漏洞修复一波

c78d2e93 · 技术部-任文超 · 9671a3b6 · c78d2e93 · c78d2e93 · c78d2e93
Commit c78d2e93 authored Oct 30, 2019 by 技术部-任文超
17 changed files
--- a/src/main/java/cn/quantgroup/user/enums/MaritalStatus.java
+++ b/src/main/java/cn/quantgroup/user/enums/MaritalStatus.java
@@ -6,26 +6,26 @@ package cn.quantgroup.user.enums;
 public enum MaritalStatus {
    UNKNOWN("未知"),
-    SINGLE("未婚"), // 1
+    SINGLE("未婚"),
-    MARRIED("已婚"), // 2
+    MARRIED("已婚"),
-    DIVORCED("离异"), // 3
+    DIVORCED("离异"),
-    WINDOWED("丧偶"), // 4
+    WINDOWED("丧偶"),
    OTHER("其他");
-    String description;
+    private String desc;
    MaritalStatus(String desc) {
-        description = desc;
+        this.desc = desc;
    }
-    public String getDescription() {
+    public String getDesc() {
-        return description;
+        return desc;
    }
    @Override
    public String toString() {
-        String sb = "MaritalStatus{" + "description='" + description + '\'' +
+        String sb = "MaritalStatus{" + "desc='" + desc + '\'' +
                '}';
        return sb;
    }

--- a/src/main/java/cn/quantgroup/user/enums/Relation.java
+++ b/src/main/java/cn/quantgroup/user/enums/Relation.java
@@ -15,19 +15,19 @@ public enum Relation {
    SELF("本人"),
    OTHER("其他");
-    String description;
+    private String desc;
    Relation(String desc) {
-        description = desc;
+        this.desc = desc;
    }
-    public String getDescription() {
+    public String getDesc() {
-        return description;
+        return desc;
    }
    @Override
    public String toString() {
-        String sb = "Relation{" + "description='" + description + '\'' +
+        String sb = "Relation{" + "desc='" + desc + '\'' +
                '}';
        return sb;
    }

--- a/src/main/java/cn/quantgroup/xyqb/controller/external/WeChatController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/WeChatController.java
--- a/src/main/java/cn/quantgroup/xyqb/controller/external/captcha/ImageCaptchaController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/captcha/ImageCaptchaController.java
@@ -6,6 +6,7 @@ import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.thirdparty.jcaptcha.AbstractManageableImageCaptchaService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.codec.binary.Base64;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -28,9 +29,10 @@ import java.util.UUID;
 * @author 李宁
 * @version 1.0.0 创建时间：15/11/17 11:49 修改人： 修改时间：15/11/17 11:49 修改备注：
 */
+@Api(value = "/api", description = "叫Api, 实际上是图形验证码. 你说神奇不神奇...")
+@Slf4j
 @RestController
 @RequestMapping("/api")
-@Api(value = "/api", description = "叫Api, 实际上是图形验证码. 你说神奇不神奇...")
 public class ImageCaptchaController {
    private static final String IMAGE_FORMAT_PNG = "png";
@@ -51,14 +53,12 @@ public class ImageCaptchaController {
        BufferedImage challenge = imageCaptchaService.getImageChallengeForID(Constants.IMAGE_CAPTCHA_KEY + imageId, request.getLocale());
        ByteArrayOutputStream jpegOutputStream = new ByteArrayOutputStream();
        try {
-            boolean write = ImageIO.write(challenge, IMAGE_FORMAT_PNG, jpegOutputStream);
+            ImageIO.write(challenge, IMAGE_FORMAT_PNG, jpegOutputStream);
        } catch (IOException e) {
-            e.printStackTrace();
+            log.error("图形验证码图片流返回失败", e);
            return JsonResult.buildErrorStateResult("", Constants.CHECK_FAIL);
        }
        String imageBase64 = Base64.encodeBase64String(jpegOutputStream.toByteArray());
        Map<String, String> data = new HashMap<>();
        data.put("imageId", imageId);
        data.put("image", String.format(IMG_BASE64_PATTREN, imageBase64));

