPassword());
     if (!newPasswordEncrypt.equals(currentUser.getPassword())) {
       // 密码字段被修改 更新SessionToken
       user.setPassword(newPasswordEncrypt);
       String sessionTokenNow = currentUser.getSessionToken();
       if (!StringUtils.isEmpty(sessionTokenNow)) {
         // 删除原有用户缓存
         deleteUserCache(appId, sessionTokenNow);
       }
       user.setSessionToken(getSessionToken());
     }
   } else {
     // 清除空的密码字段
     user.remove("password");
   }
   // 禁止修改用户名
   user.remove("username");
   // 禁止修改ACL字段
   user.remove("acl");
   objectService.update(appId, plat, UserService.USER_CLASS_NAME, id, user, null, true);
   // 更新成功 清除用户缓存
   deleteUserCache(appId, user.getSessionToken());
 }