bug修改

101captain

2022-07-26 7e1fa0439bcd2a819895f17a2e9a24db54033b21

bug修改

 springcloud_k8s_panzhihuazhihuishequ/auth/src/main/java/com/panzhihua/auth/handel/UserAuthenticationProvider.java

@@ -100,9 +100,18 @@
            return new UsernamePasswordAuthenticationToken(loginUserInfoVO, password, grantedAuthorityList);
        }
        else {
            boolean flag= redisTemplate.hasKey(LOGIN_FAIL+userName);
            if(flag){
                Integer time= (Integer) redisTemplate.opsForValue().get(LOGIN_FAIL+userName);
                if(time>=5){
                    redisTemplate.opsForValue().set(LOGIN_FAIL+userName,5, Duration.ofMinutes(5));
                    throw new LockedException("登录错误超过限制,请五分钟后重试");
                }
            }
            // 查询用户是否存在
            R<LoginUserInfoVO> r = userService.getUserInfo(userName);
            if (r.getCode() != 200) {
                lockLogin(flag,userName);
                throw new UsernameNotFoundException("该账号不存在");
            }
            LoginUserInfoVO loginUserInfoVO = r.getData();
@@ -114,14 +123,17 @@
                });
            }
            if (ObjectUtils.isEmpty(loginUserInfoVO.getAccount())) {
                lockLogin(flag,userName);
                throw new UsernameNotFoundException("该账号不存在");
            }
            // 我们还要判断密码是否正确，这里我们的密码使用BCryptPasswordEncoder进行加密的
            if (!new BCryptPasswordEncoder().matches(password, loginUserInfoVO.getPassword())) {
                lockLogin(flag,userName);
                throw new BadCredentialsException("密码不正确");
            }
            // 还可以加一些其他信息的判断，比如用户账号已停用等判断
            if (loginUserInfoVO.getStatus().intValue() == 2) {
                lockLogin(flag,userName);
                throw new LockedException("该用户已被禁用");
            }
            // 维护最后登录时间