From b1be47f0a03b52b8df7971fc8174364aa1cc32a0 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期五, 26 十一月 2021 15:06:54 +0800
Subject: [PATCH] !114 接口重复鉴权BUG修复: ResourceConfig中已经配置鉴权拦截器, 添加sa-token-spring-aop会导致重复鉴权BUG Merge pull request !114 from dawn9117/N/A
---
ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java | 135 ++++++++++++++++++++------------------------
1 files changed, 61 insertions(+), 74 deletions(-)
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java
index 886537f..08098dd 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java
@@ -1,127 +1,114 @@
package com.ruoyi.system.service;
+import cn.dev33.satoken.stp.StpUtil;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.core.domain.entity.SysUser;
-import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.core.service.LogininforService;
-import com.ruoyi.common.core.service.TokenService;
+import com.ruoyi.common.enums.DeviceType;
+import com.ruoyi.common.enums.UserStatus;
+import com.ruoyi.common.enums.UserType;
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.exception.user.CaptchaException;
import com.ruoyi.common.exception.user.CaptchaExpireException;
import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
-import com.ruoyi.common.utils.DateUtils;
-import com.ruoyi.common.utils.MessageUtils;
-import com.ruoyi.common.utils.RedisUtils;
-import com.ruoyi.common.utils.ServletUtils;
+import com.ruoyi.common.utils.*;
+import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.stereotype.Component;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.stereotype.Service;
-import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
/**
* 鐧诲綍鏍¢獙鏂规硶
*
- * @author ruoyi
+ * @author Lion Li
*/
-@Component
-public class SysLoginService
-{
+@Slf4j
+@Service
+public class SysLoginService {
+
@Autowired
- private TokenService tokenService;
-
- @Resource
- private AuthenticationManager authenticationManager;
-
- @Autowired
private ISysUserService userService;
- @Autowired
- private ISysConfigService configService;
+ @Autowired
+ private ISysConfigService configService;
- @Autowired
- private LogininforService asyncService;
+ @Autowired
+ private LogininforService asyncService;
/**
* 鐧诲綍楠岃瘉
*
* @param username 鐢ㄦ埛鍚�
* @param password 瀵嗙爜
- * @param code 楠岃瘉鐮�
- * @param uuid 鍞竴鏍囪瘑
+ * @param code 楠岃瘉鐮�
+ * @param uuid 鍞竴鏍囪瘑
* @return 缁撴灉
*/
- public String login(String username, String password, String code, String uuid)
- {
- HttpServletRequest request = ServletUtils.getRequest();
- boolean captchaOnOff = configService.selectCaptchaOnOff();
+ public String login(String username, String password, String code, String uuid) {
+ HttpServletRequest request = ServletUtils.getRequest();
+ boolean captchaOnOff = configService.selectCaptchaOnOff();
// 楠岃瘉鐮佸紑鍏�
- if (captchaOnOff)
- {
+ if (captchaOnOff) {
validateCaptcha(username, code, uuid, request);
}
- // 鐢ㄦ埛楠岃瘉
- Authentication authentication = null;
- try
- {
- // 璇ユ柟娉曚細鍘昏皟鐢║serDetailsServiceImpl.loadUserByUsername
- authentication = authenticationManager
- .authenticate(new UsernamePasswordAuthenticationToken(username, password));
+ SysUser user = userService.selectUserByUserName(username);
+ if (StringUtils.isNull(user)) {
+ log.info("鐧诲綍鐢ㄦ埛锛歿} 涓嶅瓨鍦�.", username);
+ throw new ServiceException("鐧诲綍鐢ㄦ埛锛�" + username + " 涓嶅瓨鍦�");
+ } else if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
+ log.info("鐧诲綍鐢ㄦ埛锛歿} 宸茶鍒犻櫎.", username);
+ throw new ServiceException("瀵逛笉璧凤紝鎮ㄧ殑璐﹀彿锛�" + username + " 宸茶鍒犻櫎");
+ } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
+ log.info("鐧诲綍鐢ㄦ埛锛歿} 宸茶鍋滅敤.", username);
+ throw new ServiceException("瀵逛笉璧凤紝鎮ㄧ殑璐﹀彿锛�" + username + " 宸插仠鐢�");
}
- catch (Exception e)
- {
- if (e instanceof BadCredentialsException)
- {
- asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match"), request);
- throw new UserPasswordNotMatchException();
- }
- else
- {
- asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage(), request);
- throw new ServiceException(e.getMessage());
- }
+ if (!SecurityUtils.matchesPassword(password, user.getPassword())) {
+ asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match"), request);
+ throw new UserPasswordNotMatchException();
}
+
asyncService.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"), request);
- LoginUser loginUser = (LoginUser) authentication.getPrincipal();
- recordLoginInfo(loginUser.getUser());
+ recordLoginInfo(user.getUserId(), username);
// 鐢熸垚token
- return tokenService.createToken(loginUser);
+ LoginUtils.loginByDevice(user.getUserId(), UserType.SYS_USER, DeviceType.PC);
+ return StpUtil.getTokenValue();
}
/**
* 鏍¢獙楠岃瘉鐮�
*
* @param username 鐢ㄦ埛鍚�
- * @param code 楠岃瘉鐮�
- * @param uuid 鍞竴鏍囪瘑
+ * @param code 楠岃瘉鐮�
+ * @param uuid 鍞竴鏍囪瘑
* @return 缁撴灉
*/
public void validateCaptcha(String username, String code, String uuid, HttpServletRequest request) {
- String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid;
- String captcha = RedisUtils.getCacheObject(verifyKey);
+ String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid;
+ String captcha = RedisUtils.getCacheObject(verifyKey);
RedisUtils.deleteObject(verifyKey);
- if (captcha == null) {
- asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"), request);
- throw new CaptchaExpireException();
- }
- if (!code.equalsIgnoreCase(captcha)) {
- asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error"), request);
- throw new CaptchaException();
- }
+ if (captcha == null) {
+ asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"), request);
+ throw new CaptchaExpireException();
+ }
+ if (!code.equalsIgnoreCase(captcha)) {
+ asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error"), request);
+ throw new CaptchaException();
+ }
}
/**
* 璁板綍鐧诲綍淇℃伅
+ *
+ * @param userId 鐢ㄦ埛ID
*/
- public void recordLoginInfo(SysUser user)
- {
- user.setLoginIp(ServletUtils.getClientIP());
- user.setLoginDate(DateUtils.getNowDate());
- user.setUpdateBy(user.getUserName());
- userService.updateUserProfile(user);
+ public void recordLoginInfo(Long userId, String username) {
+ SysUser sysUser = new SysUser();
+ sysUser.setUserId(userId);
+ sysUser.setLoginIp(ServletUtils.getClientIP());
+ sysUser.setLoginDate(DateUtils.getNowDate());
+ sysUser.setUpdateBy(username);
+ userService.updateUserProfile(sysUser);
}
}
--
Gitblit v1.9.3