Skip to content

X
xyqb-user2
Commit aa5729e7 authored by 唐峰's avatar 唐峰
Browse files
Options

验证码校验模式前端误传请求头,不做严格校验,修复极验空指针问题

parent 4f3bb24f
Hide whitespace changes
Inline Side-by-side
Showing with 16 additions and 1 deletion
src/main/java/cn/quantgroup/xyqb/filter/BehaviorInterceptor.java
View file @ aa5729e7
...@@ -41,10 +41,18 @@ public class BehaviorInterceptor implements HandlerInterceptor { ...@@ -41,10 +41,18 @@ public class BehaviorInterceptor implements HandlerInterceptor {
} }
} }
//前端误传请求头参数,兼容处理
String id = request.getHeader(Constants.X_BEHAVIOR_ID); String id = request.getHeader(Constants.X_BEHAVIOR_ID);
if (StringUtils.isEmpty(id)) { if (StringUtils.isEmpty(id)) {
throw new BizException(BizExceptionEnum.UN_EXIT_VERIFY_CODE); HandlerMethod handlerMethod = (HandlerMethod) handler;
BehaviorAuth behaviorAuth = handlerMethod.getMethodAnnotation(BehaviorAuth.class);
if (behaviorAuth == null) {
return true;
} else {
throw new BizException(BizExceptionEnum.UN_EXIT_VERIFY_CODE);
}
} }
Map<String, String> data = new HashMap<>(); Map<String, String> data = new HashMap<>();
data.put(Constants.X_BEHAVIOR_ID, id); data.put(Constants.X_BEHAVIOR_ID, id);
data.put(Constants.X_BEHAVIOR_IP, IpUtil.getRemoteIP(request)); data.put(Constants.X_BEHAVIOR_IP, IpUtil.getRemoteIP(request));
......
src/main/java/cn/quantgroup/xyqb/service/captcha/GeetestLib.java
View file @ aa5729e7
...@@ -301,6 +301,9 @@ public class GeetestLib { ...@@ -301,6 +301,9 @@ public class GeetestLib {
JSONObject return_map = JSONObject.parseObject(response); JSONObject return_map = JSONObject.parseObject(response);
return_map = return_map == null ? new JSONObject(): return_map; return_map = return_map == null ? new JSONObject(): return_map;
return_seccode = return_map.getString("seccode"); return_seccode = return_map.getString("seccode");
if (return_seccode == null) {
return val;
}
gtlog("md5: " + Md5Util.build(return_seccode)); gtlog("md5: " + Md5Util.build(return_seccode));
if (return_seccode.equals(Md5Util.build(seccode))) { if (return_seccode.equals(Md5Util.build(seccode))) {
gtlog("validateMethod: "+ return_map.getString("challenge_type")); gtlog("validateMethod: "+ return_map.getString("challenge_type"));
......
src/main/java/cn/quantgroup/xyqb/util/encrypt/Md5Util.java
View file @ aa5729e7
package cn.quantgroup.xyqb.util.encrypt; package cn.quantgroup.xyqb.util.encrypt;
import cn.quantgroup.xyqb.util.StringUtils;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import java.security.MessageDigest; import java.security.MessageDigest;
...@@ -19,6 +20,9 @@ public final class Md5Util { ...@@ -19,6 +20,9 @@ public final class Md5Util {
log.error("MessageDigest获取实例失败", e); log.error("MessageDigest获取实例失败", e);
return null; return null;
} }
if (StringUtils.isEmpty(content)) {
return null;
}
messageDigest.update(content.getBytes()); messageDigest.update(content.getBytes());
byte[] domain = messageDigest.digest(); byte[] domain = messageDigest.digest();
StringBuilder md5StrBuff = new StringBuilder(); StringBuilder md5StrBuff = new StringBuilder();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment