Skip to content

G
gdtel-gztel-school-center
Commit 30f76dde by 黄森林
Options

微信登录

parent 2b0d6526
Showing with 399 additions and 161 deletions
apply-net/src/main/java/com/winsun/controller/RongHeController.java
......@@ -1029,7 +1029,7 @@ public class RongHeController {
log.info("融合下单接口,返回信息:" + httpResult);
resultDataJson = JSONObject.parseObject(httpResult);
} catch (Exception e) {
System.out.println("融合下单接口接口异常");
log.error("融合下单接口接口异常");
e.printStackTrace();
} finally {
httpPost.releaseConnection();
......
common/src/main/java/com/winsun/bean/HhrUser.java
......@@ -3,6 +3,7 @@ package com.winsun.bean;
import com.baomidou.mybatisplus.annotations.TableField;
import com.baomidou.mybatisplus.annotations.TableId;
import com.baomidou.mybatisplus.annotations.TableName;
import com.baomidou.mybatisplus.enums.FieldFill;
import com.baomidou.mybatisplus.enums.IdType;
import lombok.Data;
......@@ -39,8 +40,10 @@ public class HhrUser implements Serializable{
private String wxHeadImgUrl;
/**
* mybatis 可以跟新为空
* 公众号openid
*/
@TableField(fill = FieldFill.UPDATE)
private String openId;
/**
......
common/src/main/java/com/winsun/utils/HttpHelper.java
......@@ -61,9 +61,9 @@ public class HttpHelper {
HttpEntity entity = response.getEntity(); //reponse返回的数据在entity中
if (entity != null) {
String resultStr = EntityUtils.toString(entity, "utf-8"); //将数据转化为string格式
// log.info("GET请求结果:"+resultStr);
log.info("GET请求结果:"+resultStr);
JSONObject result = JSON.parseObject(resultStr); //将String转换为 JSONObject
log.info("GET请求结果:"+resultStr);
if(result.getInteger("errcode")==null) {
return result;
}else if (0 == result.getInteger("errcode")) {
......
core-service/src/main/java/com/winsun/item/modular/intercept/LoginInterceptor.java
......@@ -28,7 +28,7 @@ public class LoginInterceptor extends HandlerInterceptorAdapter {
//登录验证码标识
private static String CODE="getPhoneCode";
private static String CODE = "getPhoneCode";
@Autowired
public StringRedisTemplate stringRedisTemplate;
......@@ -36,24 +36,56 @@ public class LoginInterceptor extends HandlerInterceptorAdapter {
@Autowired
private IUserService userService;
private static String GETPHONECODE = "getPhoneCode";
//5分钟内有效
private static long CODETIME=1000 * 60*5;
private static long CODETIME = 1000 * 60 * 5;
//短信验证码错误key
private static String ERRCODENAME="ERRCODENAME";
private static String ERRCODENAME = "ERRCODENAME";
//短信验证码输入错误次数
private static int ERRACCOUNT=10;
private static int ERRACCOUNT = 10;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
Object openId = request.getParameter("openId");
if (openId != null) {
return true;
}
Map<String, Object> map = new HashMap<>();
Object verificationCode = request.getParameter("verificationCode");
if (verificationCode != null) {
String str = stringRedisTemplate.opsForValue().get(request.getParameter("username").trim() + GETPHONECODE);
if (StringUtils.isBlank(str)) {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=utf-8");
PrintWriter writer = response.getWriter();
log.info("获取redis 手机验证码失败");
map.put("code", 500);
map.put("message", "请再次获取手机验证码");
Object toJSON = JSON.toJSON(map);
writer.write(toJSON.toString());
return false;
} else {
if (!str.equals(verificationCode.toString())) {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=utf-8");
PrintWriter writer = response.getWriter();
map.put("code", 500);
map.put("message", "验证码错误");
Object toJSON = JSON.toJSON(map);
writer.write(toJSON.toString());
return false;
}
}
return true;
}
Object username = request.getParameter("username");
if (username==null){
if (username == null) {
return false;
}
Map<String, Object> map = new HashMap<>();
//短信验证码
if (request.getParameter("phonecode")==null){
if (request.getParameter("phonecode") == null) {
//new ErrorTip(500, "短信验证码不能为空!");
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=utf-8");
......@@ -80,7 +112,7 @@ public class LoginInterceptor extends HandlerInterceptorAdapter {
//存放redis验证码
String rediscode = stringRedisTemplate.opsForValue().get(username + CODE);
if (StringUtils.isBlank(rediscode)){
if (StringUtils.isBlank(rediscode)) {
