Merge remote-tracking branch 'origin/satoken' into dev

# Conflicts:
#	pom.xml
#	ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java
#	ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
#	ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/RepeatSubmitAspect.java
#	ruoyi-framework/src/main/java/com/ruoyi/framework/config/AsyncConfig.java
#	ruoyi-framework/src/main/java/com/ruoyi/framework/config/SwaggerConfig.java
#	ruoyi-framework/src/main/java/com/ruoyi/framework/handler/CreateAndUpdateMetaObjectHandler.java
#	ruoyi-framework/src/main/java/com/ruoyi/framework/security/handle/LogoutSuccessHandlerImpl.java
#	ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java
#	ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserOnlineServiceImpl.java
#	ruoyi-system/src/main/java/com/ruoyi/system/service/impl/TokenServiceImpl.java
#	ruoyi-system/src/main/java/com/ruoyi/system/service/impl/UserDetailsServiceImpl.java
#	ruoyi-system/src/main/resources/mapper/system/SysUserMapper.xml

ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java

@@ -1,24 +1,21 @@
 package com.ruoyi.system.service;
 
+import cn.dev33.satoken.stp.StpUtil;
 import cn.hutool.core.util.ObjectUtil;
 import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.core.domain.entity.SysUser;
 import com.ruoyi.common.core.domain.model.LoginUser;
 import com.ruoyi.common.core.service.LogininforService;
-import com.ruoyi.common.core.service.TokenService;
+import com.ruoyi.common.enums.DeviceType;
+import com.ruoyi.common.enums.UserStatus;
+import com.ruoyi.common.enums.UserType;
 import com.ruoyi.common.exception.ServiceException;
 import com.ruoyi.common.exception.user.CaptchaException;
 import com.ruoyi.common.exception.user.CaptchaExpireException;
 import com.ruoyi.common.exception.user.UserException;
-import com.ruoyi.common.utils.DateUtils;
-import com.ruoyi.common.utils.MessageUtils;
-import com.ruoyi.common.utils.ServletUtils;
-import com.ruoyi.common.utils.redis.RedisUtils;
+import com.ruoyi.common.utils.*;
+import lombok.extern.slf4j.Slf4j;
 import lombok.RequiredArgsConstructor;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Service;
 
 import javax.servlet.http.HttpServletRequest;
@@ -30,14 +27,14 @@ import java.util.concurrent.TimeUnit;
  * @author Lion Li
  */
 @RequiredArgsConstructor
+@Slf4j
 @Service
 public class SysLoginService {
 
-    private final TokenService tokenService;
-    private final AuthenticationManager authenticationManager;
     private final ISysUserService userService;
     private final ISysConfigService configService;
     private final LogininforService asyncService;
+    private final SysPermissionService permissionService;
 
     /**
      * 登录验证
@@ -62,39 +59,49 @@ public class SysLoginService {
             asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME), request);
             throw new UserException("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME);
         }
-        // 用户验证
-        Authentication authentication = null;
-        try {
-            // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
-            authentication = authenticationManager
-                    .authenticate(new UsernamePasswordAuthenticationToken(username, password));
-        } catch (Exception e) {
-            if (e instanceof BadCredentialsException) {
-                // 是否第一次
-                errorNumber = ObjectUtil.isNull(errorNumber) ? 1 : errorNumber + 1;
-                // 达到规定错误次数 则锁定登录
-                if (errorNumber.equals(Constants.LOGIN_ERROR_NUMBER)) {
-                    RedisUtils.setCacheObject(Constants.LOGIN_ERROR + username, errorNumber, Constants.LOGIN_ERROR_LIMIT_TIME, TimeUnit.MINUTES);
-                    asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME), request);
-                    throw new UserException("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME);
-                } else {
-                    // 未达到规定错误次数 则递增
-                    RedisUtils.setCacheObject(Constants.LOGIN_ERROR + username, errorNumber);
-                    asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.count", errorNumber), request);
-                    throw new UserException("user.password.retry.limit.count", errorNumber);
-                }
+
+        SysUser user = userService.selectUserByUserName(username);
+        if (StringUtils.isNull(user)) {
+            log.info("登录用户：{} 不存在.", username);
+            throw new UserException("user.not.exists", username);
+        } else if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
+            log.info("登录用户：{} 已被删除.", username);
+            throw new UserException("user.password.delete", username);
+        } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
+            log.info("登录用户：{} 已被停用.", username);
+            throw new UserException("user.blocked", username);
+        }
+        if (!SecurityUtils.matchesPassword(password, user.getPassword())) {
+            // 是否第一次
+            errorNumber = ObjectUtil.isNull(errorNumber) ? 1 : errorNumber + 1;
+            // 达到规定错误次数 则锁定登录
+            if (errorNumber.equals(Constants.LOGIN_ERROR_NUMBER)) {
+                RedisUtils.setCacheObject(Constants.LOGIN_ERROR + username, errorNumber, Constants.LOGIN_ERROR_LIMIT_TIME, TimeUnit.MINUTES);
+                asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME), request);
+                throw new UserException("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME);
             } else {
-                asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage(), request);
-                throw new ServiceException(e.getMessage());
+                // 未达到规定错误次数 则递增
+                RedisUtils.setCacheObject(Constants.LOGIN_ERROR + username, errorNumber);
+                asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.count", errorNumber), request);
+                throw new UserException("user.password.retry.limit.count", errorNumber);
             }
         }
+
         // 登录成功 清空错误次数
         RedisUtils.deleteObject(Constants.LOGIN_ERROR + username);
         asyncService.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"), request);
-        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
-        recordLoginInfo(loginUser.getUserId(), username);
+        recordLoginInfo(user.getUserId(), username);
+
+        LoginUser loginUser = new LoginUser();
+        loginUser.setUserId(user.getUserId());
+        loginUser.setDeptId(user.getDeptId());
+        loginUser.setUsername(user.getUserName());
+        loginUser.setMenuPermission(permissionService.getMenuPermission(user));
+        loginUser.setRolePermission(permissionService.getRolePermission(user));
+
         // 生成token
-        return tokenService.createToken(loginUser);
+        LoginUtils.loginByDevice(loginUser, UserType.SYS_USER, DeviceType.PC);
+        return StpUtil.getTokenValue();
     }
 
     /**