Showing
10 changed files
with
46 additions
and
30 deletions
@@ -2,6 +2,7 @@ package com.xkl.authorization.resolvers; | @@ -2,6 +2,7 @@ package com.xkl.authorization.resolvers; | ||
2 | 2 | ||
3 | import com.xkl.authorization.annotation.CurrentAdmin; | 3 | import com.xkl.authorization.annotation.CurrentAdmin; |
4 | import com.xkl.config.Constants; | 4 | import com.xkl.config.Constants; |
5 | +import com.xkl.controller.uploadsoft.UpSoftAccountController; | ||
5 | import com.xkl.domain.Admin; | 6 | import com.xkl.domain.Admin; |
6 | import com.xkl.repository.AdminRepository; | 7 | import com.xkl.repository.AdminRepository; |
7 | import org.springframework.beans.factory.annotation.Autowired; | 8 | import org.springframework.beans.factory.annotation.Autowired; |
@@ -16,7 +17,8 @@ import org.springframework.web.multipart.support.MissingServletRequestPartExcept | @@ -16,7 +17,8 @@ import org.springframework.web.multipart.support.MissingServletRequestPartExcept | ||
16 | 17 | ||
17 | /** | 18 | /** |
18 | * 增加方法注入,将含有CurrentAdmin注解的方法参数注入当前登录用户 | 19 | * 增加方法注入,将含有CurrentAdmin注解的方法参数注入当前登录用户 |
19 | - * @see CurrentAdmin | 20 | + * |
21 | + * @see CurrentAdmin | ||
20 | */ | 22 | */ |
21 | @Component | 23 | @Component |
22 | public class CurrentAdminMethodArgumentResolver implements HandlerMethodArgumentResolver { | 24 | public class CurrentAdminMethodArgumentResolver implements HandlerMethodArgumentResolver { |
@@ -37,10 +39,11 @@ public class CurrentAdminMethodArgumentResolver implements HandlerMethodArgument | @@ -37,10 +39,11 @@ public class CurrentAdminMethodArgumentResolver implements HandlerMethodArgument | ||
37 | @Override | 39 | @Override |
38 | public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception { | 40 | public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception { |
39 | //取出鉴权时存入的登录用户Id | 41 | //取出鉴权时存入的登录用户Id |
40 | - Long currentAdminId = (Long) webRequest.getAttribute(Constants.CURRENT_USER_ID, RequestAttributes.SCOPE_REQUEST); | 42 | + String currentAdminId = ((String) webRequest.getAttribute(Constants.CURRENT_USER_ID, RequestAttributes.SCOPE_REQUEST)).replace(UpSoftAccountController.UPSOFT_TOKEN_PREFIX, ""); |
41 | if (currentAdminId != null) { | 43 | if (currentAdminId != null) { |
42 | //从数据库中查询并返回 | 44 | //从数据库中查询并返回 |
43 | - return adminRepository.findOne(currentAdminId); | 45 | + Admin admin = adminRepository.findByIdAndStatus(Long.parseLong(currentAdminId), Constants.STATUS_OK); |
46 | + return admin; | ||
44 | } | 47 | } |
45 | throw new MissingServletRequestPartException(Constants.CURRENT_USER_ID); | 48 | throw new MissingServletRequestPartException(Constants.CURRENT_USER_ID); |
46 | } | 49 | } |
@@ -63,4 +63,9 @@ public interface Constants { | @@ -63,4 +63,9 @@ public interface Constants { | ||
63 | public static final int LOWER = 1; | 63 | public static final int LOWER = 1; |
64 | public static final int HIGHER = 2; | 64 | public static final int HIGHER = 2; |
65 | 65 | ||
66 | + public static final int STATUS_BAD = 0; | ||
67 | + public static final boolean STATUS_BAD2 = false; | ||
68 | + public static final int STATUS_OK = 1; | ||
69 | + public static final boolean STATUS_OK2= true; | ||
70 | + | ||
66 | } | 71 | } |
