Merge branch '20180730-loopholes' into 'master'

review20180730-loopholes



See merge request !23

src/main/java/cn/quantgroup/xyqb/controller/external/user/InnerController.java

@@ -579,36 +579,50 @@ public class InnerController implements IBaseController {
         return JsonResult.buildSuccessResult(null, UserExtInfoRet.getUserExtInfoRet(info));
     }
 
+    /**
+     * 按照姓名、份证号或手机号查询用户实名信息 - 精确查询，供客服用，不限制入参正确性
+     * @param name - 姓名
+     * @param phoneNo - 手机号
+     * @param idNo - 身份证号
+     * @return JsonResult<List<UserDetail>>
+     */
     @RequestMapping("/user_detail/search_list")
-    @ApiOperation(httpMethod = "POST", value = "批量查询用户详情")
+    @ApiOperation(httpMethod = "POST", value = "按照姓名、份证号或手机号查询用户实名信息 - 精确查询，供客服用，不限制入参正确性")
     @TargetDataSource(type = DSType.SLAVE)
-    public JsonResult searchUserDetailList(String name, String phoneNo, String idNo) {
+    public JsonResult<List<UserDetailVO>> searchUserDetailList(String name, String phoneNo, String idNo) {
         log.info("searchUserDetailList ,param.name:{},phone:{},idNo:{},ip:{}", name, phoneNo, idNo, getIp());
         if (StringUtils.isBlank(name) && StringUtils.isBlank(phoneNo) && StringUtils.isBlank(idNo)) {
             return JsonResult.buildErrorStateResult("至少必须满足一个条件不为空", null);
         }
-
         List<UserDetailVO> userDetails = userDetailService.searchUserDetailList(name, phoneNo, idNo);
         return JsonResult.buildSuccessResult("success", userDetails);
     }
 
     /**
-     * 按照身份证号和手机号 - 模糊查询
+     * 按照身份证号和手机号查询用户实名信息查询 - 模糊查询
      * @param phoneNo - 手机号
      * @param idNo - 身份证号
      * @return JsonResult<List<UserDetail>>
      */
-    @ApiOperation(httpMethod = "POST", value = "按照身份证号和手机号,模糊查询用户详情")
+    @ApiOperation(httpMethod = "POST", value = "按照身份证号和手机号查询用户实名信息查询 - 模糊查询")
     @RequestMapping("/user_detail/fuzzyQuery")
     @TargetDataSource(type = DSType.SLAVE)
     public JsonResult<List<UserDetail>> fuzzyQueryUserDetailList(@ApiParam(value = "手机号", required = true) @RequestParam(name = "phoneNo") String phoneNo,
                                                                  @ApiParam(value = "身份证号", required = true) @RequestParam(name = "idNo") String idNo) {
         log.info("fuzzyQueryUserDetailList, phone:{},idNo:{},ip:{}", phoneNo, idNo, getIp());
-        if (StringUtils.isBlank(phoneNo) && StringUtils.isBlank(idNo)) {
-            return JsonResult.buildErrorStateResult("至少必须满足一个条件不为空", null);
-        }
-        List<UserDetail> userDetailList = userDetailService.fuzzyQueryByPhoneNoAndIdNo(phoneNo, idNo);
-        return JsonResult.buildSuccessResult("success", userDetailList);
+        if (StringUtils.isBlank(phoneNo) || StringUtils.isBlank(idNo)) {
+            return JsonResult.buildErrorStateResult("查询条件不能为空", null);
+        }
+        int phoneNoMaskSize = 9;
+        int idNoMaskSize = 16;
+        int idNoFullSize = 18;
+        boolean phoneNoValid = Objects.equals(phoneNo.length(), phoneNoMaskSize) || ValidationUtil.validatePhoneNo(phoneNo);
+        boolean idNoValid =  Objects.equals(idNo.length(), idNoMaskSize) || Objects.equals(idNo.length(), idNoFullSize);
+        if (phoneNoValid && idNoValid) {
+            List<UserDetail> userDetailList = userDetailService.fuzzyQueryByPhoneNoAndIdNo(phoneNo, idNo);
+            return JsonResult.buildSuccessResult("success", userDetailList);
+        }
+        return JsonResult.buildErrorStateResult("查询条件不规范！", null);
     }
 
     @RequestMapping("/user_ext_info/search/user_id")

src/main/java/cn/quantgroup/xyqb/service/user/impl/UserDetailServiceImpl.java

 package cn.quantgroup.xyqb.service.user.impl;
 
+import java.util.*;
+import java.util.stream.Collectors;
+
+import javax.annotation.Resource;
+import javax.persistence.criteria.Predicate;
+
+import org.apache.commons.lang.StringUtils;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.dao.DataIntegrityViolationException;
+import org.springframework.data.domain.Page;
+import org.springframework.data.domain.PageRequest;
+import org.springframework.data.domain.Sort;
+import org.springframework.data.jpa.domain.Specification;
+import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
+
+import com.google.common.collect.Maps;
+import lombok.extern.slf4j.Slf4j;
+
 import cn.quantgroup.acolyte.buddhistscriptures.pojo.UserRealInfo;
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.entity.User;
@@ -13,23 +34,6 @@ import cn.quantgroup.xyqb.service.auth.IIdCardService;
 import cn.quantgroup.xyqb.service.user.IUserDetailService;
 import cn.quantgroup.xyqb.service.user.vo.UserDetailVO;
 import cn.quantgroup.xyqb.util.ValidationUtil;
-import com.google.common.collect.Maps;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationEventPublisher;
-import org.springframework.dao.DataIntegrityViolationException;
-import org.springframework.data.domain.Page;
-import org.springframework.data.domain.PageRequest;
-import org.springframework.data.domain.Sort;
-import org.springframework.data.jpa.domain.Specification;
-import org.springframework.stereotype.Service;
-import org.springframework.util.CollectionUtils;
-
-import javax.annotation.Resource;
-import javax.persistence.criteria.Predicate;
-import java.util.*;
-import java.util.stream.Collectors;
 
 /**
  * Created by 11 on 2016/12/29.