update

mec-auth/mec-auth-api/src/main/java/com/ym/mec/auth/api/entity/LoginEntity.java

@@ -0,0 +1,63 @@
+package com.ym.mec.auth.api.entity;
+
+public class LoginEntity {
+    private String smsCode;
+
+    private String isLessee;
+
+    private String clientId;
+
+    private String clientSecret;
+
+    private String isRegister;
+
+    private String phone;
+
+    public String getIsRegister() {
+        return isRegister;
+    }
+
+    public void setIsRegister(String isRegister) {
+        this.isRegister = isRegister;
+    }
+
+    public String getSmsCode() {
+        return smsCode;
+    }
+
+    public void setSmsCode(String smsCode) {
+        this.smsCode = smsCode;
+    }
+
+    public String getIsLessee() {
+        return isLessee;
+    }
+
+    public void setIsLessee(String isLessee) {
+        this.isLessee = isLessee;
+    }
+
+    public String getClientId() {
+        return clientId;
+    }
+
+    public void setClientId(String clientId) {
+        this.clientId = clientId;
+    }
+
+    public String getClientSecret() {
+        return clientSecret;
+    }
+
+    public void setClientSecret(String clientSecret) {
+        this.clientSecret = clientSecret;
+    }
+
+    public String getPhone() {
+        return phone;
+    }
+
+    public void setPhone(String phone) {
+        this.phone = phone;
+    }
+}

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/WebSecurityConfig.java

@@ -48,7 +48,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 		auth.authenticationProvider(daoAuthenticationProvider());
 		
 		PhoneAuthenticationProvider provider = phoneAuthenticationProvider();
-		provider.setSmsCodeService(smsCodeService);
+		provider.setSysUserService(sysUserService);
 		auth.authenticationProvider(provider);
 	}
 
@@ -123,8 +123,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 		filter.setAuthenticationManager(authenticationManagerBean());
 		filter.setAuthenticationSuccessHandler(successEventHandler);
 		filter.setAuthenticationFailureHandler(failureEvenHandler);
-		filter.setSysUserService(sysUserService);
-		filter.setSmsCodeService(smsCodeService);
 		return filter;
 	}
 

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/PhoneLoginAuthenticationFilter.java

@@ -1,15 +1,10 @@
 package com.ym.mec.auth.core.filter;
 
-import com.ym.mec.auth.api.dto.SysUserInfo;
+import com.ym.mec.auth.api.entity.LoginEntity;
 import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
-import com.ym.mec.auth.service.SysUserService;
 import com.ym.mec.common.security.SecurityConstants;
-import com.ym.mec.common.service.IdGeneratorService;
-import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationServiceException;
-import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.LockedException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
@@ -31,9 +26,6 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 
 	private static final String SPRING_SECURITY_RESTFUL_LOGIN_URL = "/smsLogin";
 	private boolean postOnly = true;
-	
-	private SysUserService sysUserService;
-	private IdGeneratorService smsCodeService;
 
