用户登录问题修改

2024-09-10 09:46:04 +08:00 · 2024-09-10 09:46:04 +08:00 · d0100bb092
parent 9fb868b93b
commit d0100bb092
1 changed files with 21 additions and 8 deletions
--- a/bonus-auth/src/main/java/com/bonus/auth/controller/TokenController.java
+++ b/bonus-auth/src/main/java/com/bonus/auth/controller/TokenController.java
@ -16,10 +16,11 @@ import com.bonus.common.security.auth.AuthUtil;
 import com.bonus.common.security.service.TokenService;
 import com.bonus.common.security.utils.SecurityUtils;
 import com.bonus.system.api.RemoteUserService;
+import com.bonus.system.api.domain.SysUser;
 import com.bonus.system.api.model.LoginUser;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@ -36,6 +37,10 @@ import java.util.Set;
@RestController
@Slf4j
 public class TokenController {
+
+    @Value("${isAdmin}")
+    private boolean isAdmin;
+
    @Autowired
    private TokenService tokenService;

@ -56,19 +61,27 @@ public class TokenController {

    @PostMapping("isAdmin")
    public R<?> isAdmin(@RequestBody LoginBody form) {
+        if (!isAdmin){
+            return R.ok(false);
+        }
+        passwordValidatorService.validateLoginParameters(form.getUsername(), form.getPassword());
        //通过用户名获取人员信息
        R<LoginUser> userResult = remoteUserService.getUserInfo(form.getUsername(), SecurityConstants.INNER);
+        // 验证用户查询结果
+        passwordValidatorService.validateUserResult(form.getUsername(), userResult);
+        LoginUser userInfo = userResult.getData();
+        SysUser user = userInfo.getSysUser();
+        passwordValidatorService.validateApprovalStatus(form.getUsername(), user);
+        // 验证用户状态
+        passwordValidatorService.validateUserStatus(form.getUsername(), user);
+        // 验证密码
+        passwordService.validate(user, form.getPassword(), System.currentTimeMillis());
+        // 处理IP校验
+        passwordValidatorService.handleIpValidation(form.getUsername(), user);
        if (userResult == null || userResult.getData() == null || R.FAIL == userResult.getCode()) {
            return R.fail("登录用户不存在");
        }
        Set<String> roles = userResult.getData().getRoles();
-        if (roles.contains("admin")) {
-            if (ObjectUtils.isNotEmpty(userResult.getData().getSysUser().getPhonenumber())) {
-                passwordService.createPhoneCaptcha(userResult.getData().getSysUser().getPhonenumber());
-            } else {
-                R.fail(roles.contains("admin"));
-            }
-        }
        return R.ok(roles.contains("admin"));
    }