兰宝车间质量管理系统
上一版本: 588a4789 | 补丁 | 提交 | 忽略空白
疯狂的狮子Li
2024-08-01 b886f3a04b5b3b109cb0b1a8989f8c71e5f73d89 
fix 修复 登录错误锁定不区分租户问题
已修改8个文件
175 ■■■■ 文件已修改
ruoyi-admin/src/main/java/org/dromara/web/service/SysLoginService.java 20 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史
ruoyi-admin/src/main/java/org/dromara/web/service/impl/EmailAuthStrategy.java 36 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史
ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java 33 ●●●● 补丁 | 查看 | 原始文档 | blame | 历史
ruoyi-admin/src/main/java/org/dromara/web/service/impl/SmsAuthStrategy.java 36 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史
ruoyi-admin/src/main/java/org/dromara/web/service/impl/SocialAuthStrategy.java 32 ●●●● 补丁 | 查看 | 原始文档 | blame | 历史
ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/constant/CacheConstants.java 5 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史
ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/constant/GlobalConstants.java 5 ●●●●● 补丁 | 查看 | 原始文档 | blame | 历史
ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/monitor/SysLogininforController.java 8 ●●●● 补丁 | 查看 | 原始文档 | blame | 历史 
 ruoyi-admin/src/main/java/org/dromara/web/service/SysLoginService.java


@@ -4,13 +4,14 @@


import cn.dev33.satoken.stp.StpUtil;


import cn.hutool.core.bean.BeanUtil;


import cn.hutool.core.collection.CollUtil;


import cn.hutool.core.lang.Opt;


import cn.hutool.core.util.ObjectUtil;


import com.baomidou.lock.annotation.Lock4j;


import lombok.RequiredArgsConstructor;


import lombok.extern.slf4j.Slf4j;


import me.zhyd.oauth.model.AuthUser;


import org.dromara.common.core.constant.CacheConstants;


import org.dromara.common.core.constant.Constants;


import org.dromara.common.core.constant.GlobalConstants;


import org.dromara.common.core.constant.TenantConstants;


import org.dromara.common.core.domain.dto.RoleDTO;


import org.dromara.common.core.domain.model.LoginUser;


@@ -155,16 +156,11 @@


        loginUser.setUserType(user.getUserType());


        loginUser.setMenuPermission(permissionService.getMenuPermission(user.getUserId()));


        loginUser.setRolePermission(permissionService.getRolePermission(user.getUserId()));


        TenantHelper.dynamic(user.getTenantId(), () -> {


            SysDeptVo dept = null;


            if (ObjectUtil.isNotNull(user.getDeptId())) {


                dept = deptService.selectDeptById(user.getDeptId());


            }


            loginUser.setDeptName(ObjectUtil.isNull(dept) ? "" : dept.getDeptName());


            loginUser.setDeptCategory(ObjectUtil.isNull(dept) ? "" : dept.getDeptCategory());


            List<SysRoleVo> roles = roleService.selectRolesByUserId(user.getUserId());


            loginUser.setRoles(BeanUtil.copyToList(roles, RoleDTO.class));


        });


        Opt<SysDeptVo> deptOpt = Opt.of(user.getDeptId()).map(deptService::selectDeptById);


        loginUser.setDeptName(deptOpt.map(SysDeptVo::getDeptName).orElse(StringUtils.EMPTY));


        loginUser.setDeptCategory(deptOpt.map(SysDeptVo::getDeptCategory).orElse(StringUtils.EMPTY));


        List<SysRoleVo> roles = roleService.selectRolesByUserId(user.getUserId());


        loginUser.setRoles(BeanUtil.copyToList(roles, RoleDTO.class));


        return loginUser;


    }




@@ -186,7 +182,7 @@


     * 登录校验


     */


    public void checkLogin(LoginType loginType, String tenantId, String username, Supplier<Boolean> supplier) {


        String errorKey = GlobalConstants.PWD_ERR_CNT_KEY + username;


        String errorKey = CacheConstants.PWD_ERR_CNT_KEY + username;


