2 Commits 522cb905c3 ... 800f864d2c

Autore SHA1 Messaggio Data
  LLL 800f864d2c Merge remote-tracking branch 'origin/master' 4 mesi fa
  LLL ad6fad1297 登录去掉验证码 4 mesi fa

+ 55 - 55
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java

@@ -76,34 +76,34 @@ public class LoginController {
 		Result<JSONObject> result = new Result<JSONObject>();
 		String username = sysLoginModel.getUsername();
 		String password = sysLoginModel.getPassword();
-		//update-begin--Author:scott  Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
-		//前端密码加密,后端进行密码解密
-		//password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword().replaceAll("%2B", "\\+")).trim();//密码解密
-		//update-begin--Author:scott  Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
-
-		//update-begin-author:taoyan date:20190828 for:校验验证码
-        String captcha = sysLoginModel.getCaptcha();
-        if(captcha==null){
-            result.error500("验证码无效");
-            return result;
-        }
-        String lowerCaseCaptcha = captcha.toLowerCase();
-        //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
-		// 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
-        String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
-		String realKey = Md5Util.md5Encode(origin, "utf-8");
-		//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
-		Object checkCode = redisUtil.get(realKey);
-		//当进入登录页时,有一定几率出现验证码错误 #1714
-		if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
-            log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
-			result.error500("验证码错误");
-			// 改成特殊的code 便于前端判断
-			result.setCode(HttpStatus.PRECONDITION_FAILED.value());
-			return result;
-		}
+//		//update-begin--Author:scott  Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
+//		//前端密码加密,后端进行密码解密
+//		//password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword().replaceAll("%2B", "\\+")).trim();//密码解密
+//		//update-begin--Author:scott  Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
+//
+//		//update-begin-author:taoyan date:20190828 for:校验验证码
+//        String captcha = sysLoginModel.getCaptcha();
+//        if(captcha==null){
+//            result.error500("验证码无效");
+//            return result;
+//        }
+//        String lowerCaseCaptcha = captcha.toLowerCase();
+//        //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
+//		// 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
+//        String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
+//		String realKey = Md5Util.md5Encode(origin, "utf-8");
+//		//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
+//		Object checkCode = redisUtil.get(realKey);
+//		//当进入登录页时,有一定几率出现验证码错误 #1714
+//		if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
+//            log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
+//			result.error500("验证码错误");
+//			// 改成特殊的code 便于前端判断
+//			result.setCode(HttpStatus.PRECONDITION_FAILED.value());
+//			return result;
+//		}
 		//update-end-author:taoyan date:20190828 for:校验验证码
-		
+
 		//1. 校验用户是否有效
 		//update-begin-author:wangshuai date:20200601 for: 登录代码验证用户是否注销bug,if条件永远为false
 		LambdaQueryWrapper<SysUser> queryWrapper = new LambdaQueryWrapper<>();
@@ -122,12 +122,12 @@ public class LoginController {
 			result.error500("用户名或密码错误");
 			return result;
 		}
-				
+
 		//用户登录信息
 		userInfo(sysUser, result);
-		//update-begin--Author:liusq  Date:20210126  for:登录成功,删除redis中的验证码
-		redisUtil.del(realKey);
-		//update-begin--Author:liusq  Date:20210126  for:登录成功,删除redis中的验证码
+//		//update-begin--Author:liusq  Date:20210126  for:登录成功,删除redis中的验证码
+//		redisUtil.del(realKey);
+//		//update-begin--Author:liusq  Date:20210126  for:登录成功,删除redis中的验证码
 		LoginUser loginUser = new LoginUser();
 		BeanUtils.copyProperties(sysUser, loginUser);
 		baseCommonService.addLog("用户名: " + username + ",登录成功!", CommonConstant.LOG_TYPE_1, null,loginUser);
@@ -161,7 +161,7 @@ public class LoginController {
 			}
 			//update-begin---author:liusq ---date:2022-06-29  for:接口返回值修改,同步修改这里的判断逻辑-----------
 			//update-end---author:scott ---date::2022-06-20  for:vue3前端,支持自定义首页--------------
-			
+
 			obj.put("userInfo",sysUser);
 			obj.put("sysAllDictItems", sysDictService.queryAllDictItems());
 			result.setResult(obj);
@@ -170,7 +170,7 @@ public class LoginController {
 		return result;
 
