From 972f2607659a868332516171d66a0f224ce1b3eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E5=8A=9B?= Date: Wed, 9 Mar 2022 13:55:44 +0800 Subject: [PATCH] =?UTF-8?q?=E5=BF=98=E8=AE=B0=E5=AF=86=E7=A0=81=EF=BC=8C?= =?UTF-8?q?=E7=99=BB=E5=BD=95bug=20=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../web/exception/EntityExistException.java | 15 +++++++++ .../controller/AuthorizationController.java | 27 ++++++++++----- .../service/UserDetailsServiceImpl.java | 14 +++++--- .../security/service/dto/AuthUserDto.java | 2 ++ .../system/controller/UserController.java | 33 ++++++++++++++++--- .../system/repository/UserRepository.java | 2 +- .../modules/system/service/UserService.java | 6 +++- .../system/service/dto/DeptSmallDto.java | 13 ++++++++ .../system/service/impl/UserServiceImpl.java | 32 ++++++++++++++++-- .../web/modules/utils/enums/ResponseEnum.java | 3 ++ 10 files changed, 124 insertions(+), 23 deletions(-) create mode 100644 common/src/main/java/com/canvas/web/exception/EntityExistException.java create mode 100644 system/src/main/java/com/canvas/web/modules/system/service/dto/DeptSmallDto.java diff --git a/common/src/main/java/com/canvas/web/exception/EntityExistException.java b/common/src/main/java/com/canvas/web/exception/EntityExistException.java new file mode 100644 index 0000000..fe988a7 --- /dev/null +++ b/common/src/main/java/com/canvas/web/exception/EntityExistException.java @@ -0,0 +1,15 @@ +package com.canvas.web.exception; + +import org.springframework.util.StringUtils; + +public class EntityExistException extends RuntimeException{ + + public EntityExistException(Class clazz, String field, String val) { + super(EntityExistException.generateMessage(clazz.getSimpleName(), field, val)); + } + + private static String generateMessage(String entity, String field, String val) { + return StringUtils.capitalize(entity) + + " with " + field + " "+ val + " existed"; + } +} diff --git a/system/src/main/java/com/canvas/web/modules/security/controller/AuthorizationController.java b/system/src/main/java/com/canvas/web/modules/security/controller/AuthorizationController.java index 0c91808..f024a31 100644 --- a/system/src/main/java/com/canvas/web/modules/security/controller/AuthorizationController.java +++ b/system/src/main/java/com/canvas/web/modules/security/controller/AuthorizationController.java @@ -17,12 +17,15 @@ import com.canvas.web.modules.security.service.dto.MsgDto; import com.canvas.web.modules.system.domain.vo.UserPassVo; import com.canvas.web.modules.system.service.UserService; import com.canvas.web.modules.system.service.dto.UserDto; +import com.canvas.web.modules.utils.Response; +import com.canvas.web.modules.utils.enums.ResponseEnum; import com.canvas.web.utils.*; import com.wf.captcha.base.Captcha; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; @@ -131,7 +134,12 @@ public class AuthorizationController { @ApiOperation("短信验证码") @AnonymousPostMapping(value = "/msg") - public ResponseEntity sendXMsg(@Validated MsgDto msgDto) { + public ResponseEntity sendXMsg(@Validated @RequestBody MsgDto msgDto) { + UserDto userDto = userService.findByPhone(msgDto.getPhone()); + if (userDto==null){ + return new ResponseEntity<>(HttpStatus.NO_CONTENT); + } + //加载短信配置文件 SubMailMsgConfig config = ConfigLoader.load(ConfigLoader.ConfigType.Message); //创建发送短信对象 @@ -153,23 +161,24 @@ public class AuthorizationController { @ApiOperation("客户端修改密码") @AnonymousPostMapping(value = "/password") - public ResponseEntity clientLogin(@Validated @RequestBody UserPassVo userPassVo) throws Exception { + public Response clientLogin(@Validated @RequestBody UserPassVo userPassVo) throws Exception { // 查询验证码 String code = (String) redisUtils.get(userPassVo.getUuid()); - String newPass=RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,userPassVo.getNewPass()); + String newPass = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey, userPassVo.getNewPass()); // 清除验证码 redisUtils.del(userPassVo.getUuid()); if (StringUtils.isBlank(code)) { - throw new BaseException("验证码不存在或已过期"); + //throw new BaseException("验证码不存在或已过期"); + return Response.error(ResponseEnum.MESSAGE_FAIL); } if (StringUtils.isBlank(userPassVo.getCode()) || !userPassVo.getCode().equalsIgnoreCase(code)) { - throw new BaseException("验证码错误"); + return Response.error(ResponseEnum.MESSAGE_ERROR); } - UserDto userDto=userService.findByName(SecurityUtils.getCurrentUsername()); - - userService.updatePass(userDto.getUsername(),passwordEncoder.encode(newPass)); + UserDto userDto = userService.findByPhone(userPassVo.getPhone()); + String password=passwordEncoder.encode(newPass); + userService.updatePass(userDto.getPhone(),password); - return new ResponseEntity<>(HttpStatus.OK); + return Response.success(ResponseEnum.UPDATE_SUCCESS); } diff --git a/system/src/main/java/com/canvas/web/modules/security/service/UserDetailsServiceImpl.java