From e1b42a874cac99c1b24a02752d669f5845a9a5d5 Mon Sep 17 00:00:00 2001 From: xbx <1827135378@qq.com> Date: Tue, 14 Nov 2023 15:15:30 +0800 Subject: [PATCH] =?UTF-8?q?=E9=AA=8C=E8=AF=81=E7=99=BB=E5=BD=95=E5=8F=96?= =?UTF-8?q?=E6=B6=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../system/controller/LoginController.java | 150 +++++++++--------- 1 file changed, 75 insertions(+), 75 deletions(-) diff --git a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java index e9a5feb..fb02bc3 100644 --- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java +++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java @@ -56,13 +56,13 @@ public class LoginController { @Autowired private ISysLogService logService; @Autowired - private RedisUtil redisUtil; + private RedisUtil redisUtil; @Autowired - private ISysDepartService sysDepartService; + private ISysDepartService sysDepartService; @Autowired private ISysTenantService sysTenantService; @Autowired - private ISysDictService sysDictService; + private ISysDictService sysDictService; @Resource private BaseCommonService baseCommonService; @@ -88,28 +88,28 @@ public class LoginController { //update-begin--Author:scott Date:20190805 for:暂时注释掉密码加密逻辑,有点问题 //update-begin-author:taoyan date:20190828 for:校验验证码 - String captcha = sysLoginModel.getCaptcha(); - if(captcha==null){ - result.error500("验证码无效"); - return result; - } - String lowerCaseCaptcha = captcha.toLowerCase(); - //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - // 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可 - String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret(); - String realKey = Md5Util.md5Encode(origin, "utf-8"); - //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - Object checkCode = redisUtil.get(realKey); - //当进入登录页时,有一定几率出现验证码错误 #1714 - if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) { - log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode); - result.error500("验证码错误"); - // 改成特殊的code 便于前端判断 - result.setCode(HttpStatus.PRECONDITION_FAILED.value()); - return result; - } +// String captcha = sysLoginModel.getCaptcha(); +// if(captcha==null){ +// result.error500("验证码无效"); +// return result; +// } +// String lowerCaseCaptcha = captcha.toLowerCase(); +// //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 +// // 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可 +// String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret(); +// String realKey = Md5Util.md5Encode(origin, "utf-8"); +// //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 +// Object checkCode = redisUtil.get(realKey); +// //当进入登录页时,有一定几率出现验证码错误 #1714 +// if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) { +// log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode); +// result.error500("验证码错误"); +// // 改成特殊的code 便于前端判断 +// result.setCode(HttpStatus.PRECONDITION_FAILED.value()); +// return result; +// } //update-end-author:taoyan date:20190828 for:校验验证码 - + //1. 校验用户是否有效 //update-begin-author:wangshuai date:20200601 for: 登录代码验证用户是否注销bug,if条件永远为false LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper<>(); @@ -131,17 +131,17 @@ public class LoginController { result.error500("用户名或密码错误"); return result; } - + //用户登录信息 userInfo(sysUser, result); //update-begin--Author:liusq Date:20210126 for:登录成功,删除redis中的验证码 - redisUtil.del(realKey); +// redisUtil.del(realKey); //update-begin--Author:liusq Date:20210126 for:登录成功,删除redis中的验证码 redisUtil.del(CommonConstant.LOGIN_FAIL + username); LoginUser loginUser = new