修复账密登录bug

src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaFiniteValidateAdvisor.java

@@ -4,7 +4,9 @@ package cn.quantgroup.xyqb.aspect.captcha;
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.thirdparty.jcaptcha.AbstractManageableImageCaptchaService;
+import cn.quantgroup.xyqb.util.ValidationUtil;
 import com.octo.captcha.service.CaptchaServiceException;
+import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang3.StringUtils;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
@@ -21,9 +23,9 @@ import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.servlet.http.HttpServletRequest;
+import java.io.UnsupportedEncodingException;
 import java.nio.charset.Charset;
-import java.util.Optional;
-import java.util.UUID;
+import java.util.*;
 import java.util.concurrent.TimeUnit;
 
 /**
@@ -79,13 +81,21 @@ public class CaptchaFiniteValidateAdvisor {
   @Around("needCaptchaFiniteValidate()")
   private Object doCapchaValidate(ProceedingJoinPoint pjp) throws Throwable {
     HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
-    String registerFrom = Optional.ofNullable(request.getParameter("registerFrom")).orElse("");
-    String captchaId = Optional.ofNullable(request.getParameter("captchaId")).orElse("");
-    Object captchaValue = request.getParameter("captchaValue");
-    String phoneNo = request.getParameter("phoneNo");
-    String deviceId = Optional.ofNullable(request.getParameter("deviceId")).orElse("");
+    Map<String, String> phonePasswordMap = getHeaderParam(request);
+    if(phonePasswordMap == null || phonePasswordMap.isEmpty()){
+      return false;
+    }
+    // 当前用户手机号
+    String phoneNo = phonePasswordMap.get("phoneNo");
     Long countErrorByPhone = getCount(phoneNo);
+    if(countErrorByPhone == null){
+      return JsonResult.buildErrorStateResult("用户名或密码不正确", null);
+    }
     if (countErrorByPhone > Constants.Image_Need_Count) {
+      String registerFrom = Optional.ofNullable(request.getParameter("registerFrom")).orElse("");
+      String captchaId = Optional.ofNullable(request.getParameter("captchaId")).orElse("");
+      Object captchaValue = request.getParameter("captchaValue");
+      String deviceId = Optional.ofNullable(request.getParameter("deviceId")).orElse("");
       if (shouldSkipCaptchaValidate(registerFrom, captchaId, captchaValue)) {
         LOGGER.info("使用超级图形验证码校验, registerFrom={}, clientIp={}", registerFrom, request.getRemoteAddr());
         return pjp.proceed();
@@ -121,6 +131,9 @@ public class CaptchaFiniteValidateAdvisor {
   // 获取该账号密码错误计数器
   private Long getCount(String phoneNo) {
     String key = getKey(phoneNo);
+    if (StringUtils.isBlank(key)) {
+      return null;
+    }
     String countString = redisTemplate.opsForValue().get(key);
     if (StringUtils.isBlank(countString)) {
       return 0L;
@@ -135,4 +148,42 @@ public class CaptchaFiniteValidateAdvisor {
     return Constants.REDIS_PASSWORD_ERROR_COUNT + phoneNo;
   }
 
+  /**
+   * 单次令牌参数解析
+   *
+   * @param request 当前请求，其首部行必须包含形如【SingleToken 13461067662:0123456789abcdef】的UTF-8编码的Base64加密参数
+   * @return 令牌参数Map 或 null
+   */
+  private Map<String, String> getHeaderParam(HttpServletRequest request) {
+    String verificationHeader = "Basic ";
+    String credential = request.getHeader("authorization");
+    if (StringUtils.isBlank(credential) || !credential.startsWith(verificationHeader)) {
+      LOGGER.info("参数无效, credential:{}", credential);
+      return null;
+    }
+    credential = credential.substring(verificationHeader.length(), credential.length());
+    byte[] buf = Base64.decodeBase64(credential);
+    credential = new String(buf, Charset.forName("UTF-8"));
+    String[] credentialArr = credential.split(":");
+    boolean headerParamValid = credentialArr.length==2;
+    if (!headerParamValid) {
+      LOGGER.info("参数无效, credential:{}", credential);
+      return null;
+    }
+    // 当前用户手机号
+    String phoneNo = credentialArr[0];
+    // 当前请求的SingleToken
+    String password = credentialArr[1];
+    headerParamValid = headerParamValid && ValidationUtil.validatePhoneNo(phoneNo) && StringUtils.isNotBlank(password);
+    if (!headerParamValid) {
+      LOGGER.info("参数无效, credential:{}, phoneNo:{}, password:{}", credential, phoneNo, password);
+      return null;
+    }
+    LOGGER.info("账密登录, phoneNo:{}, password:{}", phoneNo, password);
+    Map<String, String> phonePasswordMap = new HashMap<String, String>(2);
+    phonePasswordMap.put("phoneNo", phoneNo);
+    phonePasswordMap.put("password", password);
+    return phonePasswordMap;
+  }
+
 }