From ba345976f0a6a67bcb20627e33251ded000a3d8f Mon Sep 17 00:00:00 2001
From: 田源 <lastanimals@163.com>
Date: 星期六, 25 五月 2024 22:40:02 +0800
Subject: [PATCH] Merge remote-tracking branch 'origin/master'

---
 Source/UBCS/ubcs-auth/src/main/java/com/vci/ubcs/auth/service/BladeUserDetailsServiceImpl.java |   34 +++++++++++++++++++++++-----------
 1 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/Source/UBCS/ubcs-auth/src/main/java/com/vci/ubcs/auth/service/BladeUserDetailsServiceImpl.java b/Source/UBCS/ubcs-auth/src/main/java/com/vci/ubcs/auth/service/BladeUserDetailsServiceImpl.java
index 8962a59..ab06f3a 100644
--- a/Source/UBCS/ubcs-auth/src/main/java/com/vci/ubcs/auth/service/BladeUserDetailsServiceImpl.java
+++ b/Source/UBCS/ubcs-auth/src/main/java/com/vci/ubcs/auth/service/BladeUserDetailsServiceImpl.java
@@ -18,6 +18,7 @@
 
 import com.alibaba.nacos.common.utils.StringUtils;
 import com.vci.ubcs.auth.constant.AuthConstant;
+import com.vci.ubcs.auth.support.BladePasswordEncoderFactories;
 import com.vci.ubcs.auth.utils.TokenUtil;
 import com.vci.ubcs.system.user.entity.User;
 import com.vci.ubcs.system.user.entity.UserInfo;
@@ -30,8 +31,9 @@
 import com.vci.ubcs.common.cache.CacheNames;
 import org.springblade.core.jwt.JwtUtil;
 import org.springblade.core.jwt.props.JwtProperties;
+import org.springblade.core.launch.constant.TokenConstant;
+import org.springblade.core.log.annotation.LoginOrLogoutLog;
 import org.springblade.core.redis.cache.BladeRedis;
-import org.springblade.core.secure.utils.AuthUtil;
 import org.springblade.core.tool.api.R;
 import org.springblade.core.tool.support.Kv;
 import org.springblade.core.tool.utils.*;
@@ -45,6 +47,7 @@
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
 import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
 import org.springframework.stereotype.Service;
 
@@ -97,6 +100,7 @@
 
 	@Override
 	@SneakyThrows
+	@LoginOrLogoutLog("login")
 	public BladeUserDetails loadUserByUsername(String username) {
 		HttpServletRequest request = WebUtil.getRequest();
 		// 鑾峰彇鐢ㄦ埛缁戝畾ID
@@ -105,6 +109,7 @@
 		// 鑾峰彇绉熸埛ID
 		String headerTenant = request.getHeader(TokenUtil.TENANT_HEADER_KEY);
 		String paramTenant = request.getParameter(TokenUtil.TENANT_PARAM_KEY);
+		String refreshToken = request.getParameter(TokenConstant.REFRESH_TOKEN);
 		String password = request.getParameter(TokenUtil.PASSWORD_KEY);
 		String grantType = request.getParameter(TokenUtil.GRANT_TYPE_KEY);
 		// 鍒ゆ柇绉熸埛璇锋眰澶�
@@ -126,23 +131,26 @@
 		int count = getFailCount(tenantId, username);
 		//涓洪槻姝㈠彇鍊间负绌烘姤閿欑殑鎯呭喌锛屽綋涓虹┖鐨勬椂鍊欑粰榛樿鍙负5娆′究閿佸畾鐢ㄦ埛鐧诲綍锛屼絾鏄竴鑸緢闅惧嚭鐜拌繖绉嶆儏鍐碉紝鍥犱负鎴慺eign閲岄潰鏄粰浜嗛粯璁ゅ瘑鐮佺瓥鐣ユ煡璇㈢殑
 		int failCountValue = Func.isEmpty(strategy) ? FAIL_COUNT:Func.toInt(strategy.getLockingNum());
-		int failCount = Func.toInt(ParamCache.getValue(FAIL_COUNT_VALUE), failCountValue);
+		//int failCount = Func.toInt(ParamCache.getValue(FAIL_COUNT_VALUE), failCountValue);
 
-		if (count >= failCount) {
+		if (count >= failCountValue) {
 			throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_TOO_MANY_FAILS);
 		}
 
-		//瓒呯骇绠＄悊鍛橀厤缃枃浠堕厤缃处鍙峰瘑鐮侊紝瀹炵幇鐧诲綍, 榛樿绉熸埛id涓�000000
-		if(tenantId.equals(this.tenantId)){
-			if (!this.userName.equals(username) && !password.equalsIgnoreCase(this.password)) {
+		//瓒呯骇绠＄悊鍛橀厤缃枃浠堕厤缃处鍙峰瘑鐮侊紝瀹炵幇鐧诲綍, 榛樿绉熸埛id鍜岃秴绠′负閰嶇疆鍑烘潵鐨�
+		if(tenantId.equals(this.tenantId) && userName.equals(username)){
+			if (Func.isBlank(refreshToken)/*鍒锋柊token涓嶇敤鏍￠獙瀵嗙爜*/
+				&& (!this.userName.equals(username) || !BladePasswordEncoderFactories.createDelegatingPasswordEncoder().encode(password).equalsIgnoreCase(AuthConstant.ENCRYPT+this.password))
+			) {
 				setFailCount(tenantId, username, count,strategy.getLockingTime());
-				throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND);
+				throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"杩樻湁銆�"+(failCountValue-count)+"銆戞灏濊瘯鏈轰細!");
 			}
 			//濡傛灉ip姣斿鍚巊et鎶涘嚭寮傚父No value present灏辩洿鎺ユ姏寮傚父缁撴潫鐧诲綍
 			if(ipEnable){
-				Log.debug("褰撳墠璁块棶IP锛�"+getIpAddress(request));
+				// Log.debug("褰撳墠璁块棶IP锛�"+getIpAddress(request));
+				Log.debug("褰撳墠璁块棶IP锛�"+WebUtil.getIP(request));
 				try {
-					ips.stream().filter(s -> s.equals(getIpAddress(request))).findFirst().get();
+					ips.stream().filter(s -> s.equals(WebUtil.getIP(request))).findFirst().get();
 				} catch (Exception e){
 					throw new UserDeniedAuthorizationException(TokenUtil.IP_NOT_FOND);
 				}
@@ -191,13 +199,17 @@
 				// 鐢ㄦ埛涓嶅瓨鍦�,浣嗘彁绀虹敤鎴峰悕涓庡瘑鐮侀敊璇苟閿佸畾璐﹀彿
 				if (user == null || user.getId() == null) {
 					setFailCount(tenantId, username, count,strategy.getLockingTime());
-					throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND);
+					throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"杩樻湁銆�"+(failCountValue-count)+"銆戞灏濊瘯鏈轰細!");
+				}
+				// 鐢ㄦ埛鐘舵�佷负1鏃惰鏄庤鐢ㄦ埛琚攣瀹�
+				if(user.getUserStatus() == 1){
+					throw new InvalidGrantException(TokenUtil.USER_LOCK);
 				}
 				String hex = DigestUtil.hex(password);
 				// 鐢ㄦ埛瀛樺湪浣嗗瘑鐮侀敊璇�,瓒呰繃娆℃暟鍒欓攣瀹氳处鍙�
 				if (grantType != null && !grantType.equals(TokenUtil.REFRESH_TOKEN_KEY) && !user.getPassword().equals(hex)) {
 					setFailCount(tenantId, username, count,strategy.getLockingTime());
-					throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND);
+					throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND+"杩樻湁銆�"+(failCountValue-count)+"銆戞灏濊瘯鏈轰細!");
 				}
 				// 鐢ㄦ埛瑙掕壊涓嶅瓨鍦�
 				if (Func.isEmpty(userInfo.getRoles())) {

--
Gitblit v1.9.3