@@ -4,6 +4,7 @@ import com.xkl.authorization.annotation.Authorization; | @@ -4,6 +4,7 @@ import com.xkl.authorization.annotation.Authorization; | ||
4 | import com.xkl.authorization.annotation.CurrentUser; | 4 | import com.xkl.authorization.annotation.CurrentUser; |
5 | import com.xkl.authorization.manager.ITokenManager; | 5 | import com.xkl.authorization.manager.ITokenManager; |
6 | import com.xkl.authorization.model.TokenModel; | 6 | import com.xkl.authorization.model.TokenModel; |
7 | +import com.xkl.config.Constants; | ||
7 | import com.xkl.config.ResultStatus; | 8 | import com.xkl.config.ResultStatus; |
8 | import com.xkl.domain.User; | 9 | import com.xkl.domain.User; |
9 | import com.xkl.model.ResultModel; | 10 | import com.xkl.model.ResultModel; |
@@ -44,7 +45,7 @@ public class TokenController { | @@ -44,7 +45,7 @@ public class TokenController { | ||
44 | Assert.notNull(username, "username can not be empty"); | 45 | Assert.notNull(username, "username can not be empty"); |
45 | Assert.notNull(password, "password can not be empty"); | 46 | Assert.notNull(password, "password can not be empty"); |
46 | 47 | ||
47 | - User user = userRepository.findByLoginAccount(username); | 48 | + User user = userRepository.findByLoginAccountAndStatus(username, Constants.STATUS_OK2); |
48 | 49 | ||
49 | if (user == null) { //用户不存在 | 50 | if (user == null) { //用户不存在 |
50 | return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND); | 51 | return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND); |
@@ -4,6 +4,7 @@ import com.xkl.authorization.annotation.Authorization; | @@ -4,6 +4,7 @@ import com.xkl.authorization.annotation.Authorization; | ||
4 | import com.xkl.authorization.annotation.CurrentUser; | 4 | import com.xkl.authorization.annotation.CurrentUser; |
5 | import com.xkl.authorization.annotation.Sign; | 5 | import com.xkl.authorization.annotation.Sign; |
6 | import com.xkl.authorization.manager.ITokenManager; | 6 | import com.xkl.authorization.manager.ITokenManager; |
7 | +import com.xkl.config.Constants; | ||
7 | import com.xkl.config.ResultStatus; | 8 | import com.xkl.config.ResultStatus; |
8 | import com.xkl.domain.User; | 9 | import com.xkl.domain.User; |
9 | import com.xkl.domain.XklMemberEntity; | 10 | import com.xkl.domain.XklMemberEntity; |
@@ -49,7 +50,7 @@ public class UserInfoController { | @@ -49,7 +50,7 @@ public class UserInfoController { | ||
49 | Assert.notNull(username, "username can not be empty"); | 50 | Assert.notNull(username, "username can not be empty"); |
50 | Assert.notNull(password, "password can not be empty"); | 51 | Assert.notNull(password, "password can not be empty"); |
51 | 52 | ||
52 | - User user = userRepository.findByLoginAccount(username); | 53 | + User user = userRepository.findByLoginAccountAndStatus(username, Constants.STATUS_OK2); |
53 | if (user != null ) { //用户已注册 | 54 | if (user != null ) { //用户已注册 |
54 | return new ResponseEntity<>(ResultModel.error(ResultStatus.USER_IS_EXIT), HttpStatus.NOT_FOUND); | 55 | return new ResponseEntity<>(ResultModel.error(ResultStatus.USER_IS_EXIT), HttpStatus.NOT_FOUND); |
55 | }else{ | 56 | }else{ |
1 | package com.xkl.controller.uploadsoft; | 1 | package com.xkl.controller.uploadsoft; |
2 | 2 | ||