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=utf-8");
PrintWriter writer = response.getWriter();
......@@ -94,25 +126,25 @@ public class LoginInterceptor extends HandlerInterceptorAdapter {
}
phonecode = phonecodeDecrypt.getData();
if (!rediscode.equals(phonecode)) {
log.info("获取redis数据和 手机验证码不一致,用户名:{} redis存放验证码: {} 用户输入验证码: {}",username,rediscode,phonecode);
log.info("获取redis数据和 手机验证码不一致,用户名:{} redis存放验证码: {} 用户输入验证码: {}", username, rediscode, phonecode);
String errcount = stringRedisTemplate.opsForValue().get(ERRCODENAME + username);
if (StringUtils.isBlank(errcount)){
errcount="1";
stringRedisTemplate.opsForValue().set(ERRCODENAME+username,errcount);
}else if (Integer.valueOf(errcount)<ERRACCOUNT){
errcount =String.valueOf(Integer.valueOf(errcount)+1);
stringRedisTemplate.opsForValue().set(ERRCODENAME+username,errcount);
}else if (Integer.valueOf(errcount)==ERRACCOUNT){
errcount=String.valueOf(ERRACCOUNT);
if (StringUtils.isBlank(errcount)) {
errcount = "1";
stringRedisTemplate.opsForValue().set(ERRCODENAME + username, errcount);
} else if (Integer.valueOf(errcount) < ERRACCOUNT) {
errcount = String.valueOf(Integer.valueOf(errcount) + 1);
stringRedisTemplate.opsForValue().set(ERRCODENAME + username, errcount);
} else if (Integer.valueOf(errcount) == ERRACCOUNT) {
errcount = String.valueOf(ERRACCOUNT);
String code = username + CODE;
stringRedisTemplate.delete(code);
stringRedisTemplate.delete(ERRCODENAME+username);
stringRedisTemplate.delete(ERRCODENAME + username);
}
response.setCharacterEncoding("UTF-8");
response.setContentType("text/html;charset=utf-8");
PrintWriter writer = response.getWriter();
map.put("code", 500);
map.put("message", "登录失败,手机验证码第"+errcount+"次不正确");
map.put("message", "登录失败,手机验证码第" + errcount + "次不正确");
Object toJSON = JSON.toJSON(map);
writer.write(toJSON.toString());
return false;
......@@ -121,5 +153,4 @@ public class LoginInterceptor extends HandlerInterceptorAdapter {
}
}
core-service/src/main/java/com/winsun/item/modular/system/controller/GetPhoneCodeController.java
......@@ -5,6 +5,7 @@ import com.winsun.auth.core.base.controller.BaseController;
import com.winsun.auth.core.common.model.ResponseData;
import com.winsun.auth.core.util.DateUtil;
import com.winsun.auth.model.user.User;
import com.winsun.item.core.shiro.MyWebSessionManager;
import com.winsun.item.core.shiro.ShiroKit;
import com.winsun.item.core.util.ResponseEntity;
import com.winsun.item.modular.system.service.IUserService;
......@@ -108,6 +109,54 @@ public class GetPhoneCodeController extends BaseController {
return sent;
}
@RequestMapping(value = "/getPhoneCodeY",method = RequestMethod.POST)
public Object phoneLoginCodeY(@RequestParam("username") String username){
EntityWrapper<User> userwrapper = new EntityWrapper<>();
userwrapper.eq("account",username);
List<User> users = userService.selectList(userwrapper);
if (CollectionUtils.isEmpty(users)){
return ResponseEntity.newJSON("code", 400, "message", "账号错误!");
}
User user = users.get(0);
//5分钟内有效
String code = username + CODE;
String verificationCode=null;
if (username.equals("admin")){
//只有admin验证码有后门 验证码规则:当前月份日期小时例如 011415
verificationCode= DateUtil.formatDate(new Date(),"MMddHH");
}else {
verificationCode = String.valueOf((int) ((Math.random() * 9 + 1) * 100000));
}
Long expire = stringRedisTemplate.getExpire(code);
//验证码 有效时间是五分钟倒计时
if (expire>(60*4)){
return ResponseEntity.newJSON("code", 400, "message", "请勿频繁发送手机验证码操作!");
}
stringRedisTemplate.opsForValue().set(code, verificationCode, CODETIME, TimeUnit.MILLISECONDS);
Map<String, Object> sent=new HashMap<>();
sent.put("code",400);
try {
if (username.equals("admin")){
sent.put("message", "发送成功");
sent.put("code", 200);
}else {
if (user.getPhone().length() == 11){
SendSmsAndMail.sendSms(user.getPhone(), verificationCode, "7");
sent.put("message", "发送成功");
sent.put("code", 200);
}else {
sent.put("message","当前用户手机号码不合法!");
}
}
}catch (Exception e){
log.info("错误信息:{}",e.getMessage());
sent.put("message","手机短信发送失败");
}
return sent;
}
/**
* 修改用户密码发送验证码
* @return
......