LoginUser(); BeanUtils.copyProperties(sysUser, loginUser); baseCommonService.addLog("用户名: " + username + ",登录成功!", CommonConstant.LOG_TYPE_1, null,loginUser); - //update-end--Author:wangshuai Date:20200714 for:登录日志没有记录人员 + //update-end--Author:wangshuai Date:20200714 for:登录日志没有记录人员 return result; } @@ -171,7 +171,7 @@ public class LoginController { } //update-begin---author:liusq ---date:2022-06-29 for:接口返回值修改,同步修改这里的判断逻辑----------- //update-end---author:scott ---date::2022-06-20 for:vue3前端,支持自定义首页-------------- - + obj.put("userInfo",sysUser); obj.put("sysAllDictItems", sysDictService.queryAllDictItems()); result.setResult(obj); @@ -180,7 +180,7 @@ public class LoginController { return result; } - + /** * 退出登录 * @param request @@ -190,31 +190,31 @@ public class LoginController { @RequestMapping(value = "/logout") public Result logout(HttpServletRequest request,HttpServletResponse response) { //用户退出逻辑 - String token = request.getHeader(CommonConstant.X_ACCESS_TOKEN); - if(oConvertUtils.isEmpty(token)) { - return Result.error("退出登录失败!"); - } - String username = JwtUtil.getUsername(token); + String token = request.getHeader(CommonConstant.X_ACCESS_TOKEN); + if(oConvertUtils.isEmpty(token)) { + return Result.error("退出登录失败!"); + } + String username = JwtUtil.getUsername(token); LoginUser sysUser = sysBaseApi.getUserByName(username); - if(sysUser!=null) { + if(sysUser!=null) { //update-begin--Author:wangshuai Date:20200714 for:登出日志没有记录人员 baseCommonService.addLog("用户名: "+sysUser.getRealname()+",退出成功!", CommonConstant.LOG_TYPE_1, null,sysUser); //update-end--Author:wangshuai Date:20200714 for:登出日志没有记录人员 - log.info(" 用户名: "+sysUser.getRealname()+",退出成功! "); - //清空用户登录Token缓存 - redisUtil.del(CommonConstant.PREFIX_USER_TOKEN + token); - //清空用户登录Shiro权限缓存 + log.info(" 用户名: "+sysUser.getRealname()+",退出成功! "); + //清空用户登录Token缓存 + redisUtil.del(CommonConstant.PREFIX_USER_TOKEN + token); + //清空用户登录Shiro权限缓存 redisUtil.del(CommonConstant.PREFIX_USER_SHIRO_CACHE + sysUser.getId()); //清空用户的缓存信息(包括部门信息),例如sys:cache:user:: redisUtil.del(String.format("%s::%s", CacheConstant.SYS_USERS_CACHE, sysUser.getUsername())); //调用shiro的logout SecurityUtils.getSubject().logout(); - return Result.ok("退出登录成功!"); - }else { - return Result.error("Token无效!"); - } + return Result.ok("退出登录成功!"); + }else { + return Result.error("Token无效!"); + } } - + /** * 获取访问量 * @return @@ -245,7 +245,7 @@ public class LoginController { result.success("登录成功"); return result; } - + /** * 获取访问量 * @return @@ -255,19 +255,19 @@ public class LoginController { Result>> result = new Result>>(); Calendar calendar = new GregorianCalendar(); calendar.set(Calendar.HOUR_OF_DAY,0); - calendar.set(Calendar.MINUTE,0); - calendar.set(Calendar.SECOND,0); - calendar.set(Calendar.MILLISECOND,0); - calendar.add(Calendar.DAY_OF_MONTH, 1); - Date dayEnd = calendar.getTime(); - calendar.add(Calendar.DAY_OF_MONTH, -7); - Date dayStart = calendar.getTime(); - List> list = logService.findVisitCount(dayStart, dayEnd); + calendar.set(Calendar.MINUTE,0); + calendar.set(Calendar.SECOND,0); + calendar.set(Calendar.MILLISECOND,0); + calendar.add(Calendar.DAY_OF_MONTH, 1); + Date dayEnd = calendar.getTime(); + calendar.add(Calendar.DAY_OF_MONTH, -7); + Date dayStart = calendar.getTime(); + List> list = logService.findVisitCount(dayStart, dayEnd); result.setResult(oConvertUtils.toLowerCasePageList(list)); return result; } - - + + /** * 登陆成功选择用户当前部门 * @param user @@ -281,7 +281,7 @@ public class LoginController { LoginUser sysUser = (LoginUser)SecurityUtils.getSubject().getPrincipal(); username = sysUser.getUsername(); } - + //获取登录部门 