ubcs.git - Gitblit

			@@ -18,6 +18,7 @@

			import com.alibaba.nacos.common.utils.StringUtils;
			import com.vci.ubcs.auth.constant.AuthConstant;
			import com.vci.ubcs.auth.support.BladePasswordEncoderFactories;
			import com.vci.ubcs.auth.utils.TokenUtil;
			import com.vci.ubcs.system.user.entity.User;
			import com.vci.ubcs.system.user.entity.UserInfo;
			@@ -30,6 +31,8 @@
			import com.vci.ubcs.common.cache.CacheNames;
			import org.springblade.core.jwt.JwtUtil;
			import org.springblade.core.jwt.props.JwtProperties;
			import org.springblade.core.launch.constant.TokenConstant;
			import org.springblade.core.log.annotation.LoginOrLogoutLog;
			import org.springblade.core.redis.cache.BladeRedis;
			import org.springblade.core.tool.api.R;
			import org.springblade.core.tool.support.Kv;
			@@ -44,6 +47,7 @@
			import org.springframework.security.core.authority.SimpleGrantedAuthority;
			import org.springframework.security.core.userdetails.UserDetailsService;
			import org.springframework.security.core.userdetails.UsernameNotFoundException;
			import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
			import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
			import org.springframework.stereotype.Service;

			@@ -62,9 +66,9 @@
			public class BladeUserDetailsServiceImpl implements UserDetailsService {

			/**
			* 允许错误次数
			* 默认允许错误次数
			*/
			//public static final Integer FAIL_COUNT = 5;
			public static final Integer FAIL_COUNT = 5;
			public static final String FAIL_COUNT_VALUE = "account.failCount";

			/**
			@@ -77,7 +81,6 @@
			private final BladeRedis bladeRedis;

			private final JwtProperties jwtProperties;


			/**
			* 超级管理员信息
			@@ -97,6 +100,7 @@

			@Override
			@SneakyThrows
			@LoginOrLogoutLog("login")
			public BladeUserDetails loadUserByUsername(String username) {
			HttpServletRequest request = WebUtil.getRequest();
			// 获取用户绑定ID
			@@ -105,6 +109,7 @@
			// 获取租户ID
			String headerTenant = request.getHeader(TokenUtil.TENANT_HEADER_KEY);
			String paramTenant = request.getParameter(TokenUtil.TENANT_PARAM_KEY);
			String refreshToken = request.getParameter(TokenConstant.REFRESH_TOKEN);
			String password = request.getParameter(TokenUtil.PASSWORD_KEY);
			String grantType = request.getParameter(TokenUtil.GRANT_TYPE_KEY);
			// 判断租户请求头
			@@ -125,24 +130,27 @@
			// 判断登录是否锁定
			int count = getFailCount(tenantId, username);
			//为防止取值为空报错的情况，当为空的时候给默认只为5次便锁定用户登录，但是一般很难出现这种情况，因为我feign里面是给了默认密码策略查询的
			int failCountValue = Func.isEmpty(strategy) ? 5:Func.toInt(strategy.getLockingNum());
			int failCountValue = Func.isEmpty(strategy) ? FAIL_COUNT:Func.toInt(strategy.getLockingNum());
			//int failCount = Func.toInt(ParamCache.getValue(FAIL_COUNT_VALUE), failCountValue);

			int failCount = Func.toInt(ParamCache.getValue(FAIL_COUNT_VALUE), failCountValue);

			if (count >= failCount) {
			if (count >= failCountValue) {
			throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_TOO_MANY_FAILS);
			}
			//超级管理员配置文件配置账号密码，实现登录, 默认租户id为000000
			if(tenantId.equals(this.tenantId)){
			if (!this.userName.equals(username) && !password.equalsIgnoreCase(this.password)) {

			//超级管理员配置文件配置账号密码，实现登录, 默认租户id和超管为配置出来的
			if(tenantId.equals(this.tenantId) && userName.equals(username)){
			if (Func.isBlank(refreshToken)/刷新token不用校验密码/
			&& (!this.userName.equals(username) \|\| !BladePasswordEncoderFactories.createDelegatingPasswordEncoder().encode(password).equalsIgnoreCase(AuthConstant.ENCRYPT+this.password))
			) {
			setFailCount(tenantId, username, count,strategy.getLockingTime());
			throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND);
			throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"还有【"+(failCountValue-count)+"】次尝试机会!");
			}
			//如果ip比对后get抛出异常No value present就直接抛异常结束登录
			if(ipEnable){
			Log.debug("当前访问IP："+getIpAddress(request));
			// Log.debug("当前访问IP："+getIpAddress(request));
			Log.debug("当前访问IP："+WebUtil.getIP(request));
			try {
			ips.stream().filter(s -> s.equals(getIpAddress(request))).findFirst().get();
			ips.stream().filter(s -> s.equals(WebUtil.getIP(request))).findFirst().get();
			} catch (Exception e){
			throw new UserDeniedAuthorizationException(TokenUtil.IP_NOT_FOND);
			}
			@@ -191,13 +199,17 @@
			// 用户不存在,但提示用户名与密码错误并锁定账号
			if (user == null \|\| user.getId() == null) {
			setFailCount(tenantId, username, count,strategy.getLockingTime());
			throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND);
			throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"还有【"+(failCountValue-count)+"】次尝试机会!");
			}
			// 用户状态为1时说明该用户被锁定
			if(user.getUserStatus() == 1){
			throw new InvalidGrantException(TokenUtil.USER_LOCK);
			}
			String hex = DigestUtil.hex(password);
			// 用户存在但密码错误,超过次数则锁定账号
			if (grantType != null && !grantType.equals(TokenUtil.REFRESH_TOKEN_KEY) && !user.getPassword().equals(hex)) {
			setFailCount(tenantId, username, count,strategy.getLockingTime());
			throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND);
			throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"还有【"+(failCountValue-count)+"】次尝试机会!");
			}
			// 用户角色不存在
			if (Func.isEmpty(userInfo.getRoles())) {
			@@ -221,7 +233,7 @@
			BladeUserDetails bladeUserDetails = new BladeUserDetails(user.getId(),
			user.getTenantId(), StringPool.EMPTY, user.getName(), user.getRealName(), user.getDeptId(), user.getPostId(), user.getRoleId(), Func.join(userInfo.getRoles()), Func.toStr(user.getAvatar(), TokenUtil.DEFAULT_AVATAR),
			username, AuthConstant.ENCRYPT + user.getPassword(), userInfo.getDetail(),user.getSecretGrade(), true, true, true, true,
			AuthorityUtils.commaSeparatedStringToAuthorityList(Func.join(result.getData().getRoles())),user.getStrategyUpdateStatus());
			AuthorityUtils.commaSeparatedStringToAuthorityList(Func.join(result.getData().getRoles())),user.getStrategyUpdateStatus(),tenant.getData().getTenantName(),user.getDeptName(),user.getEmail());
			return bladeUserDetails;
			} else {
			throw new UsernameNotFoundException(result.getMsg());