--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java
@@ -2,14 +2,15 @@ package cn.quantgroup.xyqb.controller.internal.user;
 import cn.quantgroup.tech.db.DSType;
 import cn.quantgroup.tech.db.TargetDataSource;
-import cn.quantgroup.user.enums.Relation;
+import cn.quantgroup.user.enums.*;
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.aspect.accessable.IpValidator;
 import cn.quantgroup.xyqb.controller.IBaseController;
 import cn.quantgroup.xyqb.entity.*;
-import cn.quantgroup.xyqb.entity.enumerate.*;
 import cn.quantgroup.xyqb.exception.UserNotExistException;
 import cn.quantgroup.xyqb.model.*;
+import cn.quantgroup.xyqb.model.Gender;
+import cn.quantgroup.xyqb.model.IdType;
 import cn.quantgroup.xyqb.service.api.IUserApiService;
 import cn.quantgroup.xyqb.service.auth.IIdCardService;
 import cn.quantgroup.xyqb.service.merchant.IMerchantService;
@@ -755,7 +756,7 @@ public class InnerController implements IBaseController {
        UserExtInfo extInfo = userExtInfoService.findByUserId(user.getId());
        if (Objects.nonNull(extInfo)) {
            // 婚姻状态
-            bean.setMarryStatus(Optional.ofNullable(extInfo.getMarryStatus()).orElse(cn.quantgroup.user.enums.MaritalStatus.UNKNOWN).getDescription());
+            bean.setMarryStatus(Optional.ofNullable(extInfo.getMarryStatus()).orElse(cn.quantgroup.user.enums.MaritalStatus.UNKNOWN).getDesc());
            // 受教育程度
            bean.setEducationEnum(Optional.ofNullable(extInfo.getEducationEnum()).orElse(cn.quantgroup.user.enums.EducationEnum.UNKNOWN).getName());
            // 职业
@@ -856,9 +857,9 @@ public class InnerController implements IBaseController {
                    bean.setOccupationEnum(extInfo.getOccupationEnum().getName());
                }
                if (null == extInfo.getMarryStatus()) {
-                    bean.setMarryStatus(cn.quantgroup.user.enums.MaritalStatus.UNKNOWN.getDescription());
+                    bean.setMarryStatus(cn.quantgroup.user.enums.MaritalStatus.UNKNOWN.getDesc());
                } else {
-                    bean.setMarryStatus(extInfo.getMarryStatus().getDescription());
+                    bean.setMarryStatus(extInfo.getMarryStatus().getDesc());
                }
            }
            if (org.apache.commons.collections.CollectionUtils.isNotEmpty(contacts)) {
@@ -878,7 +879,7 @@ public class InnerController implements IBaseController {
        ret.setUserId(c.getUserId());
        ret.setName(c.getName());
        ret.setPhoneNo(c.getPhoneNo());
-        ret.setRelation(c.getRelation().getDescription());
+        ret.setRelation(c.getRelation().getDesc());
        return ret;
    }

--- a/src/main/java/cn/quantgroup/xyqb/entity/UserExtInfo.java
+++ b/src/main/java/cn/quantgroup/xyqb/entity/UserExtInfo.java
@@ -8,8 +8,6 @@ import javax.persistence.*;
 import java.io.Serializable;
 import java.sql.Timestamp;
-//import cn.quantgroup.xyqb.entity.enumerate.*;
 /**
 * Created by 11 on 2016/12/30.
 */