core-service/src/main/java/com/winsun/item/modular/system/controller/LoginPwdController.java
......@@ -2,29 +2,40 @@ package com.winsun.item.modular.system.controller;
import cn.hutool.core.util.StrUtil;
import cn.hutool.http.HttpRequest;
import cn.hutool.http.HttpResponse;
import cn.hutool.json.JSONObject;
import cn.hutool.json.JSONUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.mapper.EntityWrapper;
import com.baomidou.mybatisplus.mapper.Wrapper;
import com.winsun.auth.core.annotion.Permission;
import com.winsun.auth.core.base.controller.BaseController;
import com.winsun.auth.core.common.model.ResponseData;
import com.winsun.auth.core.util.DateUtil;
import com.winsun.auth.core.util.MD5Util;
import com.winsun.auth.model.user.User;
import com.winsun.auth.model.user.UserUpdatePwd;
import com.winsun.bean.HhrUser;
import com.winsun.bean.SysUser;
import com.winsun.item.core.shiro.ShiroKit;
import com.winsun.item.core.util.AccLoginUtil;
import com.winsun.item.core.util.ResponseEntity;
import com.winsun.item.modular.system.service.IUserService;
import com.winsun.item.util.LoginUtils;
import com.winsun.mapper.HhrUserMapper;
import com.winsun.mapper.SysUserMapper;
import com.winsun.smsUtils.HttpUtil;
import com.winsun.smsUtils.SendSmsAndMail;
import com.winsun.utils.HttpHelper;
import com.winsun.utils.MyBatisPlusUpdateUtils;
import com.winsun.utils.PicturesUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.ui.Model;
......@@ -32,17 +43,17 @@ import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.web.bind.annotation.*;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URLEncoder;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.*;
import java.util.concurrent.TimeUnit;
/**
......@@ -56,117 +67,241 @@ public class LoginPwdController extends BaseController {
private static SysUserMapper sysUserMapper;
@Autowired
private IUserService userService;
private static IUserService userService;
@Autowired
private StringRedisTemplate stringRedisTemplate;
private static StringRedisTemplate stringRedisTemplate;
private static HhrUserMapper hhrUserMapper;
private static String CODE = "verificationCode";
private static String CODE="verificationCode";
private static String ERRCODENAME = "ForgeERRCODENAME";
private static String ERRCODENAME="ForgeERRCODENAME";
private static long CODETIME = 1000 * 60 * 5;
private static long CODETIME=1000 * 60*5;
private static int ERRACCOUNT = 10;
private static int ERRACCOUNT=10;
private static String APPID = "wxfc18f5186b729d15";
private static String APPSECRET = "122278f3fb555468848ff040620505ad";
//登录验证码标识
private static String GETPHONECODE = "getPhoneCode";
@Autowired
public LoginPwdController(SysUserMapper sysUserMapper){
LoginPwdController.sysUserMapper=sysUserMapper;
public LoginPwdController(SysUserMapper sysUserMapper, IUserService userService, StringRedisTemplate stringRedisTemplate, HhrUserMapper hhrUserMapper) {
LoginPwdController.sysUserMapper = sysUserMapper;
LoginPwdController.userService = userService;
LoginPwdController.hhrUserMapper = hhrUserMapper;
LoginPwdController.stringRedisTemplate = stringRedisTemplate;
}
/**
* 微信消息接收和token验证
* 微信授权
*
* @param request
* @param response
* @throws IOException
* @throws UnsupportedEncodingException
*/
/* @RequestMapping("wxMessageReceptio")
public ResponseData<String> login(HttpServletRequest request, HttpServletResponse response){
boolean isGet = request.getMethod().toLowerCase().equals("get");
PrintWriter print;
if (isGet) {
// 微信加密签名
String signature = request.getParameter("signature");
// 时间戳
String timestamp = request.getParameter("timestamp");
// 随机数
String nonce = request.getParameter("nonce");
// 随机字符串
String echostr = request.getParameter("echostr");
// 通过检验signature对请求进行校验,若校验成功则原样返回echostr,表示接入成功,否则接入失败
if (signature != null && CheckoutUtil.checkSignature(signature, timestamp, nonce)) {
@RequestMapping(value = "/weixinAuthorization")
public void weixinAuthorization(HttpServletRequest request, HttpServletResponse response, String state) throws UnsupportedEncodingException {
String url = "https://open.weixin.qq.com/connect/oauth2/authorize?";
url += "appid=";
url += APPID;
url += "&redirect_uri=" + URLEncoder.encode("http://167460x6b0.51mypc.cn/login", "UTF-8");//此处和微信会调用的域名相同
url += "&response_type=code&scope=snsapi_userinfo";
url += "&state=" + state + "#wechat_redirect";
try {
print = response.getWriter();
print.write(echostr);
print.flush();
response.sendRedirect(url);
} catch (IOException e) {
e.printStackTrace();
}
log.error("微信授权异常", e.getMessage());
}
}
return null;
}*/
/**
2 * 请求 code web微信登录
3 *
4 * @param code 请求登录唯一 code
5 * @return 通用返回对象
6 */
/* @GetMapping("/requestWeChatLogin")
public void requestWeChatLogin(HttpServletRequest request, HttpServletResponse response) throws IOException {
//这里是回调的url
String redirect_uri = URLEncoder.encode("http://回调页面的路径", "UTF-8");
String url = "https://open.weixin.qq.com/connect/oauth2/authorize?" +
"appid=APPID" +
"&redirect_uri=REDIRECT_URI"+
"&response_type=code" +
"&scope=SCOPE" +
"&state=123#wechat_redirect";
response.sendRedirect(url.replace("APPID","你的APPID").replace("REDIRECT_URL",redirect_uri).replace("SCOPE","snsapi_userinfo"));
}*/
* 测试时使用
*
* @param request
* @param response
* @throws UnsupportedEncodingException
*/
@RequestMapping(value = "/weixinAuthorizati")
public void weixinAuthorization(HttpServletRequest request, HttpServletResponse response) throws UnsupportedEncodingException {
String url = "https://open.weixin.qq.com/connect/oauth2/authorize?";
url += "appid=";
url += APPID;
url += "&redirect_uri=" + URLEncoder.encode("http://167460x6b0.51mypc.cn/ciop/forgerpw/callBackLogin", "UTF-8");//此处和微信会调用的域名相同
url += "&response_type=code&scope=snsapi_userinfo";
url += "&state=#wechat_redirect";
try {
response.sendRedirect(url);
} catch (IOException e) {
log.error("微信授权异常", e.getMessage());
}
}
@RequestMapping(value = "/callBackLogin")
public void callBackLogin(HttpServletRequest request, HttpServletResponse response) throws Exception {
String code = request.getParameter("code");
String state = request.getParameter("state");
log.info("code=" + code);
log.info("state=" + state);
}
/* @RequestMapping( "changeOtherPwd")
public ResponseData<String> passwordEdit(@RequestParam(value = "oldPwd",required = false) String oldPwd,@RequestParam("newPwd") String newPwd,@RequestParam("changeId") String userId){
Wrapper<SysUser> wrapper = new EntityWrapper<>();
wrapper.eq("id",userId).eq("status", "1");
List<SysUser> sysUsers = sysUserMapper.selectList(wrapper);
if (CollectionUtils.isEmpty(sysUsers)) {
return ResponseData.error("当前用户不存在!");
/**
* 微信登录
*
* @param code
* @return
*/
@RequestMapping(value = "/weixinLogin")
public ResponseData<Map<String, Object>> weixinLogin(String code) {
if (StringUtils.isBlank(code)) {
return ResponseData.error("微信授权失效,请重新授权!");
}
