gitee
/
snowy
mirror of https://gitee.com/xiaonuobase/snowy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

【修复】修复 #I6NVHY 手机验证码登录验证bug

pull/98/head
xuyuxiang 2023-03-23 16:57:19 +08:00
parent 2e87918730
commit df11702b38
2 changed files with 57 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
snowy-plugin/snowy-plugin-auth/src/main/java/vip/xiaonuo/auth/modular/login/service/impl/AuthServiceImpl.java
View File

@ -21,6 +21,7 @@ import cn.hutool.core.convert.Convert;
import cn.hutool.core.util.ObjectUtil; import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.PhoneUtil; import cn.hutool.core.util.PhoneUtil;
import cn.hutool.core.util.RandomUtil; import cn.hutool.core.util.RandomUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.json.JSONObject; import cn.hutool.json.JSONObject;
import com.baomidou.mybatisplus.core.toolkit.IdWorker; import com.baomidou.mybatisplus.core.toolkit.IdWorker;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
@ -41,6 +42,7 @@ import vip.xiaonuo.auth.modular.login.service.AuthService;
import vip.xiaonuo.common.cache.CommonCacheOperator; import vip.xiaonuo.common.cache.CommonCacheOperator;
import vip.xiaonuo.common.exception.CommonException; import vip.xiaonuo.common.exception.CommonException;
import vip.xiaonuo.common.util.CommonCryptogramUtil; import vip.xiaonuo.common.util.CommonCryptogramUtil;
import vip.xiaonuo.common.util.CommonEmailUtil;
import vip.xiaonuo.dev.api.DevConfigApi; import vip.xiaonuo.dev.api.DevConfigApi;
import vip.xiaonuo.dev.api.DevSmsApi; import vip.xiaonuo.dev.api.DevSmsApi;
@ -59,7 +61,7 @@ public class AuthServiceImpl implements AuthService {
private static final String SNOWY_SYS_DEFAULT_CAPTCHA_OPEN_KEY = "SNOWY_SYS_DEFAULT_CAPTCHA_OPEN"; private static final String SNOWY_SYS_DEFAULT_CAPTCHA_OPEN_KEY = "SNOWY_SYS_DEFAULT_CAPTCHA_OPEN";
private static final String AUTH_CACHE_KEY = "auth-validCode:"; private static final String AUTH_VALID_CODE_CACHE_KEY = "auth-validCode:";
@Resource(name = "loginUserApi") @Resource(name = "loginUserApi")
private SaBaseLoginUserApi loginUserApi; private SaBaseLoginUserApi loginUserApi;
@ -93,7 +95,7 @@ public class AuthServiceImpl implements AuthService {
// 将请求号返回前端 // 将请求号返回前端
authPicValidCodeResult.setValidCodeReqNo(validCodeReqNo); authPicValidCodeResult.setValidCodeReqNo(validCodeReqNo);
// 将请求号作为key验证码的值作为value放到redis用于校验5分钟有效 // 将请求号作为key验证码的值作为value放到redis用于校验5分钟有效
commonCacheOperator.put(AUTH_CACHE_KEY + validCodeReqNo, validCode, 5 * 60); commonCacheOperator.put(AUTH_VALID_CODE_CACHE_KEY + validCodeReqNo, validCode, 5 * 60);
return authPicValidCodeResult; return authPicValidCodeResult;
} }
@ -106,7 +108,7 @@ public class AuthServiceImpl implements AuthService {
// 验证码请求号 // 验证码请求号
String validCodeReqNo = authGetPhoneValidCodeParam.getValidCodeReqNo(); String validCodeReqNo = authGetPhoneValidCodeParam.getValidCodeReqNo();
// 校验参数 // 校验参数
validPhoneValidCodeParam(phone, validCode, validCodeReqNo, type); validPhoneValidCodeParam(null, validCode, validCodeReqNo, type);
