忘记密码，登录bug 修复

3 years ago · 972f260765
10 changed files with 124 additions and 23 deletions
--- a/common/src/main/java/com/canvas/web/exception/EntityExistException.java
+++ b/common/src/main/java/com/canvas/web/exception/EntityExistException.java
@ -0,0 +1,15 @@
+package com.canvas.web.exception;
+
+import org.springframework.util.StringUtils;
+
+public class EntityExistException extends RuntimeException{
+
+    public EntityExistException(Class clazz, String field, String val) {
+        super(EntityExistException.generateMessage(clazz.getSimpleName(), field, val));
+    }
+
+    private static String generateMessage(String entity, String field, String val) {
+        return StringUtils.capitalize(entity)
+                + " with " + field + " "+ val + " existed";
+    }
+}
--- a/system/src/main/java/com/canvas/web/modules/security/controller/AuthorizationController.java
+++ b/system/src/main/java/com/canvas/web/modules/security/controller/AuthorizationController.java
@ -17,12 +17,15 @@ import com.canvas.web.modules.security.service.dto.MsgDto;
 import com.canvas.web.modules.system.domain.vo.UserPassVo;
 import com.canvas.web.modules.system.service.UserService;
 import com.canvas.web.modules.system.service.dto.UserDto;
+import com.canvas.web.modules.utils.Response;
+import com.canvas.web.modules.utils.enums.ResponseEnum;
 import com.canvas.web.utils.*;
 import com.wf.captcha.base.Captcha;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@ -131,7 +134,12 @@ public class AuthorizationController {

    @ApiOperation("短信验证码")
    @AnonymousPostMapping(value = "/msg")
-    public ResponseEntity<Object> sendXMsg(@Validated MsgDto msgDto) {
+    public ResponseEntity<Object> sendXMsg(@Validated @RequestBody MsgDto msgDto) {
+        UserDto userDto = userService.findByPhone(msgDto.getPhone());
+        if (userDto==null){
+            return new ResponseEntity<>(HttpStatus.NO_CONTENT);
+        }
+
        //加载短信配置文件
        SubMailMsgConfig config = ConfigLoader.load(ConfigLoader.ConfigType.Message);
        //创建发送短信对象
@ -153,23 +161,24 @@ public class AuthorizationController {

    @ApiOperation("客户端修改密码")
    @AnonymousPostMapping(value = "/password")
-    public ResponseEntity<Object> clientLogin(@Validated @RequestBody UserPassVo userPassVo) throws Exception {
+    public Response<Object> clientLogin(@Validated @RequestBody UserPassVo userPassVo) throws Exception {
        // 查询验证码
        String code = (String) redisUtils.get(userPassVo.getUuid());
-        String newPass=RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,userPassVo.getNewPass());
+        String newPass = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey, userPassVo.getNewPass());
        // 清除验证码
        redisUtils.del(userPassVo.getUuid());
        if (StringUtils.isBlank(code)) {
-            throw new BaseException("验证码不存在或已过期");
+            //throw new BaseException("验证码不存在或已过期");
+            return Response.error(ResponseEnum.MESSAGE_FAIL);
        }
        if (StringUtils.isBlank(userPassVo.getCode()) || !userPassVo.getCode().equalsIgnoreCase(code)) {
-            throw new BaseException("验证码错误");
+            return Response.error(ResponseEnum.MESSAGE_ERROR);
        }
-        UserDto userDto=userService.findByName(SecurityUtils.getCurrentUsername());
-
-        userService.updatePass(userDto.getUsername(),passwordEncoder.encode(newPass));
+        UserDto userDto = userService.findByPhone(userPassVo.getPhone());
+        String password=passwordEncoder.encode(newPass);
+        userService.updatePass(userDto.getPhone(),password);

-        return new ResponseEntity<>(HttpStatus.OK);
+        return Response.success(ResponseEnum.UPDATE_SUCCESS);
    }


--- a/system/src/main/java/com/canvas/web/modules/security/service/UserDetailsServiceImpl.java
+++ b/system/src/main/java/com/canvas/web/modules/security/service/UserDetailsServiceImpl.java
@ -9,6 +9,7 @@ import lombok.RequiredArgsConstructor;
 import com.canvas.web.modules.system.service.DataService;
 import com.canvas.web.modules.system.service.RoleService;

+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
@ -39,18 +40,20 @@ public class UserDetailsServiceImpl implements UserDetailsService {
    static Map<String, JwtUserDto> userDtoCache = new ConcurrentHashMap<>();


+
+
    @Override
-    public JwtUserDto loadUserByUsername(String username) {
+    public JwtUserDto loadUserByUsername(String phone) {
        boolean searchDb = true;
        JwtUserDto jwtUserDto = null;
-        if (loginProperties.isCacheEnable() && userDtoCache.containsKey(username)) {
-            jwtUserDto = userDtoCache.get(username);
+        if (loginProperties.isCacheEnable() && userDtoCache.containsKey(phone)) {
+            jwtUserDto = userDtoCache.get(phone);
            searchDb = false;
        }
        if (searchDb) {
            UserDto user;
            try {
-                user = userService.findByName(username);
+                user = userService.findByPhone(phone);
            } catch (EntityNotFoundException e) {
                // SpringSecurity会自动转换UsernameNotFoundException为BadCredentialsException
                throw new UsernameNotFoundException("", e);
@ -66,10 +69,11 @@ public class UserDetailsServiceImpl implements UserDetailsService {
                        dataService.getDeptIds(user),
                        roleService.mapToGrantedAuthorities(user)
                );
-                userDtoCache.put(username, jwtUserDto);
+                userDtoCache.put(phone, jwtUserDto);
            }
        }
        return jwtUserDto;
    }

+
 }
--- a/system/src/main/java/com/canvas/web/modules/security/service/dto/AuthUserDto.java
+++ b/system/src/main/java/com/canvas/web/modules/security/service/dto/AuthUserDto.java
@ -21,4 +21,6 @@ public class AuthUserDto {
    private String code;

    private String uuid = "";
+
+    private Boolean rememberMe;
 }
--- a/system/src/main/java/com/canvas/web/modules/system/controller/UserController.java
+++ b/system/src/main/java/com/canvas/web/modules/system/controller/UserController.java
@ -1,19 +1,27 @@
 package com.canvas.web.modules.system.controller;


+import com.canvas.web.exception.BaseException;
+import com.canvas.web.modules.system.domain.User;
 import com.canvas.web.modules.system.service.RoleService;
 import com.canvas.web.modules.system.service.UserService;
+import com.canvas.web.modules.system.service.dto.RoleSmallDto;
 import com.canvas.web.modules.system.service.dto.UserDto;
+import com.canvas.web.utils.SecurityUtils;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;

+import java.util.Collections;
+import java.util.stream.Collectors;
+
@Api(tags = "用户管理")
@RestController
@RequestMapping("api/users/")
@ -22,14 +30,29 @@ public class UserController {

    private final UserService userService;
    private final RoleService roleService;
+    private final PasswordEncoder passwordEncoder;

-//    @ApiOperation("新增用户")
-//    @PostMapping
-//    public ResponseEntity<Object> create(@Validated @RequestBody UserDto userDto){
-//
-//    }
+    @ApiOperation("新增用户")
+    @PostMapping
+    public ResponseEntity<Object> create(@Validated @RequestBody User resources) {
+        checkLevel(resources);
+        // 默认密码 123456
+        resources.setPassword(passwordEncoder.encode("123456"));
+        userService.create(resources);
+        return null;
+    }
 //
 //    private void checkLevel(UserDto userDto){
 //        Integer currentLevel=
 //    }
+
+
+    //如果当前用户角色级别低于创建用户的角色级别，抛出权限不足
+    private void checkLevel(User resources){
+        Integer currentLevel= Collections.min(roleService.findByUsersId(SecurityUtils.getCurrentUserId()).stream().map(RoleSmallDto::getLevel).collect(Collectors.toList()));
+        Integer optLevel = roleService.findByRoles(resources.getRoles());
+        if (currentLevel > optLevel){
+            throw new BaseException("权限不足");
+        }
+    }
 }
--- a/system/src/main/java/com/canvas/web/modules/system/repository/UserRepository.java
+++ b/system/src/main/java/com/canvas/web/modules/system/repository/UserRepository.java
@ -29,7 +29,7 @@ public interface UserRepository extends JpaRepository<User, Long>, JpaSpecificat
    //根据手机号查询修改密码
    @Modifying
    @Query(value = "update sys_user set password = ?2 , pwd_reset_time = ?3 where phone = ?1",nativeQuery = true)
-    void updatePass(String username, String pass, Date lastPasswordResetTime);
+    void updatePass(String phone, String pass, Date lastPasswordResetTime);


    /**
--- a/system/src/main/java/com/canvas/web/modules/system/service/UserService.java
+++ b/system/src/main/java/com/canvas/web/modules/system/service/UserService.java
@ -1,5 +1,6 @@
 package com.canvas.web.modules.system.service;

+import com.canvas.web.modules.system.domain.User;
 import com.canvas.web.modules.system.service.dto.UserDto;
 import com.canvas.web.modules.system.service.dto.UserQueryCriteria;
 import org.springframework.data.domain.Pageable;
@ -24,7 +25,7 @@ public interface UserService {
     * 新增用户
     * @param resources /
     */
-   // void create(User resources);
+    void create(User resources);

    /**
     * 编辑用户
@ -45,6 +46,9 @@ public interface UserService {
     */
    UserDto findByName(String userName);

+    //根据用户手机号查询
+    UserDto findByPhone(String phone);
+


    /**
--- a/system/src/main/java/com/canvas/web/modules/system/service/dto/DeptSmallDto.java
+++ b/system/src/main/java/com/canvas/web/modules/system/service/dto/DeptSmallDto.java
@ -0,0 +1,13 @@
+package com.canvas.web.modules.system.service.dto;
+
+import lombok.Data;
+
+import java.io.Serializable;
+
+@Data
+public class DeptSmallDto implements Serializable {
+
+    private Long id;
+
+    private String name;
+}
--- a/system/src/main/java/com/canvas/web/modules/system/service/impl/UserServiceImpl.java
+++ b/system/src/main/java/com/canvas/web/modules/system/service/impl/UserServiceImpl.java
@ -2,6 +2,7 @@ package com.canvas.web.modules.system.service.impl;

 import com.canvas.web.config.FileProperties;
 import com.canvas.web.exception.BaseException;
+import com.canvas.web.exception.EntityExistException;
 import com.canvas.web.modules.security.service.UserCacheClean;
 import com.canvas.web.modules.system.domain.User;
 import com.canvas.web.modules.system.repository.UserRepository;
@ -17,8 +18,10 @@ import org.springframework.cache.annotation.CacheConfig;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.multipart.MultipartFile;

+import javax.persistence.EntityExistsException;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.*;
@ -46,6 +49,19 @@ public class UserServiceImpl implements UserService{
        return userMapper.toDto(user);
    }

+
+    //创建用户
+    @Override
+    public void create(User resources) {
+        if (userRepository.findByUsername(resources.getUsername()) != null) {
+            throw new EntityExistException(User.class, "username", resources.getUsername());
+        }
+        if (userRepository.findByPhone(resources.getPhone()) != null) {
+            throw new EntityExistException(User.class, "phone", resources.getPhone());
+        }
+        userRepository.save(resources);
+    }
+
    @Override
    public void delete(Set<Long> ids) {

@ -64,11 +80,23 @@ public class UserServiceImpl implements UserService{
    }

    @Override
-    public void updatePass(String username, String encryptPassword) {
-        userRepository.updatePass(username,encryptPassword,new Date());
+    public UserDto findByPhone(String phone) {
+        User user=userRepository.findByPhone(phone);
+        if (user ==null){
+           return null;
+        }else {
+            return userMapper.toDto(user);
+        }
+    }
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void updatePass(String phone, String encryptPassword) {
+        userRepository.updatePass(phone,encryptPassword,new Date());
    }

    @Override
+    @Transactional(rollbackFor = Exception.class)
    public Map<String, String> updateAvatar(MultipartFile file) {
        return null;
    }
--- a/system/src/main/java/com/canvas/web/modules/utils/enums/ResponseEnum.java
+++ b/system/src/main/java/com/canvas/web/modules/utils/enums/ResponseEnum.java
@ -54,6 +54,9 @@ public enum ResponseEnum {
    LOGOUT_SUCCESS(10002,"退出成功"),
    LOGOUT_FAIL(10003,"退出失败"),
    TOKEN_ERROR(10004,"token错误/失效"),
+    MESSAGE_FAIL(10005,"验证码失效"),
+    MESSAGE_ERROR(10006,"验证码错误"),
+


    /*********************20000-业务相关***************************/