        String loginFail = Constants.LOGIN_FAIL;




        // 获取用户登录错误次数,默认为0 (可自定义限制策略 例如: key + username + ip)




 ruoyi-admin/src/main/java/org/dromara/web/service/impl/EmailAuthStrategy.java


@@ -21,7 +21,6 @@


import org.dromara.common.redis.utils.RedisUtils;


import org.dromara.common.satoken.utils.LoginHelper;


import org.dromara.common.tenant.helper.TenantHelper;


import org.dromara.system.domain.SysClient;


import org.dromara.system.domain.SysUser;


import org.dromara.system.domain.vo.SysClientVo;


import org.dromara.system.domain.vo.SysUserVo;


@@ -51,13 +50,12 @@


        String tenantId = loginBody.getTenantId();


        String email = loginBody.getEmail();


        String emailCode = loginBody.getEmailCode();




        // 通过邮箱查找用户


        SysUserVo user = loadUserByEmail(tenantId, email);




        loginService.checkLogin(LoginType.EMAIL, tenantId, user.getUserName(), () -> !validateEmailCode(tenantId, email, emailCode));


        // 此处可根据登录用户的数据不同 自行创建 loginUser 属性不够用继承扩展就行了


        LoginUser loginUser = loginService.buildLoginUser(user);


        LoginUser loginUser = TenantHelper.dynamic(tenantId, () -> {


            SysUserVo user = loadUserByEmail(email);


            loginService.checkLogin(LoginType.EMAIL, tenantId, user.getUserName(), () -> !validateEmailCode(tenantId, email, emailCode));


            // 此处可根据登录用户的数据不同 自行创建 loginUser 属性不够用继承扩展就行了


            return loginService.buildLoginUser(user);


        });


        loginUser.setClientKey(client.getClientKey());


        loginUser.setDeviceType(client.getDeviceType());


        SaLoginModel model = new SaLoginModel();


@@ -89,18 +87,16 @@


        return code.equals(emailCode);


    }




    private SysUserVo loadUserByEmail(String tenantId, String email) {


        return TenantHelper.dynamic(tenantId, () -> {


            SysUserVo user = userMapper.selectVoOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getEmail, email));


            if (ObjectUtil.isNull(user)) {


                log.info("登录用户:{} 不存在.", email);


                throw new UserException("user.not.exists", email);


            } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {


                log.info("登录用户:{} 已被停用.", email);


                throw new UserException("user.blocked", email);


            }


            return user;


        });


    private SysUserVo loadUserByEmail(String email) {


        SysUserVo user = userMapper.selectVoOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getEmail, email));


        if (ObjectUtil.isNull(user)) {


            log.info("登录用户:{} 不存在.", email);


            throw new UserException("user.not.exists", email);


        } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {


            log.info("登录用户:{} 已被停用.", email);


            throw new UserException("user.blocked", email);


        }


        return user;


    }




}




 ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java


@@ -62,11 +62,12 @@


        if (captchaEnabled) {


            validateCaptcha(tenantId, username, code, uuid);


        }




        SysUserVo user = loadUserByUsername(tenantId, username);


        loginService.checkLogin(LoginType.PASSWORD, tenantId, username, () -> !BCrypt.checkpw(password, user.getPassword()));


        // 此处可根据登录用户的数据不同 自行创建 loginUser


        LoginUser loginUser = loginService.buildLoginUser(user);


        LoginUser loginUser = TenantHelper.dynamic(tenantId, () -> {


            SysUserVo user = loadUserByUsername(username);


            loginService.checkLogin(LoginType.PASSWORD, tenantId, username, () -> !BCrypt.checkpw(password, user.getPassword()));


            // 此处可根据登录用户的数据不同 自行创建 loginUser


            return loginService.buildLoginUser(user);


        });


        loginUser.setClientKey(client.getClientKey());


        loginUser.setDeviceType(client.getDeviceType());


        SaLoginModel model = new SaLoginModel();


@@ -107,18 +108,16 @@


        }


    }




    private SysUserVo loadUserByUsername(String tenantId, String username) {


        return TenantHelper.dynamic(tenantId, () -> {


            SysUserVo user = userMapper.selectVoOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getUserName, username));


            if (ObjectUtil.isNull(user)) {


                log.info("登录用户:{} 不存在.", username);


                throw new UserException("user.not.exists", username);


            } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {


                log.info("登录用户:{} 已被停用.", username);


                throw new UserException("user.blocked", username);


            }


            return user;


        });


    private SysUserVo loadUserByUsername(String username) {


        SysUserVo user = userMapper.selectVoOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getUserName, username));


        if (ObjectUtil.isNull(user)) {


            log.info("登录用户:{} 不存在.", username);


            throw new UserException("user.not.exists", username);


        } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {


            log.info("登录用户:{} 已被停用.", username);


            throw new UserException("user.blocked", username);


        }


        return user;


    }




}




 ruoyi-admin/src/main/java/org/dromara/web/service/impl/SmsAuthStrategy.java


@@ -21,7 +21,6 @@


import org.dromara.common.redis.utils.RedisUtils;


import org.dromara.common.satoken.utils.LoginHelper;


import org.dromara.common.tenant.helper.TenantHelper;


import org.dromara.system.domain.SysClient;


import org.dromara.system.domain.SysUser;


import org.dromara.system.domain.vo.SysClientVo;


import org.dromara.system.domain.vo.SysUserVo;


@@ -51,13 +50,12 @@


        String tenantId = loginBody.getTenantId();


        String phonenumber = loginBody.getPhonenumber();


        String smsCode = loginBody.getSmsCode();




        // 通过手机号查找用户


        SysUserVo user = loadUserByPhonenumber(tenantId, phonenumber);




        loginService.checkLogin(LoginType.SMS, tenantId, user.getUserName(), () -> !validateSmsCode(tenantId, phonenumber, smsCode));


        // 此处可根据登录用户的数据不同 自行创建 loginUser 属性不够用继承扩展就行了


        LoginUser loginUser = loginService.buildLoginUser(user);


        LoginUser loginUser = TenantHelper.dynamic(tenantId, () -> {


            SysUserVo user = loadUserByPhonenumber(phonenumber);


            loginService.checkLogin(LoginType.SMS, tenantId, user.getUserName(), () -> !validateSmsCode(tenantId, phonenumber, smsCode));


            // 此处可根据登录用户的数据不同 自行创建 loginUser 属性不够用继承扩展就行了


            return loginService.buildLoginUser(user);


        });


        loginUser.setClientKey(client.getClientKey());


        loginUser.setDeviceType(client.getDeviceType());


        SaLoginModel model = new SaLoginModel();


@@ -89,18 +87,16 @@


        return code.equals(smsCode);


    }




    private SysUserVo loadUserByPhonenumber(String tenantId, String phonenumber) {


        return TenantHelper.dynamic(tenantId, () -> {


            SysUserVo user = userMapper.selectVoOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getPhonenumber, phonenumber));


            if (ObjectUtil.isNull(user)) {


                log.info("登录用户:{} 不存在.", phonenumber);


                throw new UserException("user.not.exists", phonenumber);


            } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {


                log.info("登录用户:{} 已被停用.", phonenumber);


                throw new UserException("user.blocked", phonenumber);


            }


            return user;


        });


    private SysUserVo loadUserByPhonenumber(String phonenumber) {


        SysUserVo user = userMapper.selectVoOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getPhonenumber, phonenumber));


        if (ObjectUtil.isNull(user)) {


            log.info("登录用户:{} 不存在.", phonenumber);


            throw new UserException("user.not.exists", phonenumber);


        } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {


            log.info("登录用户:{} 已被停用.", phonenumber);


            throw new UserException("user.blocked", phonenumber);


        }


        return user;


    }




}




 ruoyi-admin/src/main/java/org/dromara/web/service/impl/SocialAuthStrategy.java


@@ -92,11 +92,11 @@


        } else {


            social = list.get(0);


        }


        // 查找用户


        SysUserVo user = loadUser(social.getTenantId(), social.getUserId());




        // 此处可根据登录用户的数据不同 自行创建 loginUser 属性不够用继承扩展就行了


        LoginUser loginUser = loginService.buildLoginUser(user);


        LoginUser loginUser = TenantHelper.dynamic(social.getTenantId(), () -> {


            SysUserVo user = loadUser(social.getUserId());


            // 此处可根据登录用户的数据不同 自行创建 loginUser 属性不够用继承扩展就行了


            return loginService.buildLoginUser(user);


        });


        loginUser.setClientKey(client.getClientKey());


        loginUser.setDeviceType(client.getDeviceType());


        SaLoginModel model = new SaLoginModel();


@@ -116,18 +116,16 @@


        return loginVo;


    }




    private SysUserVo loadUser(String tenantId, Long userId) {


        return TenantHelper.dynamic(tenantId, () -> {


            SysUserVo user = userMapper.selectVoById(userId);


            if (ObjectUtil.isNull(user)) {


                log.info("登录用户:{} 不存在.", "");


                throw new UserException("user.not.exists", "");


            } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {


                log.info("登录用户:{} 已被停用.", "");


                throw new UserException("user.blocked", "");


            }


            return user;


        });


    private SysUserVo loadUser(Long userId) {


        SysUserVo user = userMapper.selectVoById(userId);


        if (ObjectUtil.isNull(user)) {


            log.info("登录用户:{} 不存在.", "");


            throw new UserException("user.not.exists", "");


        } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {


            log.info("登录用户:{} 已被停用.", "");


            throw new UserException("user.blocked", "");


        }


        return user;


    }




}




 ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/constant/CacheConstants.java


@@ -22,4 +22,9 @@


     */


    String SYS_DICT_KEY = "sys_dict:";




    /**


     * 登录账户密码错误次数 redis key


     */


    String PWD_ERR_CNT_KEY = "pwd_err_cnt:";




}




 ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/constant/GlobalConstants.java


@@ -28,11 +28,6 @@


    String RATE_LIMIT_KEY = GLOBAL_REDIS_KEY + "rate_limit:";




    /**


     * 登录账户密码错误次数 redis key


     */


    String PWD_ERR_CNT_KEY = GLOBAL_REDIS_KEY + "pwd_err_cnt:";




    /**


     * 三方认证 redis key


     */


    String SOCIAL_AUTH_CODE_KEY = GLOBAL_REDIS_KEY + "social_auth_codes:";




 ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/monitor/SysLogininforController.java


@@ -1,7 +1,9 @@


package org.dromara.system.controller.monitor;




import cn.dev33.satoken.annotation.SaCheckPermission;


import org.dromara.common.core.constant.GlobalConstants;


import jakarta.servlet.http.HttpServletResponse;


import lombok.RequiredArgsConstructor;


import org.dromara.common.core.constant.CacheConstants;


import org.dromara.common.core.domain.R;


import org.dromara.common.excel.utils.ExcelUtil;


import org.dromara.common.log.annotation.Log;


@@ -13,8 +15,6 @@


import org.dromara.system.domain.bo.SysLogininforBo;


import org.dromara.system.domain.vo.SysLogininforVo;


import org.dromara.system.service.ISysLogininforService;


import jakarta.servlet.http.HttpServletResponse;


import lombok.RequiredArgsConstructor;


import org.springframework.validation.annotation.Validated;


import org.springframework.web.bind.annotation.*;




@@ -79,7 +79,7 @@


    @Log(title = "账户解锁", businessType = BusinessType.OTHER)


    @GetMapping("/unlock/{userName}")


    public R<Void> unlock(@PathVariable("userName") String userName) {


        String loginName = GlobalConstants.PWD_ERR_CNT_KEY + userName;


        String loginName = CacheConstants.PWD_ERR_CNT_KEY + userName;


        if (RedisUtils.hasKey(loginName)) {


            RedisUtils.deleteObject(loginName);


        }