|
|
@ -82,26 +82,27 @@ public class LoginController {
|
|
|
|
//update-begin--Author:scott Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
|
|
|
|
//update-begin--Author:scott Date:20190805 for:暂时注释掉密码加密逻辑,有点问题
|
|
|
|
|
|
|
|
|
|
|
|
//update-begin-author:taoyan date:20190828 for:校验验证码
|
|
|
|
//update-begin-author:taoyan date:20190828 for:校验验证码
|
|
|
|
String captcha = sysLoginModel.getCaptcha();
|
|
|
|
//modified by 巴卫
|
|
|
|
if(captcha==null){
|
|
|
|
// String captcha = sysLoginModel.getCaptcha();
|
|
|
|
result.error500("验证码无效");
|
|
|
|
// if(captcha==null){
|
|
|
|
return result;
|
|
|
|
// result.error500("验证码无效");
|
|
|
|
}
|
|
|
|
// return result;
|
|
|
|
String lowerCaseCaptcha = captcha.toLowerCase();
|
|
|
|
// }
|
|
|
|
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
|
|
// String lowerCaseCaptcha = captcha.toLowerCase();
|
|
|
|
// 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
|
|
|
|
// //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
|
|
String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
|
|
|
|
// // 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
|
|
|
|
String realKey = Md5Util.md5Encode(origin, "utf-8");
|
|
|
|
// String origin = lowerCaseCaptcha+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
|
|
|
|
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
|
|
// String realKey = Md5Util.md5Encode(origin, "utf-8");
|
|
|
|
Object checkCode = redisUtil.get(realKey);
|
|
|
|
// //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
|
|
//当进入登录页时,有一定几率出现验证码错误 #1714
|
|
|
|
// Object checkCode = redisUtil.get(realKey);
|
|
|
|
if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
|
|
|
|
// //当进入登录页时,有一定几率出现验证码错误 #1714
|
|
|
|
log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
|
|
|
|
// if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
|
|
|
|
result.error500("验证码错误");
|
|
|
|
// log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", sysLoginModel.getCheckKey(), lowerCaseCaptcha, checkCode);
|
|
|
|
// 改成特殊的code 便于前端判断
|
|
|
|
// result.error500("验证码错误");
|
|
|
|
result.setCode(HttpStatus.PRECONDITION_FAILED.value());
|
|
|
|
// // 改成特殊的code 便于前端判断
|
|
|
|
return result;
|
|
|
|
// result.setCode(HttpStatus.PRECONDITION_FAILED.value());
|
|
|
|
}
|
|
|
|
// return result;
|
|
|
|
|
|
|
|
// }
|
|
|
|
//update-end-author:taoyan date:20190828 for:校验验证码
|
|
|
|
//update-end-author:taoyan date:20190828 for:校验验证码
|
|
|
|
|
|
|
|
|
|
|
|
//1. 校验用户是否有效
|
|
|
|
//1. 校验用户是否有效
|
|
|
@ -126,7 +127,8 @@ public class LoginController {
|
|
|
|
//用户登录信息
|
|
|
|
//用户登录信息
|
|
|
|
userInfo(sysUser, result);
|
|
|
|
userInfo(sysUser, result);
|
|
|
|
//update-begin--Author:liusq Date:20210126 for:登录成功,删除redis中的验证码
|
|
|
|
//update-begin--Author:liusq Date:20210126 for:登录成功,删除redis中的验证码
|
|
|
|
redisUtil.del(realKey);
|
|
|
|
//modified by 巴卫
|
|
|
|
|
|
|
|
//redisUtil.del(realKey);
|
|
|
|
//update-begin--Author:liusq Date:20210126 for:登录成功,删除redis中的验证码
|
|
|
|
//update-begin--Author:liusq Date:20210126 for:登录成功,删除redis中的验证码
|
|
|
|
LoginUser loginUser = new LoginUser();
|
|
|
|
LoginUser loginUser = new LoginUser();
|
|
|
|
BeanUtils.copyProperties(sysUser, loginUser);
|
|
|
|
BeanUtils.copyProperties(sysUser, loginUser);
|
|
|
|