From d0100bb0926824b1a9250c476ec48ce79df7ae33 Mon Sep 17 00:00:00 2001
From: jiang <jiang@bonus>
Date: Tue, 10 Sep 2024 09:46:04 +0800
Subject: [PATCH] =?UTF-8?q?=E7=94=A8=E6=88=B7=E7=99=BB=E5=BD=95=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../auth/controller/TokenController.java      | 29 ++++++++++++++-----
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/bonus-auth/src/main/java/com/bonus/auth/controller/TokenController.java b/bonus-auth/src/main/java/com/bonus/auth/controller/TokenController.java
index 0ba3576..c699696 100644
--- a/bonus-auth/src/main/java/com/bonus/auth/controller/TokenController.java
+++ b/bonus-auth/src/main/java/com/bonus/auth/controller/TokenController.java
@@ -16,10 +16,11 @@ import com.bonus.common.security.auth.AuthUtil;
 import com.bonus.common.security.service.TokenService;
 import com.bonus.common.security.utils.SecurityUtils;
 import com.bonus.system.api.RemoteUserService;
+import com.bonus.system.api.domain.SysUser;
 import com.bonus.system.api.model.LoginUser;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -36,6 +37,10 @@ import java.util.Set;
 @RestController
 @Slf4j
 public class TokenController {
+
+    @Value("${isAdmin}")
+    private boolean isAdmin;
+
     @Autowired
     private TokenService tokenService;
 
@@ -56,19 +61,27 @@ public class TokenController {
 
     @PostMapping("isAdmin")
     public R<?> isAdmin(@RequestBody LoginBody form) {
+        if (!isAdmin){
+            return R.ok(false);
+        }
+        passwordValidatorService.validateLoginParameters(form.getUsername(), form.getPassword());
         //通过用户名获取人员信息
         R<LoginUser> userResult = remoteUserService.getUserInfo(form.getUsername(), SecurityConstants.INNER);
+        // 验证用户查询结果
+        passwordValidatorService.validateUserResult(form.getUsername(), userResult);
+        LoginUser userInfo = userResult.getData();
+        SysUser user = userInfo.getSysUser();
+        passwordValidatorService.validateApprovalStatus(form.getUsername(), user);
+        // 验证用户状态
+        passwordValidatorService.validateUserStatus(form.getUsername(), user);
+        // 验证密码
+        passwordService.validate(user, form.getPassword(), System.currentTimeMillis());
+        // 处理IP校验
+        passwordValidatorService.handleIpValidation(form.getUsername(), user);
         if (userResult == null || userResult.getData() == null || R.FAIL == userResult.getCode()) {
             return R.fail("登录用户不存在");
         }
         Set<String> roles = userResult.getData().getRoles();
-        if (roles.contains("admin")) {
-            if (ObjectUtils.isNotEmpty(userResult.getData().getSysUser().getPhonenumber())) {
-                passwordService.createPhoneCaptcha(userResult.getData().getSysUser().getPhonenumber());
-            } else {
-                R.fail(roles.contains("admin"));
-            }
-        }
         return R.ok(roles.contains("admin"));
     }