--- a/src/main/java/cn/quantgroup/xyqb/entity/enumerate/EducationEnum.java
+++ b/src/main/java/cn/quantgroup/xyqb/entity/enumerate/EducationEnum.java
-package cn.quantgroup.xyqb.entity.enumerate;
-/**
- * Created by 11 on 2016/12/30.
- */
-public enum EducationEnum {
-    UNKNOWN("暂无"),
-    MASTER("硕士及以上"),
-    UNDER_GRADUATE("本科"),
-    JUNIOR_COLLEGE("大专"),
-    TECHNICAL_SECONDARY_SCHOOL("中专"),
-    TECHNICAL_SCHOOL("技校"),
-    HIGH_SCHOOL("高中"),
-    MIDDLE_SCHOOL("初中"),
-    PRIMARY_SCHOOL("小学"),
-    OTHER("其他");
-    private String name;
-    EducationEnum(String name) {
-        this.name = name;
-    }
-    public String getName() {
-        return name;
-    }
-    @Override
-    public String toString() {
-        return name;
-    }
-}
--- a/src/main/java/cn/quantgroup/xyqb/entity/enumerate/IncomeEnum.java
+++ b/src/main/java/cn/quantgroup/xyqb/entity/enumerate/IncomeEnum.java
-package cn.quantgroup.xyqb.entity.enumerate;
-/**
- * Created by 11 on 2016/12/30.
- */
-public enum IncomeEnum {
-    UNKNOWN("未知"),
-    CASH("现金计算"),
-    PAY_CARD("工资卡"),
-    CASH_AND_PAY_CARD("混合");
-    private String desc;
-    IncomeEnum(String desc) {
-        this.desc = desc;
-    }
-}
\ No newline at end of file
--- a/src/main/java/cn/quantgroup/xyqb/entity/enumerate/IncomeRangeEnum.java
+++ b/src/main/java/cn/quantgroup/xyqb/entity/enumerate/IncomeRangeEnum.java
-package cn.quantgroup.xyqb.entity.enumerate;
-/**
- * Created by 11 on 2016/12/30.
- */
-public enum IncomeRangeEnum {
-    UNKNOWN("暂无"),
-    BELOW_1000("小于1000元"),
-    BELOW_3000("1000至3000元"),
-    BELOW_5000("3000至5000元"),
-    BELOW_8000("5000至8000元"),
-    BELOW_10000("8000至10000元"),
-    BELOW_15000("10000至15000元"),
-    BELOW_20000("15000至20000元"),
-    ABOVE_20000("大于20000元");
-    private String desc;
-    IncomeRangeEnum(String desc) {
-        this.desc = desc;
-    }
-}
--- a/src/main/java/cn/quantgroup/xyqb/entity/enumerate/MaritalStatus.java
+++ b/src/main/java/cn/quantgroup/xyqb/entity/enumerate/MaritalStatus.java
-package cn.quantgroup.xyqb.entity.enumerate;
-/**
- * Created by sunnan on 2016-11-24.
- */
-public enum MaritalStatus {
-    UNKNOWN("未知"),
-    SINGLE("未婚"), // 1
-    MARRIED("已婚"), // 2
-    DIVORCED("离异"), // 3
-    WINDOWED("丧偶"), // 4
-    OTHER("其他");
-    String description;
-    MaritalStatus(String desc) {
-        description = desc;
-    }
-    public String getDescription() {
-        return description;
-    }
-    @Override
-    public String toString() {
-        String sb = "MaritalStatus{" + "description='" + description + '\'' +
-                '}';
-        return sb;
-    }
-}
--- a/src/main/java/cn/quantgroup/xyqb/entity/enumerate/OccupationEnum.java
+++ b/src/main/java/cn/quantgroup/xyqb/entity/enumerate/OccupationEnum.java
-package cn.quantgroup.xyqb.entity.enumerate;
-/**
- * Created by 11 on 2016/12/30.
- */
-public enum OccupationEnum {
-    UNKNOWN("暂未填写"),
-    WORKER("工人"),
-    TEACHER("教师"),
-    WHITE_COLLAR("白领"),
-    STUDENT("学生"),
-    CAREER_BUILDER("创业者"),
-    SELF_EMPLOYER("个体户"),
-    EMPLOYEE("公司职员"),
-    BISUNESS_ENTITY("企业法人"),
-    ONLINE_STORE_OWNER("网店店主"),
-    UNEMPLOYED("暂无职业"),
-    OTHER("其他");
-    private String name;
-    OccupationEnum(String name) {
-        this.name = name;
-    }
-    public String getName() {
-        return name;
-    }
-    @Override
-    public String toString() {
-        return name;
-    }
-}
--- a/src/main/java/cn/quantgroup/xyqb/entity/enumerate/Relation.java
+++ b/src/main/java/cn/quantgroup/xyqb/entity/enumerate/Relation.java
-package cn.quantgroup.xyqb.entity.enumerate;
-/**
- * Created by Miraculous on 2017/1/3.
- */
-public enum Relation {
-    PARENT("父母"),
-    CHILDREN("子女"),
-    BROTHER("兄弟姐妹"),
-    COLLEAGUE("同事"),
-    CLASSMATE("同学"),
-    FRIEND("朋友"),
-    SPOUSE("夫妻"),
-    SELF("本人"),
-    OTHER("其他");
-    String description;
-    Relation(String desc) {
-        description = desc;
-    }
-    public String getDescription() {
-        return description;
-    }
-    @Override
-    public String toString() {
-        String sb = "Relation{" + "description='" + description + '\'' +
-                '}';
-        return sb;
-    }
-}
--- a/src/main/java/cn/quantgroup/xyqb/model/ApiResponse.java
+++ b/src/main/java/cn/quantgroup/xyqb/model/ApiResponse.java
@@ -26,9 +26,9 @@ public class ApiResponse {
  public static final int OK = 4;
  public static final int TOO_BUSY = 5;
-  int code;
+  private int code;
-  String type;
+  private String type;
-  String message;
+  private String message;
  public ApiResponse(){}

