update

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/WebSecurityConfig.java

@@ -124,6 +124,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 		filter.setAuthenticationSuccessHandler(successEventHandler);
 		filter.setAuthenticationFailureHandler(failureEvenHandler);
 		filter.setSysUserService(sysUserService);
+		filter.setSmsCodeService(smsCodeService);
 		return filter;
 	}
 

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/PhoneLoginAuthenticationFilter.java

@@ -4,9 +4,11 @@ import com.ym.mec.auth.api.dto.SysUserInfo;
 import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
 import com.ym.mec.auth.service.SysUserService;
 import com.ym.mec.common.security.SecurityConstants;
+import com.ym.mec.common.service.IdGeneratorService;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.LockedException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -31,6 +33,7 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 	private boolean postOnly = true;
 	
 	private SysUserService sysUserService;
+	private IdGeneratorService smsCodeService;
 
 	public PhoneLoginAuthenticationFilter() {
 		super(new AntPathRequestMatcher(SPRING_SECURITY_RESTFUL_LOGIN_URL, "POST"));
@@ -49,6 +52,9 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 		String isRegister = obtainParameter(request, IS_REGISTER_PARAMETER);
 		//是否是租户
 		String isLessee = obtainParameter(request, IS_LESSEE);
+		// 验证码验证
+		boolean b = smsCodeService.verifyValidCode(StringUtils.substringAfter(principal, SecurityConstants.PHONE_PRINCIPAL_PREFIX), credentials);
+		if(!b) throw new BadCredentialsException("验证码校验失败");
 
 		SysUserInfo userInfo = sysUserService.queryUserInfoByPhone(principal);
 
@@ -93,4 +99,7 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 		this.sysUserService = sysUserService;
 	}
 
+	public void setSmsCodeService(IdGeneratorService smsCodeService) {
+		this.smsCodeService = smsCodeService;
+	}
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/PhoneAuthenticationProvider.java

@@ -22,13 +22,13 @@ public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider
 		if (authentication.getCredentials() == null) {
 			throw new BadCredentialsException(this.messages.getMessage("PhoneAuthenticationProvider.badCredentials", "Bad credentials"));
 		} else {
-			String smsCode = authentication.getCredentials().toString();
+//			String smsCode = authentication.getCredentials().toString();
 
-			String phone = authentication.getPrincipal().toString();
+//			String phone = authentication.getPrincipal().toString();
 
-			// 验证码验证
-			boolean b = smsCodeService.verifyValidCode(StringUtils.substringAfter(phone, SecurityConstants.PHONE_PRINCIPAL_PREFIX), smsCode);
-			if(!b) throw new BadCredentialsException("验证码校验失败");
+//			 验证码验证
+//			boolean b = smsCodeService.verifyValidCode(StringUtils.substringAfter(phone, SecurityConstants.PHONE_PRINCIPAL_PREFIX), smsCode);
+//			if(!b) throw new BadCredentialsException("验证码校验失败");
 		}
 	}