|
|
@@ -21,6 +21,7 @@ import com.beifan.foxlibc.modules.pojo.webio.io.AuthenticationOut;
|
|
|
import com.beifan.foxlibc.modules.pojo.webio.io.AuthenticationSecUserIn;
|
|
|
import com.beifan.foxlibc.modules.pojo.webio.io.AuthenticationUserIn;
|
|
|
import com.beifan.foxlibc.modules.service.UserService;
|
|
|
+import lombok.extern.slf4j.Slf4j;
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
import org.springframework.beans.factory.annotation.Value;
|
|
|
import org.springframework.web.bind.annotation.PostMapping;
|
|
|
@@ -30,6 +31,7 @@ import org.springframework.web.bind.annotation.RestController;
|
|
|
|
|
|
import javax.validation.Valid;
|
|
|
import java.util.Date;
|
|
|
+import java.util.Map;
|
|
|
import java.util.Objects;
|
|
|
import java.util.regex.Pattern;
|
|
|
|
|
|
@@ -39,6 +41,7 @@ import java.util.regex.Pattern;
|
|
|
* @author lts
|
|
|
*/
|
|
|
@RestController
|
|
|
+@Slf4j
|
|
|
public class AuthenticationController {
|
|
|
|
|
|
@Autowired
|
|
|
@@ -46,7 +49,7 @@ public class AuthenticationController {
|
|
|
|
|
|
// @Value("${foxlibc.debug}") private boolean __DEBUG__;
|
|
|
|
|
|
- @Value("${foxlibc.mlogin}")
|
|
|
+ @Value("${foxlibc.mlogin:false}")
|
|
|
private boolean __M_LOGIN__;
|
|
|
|
|
|
/**
|
|
|
@@ -79,10 +82,13 @@ public class AuthenticationController {
|
|
|
String appid = authenticationCodeIn.getAppid();
|
|
|
UserLogininfo userLogininfo = new UserLogininfo(appid, null, expireTime, appToken, null, null, null);
|
|
|
userService.saveUserLogininfo(userLogininfo);
|
|
|
+ SystemSet systemSet = userService.systemSetting();
|
|
|
+ Boolean verificationCode = systemSet.getVerificationCode();
|
|
|
|
|
|
return R.ok(
|
|
|
"appToken", appToken,
|
|
|
- "expireTime", DateUtils.format(expireTime)
|
|
|
+ "expireTime", DateUtils.format(expireTime),
|
|
|
+ "verificationCode", verificationCode
|
|
|
);
|
|
|
}
|
|
|
|
|
|
@@ -91,7 +97,10 @@ public class AuthenticationController {
|
|
|
*/
|
|
|
@NV_TOKEN
|
|
|
@PostMapping("/valid/token")
|
|
|
- public R<AuthenticationOut> validToken(@RequestHeader("Authorization") String token) {
|
|
|
+ public R<AuthenticationOut> validToken(@RequestHeader Map<String, String> headers) {
|
|
|
+ String token = headers.get("authorization");
|
|
|
+ String authId = headers.get("authid");
|
|
|
+ log.debug("authId: {}", authId);
|
|
|
/* WRAN: 异常信息中的 -C401 是指定返回Code。
|
|
|
如果删除了前端将不能通过 401 判断用户是否过期 */
|
|
|
// Assert.throwIfBool(!jvmCache.contains(CacheConst.TOKEN_BLACKLIST(code)), "-C401 TOKEN已被禁用");
|
|
|
@@ -151,15 +160,17 @@ public class AuthenticationController {
|
|
|
// String verificationCode = jvmCache.get(CacheConst.VERIFICATION_CODE(appToken));
|
|
|
|
|
|
UserLogininfo userLogininfo = userService.queryUserLogininfo(appToken);
|
|
|
- String verificationCode = userLogininfo.getVerificationCode();
|
|
|
- Assert.throwIfBool(verificationCode != null && verificationCode.equals(authenticationUserIn.getVerificationCode()), "验证码错误");
|
|
|
- Date codeExpireTime = userLogininfo.getCodeExpireTime();
|
|
|
- Assert.throwIfBool(!DateUtils.gteq(new Date(), codeExpireTime), "-C401 验证码已过期");
|
|
|
-
|
|
|
- boolean isCheckFull = systemSet.getVerificationCodeAa() ?
|
|
|
- Objects.equals(verificationCode, authenticationUserIn.getVerificationCode()) :
|
|
|
- Objects.equals(verificationCode.toLowerCase(), authenticationUserIn.getVerificationCode().toLowerCase());
|
|
|
- Assert.throwIfBool(isCheckFull, "验证码不正确");
|
|
|
+ if (systemSet.getVerificationCode()) {
|
|
|
+ String verificationCode = userLogininfo.getVerificationCode();
|
|
|
+ Assert.throwIfBool(verificationCode != null && verificationCode.equals(authenticationUserIn.getVerificationCode()), "验证码错误");
|
|
|
+ boolean isCheckFull = systemSet.getVerificationCodeAa() ?