3 | -import com.wordnik.swagger.annotations.*; | 3 | +import com.wordnik.swagger.annotations.Api; |
4 | +import com.wordnik.swagger.annotations.ApiImplicitParam; | ||
5 | +import com.wordnik.swagger.annotations.ApiImplicitParams; | ||
6 | +import com.wordnik.swagger.annotations.ApiOperation; | ||
4 | import com.xkl.authorization.annotation.Authorization; | 7 | import com.xkl.authorization.annotation.Authorization; |
5 | import com.xkl.authorization.annotation.CurrentAdmin; | 8 | import com.xkl.authorization.annotation.CurrentAdmin; |
6 | -import com.xkl.authorization.annotation.CurrentUser; | ||
7 | import com.xkl.authorization.manager.ITokenManager; | 9 | import com.xkl.authorization.manager.ITokenManager; |
8 | import com.xkl.authorization.model.TokenModel; | 10 | import com.xkl.authorization.model.TokenModel; |
9 | import com.xkl.config.Constants; | 11 | import com.xkl.config.Constants; |
10 | import com.xkl.config.ResultStatus; | 12 | import com.xkl.config.ResultStatus; |
11 | -import com.xkl.domain.AMPMachine; | ||
12 | import com.xkl.domain.Admin; | 13 | import com.xkl.domain.Admin; |
13 | import com.xkl.model.ResultModel; | 14 | import com.xkl.model.ResultModel; |
14 | import com.xkl.repository.AMPMachineRepository; | 15 | import com.xkl.repository.AMPMachineRepository; |
15 | import com.xkl.repository.AdminRepository; | 16 | import com.xkl.repository.AdminRepository; |
16 | import com.xkl.security.SecurityTool; | 17 | import com.xkl.security.SecurityTool; |
17 | -import org.hibernate.validator.constraints.SafeHtml; | ||
18 | import org.springframework.beans.factory.annotation.Autowired; | 18 | import org.springframework.beans.factory.annotation.Autowired; |
19 | import org.springframework.http.HttpStatus; | 19 | import org.springframework.http.HttpStatus; |
20 | import org.springframework.http.ResponseEntity; | 20 | import org.springframework.http.ResponseEntity; |
@@ -40,7 +40,7 @@ public class UpSoftAccountController { | @@ -40,7 +40,7 @@ public class UpSoftAccountController { | ||
40 | @Autowired | 40 | @Autowired |
41 | private ITokenManager tokenManager; | 41 | private ITokenManager tokenManager; |
42 | 42 | ||
43 | - private static final String UPSOFT_TOKEN_PREFIX = "UPSOFTTOKEN"; | 43 | + public static final String UPSOFT_TOKEN_PREFIX = "UPSOFTTOKEN"; |
44 | 44 | ||
45 | @RequestMapping(method = RequestMethod.POST) | 45 | @RequestMapping(method = RequestMethod.POST) |
46 | @ApiOperation(value = "报告上传软件登录", notes = "login") | 46 | @ApiOperation(value = "报告上传软件登录", notes = "login") |
@@ -57,13 +57,16 @@ public class UpSoftAccountController { | @@ -57,13 +57,16 @@ public class UpSoftAccountController { | ||
57 | // ampMachine.getStatus() != 1) {//用户无效 | 57 | // ampMachine.getStatus() != 1) {//用户无效 |
58 | // return new ResponseEntity<>(ResultModel.error(ResultStatus.AMP_KEY_ERROR), HttpStatus.NOT_FOUND); | 58 | // return new ResponseEntity<>(ResultModel.error(ResultStatus.AMP_KEY_ERROR), HttpStatus.NOT_FOUND); |
59 | // } | 59 | // } |
60 | - | ||
61 | - Admin admin = adminRepository.findByAccount(account); | 60 | + Admin admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK); |
61 | + //未注册 | ||
62 | + if (admin == null) { | ||
63 | + //提示用户名或密码错误 | ||
64 | + return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND); | ||
