Big-Data-Lab
/
Glass-ERP
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

关闭了验证码功能

This commit is contained in:
Liuqi 2023-08-14 16:15:59 +08:00
parent 1620d9e389
commit 13b98647b3
3 changed files with 51 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
View File

@ -88,28 +88,28 @@ public class LoginController {
//update-begin--Author:scott Date:20190805 for暂时注释掉密码加密逻辑有点问题
//update-begin-author:taoyan date:20190828 for:校验验证码
String captcha = sysLoginModel.getCaptcha();
if(captcha==null){
result.error500("验证码无效");
return result;
}
String lowerCaseCaptcha = captcha.toLowerCase();
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 漏洞发现新漏洞待处理20220906
// 加入密钥作为混淆避免简单的拼接被外部利用用户自定义该密钥即可
String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
String realKey = Md5Util.md5Encode(origin, "utf-8");
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 漏洞发现新漏洞待处理20220906
Object checkCode = redisUtil.get(realKey);
//当进入登录页时有一定几率出现验证码错误 #1714
if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
log.warn("验证码错误key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
result.error500("验证码错误");
// 改成特殊的code 便于前端判断
result.setCode(HttpStatus.PRECONDITION_FAILED.value());
return result;
}
// String captcha = sysLoginModel.getCaptcha();
// if(captcha==null){
// result.error500("验证码无效");
// return result;
// }
// String lowerCaseCaptcha = captcha.toLowerCase();
// //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 漏洞发现新漏洞待处理20220906
// // 加入密钥作为混淆避免简单的拼接被外部利用用户自定义该密钥即可
// String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
// String realKey = Md5Util.md5Encode(origin, "utf-8");
// //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 漏洞发现新漏洞待处理20220906
// Object checkCode = redisUtil.get(realKey);
// //当进入登录页时有一定几率出现验证码错误 #1714
// if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
// log.warn("验证码错误key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
// result.error500("验证码错误");
// // 改成特殊的code 便于前端判断
// result.setCode(HttpStatus.PRECONDITION_FAILED.value());
// return result;
// }
//update-end-author:taoyan date:20190828 for:校验验证码
//1. 校验用户是否有效
//update-begin-author:wangshuai date:20200601 for: 登录代码验证用户是否注销bugif条件永远为false
LambdaQueryWrapper<SysUser> queryWrapper = new LambdaQueryWrapper<>();
@ -131,11 +131,11 @@ public class LoginController {
result.error500("用户名或密码错误");
return result;
}
//用户登录信息
userInfo(sysUser, result);
//update-begin--Author:liusq Date:20210126 for登录成功删除redis中的验证码
redisUtil.del(realKey);
// redisUtil.del(realKey);
//update-begin--Author:liusq Date:20210126 for登录成功删除redis中的验证码
redisUtil.del(CommonConstant.LOGIN_FAIL + username);
LoginUser loginUser = new LoginUser();
@ -171,7 +171,7 @@ public class LoginController {
}
//update-begin---author:liusq ---date:2022-06-29 for接口返回值修改同步修改这里的判断逻辑-----------
//update-end---author:scott ---date::2022-06-20 forvue3前端支持自定义首页--------------
obj.put("userInfo",sysUser);
obj.put("sysAllDictItems", sysDictService.queryAllDictItems());
result.setResult(obj);
@ -180,7 +180,7 @@ public class LoginController {
return result;
}
/**
* 退出登录
* @param request
@ -214,7 +214,7 @@ public class LoginController {
return Result.error("Token无效!");
}
}
/**
* 获取访问量
* @return
@ -245,7 +245,7 @@ public class LoginController {
result.success("登录成功");
return result;
}
/**
* 获取访问量
* @return
@ -266,8 +266,8 @@ public class LoginController {
result.setResult(oConvertUtils.toLowerCasePageList(list));
return result;
}
/**
* 登陆成功选择用户当前部门
* @param user
@ -281,7 +281,7 @@ public class LoginController {
LoginUser sysUser = (LoginUser)SecurityUtils.getSubject().getPrincipal();
username = sysUser.getUsername();
}
//获取登录部门
String orgCode= user.getOrgCode();
//获取登录租户
@ -296,7 +296,7 @@ public class LoginController {
