diff --git a/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java b/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java index 511fb82..a20d4d0 100644 --- a/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java +++ b/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java @@ -93,6 +93,8 @@ public class ShiroConfig { filterChainDefinitionMap.put("/sys/thirdLogin/**", "anon"); //第三方登录 filterChainDefinitionMap.put("/sys/getEncryptedString", "anon"); //获取加密串 filterChainDefinitionMap.put("/sys/sms", "anon");//短信验证码 + filterChainDefinitionMap.put("/sys/smsCode", "anon");//短信验证码 + filterChainDefinitionMap.put("/sys/checkPhoneCode", "anon");//短信验证码 filterChainDefinitionMap.put("/sys/phoneLogin", "anon");//手机登录 filterChainDefinitionMap.put("/sys/user/checkOnlyUser", "anon");//校验用户是否存在 filterChainDefinitionMap.put("/sys/user/register", "anon");//用户注册 diff --git a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java index d52c0db..0a58ff8 100644 --- a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java +++ b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java @@ -395,6 +395,146 @@ public class LoginController { } + /** + * 短信验证码 + * @return + */ + @PostMapping(value = "/smsCode") + public Result smsCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smsmode",required=true) String smsmode,HttpServletRequest request) { + Result result = new Result(); + String clientIp = IpUtils.getIpAddr(request); +// //手机号模式 登录模式: "2" 注册模式: "1" + log.info("-------- IP:{}, 手机号:{},获取绑定验证码", clientIp, mobile); + + if(oConvertUtils.isEmpty(mobile)){ + result.setMessage("手机号不允许为空!"); + result.setSuccess(false); + return result; + } + + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile; + Object object = redisUtil.get(redisKey); + //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + + if (object != null) { + result.setMessage("验证码10分钟内,仍然有效!"); + result.setSuccess(false); + return result; + } + + //------------------------------------------------------------------------------------- + //增加 check防止恶意刷短信接口 + if(!DySmsLimit.canSendSms(clientIp)){ + log.warn("--------[警告] IP地址:{}, 短信接口请求太多-------", clientIp); + result.setMessage("短信接口请求太多,请稍后再试!"); + result.setCode(CommonConstant.PHONE_SMS_FAIL_CODE); + result.setSuccess(false); + return result; + } + //------------------------------------------------------------------------------------- + + //随机数 + String captcha = RandomUtil.randomNumbers(6); + JSONObject obj = new JSONObject(); + obj.put("code", captcha); + try { + boolean b = false; + //注册模板 + if (CommonConstant.SMS_TPL_TYPE_1.equals(smsmode)) { + SysUser sysUser = sysUserService.getUserByPhone(mobile); + if(sysUser!=null) { + result.error500(" 手机号已经注册,请直接登录!"); + baseCommonService.addLog("手机号已经注册,请直接登录!", CommonConstant.LOG_TYPE_1, null); + return result; + } + b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.REGISTER_TEMPLATE_CODE); + }else { + //登录模式,校验用户有效性 + SysUser sysUser = sysUserService.getUserByPhone(mobile); + result = sysUserService.checkUserIsEffective(sysUser); + if(!result.isSuccess()) { + String message = result.getMessage(); + String userNotExist="该用户不存在,请注册"; + if(userNotExist.equals(message)){ + result.error500("该用户不存在或未绑定手机号"); + } + return result; + } + + /** + * smsmode 短信模板方式 0 .登录模板、1.注册模板、2.忘记密码模板 + */ + if (CommonConstant.SMS_TPL_TYPE_0.equals(smsmode)) { + //登录模板 + b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.LOGIN_TEMPLATE_CODE); + } else if(CommonConstant.SMS_TPL_TYPE_2.equals(smsmode)) { + //忘记密码模板 + b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.FORGET_PASSWORD_TEMPLATE_CODE); + } + } + + if (b == false) { + result.setMessage("短信验证码发送失败,请稍后重试"); + result.setSuccess(false); + return result; + } + + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + //验证码10分钟内有效 + redisUtil.set(redisKey, captcha, 600); + //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + + //update-begin--Author:scott Date:20190812 for:issues#391 + //result.setResult(captcha); + //update-end--Author:scott Date:20190812 for:issues#391 + result.setSuccess(true); + + } catch (ClientException e) { + e.printStackTrace(); + result.error500(" 短信接口未配置,请联系管理员!"); + return result; + } + return result; + } + @PostMapping("/checkPhoneCode") + public Result checkPhoneCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smscode",required=true) String smscode, HttpServletRequest request) { + Result result = new Result(); + String phone = mobile; + //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + if(isLoginFailOvertimes(phone)){ + return result.error500("该用户登录失败次数过多,请于10分钟后再次登录!"); + } + //update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + //校验用户有效性 +// SysUser sysUser = sysUserService.getUserByPhone(phone); +// result = sysUserService.checkUserIsEffective(sysUser); +// if(!result.isSuccess()) { +// return result; +// } + + + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; + Object code = redisUtil.get(redisKey); + //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + + if (!smscode.equals(code)) { + //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + addLoginFailOvertimes(phone); + //update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + return Result.error("手机验证码错误"); + } + //用户信息 +// userInfo(sysUser, result, request); + //添加日志 +// baseCommonService.addLog("用户名: " + sysUser.getUsername() + ",登录成功!", CommonConstant.LOG_TYPE_1, null); + + return result; + } + + + /** * 手机号登录接口 * diff --git a/nursing-unit-system/nu-system-start/src/main/resources/application-dev.yml b/nursing-unit-system/nu-system-start/src/main/resources/application-dev.yml index d87d442..cd04e2a 100644 --- a/nursing-unit-system/nu-system-start/src/main/resources/application-dev.yml +++ b/nursing-unit-system/nu-system-start/src/main/resources/application-dev.yml @@ -256,14 +256,14 @@ jeecg: excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/bigscreen/category/**,/bigscreen/visual/**,/bigscreen/map/**,/jmreport/bigscreen2/** #阿里云oss存储和大鱼短信秘钥配置 oss: - accessKey: ?? - secretKey: ?? + accessKey: LTAI5tB9WHDf3BZsTcQ64Knc + secretKey: QWwOazCWWZxV7ovqgGGfSCpQcUevUZ endpoint: oss-cn-beijing.aliyuncs.com bucketName: jeecgdev # 短信模板 sms-template: # 签名 - signature: + signature: 吉林省捌零信创科技 # 模板code templateCode: # 登录短信、忘记密码模板编码 @@ -271,7 +271,7 @@ jeecg: # 修改密码短信模板编码 SMS_465391221: # 注册账号短信模板编码 - SMS_175430166: + SMS_175430166: SMS_319245237 # 在线预览文件服务器地址配置 file-view-domain: http://fileview.jeecg.com # minio文件上传 diff --git a/pom.xml b/pom.xml index b5ccfb5..8d18ae5 100644 --- a/pom.xml +++ b/pom.xml @@ -454,7 +454,7 @@ dev - false + true @@ -466,7 +466,7 @@ uat - true + false