登录验证

rk

2 天以前 19321e1348baefa2a9f5211c42f8b797c0fcccd1

 server/system_service/src/main/java/com/doumee/service/system/impl/SystemLoginServiceImpl.java

@@ -5,6 +5,9 @@
import com.doumee.biz.system.SystemDictDataBiz;
import com.doumee.config.jwt.JwtTokenUtil;
import com.doumee.core.exception.BusinessException;
import com.doumee.core.utils.DateUtil;
import com.doumee.dao.system.dto.LoginCabinetDTO;
import com.doumee.dao.system.dto.LoginH5DTO;
import com.doumee.service.business.third.TmsService;
import com.doumee.service.business.third.model.LoginUserInfo;
import com.doumee.core.constants.ResponseStatus;
@@ -154,7 +157,59 @@
                throw e;
            }
        }
        LoginUserInfo user = dealLoginByPwdNewBiz(dto.getUsername(),dto.getPassword(),null,dto.getOpenid(),request);
        try {
            LoginUserInfo user = dealLoginByPwdNewBiz(dto.getUsername(),dto.getPassword(),null,dto.getOpenid(),dto.getDdUnionId(),request);
            systemLoginLogService.create(loginLog);
            return  user;
        }catch (BusinessException e){
            loginLog.setSuccess(Boolean.FALSE);
            systemLoginLogService.create(loginLog);
            throw e;

        }catch (Exception e){
            loginLog.setSuccess(Boolean.FALSE);
            systemLoginLogService.create(loginLog);
            throw e;
        }
    }

    @Override
    public LoginUserInfo loginByPasswordForCabinet(LoginCabinetDTO dto, ServerHttpRequest request) {
        SystemLoginLog loginLog = getInitLoginlog(dto.getUsername(),request);
        try {
            LoginUserInfo user = dealLoginByPwdNewBiz(dto.getUsername(),dto.getPassword(),null,null,null,request);
            systemLoginLogService.create(loginLog);
            return  user;
        }catch (BusinessException e){
            loginLog.setSuccess(Boolean.FALSE);
            systemLoginLogService.create(loginLog);
            throw e;

        }catch (Exception e){
            loginLog.setSuccess(Boolean.FALSE);
            systemLoginLogService.create(loginLog);
            throw e;
        }
    }


    @Override
    public LoginUserInfo loginH5 (LoginH5DTO dto, ServerHttpRequest request) {
        SystemLoginLog loginLog = getInitLoginlog(dto.getUsername(),request);

        if((isDebug == null  || !isDebug) && (Objects.isNull(dto.getCheckCode()) || dto.getCheckCode()) ){
            // 校验验证码
            try {
                captchaService.check(dto.getUuid(), dto.getCode());
            } catch (Exception e) {
                log.error(e.getMessage(), e);
                loginLog.setReason(e.getMessage().length() > 200 ? (e.getMessage().substring(0, 190) + "...") : e.getMessage());
                loginLog.setSuccess(Boolean.FALSE);
                systemLoginLogService.create(loginLog);
                throw e;
            }
        }
        LoginUserInfo user = dealLoginByPwdNewBiz(dto.getUsername(),dto.getPassword(),null,dto.getOpenid(),dto.getDdUnionId(),request);
        systemLoginLogService.create(loginLog);
        return  user;
    }
@@ -170,6 +225,7 @@
            loginLog.setPlatform(Utils.User_Client.getPlatform(request));
            loginLog.setClientInfo(Utils.User_Client.getBrowser(request));
            loginLog.setOsInfo(Utils.User_Client.getOS(request));
            loginLog.setSuccess(Boolean.TRUE);
        }
        loginLog.setServerIp(Utils.Server.getIP());
        return  loginLog;
@@ -179,11 +235,22 @@
    public LoginUserInfo loginH5ByPhone(LoginPhoneDTO dto, ServerHttpRequest request) {
        isCaptcheValide(dto.getPhone(),dto.getCode());//检查验证码
        SystemLoginLog loginLog = getInitLoginlog(dto.getPhone(),request);
        LoginUserInfo userInfo = dealLoginByPwdNewBiz(null,null,dto.getPhone(),dto.getOpenid(), request );
        systemLoginLogService.create(loginLog);
        return userInfo;
        try{
            LoginUserInfo userInfo = dealLoginByPwdNewBiz(null,null,dto.getPhone(),dto.getOpenid(),dto.getDdUnionId(), request );
            systemLoginLogService.create(loginLog);
            return userInfo;
        }catch (BusinessException e){
            loginLog.setSuccess(Boolean.FALSE);
            systemLoginLogService.create(loginLog);
            throw e;

