登录验证

rk

2 天以前 19321e1348baefa2a9f5211c42f8b797c0fcccd1

 server/system_service/src/main/java/com/doumee/service/system/impl/SystemLoginServiceImpl.java

@@ -264,13 +264,14 @@
        if(!Constants.equalsInteger(user.getSource(),Constants.ZERO)){
            throw new BusinessException(ResponseStatus.NO_ALLOW_LOGIN);
        }
        if(StringUtils.isNotBlank( pwd)){
            String pppp = Utils.Secure.encryptPassword(new String(pwd), user.getSalt());
            // 比较密码
            if( !StringUtils.equals(pppp, user.getPassword())){
                throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
            }
        }
        this.checkPassword(user,pwd);
//        if(StringUtils.isNotBlank( pwd)){
//            String pppp = Utils.Secure.encryptPassword(new String(pwd), user.getSalt());
//            // 比较密码
//            if( !StringUtils.equals(pppp, user.getPassword())){
//                throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
//            }
//        }
        if(StringUtils.isNotBlank(openid)){
            dealOpenIdBiz(user,openid);
        }
@@ -294,45 +295,59 @@


    public void checkPassword(SystemUser user,String pwd){
        //验证是否已禁止登录
        this.prohibitLogin(user);
        String pppp = Utils.Secure.encryptPassword(new String(pwd), user.getSalt());
        // 比较密码
        if( !StringUtils.equals(pppp, user.getPassword())){
            //是否开启密码错误禁止登录：0=否；1=是；
            SystemDictData prohibitLoginData = systemDictDataBiz.queryByCode(Constants.SYSTEM,Constants.PROHIBIT_LOGIN_OPEN);
            //密码错误禁止登录限制时间（分钟）
            SystemDictData prohibitTimeData = systemDictDataBiz.queryByCode(Constants.SYSTEM,Constants.PROHIBIT_TIME);
            updErrTimes(user,prohibitLoginData,prohibitTimeData);
            if(Objects.nonNull(prohibitLoginData)&&"1".equals(prohibitLoginData.getCode())){
                SystemDictData prohibitErrTimesData = systemDictDataBiz.queryByCode(Constants.SYSTEM,Constants.ERR_TIMES);
                if(Objects.nonNull(prohibitErrTimesData)){
                    if(Integer.valueOf(prohibitErrTimesData.getCode())
                            -(Constants.formatIntegerNum(user.getErrTimes())+1) == Constants.ZERO){
                        throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT.getCode(),"账号密码错误，账户已锁定，请"+prohibitTimeData.getCode()+"分钟后重试！");
                    }

                    throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT.getCode(),"账号密码错误，剩余尝试次数"+(Integer.valueOf(prohibitErrTimesData.getCode())
                            -(Constants.formatIntegerNum(user.getErrTimes())+1))+"次，超出错误次数将锁定账号");
                }
                throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
            }else{
                throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
            }
        }else{
            systemUserMapper.update(null,new UpdateWrapper<SystemUser>().lambda()
                    .set(SystemUser::getProhibitStatus,Constants.ZERO)
                    .set(SystemUser::getErrTimes,Constants.ZERO)
                    .setSql(" PROHIBIT_TIME = null ")
                    .eq(SystemUser::getId,user.getId())
            );
        }

    }

    public void updErrTimes(SystemUser systemUser){
    public void updErrTimes(SystemUser systemUser,SystemDictData prohibitLoginData,SystemDictData prohibitTimeData){
        //最大错误次数 进行登录限制
        SystemDictData prohibitErrTimesData = systemDictDataBiz.queryByCode(Constants.SYSTEM,Constants.ERR_TIMES);
        //是否开启密码错误禁止登录：0=否；1=是；
        SystemDictData prohibitLoginData = systemDictDataBiz.queryByCode(Constants.SYSTEM,Constants.PROHIBIT_LOGIN_OPEN);
        //密码错误禁止登录限制时间（分钟）
        SystemDictData prohibitTimeData = systemDictDataBiz.queryByCode(Constants.SYSTEM,Constants.PROHIBIT_TIME);
        if(Objects.isNull(prohibitTimeData)||Objects.isNull(prohibitLoginData)||Objects.isNull(prohibitTimeData)){
            return;
        }
        systemUserMapper.update(null,new UpdateWrapper<SystemUser>().lambda()
                .setSql( " PROHIBIT_STATUS = CASE WHEN "+prohibitLoginData+" = 1 and ( IFNULL(ERR_TIMES,0) + 1  ) > "+prohibitErrTimesData.getCode()+" then 1 else 0 end ")
                .setSql(" PROHIBIT_TIME = CASE WHEN  PROHIBIT_STATUS = 1  then DATE_ADD(NOW(), INTERVAL "+prohibitTimeData.getCode()+" MINUTE) else null end , ")
                .setSql( " PROHIBIT_STATUS = CASE WHEN "+prohibitLoginData.getCode()+" = 1 and ( IFNULL(ERR_TIMES,0) + 1  ) >= "+prohibitErrTimesData.getCode()+" then 1 else 0 end  ")
                .setSql(" PROHIBIT_TIME = CASE WHEN  PROHIBIT_STATUS = 1  then DATE_ADD(NOW(), INTERVAL "+prohibitTimeData.getCode()+" MINUTE) else null end  ")
                .setSql(" ERR_TIMES = (ifnull(ERR_TIMES,0) + 1) ")
                .setSql(" PROHIBIT_REMARK = '于"+DateUtil.getCurrDateTime()+"登录密码错误次数过多，禁止登录！' ")
                .eq(SystemUser::getId,systemUser.getId())
        );
    }

    public void prohibitLogin(SystemUser systemUser){
        if(Constants.equalsInteger(systemUser.getProhibitStatus(),Constants.ZERO)){
            Long betweenMin = DateUtil.getBetweenMin(systemUser.getProhibitTime(),new Date());
        if(Constants.equalsInteger(systemUser.getProhibitStatus(),Constants.ONE)){
            Long betweenMin = DateUtil.getBetweenMin(new Date(),systemUser.getProhibitTime());
            if(betweenMin <= 0L){
                betweenMin = 0L;
            }
@@ -355,11 +370,14 @@
        if(!Constants.equalsInteger(user.getSource(),Constants.ZERO)){
            throw new BusinessException(ResponseStatus.NO_ALLOW_LOGIN);
        }
        String pwd = Utils.Secure.encryptPassword(new String(dto.getPassword()), user.getSalt());
        // 比较密码
        if( !StringUtils.equals(pwd, user.getPassword())){
            throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
        }

//        String pwd = Utils.Secure.encryptPassword(new String(dto.getPassword()), user.getSalt());
//        // 比较密码
//        if( !StringUtils.equals(pwd, user.getPassword())){
//            throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
//        }

        this.checkPassword(user,dto.getPassword());
        dealOpenIdBiz(user,dto.getOpenid());
        Company company = new Company();
        if(Objects.nonNull(user.getCompanyId())){
@@ -537,11 +555,12 @@
            throw new BusinessException(ResponseStatus.NO_ALLOW_LOGIN.getCode(),"对不起，该账号不能登录司机端哦！");
        }
        if(StringUtils.isNotBlank(password)){
            String pwd = Utils.Secure.encryptPassword(new String(password), user.getSalt());
            // 比较密码
            if( !StringUtils.equals(pwd, user.getPassword())){
                throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
            }
//            String pwd = Utils.Secure.encryptPassword(new String(password), user.getSalt());
//            // 比较密码
//            if( !StringUtils.equals(pwd, user.getPassword())){
//                throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
//            }
            this.checkPassword(user,password);
        }
        dealOpenIdBiz(user,openid);
        Company company = new Company();