仓储双因子

sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java

@@ -8,6 +8,8 @@ import com.bonus.sgzb.auth.service.NwRegisterService;
 import com.bonus.sgzb.auth.service.NwUserLoginService;
 import com.bonus.sgzb.auth.utils.RsaUtil;
 import com.bonus.sgzb.common.core.constant.CacheConstants;
+import com.bonus.sgzb.common.core.exception.ServiceException;
+import com.bonus.sgzb.common.core.utils.GlobalConstants;
 import com.bonus.sgzb.common.core.web.domain.AjaxResult;
 import com.bonus.sgzb.common.redis.service.RedisService;
 import com.bonus.sgzb.system.api.RemoteUserService;
@@ -57,9 +59,33 @@ public class TokenController {
     @Autowired
     private NwRegisterService registerService;
 
-    //web端登录
+    /**
+     * web端登录
+     * @param form
+     * @return
+     * @throws Exception
+     */
     @PostMapping("login")
     public R<?> login(@RequestBody LoginBody form) throws Exception {
+        if ("admin".equals(form.getUsername())) {
+            //根据用户名查询用户信息
+            LoginUser userInfo = sysLoginService.selectByName(form.getUsername());
+            //获取查询的用户手机号
+            String phone = userInfo.getSysUser().getPhonenumber();
+            if (!StringUtils.isNotBlank(phone)) {
+                throw new ServiceException("手机号为空，请联系管理员！");
+            }
+            //管理员用户需要额外校验手机短信验证码
+            String redisCode = redisService.getCacheObject("code_" + phone);
+            if (StringUtils.isEmpty(redisCode)) {
+                throw new ServiceException("验证码失效", 500);
+            }
+            if (!StringUtils.equals(redisCode.split(GlobalConstants.STRING_UNDERLINE)[0], form.getTextCode())) {
+                throw new ServiceException("验证码错误", 500);
+            } else {
+                redisService.deleteObject("code_" + phone);
+            }
+        }
         String decryptedData = RsaUtil.decryptByPrivateKey(form.getPassword(), privateKey);
         // 用户登录
         LoginUser userInfo = sysLoginService.login(form.getUsername(), decryptedData);
@@ -199,4 +225,34 @@ public class TokenController {
         registerForms.setIsPersonal(accountRegister.getCode());
         return AjaxResult.success("success", registerService.registersNew(request, registerForms));
     }
+
+    /**
+     * 根据用户名
+     * @param form
+     * @return
+     */
+    @PostMapping("/loginByCode")
+    public R<?> sendCodeByName(@RequestBody LoginBody form) {
+        // 根据用户名查询用户信息
+        LoginUser userInfo = sysLoginService.selectByName(form.getUsername());
+        //获取查询的用户手机号
+        String phone = userInfo.getSysUser().getPhonenumber();
+        if (StringUtils.isBlank(phone)) {
+            throw new ServiceException("手机号为空，请联系管理员！");
+        }
+        String uuid = form.getUuid();
+        if (StringUtils.isBlank(uuid)) {
+            throw new ServiceException("uuid不能为空！");
+        }
+        String captcha = redisService.getCacheObject(CacheConstants.CAPTCHA_CODE_KEY + uuid).toString();
+        if (StringUtils.isBlank(captcha)) {
+            return R.fail("验证码超时，请重新刷新");
+        }
+        if (form.getCode() != null && !form.getCode().equals(captcha)) {
+            return R.fail("验证码错误");
+        }
+        //图形验证码校验成功，发送短信
+        R<Boolean> sendState = remoteUserService.sendCode(phone);
+        return sendState;
+    }
 }

sgzb-auth/src/main/java/com/bonus/sgzb/auth/form/LoginBody.java

@@ -31,4 +31,9 @@ public class LoginBody {
 
 
     private String uuid;
+
+    /**
+     * 短信验证码
+     */
+    private String textCode;
 }

sgzb-auth/src/main/java/com/bonus/sgzb/auth/service/SysLoginService.java

@@ -282,4 +282,15 @@ public class SysLoginService {
         }
         return password.toString();
     }
+
+    /**
+     * 根据用户名查询用户信息
+     * @param username
+     * @return
+     */
+    public LoginUser selectByName(String username) {
+        // 查询用户信息
+        R<LoginUser> userResult = remoteUserService.getUserInfo(username, SecurityConstants.INNER);
+        return userResult.getData();
+    }
 }