        }catch (Exception e){
            loginLog.setSuccess(Boolean.FALSE);
            systemLoginLogService.create(loginLog);
            throw e;
        }
    }
    private LoginUserInfo dealLoginByPwdNewBiz(String username,String pwd, String phone, String openid, ServerHttpRequest request) {
    private LoginUserInfo dealLoginByPwdNewBiz(String username,String pwd, String phone, String openid, String ddUnionId, ServerHttpRequest request) {
        // 根据用户名查询用户对象
        SystemUser queryDto = new SystemUser();
        queryDto.setMobile(phone);
@@ -197,14 +264,20 @@
        if(!Constants.equalsInteger(user.getSource(),Constants.ZERO)){
            throw new BusinessException(ResponseStatus.NO_ALLOW_LOGIN);
        }
        if(StringUtils.isNotBlank( pwd)){
            String pppp = Utils.Secure.encryptPassword(new String(pwd), user.getSalt());
            // 比较密码
            if( !StringUtils.equals(pppp, user.getPassword())){
                throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
            }
        this.checkPassword(user,pwd);
//        if(StringUtils.isNotBlank( pwd)){
//            String pppp = Utils.Secure.encryptPassword(new String(pwd), user.getSalt());
//            // 比较密码
//            if( !StringUtils.equals(pppp, user.getPassword())){
//                throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
//            }
//        }
        if(StringUtils.isNotBlank(openid)){
            dealOpenIdBiz(user,openid);
        }
        dealOpenIdBiz(user,openid);
        if(StringUtils.isNotBlank(ddUnionId)){
            dealDDUnionIdBiz(user,ddUnionId);
        }
        Company company = new Company();
        if(Objects.nonNull(user.getCompanyId())){
            company = companyMapper.selectById(user.getCompanyId());
@@ -220,6 +293,69 @@
        return  userInfo;
    }


    public void checkPassword(SystemUser user,String pwd){
        //验证是否已禁止登录
        this.prohibitLogin(user);
        String pppp = Utils.Secure.encryptPassword(new String(pwd), user.getSalt());
        // 比较密码
        if( !StringUtils.equals(pppp, user.getPassword())){
            //是否开启密码错误禁止登录：0=否；1=是；
            SystemDictData prohibitLoginData = systemDictDataBiz.queryByCode(Constants.SYSTEM,Constants.PROHIBIT_LOGIN_OPEN);
            //密码错误禁止登录限制时间（分钟）
            SystemDictData prohibitTimeData = systemDictDataBiz.queryByCode(Constants.SYSTEM,Constants.PROHIBIT_TIME);
            updErrTimes(user,prohibitLoginData,prohibitTimeData);
            if(Objects.nonNull(prohibitLoginData)&&"1".equals(prohibitLoginData.getCode())){
                SystemDictData prohibitErrTimesData = systemDictDataBiz.queryByCode(Constants.SYSTEM,Constants.ERR_TIMES);
                if(Objects.nonNull(prohibitErrTimesData)){
                    if(Integer.valueOf(prohibitErrTimesData.getCode())
                            -(Constants.formatIntegerNum(user.getErrTimes())+1) == Constants.ZERO){
                        throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT.getCode(),"账号密码错误，账户已锁定，请"+prohibitTimeData.getCode()+"分钟后重试！");
                    }

