Skip to content

X
xyqb-user2
Commit c78d2e93 authored by 技术部-任文超's avatar 技术部-任文超
Browse files
Options

漏洞修复一波

parent 9671a3b6
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 90 additions and 278 deletions
src/main/java/cn/quantgroup/user/enums/MaritalStatus.java
View file @ c78d2e93
......@@ -6,26 +6,26 @@ package cn.quantgroup.user.enums;
public enum MaritalStatus {
UNKNOWN("未知"),
SINGLE("未婚"), // 1
MARRIED("已婚"), // 2
DIVORCED("离异"), // 3
WINDOWED("丧偶"), // 4
SINGLE("未婚"),
MARRIED("已婚"),
DIVORCED("离异"),
WINDOWED("丧偶"),
OTHER("其他");
String description;
private String desc;
MaritalStatus(String desc) {
description = desc;
this.desc = desc;
}
public String getDescription() {
return description;
public String getDesc() {
return desc;
}
@Override
public String toString() {
String sb = "MaritalStatus{" + "description='" + description + '\'' +
String sb = "MaritalStatus{" + "desc='" + desc + '\'' +
'}';
return sb;
}
......
src/main/java/cn/quantgroup/user/enums/Relation.java
View file @ c78d2e93
......@@ -15,19 +15,19 @@ public enum Relation {
SELF("本人"),
OTHER("其他");
String description;
private String desc;
Relation(String desc) {
description = desc;
this.desc = desc;
}
public String getDescription() {
return description;
public String getDesc() {
return desc;
}
@Override
public String toString() {
String sb = "Relation{" + "description='" + description + '\'' +
String sb = "Relation{" + "desc='" + desc + '\'' +
'}';
return sb;
}
......
src/main/java/cn/quantgroup/xyqb/controller/external/captcha/ImageCaptchaController.java
View file @ c78d2e93
......@@ -6,6 +6,7 @@ import cn.quantgroup.xyqb.model.JsonResult;
import cn.quantgroup.xyqb.thirdparty.jcaptcha.AbstractManageableImageCaptchaService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Base64;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
......@@ -28,9 +29,10 @@ import java.util.UUID;
* @author 李宁
* @version 1.0.0 创建时间:15/11/17 11:49 修改人: 修改时间:15/11/17 11:49 修改备注:
*/
@Api(value = "/api", description = "叫Api, 实际上是图形验证码. 你说神奇不神奇...")
@Slf4j
@RestController
@RequestMapping("/api")
@Api(value = "/api", description = "叫Api, 实际上是图形验证码. 你说神奇不神奇...")
public class ImageCaptchaController {
private static final String IMAGE_FORMAT_PNG = "png";
......@@ -51,14 +53,12 @@ public class ImageCaptchaController {
BufferedImage challenge = imageCaptchaService.getImageChallengeForID(Constants.IMAGE_CAPTCHA_KEY + imageId, request.getLocale());
ByteArrayOutputStream jpegOutputStream = new ByteArrayOutputStream();
try {
boolean write = ImageIO.write(challenge, IMAGE_FORMAT_PNG, jpegOutputStream);
ImageIO.write(challenge, IMAGE_FORMAT_PNG, jpegOutputStream);
} catch (IOException e) {
e.printStackTrace();
log.error("图形验证码图片流返回失败", e);
return JsonResult.buildErrorStateResult("", Constants.CHECK_FAIL);
}
String imageBase64 = Base64.encodeBase64String(jpegOutputStream.toByteArray());
Map<String, String> data = new HashMap<>();
data.put("imageId", imageId);
data.put("image", String.format(IMG_BASE64_PATTREN, imageBase64));
......
src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java
View file @ c78d2e93
......@@ -2,14 +2,15 @@ package cn.quantgroup.xyqb.controller.internal.user;
import cn.quantgroup.tech.db.DSType;
import cn.quantgroup.tech.db.TargetDataSource;
import cn.quantgroup.user.enums.Relation;
import cn.quantgroup.user.enums.*;
import cn.quantgroup.xyqb.Constants;
import cn.quantgroup.xyqb.aspect.accessable.IpValidator;
import cn.quantgroup.xyqb.controller.IBaseController;
import cn.quantgroup.xyqb.entity.*;
import cn.quantgroup.xyqb.entity.enumerate.*;
import cn.quantgroup.xyqb.exception.UserNotExistException;
import cn.quantgroup.xyqb.model.*;
import cn.quantgroup.xyqb.model.Gender;
import cn.quantgroup.xyqb.model.IdType;
import cn.quantgroup.xyqb.service.api.IUserApiService;
import cn.quantgroup.xyqb.service.auth.IIdCardService;
import cn.quantgroup.xyqb.service.merchant.IMerchantService;
......@@ -755,7 +756,7 @@ public class InnerController implements IBaseController {
UserExtInfo extInfo = userExtInfoService.findByUserId(user.getId());
if (Objects.nonNull(extInfo)) {
// 婚姻状态
bean.setMarryStatus(Optional.ofNullable(extInfo.getMarryStatus()).orElse(cn.quantgroup.user.enums.MaritalStatus.UNKNOWN).getDescription());
bean.setMarryStatus(Optional.ofNullable(extInfo.getMarryStatus()).orElse(cn.quantgroup.user.enums.MaritalStatus.UNKNOWN).getDesc());
// 受教育程度
bean.setEducationEnum(Optional.ofNullable(extInfo.getEducationEnum()).orElse(cn.quantgroup.user.enums.EducationEnum.UNKNOWN).getName());
// 职业
......@@ -856,9 +857,9 @@ public class InnerController implements IBaseController {
bean.setOccupationEnum(extInfo.getOccupationEnum().getName());
}
if (null == extInfo.getMarryStatus()) {
bean.setMarryStatus(cn.quantgroup.user.enums.MaritalStatus.UNKNOWN.getDescription());
bean.setMarryStatus(cn.quantgroup.user.enums.MaritalStatus.UNKNOWN.getDesc());
} else {
bean.setMarryStatus(extInfo.getMarryStatus().getDescription());
bean.setMarryStatus(extInfo.getMarryStatus().getDesc());
}
}
if (org.apache.commons.collections.CollectionUtils.isNotEmpty(contacts)) {
......@@ -878,7 +879,7 @@ public class InnerController implements IBaseController {
ret.setUserId(c.getUserId());
ret.setName(c.getName());
ret.setPhoneNo(c.getPhoneNo());
ret.setRelation(c.getRelation().getDescription());
ret.setRelation(c.getRelation().getDesc());
return ret;
}
......
src/main/java/cn/quantgroup/xyqb/entity/UserExtInfo.java
View file @ c78d2e93
......@@ -8,8 +8,6 @@ import javax.persistence.*;
import java.io.Serializable;
import java.sql.Timestamp;
//import cn.quantgroup.xyqb.entity.enumerate.*;
/**
* Created by 11 on 2016/12/30.
*/
......
src/main/java/cn/quantgroup/xyqb/entity/enumerate/EducationEnum.java deleted 100644 → 0
View file @ 9671a3b6
package cn.quantgroup.xyqb.entity.enumerate;
/**
* Created by 11 on 2016/12/30.
*/
public enum EducationEnum {
UNKNOWN("暂无"),
MASTER("硕士及以上"),
UNDER_GRADUATE("本科"),
JUNIOR_COLLEGE("大专"),
TECHNICAL_SECONDARY_SCHOOL("中专"),
TECHNICAL_SCHOOL("技校"),
HIGH_SCHOOL("高中"),
MIDDLE_SCHOOL("初中"),
PRIMARY_SCHOOL("小学"),
OTHER("其他");
private String name;
EducationEnum(String name) {
this.name = name;
}
public String getName() {
return name;
}
@Override
public String toString() {
return name;
}
}
src/main/java/cn/quantgroup/xyqb/entity/enumerate/IncomeEnum.java deleted 100644 → 0
View file @ 9671a3b6
package cn.quantgroup.xyqb.entity.enumerate;
/**
* Created by 11 on 2016/12/30.
*/
public enum IncomeEnum {
UNKNOWN("未知"),
CASH("现金计算"),
PAY_CARD("工资卡"),
CASH_AND_PAY_CARD("混合");
private String desc;
IncomeEnum(String desc) {
this.desc = desc;
}
}
\ No newline at end of file
src/main/java/cn/quantgroup/xyqb/entity/enumerate/IncomeRangeEnum.java deleted 100644 → 0
View file @ 9671a3b6
package cn.quantgroup.xyqb.entity.enumerate;
/**
* Created by 11 on 2016/12/30.
*/
public enum IncomeRangeEnum {
UNKNOWN("暂无"),
BELOW_1000("小于1000元"),
BELOW_3000("1000至3000元"),
BELOW_5000("3000至5000元"),
BELOW_8000("5000至8000元"),
BELOW_10000("8000至10000元"),
BELOW_15000("10000至15000元"),
BELOW_20000("15000至20000元"),
ABOVE_20000("大于20000元");
private String desc;
IncomeRangeEnum(String desc) {
this.desc = desc;
}
}
src/main/java/cn/quantgroup/xyqb/entity/enumerate/MaritalStatus.java deleted 100644 → 0
View file @ 9671a3b6
package cn.quantgroup.xyqb.entity.enumerate;
/**
* Created by sunnan on 2016-11-24.
*/
public enum MaritalStatus {
UNKNOWN("未知"),
SINGLE("未婚"), // 1
MARRIED("已婚"), // 2
DIVORCED("离异"), // 3
WINDOWED("丧偶"), // 4
OTHER("其他");
String description;
MaritalStatus(String desc) {
description = desc;
}
public String getDescription() {
return description;
}
@Override
public String toString() {
String sb = "MaritalStatus{" + "description='" + description + '\'' +
'}';
return sb;
}
}
src/main/java/cn/quantgroup/xyqb/entity/enumerate/OccupationEnum.java deleted 100644 → 0
View file @ 9671a3b6
package cn.quantgroup.xyqb.entity.enumerate;
/**
* Created by 11 on 2016/12/30.
*/
public enum OccupationEnum {
UNKNOWN("暂未填写"),
WORKER("工人"),
TEACHER("教师"),
WHITE_COLLAR("白领"),
STUDENT("学生"),
CAREER_BUILDER("创业者"),
SELF_EMPLOYER("个体户"),
EMPLOYEE("公司职员"),
BISUNESS_ENTITY("企业法人"),
ONLINE_STORE_OWNER("网店店主"),
UNEMPLOYED("暂无职业"),
OTHER("其他");
private String name;
OccupationEnum(String name) {
this.name = name;
}
public String getName() {
return name;
}
@Override
public String toString() {
return name;
}
}
src/main/java/cn/quantgroup/xyqb/entity/enumerate/Relation.java deleted 100644 → 0
View file @ 9671a3b6
package cn.quantgroup.xyqb.entity.enumerate;
/**
* Created by Miraculous on 2017/1/3.
*/
public enum Relation {
PARENT("父母"),
CHILDREN("子女"),
BROTHER("兄弟姐妹"),
COLLEAGUE("同事"),
CLASSMATE("同学"),
FRIEND("朋友"),
SPOUSE("夫妻"),
SELF("本人"),
OTHER("其他");
String description;
Relation(String desc) {
description = desc;
}
public String getDescription() {
return description;
}
@Override
public String toString() {
String sb = "Relation{" + "description='" + description + '\'' +
'}';
return sb;
}
}
src/main/java/cn/quantgroup/xyqb/model/ApiResponse.java
View file @ c78d2e93
......@@ -26,9 +26,9 @@ public class ApiResponse {
public static final int OK = 4;
public static final int TOO_BUSY = 5;
int code;
String type;
String message;
private int code;
private String type;
private String message;
public ApiResponse(){}
......
src/main/java/cn/quantgroup/xyqb/model/ContactModel.java
View file @ c78d2e93
......@@ -32,7 +32,7 @@ public class ContactModel implements Serializable {
ContactModel model = new ContactModel();
model.setName(entity.getName());
model.setPhoneNo(entity.getPhoneNo());
model.setRelationName(Optional.ofNullable(entity.getRelation()).orElse(Relation.OTHER).getDescription());
model.setRelationName(Optional.ofNullable(entity.getRelation()).orElse(Relation.OTHER).getDesc());
model.setRelation(entity.getRelation().name());
return model;
}
......
