|
@@ -76,34 +76,34 @@ public class LoginController {
|
|
Result<JSONObject> result = new Result<JSONObject>();
|
|
Result<JSONObject> result = new Result<JSONObject>();
|
|
String username = sysLoginModel.getUsername();
|
|
String username = sysLoginModel.getUsername();
|
|
String password = sysLoginModel.getPassword();
|
|
String password = sysLoginModel.getPassword();
|
|
- //update-begin--Author:scott Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
|
|
|
|
- //前端密码加密,后端进行密码解密
|
|
|
|
- //password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword().replaceAll("%2B", "\\+")).trim();//密码解密
|
|
|
|
- //update-begin--Author:scott Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
|
|
|
|
-
|
|
|
|
- //update-begin-author:taoyan date:20190828 for:校验验证码
|
|
|
|
- String captcha = sysLoginModel.getCaptcha();
|
|
|
|
- if(captcha==null){
|
|
|
|
- result.error500("验证码无效");
|
|
|
|
- return result;
|
|
|
|
- }
|
|
|
|
- String lowerCaseCaptcha = captcha.toLowerCase();
|
|
|
|
- //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
|
|
- // 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
|
|
|
|
- String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
|
|
|
|
- String realKey = Md5Util.md5Encode(origin, "utf-8");
|
|
|
|
- //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
|
|
- Object checkCode = redisUtil.get(realKey);
|
|
|
|
- //当进入登录页时,有一定几率出现验证码错误 #1714
|
|
|
|
- if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
|
|
|
|
- log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
|
|
|
|
- result.error500("验证码错误");
|
|
|
|
- // 改成特殊的code 便于前端判断
|
|
|
|
- result.setCode(HttpStatus.PRECONDITION_FAILED.value());
|
|
|
|
- return result;
|
|
|
|
- }
|
|
|
|
|
|
+// //update-begin--Author:scott Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
|
|
|
|
+// //前端密码加密,后端进行密码解密
|
|
|
|
+// //password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword().replaceAll("%2B", "\\+")).trim();//密码解密
|
|
|
|
+// //update-begin--Author:scott Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
|
|
|
|
+//
|
|
|
|
+// //update-begin-author:taoyan date:20190828 for:校验验证码
|
|
|
|
+// String captcha = sysLoginModel.getCaptcha();
|
|
|
|
+// if(captcha==null){
|
|
|
|
+// result.error500("验证码无效");
|
|
|
|
+// return result;
|
|
|
|
+// }
|
|
|
|
+// String lowerCaseCaptcha = captcha.toLowerCase();
|
|
|
|
+// //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
|
|
+// // 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
|
|
|
|
+// String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
|
|
|
|
+// String realKey = Md5Util.md5Encode(origin, "utf-8");
|
|
|
|
+// //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
|
|
+// Object checkCode = redisUtil.get(realKey);
|
|
|
|
+// //当进入登录页时,有一定几率出现验证码错误 #1714
|
|
|
|
+// if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
|
|
|
|
+// log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
|
|
|
|
+// result.error500("验证码错误");
|
|
|
|
+// // 改成特殊的code 便于前端判断
|
|
|
|
+// result.setCode(HttpStatus.PRECONDITION_FAILED.value());
|
|
|
|
+// return result;
|
|
|
|
+// }
|
|
//update-end-author:taoyan date:20190828 for:校验验证码
|
|
//update-end-author:taoyan date:20190828 for:校验验证码
|
|
-
|
|
|
|
|
|
+
|
|
//1. 校验用户是否有效
|
|
//1. 校验用户是否有效
|
|
//update-begin-author:wangshuai date:20200601 for: 登录代码验证用户是否注销bug,if条件永远为false
|
|
//update-begin-author:wangshuai date:20200601 for: 登录代码验证用户是否注销bug,if条件永远为false
|
|
LambdaQueryWrapper<SysUser> queryWrapper = new LambdaQueryWrapper<>();
|
|
LambdaQueryWrapper<SysUser> queryWrapper = new LambdaQueryWrapper<>();
|
|
@@ -122,12 +122,12 @@ public class LoginController {
|
|
result.error500("用户名或密码错误");
|
|
result.error500("用户名或密码错误");
|
|
return result;
|
|
return result;
|
|
}
|
|
}
|
|
-
|
|
|
|
|
|
+
|
|
//用户登录信息
|
|
//用户登录信息
|
|
userInfo(sysUser, result);
|
|
userInfo(sysUser, result);
|
|
- //update-begin--Author:liusq Date:20210126 for:登录成功,删除redis中的验证码
|
|
|
|
- redisUtil.del(realKey);
|
|
|
|
- //update-begin--Author:liusq Date:20210126 for:登录成功,删除redis中的验证码
|
|
|
|
|
|
+// //update-begin--Author:liusq Date:20210126 for:登录成功,删除redis中的验证码
|
|
|
|
+// redisUtil.del(realKey);
|
|
|
|
+// //update-begin--Author:liusq Date:20210126 for:登录成功,删除redis中的验证码
|
|
LoginUser loginUser = new LoginUser();
|
|
LoginUser loginUser = new LoginUser();
|
|
BeanUtils.copyProperties(sysUser, loginUser);
|
|
BeanUtils.copyProperties(sysUser, loginUser);
|
|
baseCommonService.addLog("用户名: " + username + ",登录成功!", CommonConstant.LOG_TYPE_1, null,loginUser);
|
|
baseCommonService.addLog("用户名: " + username + ",登录成功!", CommonConstant.LOG_TYPE_1, null,loginUser);
|
|
@@ -161,7 +161,7 @@ public class LoginController {
|
|
}
|
|
}
|
|
//update-begin---author:liusq ---date:2022-06-29 for:接口返回值修改,同步修改这里的判断逻辑-----------
|
|
//update-begin---author:liusq ---date:2022-06-29 for:接口返回值修改,同步修改这里的判断逻辑-----------
|
|
//update-end---author:scott ---date::2022-06-20 for:vue3前端,支持自定义首页--------------
|
|
//update-end---author:scott ---date::2022-06-20 for:vue3前端,支持自定义首页--------------
|
|
-
|
|
|
|
|
|
+
|
|
obj.put("userInfo",sysUser);
|
|
obj.put("userInfo",sysUser);
|
|
obj.put("sysAllDictItems", sysDictService.queryAllDictItems());
|
|
obj.put("sysAllDictItems", sysDictService.queryAllDictItems());
|
|
result.setResult(obj);
|
|
result.setResult(obj);
|
|
@@ -170,7 +170,7 @@ public class LoginController {
|
|
return result;
|
|
return result;
|
|
|
|
|
|
}
|
|
}
|
|
-
|
|
|
|
|
|
+
|
|
/**
|
|
/**
|
|
* 退出登录
|
|
* 退出登录
|
|
* @param request
|
|
* @param request
|
|
@@ -204,7 +204,7 @@ public class LoginController {
|
|
return Result.error("Token无效!");
|
|
return Result.error("Token无效!");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
-
|
|
|
|
|
|
+
|
|
/**
|
|
/**
|
|
* 获取访问量
|
|
* 获取访问量
|
|
* @return
|
|
* @return
|
|
@@ -235,7 +235,7 @@ public class LoginController {
|
|
result.success("登录成功");
|
|
result.success("登录成功");
|
|
return result;
|
|
return result;
|
|
}
|
|
}
|
|
-
|
|
|
|
|
|
+
|
|
/**
|
|
/**
|
|
* 获取访问量
|
|
* 获取访问量
|
|
* @return
|
|
* @return
|
|
@@ -256,8 +256,8 @@ public class LoginController {
|
|
result.setResult(oConvertUtils.toLowerCasePageList(list));
|
|
result.setResult(oConvertUtils.toLowerCasePageList(list));
|
|
return result;
|
|
return result;
|
|
}
|
|
}
|
|
-
|
|
|
|
-
|
|
|
|
|
|
+
|
|
|
|
+
|
|
/**
|
|
/**
|
|
* 登陆成功选择用户当前部门
|
|
* 登陆成功选择用户当前部门
|
|
* @param user
|
|
* @param user
|
|
@@ -282,7 +282,7 @@ public class LoginController {
|
|
|
|
|
|
/**
|
|
/**
|
|
* 短信登录接口
|
|
* 短信登录接口
|
|
- *
|
|
|
|
|
|
+ *
|
|
* @param jsonObject
|
|
* @param jsonObject
|
|
* @return
|
|
* @return
|
|
*/
|
|
*/
|
|
@@ -298,12 +298,12 @@ public class LoginController {
|
|
result.setSuccess(false);
|
|
result.setSuccess(false);
|
|
return result;
|
|
return result;
|
|
}
|
|
}
|
|
-
|
|
|
|
|
|
+
|
|
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile;
|
|
String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile;
|
|
Object object = redisUtil.get(redisKey);
|
|
Object object = redisUtil.get(redisKey);
|
|
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
-
|
|
|
|
|
|
+
|
|
if (object != null) {
|
|
if (object != null) {
|
|
result.setMessage("验证码10分钟内,仍然有效!");
|
|
result.setMessage("验证码10分钟内,仍然有效!");
|
|
result.setSuccess(false);
|
|
result.setSuccess(false);
|
|
@@ -337,7 +337,7 @@ public class LoginController {
|
|
}
|
|
}
|
|
return result;
|
|
return result;
|
|
}
|
|
}
|
|
-
|
|
|
|
|
|
+
|
|
/**
|
|
/**
|
|
* smsmode 短信模板方式 0 .登录模板、1.注册模板、2.忘记密码模板
|
|
* smsmode 短信模板方式 0 .登录模板、1.注册模板、2.忘记密码模板
|
|
*/
|
|
*/
|
|
@@ -355,12 +355,12 @@ public class LoginController {
|
|
result.setSuccess(false);
|
|
result.setSuccess(false);
|
|
return result;
|
|
return result;
|
|
}
|
|
}
|
|
-
|
|
|
|
|
|
+
|
|
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
//验证码10分钟内有效
|
|
//验证码10分钟内有效
|
|
redisUtil.set(redisKey, captcha, 600);
|
|
redisUtil.set(redisKey, captcha, 600);
|
|
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
-
|
|
|
|
|
|
+
|
|
//update-begin--Author:scott Date:20190812 for:issues#391
|
|
//update-begin--Author:scott Date:20190812 for:issues#391
|
|
//result.setResult(captcha);
|
|
//result.setResult(captcha);
|
|
//update-end--Author:scott Date:20190812 for:issues#391
|
|
//update-end--Author:scott Date:20190812 for:issues#391
|
|
@@ -373,11 +373,11 @@ public class LoginController {
|
|
}
|
|
}
|
|
return result;
|
|
return result;
|
|
}
|
|
}
|
|
-
|
|
|
|
|
|
+
|
|
|
|
|
|
/**
|
|
/**
|
|
* 手机号登录接口
|
|
* 手机号登录接口
|
|
- *
|
|
|
|
|
|
+ *
|
|
* @param jsonObject
|
|
* @param jsonObject
|
|
* @return
|
|
* @return
|
|
*/
|
|
*/
|
|
@@ -386,14 +386,14 @@ public class LoginController {
|
|
public Result<JSONObject> phoneLogin(@RequestBody JSONObject jsonObject) {
|
|
public Result<JSONObject> phoneLogin(@RequestBody JSONObject jsonObject) {
|
|
Result<JSONObject> result = new Result<JSONObject>();
|
|
Result<JSONObject> result = new Result<JSONObject>();
|
|
String phone = jsonObject.getString("mobile");
|
|
String phone = jsonObject.getString("mobile");
|
|
-
|
|
|
|
|
|
+
|
|
//校验用户有效性
|
|
//校验用户有效性
|
|
SysUser sysUser = sysUserService.getUserByPhone(phone);
|
|
SysUser sysUser = sysUserService.getUserByPhone(phone);
|
|
result = sysUserService.checkUserIsEffective(sysUser);
|
|
result = sysUserService.checkUserIsEffective(sysUser);
|
|
if(!result.isSuccess()) {
|
|
if(!result.isSuccess()) {
|
|
return result;
|
|
return result;
|
|
}
|
|
}
|
|
-
|
|
|
|
|
|
+
|
|
String smscode = jsonObject.getString("captcha");
|
|
String smscode = jsonObject.getString("captcha");
|
|
|
|
|
|
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
@@ -505,13 +505,13 @@ public class LoginController {
|
|
String code = RandomUtil.randomString(BASE_CHECK_CODES,4);
|
|
String code = RandomUtil.randomString(BASE_CHECK_CODES,4);
|
|
//存到redis中
|
|
//存到redis中
|
|
String lowerCaseCode = code.toLowerCase();
|
|
String lowerCaseCode = code.toLowerCase();
|
|
-
|
|
|
|
|
|
+
|
|
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
// 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
|
|
// 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
|
|
String origin = lowerCaseCode+key+jeecgBaseConfig.getSignatureSecret();
|
|
String origin = lowerCaseCode+key+jeecgBaseConfig.getSignatureSecret();
|
|
String realKey = Md5Util.md5Encode(origin, "utf-8");
|
|
String realKey = Md5Util.md5Encode(origin, "utf-8");
|
|
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
-
|
|
|
|
|
|
+
|
|
redisUtil.set(realKey, lowerCaseCode, 60);
|
|
redisUtil.set(realKey, lowerCaseCode, 60);
|
|
log.info("获取验证码,Redis key = {},checkCode = {}", realKey, code);
|
|
log.info("获取验证码,Redis key = {},checkCode = {}", realKey, code);
|
|
//返回前端
|
|
//返回前端
|
|
@@ -535,7 +535,7 @@ public class LoginController {
|
|
sysPermissionService.switchVue3Menu();
|
|
sysPermissionService.switchVue3Menu();
|
|
return res;
|
|
return res;
|
|
}
|
|
}
|
|
-
|
|
|
|
|
|
+
|
|
/**
|
|
/**
|
|
* app登录
|
|
* app登录
|
|
* @param sysLoginModel
|
|
* @param sysLoginModel
|
|
@@ -547,14 +547,14 @@ public class LoginController {
|
|
Result<JSONObject> result = new Result<JSONObject>();
|
|
Result<JSONObject> result = new Result<JSONObject>();
|
|
String username = sysLoginModel.getUsername();
|
|
String username = sysLoginModel.getUsername();
|
|
String password = sysLoginModel.getPassword();
|
|
String password = sysLoginModel.getPassword();
|
|
-
|
|
|
|
|
|
+
|
|
//1. 校验用户是否有效
|
|
//1. 校验用户是否有效
|
|
SysUser sysUser = sysUserService.getUserByName(username);
|
|
SysUser sysUser = sysUserService.getUserByName(username);
|
|
result = sysUserService.checkUserIsEffective(sysUser);
|
|
result = sysUserService.checkUserIsEffective(sysUser);
|
|
if(!result.isSuccess()) {
|
|
if(!result.isSuccess()) {
|
|
return result;
|
|
return result;
|
|
}
|
|
}
|
|
-
|
|
|
|
|
|
+
|
|
//2. 校验用户名或密码是否正确
|
|
//2. 校验用户名或密码是否正确
|
|
String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
|
|
String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
|
|
String syspassword = sysUser.getPassword();
|
|
String syspassword = sysUser.getPassword();
|
|
@@ -562,7 +562,7 @@ public class LoginController {
|
|
result.error500("用户名或密码错误");
|
|
result.error500("用户名或密码错误");
|
|
return result;
|
|
return result;
|
|
}
|
|
}
|
|
-
|
|
|
|
|
|
+
|
|
String orgCode = sysUser.getOrgCode();
|
|
String orgCode = sysUser.getOrgCode();
|
|
if(oConvertUtils.isEmpty(orgCode)) {
|
|
if(oConvertUtils.isEmpty(orgCode)) {
|
|
//如果当前用户无选择部门 查看部门关联信息
|
|
//如果当前用户无选择部门 查看部门关联信息
|
|
@@ -581,7 +581,7 @@ public class LoginController {
|
|
JSONObject obj = new JSONObject();
|
|
JSONObject obj = new JSONObject();
|
|
//用户登录信息
|
|
//用户登录信息
|
|
obj.put("userInfo", sysUser);
|
|
obj.put("userInfo", sysUser);
|
|
-
|
|
|
|
|
|
+
|
|
// 生成token
|
|
// 生成token
|
|
String token = JwtUtil.sign(username, syspassword);
|
|
String token = JwtUtil.sign(username, syspassword);
|
|
// 设置超时时间
|
|
// 设置超时时间
|
|
@@ -671,4 +671,4 @@ public class LoginController {
|
|
return Result.OK(result);
|
|
return Result.OK(result);
|
|
}
|
|
}
|
|
|
|
|
|
-}
|
|
|
|
|
|
+}
|