From 15feec4e84df6a2b9776576762bc07dfa8d51be4 Mon Sep 17 00:00:00 2001 From: mashuai Date: Tue, 11 Jun 2024 16:25:22 +0800 Subject: [PATCH] =?UTF-8?q?=E5=9B=BE=E5=BD=A2=E9=AA=8C=E8=AF=81=E7=A0=81?= =?UTF-8?q?=E9=87=8D=E7=BD=AE=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../sgzb/auth/controller/TokenController.java | 22 +++++++++++-------- .../controller/SysProfileController.java | 2 +- .../system/controller/SysUserController.java | 2 +- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java b/sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java index 9d3d70a3..3ccce902 100644 --- a/sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java +++ b/sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java @@ -67,6 +67,18 @@ public class TokenController { */ @PostMapping("login") public R login(@RequestBody LoginBody form) throws Exception { + //优先校验图形验证码 + String uuid = form.getUuid(); + Object cacheObject = redisService.getCacheObject(CacheConstants.CAPTCHA_CODE_KEY + uuid); + String captcha = cacheObject == null ? null : cacheObject.toString(); + // 获取后立即删除图形验证码缓存 + redisService.deleteObject(CacheConstants.CAPTCHA_CODE_KEY + uuid); + if (StringUtils.isBlank(captcha)) { + throw new ServiceException("图形验证码失效,请重新刷新获取"); + } + if (form.getCode() != null && !form.getCode().equals(captcha)) { + throw new ServiceException("图形验证码错误"); + } //根据用户名查询用户信息 LoginUser user = sysLoginService.selectByName(form.getUsername()); //获取查询的用户手机号 @@ -84,26 +96,18 @@ public class TokenController { throw new ServiceException("短信验证码错误", 500); } } - String uuid = form.getUuid(); String decryptedData = RsaUtil.decryptByPrivateKey(form.getPassword(), privateKey); - Object cacheObject = redisService.getCacheObject(CacheConstants.CAPTCHA_CODE_KEY + uuid); - String captcha = cacheObject == null ? null : cacheObject.toString(); - // 获取后立即删除图形验证码缓存 - redisService.deleteObject(CacheConstants.CAPTCHA_CODE_KEY + uuid); // 用户登录 LoginUser userInfo = sysLoginService.login(form.getUsername(), decryptedData); if (decryptedData.equals(USER_PASSWORD)) { userInfo.setCode(1); } - if (StringUtils.isBlank(captcha)) { - return R.fail("图形验证码超时,请重新刷新"); - } if (form.getCode() != null && form.getCode().equals(captcha)) { redisService.deleteObject("code_" + phone); // 获取登录token return R.ok(tokenService.createToken(userInfo)); } else { - return R.fail("图形验证码错误"); + return R.fail("登录失败,请联系管理员!"); } } diff --git a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysProfileController.java b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysProfileController.java index 47d8381f..a80e51ff 100644 --- a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysProfileController.java +++ b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysProfileController.java @@ -89,7 +89,7 @@ public class SysProfileController extends BaseController { * 重置密码 */ @Log(title = "个人信息", businessType = BusinessType.UPDATE) - @PutMapping("/updatePwd") + @PutMapping("/update") public AjaxResult updatePwd(String actionCode, String handleCode) throws Exception { //对新老密码进行解密 String oldDecrypt = RsaUtil.decryptByPrivateKey(actionCode, Constants.privateKey); diff --git a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysUserController.java b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysUserController.java index 877f6664..facfcd62 100644 --- a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysUserController.java +++ b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysUserController.java @@ -260,7 +260,7 @@ public class SysUserController extends BaseController { */ @RequiresPermissions("system:user:edit") @Log(title = "用户管理", businessType = BusinessType.UPDATE) - @PutMapping("/resetPwd") + @PutMapping("/reset") public AjaxResult resetPwd(@RequestBody SysUser user) throws Exception { //对密码进行解密 String decrypt = RsaUtil.decryptByPrivateKey(user.getPassword(), Constants.privateKey);