65 | + } | ||
62 | String salt = admin.getSalt(); | 66 | String salt = admin.getSalt(); |
63 | String pass_in_db = admin.getPwd(); | 67 | String pass_in_db = admin.getPwd(); |
64 | String calcuPass = SecurityTool.getPassword(account, password, salt); | 68 | String calcuPass = SecurityTool.getPassword(account, password, salt); |
65 | - if (admin == null || //未注册 | ||
66 | - !calcuPass.equals(pass_in_db) ||//密码错误 | 69 | + if (!calcuPass.equals(pass_in_db) ||//密码错误 |
67 | admin.getStatus() != 1) {//用户无效 | 70 | admin.getStatus() != 1) {//用户无效 |
68 | //提示用户名或密码错误 | 71 | //提示用户名或密码错误 |
69 | return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND); | 72 | return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND); |
@@ -85,17 +88,20 @@ public class UpSoftAccountController { | @@ -85,17 +88,20 @@ public class UpSoftAccountController { | ||
85 | return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK); | 88 | return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK); |
86 | } | 89 | } |
87 | 90 | ||
88 | - @RequestMapping(value = "/upsoft/modpwd", method = RequestMethod.PUT) | 91 | + @RequestMapping(method = RequestMethod.PUT) |
89 | @Authorization | 92 | @Authorization |
90 | @ApiOperation(value = "报告上传软件修改密码") | 93 | @ApiOperation(value = "报告上传软件修改密码") |
91 | @ApiImplicitParams({ | 94 | @ApiImplicitParams({ |
92 | @ApiImplicitParam(name = "authorization", value = "请以如下格式输入登录返回信息:adminId_tokens", required = true, dataType = "string", paramType = "header"), | 95 | @ApiImplicitParam(name = "authorization", value = "请以如下格式输入登录返回信息:adminId_tokens", required = true, dataType = "string", paramType = "header"), |
93 | }) | 96 | }) |
94 | public ResponseEntity<ResultModel> modpwd(@CurrentAdmin Admin admin, @RequestParam String newpwd) { | 97 | public ResponseEntity<ResultModel> modpwd(@CurrentAdmin Admin admin, @RequestParam String newpwd) { |
95 | - | ||
96 | - admin = adminRepository.findById(admin.getId()); | ||
97 | - admin.setPwd(newpwd); | 98 | + Assert.notNull(newpwd, "password can not be empty"); |
99 | + String salt = SecurityTool.genSalt(); | ||
100 | + String pass2Db = SecurityTool.getPassword(admin.getAccount(), newpwd, salt); | ||
101 | + admin.setPwd(pass2Db); | ||
102 | + admin.setSalt(salt); | ||
98 | adminRepository.save(admin); | 103 | adminRepository.save(admin); |
104 | + tokenManager.deleteToken(UPSOFT_TOKEN_PREFIX + admin.getId()); | ||
99 | return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK); | 105 | return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK); |
100 | } | 106 | } |
101 | } | 107 | } |
@@ -9,7 +9,8 @@ import org.springframework.data.repository.CrudRepository; | @@ -9,7 +9,8 @@ import org.springframework.data.repository.CrudRepository; | ||
9 | */ | 9 | */ |
10 | public interface AdminRepository extends CrudRepository<Admin, Long> { | 10 | public interface AdminRepository extends CrudRepository<Admin, Long> { |
11 | 11 | ||
12 | - public Admin findByAccount(String account); | ||
13 | - public Admin findById(long id); | 12 | +// public Admin findByAccount(String account); |
13 | + public Admin findByAccountAndStatus(String account,int status); | ||
14 | + public Admin findByIdAndStatus(long id,int status); | ||
14 | 15 | ||
15 | } | 16 | } |