--- a/src/main/java/cn/quantgroup/xyqb/model/ContactModel.java
+++ b/src/main/java/cn/quantgroup/xyqb/model/ContactModel.java
@@ -32,7 +32,7 @@ public class ContactModel implements Serializable {
        ContactModel model = new ContactModel();
        model.setName(entity.getName());
        model.setPhoneNo(entity.getPhoneNo());
-        model.setRelationName(Optional.ofNullable(entity.getRelation()).orElse(Relation.OTHER).getDescription());
+        model.setRelationName(Optional.ofNullable(entity.getRelation()).orElse(Relation.OTHER).getDesc());
        model.setRelation(entity.getRelation().name());
        return model;
    }

--- a/src/main/java/cn/quantgroup/xyqb/service/captcha/GeetestLib.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/captcha/GeetestLib.java
 package cn.quantgroup.xyqb.service.captcha;
 import cn.quantgroup.xyqb.Constants;
+import cn.quantgroup.xyqb.util.encrypt.Md5Util;
 import lombok.extern.slf4j.Slf4j;
 import org.json.JSONException;
 import org.json.JSONObject;
@@ -10,8 +11,6 @@ import java.io.InputStream;
 import java.io.OutputStreamWriter;
 import java.net.HttpURLConnection;
 import java.net.URL;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
@@ -162,7 +161,7 @@ public class GeetestLib {
            if (return_challenge.length() == Constants.MD5_LENGTH) {
-                this.responseStr = this.getSuccessPreProcessRes(this.md5Encode(return_challenge + this.privateKey));
+                this.responseStr = this.getSuccessPreProcessRes(Md5Util.build(return_challenge + this.privateKey));
                return 1;
@@ -278,14 +277,14 @@ public class GeetestLib {
            response = readContentFromPost(postUrl, param);
            gtlog("response: " + response);
        } catch (Exception e) {
-            e.printStackTrace();
+            log.error("向gt-server进行二次验证", e);
        }
        String return_seccode = "";
        try {
            JSONObject return_map = new JSONObject(response);
            return_seccode = return_map.getString("seccode");
-            gtlog("md5: " + md5Encode(return_seccode));
+            gtlog("md5: " + Md5Util.build(return_seccode));
-            if (return_seccode.equals(md5Encode(seccode))) {
+            if (return_seccode.equals(Md5Util.build(seccode))) {
                return 1;
            } else {
                return 0;
@@ -328,7 +327,7 @@ public class GeetestLib {
    }
    protected boolean checkResultByPrivate(String challenge, String validate) {
-        String encodeStr = md5Encode(privateKey + "geetest" + challenge);
+        String encodeStr = Md5Util.build(privateKey + "geetest" + challenge);
        return validate.equals(encodeStr);
    }
@@ -344,9 +343,10 @@ public class GeetestLib {
        URL getUrl = new URL(URL);
        HttpURLConnection connection = (HttpURLConnection) getUrl
                .openConnection();
+        // 设置连接主机超时（单位：毫秒）
-        connection.setConnectTimeout(2000);// 设置连接主机超时（单位：毫秒）
+        connection.setConnectTimeout(2000);
-        connection.setReadTimeout(2000);// 设置从主机读取数据超时（单位：毫秒）
+        // 设置从主机读取数据超时（单位：毫秒）
+        connection.setReadTimeout(2000);
        // 建立与服务器的连接，并未发送数据
        connection.connect();
@@ -362,11 +362,11 @@ public class GeetestLib {
                sBuffer.append(new String(buf, 0, n, "UTF-8"));
            }
            inStream.close();
-            connection.disconnect();// 断开连接
+            // 断开连接
+            connection.disconnect();
