From 7e1fa0439bcd2a819895f17a2e9a24db54033b21 Mon Sep 17 00:00:00 2001
From: 101captain <237651143@qq.com>
Date: 星期二, 26 七月 2022 13:25:36 +0800
Subject: [PATCH] bug修改

---
 springcloud_k8s_panzhihuazhihuishequ/auth/src/main/java/com/panzhihua/auth/handel/UserAuthenticationProvider.java |   14 +++++++++++++-
 1 files changed, 13 insertions(+), 1 deletions(-)

diff --git a/springcloud_k8s_panzhihuazhihuishequ/auth/src/main/java/com/panzhihua/auth/handel/UserAuthenticationProvider.java b/springcloud_k8s_panzhihuazhihuishequ/auth/src/main/java/com/panzhihua/auth/handel/UserAuthenticationProvider.java
index ee9feb0..4c660e3 100644
--- a/springcloud_k8s_panzhihuazhihuishequ/auth/src/main/java/com/panzhihua/auth/handel/UserAuthenticationProvider.java
+++ b/springcloud_k8s_panzhihuazhihuishequ/auth/src/main/java/com/panzhihua/auth/handel/UserAuthenticationProvider.java
@@ -54,7 +54,7 @@
         // 获取表单输入中返回的用户名
         String userName = (String)authentication.getPrincipal();
         String password =(String)authentication.getCredentials();
-        if(!userName.contains("_1")){
+        if(!userName.contains("_1")&&!userName.contains("_6")){
             try {
                 password = MyAESUtil.Decrypt((String)authentication.getCredentials(),"Ryo7M3n8loC5Abcd");
             } catch (Exception e) {
@@ -100,9 +100,18 @@
             return new UsernamePasswordAuthenticationToken(loginUserInfoVO, password, grantedAuthorityList);
         }
         else {
+            boolean flag= redisTemplate.hasKey(LOGIN_FAIL+userName);
+            if(flag){
+                Integer time= (Integer) redisTemplate.opsForValue().get(LOGIN_FAIL+userName);
+                if(time>=5){
+                    redisTemplate.opsForValue().set(LOGIN_FAIL+userName,5, Duration.ofMinutes(5));
+                    throw new LockedException("登录错误超过限制,请五分钟后重试");
+                }
+            }
             // 查询用户是否存在
             R<LoginUserInfoVO> r = userService.getUserInfo(userName);
             if (r.getCode() != 200) {
+                lockLogin(flag,userName);
                 throw new UsernameNotFoundException("该账号不存在");
             }
             LoginUserInfoVO loginUserInfoVO = r.getData();
@@ -114,14 +123,17 @@
                 });
             }
             if (ObjectUtils.isEmpty(loginUserInfoVO.getAccount())) {
+                lockLogin(flag,userName);
                 throw new UsernameNotFoundException("该账号不存在");
             }
             // 我们还要判断密码是否正确，这里我们的密码使用BCryptPasswordEncoder进行加密的
             if (!new BCryptPasswordEncoder().matches(password, loginUserInfoVO.getPassword())) {
+                lockLogin(flag,userName);
                 throw new BadCredentialsException("密码不正确");
             }
             // 还可以加一些其他信息的判断，比如用户账号已停用等判断
             if (loginUserInfoVO.getStatus().intValue() == 2) {
+                lockLogin(flag,userName);
                 throw new LockedException("该用户已被禁用");
             }
             // 维护最后登录时间

--
Gitblit v1.7.1