Home Explore Help
Register Sign In
root
/
interlock_server
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

登录去掉验证码

LLL 4 months ago
parent
820cbd0354
commit
ad6fad1297
1 changed files with 55 additions and 55 deletions
Split View Show Diff Stats
  1. 55 55
      jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java

+ 55 - 55
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
View File 

@@ -76,34 +76,34 @@ public class LoginController {
 
 		Result<JSONObject> result = new Result<JSONObject>();
 
 		String username = sysLoginModel.getUsername();
 
 		String password = sysLoginModel.getPassword();
 
-		//update-begin--Author:scott  Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
 
-		//前端密码加密,后端进行密码解密
 
-		//password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword().replaceAll("%2B", "\\+")).trim();//密码解密
 
-		//update-begin--Author:scott  Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
 
-
 
-		//update-begin-author:taoyan date:20190828 for:校验验证码
 
-        String captcha = sysLoginModel.getCaptcha();
 
-        if(captcha==null){
 
-            result.error500("验证码无效");
 
-            return result;
 
-        }
 
-        String lowerCaseCaptcha = captcha.toLowerCase();
 
-        //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 
-		// 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
 
-        String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
 
-		String realKey = Md5Util.md5Encode(origin, "utf-8");
 
-		//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 
-		Object checkCode = redisUtil.get(realKey);
 
-		//当进入登录页时,有一定几率出现验证码错误 #1714
 
-		if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
 
-            log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
 
-			result.error500("验证码错误");
 
-			// 改成特殊的code 便于前端判断
 
-			result.setCode(HttpStatus.PRECONDITION_FAILED.value());
 
-			return result;
 
-		}
 
+//		//update-begin--Author:scott  Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
 
+//		//前端密码加密,后端进行密码解密
 
+//		//password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword().replaceAll("%2B", "\\+")).trim();//密码解密
 
+//		//update-begin--Author:scott  Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
 
+//
 
+//		//update-begin-author:taoyan date:20190828 for:校验验证码
 
+//        String captcha = sysLoginModel.getCaptcha();
 
+//        if(captcha==null){
 
+//            result.error500("验证码无效");
 
+//            return result;
 
+//        }
 
+//        String lowerCaseCaptcha = captcha.toLowerCase();
 
+//        //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 
+//		// 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
 
+//        String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
 
+//		String realKey = Md5Util.md5Encode(origin, "utf-8");
 
+//		//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 
+//		Object checkCode = redisUtil.get(realKey);
 
+//		//当进入登录页时,有一定几率出现验证码错误 #1714
 
+//		if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
 
+//            log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
 
+//			result.error500("验证码错误");
 
+//			// 改成特殊的code 便于前端判断
 
+//			result.setCode(HttpStatus.PRECONDITION_FAILED.value());
 
+//			return result;
 
+//		}
 
 		//update-end-author:taoyan date:20190828 for:校验验证码
 
-		
+
 
 		//1. 校验用户是否有效
 
 		//update-begin-author:wangshuai date:20200601 for: 登录代码验证用户是否注销bug,if条件永远为false
 
 		LambdaQueryWrapper<SysUser> queryWrapper = new LambdaQueryWrapper<>();
 
@@ -122,12 +122,12 @@ public class LoginController {
 
 			result.error500("用户名或密码错误");
 
 			return result;
 
 		}
 
-				
+
 
 		//用户登录信息
 
 		userInfo(sysUser, result);
 
-		//update-begin--Author:liusq  Date:20210126  for:登录成功,删除redis中的验证码
 
-		redisUtil.del(realKey);
 
-		//update-begin--Author:liusq  Date:20210126  for:登录成功,删除redis中的验证码
 
+//		//update-begin--Author:liusq  Date:20210126  for:登录成功,删除redis中的验证码
 
+//		redisUtil.del(realKey);
 
+//		//update-begin--Author:liusq  Date:20210126  for:登录成功,删除redis中的验证码
 
 		LoginUser loginUser = new LoginUser();
 
 		BeanUtils.copyProperties(sysUser, loginUser);
 
 		baseCommonService.addLog("用户名: " + username + ",登录成功!", CommonConstant.LOG_TYPE_1, null,loginUser);
 
@@ -161,7 +161,7 @@ public class LoginController {
 
 			}
 
 			//update-begin---author:liusq ---date:2022-06-29  for:接口返回值修改,同步修改这里的判断逻辑-----------
 
 			//update-end---author:scott ---date::2022-06-20  for:vue3前端,支持自定义首页--------------
 
-			
+
 
 			obj.put("userInfo",sysUser);
 
 			obj.put("sysAllDictItems", sysDictService.queryAllDictItems());
 
 			result.setResult(obj);
 
@@ -170,7 +170,7 @@ public class LoginController {
 
 		return result;
 
 
 	}
 
-	
+
 
 	/**
 
 	 * 退出登录
 
 	 * @param request
 
@@ -204,7 +204,7 @@ public class LoginController {
 
 	    	return Result.error("Token无效!");
 
 	    }
 
 	}
 
-	
+
 
 	/**
 
 	 * 获取访问量
 
 	 * @return
 
@@ -235,7 +235,7 @@ public class LoginController {
 
 		result.success("登录成功");
 
 		return result;
 
 	}
 
-	
+
 
 	/**
 
 	 * 获取访问量
 
 	 * @return
 
@@ -256,8 +256,8 @@ public class LoginController {
 
 		result.setResult(oConvertUtils.toLowerCasePageList(list));
 
 		return result;
 
 	}
 
-	
-	
+
 
+
 
 	/**
 
 	 * 登陆成功选择用户当前部门
 
 	 * @param user
 
@@ -282,7 +282,7 @@ public class LoginController {
 
 
 	/**
 
 	 * 短信登录接口
 
-	 * 
+	 *
 
 	 * @param jsonObject
 
 	 * @return
 
 	 */
 
@@ -298,12 +298,12 @@ public class LoginController {
 
 			result.setSuccess(false);
 
 			return result;
 
 		}
 
-		
+
 
 		//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 
 		String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile;
 
 		Object object = redisUtil.get(redisKey);
 
 		//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 
-		
+
 
 		if (object != null) {
 
 			result.setMessage("验证码10分钟内,仍然有效!");
 
 			result.setSuccess(false);
 
@@ -337,7 +337,7 @@ public class LoginController {
 
 					}
 
 					return result;
 
 				}
 
-				
+
 
 				/**
 
 				 * smsmode 短信模板方式  0 .登录模板、1.注册模板、2.忘记密码模板
 
 				 */
 
@@ -355,12 +355,12 @@ public class LoginController {
 
 				result.setSuccess(false);
 
 				return result;
 
 			}
 
-			
+
 
 			//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 
 			//验证码10分钟内有效
 
 			redisUtil.set(redisKey, captcha, 600);
 
 			//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 
-			
+
 
 			//update-begin--Author:scott  Date:20190812 for:issues#391
 
 			//result.setResult(captcha);
 
 			//update-end--Author:scott  Date:20190812 for:issues#391
 
@@ -373,11 +373,11 @@ public class LoginController {
 
 		}
 
 		return result;
 
 	}
 
-	
+
 
 
 	/**
 
 	 * 手机号登录接口
 
-	 * 
+	 *
 
 	 * @param jsonObject
 
 	 * @return
 
 	 */
 
@@ -386,14 +386,14 @@ public class LoginController {
 
 	public Result<JSONObject> phoneLogin(@RequestBody JSONObject jsonObject) {
 
 		Result<JSONObject> result = new Result<JSONObject>();
 
 		String phone = jsonObject.getString("mobile");
 
-		
+
 
 		//校验用户有效性
 
 		SysUser sysUser = sysUserService.getUserByPhone(phone);
 
 		result = sysUserService.checkUserIsEffective(sysUser);
 
 		if(!result.isSuccess()) {
 
 			return result;
 
 		}
 
-		
+
 
 		String smscode = jsonObject.getString("captcha");
 
 
 		//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 
@@ -505,13 +505,13 @@ public class LoginController {
 
 			String code = RandomUtil.randomString(BASE_CHECK_CODES,4);
 
 			//存到redis中
 
 			String lowerCaseCode = code.toLowerCase();
 
-			
+
 
 			//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 
 			// 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
 
 			String origin = lowerCaseCode+key+jeecgBaseConfig.getSignatureSecret();
 
 			String realKey = Md5Util.md5Encode(origin, "utf-8");
 
 			//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 
-            
+
 
 			redisUtil.set(realKey, lowerCaseCode, 60);
 
 			log.info("获取验证码,Redis key = {},checkCode = {}", realKey, code);
 
 			//返回前端
 
@@ -535,7 +535,7 @@ public class LoginController {
 
 		sysPermissionService.switchVue3Menu();
 
 		return res;
 
 	}
 
-	
+
 
 	/**
 
 	 * app登录
 
 	 * @param sysLoginModel
 
@@ -547,14 +547,14 @@ public class LoginController {
 
 		Result<JSONObject> result = new Result<JSONObject>();
 
 		String username = sysLoginModel.getUsername();
 
 		String password = sysLoginModel.getPassword();
 
-		
+
 
 		//1. 校验用户是否有效
 
 		SysUser sysUser = sysUserService.getUserByName(username);
 
 		result = sysUserService.checkUserIsEffective(sysUser);
 
 		if(!result.isSuccess()) {
 
 			return result;
 
 		}
 
-		
+
 
 		//2. 校验用户名或密码是否正确
 
 		String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
 
 		String syspassword = sysUser.getPassword();
 
@@ -562,7 +562,7 @@ public class LoginController {
 
 			result.error500("用户名或密码错误");
 
 			return result;
 
 		}
 
-		
+
 
 		String orgCode = sysUser.getOrgCode();
 
 		if(oConvertUtils.isEmpty(orgCode)) {
 
 			//如果当前用户无选择部门 查看部门关联信息
 
@@ -581,7 +581,7 @@ public class LoginController {
 
 		JSONObject obj = new JSONObject();
 
 		//用户登录信息
 
 		obj.put("userInfo", sysUser);
 
-		
+
 
 		// 生成token
 
 		String token = JwtUtil.sign(username, syspassword);
 
 		// 设置超时时间
 
@@ -671,4 +671,4 @@ public class LoginController {
 
 		return Result.OK(result);
 
 	}
 
 
-}
 
+}