vcc接口

23028998 · 技术部-任文超 · eb6436a6 · 23028998 · 23028998 · 23028998
Commit 23028998 authored May 28, 2019 by 技术部-任文超
9 changed files
--- a/src/main/java/cn/quantgroup/xyqb/config/data/RedisConfig.java
+++ b/src/main/java/cn/quantgroup/xyqb/config/data/RedisConfig.java
@@ -12,6 +12,7 @@ import org.springframework.data.redis.connection.RedisNode;
 import org.springframework.data.redis.connection.RedisSentinelConfiguration;
 import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.data.redis.serializer.JdkSerializationRedisSerializer;
 import org.springframework.data.redis.serializer.StringRedisSerializer;
 import redis.clients.jedis.JedisPoolConfig;
@@ -118,9 +119,9 @@ public class RedisConfig {
    }

    @Bean(name = "stringRedisTemplate")
-    public RedisTemplate<String, String> stringRedisTemplate(
+    public StringRedisTemplate stringRedisTemplate(
            RedisConnectionFactory factory) {
-        final RedisTemplate<String, String> template = new RedisTemplate<>();
+        final StringRedisTemplate template = new StringRedisTemplate();
        StringRedisSerializer stringRedisSerializer = new StringRedisSerializer();
        JdkSerializationRedisSerializer jdkSerializationRedisSerializer = new JdkSerializationRedisSerializer();
        template.setEnableTransactionSupport(true);

--- a/src/main/java/cn/quantgroup/xyqb/controller/external/user/AppController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/user/AppController.java
@@ -151,6 +151,7 @@ public class AppController implements IBaseController {
        AuthBean bean = sessionService.createSession(user, loginProperties);
        LoginInfo loginInfo = new LoginInfo();
        loginInfo.setUser(new UserRet(user));
+        loginInfo.setHasPassword(user.getHasPassword());
        loginInfo.setToken(bean.getToken());
        LoginInfo.LoginContext context = new LoginInfo.LoginContext();
        context.setChannelId(channelId);

--- a/src/main/java/cn/quantgroup/xyqb/controller/external/user/UserApiController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/user/UserApiController.java
 package cn.quantgroup.xyqb.controller.external.user;

-import java.util.Objects;
-
-import javax.annotation.Resource;
-
-import org.apache.commons.lang3.StringUtils;
-
-import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.web.bind.annotation.*;
-
-import io.swagger.annotations.ApiOperation;
-import io.swagger.annotations.ApiParam;
-import lombok.extern.slf4j.Slf4j;
-
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.aspect.accessable.IpValidator;
 import cn.quantgroup.xyqb.entity.User;
+import cn.quantgroup.xyqb.exception.VerificationCodeErrorException;
 import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.model.session.SessionStruct;
 import cn.quantgroup.xyqb.service.session.ISessionService;
+import cn.quantgroup.xyqb.service.sms.ISmsService;
 import cn.quantgroup.xyqb.service.user.IUserService;
 import cn.quantgroup.xyqb.session.XyqbSessionContextHolder;
 import cn.quantgroup.xyqb.util.ValidationUtil;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiParam;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.web.bind.annotation.*;
+
+import javax.annotation.Resource;
+import java.util.Objects;

 /**
 * Created by FrankChow on 15/12/16.
@@ -38,7 +36,9 @@ public class UserApiController {
    private ISessionService sessionService;
    @Resource
    @Qualifier("stringRedisTemplate")
-    private RedisTemplate<String, String> stringRedisTemplate;
+    private StringRedisTemplate stringRedisTemplate;
+    @Resource
+    private ISmsService smsService;

    @RequestMapping("/user/is_passwd_set")
    public JsonResult isPasswordSet(String key, String phoneNo) {
@@ -64,7 +64,6 @@ public class UserApiController {
     * @return
     */
    @ApiOperation(notes = "检查token是否有效，如果有效，可选择是否延续生命期（延续后有效期24Hour）", value = "Check token and then prolong session", nickname = "checkToken")
-
    @IpValidator
    @RequestMapping(value = "/valid/{token}", method = RequestMethod.POST)
    public JsonResult checkToken(@ApiParam(value = "sid,session的id", required = true) @PathVariable("token") String token,
@@ -102,4 +101,24 @@ public class UserApiController {
        }
    }

+    /**
+     * 校验短信验证码
+     *
+     * @param phoneNo
+     * @param verificationCode
+     */
+    @IpValidator
+    @RequestMapping(value = "/verifyPhoneAndCode", method = RequestMethod.POST)
+    public JsonResult verifyPhoneAndCode(@RequestParam String phoneNo, @RequestParam String verificationCode) {
+        if (!smsService.verifyPhoneAndCode(phoneNo, verificationCode)) {
+            // 是否需要重新发送短信验证码
+            if (smsService.needResendCode(phoneNo)) {
+                throw new VerificationCodeErrorException("验证码失效，请重新获取");
+            }
+            log.info("验证码校验失败,phoneNo:{} , verificationCode:{}", phoneNo, verificationCode);
+            throw new VerificationCodeErrorException("短信验证码错误");
+        }
+        return JsonResult.buildSuccessResult(null);
+    }
+
 }
--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserController.java
@@ -4,6 +4,7 @@ import cn.quantgroup.tech.util.TechEnvironment;
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.aspect.accessable.IpValidator;
 import cn.quantgroup.xyqb.aspect.captcha.CaptchaFiniteValidator;
+import cn.quantgroup.xyqb.aspect.limit.PasswordFreeAccessValidator;
 import cn.quantgroup.xyqb.aspect.lock.PasswordErrorFiniteValidator;
 import cn.quantgroup.xyqb.controller.IBaseController;
 import cn.quantgroup.xyqb.entity.Merchant;
@@ -27,6 +28,7 @@ import cn.quantgroup.xyqb.util.MqUtils;
 import cn.quantgroup.xyqb.util.PasswordUtil;
 import cn.quantgroup.xyqb.util.ValidationUtil;
 import com.alibaba.fastjson.JSON;
+import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang.StringUtils;
@@ -34,6 +36,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;

@@ -330,7 +333,7 @@ public class UserController implements IBaseController {
        if (!ValidationUtil.validatePhoneNo(phoneNo)) {
            return JsonResult.buildErrorStateResult("手机号错误", null);
        }
-        if (StringUtils.isEmpty(password)) {
+        if (StringUtils.isBlank(password)) {
            return JsonResult.buildErrorStateResult("密码不能为空", null);
        }
        if (password.length() < 6 || password.length() > 12) {
@@ -350,6 +353,43 @@ public class UserController implements IBaseController {
        return JsonResult.buildSuccessResult(null, null);
    }

+    /**
+     * 重置密码
+     */
+    @PasswordFreeAccessValidator
+    @RequestMapping(path = "/resetPassword", method = RequestMethod.POST)
+    public JsonResult resetPassword(@RequestParam String phoneNo, @RequestParam String password, @RequestParam(required = false) String passwordNew) {
+        if (!ValidationUtil.validatePhoneNo(phoneNo)) {
+            return JsonResult.buildErrorStateResult("手机号错误", null);
+        }
+        if (StringUtils.isBlank(passwordNew)) {
+            return JsonResult.buildErrorStateResult("密码不能为空", null);
+        }
+        if (passwordNew.length() < 6 || passwordNew.length() > 12) {
+            return JsonResult.buildErrorStateResult("密码应为6-12位", null);
+        }
+        User user = userService.findByPhoneWithCache(phoneNo);
+        if (Objects.nonNull(user)) {
+            log.info("修改密码失败，该手机号尚未注册, phoneNo:{}", phoneNo);
+            return JsonResult.buildErrorStateResult("修改密码失败", null);
+        }
+        if (!user.getEnable()) {
+            log.info("修改密码失败，该用户已禁用, phoneNo:{}", phoneNo);
+            return JsonResult.buildErrorStateResult("修改密码失败", null);
+        }
+        // 验证密码：原密码不存在时，必须为空
+        if (StringUtils.isBlank(user.getPassword()) ^ StringUtils.isBlank(password)) {
+            return JsonResult.buildErrorStateResult("修改密码失败", null);
+        }
+        if (StringUtils.isNotBlank(user.getPassword()) && !validatePassword(password, user.getPassword())) {
+            return JsonResult.buildErrorStateResult("修改密码失败", null);
+        }
+        if (!userService.resetPassword(phoneNo, passwordNew)) {
+            return JsonResult.buildErrorStateResult("修改密码失败", null);
+        }
+        return JsonResult.buildSuccessResult("修改密码成功");
+    }
+

    /**
     * 检查token是否已经过期不存在了

--- a/src/main/java/cn/quantgroup/xyqb/entity/User.java
+++ b/src/main/java/cn/quantgroup/xyqb/entity/User.java
@@ -9,6 +9,7 @@ import lombok.ToString;
 import javax.persistence.*;
 import java.io.Serializable;
 import java.sql.Timestamp;
+import java.util.Objects;

 /**
 * Created by Miraculous on 15/7/4.
@@ -55,5 +56,12 @@ public class User implements Serializable {
    @JSONField(serializeUsing = Timestamp2LongConverter.class)
    private Timestamp updatedAt;

+    /**
+     * 是否有密码
+     * @return
+     */
+    public boolean getHasPassword() {
+        return Objects.nonNull(password) && !Objects.equals("", password);
+    }

 }
--- a/src/main/java/cn/quantgroup/xyqb/model/AuthBean.java
+++ b/src/main/java/cn/quantgroup/xyqb/model/AuthBean.java
@@ -4,6 +4,7 @@ import lombok.Getter;
 import lombok.Setter;

 import java.security.Principal;
+import java.util.Objects;

 /**
 * Created by Miraculous on 15/7/9.
@@ -15,6 +16,7 @@ public class AuthBean {
    private String token;
    private String phoneNo;
    private String uuid;
+    private boolean hasPassword;

    public AuthBean(String token, Principal user) {
        this.token = token;

--- a/src/main/java/cn/quantgroup/xyqb/model/UserRet.java
+++ b/src/main/java/cn/quantgroup/xyqb/model/UserRet.java
@@ -36,6 +36,12 @@ public class UserRet implements Serializable {
    //上一次修改时间
    private Long updatedAt;

+    /**
+     * 是否有密码
+     * @return
+     */
+    private boolean hasPassword;
+
    public UserRet(User user) {
        if(Objects.isNull(user)){
            return;
@@ -46,6 +52,7 @@ public class UserRet implements Serializable {
        this.setPhoneNo(user.getPhoneNo());
        this.setEnable(user.getEnable());
        this.setPassword("");
+        this.hasPassword = Objects.nonNull(password) && !Objects.equals("", password);
        this.setRegisteredFrom(user.getRegisteredFrom());
        this.setUuid(user.getUuid());
        this.setCreatedAt(createTimeStamp);

--- a/src/main/java/cn/quantgroup/xyqb/model/session/LoginInfo.java
+++ b/src/main/java/cn/quantgroup/xyqb/model/session/LoginInfo.java
@@ -12,6 +12,11 @@ public class LoginInfo {
    private String token;
    private UserRet user;
    private LoginContext loginContext;
+    /**
+     * 是否有密码
+     * @return
+     */
+    private boolean hasPassword;

    @Data
    public static class LoginContext {

--- a/src/main/java/cn/quantgroup/xyqb/service/session/impl/SessionServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/session/impl/SessionServiceImpl.java
@@ -70,6 +70,7 @@ public class SessionServiceImpl implements ISessionService {
        authBean.setPhoneNo(user.getPhoneNo());
        authBean.setToken(sessionStruct.getSid());
        authBean.setUuid(uuid);
+        authBean.setHasPassword(user.getHasPassword());
        log.info("用户登录成功, loginFrom:{}, phoneNo:{},appChannel:{},channelId:{}", properties.getCreatedFrom(), user.getPhoneNo(), properties.getAppChannel(), properties.getChannelId());
        return authBean;
    }