|
|
|
+ Objects.equals(verificationCode, authenticationUserIn.getVerificationCode()) :
|
|
|
+ Objects.equals(verificationCode.toLowerCase(), authenticationUserIn.getVerificationCode().toLowerCase());
|
|
|
+ Assert.throwIfBool(isCheckFull, "验证码不正确");
|
|
|
+ Date codeExpireTime = userLogininfo.getCodeExpireTime();
|
|
|
+ Assert.throwIfBool(!DateUtils.gteq(new Date(), codeExpireTime), "-C401 验证码已过期");
|
|
|
+ }
|
|
|
+
|
|
|
// 查询用户
|
|
|
User u = userService.queryUserByUsername(username);
|
|
|
|
|
|
@@ -201,7 +212,7 @@ public class AuthenticationController {
|
|
|
appLoginInfo.setExpireTime(tokenDate);
|
|
|
|
|
|
/* 如果不允许其他地方登陆的话,删除其他地方登录过的缓存 */
|
|
|
- if (!__M_LOGIN__) {
|
|
|
+ if (Boolean.FALSE.equals(systemSet.getAllowMultipleMachineLogins())) {
|
|
|
userService.deleteUserLogininfoByUserId(userid);
|
|
|
}
|
|
|
|
|
|
@@ -265,15 +276,18 @@ public class AuthenticationController {
|
|
|
SystemSet systemSet = userService.systemSetting();
|
|
|
|
|
|
UserLogininfo userLogininfos = userService.queryUserLogininfosByUserIdPS(userId);
|
|
|
- String verificationCode = userLogininfos.getVerificationCode();
|
|
|
- Assert.throwIfBool(verificationCode != null && verificationCode.equals(authenticationUserIn.getVerificationCode()), "验证码错误");
|
|
|
- Date codeExpireTime = userLogininfos.getCodeExpireTime();
|
|
|
- Assert.throwIfBool(!DateUtils.gteq(new Date(), codeExpireTime), "-C401 验证码已过期");
|
|
|
+ if (systemSet.getVerificationCode()) {
|
|
|
+ String verificationCode = userLogininfos.getVerificationCode();
|
|
|
+ Assert.throwIfBool(verificationCode != null && verificationCode.equals(authenticationUserIn.getVerificationCode()), "验证码错误");
|
|
|
+ boolean isCheckFull = systemSet.getVerificationCodeAa() ?
|
|
|
+ Objects.equals(verificationCode, authenticationUserIn.getVerificationCode()) :
|
|
|
+ Objects.equals(verificationCode.toLowerCase(), authenticationUserIn.getVerificationCode().toLowerCase());
|
|
|
+ Assert.throwIfBool(isCheckFull, "验证码不正确");
|
|
|
+ Date codeExpireTime = userLogininfos.getCodeExpireTime();
|
|
|
+ Assert.throwIfBool(!DateUtils.gteq(new Date(), codeExpireTime), "-C401 验证码已过期");
|
|
|
+ }
|
|
|
+
|
|
|
|
|
|
- boolean isCheckFull = systemSet.getVerificationCodeAa() ?
|
|
|
- Objects.equals(verificationCode, authenticationUserIn.getVerificationCode()) :
|
|
|
- Objects.equals(verificationCode.toLowerCase(), authenticationUserIn.getVerificationCode().toLowerCase());
|
|
|
- Assert.throwIfBool(isCheckFull, "验证码不正确");
|
|
|
|
|
|
/* 验证用户名密码是否可以登录 */
|
|
|
String userid = userService.secsign(userId, authenticationUserIn.getPassword());
|
|
|
@@ -300,12 +314,14 @@ public class AuthenticationController {
|
|
|
@PostMapping("/reset-passwd")
|
|
|
public R<Void> resetPasswd(@Valid @RequestBody ResetPasswdIn resetPasswdIn) {
|
|
|
String userid = userService.idsign(resetPasswdIn.getUserId(), resetPasswdIn.getOriginPassword());
|
|
|
+ SystemSet systemSet = userService.systemSetting();
|
|
|
+ String pwdMatch = systemSet.getPwdCons();
|
|
|
|
|
|
/* 修改密码 */
|
|
|
User user = userService.userQuery(userid);
|
|
|
user.setUserPwd(resetPasswdIn.getNewPassword());
|
|
|
|
|
|
- Assert.throwIfBool(Pattern.matches(PWD_VALID_RGX, user.getUserPwd()), "密码不符合规则");
|
|
|
+ Assert.throwIfBool(Pattern.matches(pwdMatch, user.getUserPwd()), "密码不符合规则");
|
|
|
String pwd = StringUtils.toLowerCase(DoubleCoder.MD5(resetPasswdIn.getNewPassword()));
|
|
|
|
|
|
userService.updateUserPwd(userid, pwd);
|
|
|
@@ -323,8 +339,9 @@ public class AuthenticationController {
|
|
|
/* 修改密码 */
|
|
|
User user = userService.userQuery(userid);
|
|
|
user.setUserPwd(resetPasswdIn.getNewPassword());
|
|
|
-
|
|
|
- Assert.throwIfBool(Pattern.matches(PWD_VALID_RGX, user.getUserPwd()), "密码不符合规则");
|
|
|
+ SystemSet systemSet = userService.systemSetting();
|
|
|
+ String pwdMatch = systemSet.getPwdCons();
|
|
|
+ Assert.throwIfBool(Pattern.matches(pwdMatch, user.getUserPwd()), "密码不符合规则");
|
|
|
String pwd = StringUtils.toLowerCase(DoubleCoder.MD5(resetPasswdIn.getNewPassword()));
|
|
|
|
|
|
userService.updateUserSecPwd(userid, pwd);
|
