admin/lx-admin-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

!134 优化登录、注册校验方式

Browse Source 
Merge pull request !134 from KonBAI/fix_auth_valid
This commit is contained in:
疯狂的狮子Li 2022-01-25 09:54:37 +00:00 committed by Gitee
commit f89b4e9336
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
7 changed files with 96 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java
View File

@ -51,7 +51,7 @@ public class SysLoginController {
*/ */
@ApiOperation("登录方法") @ApiOperation("登录方法")
@PostMapping("/login") @PostMapping("/login")
public AjaxResult<Map<String, Object>> login(@RequestBody LoginBody loginBody) { public AjaxResult<Map<String, Object>> login(@Validated @RequestBody LoginBody loginBody) {
Map<String, Object> ajax = new HashMap<>(); Map<String, Object> ajax = new HashMap<>();
// 生成令牌 // 生成令牌
String token = loginService.login(loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(), String token = loginService.login(loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(),

7
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRegisterController.java
View File

@ -3,7 +3,6 @@ package com.ruoyi.web.controller.system;
import com.ruoyi.common.core.controller.BaseController; import com.ruoyi.common.core.controller.BaseController;
import com.ruoyi.common.core.domain.AjaxResult; import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.domain.model.RegisterBody; import com.ruoyi.common.core.domain.model.RegisterBody;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.system.service.ISysConfigService; import com.ruoyi.system.service.ISysConfigService;
import com.ruoyi.system.service.SysRegisterService; import com.ruoyi.system.service.SysRegisterService;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
@ -30,11 +29,11 @@ public class SysRegisterController extends BaseController {
@ApiOperation("用户注册") @ApiOperation("用户注册")
@PostMapping("/register") @PostMapping("/register")
public AjaxResult<Void> register(@RequestBody RegisterBody user) { public AjaxResult<Void> register(@Validated @RequestBody RegisterBody user) {
if (!("true".equals(configService.selectConfigByKey("sys.account.registerUser")))) { if (!("true".equals(configService.selectConfigByKey("sys.account.registerUser")))) {
return error("当前系统没有开启注册功能!"); return error("当前系统没有开启注册功能!");
} }
String msg = registerService.register(user); registerService.register(user);
return StringUtils.isEmpty(msg) ? success() : error(msg); return success();
} }
} }

7
ruoyi-admin/src/main/resources/i18n/messages.properties
View File

@ -1,5 +1,6 @@
#错误消息 #错误消息
not.null=* 必须填写 not.null=* 必须填写
user.jcaptcha.blank=验证码不能为空
user.jcaptcha.error=验证码错误 user.jcaptcha.error=验证码错误
user.jcaptcha.expire=验证码已失效 user.jcaptcha.expire=验证码已失效
user.not.exists=对不起, 您的账号:{0} 不存在. user.not.exists=对不起, 您的账号:{0} 不存在.
@ -11,12 +12,18 @@ user.blocked=对不起,您的账号:{0} 已禁用,请联系管理员
role.blocked=角色已封禁,请联系管理员 role.blocked=角色已封禁,请联系管理员
user.logout.success=退出成功 user.logout.success=退出成功
length.not.valid=长度必须在{min}到{max}个字符之间 length.not.valid=长度必须在{min}到{max}个字符之间
user.username.not.blank=用户名不能为空
user.username.not.valid=* 2到20个汉字、字母、数字或下划线组成且必须以非数字开头 user.username.not.valid=* 2到20个汉字、字母、数字或下划线组成且必须以非数字开头
user.username.length.valid=账户长度必须在{min}到{max}个字符之间
user.password.not.blank=用户密码不能为空
user.password.length.valid=用户密码长度必须在{min}到{max}个字符之间
user.password.not.valid=* 5-50个字符 user.password.not.valid=* 5-50个字符
user.email.not.valid=邮箱格式错误 user.email.not.valid=邮箱格式错误
user.mobile.phone.number.not.valid=手机号格式错误 user.mobile.phone.number.not.valid=手机号格式错误
user.login.success=登录成功 user.login.success=登录成功
user.register.success=注册成功 user.register.success=注册成功
user.register.save.error=保存用户 {0} 失败,注册账号已存在
user.register.error=注册失败,请联系系统管理人员
user.notfound=请重新登录 user.notfound=请重新登录
user.forcelogout=管理员强制退出,请重新登录 user.forcelogout=管理员强制退出,请重新登录
user.unknown.error=未知错误,请重新登录 user.unknown.error=未知错误,请重新登录

