Merge branch 'master' of http://git.dayaedu.com/yonge/mec

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/WebSecurityConfig.java

@@ -100,7 +100,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     	PhoneAuthenticationProvider provider = new PhoneAuthenticationProvider();
         // 设置userDetailsService
         provider.setUserDetailsService(defaultUserDetailsService);
-        //provider.setSmsCodeService(smsCodeService);
+        provider.setSmsCodeService(smsCodeService);
+        provider.setSysUserService(sysUserService);
 		// 禁止隐藏用户未找到异常
 		provider.setHideUserNotFoundExceptions(false);
 		
@@ -123,6 +124,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 		filter.setAuthenticationManager(authenticationManagerBean());
 		filter.setAuthenticationSuccessHandler(successEventHandler);
 		filter.setAuthenticationFailureHandler(failureEvenHandler);
+		filter.setSysUserService(sysUserService);
 		return filter;
 	}
 

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/PhoneLoginAuthenticationFilter.java

@@ -1,20 +1,26 @@
 package com.ym.mec.auth.core.filter;
 
-import com.ym.mec.auth.api.entity.LoginEntity;
-import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
-import com.ym.mec.common.security.SecurityConstants;
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.LockedException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+import com.ym.mec.auth.api.dto.SysUserInfo;
+import com.ym.mec.auth.api.entity.LoginEntity;
+import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
+import com.ym.mec.auth.service.SysUserService;
+import com.ym.mec.common.security.SecurityConstants;
 
 public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
@@ -27,6 +33,8 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 	private static final String SPRING_SECURITY_RESTFUL_LOGIN_URL = "/smsLogin";
 	private boolean postOnly = true;
 
+	private SysUserService sysUserService;
+
 	public PhoneLoginAuthenticationFilter() {
 		super(new AntPathRequestMatcher(SPRING_SECURITY_RESTFUL_LOGIN_URL, "POST"));
 	}
@@ -36,16 +44,37 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 		if (postOnly && !request.getMethod().equals("POST")) {
 			throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
 		}
+
 		AbstractAuthenticationToken authRequest;
 		// 手机验证码登陆
 		String principal = obtainParameter(request, SPRING_SECURITY_RESTFUL_PHONE_KEY);
+		String credentials = obtainParameter(request, SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY);
+		String isRegister = obtainParameter(request, IS_REGISTER_PARAMETER);
+		// 是否是租户
+		String isLessee = obtainParameter(request, IS_LESSEE);
+
+		String clientId = request.getParameter(clientIdParameter).toUpperCase();
+
+		SysUserInfo userInfo = sysUserService.queryUserInfoByPhone(principal);
+		if (userInfo != null && StringUtils.isNotEmpty(isLessee)) {
+			throw new LockedException("用户已存在");
+		}
+		if ("EDUCATION".equals(clientId)) {
+			clientId = "SYSTEM";
+		}
+		if (userInfo != null && !userInfo.getSysUser().getUserType().contains(clientId)) {
+			throw new LockedException("用户不存在,请联系教务老师");
+		}
+
 		principal = principal.trim();
+
 		LoginEntity loginEntity = new LoginEntity();
-		loginEntity.setClientId(request.getParameter(clientIdParameter).toUpperCase());
-		loginEntity.setIsLessee(obtainParameter(request, IS_LESSEE));
+		loginEntity.setClientId(clientId);
+		loginEntity.setIsLessee(isLessee);
 		loginEntity.setPhone(principal);
-		loginEntity.setSmsCode(obtainParameter(request, SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY));
-		loginEntity.setIsRegister(obtainParameter(request, IS_REGISTER_PARAMETER));
+		loginEntity.setSmsCode(credentials);
+		loginEntity.setIsRegister(isRegister);
+
 		authRequest = new PhoneAuthenticationToken(SecurityConstants.PHONE_PRINCIPAL_PREFIX + principal, loginEntity);
 
 		// Allow subclasses to set the "details" property
@@ -57,7 +86,7 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
 			throws IOException, ServletException {
 		super.successfulAuthentication(request, response, chain, authResult);
-		//chain.doFilter(request, response);
+		// chain.doFilter(request, response);
 	}
 
 	private void setDetails(HttpServletRequest request, AbstractAuthenticationToken authRequest) {
@@ -68,4 +97,9 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 		String result = request.getParameter(parameter);
 		return result == null ? "" : result;
 	}
+
+	public void setSysUserService(SysUserService sysUserService) {
+		this.sysUserService = sysUserService;
+	}
+
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/PhoneAuthenticationProvider.java

@@ -1,22 +1,33 @@
 package com.ym.mec.auth.core.provider;
 
-import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
-import com.ym.mec.auth.service.SysUserService;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.transaction.annotation.Transactional;
 
+import com.ym.mec.auth.api.dto.SysUserInfo;
+import com.ym.mec.auth.api.entity.LoginEntity;
+import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
+import com.ym.mec.auth.service.SysUserService;
+import com.ym.mec.common.security.SecurityConstants;
+import com.ym.mec.common.service.IdGeneratorService;
+
 public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider {
 
 	private UserDetailsService userDetailsService;
 