String url = "https://api.weixin.qq.com/sns/oauth2/access_token?";
url += "appid=";
url += APPID;
url += "&secret=";
url += APPSECRET;
url += "&code=" + code + "&grant_type=authorization_code";
JSONObject jsonObject = null;
try {
jsonObject = HttpHelper.doGet(url);
} catch (Exception e) {
log.error("微信登录获取用户信息失败", e.getMessage());
}
if (jsonObject == null) {
return ResponseData.error("微信授权失效,请重新授权!");
}
String openId = jsonObject.getString("openid");
Wrapper<HhrUser> wrapper = new EntityWrapper<>();
wrapper.eq("open_id", openId);
List<HhrUser> hhrUsers = hhrUserMapper.selectList(wrapper);
if (hhrUsers.size() == 0) {
return ResponseData.error("当前微信未绑定账号,请先绑定账号!");
}
HhrUser hhrUser = hhrUsers.get(0);
SysUser sysUser = sysUserMapper.selectById(hhrUser.getId());
if (StringUtils.isBlank(sysUser.getAccount())) {
return ResponseData.error("当前账号异常!");
}
Map<String, Object> hashMap = new HashMap<>();
hashMap.put("username", sysUser.getAccount());
hashMap.put("openId", openId);
return ResponseData.success(hashMap);
}
SysUser sysUser = sysUsers.get(0);
if (!ShiroKit.getUser().getRoleNames().stream().anyMatch(roleName -> StringUtils.equalsAny(roleName, "超级管理员"))) {
ResponseData<String> old = LoginUtils.pwdDecrypt(oldPwd);
if (!old.isSuccess()) {
return ResponseData.error("原密码不合法!");
/**
* 微信解绑
*
* @param code
* @param username
* @param verificationCode
* @return
*/
@RequestMapping(value = "/weixinUnbundling")
public ResponseData<String> weixinUnbundling(String code, String username, String verificationCode) {
if (StringUtils.isBlank(code) || StringUtils.isBlank(username) || StringUtils.isBlank(verificationCode)) {
return ResponseData.error("解绑失败!");
}
String str = stringRedisTemplate.opsForValue().get(username + GETPHONECODE);
if (StringUtils.isBlank(str)) {
return ResponseData.error("验证码已失效!");
}
if (!str.equals(verificationCode)) {
return ResponseData.error("验证码错误!");
}
Wrapper<SysUser> wrapperU = new EntityWrapper<>();
wrapperU.eq("account", username);
List<SysUser> users = sysUserMapper.selectList(wrapperU);
if (users.size() == 0) {
return ResponseData.error("当前账号不存在!");
}
String url = "https://api.weixin.qq.com/sns/oauth2/access_token?";
url += "appid=";
url += APPID;
url += "&secret=";
url += APPSECRET;
url += "&code=" + code + "&grant_type=authorization_code";
JSONObject jsonObject = null;
try {
jsonObject = HttpHelper.doGet(url);
} catch (Exception e) {
log.error("微信登录获取用户信息失败", e.getMessage());
}
if (jsonObject == null) {
return ResponseData.error("微信授权失效,请重新授权!");
}
String openId = jsonObject.getString("openid");
SysUser sysUser = users.get(0);
Wrapper<HhrUser> wrapper = new EntityWrapper<>();
wrapper.eq("id", sysUser.getId());
wrapper.eq("open_id", openId);
List<HhrUser> hhrUsers = hhrUserMapper.selectList(wrapper);
if (hhrUsers.size() == 0) {
return ResponseData.error("当前微信和当前账号不匹配!");
}
oldPwd = ShiroKit.md5(old.getData(), sysUser.getSalt());
wrapper.eq("password",oldPwd);
Integer integer = sysUserMapper.selectCount(wrapper);
if(integer == 0){
return ResponseData.error("原密码错误或账号非正常状态账号!");
Map<String, Object> dataMapping = new HashMap<>();
dataMapping.put("open_id", null);
Integer integer = hhrUserMapper.updateForSet(MyBatisPlusUpdateUtils.toUpdateSet(dataMapping), wrapper);
if (integer == 1) {
return ResponseData.success("解绑成功!");
}
return ResponseData.error("绑定失败!");
}
ResponseData<String> pwdDecrypt = LoginUtils.pwdDecrypt(newPwd);
if (!pwdDecrypt.isSuccess()) {
