From 4f0a584efcbe51c5c232ab6f75a8d760b15d5e03 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期五, 01 四月 2022 17:57:00 +0800
Subject: [PATCH] update springboot 2.6.5 => 2.6.6 修复 CVE-2022-22965 漏洞
---
ruoyi-system/src/main/java/com/ruoyi/system/service/SysRegisterService.java | 112 ++++++++++++++++++++++---------------------------------
1 files changed, 45 insertions(+), 67 deletions(-)
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/SysRegisterService.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/SysRegisterService.java
index 8171cb0..8c7274e 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/SysRegisterService.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/SysRegisterService.java
@@ -1,108 +1,86 @@
package com.ruoyi.system.service;
+import cn.dev33.satoken.secure.BCrypt;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.UserConstants;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.RegisterBody;
import com.ruoyi.common.core.service.LogininforService;
+import com.ruoyi.common.enums.UserType;
import com.ruoyi.common.exception.user.CaptchaException;
import com.ruoyi.common.exception.user.CaptchaExpireException;
-import com.ruoyi.common.utils.*;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
+import com.ruoyi.common.exception.user.UserException;
+import com.ruoyi.common.utils.MessageUtils;
+import com.ruoyi.common.utils.ServletUtils;
+import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.redis.RedisUtils;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+import javax.servlet.http.HttpServletRequest;
/**
* 娉ㄥ唽鏍¢獙鏂规硶
*
- * @author ruoyi
+ * @author Lion Li
*/
-@Component
-public class SysRegisterService
-{
- @Autowired
- private ISysUserService userService;
+@RequiredArgsConstructor
+@Service
+public class SysRegisterService {
- @Autowired
- private ISysConfigService configService;
-
- @Autowired
- private LogininforService asyncService;
+ private final ISysUserService userService;
+ private final ISysConfigService configService;
+ private final LogininforService asyncService;
/**
* 娉ㄥ唽
*/
- public String register(RegisterBody registerBody)
- {
- String msg = "", username = registerBody.getUsername(), password = registerBody.getPassword();
+ public void register(RegisterBody registerBody) {
+ HttpServletRequest request = ServletUtils.getRequest();
+ String username = registerBody.getUsername();
+ String password = registerBody.getPassword();
+ // 鏍¢獙鐢ㄦ埛绫诲瀷鏄惁瀛樺湪
+ String userType = UserType.getUserType(registerBody.getUserType()).getUserType();
boolean captchaOnOff = configService.selectCaptchaOnOff();
// 楠岃瘉鐮佸紑鍏�
- if (captchaOnOff)
- {
- validateCaptcha(username, registerBody.getCode(), registerBody.getUuid());
+ if (captchaOnOff) {
+ validateCaptcha(username, registerBody.getCode(), registerBody.getUuid(), request);
}
- if (StringUtils.isEmpty(username))
- {
- msg = "鐢ㄦ埛鍚嶄笉鑳戒负绌�";
+ if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(username))) {
+ throw new UserException("user.register.save.error", username);
}
- else if (StringUtils.isEmpty(password))
- {
- msg = "鐢ㄦ埛瀵嗙爜涓嶈兘涓虹┖";
+ SysUser sysUser = new SysUser();
+ sysUser.setUserName(username);
+ sysUser.setNickName(username);
+ sysUser.setPassword(BCrypt.hashpw(password));
+ sysUser.setUserType(userType);
+ boolean regFlag = userService.registerUser(sysUser);
+ if (!regFlag) {
+ throw new UserException("user.register.error");
}
- else if (username.length() < UserConstants.USERNAME_MIN_LENGTH
- || username.length() > UserConstants.USERNAME_MAX_LENGTH)
- {
- msg = "璐︽埛闀垮害蹇呴』鍦�2鍒�20涓瓧绗︿箣闂�";
- }
- else if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
- || password.length() > UserConstants.PASSWORD_MAX_LENGTH)
- {
- msg = "瀵嗙爜闀垮害蹇呴』鍦�5鍒�20涓瓧绗︿箣闂�";
- }
- else if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(username)))
- {
- msg = "淇濆瓨鐢ㄦ埛'" + username + "'澶辫触锛屾敞鍐岃处鍙峰凡瀛樺湪";
- }
- else
- {
- SysUser sysUser = new SysUser();
- sysUser.setUserName(username);
- sysUser.setNickName(username);
- sysUser.setPassword(SecurityUtils.encryptPassword(registerBody.getPassword()));
- boolean regFlag = userService.registerUser(sysUser);
- if (!regFlag)
- {
- msg = "娉ㄥ唽澶辫触,璇疯仈绯荤郴缁熺鐞嗕汉鍛�";
- }
- else
- {
- asyncService.recordLogininfor(username, Constants.REGISTER,
- MessageUtils.message("user.register.success"), ServletUtils.getRequest());
- }
- }
- return msg;
+ asyncService.recordLogininfor(username, Constants.REGISTER, MessageUtils.message("user.register.success"), request);
}
/**
* 鏍¢獙楠岃瘉鐮�
*
* @param username 鐢ㄦ埛鍚�
- * @param code 楠岃瘉鐮�
- * @param uuid 鍞竴鏍囪瘑
+ * @param code 楠岃瘉鐮�
+ * @param uuid 鍞竴鏍囪瘑
* @return 缁撴灉
*/
- public void validateCaptcha(String username, String code, String uuid)
- {
- String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid;
+ public void validateCaptcha(String username, String code, String uuid, HttpServletRequest request) {
+ String verifyKey = Constants.CAPTCHA_CODE_KEY + StringUtils.defaultString(uuid, "");
String captcha = RedisUtils.getCacheObject(verifyKey);
RedisUtils.deleteObject(verifyKey);
- if (captcha == null)
- {
+ if (captcha == null) {
+ asyncService.recordLogininfor(username, Constants.REGISTER, MessageUtils.message("user.jcaptcha.expire"), request);
throw new CaptchaExpireException();
}
- if (!code.equalsIgnoreCase(captcha))
- {
+ if (!code.equalsIgnoreCase(captcha)) {
+ asyncService.recordLogininfor(username, Constants.REGISTER, MessageUtils.message("user.jcaptcha.error"), request);
throw new CaptchaException();
}
}
--
Gitblit v1.9.3