/**
* 短信登录接口
*
*
* @param jsonObject
* @return
*/
@ -312,12 +312,12 @@ public class LoginController {
result.setSuccess(false);
return result;
}
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 漏洞发现新漏洞待处理20220906
String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile;
Object object = redisUtil.get(redisKey);
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 漏洞发现新漏洞待处理20220906
if (object != null) {
result.setMessage("验证码10分钟内仍然有效");
result.setSuccess(false);
@ -351,7 +351,7 @@ public class LoginController {
}
return result;
}
/**
* smsmode 短信模板方式 0 .登录模板1.注册模板2.忘记密码模板
*/
@ -369,12 +369,12 @@ public class LoginController {
result.setSuccess(false);
return result;
}
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 漏洞发现新漏洞待处理20220906
//验证码10分钟内有效
redisUtil.set(redisKey, captcha, 600);
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 漏洞发现新漏洞待处理20220906
//update-begin--Author:scott Date:20190812 forissues#391
//result.setResult(captcha);
//update-end--Author:scott Date:20190812 forissues#391
@ -387,11 +387,11 @@ public class LoginController {
}
return result;
}
/**
* 手机号登录接口
*
*
* @param jsonObject
* @return
*/
@ -411,7 +411,7 @@ public class LoginController {
if(!result.isSuccess()) {
return result;
}
String smscode = jsonObject.getString("captcha");
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 漏洞发现新漏洞待处理20220906
@ -463,7 +463,7 @@ public class LoginController {
//3.设置登录用户信息
obj.put("userInfo", sysUser);
//4.设置登录部门
List<SysDepart> departs = sysDepartService.queryUserDeparts(sysUser.getId());
obj.put("departs", departs);
@ -516,13 +516,13 @@ public class LoginController {
String code = RandomUtil.randomString(BASE_CHECK_CODES,4);
//存到redis中
String lowerCaseCode = code.toLowerCase();
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 漏洞发现新漏洞待处理20220906
// 加入密钥作为混淆避免简单的拼接被外部利用用户自定义该密钥即可
String origin = lowerCaseCode+key+jeecgBaseConfig.getSignatureSecret();
String realKey = Md5Util.md5Encode(origin, "utf-8");
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 漏洞发现新漏洞待处理20220906
redisUtil.set(realKey, lowerCaseCode, 60);
log.info("获取验证码Redis key = {}checkCode = {}", realKey, code);
//返回前端
@ -547,7 +547,7 @@ public class LoginController {
sysPermissionService.switchVue3Menu();
return res;
}
/**
* app登录
* @param sysLoginModel
@ -560,7 +560,7 @@ public class LoginController {
String username = sysLoginModel.getUsername();
String password = sysLoginModel.getPassword();
JSONObject obj = new JSONObject();
//update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户
if(isLoginFailOvertimes(username)){
return result.error500("该用户登录失败次数过多请于10分钟后再次登录");
@ -572,7 +572,7 @@ public class LoginController {
if(!result.isSuccess()) {
return result;
}
//2. 校验用户名或密码是否正确
String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
String syspassword = sysUser.getPassword();
@ -583,7 +583,7 @@ public class LoginController {
result.error500("用户名或密码错误");
return result;
}
//3.设置登录部门
String orgCode = sysUser.getOrgCode();
if(oConvertUtils.isEmpty(orgCode)) {
@ -609,7 +609,7 @@ public class LoginController {
//5. 设置登录用户信息
obj.put("userInfo", sysUser);
//6. 生成token
String token = JwtUtil.sign(username, syspassword);
// 设置超时时间
@ -731,4 +731,4 @@ public class LoginController {
redisUtil.set(key, ++val, 3600);
}
}
}

2
jeecg-module-system/jeecg-system-start/src/main/resources/application-dev.yml
View File

@ -1,5 +1,5 @@
server:
port: 8080
port: 8888
tomcat:
max-swallow-size: -1
error:

4
jeecg-module-system/jeecg-system-start/src/main/resources/application-prod.yml
View File

@ -1,5 +1,5 @@
server:
port: 8080
port: 8888
tomcat:
max-swallow-size: -1
error:
@ -300,4 +300,4 @@ third-app:
client-id: ??
# appSecret
client-secret: ??
agent-id: ??
agent-id: ??