6
ruoyi-admin/src/main/resources/i18n/messages_en_US.properties
View File

@ -11,12 +11,18 @@ user.blocked=Sorry, your account: {0} has been disabled. Please contact the admi
role.blocked=Role disabledplease contact administrators role.blocked=Role disabledplease contact administrators
user.logout.success=Exit successful user.logout.success=Exit successful
length.not.valid=The length must be between {min} and {max} characters length.not.valid=The length must be between {min} and {max} characters
user.username.not.blank=Username cannot be blank
user.username.not.valid=* 2 to 20 chinese characters, letters, numbers or underscores, and must start with a non number user.username.not.valid=* 2 to 20 chinese characters, letters, numbers or underscores, and must start with a non number
user.username.length.valid=Account length must be between {min} and {max} characters
user.password.not.blank=Password cannot be empty
user.password.length.valid=Password length must be between {min} and {max} characters
user.password.not.valid=* 5-50 characters user.password.not.valid=* 5-50 characters
user.email.not.valid=Mailbox format error user.email.not.valid=Mailbox format error
user.mobile.phone.number.not.valid=Phone number format error user.mobile.phone.number.not.valid=Phone number format error
user.login.success=Login successful user.login.success=Login successful
user.register.success=Register successful user.register.success=Register successful
user.register.save.error=Failed to save user {0}, The registered account already exists
user.register.error=Register failed, please contact system administrator
user.notfound=Please login again user.notfound=Please login again
user.forcelogout=The administrator is forced to exitplease login again user.forcelogout=The administrator is forced to exitplease login again
user.unknown.error=Unknown error, please login again user.unknown.error=Unknown error, please login again

6
ruoyi-admin/src/main/resources/i18n/messages_zh_CN.properties
View File

@ -11,12 +11,18 @@ user.blocked=对不起,您的账号:{0} 已禁用,请联系管理员
role.blocked=角色已封禁,请联系管理员 role.blocked=角色已封禁,请联系管理员
user.logout.success=退出成功 user.logout.success=退出成功
length.not.valid=长度必须在{min}到{max}个字符之间 length.not.valid=长度必须在{min}到{max}个字符之间
user.username.not.blank=用户名不能为空
user.username.not.valid=* 2到20个汉字、字母、数字或下划线组成且必须以非数字开头 user.username.not.valid=* 2到20个汉字、字母、数字或下划线组成且必须以非数字开头
user.username.length.valid=账户长度必须在{min}到{max}个字符之间
user.password.not.blank=用户密码不能为空
user.password.length.valid=用户密码长度必须在{min}到{max}个字符之间
user.password.not.valid=* 5-50个字符 user.password.not.valid=* 5-50个字符
user.email.not.valid=邮箱格式错误 user.email.not.valid=邮箱格式错误
user.mobile.phone.number.not.valid=手机号格式错误 user.mobile.phone.number.not.valid=手机号格式错误
user.login.success=登录成功 user.login.success=登录成功
user.register.success=注册成功 user.register.success=注册成功
user.register.save.error=保存用户 {0} 失败,注册账号已存在
user.register.error=注册失败,请联系系统管理人员
user.notfound=请重新登录 user.notfound=请重新登录
user.forcelogout=管理员强制退出,请重新登录 user.forcelogout=管理员强制退出,请重新登录
user.unknown.error=未知错误,请重新登录 user.unknown.error=未知错误,请重新登录

9
ruoyi-common/src/main/java/com/ruoyi/common/core/domain/model/LoginBody.java
View File

@ -1,9 +1,13 @@
package com.ruoyi.common.core.domain.model; package com.ruoyi.common.core.domain.model;
import com.ruoyi.common.constant.UserConstants;
import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty; import io.swagger.annotations.ApiModelProperty;
import lombok.Data; import lombok.Data;
import lombok.experimental.Accessors; import lombok.experimental.Accessors;
import org.hibernate.validator.constraints.Length;
import javax.validation.constraints.NotBlank;
/** /**
* 用户登录对象 * 用户登录对象
@ -19,18 +23,23 @@ public class LoginBody {
/** /**
* 用户名 * 用户名
*/ */
@NotBlank(message = "{user.username.not.blank}")
@Length(min = UserConstants.USERNAME_MIN_LENGTH, max = UserConstants.USERNAME_MAX_LENGTH, message = "{user.username.length.valid}")
@ApiModelProperty(value = "用户名") @ApiModelProperty(value = "用户名")
private String username; private String username;
/** /**
* 用户密码 * 用户密码
*/ */
@NotBlank(message = "{user.password.not.blank}")
@Length(min = UserConstants.PASSWORD_MIN_LENGTH, max = UserConstants.PASSWORD_MAX_LENGTH, message = "{user.password.length.valid}")
@ApiModelProperty(value = "用户密码") @ApiModelProperty(value = "用户密码")
private String password; private String password;
/** /**
* 验证码 * 验证码
*/ */
@NotBlank(message = "{user.jcaptcha.blank}")
@ApiModelProperty(value = "验证码") @ApiModelProperty(value = "验证码")
private String code; private String code;