return ResponseData.error("密码不合法!");
/**
* 绑定微信
*
* @param code
* @param username
* @return
*/
@RequestMapping("bindingAccount")
public ResponseData<String> bindingAccount(String code, String username, String verificationCode) {
if (StringUtils.isBlank(code) || StringUtils.isBlank(username) || StringUtils.isBlank(verificationCode)) {
return ResponseData.error("绑定失败!");
}
String str = stringRedisTemplate.opsForValue().get(username + GETPHONECODE);
if (StringUtils.isBlank(str)) {
return ResponseData.error("验证码已失效!");
}
if (!str.equals(verificationCode)) {
return ResponseData.error("验证码错误!");
}
Wrapper<SysUser> wrapperU = new EntityWrapper<>();
wrapperU.eq("account", username);
List<SysUser> users = sysUserMapper.selectList(wrapperU);
if (users.size() == 0) {
return ResponseData.error("当前账号有误!");
}
String url = "https://api.weixin.qq.com/sns/oauth2/access_token?";
url += "appid=";
url += APPID;
url += "&secret=";
url += APPSECRET;
url += "&code=" + code + "&grant_type=authorization_code";
JSONObject jsonObject = null;
try {
jsonObject = HttpHelper.doGet(url);
} catch (Exception e) {
log.error("微信登录获取用户信息失败", e.getMessage());
}
newPwd = pwdDecrypt.getData();
if(!newPwd.matches("^[a-z0-9A-Z]{8,}$") || newPwd.matches("^[a-zA-Z]{1,}$") || NumberUtils.isDigits(newPwd)) {
return ResponseData.error("密码强制等级低,必须要数字、英文字母混合,长度至少8位!");
if (jsonObject == null) {
return ResponseData.error("微信授权失效,请重新授权!");
}
String newMd5 = ShiroKit.md5(newPwd, sysUser.getSalt());
String openId = jsonObject.getString("openid");
SysUser sysUser = users.get(0);
Wrapper wrapper = new EntityWrapper<>();
wrapper.eq("id", sysUser.getId());
Map<String, Object> dataMapping = new HashMap<>();
dataMapping.put("password", newMd5);
Integer integer = sysUserMapper.updateForSet(MyBatisPlusUpdateUtils.toUpdateSet(dataMapping), wrapper);
if(integer == 1){
return ResponseData.success("密码修改成功!");
dataMapping.put("open_id", openId);
Integer integer = hhrUserMapper.updateForSet(MyBatisPlusUpdateUtils.toUpdateSet(dataMapping), wrapper);
if (integer == 1) {
return ResponseData.success(openId);
}
return ResponseData.error("绑定失败!");
}
return ResponseData.error("密码修改失败!");
}*/
/**
* 忘记密码发送验证码
......@@ -176,48 +311,48 @@ public class LoginPwdController extends BaseController {
* @return
*/
@RequestMapping(value = "verificationCode", method = RequestMethod.POST)
public Object phoneLoginCode(@RequestParam("username") String username){
public Object phoneLoginCode(@RequestParam("username") String username) {
EntityWrapper<User> userwrapper = new EntityWrapper<>();
userwrapper.eq("account",username);
userwrapper.eq("account", username);
List<User> users = userService.selectList(userwrapper);
if (CollectionUtils.isEmpty(users)){
if (CollectionUtils.isEmpty(users)) {
return ResponseEntity.newJSON("code", 400, "message", "密码或者账号错误!");
}
User user = users.get(0);
//5分钟内有效
String code = username + CODE;
String verificationCode=null;
if (username.equals("admin")){
String verificationCode = null;
if (username.equals("admin")) {
//只有admin验证码有后门 验证码规则:当前月份日期小时例如 011415
verificationCode= DateUtil.formatDate(new Date(),"MMddHH");
}else {
verificationCode = DateUtil.formatDate(new Date(), "MMddHH");
} else {
verificationCode = String.valueOf((int) ((Math.random() * 9 + 1) * 100000));
}
Long expire = stringRedisTemplate.getExpire(code);
//验证码 有效时间是五分钟倒计时
if (expire>(60*4)){
if (expire > (60 * 4)) {
return ResponseEntity.newJSON("code", 400, "message", "请勿频繁发送手机验证码操作!");
}
stringRedisTemplate.opsForValue().set(code, verificationCode, CODETIME, TimeUnit.MILLISECONDS);
Map<String, Object> sent=new HashMap<>();
sent.put("code",400);
Map<String, Object> sent = new HashMap<>();
sent.put("code", 400);
try {
if (username.equals("admin")){
if (username.equals("admin")) {
sent.put("message", "发送成功");
sent.put("code", 200);
}else {
if (user.getPhone().length() == 11){
} else {
if (user.getPhone().length() == 11) {
SendSmsAndMail.sendSms(user.getPhone(), verificationCode, "7");
sent.put("message", "发送成功");
sent.put("code", 200);
}else {
sent.put("message","当前用户手机号码不合法!");
} else {
sent.put("message", "当前用户手机号码不合法!");
}
}
}catch (Exception e){
log.info("错误信息:{}",e.getMessage());
sent.put("message","手机短信发送失败");
} catch (Exception e) {
log.info("错误信息:{}", e.getMessage());
sent.put("message", "手机短信发送失败");
}
return sent;
......@@ -241,29 +376,29 @@ public class LoginPwdController extends BaseController {
return ResponseEntity.newJSON("code", 400, "data", "验证码错误!");
}
String errcount = stringRedisTemplate.opsForValue().get(ERRCODENAME + account);
if (StringUtils.isNotBlank(errcount)){
if(Integer.valueOf(errcount)==ERRACCOUNT){
Long expire = stringRedisTemplate.getExpire(account+ CODE);
if (expire>(60*4)){
if (StringUtils.isNotBlank(errcount)) {
if (Integer.valueOf(errcount) == ERRACCOUNT) {
Long expire = stringRedisTemplate.getExpire(account + CODE);
if (expire > (60 * 4)) {
return ResponseEntity.newJSON("code", 500, "data", "频繁操作");
}else {
stringRedisTemplate.delete(account+ CODE);
stringRedisTemplate.delete(ERRCODENAME+account);
} else {
stringRedisTemplate.delete(account + CODE);
stringRedisTemplate.delete(ERRCODENAME + account);
return ResponseEntity.newJSON("code", 500, "data", "重新获取验证码");
}
}
}
if (!code.equals(verificationCode)) {
if (StringUtils.isBlank(errcount)){
errcount="1";
stringRedisTemplate.opsForValue().set(ERRCODENAME+account,errcount);
}else if (Integer.valueOf(errcount)<ERRACCOUNT){
errcount =String.valueOf(Integer.valueOf(errcount)+1);
stringRedisTemplate.opsForValue().set(ERRCODENAME+account,errcount);
if (StringUtils.isBlank(errcount)) {
errcount = "1";
stringRedisTemplate.opsForValue().set(ERRCODENAME + account, errcount);
} else if (Integer.valueOf(errcount) < ERRACCOUNT) {
errcount = String.valueOf(Integer.valueOf(errcount) + 1);
stringRedisTemplate.opsForValue().set(ERRCODENAME + account, errcount);
}
return ResponseEntity.newJSON("code", 300, "data", "手机验证码第"+errcount+"次不正确");
}else if (StringUtils.isNotBlank(errcount)){
stringRedisTemplate.delete(ERRCODENAME+account);
return ResponseEntity.newJSON("code", 300, "data", "手机验证码第" + errcount + "次不正确");
} else if (StringUtils.isNotBlank(errcount)) {
stringRedisTemplate.delete(ERRCODENAME + account);
}
// 对加密的密码进行解密处理
ResponseData<String> pwdDecrypt = LoginUtils.pwdDecrypt(newPwd);
......@@ -272,10 +407,10 @@ public class LoginPwdController extends BaseController {
}
newPwd = pwdDecrypt.getData();
String pattern = "^(?![A-Za-z]+$)(?![A-Z\\d]+$)(?![A-Z\\W]+$)(?![a-z\\d]+$)(?![a-z\\W]+$)(?![\\d\\W]+$)\\S{8,}$";
if(!newPwd.matches(pattern)){
if (!newPwd.matches(pattern)) {
return ResponseEntity.newJSON("code", 400, "data", "密码强制等级低,必须要数字、小写英文字母、大写英文字母或特殊字符混合组成,长度至少8位!");
}
if(newPwd.contains(account)){
if (newPwd.contains(account)) {
return ResponseEntity.newJSON("code", 400, "data", "新密码与账号信息吻合,禁止使用!");
}
ResponseData<String> pwdDecryptre = LoginUtils.pwdDecrypt(rePwd);
