Authored by zhaoyue

Upsoft pass testing

git add --all src/*
git add push.sh
git add pom.xml
git commit -m "FIX some conflicts"
git commit -m "Upsoft pass testing"
git push origin zhaoyue-dev2
git status
\ No newline at end of file
... ...
... ... @@ -2,6 +2,7 @@ package com.xkl.authorization.resolvers;
import com.xkl.authorization.annotation.CurrentAdmin;
import com.xkl.config.Constants;
import com.xkl.controller.uploadsoft.UpSoftAccountController;
import com.xkl.domain.Admin;
import com.xkl.repository.AdminRepository;
import org.springframework.beans.factory.annotation.Autowired;
... ... @@ -16,7 +17,8 @@ import org.springframework.web.multipart.support.MissingServletRequestPartExcept
/**
* 增加方法注入,将含有CurrentAdmin注解的方法参数注入当前登录用户
* @see CurrentAdmin
*
* @see CurrentAdmin
*/
@Component
public class CurrentAdminMethodArgumentResolver implements HandlerMethodArgumentResolver {
... ... @@ -37,10 +39,11 @@ public class CurrentAdminMethodArgumentResolver implements HandlerMethodArgument
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
//取出鉴权时存入的登录用户Id
Long currentAdminId = (Long) webRequest.getAttribute(Constants.CURRENT_USER_ID, RequestAttributes.SCOPE_REQUEST);
String currentAdminId = ((String) webRequest.getAttribute(Constants.CURRENT_USER_ID, RequestAttributes.SCOPE_REQUEST)).replace(UpSoftAccountController.UPSOFT_TOKEN_PREFIX, "");
if (currentAdminId != null) {
//从数据库中查询并返回
return adminRepository.findOne(currentAdminId);
Admin admin = adminRepository.findByIdAndStatus(Long.parseLong(currentAdminId), Constants.STATUS_OK);
return admin;
}
throw new MissingServletRequestPartException(Constants.CURRENT_USER_ID);
}
... ...
... ... @@ -63,4 +63,9 @@ public interface Constants {
public static final int LOWER = 1;
public static final int HIGHER = 2;
public static final int STATUS_BAD = 0;
public static final boolean STATUS_BAD2 = false;
public static final int STATUS_OK = 1;
public static final boolean STATUS_OK2= true;
}
... ...
... ... @@ -4,6 +4,7 @@ import com.xkl.authorization.annotation.Authorization;
import com.xkl.authorization.annotation.CurrentUser;
import com.xkl.authorization.manager.ITokenManager;
import com.xkl.authorization.model.TokenModel;
import com.xkl.config.Constants;
import com.xkl.config.ResultStatus;
import com.xkl.domain.User;
import com.xkl.model.ResultModel;
... ... @@ -44,7 +45,7 @@ public class TokenController {
Assert.notNull(username, "username can not be empty");
Assert.notNull(password, "password can not be empty");
User user = userRepository.findByLoginAccount(username);
User user = userRepository.findByLoginAccountAndStatus(username, Constants.STATUS_OK2);
if (user == null) { //用户不存在
return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND);
... ...
... ... @@ -4,6 +4,7 @@ import com.xkl.authorization.annotation.Authorization;
import com.xkl.authorization.annotation.CurrentUser;
import com.xkl.authorization.annotation.Sign;
import com.xkl.authorization.manager.ITokenManager;
import com.xkl.config.Constants;
import com.xkl.config.ResultStatus;
import com.xkl.domain.User;
import com.xkl.domain.XklMemberEntity;
... ... @@ -49,7 +50,7 @@ public class UserInfoController {
Assert.notNull(username, "username can not be empty");
Assert.notNull(password, "password can not be empty");
User user = userRepository.findByLoginAccount(username);
User user = userRepository.findByLoginAccountAndStatus(username, Constants.STATUS_OK2);
if (user != null ) { //用户已注册
return new ResponseEntity<>(ResultModel.error(ResultStatus.USER_IS_EXIT), HttpStatus.NOT_FOUND);
}else{
... ...
package com.xkl.controller.uploadsoft;
import com.wordnik.swagger.annotations.*;
import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiImplicitParam;
import com.wordnik.swagger.annotations.ApiImplicitParams;
import com.wordnik.swagger.annotations.ApiOperation;
import com.xkl.authorization.annotation.Authorization;
import com.xkl.authorization.annotation.CurrentAdmin;
import com.xkl.authorization.annotation.CurrentUser;
import com.xkl.authorization.manager.ITokenManager;
import com.xkl.authorization.model.TokenModel;
import com.xkl.config.Constants;
import com.xkl.config.ResultStatus;
import com.xkl.domain.AMPMachine;
import com.xkl.domain.Admin;
import com.xkl.model.ResultModel;
import com.xkl.repository.AMPMachineRepository;
import com.xkl.repository.AdminRepository;
import com.xkl.security.SecurityTool;
import org.hibernate.validator.constraints.SafeHtml;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
... ... @@ -40,7 +40,7 @@ public class UpSoftAccountController {
@Autowired
private ITokenManager tokenManager;
private static final String UPSOFT_TOKEN_PREFIX = "UPSOFTTOKEN";
public static final String UPSOFT_TOKEN_PREFIX = "UPSOFTTOKEN";
@RequestMapping(method = RequestMethod.POST)
@ApiOperation(value = "报告上传软件登录", notes = "login")
... ... @@ -57,13 +57,16 @@ public class UpSoftAccountController {
// ampMachine.getStatus() != 1) {//用户无效
// return new ResponseEntity<>(ResultModel.error(ResultStatus.AMP_KEY_ERROR), HttpStatus.NOT_FOUND);
// }
Admin admin = adminRepository.findByAccount(account);
Admin admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK);
//未注册
if (admin == null) {
//提示用户名或密码错误
return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND);
}
String salt = admin.getSalt();
String pass_in_db = admin.getPwd();
String calcuPass = SecurityTool.getPassword(account, password, salt);
if (admin == null || //未注册
!calcuPass.equals(pass_in_db) ||//密码错误
if (!calcuPass.equals(pass_in_db) ||//密码错误
admin.getStatus() != 1) {//用户无效
//提示用户名或密码错误
return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND);
... ... @@ -85,17 +88,20 @@ public class UpSoftAccountController {
return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
}
@RequestMapping(value = "/upsoft/modpwd", method = RequestMethod.PUT)
@RequestMapping(method = RequestMethod.PUT)
@Authorization
@ApiOperation(value = "报告上传软件修改密码")
@ApiImplicitParams({
@ApiImplicitParam(name = "authorization", value = "请以如下格式输入登录返回信息:adminId_tokens", required = true, dataType = "string", paramType = "header"),
})
public ResponseEntity<ResultModel> modpwd(@CurrentAdmin Admin admin, @RequestParam String newpwd) {
admin = adminRepository.findById(admin.getId());
admin.setPwd(newpwd);
Assert.notNull(newpwd, "password can not be empty");
String salt = SecurityTool.genSalt();
String pass2Db = SecurityTool.getPassword(admin.getAccount(), newpwd, salt);
admin.setPwd(pass2Db);
admin.setSalt(salt);
adminRepository.save(admin);
tokenManager.deleteToken(UPSOFT_TOKEN_PREFIX + admin.getId());
return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
}
}
... ...
... ... @@ -9,7 +9,8 @@ import org.springframework.data.repository.CrudRepository;
*/
public interface AdminRepository extends CrudRepository<Admin, Long> {
public Admin findByAccount(String account);
public Admin findById(long id);
// public Admin findByAccount(String account);
public Admin findByAccountAndStatus(String account,int status);
public Admin findByIdAndStatus(long id,int status);
}
... ...
... ... @@ -10,7 +10,7 @@ import org.springframework.data.repository.CrudRepository;
* @see AMPReport
*/
public interface ReportRepository extends CrudRepository<AMPReport, Long> {
public AMPReport findByMd5(String md5);
public AMPReport findByMd5AndStatus(String md5,int status);
public AMPReport findById(int id);
... ...
... ... @@ -8,6 +8,5 @@ import org.springframework.data.repository.CrudRepository;
* @see com.xkl.domain.User
*/
public interface UserRepository extends CrudRepository<User, Long> {
public User findByLoginAccount(String username);
public User findByLoginAccountAndStatus(String username,boolean status);
}
... ...
... ... @@ -53,14 +53,14 @@ public class ReportService implements IReportService {
public ResponseEntity<ResultModel> save(Admin admin, String json_report) {
// 验证存在性
String reportMd5 = SecurityTool.encode("MD5", json_report);
// 验证是否有对应的会员
// 验证是无对应的会员,rediskey
String reportWithNoUser = reportMd5 + "Member";
// 验证报告格式是否有问题
// 验证报告格式有问题,rediskey
String reportWrongFormat = reportMd5 + "Format";
/*
* 如果已经处理过的报告,不再进行处理。
*/
AMPReport report = reportRepository.findByMd5(reportMd5);
AMPReport report = reportRepository.findByMd5AndStatus(reportMd5, Constants.STATUS_OK);
if (report != null && report.getStatus() > 0) {
// 返回,报告已存在。
return new ResponseEntity<>(ResultModel.ok(new ReportIdModel(report.getId())), HttpStatus.OK);
... ... @@ -86,7 +86,7 @@ public class ReportService implements IReportService {
/*
* 检验会员存在性
*/
User user = userRepository.findByLoginAccount(reportData.getAmpReport().getAccount_str());
User user = userRepository.findByLoginAccountAndStatus(reportData.getAmpReport().getAccount_str(), Constants.STATUS_OK2);
if (user == null) {
redis.boundValueOps(reportWithNoUser).set("");
// 返回,报告对应会员不存在。
... ... @@ -112,9 +112,9 @@ public class ReportService implements IReportService {
public ResponseEntity<ResultModel> delete(Admin admin, long report_id) {
// 1. 得到report,验证报告存在性
AMPReport report = reportRepository.findById((int) report_id);
if (report == null) {
if (report == null || report.getStatus() == 0) {
// 报告不存在,返回
return new ResponseEntity<>(ResultModel.error(ResultStatus.REPORT_INVALID__ERROR), HttpStatus.NOT_FOUND);
return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
}
// 2. 验证admin
... ...