// 生成手机验证码的值随机6为数字 // 生成手机验证码的值随机6为数字
String phoneValidCode = RandomUtil.randomNumbers(6); String phoneValidCode = RandomUtil.randomNumbers(6);
// 生成手机验证码的请求号 // 生成手机验证码的请求号
@ -118,10 +120,10 @@ public class AuthServiceImpl implements AuthService {
// TODO 使用腾讯云执行发送验证码,将验证码作为短信内容的参数变量放入, // TODO 使用腾讯云执行发送验证码,将验证码作为短信内容的参数变量放入,
// TODO sdkAppId和签名不传则使用系统默认配置的sdkAppId和签名支持传入多个参数逗号拼接示例"张三,15038****76,进行中" // TODO sdkAppId和签名不传则使用系统默认配置的sdkAppId和签名支持传入多个参数逗号拼接示例"张三,15038****76,进行中"
devSmsApi.sendSmsTencent("1400522364", phone, "小诺开源技术", "1502357", phoneValidCode); devSmsApi.sendSmsTencent("sdkAppId", phone, "签名", "模板编码", phoneValidCode);
// 将请求号作为key验证码的值作为value放到redis用于校验5分钟有效 // 将请求号作为key验证码的值作为value放到redis用于校验5分钟有效
commonCacheOperator.put(AUTH_CACHE_KEY + phoneValidCodeReqNo, phoneValidCode, 5 * 60); commonCacheOperator.put(AUTH_VALID_CODE_CACHE_KEY + phone + StrUtil.UNDERLINE + phoneValidCodeReqNo, phoneValidCode, 5 * 60);
// 返回请求号 // 返回请求号
return phoneValidCodeReqNo; return phoneValidCodeReqNo;
} }
@ -132,21 +134,28 @@ public class AuthServiceImpl implements AuthService {
* @author xuyuxiang * @author xuyuxiang
* @date 2022/8/25 15:26 * @date 2022/8/25 15:26
**/ **/
private void validValidCode(String validCode, String validCodeReqNo) { private void validValidCode(String phoneOrEmail, String validCode, String validCodeReqNo) {
// 依据请求号,取出缓存中的验证码进行校验 // 依据请求号,取出缓存中的验证码进行校验
Object existValidCode = commonCacheOperator.get(AUTH_CACHE_KEY + validCodeReqNo); Object existValidCode;
if(ObjectUtil.isEmpty(phoneOrEmail)) {
existValidCode = commonCacheOperator.get(AUTH_VALID_CODE_CACHE_KEY + validCodeReqNo);
} else {
existValidCode = commonCacheOperator.get(AUTH_VALID_CODE_CACHE_KEY + phoneOrEmail + StrUtil.UNDERLINE + validCodeReqNo);
}
// 为空则直接验证码错误 // 为空则直接验证码错误
if(ObjectUtil.isEmpty(existValidCode)) { if(ObjectUtil.isEmpty(existValidCode)) {
throw new CommonException(AuthExceptionEnum.VALID_CODE_ERROR.getValue()); throw new CommonException(AuthExceptionEnum.VALID_CODE_ERROR.getValue());
} }
// 不一致则直接验证码错误
if(!validCode.equals(Convert.toStr(existValidCode).toLowerCase())) {
// 移除该验证码
commonCacheOperator.remove(AUTH_CACHE_KEY + validCodeReqNo);
throw new CommonException(AuthExceptionEnum.VALID_CODE_ERROR.getValue());
}
// 移除该验证码 // 移除该验证码
commonCacheOperator.remove(AUTH_CACHE_KEY + validCodeReqNo); if(ObjectUtil.isEmpty(phoneOrEmail)) {
commonCacheOperator.remove(AUTH_VALID_CODE_CACHE_KEY + validCodeReqNo);
} else {
commonCacheOperator.remove(AUTH_VALID_CODE_CACHE_KEY + phoneOrEmail + StrUtil.UNDERLINE + validCodeReqNo);
}
// 不一致则直接验证码错误
if (!validCode.equals(Convert.toStr(existValidCode).toLowerCase())) {
throw new CommonException("验证码错误");
}
} }
/** /**
@ -155,20 +164,25 @@ public class AuthServiceImpl implements AuthService {
* @author xuyuxiang * @author xuyuxiang
* @date 2022/8/25 14:29 * @date 2022/8/25 14:29
**/ **/
private void validPhoneValidCodeParam(String phone, String validCode, String validCodeReqNo, String type) { private void validPhoneValidCodeParam(String phoneOrEmail, String validCode, String validCodeReqNo, String type) {