            return sBuffer.toString();
        } else {
            return Constants.CHECK_FAIL;
        }
    }
@@ -385,9 +385,10 @@ public class GeetestLib {
        URL postUrl = new URL(URL);
        HttpURLConnection connection = (HttpURLConnection) postUrl
                .openConnection();
+        // 设置连接主机超时（单位：毫秒）
-        connection.setConnectTimeout(2000);// 设置连接主机超时（单位：毫秒）
+        connection.setConnectTimeout(2000);
-        connection.setReadTimeout(2000);// 设置从主机读取数据超时（单位：毫秒）
+        // 设置从主机读取数据超时（单位：毫秒）
+        connection.setReadTimeout(2000);
        connection.setRequestMethod("POST");
        connection.setDoInput(true);
        connection.setDoOutput(true);
@@ -412,7 +413,8 @@ public class GeetestLib {
                sBuffer.append(new String(buf, 0, n, "UTF-8"));
            }
            inStream.close();
-            connection.disconnect();// 断开连接
+            // 断开连接
+            connection.disconnect();
            return sBuffer.toString();
        } else {
@@ -421,38 +423,4 @@ public class GeetestLib {
        }
    }
-    /**
-     * md5 加密
-     *
-     * @param plainText
-     * @return
-     * @time 2014年7月10日 下午3:30:01
-     */
-    private String md5Encode(String plainText) {
-        String re_md5 = "";
-        try {
-            MessageDigest md = MessageDigest.getInstance("MD5");
-            md.update(plainText.getBytes());
-            byte b[] = md.digest();
-            int i;
-            StringBuilder buf = new StringBuilder();
-            for (int offset = 0; offset < b.length; offset++) {
-                i = b[offset];
-                if (i < 0) {
-                    i += 256;
-                }
-                if (i < 16) {
-                    buf.append("0");
-                }
-                buf.append(Integer.toHexString(i));
-            }
-            re_md5 = buf.toString();
-        } catch (NoSuchAlgorithmException e) {
-            e.printStackTrace();
-        }
-        return re_md5;
-    }
 }
--- a/src/main/java/cn/quantgroup/xyqb/util/encrypt/Md5Util.java
+++ b/src/main/java/cn/quantgroup/xyqb/util/encrypt/Md5Util.java
 package cn.quantgroup.xyqb.util.encrypt;
+import lombok.extern.slf4j.Slf4j;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -9,16 +10,15 @@ import java.security.NoSuchAlgorithmException;
 /**
 * Created by tums on 2015/11/30.
 */
+@Slf4j
 public final class Md5Util {
-    private static final Logger LOGGER = LoggerFactory.getLogger(Md5Util.class);
    public static String build(String content) {
        MessageDigest messageDigest;
        try {
-            messageDigest = MessageDigest
+            messageDigest = MessageDigest.getInstance("md5");
-                    .getInstance("md5");
        } catch (NoSuchAlgorithmException e) {
-            LOGGER.error(e.getMessage(), e);
+            log.error("MessageDigest获取实例失败", e);
            return null;
        }
        messageDigest.update(content.getBytes());

--- a/src/test/java/common/Md5Test.java
+++ b/src/test/java/common/Md5Test.java
+package common;
+import cn.quantgroup.xyqb.service.captcha.GeetestLib;
+import cn.quantgroup.xyqb.util.encrypt.Md5Util;
+import lombok.extern.slf4j.Slf4j;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+@Slf4j
+@RunWith(JUnit4.class)
+public class Md5Test {
+    final static String PWD = "123456";
+    @Test
+    public void test() {
+        log.info("pwd:{},Md5Util:{},Geetest:{}", PWD, Md5Util.build(PWD), GeetestLib.md5Encode(PWD));
+    }
+}