                    throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT.getCode(),"账号密码错误，剩余尝试次数"+(Integer.valueOf(prohibitErrTimesData.getCode())
                            -(Constants.formatIntegerNum(user.getErrTimes())+1))+"次，超出错误次数将锁定账号");
                }
                throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
            }else{
                throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
            }
        }else{
            systemUserMapper.update(null,new UpdateWrapper<SystemUser>().lambda()
                    .set(SystemUser::getProhibitStatus,Constants.ZERO)
                    .set(SystemUser::getErrTimes,Constants.ZERO)
                    .setSql(" PROHIBIT_TIME = null ")
                    .eq(SystemUser::getId,user.getId())
            );
        }
    }

    public void updErrTimes(SystemUser systemUser,SystemDictData prohibitLoginData,SystemDictData prohibitTimeData){
        //最大错误次数 进行登录限制
        SystemDictData prohibitErrTimesData = systemDictDataBiz.queryByCode(Constants.SYSTEM,Constants.ERR_TIMES);
        if(Objects.isNull(prohibitTimeData)||Objects.isNull(prohibitLoginData)||Objects.isNull(prohibitTimeData)){
            return;
        }
        systemUserMapper.update(null,new UpdateWrapper<SystemUser>().lambda()
                .setSql( " PROHIBIT_STATUS = CASE WHEN "+prohibitLoginData.getCode()+" = 1 and ( IFNULL(ERR_TIMES,0) + 1  ) >= "+prohibitErrTimesData.getCode()+" then 1 else 0 end  ")
                .setSql(" PROHIBIT_TIME = CASE WHEN  PROHIBIT_STATUS = 1  then DATE_ADD(NOW(), INTERVAL "+prohibitTimeData.getCode()+" MINUTE) else null end  ")
                .setSql(" ERR_TIMES = (ifnull(ERR_TIMES,0) + 1) ")
                .setSql(" PROHIBIT_REMARK = '于"+DateUtil.getCurrDateTime()+"登录密码错误次数过多，禁止登录！' ")
                .eq(SystemUser::getId,systemUser.getId())
        );
    }

    public void prohibitLogin(SystemUser systemUser){
        if(Constants.equalsInteger(systemUser.getProhibitStatus(),Constants.ONE)){
            Long betweenMin = DateUtil.getBetweenMin(new Date(),systemUser.getProhibitTime());
            if(betweenMin <= 0L){
                betweenMin = 0L;
            }
            throw new BusinessException( ResponseStatus.NOT_ALLOWED.getCode(),"密码错误次数过多，请后"+ betweenMin +"分钟后重试");
        }
    }


    @Override
    public LoginUserInfo loginByPasswordForPda(LoginDTO dto, ServerHttpRequest request) {
        SystemLoginLog loginLog =getInitLoginlog(dto.getUsername(),request);
@@ -234,11 +370,14 @@
        if(!Constants.equalsInteger(user.getSource(),Constants.ZERO)){
            throw new BusinessException(ResponseStatus.NO_ALLOW_LOGIN);
        }
        String pwd = Utils.Secure.encryptPassword(new String(dto.getPassword()), user.getSalt());
        // 比较密码
        if( !StringUtils.equals(pwd, user.getPassword())){
            throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
        }

//        String pwd = Utils.Secure.encryptPassword(new String(dto.getPassword()), user.getSalt());
//        // 比较密码
//        if( !StringUtils.equals(pwd, user.getPassword())){
//            throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
//        }

        this.checkPassword(user,dto.getPassword());
        dealOpenIdBiz(user,dto.getOpenid());
        Company company = new Company();
        if(Objects.nonNull(user.getCompanyId())){
@@ -265,11 +404,29 @@
                    .set(SystemUser::getOpenidHkDate,null)
                    .set(SystemUser::getOpenidHkInfo,null)
                    .set(SystemUser::getOpenidHkStatus,Constants.ZERO)
                    .ne(SystemUser::getType,Constants.memberType.gkuser)
                    .eq(SystemUser::getOpenid,openid)
//                    .eq(SystemUser::getType,user.getType())
            );
            systemUserMapper.update(null,new UpdateWrapper<SystemUser>().lambda()
                    .set(SystemUser::getOpenid,openid)
                    .set(SystemUser::getOpenidHkStatus,Constants.ZERO)
                    .set(SystemUser::getOpenidHkDate,null)
                    .set(SystemUser::getOpenidHkInfo,null)
                    .eq(SystemUser::getId,user.getId()));
        }
    }

