From 2a498d9f65f873cedb74ab5bcb48ad4b845d0622 Mon Sep 17 00:00:00 2001
From: puzhibing <393733352@qq.com>
Date: 星期三, 30 八月 2023 10:01:04 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/master'
---
management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java | 93 ++++++++++++++++++++++------------------------
1 files changed, 45 insertions(+), 48 deletions(-)
diff --git a/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java b/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java
index 3965c83..1c19d87 100644
--- a/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java
+++ b/management/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java
@@ -2,12 +2,15 @@
import com.google.code.kaptcha.Constants;
import com.stylefeng.guns.core.base.controller.BaseController;
+import com.stylefeng.guns.core.common.constant.Const;
import com.stylefeng.guns.core.common.exception.InvalidKaptchaException;
import com.stylefeng.guns.core.log.LogManager;
import com.stylefeng.guns.core.log.factory.LogTaskFactory;
import com.stylefeng.guns.core.node.MenuNode;
import com.stylefeng.guns.core.shiro.ShiroKit;
import com.stylefeng.guns.core.shiro.ShiroUser;
+import com.stylefeng.guns.core.shiro.factory.IShiro;
+import com.stylefeng.guns.core.shiro.factory.ShiroFactroy;
import com.stylefeng.guns.core.util.ApiMenuFilter;
import com.stylefeng.guns.core.util.KaptchaUtil;
import com.stylefeng.guns.core.util.SinataUtil;
@@ -16,6 +19,8 @@
import com.stylefeng.guns.modular.system.service.IMenuService;
import com.stylefeng.guns.modular.system.service.IUserService;
import com.stylefeng.guns.modular.system.util.AESUtils;
+import com.stylefeng.guns.modular.system.util.RedisUtil;
+import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
@@ -45,12 +50,11 @@
@Autowired
private IUserService userService;
-
- private Map<String, Long> loginTime = new HashMap<>();
+ @Autowired
+ private RedisUtil redisUtil;
private Map<String, Integer> loginFailures = new HashMap<>();
- private List<String> ips = Arrays.asList("127.0.0.1");
@@ -103,7 +107,8 @@
* 跳转到登录页面
*/
@RequestMapping(value = "/login", method = RequestMethod.GET)
- public String login() {
+ public String login(Model model) {
+ model.addAttribute("number",0);
if (ShiroKit.isAuthenticated() || ShiroKit.getUser() != null) {
return REDIRECT + "/";
} else {
@@ -115,53 +120,43 @@
* 点击登录执行的动作
*/
@RequestMapping(value = "/login", method = RequestMethod.POST)
- public String loginVali(String username, String password, String remember, Model model, HttpServletRequest request) {
- String ip = request.getHeader("x-forwarded-for");
- if (ip != null && ip.length() != 0 && !"unknown".equalsIgnoreCase(ip)) {
- // 多次反向代理后会有多个ip值,第一个ip才是真实ip
- if (ip.indexOf(",") != -1) {
- ip = ip.split(",")[0];
- }
- }
- if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
- ip = request.getHeader("Proxy-Client-IP");
- }
- if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
- ip = request.getHeader("WL-Proxy-Client-IP");
- }
- if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
- ip = request.getHeader("HTTP_CLIENT_IP");
- }
- if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
- ip = request.getHeader("HTTP_X_FORWARDED_FOR");
- }
- if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
- ip = request.getHeader("X-Real-IP");
- }
- if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
- ip = request.getRemoteAddr();
- }
- if(!ips.contains(ip)){
- model.addAttribute("tips", "请在特定的网络下使用系统");
- return "/login.html";
- }
-
+ public String loginVali(String username, String password,String sms_code, String remember, Model model, HttpServletRequest request) {
Integer f = loginFailures.get(username);
f = f == null ? 0 : f;
- Long t = loginTime.get(username);
- t = null == t ? 0 : t;
- if(System.currentTimeMillis() - t > (30 * 60 * 1000)){
- loginFailures.put(username, f = 1);
- loginTime.put(username, System.currentTimeMillis());
- }else{
+ // 校验账号,密码是否正确,如果错误,对次数进行加1
+ IShiro shiroFactory = ShiroFactroy.me();
+ User user = userService.getByAccount(username);
+ if(null == user){
f++;
loginFailures.put(username, f);
+ }else {
+ // 校验密码
+ ShiroUser shiroUser1 = shiroFactory.shiroUser(user);
+ SimpleAuthenticationInfo info = shiroFactory.info(shiroUser1, user, username);
+ String pass = ShiroKit.md5(password, user.getSalt());
+ if(!info.getCredentials().equals(pass)){
+ f++;
+ loginFailures.put(username, f);
+ if(f<5){
+ model.addAttribute("number", "3");
+ }
+ if(f==5){
+ model.addAttribute("number", "5");
+ }
+ model.addAttribute("tips","账号或密码错误!");
+ return "/login.html";
+ }
}
- if(f > 5 && (System.currentTimeMillis() - t) <= (30 * 60 * 1000)){
- model.addAttribute("tips", "登录次数过多,请等30分钟再试!");
- return "/login.html";
- }
+// if(!"aaaa".equals(sms_code)){
+// String value = redisUtil.getValue(user.getPhone());
+// if(ToolUtil.isEmpty(value) || !sms_code.equals(value)){
+// model.addAttribute("tips", "无效的验证码");
+// return "/login.html";
+// }
+// }
+
+
//验证验证码是否正确
if (KaptchaUtil.getKaptchaOnOff()) {
String kaptcha = super.getPara("kaptcha").trim();
@@ -170,7 +165,8 @@
throw new InvalidKaptchaException();
}
}
- password = AESUtils.decrypt(password);
+
+ model.addAttribute("number", "3");
Subject currentUser = ShiroKit.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password.toCharArray());
@@ -179,11 +175,12 @@
// } else {
// token.setRememberMe(false);
// }
-
token.setRememberMe(false);//关闭记住我功能
-
currentUser.login(token);
+ // 登录成功,错误次数值改0
+ loginFailures.put(username, 0);
+
ShiroUser shiroUser = ShiroKit.getUser();
super.getSession().setAttribute("shiroUser", shiroUser);
super.getSession().setAttribute("username", shiroUser.getAccount());
--
Gitblit v1.7.1