 	public PhoneLoginAuthenticationFilter() {
 		super(new AntPathRequestMatcher(SPRING_SECURITY_RESTFUL_LOGIN_URL, "POST"));
@@ -44,35 +36,17 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 		if (postOnly && !request.getMethod().equals("POST")) {
 			throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
 		}
-
 		AbstractAuthenticationToken authRequest;
 		// 手机验证码登陆
 		String principal = obtainParameter(request, SPRING_SECURITY_RESTFUL_PHONE_KEY);
-		String credentials = obtainParameter(request, SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY);
-		String isRegister = obtainParameter(request, IS_REGISTER_PARAMETER);
-		//是否是租户
-		String isLessee = obtainParameter(request, IS_LESSEE);
-		// 验证码验证
-		boolean b = smsCodeService.verifyValidCode(StringUtils.substringAfter(principal, SecurityConstants.PHONE_PRINCIPAL_PREFIX), credentials);
-		if(!b) throw new BadCredentialsException("验证码校验失败");
-
-		SysUserInfo userInfo = sysUserService.queryUserInfoByPhone(principal);
-
-		String clientId = request.getParameter(clientIdParameter).toUpperCase();
-		if (userInfo == null) {
-			userInfo = sysUserService.initUser(principal,clientId,isRegister,isLessee);
-		}else if(StringUtils.isNotEmpty(isLessee)){
-			throw new LockedException("用户已存在");
-		}
-		if("EDUCATION".equals(clientId)){
-			clientId = "SYSTEM";
-		}
-		if (!userInfo.getSysUser().getUserType().contains(clientId)) {
-			throw new LockedException("用户不存在,请联系教务老师");
-		}
-
 		principal = principal.trim();
-		authRequest = new PhoneAuthenticationToken(SecurityConstants.PHONE_PRINCIPAL_PREFIX + principal, credentials);
+		LoginEntity loginEntity = new LoginEntity();
+		loginEntity.setClientId(request.getParameter(clientIdParameter).toUpperCase());
+		loginEntity.setIsLessee(obtainParameter(request, IS_LESSEE));
+		loginEntity.setPhone(principal);
+		loginEntity.setSmsCode(obtainParameter(request, SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY));
+		loginEntity.setIsRegister(obtainParameter(request, IS_REGISTER_PARAMETER));
+		authRequest = new PhoneAuthenticationToken(principal, loginEntity);
 
 		// Allow subclasses to set the "details" property
 		setDetails(request, authRequest);
@@ -94,12 +68,4 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 		String result = request.getParameter(parameter);
 		return result == null ? "" : result;
 	}
-
-	public void setSysUserService(SysUserService sysUserService) {
-		this.sysUserService = sysUserService;
-	}
-
-	public void setSmsCodeService(IdGeneratorService smsCodeService) {
-		this.smsCodeService = smsCodeService;
-	}
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/PhoneAuthenticationProvider.java

@@ -1,48 +1,32 @@
 package com.ym.mec.auth.core.provider;
 
 import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
-import com.ym.mec.common.security.SecurityConstants;
-import com.ym.mec.common.service.IdGeneratorService;
-import org.apache.commons.lang3.StringUtils;
+import com.ym.mec.auth.service.SysUserService;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.transaction.annotation.Transactional;
 
 public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider {
 
 	private UserDetailsService userDetailsService;
 
-	private IdGeneratorService smsCodeService;
+	private SysUserService sysUserService;
 	@Override
 	protected void additionalAuthenticationChecks(UserDetails userDetails, Authentication authentication) throws AuthenticationException {
 		if (authentication.getCredentials() == null) {
 			throw new BadCredentialsException(this.messages.getMessage("PhoneAuthenticationProvider.badCredentials", "Bad credentials"));
-		} else {
-//			String smsCode = authentication.getCredentials().toString();
-
-//			String phone = authentication.getPrincipal().toString();
-
-//			 验证码验证
-//			boolean b = smsCodeService.verifyValidCode(StringUtils.substringAfter(phone, SecurityConstants.PHONE_PRINCIPAL_PREFIX), smsCode);
-//			if(!b) throw new BadCredentialsException("验证码校验失败");
 		}
 	}
 
 	@Override
+	@Transactional(rollbackFor = Exception.class)
 	protected UserDetails retrieveUser(String phone, Authentication authentication) throws AuthenticationException {
-		UserDetails loadedUser;
-		try {
-			loadedUser = userDetailsService.loadUserByUsername(phone);
-		} catch (UsernameNotFoundException e) {
-			throw e;
-		} catch (Exception e) {
-			throw new InternalAuthenticationServiceException(e.getMessage(), e);
-		}
-
+		sysUserService.retrieveUser(phone,authentication);
+		UserDetails loadedUser = userDetailsService.loadUserByUsername(phone);
 		if (loadedUser == null) {
 			throw new InternalAuthenticationServiceException("账户不存在");
 		} else {
@@ -66,8 +50,7 @@ public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider
 		this.userDetailsService = userDetailsService;
 	}
 
-	public void setSmsCodeService(IdGeneratorService smsCodeService) {
-		this.smsCodeService = smsCodeService;
+	public void setSysUserService(SysUserService sysUserService) {
+		this.sysUserService = sysUserService;
 	}
-
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/SysUserService.java