52
ruoyi-system/src/main/java/com/ruoyi/system/service/SysRegisterService.java
View File

@ -8,14 +8,16 @@ import com.ruoyi.common.core.service.LogininforService;
import com.ruoyi.common.enums.UserType; import com.ruoyi.common.enums.UserType;
import com.ruoyi.common.exception.user.CaptchaException; import com.ruoyi.common.exception.user.CaptchaException;
import com.ruoyi.common.exception.user.CaptchaExpireException; import com.ruoyi.common.exception.user.CaptchaExpireException;
import com.ruoyi.common.exception.user.UserException;
import com.ruoyi.common.utils.MessageUtils; import com.ruoyi.common.utils.MessageUtils;
import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.ServletUtils; import com.ruoyi.common.utils.ServletUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.redis.RedisUtils; import com.ruoyi.common.utils.redis.RedisUtils;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import javax.servlet.http.HttpServletRequest;
/** /**
* 注册校验方法 * 注册校验方法
* *
@ -32,8 +34,8 @@ public class SysRegisterService {
/** /**
* 注册 * 注册
*/ */
public String register(RegisterBody registerBody) { public void register(RegisterBody registerBody) {
String msg = ""; HttpServletRequest request = ServletUtils.getRequest();
String username = registerBody.getUsername(); String username = registerBody.getUsername();
String password = registerBody.getPassword(); String password = registerBody.getPassword();
// 校验用户类型是否存在 // 校验用户类型是否存在
@ -42,36 +44,22 @@ public class SysRegisterService {
boolean captchaOnOff = configService.selectCaptchaOnOff(); boolean captchaOnOff = configService.selectCaptchaOnOff();
// 验证码开关 // 验证码开关
if (captchaOnOff) { if (captchaOnOff) {
validateCaptcha(username, registerBody.getCode(), registerBody.getUuid()); validateCaptcha(username, registerBody.getCode(), registerBody.getUuid(), request);
} }
if (StringUtils.isEmpty(username)) { if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(username))) {
msg = "用户名不能为空"; throw new UserException("user.register.save.error", username);
} else if (StringUtils.isEmpty(password)) {
msg = "用户密码不能为空";
} else if (username.length() < UserConstants.USERNAME_MIN_LENGTH
|| username.length() > UserConstants.USERNAME_MAX_LENGTH) {
msg = "账户长度必须在2到20个字符之间";
} else if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
|| password.length() > UserConstants.PASSWORD_MAX_LENGTH) {
msg = "密码长度必须在5到20个字符之间";
} else if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(username))) {
msg = "保存用户'" + username + "'失败,注册账号已存在";
} else {
SysUser sysUser = new SysUser();
sysUser.setUserName(username);
sysUser.setNickName(username);
sysUser.setPassword(SecurityUtils.encryptPassword(registerBody.getPassword()));
sysUser.setUserType(userType);
boolean regFlag = userService.registerUser(sysUser);
if (!regFlag) {
msg = "注册失败,请联系系统管理人员";
} else {
asyncService.recordLogininfor(username, Constants.REGISTER,
MessageUtils.message("user.register.success"), ServletUtils.getRequest());
}
} }
return msg; SysUser sysUser = new SysUser();
sysUser.setUserName(username);
sysUser.setNickName(username);
sysUser.setPassword(SecurityUtils.encryptPassword(password));
sysUser.setUserType(userType);
boolean regFlag = userService.registerUser(sysUser);
if (!regFlag) {
throw new UserException("user.register.error");
}
asyncService.recordLogininfor(username, Constants.REGISTER, MessageUtils.message("user.register.success"), request);
} }
/** /**
@ -82,14 +70,16 @@ public class SysRegisterService {
* @param uuid 唯一标识 * @param uuid 唯一标识
* @return 结果 * @return 结果
*/ */
public void validateCaptcha(String username, String code, String uuid) { public void validateCaptcha(String username, String code, String uuid, HttpServletRequest request) {
String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid; String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid;
String captcha = RedisUtils.getCacheObject(verifyKey); String captcha = RedisUtils.getCacheObject(verifyKey);
RedisUtils.deleteObject(verifyKey); RedisUtils.deleteObject(verifyKey);
if (captcha == null) { if (captcha == null) {
asyncService.recordLogininfor(username, Constants.REGISTER, MessageUtils.message("user.jcaptcha.expire"), request);
throw new CaptchaExpireException(); throw new CaptchaExpireException();
} }
if (!code.equalsIgnoreCase(captcha)) { if (!code.equalsIgnoreCase(captcha)) {
asyncService.recordLogininfor(username, Constants.REGISTER, MessageUtils.message("user.jcaptcha.error"), request);
throw new CaptchaException(); throw new CaptchaException();
} }
} }