 	}
-	
+
 	/**
 	 * 退出登录
 	 * @param request
@@ -204,7 +204,7 @@ public class LoginController {
 	    	return Result.error("Token无效!");
 	    }
 	}
-	
+
 	/**
 	 * 获取访问量
 	 * @return
@@ -235,7 +235,7 @@ public class LoginController {
 		result.success("登录成功");
 		return result;
 	}
-	
+
 	/**
 	 * 获取访问量
 	 * @return
@@ -256,8 +256,8 @@ public class LoginController {
 		result.setResult(oConvertUtils.toLowerCasePageList(list));
 		return result;
 	}
-	
-	
+
+
 	/**
 	 * 登陆成功选择用户当前部门
 	 * @param user
@@ -282,7 +282,7 @@ public class LoginController {
 
 	/**
 	 * 短信登录接口
-	 * 
+	 *
 	 * @param jsonObject
 	 * @return
 	 */
@@ -298,12 +298,12 @@ public class LoginController {
 			result.setSuccess(false);
 			return result;
 		}
-		
+
 		//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 		String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile;
 		Object object = redisUtil.get(redisKey);
 		//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
-		
+
 		if (object != null) {
 			result.setMessage("验证码10分钟内,仍然有效!");
 			result.setSuccess(false);
@@ -337,7 +337,7 @@ public class LoginController {
 					}
 					return result;
 				}
-				
+
 				/**
 				 * smsmode 短信模板方式  0 .登录模板、1.注册模板、2.忘记密码模板
 				 */
@@ -355,12 +355,12 @@ public class LoginController {
 				result.setSuccess(false);
 				return result;
 			}
-			
+
 			//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 			//验证码10分钟内有效
 			redisUtil.set(redisKey, captcha, 600);
 			//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
-			
+
 			//update-begin--Author:scott  Date:20190812 for:issues#391
 			//result.setResult(captcha);
 			//update-end--Author:scott  Date:20190812 for:issues#391
@@ -373,11 +373,11 @@ public class LoginController {
 		}
 		return result;
 	}
-	
+
 
 	/**
 	 * 手机号登录接口
-	 * 
+	 *
 	 * @param jsonObject
 	 * @return
 	 */
@@ -386,14 +386,14 @@ public class LoginController {
 	public Result<JSONObject> phoneLogin(@RequestBody JSONObject jsonObject) {
 		Result<JSONObject> result = new Result<JSONObject>();
 		String phone = jsonObject.getString("mobile");
-		
+
 		//校验用户有效性
 		SysUser sysUser = sysUserService.getUserByPhone(phone);
 		result = sysUserService.checkUserIsEffective(sysUser);
 		if(!result.isSuccess()) {
 			return result;
 		}
-		
+
 		String smscode = jsonObject.getString("captcha");
 
 		//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
@@ -505,13 +505,13 @@ public class LoginController {
 			String code = RandomUtil.randomString(BASE_CHECK_CODES,4);
 			//存到redis中
 			String lowerCaseCode = code.toLowerCase();
-			
+
 			//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
 			// 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
 			String origin = lowerCaseCode+key+jeecgBaseConfig.getSignatureSecret();
 			String realKey = Md5Util.md5Encode(origin, "utf-8");
 			//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
-            
+
 			redisUtil.set(realKey, lowerCaseCode, 60);
 			log.info("获取验证码,Redis key = {},checkCode = {}", realKey, code);
 			//返回前端
@@ -535,7 +535,7 @@ public class LoginController {
 		sysPermissionService.switchVue3Menu();
 		return res;
 	}
-	
+
 	/**
 	 * app登录
 	 * @param sysLoginModel
@@ -547,14 +547,14 @@ public class LoginController {
 		Result<JSONObject> result = new Result<JSONObject>();
 		String username = sysLoginModel.getUsername();
 		String password = sysLoginModel.getPassword();
-		
+
 		//1. 校验用户是否有效
 		SysUser sysUser = sysUserService.getUserByName(username);
 		result = sysUserService.checkUserIsEffective(sysUser);
 		if(!result.isSuccess()) {
 			return result;
 		}
-		
+
 		//2. 校验用户名或密码是否正确
 		String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
 		String syspassword = sysUser.getPassword();
@@ -562,7 +562,7 @@ public class LoginController {
 			result.error500("用户名或密码错误");
 			return result;
 		}
-		
+
 		String orgCode = sysUser.getOrgCode();
 		if(oConvertUtils.isEmpty(orgCode)) {
 			//如果当前用户无选择部门 查看部门关联信息
@@ -581,7 +581,7 @@ public class LoginController {
 		JSONObject obj = new JSONObject();
 		//用户登录信息
 		obj.put("userInfo", sysUser);
-		
+
 		// 生成token
 		String token = JwtUtil.sign(username, syspassword);
 		// 设置超时时间
@@ -671,4 +671,4 @@ public class LoginController {
 		return Result.OK(result);
 	}
 
-}
+}