    private void dealDDUnionIdBiz(SystemUser user, String ddUnionId) {
        if(StringUtils.isNotBlank(ddUnionId)){
            //如果openId不为空,绑定该用户openid
            systemUserMapper.update(null,new UpdateWrapper<SystemUser>().lambda()
                    .set(SystemUser::getDdUnionId,null)
                    .set(SystemUser::getOpenidHkStatus,Constants.ZERO)
                    .ne(SystemUser::getType,Constants.memberType.gkuser)
                    .eq(SystemUser::getDdUnionId,ddUnionId)
            );
            systemUserMapper.update(null,new UpdateWrapper<SystemUser>().lambda()
                    .set(SystemUser::getDdUnionId,ddUnionId)
                    .set(SystemUser::getOpenidHkStatus,Constants.ZERO)
                    .set(SystemUser::getOpenidHkDate,null)
                    .set(SystemUser::getOpenidHkInfo,null)
@@ -356,7 +513,7 @@


    @Override
    public LoginUserInfo driverLogin(LoginDTO dto, ServerHttpRequest request) {
    public LoginUserInfo driverLogin(LoginH5DTO dto, ServerHttpRequest request) {
        SystemLoginLog loginLog =getInitLoginlog(dto.getUsername(),request);
        LoginUserInfo userInfo = dealLoginDriverBiz(dto.getUsername(),dto.getPassword(),null,dto.getOpenid());
        systemLoginLogService.create(loginLog);
@@ -387,22 +544,23 @@
                && Objects.nonNull(user.getMemberId())){
            if(Constants.equalsInteger(user.getType(),Constants.TWO)){
                if(Objects.isNull(user.getCompanyId())){
                    throw new BusinessException(ResponseStatus.NO_ALLOW_LOGIN);
                    throw new BusinessException(ResponseStatus.NO_ALLOW_LOGIN.getCode(),"对不起，该账号不能登录司机端哦~");
                }
                Company company = companyMapper.selectById(user.getCompanyId());
             /*   Company company = companyMapper.selectById(user.getCompanyId());
                if(Objects.isNull(company) || Constants.equalsInteger(company.getType(),Constants.ONE)){
                    throw new BusinessException(ResponseStatus.NO_ALLOW_LOGIN);
                }
                }*/
            }
        }else{
            throw new BusinessException(ResponseStatus.NO_ALLOW_LOGIN);
            throw new BusinessException(ResponseStatus.NO_ALLOW_LOGIN.getCode(),"对不起，该账号不能登录司机端哦！");
        }
        if(StringUtils.isNotBlank(password)){
            String pwd = Utils.Secure.encryptPassword(new String(password), user.getSalt());
            // 比较密码
            if( !StringUtils.equals(pwd, user.getPassword())){
                throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
            }
//            String pwd = Utils.Secure.encryptPassword(new String(password), user.getSalt());
//            // 比较密码
//            if( !StringUtils.equals(pwd, user.getPassword())){
//                throw new BusinessException(ResponseStatus.ACCOUNT_INCORRECT);
//            }
            this.checkPassword(user,password);
        }
        dealOpenIdBiz(user,openid);
        Company company = new Company();
@@ -521,10 +679,6 @@
        if (systemUser == null) {
            //新增管控人员数据
            systemUser = systemUser = autoRegisterUser(Constants.memberType.gkuser,param.getPhone(),param.getOpenid(),false);
        }else{
            if(!Constants.equalsInteger(systemUser.getType(),Constants.memberType.gkuser)){
                throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起，请使用正确的管控人员手机号登陆！");
            }
        }
        dealOpenIdBizForGk(systemUser,param.getOpenid());
        LoginUserInfo userInfo = LoginUserInfo.from(systemUser, null, null,null,null);