b/system/src/main/java/com/canvas/web/modules/security/service/UserDetailsServiceImpl.java index 07bb83f..2bc6564 100644 --- a/system/src/main/java/com/canvas/web/modules/security/service/UserDetailsServiceImpl.java +++ b/system/src/main/java/com/canvas/web/modules/security/service/UserDetailsServiceImpl.java @@ -9,6 +9,7 @@ import lombok.RequiredArgsConstructor; import com.canvas.web.modules.system.service.DataService; import com.canvas.web.modules.system.service.RoleService; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; @@ -39,18 +40,20 @@ public class UserDetailsServiceImpl implements UserDetailsService { static Map userDtoCache = new ConcurrentHashMap<>(); + + @Override - public JwtUserDto loadUserByUsername(String username) { + public JwtUserDto loadUserByUsername(String phone) { boolean searchDb = true; JwtUserDto jwtUserDto = null; - if (loginProperties.isCacheEnable() && userDtoCache.containsKey(username)) { - jwtUserDto = userDtoCache.get(username); + if (loginProperties.isCacheEnable() && userDtoCache.containsKey(phone)) { + jwtUserDto = userDtoCache.get(phone); searchDb = false; } if (searchDb) { UserDto user; try { - user = userService.findByName(username); + user = userService.findByPhone(phone); } catch (EntityNotFoundException e) { // SpringSecurity会自动转换UsernameNotFoundException为BadCredentialsException throw new UsernameNotFoundException("", e); @@ -66,10 +69,11 @@ public class UserDetailsServiceImpl implements UserDetailsService { dataService.getDeptIds(user), roleService.mapToGrantedAuthorities(user) ); - userDtoCache.put(username, jwtUserDto); + userDtoCache.put(phone, jwtUserDto); } } return jwtUserDto; } + } diff --git a/system/src/main/java/com/canvas/web/modules/security/service/dto/AuthUserDto.java b/system/src/main/java/com/canvas/web/modules/security/service/dto/AuthUserDto.java index 13e8255..950f9c5 100644 --- a/system/src/main/java/com/canvas/web/modules/security/service/dto/AuthUserDto.java +++ b/system/src/main/java/com/canvas/web/modules/security/service/dto/AuthUserDto.java @@ -21,4 +21,6 @@ public class AuthUserDto { private String code; private String uuid = ""; + + private Boolean rememberMe; } diff --git a/system/src/main/java/com/canvas/web/modules/system/controller/UserController.java b/system/src/main/java/com/canvas/web/modules/system/controller/UserController.java index 56962ce..7a937f3 100644 --- a/system/src/main/java/com/canvas/web/modules/system/controller/UserController.java +++ b/system/src/main/java/com/canvas/web/modules/system/controller/UserController.java @@ -1,19 +1,27 @@ package com.canvas.web.modules.system.controller; +import com.canvas.web.exception.BaseException; +import com.canvas.web.modules.system.domain.User; import com.canvas.web.modules.system.service.RoleService; import com.canvas.web.modules.system.service.UserService; +import com.canvas.web.modules.system.service.dto.RoleSmallDto; import com.canvas.web.modules.system.service.dto.UserDto; +import com.canvas.web.utils.SecurityUtils; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.RequiredArgsConstructor; import org.springframework.http.ResponseEntity; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import java.util.Collections; +import java.util.stream.Collectors; + @Api(tags = "用户管理") @RestController @RequestMapping("api/users/") @@ -22,14 +30,29 @@ public class UserController { private final UserService userService; private final RoleService roleService; + private final PasswordEncoder passwordEncoder; -// @ApiOperation("新增用户") -// @PostMapping -// public ResponseEntity create(@Validated @RequestBody UserDto userDto){ -// -// } + @ApiOperation("新增用户") + @PostMapping + public ResponseEntity create(@Validated @RequestBody User resources) { + checkLevel(resources); + // 默认密码 123456 + resources.setPassword(passwordEncoder.encode("123456")); + userService.create(resources); + return null; + } // // private void checkLevel(UserDto userDto){ // Integer currentLevel= // } + + + //如果当前用户角色级别低于创建用户的角色级别,抛出权限不足 + private void checkLevel(User resources){ + Integer currentLevel= Collections.min(roleService.findByUsersId(SecurityUtils.getCurrentUserId()).stream().map(RoleSmallDto::getLevel).collect(Collectors.toList())); + Integer optLevel = roleService.findByRoles(resources.getRoles()); + if (currentLevel > optLevel){ + throw new BaseException("权限不足"); + } + } } diff --git a/system/src/main/java/com/canvas/web/modules/system/repository/UserRepository.java b/system/src/main/java/com/canvas/web/modules/system/repository/UserRepository.java index 01cbd35..cc58fa6 100644 --- a/system/src/main/java/com/canvas/web/modules/system/repository/UserRepository.java +++ b/system/src/main/java/com/canvas/web/modules/system/repository/UserRepository.java @@ -29,7 +29,7 @@ public interface UserRepository extends JpaRepository, JpaSpecificat //根据手机号查询修改密码 @Modifying @Query(value = "update sys_user set password = ?2 , pwd_reset_time = ?3 where phone = ?1",nativeQuery = true) - void updatePass(String username, String pass, Date lastPasswordResetTime); + void updatePass(String phone, String pass, Date lastPasswordResetTime); /** diff --git a/system/src/main/java/com/canvas/web/modules/system/service/UserService.java b/system/src/main/java/com/canvas/web/modules/system/service/UserService.java index d07ee9e..23dd475 100644 --- a/system/src/main/java/com/canvas/web/modules/system/service/UserService.java +++ b/system/src/main/java/com/canvas/web/modules/system/service/UserService.java @@ -1,5 +1,6 @@ package com.canvas.web.modules.system.service; +import com.canvas.web.modules.system.domain.User; import com.canvas.web.modules.system.service.dto.UserDto; import com.canvas.web.modules.system.service.dto.UserQueryCriteria; import org.springframework.data.domain.Pageable; @@ -24,7 +25,7 @@ public interface UserService { * 新增用户 * @param resources / */ - // void create(User resources); + void create(User resources); /** * 编辑用户 @@ -45,6 +46,9 @@ public interface UserService { */ UserDto findByName(String userName); + //根据用户手机号查询 + UserDto findByPhone(String phone); + /** diff --git a/system/src/main/java/com/canvas/web/modules/system/service/dto/DeptSmallDto.java b/system/src/main/java/com/canvas/web/modules/system/service/dto/DeptSmallDto.java new file mode 100644 index 0000000..e0f7b96 --- /dev/null +++ b/system/src/main/java/com/canvas/web/modules/system/service/dto/DeptSmallDto.java @@ -0,0 +1,13 @@ +package com.canvas.web.modules.system.service.dto; + +import lombok.Data; + +import java.io.Serializable; + +@Data +public class DeptSmallDto implements Serializable { + + private Long id; + + private String name; +} diff --git a/system/src/main/java/com/canvas/web/modules/system/service/impl/UserServiceImpl.java b/system/src/main/java/com/canvas/web/modules/system/service/impl/UserServiceImpl.java index 6702b2a..568cacb 100644 --- a/system/src/main/java/com/canvas/web/modules/system/service/impl/UserServiceImpl.java +++ b/system/src/main/java/com/canvas/web/modules/system/service/impl/UserServiceImpl.java @@ -2,6 +2,7 @@ package com.canvas.web.modules.system.service.impl; import com.canvas.web.config.FileProperties; import com.canvas.web.exception.BaseException; +import com.canvas.web.exception.EntityExistException; import com.canvas.web.modules.security.service.UserCacheClean; import com.canvas.web.modules.system.domain.User; import com.canvas.web.modules.system.repository.UserRepository; @@ -17,8 +18,10 @@ import org.springframework.cache.annotation.CacheConfig; import org.springframework.data.domain.Page; import org.springframework.data.domain.Pageable; import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; import org.springframework.web.multipart.MultipartFile; +import javax.persistence.EntityExistsException; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.*; @@ -46,6 +49,19 @@ public class UserServiceImpl implements UserService{ return userMapper.toDto(user); } + + //创建用户 + @Override + public void create(User resources) { + if (userRepository.findByUsername(resources.getUsername()) != null) { + throw new EntityExistException(User.class, "username", resources.getUsername()); + } + if (userRepository.findByPhone(resources.getPhone()) != null) { + throw new EntityExistException(User.class, "phone", resources.getPhone()); + } + userRepository.save(resources); + } + @Override public void delete(Set ids) { @@ -64,11 +80,23 @@ public class UserServiceImpl implements UserService{ } @Override - public void updatePass(String username, String encryptPassword) { - userRepository.updatePass(username,encryptPassword,new Date()); + public UserDto findByPhone(String phone) { + User user=userRepository.findByPhone(phone); + if (user ==null){ + return null; + }else { + return userMapper.toDto(user); + } + } + + @Override + @Transactional(rollbackFor = Exception.class) + public void updatePass(String phone, String encryptPassword) { + userRepository.updatePass(phone,encryptPassword,new Date()); } @Override + @Transactional(rollbackFor = Exception.class) public Map updateAvatar(MultipartFile file) { return null; } diff --git a/system/src/main/java/com/canvas/web/modules/utils/enums/ResponseEnum.java b/system/src/main/java/com/canvas/web/modules/utils/enums/ResponseEnum.java index 642c535..80e4b3d 100644 --- a/system/src/main/java/com/canvas/web/modules/utils/enums/ResponseEnum.java +++ b/system/src/main/java/com/canvas/web/modules/utils/enums/ResponseEnum.java @@ -54,6 +54,9 @@ public enum ResponseEnum { LOGOUT_SUCCESS(10002,"退出成功"), LOGOUT_FAIL(10003,"退出失败"), TOKEN_ERROR(10004,"token错误/失效"), + MESSAGE_FAIL(10005,"验证码失效"), + MESSAGE_ERROR(10006,"验证码错误"), + /*********************20000-业务相关***************************/