wms / wms4_hunanhongwang · Commits

Commit 7f6e204ce4aeed58abfd4fa1ee114fac1c8228ea

Authored by zhangdaiscott
1 parent b874df34

登入生成token的小bug issues/I1XOVS

Inline Side-by-side
Showing 2 changed files with 7 additions and 2 deletions
jeecg-boot/jeecg-boot-base-common/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
  View file @7f6e204
1 package org.jeecg.config.shiro; 1 package org.jeecg.config.shiro;
2 2
  3 +import cn.hutool.crypto.SecureUtil;
3 import lombok.extern.slf4j.Slf4j; 4 import lombok.extern.slf4j.Slf4j;
4 import org.apache.shiro.authc.AuthenticationException; 5 import org.apache.shiro.authc.AuthenticationException;
5 import org.apache.shiro.authc.AuthenticationInfo; 6 import org.apache.shiro.authc.AuthenticationInfo;
@@ -118,6 +119,8 @@ public class ShiroRealm extends AuthorizingRealm { @@ -118,6 +119,8 @@ public class ShiroRealm extends AuthorizingRealm {
118 //如果redis缓存用户信息为空,则通过接口获取用户信息,避免超过两个小时操作中token过期 119 //如果redis缓存用户信息为空,则通过接口获取用户信息,避免超过两个小时操作中token过期
119 if(loginUser==null){ 120 if(loginUser==null){
120 loginUser = commonAPI.getUserByName(username); 121 loginUser = commonAPI.getUserByName(username);
  122 + //密码二次加密,因为存于redis会泄露
  123 + loginUser.setPassword(SecureUtil.md5(loginUser.getPassword()));
121 } 124 }
122 if (loginUser == null) { 125 if (loginUser == null) {
123 throw new AuthenticationException("用户不存在!"); 126 throw new AuthenticationException("用户不存在!");
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java
  View file @7f6e204
@@ -81,7 +81,8 @@ public class LoginController { @@ -81,7 +81,8 @@ public class LoginController {
81 String lowerCaseCaptcha = captcha.toLowerCase(); 81 String lowerCaseCaptcha = captcha.toLowerCase();
82 String realKey = MD5Util.MD5Encode(lowerCaseCaptcha+sysLoginModel.getCheckKey(), "utf-8"); 82 String realKey = MD5Util.MD5Encode(lowerCaseCaptcha+sysLoginModel.getCheckKey(), "utf-8");
83 Object checkCode = redisUtil.get(realKey); 83 Object checkCode = redisUtil.get(realKey);
84 - if(checkCode==null || !checkCode.equals(lowerCaseCaptcha)) { 84 + //当进入登录页时,有一定几率出现验证码错误 #1714
  85 + if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
85 result.error500("验证码错误"); 86 result.error500("验证码错误");
86 return result; 87 return result;
87 } 88 }
@@ -355,7 +356,7 @@ public class LoginController { @@ -355,7 +356,7 @@ public class LoginController {
355 String syspassword = sysUser.getPassword(); 356 String syspassword = sysUser.getPassword();
356 String username = sysUser.getUsername(); 357 String username = sysUser.getUsername();
357 // 生成token 358 // 生成token
358 - String token = JwtUtil.sign(username, syspassword); 359 + String token = JwtUtil.sign(username, SecureUtil.md5(syspassword));
359 // 设置token缓存有效时间 360 // 设置token缓存有效时间
360 redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token); 361 redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
361 redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000); 362 redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000);
@@ -363,6 +364,7 @@ public class LoginController { @@ -363,6 +364,7 @@ public class LoginController {
363 //update-begin-author:taoyan date:20200812 for:登录缓存用户信息 364 //update-begin-author:taoyan date:20200812 for:登录缓存用户信息
364 LoginUser vo = new LoginUser(); 365 LoginUser vo = new LoginUser();
365 BeanUtils.copyProperties(sysUser,vo); 366 BeanUtils.copyProperties(sysUser,vo);
  367 + //密码二次加密,因为存于redis会泄露
366 vo.setPassword(SecureUtil.md5(sysUser.getPassword())); 368 vo.setPassword(SecureUtil.md5(sysUser.getPassword()));
367 redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, vo); 369 redisUtil.set(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, vo);
368 redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000); 370 redisUtil.expire(CacheConstant.SYS_USERS_CACHE_JWT +":" +token, JwtUtil.EXPIRE_TIME*2 / 1000);