src/main/java/cn/quantgroup/xyqb/service/captcha/GeetestLib.java
View file @ c78d2e93
package cn.quantgroup.xyqb.service.captcha;
import cn.quantgroup.xyqb.Constants;
import cn.quantgroup.xyqb.util.encrypt.Md5Util;
import lombok.extern.slf4j.Slf4j;
import org.json.JSONException;
import org.json.JSONObject;
......@@ -10,8 +11,6 @@ import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
......@@ -162,7 +161,7 @@ public class GeetestLib {
if (return_challenge.length() == Constants.MD5_LENGTH) {
this.responseStr = this.getSuccessPreProcessRes(this.md5Encode(return_challenge + this.privateKey));
this.responseStr = this.getSuccessPreProcessRes(Md5Util.build(return_challenge + this.privateKey));
return 1;
......@@ -278,14 +277,14 @@ public class GeetestLib {
response = readContentFromPost(postUrl, param);
gtlog("response: " + response);
} catch (Exception e) {
e.printStackTrace();
log.error("向gt-server进行二次验证", e);
}
String return_seccode = "";
try {
JSONObject return_map = new JSONObject(response);
return_seccode = return_map.getString("seccode");
gtlog("md5: " + md5Encode(return_seccode));
if (return_seccode.equals(md5Encode(seccode))) {
gtlog("md5: " + Md5Util.build(return_seccode));
if (return_seccode.equals(Md5Util.build(seccode))) {
return 1;
} else {
return 0;
......@@ -328,7 +327,7 @@ public class GeetestLib {
}
protected boolean checkResultByPrivate(String challenge, String validate) {
String encodeStr = md5Encode(privateKey + "geetest" + challenge);
String encodeStr = Md5Util.build(privateKey + "geetest" + challenge);
return validate.equals(encodeStr);
}
......@@ -344,9 +343,10 @@ public class GeetestLib {
URL getUrl = new URL(URL);
HttpURLConnection connection = (HttpURLConnection) getUrl
.openConnection();
connection.setConnectTimeout(2000);// 设置连接主机超时(单位:毫秒)
connection.setReadTimeout(2000);// 设置从主机读取数据超时(单位:毫秒)
// 设置连接主机超时(单位:毫秒)
connection.setConnectTimeout(2000);
// 设置从主机读取数据超时(单位:毫秒)
connection.setReadTimeout(2000);
// 建立与服务器的连接,并未发送数据
connection.connect();
......@@ -362,11 +362,11 @@ public class GeetestLib {
sBuffer.append(new String(buf, 0, n, "UTF-8"));
}
inStream.close();
connection.disconnect();// 断开连接
// 断开连接
connection.disconnect();
return sBuffer.toString();
} else {
return Constants.CHECK_FAIL;
}
}
......@@ -385,9 +385,10 @@ public class GeetestLib {
URL postUrl = new URL(URL);
HttpURLConnection connection = (HttpURLConnection) postUrl
.openConnection();
connection.setConnectTimeout(2000);// 设置连接主机超时(单位:毫秒)
connection.setReadTimeout(2000);// 设置从主机读取数据超时(单位:毫秒)
// 设置连接主机超时(单位:毫秒)
connection.setConnectTimeout(2000);
// 设置从主机读取数据超时(单位:毫秒)
connection.setReadTimeout(2000);
connection.setRequestMethod("POST");
connection.setDoInput(true);
connection.setDoOutput(true);
......@@ -412,7 +413,8 @@ public class GeetestLib {
sBuffer.append(new String(buf, 0, n, "UTF-8"));
}
inStream.close();
connection.disconnect();// 断开连接
// 断开连接
connection.disconnect();
return sBuffer.toString();
} else {
......@@ -421,38 +423,4 @@ public class GeetestLib {
}
}
/**
* md5 加密
*
* @param plainText
* @return
* @time 2014年7月10日 下午3:30:01
*/
private String md5Encode(String plainText) {
String re_md5 = "";
try {
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(plainText.getBytes());
byte b[] = md.digest();
int i;
StringBuilder buf = new StringBuilder();
for (int offset = 0; offset < b.length; offset++) {
i = b[offset];
if (i < 0) {
i += 256;
}
if (i < 16) {
buf.append("0");
}
buf.append(Integer.toHexString(i));
}
re_md5 = buf.toString();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return re_md5;
}
}
src/main/java/cn/quantgroup/xyqb/util/encrypt/Md5Util.java
View file @ c78d2e93
package cn.quantgroup.xyqb.util.encrypt;
import lombok.extern.slf4j.Slf4j;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
......@@ -9,16 +10,15 @@ import java.security.NoSuchAlgorithmException;
/**
* Created by tums on 2015/11/30.
*/
@Slf4j
public final class Md5Util {
private static final Logger LOGGER = LoggerFactory.getLogger(Md5Util.class);
public static String build(String content) {
MessageDigest messageDigest;
try {
messageDigest = MessageDigest
.getInstance("md5");
messageDigest = MessageDigest.getInstance("md5");
} catch (NoSuchAlgorithmException e) {
LOGGER.error(e.getMessage(), e);
log.error("MessageDigest获取实例失败", e);
return null;
}
messageDigest.update(content.getBytes());
......
src/test/java/common/Md5Test.java 0 → 100644
View file @ c78d2e93
package common;
import cn.quantgroup.xyqb.service.captcha.GeetestLib;
import cn.quantgroup.xyqb.util.encrypt.Md5Util;
import lombok.extern.slf4j.Slf4j;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
@Slf4j
@RunWith(JUnit4.class)
public class Md5Test {
final static String PWD = "123456";
@Test
public void test() {
log.info("pwd:{},Md5Util:{},Geetest:{}", PWD, Md5Util.build(PWD), GeetestLib.md5Encode(PWD));
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment