update 适配ruoyi错误登录与解锁功能

2025-09-03 11:05:58 +00:00 · 2022-08-08 10:55:47 +08:00
parent 7bacfd9c4c
commit 0c5cf65965
13 changed files with 172 additions and 283 deletions
--- a/ruoyi-auth/src/main/java/com/ruoyi/auth/properties/UserPasswordProperties.java
+++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/properties/UserPasswordProperties.java
@@ -0,0 +1,29 @@
+package com.ruoyi.auth.properties;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.cloud.context.config.annotation.RefreshScope;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * 用户密码配置
+ *
+ * @author Lion Li
+ */
+@Data
+@Configuration
+@RefreshScope
+@ConfigurationProperties(prefix = "user.password")
+public class UserPasswordProperties {
+
+    /**
+     * 密码最大错误次数
+     */
+    private Integer maxRetryCount;
+
+    /**
+     * 密码锁定时间（默认10分钟）
+     */
+    private Integer lockTime;
+
+}
--- a/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java
+++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java
@@ -5,6 +5,7 @@ import cn.dev33.satoken.secure.BCrypt;
 import cn.dev33.satoken.stp.StpUtil;
 import cn.hutool.core.util.ObjectUtil;
 import com.ruoyi.auth.form.RegisterBody;
+import com.ruoyi.auth.properties.UserPasswordProperties;
 import com.ruoyi.common.core.constant.CacheConstants;
 import com.ruoyi.common.core.constant.Constants;
 import com.ruoyi.common.core.enums.DeviceType;
@@ -19,10 +20,12 @@ import com.ruoyi.common.redis.utils.RedisUtils;
 import com.ruoyi.common.satoken.utils.LoginHelper;
 import com.ruoyi.system.api.RemoteLogService;
 import com.ruoyi.system.api.RemoteUserService;
+import com.ruoyi.system.api.domain.SysLogininfor;
 import com.ruoyi.system.api.domain.SysUser;
 import com.ruoyi.system.api.model.LoginUser;
 import com.ruoyi.system.api.model.XcxLoginUser;
 import org.apache.dubbo.config.annotation.DubboReference;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

 import java.time.Duration;
@@ -41,6 +44,9 @@ public class SysLoginService {
    @DubboReference
    private RemoteUserService remoteUserService;

+    @Autowired
+    private UserPasswordProperties userPasswordProperties;
+
    /**
     * 登录
     */
@@ -139,7 +145,7 @@ public class SysLoginService {
     * 校验短信验证码
     */
    private boolean validateSmsCode(String phonenumber, String smsCode) {
-        String code = RedisUtils.getCacheObject(Constants.CAPTCHA_CODE_KEY + phonenumber);
+        String code = RedisUtils.getCacheObject(CacheConstants.CAPTCHA_CODE_KEY + phonenumber);
        if (StringUtils.isBlank(code)) {
            recordLogininfor(phonenumber, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"));
            throw new CaptchaExpireException();
@@ -151,27 +157,27 @@ public class SysLoginService {
     * 登录校验
     */
    private void checkLogin(LoginType loginType, String username, Supplier<Boolean> supplier) {
-        String errorKey = CacheConstants.LOGIN_ERROR + username;
-        Integer errorLimitTime = CacheConstants.LOGIN_ERROR_LIMIT_TIME;
-        Integer setErrorNumber = CacheConstants.LOGIN_ERROR_NUMBER;
+        String errorKey = CacheConstants.PWD_ERR_CNT_KEY + username;
        String loginFail = Constants.LOGIN_FAIL;
+        Integer maxRetryCount = userPasswordProperties.getMaxRetryCount();
+        Integer lockTime = userPasswordProperties.getLockTime();

        // 获取用户登录错误次数(可自定义限制策略 例如: key + username + ip)
        Integer errorNumber = RedisUtils.getCacheObject(errorKey);
        // 锁定时间内登录 则踢出
-        if (ObjectUtil.isNotNull(errorNumber) && errorNumber.equals(setErrorNumber)) {
-            recordLogininfor(username, loginFail, MessageUtils.message(loginType.getRetryLimitExceed(), errorLimitTime));
-            throw new UserException(loginType.getRetryLimitExceed(), errorLimitTime);
+        if (ObjectUtil.isNotNull(errorNumber) && errorNumber.equals(maxRetryCount)) {
+            recordLogininfor(username, loginFail, MessageUtils.message(loginType.getRetryLimitExceed(), maxRetryCount, lockTime));
+            throw new UserException(loginType.getRetryLimitExceed(), maxRetryCount, lockTime);
        }