+	private IdGeneratorService smsCodeService;
+
 	private SysUserService sysUserService;
+
 	@Override
 	protected void additionalAuthenticationChecks(UserDetails userDetails, Authentication authentication) throws AuthenticationException {
+
 		if (authentication.getCredentials() == null) {
 			throw new BadCredentialsException(this.messages.getMessage("PhoneAuthenticationProvider.badCredentials", "Bad credentials"));
 		}
@@ -25,8 +36,34 @@ public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider
 	@Override
 	@Transactional(rollbackFor = Exception.class)
 	protected UserDetails retrieveUser(String phone, Authentication authentication) throws AuthenticationException {
-		sysUserService.retrieveUser(phone,authentication);
-		UserDetails loadedUser = userDetailsService.loadUserByUsername(phone);
+
+		LoginEntity loginEntity = (LoginEntity) authentication.getCredentials();
+		if (loginEntity == null) {
+			throw new BadCredentialsException("Bad credentials");
+		}
+
+		String smsCode = loginEntity.getSmsCode();
+
+		// 验证码验证
+		boolean b = smsCodeService.verifyValidCode(StringUtils.substringAfter(phone, SecurityConstants.PHONE_PRINCIPAL_PREFIX), smsCode);
+		if (!b) {
+			throw new BadCredentialsException("验证码校验失败");
+		}
+
+		SysUserInfo userInfo = sysUserService.queryUserInfoByPhone(loginEntity.getPhone());
+		if (userInfo == null && StringUtils.isNotEmpty(loginEntity.getIsLessee())) {
+			sysUserService.initUser(loginEntity.getPhone(), loginEntity.getClientId(), loginEntity.getIsRegister(), loginEntity.getIsLessee());
+		}
+
+		UserDetails loadedUser;
+		try {
+			loadedUser = userDetailsService.loadUserByUsername(phone);
+		} catch (UsernameNotFoundException e) {
+			throw e;
+		} catch (Exception e) {
+			throw new InternalAuthenticationServiceException(e.getMessage(), e);
+		}
+
 		if (loadedUser == null) {
 			throw new InternalAuthenticationServiceException("账户不存在");
 		} else {
@@ -53,4 +90,8 @@ public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider
 	public void setSysUserService(SysUserService sysUserService) {
 		this.sysUserService = sysUserService;
 	}
+
+	public void setSmsCodeService(IdGeneratorService smsCodeService) {
+		this.smsCodeService = smsCodeService;
+	}
 }

mec-common/common-core/src/main/java/com/ym/mec/common/service/impl/RedisIdGeneratorService.java

@@ -1,8 +1,8 @@
 package com.ym.mec.common.service.impl;
 
-import com.google.common.base.Strings;
-import com.ym.mec.common.redis.service.RedisCache;
-import com.ym.mec.common.service.IdGeneratorService;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.concurrent.TimeUnit;
 
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
@@ -12,11 +12,10 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.core.ValueOperations;
 import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
 
-import java.util.Calendar;
-import java.util.Date;
-import java.util.concurrent.TimeUnit;
+import com.google.common.base.Strings;
+import com.ym.mec.common.redis.service.RedisCache;
+import com.ym.mec.common.service.IdGeneratorService;
 
 @Service
 public class RedisIdGeneratorService implements IdGeneratorService {
@@ -25,8 +24,11 @@ public class RedisIdGeneratorService implements IdGeneratorService {
 
 	private static final String keyPrefix = "smart";
 
+	private final String defaultPwd = "666666";
+
 	@Autowired
-	private RedisCache<String,Object> redisCache;
+	private RedisCache<String, Object> redisCache;
+
 	@Value("${message.debugMode}")
 	private boolean debugMode;
 
@@ -92,19 +94,21 @@ public class RedisIdGeneratorService implements IdGeneratorService {
 	}
 
 	@Override
-	@Transactional(rollbackFor = Exception.class)
 	public boolean verifyValidCode(String mobile, String authCode) {
-		if(debugMode){
-			return debugMode;
-		}
-		String key = "verificationCodeSMS_VERIFY_CODE_LOGIN" + mobile;
-		Object object = redisCache.get(key);
-		log.info("*********************mobile:{} smsCode:{} inutCode:{}******************", key, object, authCode);
-		String verifyCode = object == null ? null : object.toString();
-		if(StringUtils.isNoneEmpty(verifyCode) && StringUtils.equalsIgnoreCase(verifyCode,authCode)){
-			return true;
+		if (debugMode) {
+			if (defaultPwd.equals(authCode)) {
+				return true;
+			}
+		} else {
+			String key = "verificationCodeSMS_VERIFY_CODE_LOGIN" + mobile;
+			Object object = redisCache.get(key);
+			log.info("*********************mobile:{} smsCode:{} inutCode:{}******************", key, object, authCode);
+			String verifyCode = object == null ? null : object.toString();
+			if (StringUtils.isNoneEmpty(verifyCode) && StringUtils.equalsIgnoreCase(verifyCode, authCode)) {
+				return true;
+			}
 		}
 		return false;
 	}
-	
+
 }