jiangyc/RuoYi-Vue-Plus
1
0
Fork 0
mirror of https://github.com/dromara/RuoYi-Vue-Plus.git synced 2025-09-24 07:19:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/dev' into satoken

Browse Source 
# Conflicts:
#	pom.xml
#	ruoyi-admin/src/main/java/com/ruoyi/web/controller/monitor/SysUserOnlineController.java
#	ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java
#	ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java
#	ruoyi-common/pom.xml
#	ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java
#	ruoyi-common/src/main/java/com/ruoyi/common/core/domain/model/LoginUser.java
#	ruoyi-common/src/main/java/com/ruoyi/common/utils/SecurityUtils.java
#	ruoyi-demo/src/main/java/com/ruoyi/demo/controller/TestDemoController.java
#	ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataScopeAspect.java
#	ruoyi-framework/src/main/java/com/ruoyi/framework/security/handle/LogoutSuccessHandlerImpl.java
#	ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/PermissionService.java
#	ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableServiceImpl.java
#	ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java
#	ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysRoleServiceImpl.java
#	ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
#	ruoyi-system/src/main/java/com/ruoyi/system/service/impl/TokenServiceImpl.java
#	ruoyi-system/src/main/java/com/ruoyi/system/service/impl/UserDetailsServiceImpl.java
This commit is contained in:
疯狂的狮子li
2021-12-27 09:50:42 +08:00
parent abc378c727 295cd3670f
commit dd37247e65
176 changed files with 3502 additions and 1436 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java
View File

@ -1,6 +1,7 @@
package com.ruoyi.system.service;
import cn.dev33.satoken.stp.StpUtil;
import cn.hutool.core.util.ObjectUtil;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
@ -11,13 +12,14 @@ import com.ruoyi.common.enums.UserType;
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.exception.user.CaptchaException;
import com.ruoyi.common.exception.user.CaptchaExpireException;
import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
import com.ruoyi.common.exception.user.UserException;
import com.ruoyi.common.utils.*;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import javax.servlet.http.HttpServletRequest;
import java.util.concurrent.TimeUnit;
/**
* 登录校验方法
@ -56,21 +58,46 @@ public class SysLoginService {
if (captchaOnOff) {
validateCaptcha(username, code, uuid, request);
}
// 获取用户登录错误次数(可自定义限制策略 例如: key + username + ip)
Integer errorNumber = RedisUtils.getCacheObject(Constants.LOGIN_ERROR + username);
// 锁定时间内登录 则踢出
if (ObjectUtil.isNotNull(errorNumber) && errorNumber.equals(Constants.LOGIN_ERROR_NUMBER)) {
asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME), request);
throw new UserException("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME);
}
SysUser user = userService.selectUserByUserName(username);
if (StringUtils.isNull(user)) {
log.info("登录用户:{} 不存在.", username);
throw new ServiceException("登录用户:" + username + " 不存在");
throw new UserException("user.not.exists", username);
} else if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
log.info("登录用户:{} 已被删除.", username);
throw new ServiceException("对不起,您的账号:" + username + " 已被删除");
throw new UserException("user.password.delete", username);
} else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
log.info("登录用户:{} 已被停用.", username);
throw new ServiceException("对不起,您的账号:" + username + " 已停用");
throw new UserException("user.blocked", username);
}
if (!SecurityUtils.matchesPassword(password, user.getPassword())) {
asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match"), request);
throw new UserPasswordNotMatchException();
// 是否第一次
errorNumber = ObjectUtil.isNull(errorNumber) ? 1 : errorNumber + 1;
// 达到规定错误次数 则锁定登录
if (errorNumber.equals(Constants.LOGIN_ERROR_NUMBER)) {
RedisUtils.setCacheObject(Constants.LOGIN_ERROR + username, errorNumber, Constants.LOGIN_ERROR_LIMIT_TIME, TimeUnit.MINUTES);
asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME), request);
throw new UserException("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME);
} else {
// 未达到规定错误次数 则递增
RedisUtils.setCacheObject(Constants.LOGIN_ERROR + username, errorNumber);
asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.count", errorNumber), request);
throw new UserException("user.password.retry.limit.count", errorNumber);
}
}
// 登录成功 清空错误次数
RedisUtils.deleteObject(Constants.LOGIN_ERROR + username);
asyncService.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"), request);
recordLoginInfo(user.getUserId(), username);
LoginUser loginUser = new LoginUser();
loginUser.setUserId(user.getUserId());
loginUser.setDeptId(user.getDeptId());
@ -78,8 +105,6 @@ public class SysLoginService {
loginUser.setMenuPermission(permissionService.getMenuPermission(user));
loginUser.setRolePermission(permissionService.getRolePermission(user));
asyncService.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"), request);
recordLoginInfo(user.getUserId(), username);
// 生成token
LoginUtils.loginByDevice(loginUser, UserType.SYS_USER, DeviceType.PC);
return StpUtil.getTokenValue();