        if (supplier.get()) {
            // 是否第一次
            errorNumber = ObjectUtil.isNull(errorNumber) ? 1 : errorNumber + 1;
            // 达到规定错误次数 则锁定登录
-            if (errorNumber.equals(setErrorNumber)) {
-                RedisUtils.setCacheObject(errorKey, errorNumber, Duration.ofMinutes(errorLimitTime));
-                recordLogininfor(username, loginFail, MessageUtils.message(loginType.getRetryLimitExceed(), errorLimitTime));
-                throw new UserException(loginType.getRetryLimitExceed(), errorLimitTime);
+            if (errorNumber.equals(maxRetryCount)) {
+                RedisUtils.setCacheObject(errorKey, errorNumber, Duration.ofMinutes(lockTime));
+                recordLogininfor(username, loginFail, MessageUtils.message(loginType.getRetryLimitExceed(), maxRetryCount, lockTime));
+                throw new UserException(loginType.getRetryLimitExceed(), maxRetryCount, lockTime);
            } else {
                // 未达到规定错误次数 则递增
                RedisUtils.setCacheObject(errorKey, errorNumber);
--- a/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysPasswordService.java
+++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysPasswordService.java
@@ -1,85 +0,0 @@
-package com.ruoyi.auth.service;
-
-import java.util.concurrent.TimeUnit;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-import com.ruoyi.common.core.constant.CacheConstants;
-import com.ruoyi.common.core.constant.Constants;
-import com.ruoyi.common.core.exception.ServiceException;
-import com.ruoyi.common.redis.service.RedisService;
-import com.ruoyi.common.security.utils.SecurityUtils;
-import com.ruoyi.system.api.domain.SysUser;
-
-/**
- * 登录密码方法
- * 
- * @author ruoyi
- */
-@Component
-public class SysPasswordService
-{
-    @Autowired
-    private RedisService redisService;
-
-    private int maxRetryCount = CacheConstants.passwordMaxRetryCount;
-
-    private Long lockTime = CacheConstants.passwordLockTime;
-
-    @Autowired
-    private SysRecordLogService recordLogService;
-
-    /**
-     * 登录账户密码错误次数缓存键名
-     * 
-     * @param username 用户名
-     * @return 缓存键key
-     */
-    private String getCacheKey(String username)
-    {
-        return CacheConstants.PWD_ERR_CNT_KEY + username;
-    }
-
-    public void validate(SysUser user, String password)
-    {
-        String username = user.getUserName();
-
-        Integer retryCount = redisService.getCacheObject(getCacheKey(username));
-
-        if (retryCount == null)
-        {
-            retryCount = 0;
-        }
-
-        if (retryCount >= Integer.valueOf(maxRetryCount).intValue())
-        {
-            String errMsg = String.format("密码输入错误%s次，帐户锁定%s分钟", maxRetryCount, lockTime);
-            recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL,errMsg);
-            throw new ServiceException(errMsg);
-        }
-
-        if (!matches(user, password))
-        {
-            retryCount = retryCount + 1;
-            recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, String.format("密码输入错误%s次", retryCount));
-            redisService.setCacheObject(getCacheKey(username), retryCount, lockTime, TimeUnit.MINUTES);
-            throw new ServiceException("用户不存在/密码错误");
-        }
-        else
-        {
-            clearLoginRecordCache(username);
-        }
-    }
-
-    public boolean matches(SysUser user, String rawPassword)
-    {
-        return SecurityUtils.matchesPassword(rawPassword, user.getPassword());
-    }
-
-    public void clearLoginRecordCache(String loginName)
-    {
-        if (redisService.hasKey(getCacheKey(loginName)))
-        {
-            redisService.deleteObject(getCacheKey(loginName));
-        }
-    }
-}
--- a/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysRecordLogService.java
+++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysRecordLogService.java
@@ -1,49 +0,0 @@
-package com.ruoyi.auth.service;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-import com.ruoyi.common.core.constant.Constants;
-import com.ruoyi.common.core.constant.SecurityConstants;
-import com.ruoyi.common.core.utils.ServletUtils;
-import com.ruoyi.common.core.utils.StringUtils;
-import com.ruoyi.common.core.utils.ip.IpUtils;
-import com.ruoyi.system.api.RemoteLogService;
-import com.ruoyi.system.api.domain.SysLogininfor;
-
-/**
- * 记录日志方法
- * 
- * @author ruoyi
- */
-@Component
-public class SysRecordLogService
-{
-    @Autowired
-    private RemoteLogService remoteLogService;
-
-    /**
-     * 记录登录信息
-     * 
-     * @param username 用户名
-     * @param status 状态
-     * @param message 消息内容
-     * @return
-     */
-    public void recordLogininfor(String username, String status, String message)
-    {
-        SysLogininfor logininfor = new SysLogininfor();
-        logininfor.setUserName(username);
-        logininfor.setIpaddr(IpUtils.getIpAddr(ServletUtils.getRequest()));
-        logininfor.setMsg(message);
-        // 日志状态
-        if (StringUtils.equalsAny(status, Constants.LOGIN_SUCCESS, Constants.LOGOUT, Constants.REGISTER))
-        {
-            logininfor.setStatus(Constants.LOGIN_SUCCESS_STATUS);
-        }
-        else if (Constants.LOGIN_FAIL.equals(status))
-        {
-            logininfor.setStatus(Constants.LOGIN_FAIL_STATUS);
-        }
-        remoteLogService.saveLogininfor(logininfor, SecurityConstants.INNER);
-    }
-}