@@ -4,6 +4,7 @@ import com.ym.mec.auth.api.dto.SysUserInfo;
 import com.ym.mec.auth.api.entity.SysUser;
 import com.ym.mec.common.entity.ImUserModel;
 import com.ym.mec.common.service.BaseService;
+import org.springframework.security.core.Authentication;
 
 public interface SysUserService extends BaseService<Integer, SysUser> {
 
@@ -86,8 +87,8 @@ public interface SysUserService extends BaseService<Integer, SysUser> {
 
 	/**
 	 * 获取老师的分部编号
-	 * @param userId
+	 * @param phone
 	 * @return
 	 */
-	Integer getTeacherOrganId(Integer userId);
+	void retrieveUser(String phone, Authentication authentication);
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/impl/SysUserServiceImpl.java

@@ -1,6 +1,7 @@
 package com.ym.mec.auth.service.impl;
 
 import com.ym.mec.auth.api.dto.SysUserInfo;
+import com.ym.mec.auth.api.entity.LoginEntity;
 import com.ym.mec.auth.api.entity.SysUser;
 import com.ym.mec.auth.api.enums.YesOrNoEnum;
 import com.ym.mec.auth.dal.dao.SysUserDao;
@@ -11,12 +12,16 @@ import com.ym.mec.common.dal.BaseDAO;
 import com.ym.mec.common.entity.ImResult;
 import com.ym.mec.common.entity.ImUserModel;
 import com.ym.mec.common.exception.BizException;
+import com.ym.mec.common.service.IdGeneratorService;
 import com.ym.mec.common.service.impl.BaseServiceImpl;
 import com.ym.mec.im.ImFeignService;
 import com.ym.mec.im.UserFeignService;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.LockedException;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -39,6 +44,10 @@ public class SysUserServiceImpl extends BaseServiceImpl<Integer, SysUser> implem
 	private ImFeignService imFeignService;
 	@Autowired
 	private UserFeignService userFeignService;
+	@Autowired
+	private SysUserService sysUserService;
+	@Autowired
+	private IdGeneratorService smsCodeService;
 
 	@Value("${message.autoRegister}")
 	private boolean autoRegister;
@@ -170,8 +179,24 @@ public class SysUserServiceImpl extends BaseServiceImpl<Integer, SysUser> implem
 	}
 
 	@Override
-	public Integer getTeacherOrganId(Integer userId) {
-		return sysUserDao.getTeacherOrganId(userId);
+	@Transactional(rollbackFor = Exception.class)
+	public void retrieveUser(String phone, Authentication authentication) {
+		LoginEntity loginEntity = (LoginEntity) authentication.getCredentials();
+		SysUserInfo userInfo = sysUserService.queryUserInfoByPhone(loginEntity.getPhone());
+		if (userInfo == null) {
+			userInfo = sysUserService.initUser(loginEntity.getPhone(),loginEntity.getClientId(),loginEntity.getIsRegister(),loginEntity.getIsLessee());
+		}else if(StringUtils.isNotEmpty(loginEntity.getIsLessee())){
+			throw new LockedException("用户已存在");
+		}
+		if("EDUCATION".equals(loginEntity.getClientId())){
+			loginEntity.setClientId("SYSTEM");
+		}
+		if (!userInfo.getSysUser().getUserType().contains(loginEntity.getClientId())) {
+			throw new LockedException("用户不存在,请联系教务老师");
+		}
+//			 验证码验证
+		boolean b = smsCodeService.verifyValidCode(loginEntity.getPhone(), loginEntity.getSmsCode());
+		if(!b) throw new BadCredentialsException("验证码校验失败");
 	}
 
 }

mec-common/common-core/src/main/java/com/ym/mec/common/service/impl/RedisIdGeneratorService.java

@@ -12,6 +12,7 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.core.ValueOperations;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
 
 import java.util.Calendar;
 import java.util.Date;
@@ -91,6 +92,7 @@ public class RedisIdGeneratorService implements IdGeneratorService {
 	}
 
 	@Override
+	@Transactional(rollbackFor = Exception.class)
 	public boolean verifyValidCode(String mobile, String authCode) {
 		if(debugMode){
 			return debugMode;