验证登录取消

jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java

@@ -56,13 +56,13 @@ public class LoginController {
 	@Autowired
 	private ISysLogService logService;
 	@Autowired
-    private RedisUtil redisUtil;
+	private RedisUtil redisUtil;
 	@Autowired
-    private ISysDepartService sysDepartService;
+	private ISysDepartService sysDepartService;
 	@Autowired
 	private ISysTenantService sysTenantService;
 	@Autowired
-    private ISysDictService sysDictService;
+	private ISysDictService sysDictService;
 	@Resource
 	private BaseCommonService baseCommonService;
 
@@ -88,28 +88,28 @@ public class LoginController {
 		//update-begin--Author:scott  Date:20190805 for：暂时注释掉密码加密逻辑，有点问题
 
 		//update-begin-author:taoyan date:20190828 for:校验验证码
-        String captcha = sysLoginModel.getCaptcha();
+//        String captcha = sysLoginModel.getCaptcha();
-        if(captcha==null){
+//        if(captcha==null){
-            result.error500("验证码无效");
+//            result.error500("验证码无效");
-            return result;
+//            return result;
-        }
+//        }
-        String lowerCaseCaptcha = captcha.toLowerCase();
+//        String lowerCaseCaptcha = captcha.toLowerCase();
-        //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
+//        //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
-		// 加入密钥作为混淆，避免简单的拼接，被外部利用，用户自定义该密钥即可
+//		// 加入密钥作为混淆，避免简单的拼接，被外部利用，用户自定义该密钥即可
-        String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
+//        String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
-		String realKey = Md5Util.md5Encode(origin, "utf-8");
+//		String realKey = Md5Util.md5Encode(origin, "utf-8");
-		//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
+//		//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
-		Object checkCode = redisUtil.get(realKey);
+//		Object checkCode = redisUtil.get(realKey);
-		//当进入登录页时，有一定几率出现验证码错误 #1714
+//		//当进入登录页时，有一定几率出现验证码错误 #1714
-		if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
+//		if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
-            log.warn("验证码错误，key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
+//            log.warn("验证码错误，key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
-			result.error500("验证码错误");
+//			result.error500("验证码错误");
-			// 改成特殊的code 便于前端判断
+//			// 改成特殊的code 便于前端判断
-			result.setCode(HttpStatus.PRECONDITION_FAILED.value());
+//			result.setCode(HttpStatus.PRECONDITION_FAILED.value());
-			return result;
+//			return result;
-		}
+//		}
 		//update-end-author:taoyan date:20190828 for:校验验证码
-		
+
 		//1. 校验用户是否有效
 		//update-begin-author:wangshuai date:20200601 for: 登录代码验证用户是否注销bug，if条件永远为false
 		LambdaQueryWrapper<SysUser> queryWrapper = new LambdaQueryWrapper<>();
@@ -131,17 +131,17 @@ public class LoginController {
 			result.error500("用户名或密码错误");
 			return result;
 		}
-				
+
 		//用户登录信息
 		userInfo(sysUser, result);
 		//update-begin--Author:liusq  Date:20210126  for：登录成功，删除redis中的验证码
-		redisUtil.del(realKey);
+//		redisUtil.del(realKey);
 		//update-begin--Author:liusq  Date:20210126  for：登录成功，删除redis中的验证码
 		redisUtil.del(CommonConstant.LOGIN_FAIL + username);
 		LoginUser loginUser = new LoginUser();
 		BeanUtils.copyProperties(sysUser, loginUser);
 		baseCommonService.addLog("用户名: " + username + ",登录成功！", CommonConstant.LOG_TYPE_1, null,loginUser);
-        //update-end--Author:wangshuai  Date:20200714  for：登录日志没有记录人员
+		//update-end--Author:wangshuai  Date:20200714  for：登录日志没有记录人员
 		return result;
 	}
 
@@ -171,7 +171,7 @@ public class LoginController {
 			}
 			//update-begin---author:liusq ---date:2022-06-29  for：接口返回值修改，同步修改这里的判断逻辑-----------
 			//update-end---author:scott ---date::2022-06-20  for：vue3前端，支持自定义首页--------------
-			
+
 			obj.put("userInfo",sysUser);
 			obj.put("sysAllDictItems", sysDictService.queryAllDictItems());
 			result.setResult(obj);
@@ -180,7 +180,7 @@ public class LoginController {
 		return result;
 
 	}
-	
+
 	/**
 	 * 退出登录
 	 * @param request
@@ -190,31 +190,31 @@ public class LoginController {
 	@RequestMapping(value = "/logout")
 	public Result<Object> logout(HttpServletRequest request,HttpServletResponse response) {
 		//用户退出逻辑
-	    String token = request.getHeader(CommonConstant.X_ACCESS_TOKEN);
+		String token = request.getHeader(CommonConstant.X_ACCESS_TOKEN);
-	    if(oConvertUtils.isEmpty(token)) {
+		if(oConvertUtils.isEmpty(token)) {
-	    	return Result.error("退出登录失败！");
+			return Result.error("退出登录失败！");
-	    }
+		}
-	    String username = JwtUtil.getUsername(token);
+		String username = JwtUtil.getUsername(token);
 		LoginUser sysUser = sysBaseApi.getUserByName(username);
-	    if(sysUser!=null) {
+		if(sysUser!=null) {
 			//update-begin--Author:wangshuai  Date:20200714  for：登出日志没有记录人员
 			baseCommonService.addLog("用户名: "+sysUser.getRealname()+",退出成功！", CommonConstant.LOG_TYPE_1, null,sysUser);
 			//update-end--Author:wangshuai  Date:20200714  for：登出日志没有记录人员
-	    	log.info(" 用户名:  "+sysUser.getRealname()+",退出成功！ ");
+			log.info(" 用户名:  "+sysUser.getRealname()+",退出成功！ ");
-	    	//清空用户登录Token缓存
+			//清空用户登录Token缓存
-	    	redisUtil.del(CommonConstant.PREFIX_USER_TOKEN + token);
+			redisUtil.del(CommonConstant.PREFIX_USER_TOKEN + token);
-	    	//清空用户登录Shiro权限缓存
+			//清空用户登录Shiro权限缓存
 			redisUtil.del(CommonConstant.PREFIX_USER_SHIRO_CACHE + sysUser.getId());
 			//清空用户的缓存信息（包括部门信息），例如sys:cache:user::<username>
 			redisUtil.del(String.format("%s::%s", CacheConstant.SYS_USERS_CACHE, sysUser.getUsername()));
 			//调用shiro的logout
 			SecurityUtils.getSubject().logout();
-	    	return Result.ok("退出登录成功！");
+			return Result.ok("退出登录成功！");
-	    }else {
+		}else {
-	    	return Result.error("Token无效!");
+			return Result.error("Token无效!");
-	    }
+		}
 	}
-	
+
 	/**
 	 * 获取访问量
 	 * @return
@@ -245,7 +245,7 @@ public class LoginController {
 		result.success("登录成功");
 		return result;
 	}
-	
+
 	/**
 	 * 获取访问量
 	 * @return
@@ -255,19 +255,19 @@ public class LoginController {
 		Result<List<Map<String,Object>>> result = new Result<List<Map<String,Object>>>();
 		Calendar calendar = new GregorianCalendar();
 		calendar.set(Calendar.HOUR_OF_DAY,0);
-        calendar.set(Calendar.MINUTE,0);
+		calendar.set(Calendar.MINUTE,0);
-        calendar.set(Calendar.SECOND,0);
+		calendar.set(Calendar.SECOND,0);
-        calendar.set(Calendar.MILLISECOND,0);
+		calendar.set(Calendar.MILLISECOND,0);
-        calendar.add(Calendar.DAY_OF_MONTH, 1);
+		calendar.add(Calendar.DAY_OF_MONTH, 1);
-        Date dayEnd = calendar.getTime();
+		Date dayEnd = calendar.getTime();
-        calendar.add(Calendar.DAY_OF_MONTH, -7);
+		calendar.add(Calendar.DAY_OF_MONTH, -7);
-        Date dayStart = calendar.getTime();
+		Date dayStart = calendar.getTime();
-        List<Map<String,Object>> list = logService.findVisitCount(dayStart, dayEnd);
+		List<Map<String,Object>> list = logService.findVisitCount(dayStart, dayEnd);
 		result.setResult(oConvertUtils.toLowerCasePageList(list));
 		return result;
 	}
-	
+
-	
+
 	/**
 	 * 登陆成功选择用户当前部门
 	 * @param user
@@ -281,7 +281,7 @@ public class LoginController {
 			LoginUser sysUser = (LoginUser)SecurityUtils.getSubject().getPrincipal();
 			username = sysUser.getUsername();
 		}
-		
+
 		//获取登录部门
 		String orgCode= user.getOrgCode();
 		//获取登录租户
@@ -296,7 +296,7 @@ public class LoginController {
 
 	/**
 	 * 短信登录接口
-	 * 
+	 *
 	 * @param jsonObject
 	 * @return
 	 */
@@ -312,12 +312,12 @@ public class LoginController {
 			result.setSuccess(false);
 			return result;
 		}
-		
+
 		//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 		String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile;
 		Object object = redisUtil.get(redisKey);
 		//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
-		
+
 		if (object != null) {
 			result.setMessage("验证码10分钟内，仍然有效！");
 			result.setSuccess(false);
@@ -327,7 +327,7 @@ public class LoginController {
 		//随机数
 		String captcha = RandomUtil.randomNumbers(6);
 		JSONObject obj = new JSONObject();
-    	obj.put("code", captcha);
+		obj.put("code", captcha);
 		try {
 			boolean b = false;
 			//注册模板
@@ -351,7 +351,7 @@ public class LoginController {
 					}
 					return result;
 				}
-				
+
 				/**
 				 * smsmode 短信模板方式  0 .登录模板、1.注册模板、2.忘记密码模板
 				 */
@@ -369,12 +369,12 @@ public class LoginController {
 				result.setSuccess(false);
 				return result;
 			}
-			
+
 			//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 			//验证码10分钟内有效
 			redisUtil.set(redisKey, captcha, 600);
 			//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
-			
+
 			//update-begin--Author:scott  Date:20190812 for：issues#391
 			//result.setResult(captcha);
 			//update-end--Author:scott  Date:20190812 for：issues#391
@@ -387,11 +387,11 @@ public class LoginController {
 		}
 		return result;
 	}
-	
+
 
 	/**
 	 * 手机号登录接口
-	 * 
+	 *
 	 * @param jsonObject
 	 * @return
 	 */
@@ -411,7 +411,7 @@ public class LoginController {
 		if(!result.isSuccess()) {
 			return result;
 		}
-		
+
 		String smscode = jsonObject.getString("captcha");
 
 		//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
@@ -463,7 +463,7 @@ public class LoginController {
 
 		//3.设置登录用户信息
 		obj.put("userInfo", sysUser);
-		
+
 		//4.设置登录部门
 		List<SysDepart> departs = sysDepartService.queryUserDeparts(sysUser.getId());
 		obj.put("departs", departs);
@@ -516,13 +516,13 @@ public class LoginController {
 			String code = RandomUtil.randomString(BASE_CHECK_CODES,4);
 			//存到redis中
 			String lowerCaseCode = code.toLowerCase();
-			
+
 			//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 			// 加入密钥作为混淆，避免简单的拼接，被外部利用，用户自定义该密钥即可
 			String origin = lowerCaseCode+key+jeecgBaseConfig.getSignatureSecret();
 			String realKey = Md5Util.md5Encode(origin, "utf-8");
 			//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
-            
+
 			redisUtil.set(realKey, lowerCaseCode, 60);
 			log.info("获取验证码，Redis key = {}，checkCode = {}", realKey, code);
 			//返回前端
@@ -547,7 +547,7 @@ public class LoginController {
 		sysPermissionService.switchVue3Menu();
 		return res;
 	}
-	
+
 	/**
 	 * app登录
 	 * @param sysLoginModel
@@ -560,7 +560,7 @@ public class LoginController {
 		String username = sysLoginModel.getUsername();
 		String password = sysLoginModel.getPassword();
 		JSONObject obj = new JSONObject();
-		
+
 		//update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户
 		if(isLoginFailOvertimes(username)){
 			return result.error500("该用户登录失败次数过多，请于10分钟后再次登录！");
@@ -572,7 +572,7 @@ public class LoginController {
 		if(!result.isSuccess()) {
 			return result;
 		}
-		
+
 		//2. 校验用户名或密码是否正确
 		String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
 		String syspassword = sysUser.getPassword();
@@ -583,7 +583,7 @@ public class LoginController {
 			result.error500("用户名或密码错误");
 			return result;
 		}
-		
+
 		//3.设置登录部门
 		String orgCode = sysUser.getOrgCode();
 		if(oConvertUtils.isEmpty(orgCode)) {
@@ -609,7 +609,7 @@ public class LoginController {
 
 		//5. 设置登录用户信息
 		obj.put("userInfo", sysUser);
-		
+
 		//6. 生成token
 		String token = JwtUtil.sign(username, syspassword);
 		// 设置超时时间
@@ -731,4 +731,4 @@ public class LoginController {
 		redisUtil.set(key, ++val, 3600);
 	}
 
-}
+}