// 验证码正确则校验手机号格式 // 验证码正确则校验手机号格式
if(!PhoneUtil.isMobile(phone)) { if(ObjectUtil.isEmpty(phoneOrEmail)) {
throw new CommonException(AuthExceptionEnum.PHONE_FORMAT_ERROR.getValue()); // 执行校验验证码
validValidCode(null, validCode, validCodeReqNo);
} else {
if(!PhoneUtil.isMobile(phoneOrEmail) && !CommonEmailUtil.isEmail(phoneOrEmail)) {
throw new CommonException(AuthExceptionEnum.PHONE_FORMAT_ERROR.getValue());
}
// 执行校验验证码
validValidCode(phoneOrEmail, validCode, validCodeReqNo);
} }
// 执行校验验证码
validValidCode(validCode, validCodeReqNo);
// 根据手机号获取用户信息判断用户是否存在根据B端或C端判断 // 根据手机号获取用户信息判断用户是否存在根据B端或C端判断
if(SaClientTypeEnum.B.getValue().equals(type)) { if(SaClientTypeEnum.B.getValue().equals(type)) {
if(ObjectUtil.isEmpty(loginUserApi.getUserByPhone(phone))) { if(ObjectUtil.isEmpty(loginUserApi.getUserByPhone(phoneOrEmail))) {
throw new CommonException(AuthExceptionEnum.PHONE_ERROR.getValue()); throw new CommonException(AuthExceptionEnum.PHONE_ERROR.getValue());
} }
} else { } else {
if(ObjectUtil.isEmpty(clientLoginUserApi.getClientUserByPhone(phone))) { if(ObjectUtil.isEmpty(clientLoginUserApi.getClientUserByPhone(phoneOrEmail))) {
throw new CommonException(AuthExceptionEnum.PHONE_ERROR.getValue()); throw new CommonException(AuthExceptionEnum.PHONE_ERROR.getValue());
} }
} }
@ -205,7 +219,7 @@ public class AuthServiceImpl implements AuthService {
throw new CommonException(AuthExceptionEnum.VALID_CODE_REQ_NO_EMPTY.getValue()); throw new CommonException(AuthExceptionEnum.VALID_CODE_REQ_NO_EMPTY.getValue());
} }
// 执行校验验证码 // 执行校验验证码
validValidCode(validCode, validCodeReqNo); validValidCode(null, validCode, validCodeReqNo);
} }
} }
// SM2解密并获得前端传来的密码哈希值 // SM2解密并获得前端传来的密码哈希值

35
snowy-plugin/snowy-plugin-sys/src/main/java/vip/xiaonuo/sys/modular/user/service/impl/SysUserServiceImpl.java
View File

@ -121,7 +121,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
private static final String SNOWY_SYS_DEFAULT_WORKBENCH_DATA_KEY = "SNOWY_SYS_DEFAULT_WORKBENCH_DATA"; private static final String SNOWY_SYS_DEFAULT_WORKBENCH_DATA_KEY = "SNOWY_SYS_DEFAULT_WORKBENCH_DATA";
private static final String USER_CACHE_KEY = "user-validCode:"; private static final String USER_VALID_CODE_CACHE_KEY = "user-validCode:";
public static final String USER_CACHE_ALL_KEY = "sys-user:all"; public static final String USER_CACHE_ALL_KEY = "sys-user:all";
@ -399,7 +399,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
// 将请求号返回前端 // 将请求号返回前端
sysUserPicValidCodeResult.setValidCodeReqNo(validCodeReqNo); sysUserPicValidCodeResult.setValidCodeReqNo(validCodeReqNo);
// 将请求号作为key验证码的值作为value放到redis用于校验5分钟有效 // 将请求号作为key验证码的值作为value放到redis用于校验5分钟有效
commonCacheOperator.put(USER_CACHE_KEY + validCodeReqNo, validCode, 5 * 60); commonCacheOperator.put(USER_VALID_CODE_CACHE_KEY + validCodeReqNo, validCode, 5 * 60);
return sysUserPicValidCodeResult; return sysUserPicValidCodeResult;
} }
@ -409,21 +409,28 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
* @author xuyuxiang * @author xuyuxiang
* @date 2022/8/25 14:29 * @date 2022/8/25 14:29
**/ **/
private void validValidCode(String validCode, String validCodeReqNo) { private void validValidCode(String phoneOrEmail, String validCode, String validCodeReqNo) {
// 依据请求号,取出缓存中的验证码进行校验 // 依据请求号,取出缓存中的验证码进行校验
Object existValidCode = commonCacheOperator.get(USER_CACHE_KEY + validCodeReqNo); Object existValidCode;
if(ObjectUtil.isEmpty(phoneOrEmail)) {
existValidCode = commonCacheOperator.get(USER_VALID_CODE_CACHE_KEY + validCodeReqNo);
} else {
existValidCode = commonCacheOperator.get(USER_VALID_CODE_CACHE_KEY + phoneOrEmail + StrUtil.UNDERLINE + validCodeReqNo);
}
// 为空则直接验证码错误 // 为空则直接验证码错误
if (ObjectUtil.isEmpty(existValidCode)) { if (ObjectUtil.isEmpty(existValidCode)) {
throw new CommonException("验证码错误"); throw new CommonException("验证码错误");
} }
// 移除该验证码
if(ObjectUtil.isEmpty(phoneOrEmail)) {
commonCacheOperator.remove(USER_VALID_CODE_CACHE_KEY + validCodeReqNo);
} else {
commonCacheOperator.remove(USER_VALID_CODE_CACHE_KEY + phoneOrEmail + StrUtil.UNDERLINE + validCodeReqNo);
}
// 不一致则直接验证码错误 // 不一致则直接验证码错误
if (!validCode.equals(Convert.toStr(existValidCode).toLowerCase())) { if (!validCode.equals(Convert.toStr(existValidCode).toLowerCase())) {
// 移除该验证码
commonCacheOperator.remove(USER_CACHE_KEY + validCodeReqNo);
throw new CommonException("验证码错误"); throw new CommonException("验证码错误");
} }
// 移除该验证码
commonCacheOperator.remove(USER_CACHE_KEY + validCodeReqNo);
} }
@Override @Override
@ -435,7 +442,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
throw new CommonException("手机号码:{}格式错误", phone); throw new CommonException("手机号码:{}格式错误", phone);
} }
// 执行校验验证码 // 执行校验验证码
validValidCode(sysUserGetPhoneValidCodeParam.getValidCode(), sysUserGetPhoneValidCodeParam.getValidCodeReqNo()); validValidCode(null, sysUserGetPhoneValidCodeParam.getValidCode(), sysUserGetPhoneValidCodeParam.getValidCodeReqNo());
// 根据手机号获取用户信息,判断用户是否存在 // 根据手机号获取用户信息,判断用户是否存在
if (ObjectUtil.isEmpty(this.getUserByPhone(phone))) { if (ObjectUtil.isEmpty(this.getUserByPhone(phone))) {
throw new CommonException("手机码:{}不存在", phone); throw new CommonException("手机码:{}不存在", phone);
@ -454,7 +461,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
//devSmsApi.sendSmsTencent(null, phone, null, "验证码模板号", phoneValidCode); //devSmsApi.sendSmsTencent(null, phone, null, "验证码模板号", phoneValidCode);
// 将请求号作为key验证码的值作为value放到redis用于校验5分钟有效 // 将请求号作为key验证码的值作为value放到redis用于校验5分钟有效
commonCacheOperator.put(USER_CACHE_KEY + phoneValidCodeReqNo, phoneValidCode, 5 * 60); commonCacheOperator.put(USER_VALID_CODE_CACHE_KEY + phone + StrUtil.UNDERLINE + phoneValidCodeReqNo, phoneValidCode, 5 * 60);
// 返回请求号 // 返回请求号
return phoneValidCodeReqNo; return phoneValidCodeReqNo;
} }
@ -468,7 +475,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
throw new CommonException("邮箱:{}格式错误", email); throw new CommonException("邮箱:{}格式错误", email);
} }
// 执行校验验证码 // 执行校验验证码
validValidCode(sysUserGetEmailValidCodeParam.getValidCode(), sysUserGetEmailValidCodeParam.getValidCodeReqNo()); validValidCode(null, sysUserGetEmailValidCodeParam.getValidCode(), sysUserGetEmailValidCodeParam.getValidCodeReqNo());
// 根据邮箱获取用户信息,判断用户是否存在 // 根据邮箱获取用户信息,判断用户是否存在
if (ObjectUtil.isEmpty(this.getUserByEmail(email))) { if (ObjectUtil.isEmpty(this.getUserByEmail(email))) {
throw new CommonException("邮箱:{}不存在", email); throw new CommonException("邮箱:{}不存在", email);
@ -483,7 +490,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
devEmailApi.sendTextEmailLocal(email, "找回密码邮件", content, CollectionUtil.newArrayList()); devEmailApi.sendTextEmailLocal(email, "找回密码邮件", content, CollectionUtil.newArrayList());
// 将请求号作为key验证码的值作为value放到redis用于校验5分钟有效 // 将请求号作为key验证码的值作为value放到redis用于校验5分钟有效
commonCacheOperator.put(USER_CACHE_KEY + emailValidCodeReqNo, emailValidCode, 5 * 60); commonCacheOperator.put(USER_VALID_CODE_CACHE_KEY + email + StrUtil.UNDERLINE + emailValidCodeReqNo, emailValidCode, 5 * 60);
// 返回请求号 // 返回请求号
return emailValidCodeReqNo; return emailValidCodeReqNo;
} }
@ -491,7 +498,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
@Override @Override
public void findPasswordByPhone(SysUserFindPwdByPhoneParam sysUserFindPwdByPhoneParam) { public void findPasswordByPhone(SysUserFindPwdByPhoneParam sysUserFindPwdByPhoneParam) {
// 执行校验验证码 // 执行校验验证码
validValidCode(sysUserFindPwdByPhoneParam.getValidCode(), sysUserFindPwdByPhoneParam.getValidCodeReqNo()); validValidCode(sysUserFindPwdByPhoneParam.getPhone(), sysUserFindPwdByPhoneParam.getValidCode(), sysUserFindPwdByPhoneParam.getValidCodeReqNo());
this.update(new LambdaUpdateWrapper<SysUser>().eq(SysUser::getPhone, this.update(new LambdaUpdateWrapper<SysUser>().eq(SysUser::getPhone,
sysUserFindPwdByPhoneParam.getPhone()).set(SysUser::getPassword, sysUserFindPwdByPhoneParam.getPhone()).set(SysUser::getPassword,
CommonCryptogramUtil.doHashValue(CommonCryptogramUtil.doSm2Decrypt(sysUserFindPwdByPhoneParam.getNewPassword())))); CommonCryptogramUtil.doHashValue(CommonCryptogramUtil.doSm2Decrypt(sysUserFindPwdByPhoneParam.getNewPassword()))));
@ -500,7 +507,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
@Override @Override
public void findPasswordByEmail(SysUserFindPwdByEmailParam sysUserFindPwdByEmailParam) { public void findPasswordByEmail(SysUserFindPwdByEmailParam sysUserFindPwdByEmailParam) {
// 执行校验验证码 // 执行校验验证码
validValidCode(sysUserFindPwdByEmailParam.getValidCode(), sysUserFindPwdByEmailParam.getValidCodeReqNo()); validValidCode(sysUserFindPwdByEmailParam.getEmail(), sysUserFindPwdByEmailParam.getValidCode(), sysUserFindPwdByEmailParam.getValidCodeReqNo());
this.update(new LambdaUpdateWrapper<SysUser>().eq(SysUser::getEmail, this.update(new LambdaUpdateWrapper<SysUser>().eq(SysUser::getEmail,
sysUserFindPwdByEmailParam.getEmail()).set(SysUser::getPassword, sysUserFindPwdByEmailParam.getEmail()).set(SysUser::getPassword,
CommonCryptogramUtil.doHashValue(CommonCryptogramUtil.doSm2Decrypt(sysUserFindPwdByEmailParam.getNewPassword())))); CommonCryptogramUtil.doHashValue(CommonCryptogramUtil.doSm2Decrypt(sysUserFindPwdByEmailParam.getNewPassword()))));