From 7e1fa0439bcd2a819895f17a2e9a24db54033b21 Mon Sep 17 00:00:00 2001
From: 101captain <237651143@qq.com>
Date: 星期二, 26 七月 2022 13:25:36 +0800
Subject: [PATCH] bug修改

---
 springcloud_k8s_panzhihuazhihuishequ/auth/src/main/java/com/panzhihua/auth/handel/UserAuthenticationProvider.java |   12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/springcloud_k8s_panzhihuazhihuishequ/auth/src/main/java/com/panzhihua/auth/handel/UserAuthenticationProvider.java b/springcloud_k8s_panzhihuazhihuishequ/auth/src/main/java/com/panzhihua/auth/handel/UserAuthenticationProvider.java
index 8b7572f..4c660e3 100644
--- a/springcloud_k8s_panzhihuazhihuishequ/auth/src/main/java/com/panzhihua/auth/handel/UserAuthenticationProvider.java
+++ b/springcloud_k8s_panzhihuazhihuishequ/auth/src/main/java/com/panzhihua/auth/handel/UserAuthenticationProvider.java
@@ -100,9 +100,18 @@
             return new UsernamePasswordAuthenticationToken(loginUserInfoVO, password, grantedAuthorityList);
         }
         else {
+            boolean flag= redisTemplate.hasKey(LOGIN_FAIL+userName);
+            if(flag){
+                Integer time= (Integer) redisTemplate.opsForValue().get(LOGIN_FAIL+userName);
+                if(time>=5){
+                    redisTemplate.opsForValue().set(LOGIN_FAIL+userName,5, Duration.ofMinutes(5));
+                    throw new LockedException("登录错误超过限制,请五分钟后重试");
+                }
+            }
             // 查询用户是否存在
             R<LoginUserInfoVO> r = userService.getUserInfo(userName);
             if (r.getCode() != 200) {
+                lockLogin(flag,userName);
                 throw new UsernameNotFoundException("该账号不存在");
             }
             LoginUserInfoVO loginUserInfoVO = r.getData();
@@ -114,14 +123,17 @@
                 });
             }
             if (ObjectUtils.isEmpty(loginUserInfoVO.getAccount())) {
+                lockLogin(flag,userName);
                 throw new UsernameNotFoundException("该账号不存在");
             }
             // 我们还要判断密码是否正确，这里我们的密码使用BCryptPasswordEncoder进行加密的
             if (!new BCryptPasswordEncoder().matches(password, loginUserInfoVO.getPassword())) {
+                lockLogin(flag,userName);
                 throw new BadCredentialsException("密码不正确");
             }
             // 还可以加一些其他信息的判断，比如用户账号已停用等判断
             if (loginUserInfoVO.getStatus().intValue() == 2) {
+                lockLogin(flag,userName);
                 throw new LockedException("该用户已被禁用");
             }
             // 维护最后登录时间

--
Gitblit v1.7.1