bug修改

101captain

2022-06-21 ed4ac7ad4d7fd71c74d3fc6cb2a0ee11591efd1c

bug修改

 springcloud_k8s_panzhihuazhihuishequ/auth/src/main/java/com/panzhihua/auth/handel/UserAuthenticationProvider.java

@@ -54,49 +54,81 @@
        // 获取表单输入中返回的用户名
        String userName = (String)authentication.getPrincipal();
        String password =(String)authentication.getCredentials();
        try {
            password = MyAESUtil.Decrypt((String)authentication.getCredentials(),"Ryo7M3n8loC5Abcd");
        } catch (Exception e) {
            e.printStackTrace();
        }
        boolean flag= redisTemplate.hasKey(LOGIN_FAIL+userName);
        if(flag){
            Integer time= (Integer) redisTemplate.opsForValue().get(LOGIN_FAIL+userName);
            if(time>=5){
                redisTemplate.opsForValue().set(LOGIN_FAIL+userName,5, Duration.ofMinutes(5));
                throw new LockedException("登录错误超过限制,请五分钟后重试");
        if(!userName.contains("_1")){
            try {
                password = MyAESUtil.Decrypt((String)authentication.getCredentials(),"Ryo7M3n8loC5Abcd");
            } catch (Exception e) {
                e.printStackTrace();
            }
            boolean flag= redisTemplate.hasKey(LOGIN_FAIL+userName);
            if(flag){
                Integer time= (Integer) redisTemplate.opsForValue().get(LOGIN_FAIL+userName);
                if(time>=5){
                    redisTemplate.opsForValue().set(LOGIN_FAIL+userName,5, Duration.ofMinutes(5));
                    throw new LockedException("登录错误超过限制,请五分钟后重试");
                }
            }
            // 查询用户是否存在
            R<LoginUserInfoVO> r = userService.getUserInfo(userName);
            if (r.getCode() != 200) {
                lockLogin(flag,userName);
                throw new UsernameNotFoundException("账号或密码错误");
            }
            LoginUserInfoVO loginUserInfoVO = r.getData();
            List<GrantedAuthority> grantedAuthorityList = new ArrayList<>();
            Set<String> roles = loginUserInfoVO.getRoles();
            if (!ObjectUtils.isEmpty(roles)) {
                roles.forEach(s -> {
                    grantedAuthorityList.add(new SimpleGrantedAuthority(s));
                });
            }
            if (ObjectUtils.isEmpty(loginUserInfoVO.getAccount())||ObjectUtils.isEmpty(password)) {
                lockLogin(flag,userName);
                throw new UsernameNotFoundException("账号或密码错误");
            }
            // 我们还要判断密码是否正确，这里我们的密码使用BCryptPasswordEncoder进行加密的
            if (!new BCryptPasswordEncoder().matches(password, loginUserInfoVO.getPassword())) {
                lockLogin(flag,userName);
                throw new BadCredentialsException("密码不正确");
            }
            // 还可以加一些其他信息的判断，比如用户账号已停用等判断
            if (loginUserInfoVO.getStatus().intValue() == 2) {
                throw new LockedException("该用户已被禁用");
            }
            // 维护最后登录时间
            userService.putUserLastLoginTime(loginUserInfoVO.getUserId());
            return new UsernamePasswordAuthenticationToken(loginUserInfoVO, password, grantedAuthorityList);
        }
        // 查询用户是否存在
        R<LoginUserInfoVO> r = userService.getUserInfo(userName);
        if (r.getCode() != 200) {
            lockLogin(flag,userName);
            throw new UsernameNotFoundException("账号或密码错误");
        else {
            // 查询用户是否存在
            R<LoginUserInfoVO> r = userService.getUserInfo(userName);
            if (r.getCode() != 200) {
                throw new UsernameNotFoundException("该账号不存在");
            }
            LoginUserInfoVO loginUserInfoVO = r.getData();
            List<GrantedAuthority> grantedAuthorityList = new ArrayList<>();
            Set<String> roles = loginUserInfoVO.getRoles();
            if (!ObjectUtils.isEmpty(roles)) {
                roles.forEach(s -> {
                    grantedAuthorityList.add(new SimpleGrantedAuthority(s));
                });
            }
            if (ObjectUtils.isEmpty(loginUserInfoVO.getAccount())) {
                throw new UsernameNotFoundException("该账号不存在");
            }
            // 我们还要判断密码是否正确，这里我们的密码使用BCryptPasswordEncoder进行加密的
            if (!new BCryptPasswordEncoder().matches(password, loginUserInfoVO.getPassword())) {
                throw new BadCredentialsException("密码不正确");
            }
            // 还可以加一些其他信息的判断，比如用户账号已停用等判断
            if (loginUserInfoVO.getStatus().intValue() == 2) {
                throw new LockedException("该用户已被禁用");
            }
            // 维护最后登录时间
            userService.putUserLastLoginTime(loginUserInfoVO.getUserId());
            return new UsernamePasswordAuthenticationToken(loginUserInfoVO, password, grantedAuthorityList);

        }
        LoginUserInfoVO loginUserInfoVO = r.getData();
        List<GrantedAuthority> grantedAuthorityList = new ArrayList<>();
        Set<String> roles = loginUserInfoVO.getRoles();
        if (!ObjectUtils.isEmpty(roles)) {
            roles.forEach(s -> {
                grantedAuthorityList.add(new SimpleGrantedAuthority(s));
            });
        }
        if (ObjectUtils.isEmpty(loginUserInfoVO.getAccount())||ObjectUtils.isEmpty(password)) {
            lockLogin(flag,userName);
            throw new UsernameNotFoundException("账号或密码错误");
        }
        // 我们还要判断密码是否正确，这里我们的密码使用BCryptPasswordEncoder进行加密的
        if (!new BCryptPasswordEncoder().matches(password, loginUserInfoVO.getPassword())) {
            lockLogin(flag,userName);
            throw new BadCredentialsException("密码不正确");
        }
        // 还可以加一些其他信息的判断，比如用户账号已停用等判断
        if (loginUserInfoVO.getStatus().intValue() == 2) {
            throw new LockedException("该用户已被禁用");
        }
        // 维护最后登录时间
        userService.putUserLastLoginTime(loginUserInfoVO.getUserId());
        return new UsernamePasswordAuthenticationToken(loginUserInfoVO, password, grantedAuthorityList);
    }

    @Override