String orgCode= user.getOrgCode(); //获取登录租户 @@ -296,7 +296,7 @@ public class LoginController { /** * 短信登录接口 - * + * * @param jsonObject * @return */ @@ -312,12 +312,12 @@ public class LoginController { result.setSuccess(false); return result; } - + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile; Object object = redisUtil.get(redisKey); //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - + if (object != null) { result.setMessage("验证码10分钟内,仍然有效!"); result.setSuccess(false); @@ -327,7 +327,7 @@ public class LoginController { //随机数 String captcha = RandomUtil.randomNumbers(6); JSONObject obj = new JSONObject(); - obj.put("code", captcha); + obj.put("code", captcha); try { boolean b = false; //注册模板 @@ -351,7 +351,7 @@ public class LoginController { } return result; } - + /** * smsmode 短信模板方式 0 .登录模板、1.注册模板、2.忘记密码模板 */ @@ -369,12 +369,12 @@ public class LoginController { result.setSuccess(false); return result; } - + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 //验证码10分钟内有效 redisUtil.set(redisKey, captcha, 600); //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - + //update-begin--Author:scott Date:20190812 for:issues#391 //result.setResult(captcha); //update-end--Author:scott Date:20190812 for:issues#391 @@ -387,11 +387,11 @@ public class LoginController { } return result; } - + /** * 手机号登录接口 - * + * * @param jsonObject * @return */ @@ -411,7 +411,7 @@ public class LoginController { if(!result.isSuccess()) { return result; } - + String smscode = jsonObject.getString("captcha"); //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 @@ -463,7 +463,7 @@ public class LoginController { //3.设置登录用户信息 obj.put("userInfo", sysUser); - + //4.设置登录部门 List departs = sysDepartService.queryUserDeparts(sysUser.getId()); obj.put("departs", departs); @@ -516,13 +516,13 @@ public class LoginController { String code = RandomUtil.randomString(BASE_CHECK_CODES,4); //存到redis中 String lowerCaseCode = code.toLowerCase(); - + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 // 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可 String origin = lowerCaseCode+key+jeecgBaseConfig.getSignatureSecret(); String realKey = Md5Util.md5Encode(origin, "utf-8"); //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - + redisUtil.set(realKey, lowerCaseCode, 60); log.info("获取验证码,Redis key = {},checkCode = {}", realKey, code); //返回前端 @@ -547,7 +547,7 @@ public class LoginController { sysPermissionService.switchVue3Menu(); return res; } - + /** * app登录 * @param sysLoginModel @@ -560,7 +560,7 @@ public class LoginController { String username = sysLoginModel.getUsername(); String password = sysLoginModel.getPassword(); JSONObject obj = new JSONObject(); - + //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 if(isLoginFailOvertimes(username)){ return result.error500("该用户登录失败次数过多,请于10分钟后再次登录!"); @@ -572,7 +572,7 @@ public class LoginController { if(!result.isSuccess()) { return result; } - + //2. 校验用户名或密码是否正确 String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt()); String syspassword = sysUser.getPassword(); @@ -583,7 +583,7 @@ public class LoginController { result.error500("用户名或密码错误"); return result; } - + //3.设置登录部门 String orgCode = sysUser.getOrgCode(); if(oConvertUtils.isEmpty(orgCode)) { @@ -609,7 +609,7 @@ public class LoginController { //5. 设置登录用户信息 obj.put("userInfo", sysUser); - + //6. 生成token String token = JwtUtil.sign(username, syspassword); // 设置超时时间 @@ -731,4 +731,4 @@ public class LoginController { redisUtil.set(key, ++val, 3600); } -} \ No newline at end of file +}