......@@ -287,32 +422,32 @@ public class LoginPwdController extends BaseController {
return ResponseEntity.newJSON("code", 400, "data", "两次密码不一致!");
}
Wrapper<SysUser> wrapper = new EntityWrapper<>();
wrapper.eq("account",account).eq("status", "1");
wrapper.eq("account", account).eq("status", "1");
List<SysUser> sysUsers = sysUserMapper.selectList(wrapper);
if(CollectionUtils.isEmpty(sysUsers)){
if (CollectionUtils.isEmpty(sysUsers)) {
return ResponseEntity.newJSON("code", 400, "data", "账号不存在,请重新输入!");
}
SysUser sysUser = sysUsers.get(0);
String[] split = null;
if(StringUtils.isNotBlank(sysUser.getOldPassward())){
if (StringUtils.isNotBlank(sysUser.getOldPassward())) {
split = sysUser.getOldPassward().split(",");
}else {
} else {
String oldMd5 = sysUser.getPassword();
split=new String[]{oldMd5};
split = new String[]{oldMd5};
}
String newMd5 = ShiroKit.md5(newPwd, sysUser.getSalt());
for (String pwd:split){
if(newMd5.equals(pwd)){
for (String pwd : split) {
if (newMd5.equals(pwd)) {
return ResponseEntity.newJSON("code", 400, "data", "新密码不得与最近两次密码相同!");
}
}
Map<String, Object> dataMapping = new HashMap<>();
dataMapping.put("password", newMd5);
dataMapping.put("updateTime", new Date());
if(split.length == 2){
dataMapping.put("old_passward",split[1]+","+newMd5);
}else {
dataMapping.put("old_passward",split[0]+","+newMd5);
if (split.length == 2) {
dataMapping.put("old_passward", split[1] + "," + newMd5);
} else {
dataMapping.put("old_passward", split[0] + "," + newMd5);
}
Integer integer = sysUserMapper.updateForSet(com.winsun.auth.core.util.MyBatisPlusUpdateUtils.toUpdateSet(dataMapping), wrapper);
if (integer > 0) {
......
core-service/src/main/java/com/winsun/item/modular/system/controller/WeixinAuthController.java 0 → 100644
package com.winsun.item.modular.system.controller;
import java.io.IOException;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class WeixinAuthController {
@RequestMapping("/MP_verify_oYaGTxvtIJXLOkXB.txt")
public void auth(HttpServletResponse response) throws IOException {
response.getWriter().print("oYaGTxvtIJXLOkXB");
}
}
pom.xml
......@@ -26,7 +26,7 @@
<parent>
<groupId>com.winsun.framework</groupId>
<artifactId>winsun-parent</artifactId>
<version>0.1.58</version>
<version>0.1.59</version>
</parent>
<properties>
......
service-manager/src/main/java/com/winsun/controller/hhrUserController.java
......@@ -3,6 +3,7 @@ package com.winsun.controller;
import com.baomidou.mybatisplus.mapper.EntityWrapper;
import com.baomidou.mybatisplus.mapper.Wrapper;
import com.baomidou.mybatisplus.plugins.Page;
import com.winsun.auth.core.annotion.Permission;
import com.winsun.auth.core.base.controller.BaseController;
import com.winsun.auth.core.common.model.ResponseData;
import com.winsun.bean.Order;
......@@ -47,7 +48,8 @@ public class hhrUserController extends BaseController {
* @return
*/
@ResponseBody
@RequestMapping(value = "getOrderList", method = RequestMethod.POST)
//@RequestMapping(value = "getOrderList", method = RequestMethod.POST)
@Permission(menuname = "督导查询", value = "getOrderList", method = RequestMethod.POST)
public ResponseData<Map<String, Object>> getOrderList(String userId, Integer pageNo, Integer pageSize, String customer, String orderStatus, String userType, Integer selectFlag) {
if (StringUtils.isBlank(userId)) {
return ResponseData.error("userId为空");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment