修复账密登录bug

76d966df · 技术部-任文超 · a06ab5c6 · 76d966df
Commit 76d966df authored Nov 08, 2017 by 技术部-任文超
Show whitespace changes
Inline Side-by-side

Showing with 58 additions and 7 deletions

CaptchaFiniteValidateAdvisor.java ...oup/xyqb/aspect/captcha/CaptchaFiniteValidateAdvisor.java +58 -7

No files found.
--- a/src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaFiniteValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaFiniteValidateAdvisor.java
@@ -4,7 +4,9 @@ package cn.quantgroup.xyqb.aspect.captcha;
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.thirdparty.jcaptcha.AbstractManageableImageCaptchaService;
+import cn.quantgroup.xyqb.util.ValidationUtil;
 import com.octo.captcha.service.CaptchaServiceException;
+import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang3.StringUtils;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
@@ -21,9 +23,9 @@ import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 import javax.servlet.http.HttpServletRequest;
+import java.io.UnsupportedEncodingException;
 import java.nio.charset.Charset;
-import java.util.Optional;
+import java.util.*;
-import java.util.UUID;
 import java.util.concurrent.TimeUnit;
 /**
@@ -79,13 +81,21 @@ public class CaptchaFiniteValidateAdvisor {
  @Around("needCaptchaFiniteValidate()")
  private Object doCapchaValidate(ProceedingJoinPoint pjp) throws Throwable {
    HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+    Map<String, String> phonePasswordMap = getHeaderParam(request);
+    if(phonePasswordMap == null || phonePasswordMap.isEmpty()){
+      return false;
+    }
+    // 当前用户手机号
+    String phoneNo = phonePasswordMap.get("phoneNo");
+    Long countErrorByPhone = getCount(phoneNo);
+    if(countErrorByPhone == null){
+      return JsonResult.buildErrorStateResult("用户名或密码不正确", null);
+    }
+    if (countErrorByPhone > Constants.Image_Need_Count) {
      String registerFrom = Optional.ofNullable(request.getParameter("registerFrom")).orElse("");
      String captchaId = Optional.ofNullable(request.getParameter("captchaId")).orElse("");
      Object captchaValue = request.getParameter("captchaValue");
-    String phoneNo = request.getParameter("phoneNo");
      String deviceId = Optional.ofNullable(request.getParameter("deviceId")).orElse("");
-    Long countErrorByPhone = getCount(phoneNo);
-    if (countErrorByPhone > Constants.Image_Need_Count) {
      if (shouldSkipCaptchaValidate(registerFrom, captchaId, captchaValue)) {
        LOGGER.info("使用超级图形验证码校验, registerFrom={}, clientIp={}", registerFrom, request.getRemoteAddr());
        return pjp.proceed();
@@ -121,6 +131,9 @@ public class CaptchaFiniteValidateAdvisor {
  // 获取该账号密码错误计数器
  private Long getCount(String phoneNo) {
    String key = getKey(phoneNo);
+    if (StringUtils.isBlank(key)) {
+      return null;
+    }
    String countString = redisTemplate.opsForValue().get(key);
    if (StringUtils.isBlank(countString)) {
      return 0L;
@@ -135,4 +148,42 @@ public class CaptchaFiniteValidateAdvisor {
    return Constants.REDIS_PASSWORD_ERROR_COUNT + phoneNo;
  }
+  /**
+   * 单次令牌参数解析
+   *
+   * @param request 当前请求，其首部行必须包含形如【SingleToken 13461067662:0123456789abcdef】的UTF-8编码的Base64加密参数
+   * @return 令牌参数Map 或 null
+   */
+  private Map<String, String> getHeaderParam(HttpServletRequest request) {
+    String verificationHeader = "Basic ";
+    String credential = request.getHeader("authorization");
+    if (StringUtils.isBlank(credential) || !credential.startsWith(verificationHeader)) {
+      LOGGER.info("参数无效, credential:{}", credential);
+      return null;
+    }
+    credential = credential.substring(verificationHeader.length(), credential.length());
+    byte[] buf = Base64.decodeBase64(credential);
+    credential = new String(buf, Charset.forName("UTF-8"));
+    String[] credentialArr = credential.split(":");
+    boolean headerParamValid = credentialArr.length==2;
+    if (!headerParamValid) {
+      LOGGER.info("参数无效, credential:{}", credential);
+      return null;
+    }
+    // 当前用户手机号
+    String phoneNo = credentialArr[0];
+    // 当前请求的SingleToken
+    String password = credentialArr[1];
+    headerParamValid = headerParamValid && ValidationUtil.validatePhoneNo(phoneNo) && StringUtils.isNotBlank(password);
+    if (!headerParamValid) {
+      LOGGER.info("参数无效, credential:{}, phoneNo:{}, password:{}", credential, phoneNo, password);
+      return null;
+    }
+    LOGGER.info("账密登录, phoneNo:{}, password:{}", phoneNo, password);
+    Map<String, String> phonePasswordMap = new HashMap<String, String>(2);
+    phonePasswordMap.put("phoneNo", phoneNo);
+    phonePasswordMap.put("password", password);
+    return phonePasswordMap;
+  }
 }