@@ -10,7 +10,7 @@ import org.springframework.data.repository.CrudRepository; | @@ -10,7 +10,7 @@ import org.springframework.data.repository.CrudRepository; | ||
10 | * @see AMPReport | 10 | * @see AMPReport |
11 | */ | 11 | */ |
12 | public interface ReportRepository extends CrudRepository<AMPReport, Long> { | 12 | public interface ReportRepository extends CrudRepository<AMPReport, Long> { |
13 | - public AMPReport findByMd5(String md5); | 13 | + public AMPReport findByMd5AndStatus(String md5,int status); |
14 | 14 | ||
15 | public AMPReport findById(int id); | 15 | public AMPReport findById(int id); |
16 | 16 |
@@ -8,6 +8,5 @@ import org.springframework.data.repository.CrudRepository; | @@ -8,6 +8,5 @@ import org.springframework.data.repository.CrudRepository; | ||
8 | * @see com.xkl.domain.User | 8 | * @see com.xkl.domain.User |
9 | */ | 9 | */ |
10 | public interface UserRepository extends CrudRepository<User, Long> { | 10 | public interface UserRepository extends CrudRepository<User, Long> { |
11 | - | ||
12 | - public User findByLoginAccount(String username); | 11 | + public User findByLoginAccountAndStatus(String username,boolean status); |
13 | } | 12 | } |
@@ -53,14 +53,14 @@ public class ReportService implements IReportService { | @@ -53,14 +53,14 @@ public class ReportService implements IReportService { | ||
53 | public ResponseEntity<ResultModel> save(Admin admin, String json_report) { | 53 | public ResponseEntity<ResultModel> save(Admin admin, String json_report) { |
54 | // 验证存在性 | 54 | // 验证存在性 |
55 | String reportMd5 = SecurityTool.encode("MD5", json_report); | 55 | String reportMd5 = SecurityTool.encode("MD5", json_report); |
56 | - // 验证是否有对应的会员 | 56 | + // 验证是无对应的会员,rediskey |
57 | String reportWithNoUser = reportMd5 + "Member"; | 57 | String reportWithNoUser = reportMd5 + "Member"; |
58 | - // 验证报告格式是否有问题 | 58 | + // 验证报告格式有问题,rediskey |
59 | String reportWrongFormat = reportMd5 + "Format"; | 59 | String reportWrongFormat = reportMd5 + "Format"; |
60 | /* | 60 | /* |
61 | * 如果已经处理过的报告,不再进行处理。 | 61 | * 如果已经处理过的报告,不再进行处理。 |
62 | */ | 62 | */ |
63 | - AMPReport report = reportRepository.findByMd5(reportMd5); | 63 | + AMPReport report = reportRepository.findByMd5AndStatus(reportMd5, Constants.STATUS_OK); |
64 | if (report != null && report.getStatus() > 0) { | 64 | if (report != null && report.getStatus() > 0) { |
65 | // 返回,报告已存在。 | 65 | // 返回,报告已存在。 |
66 | return new ResponseEntity<>(ResultModel.ok(new ReportIdModel(report.getId())), HttpStatus.OK); | 66 | return new ResponseEntity<>(ResultModel.ok(new ReportIdModel(report.getId())), HttpStatus.OK); |
@@ -86,7 +86,7 @@ public class ReportService implements IReportService { | @@ -86,7 +86,7 @@ public class ReportService implements IReportService { | ||
86 | /* | 86 | /* |
87 | * 检验会员存在性 | 87 | * 检验会员存在性 |
88 | */ | 88 | */ |
89 | - User user = userRepository.findByLoginAccount(reportData.getAmpReport().getAccount_str()); | 89 | + User user = userRepository.findByLoginAccountAndStatus(reportData.getAmpReport().getAccount_str(), Constants.STATUS_OK2); |
90 | if (user == null) { | 90 | if (user == null) { |
91 | redis.boundValueOps(reportWithNoUser).set(""); | 91 | redis.boundValueOps(reportWithNoUser).set(""); |
92 | // 返回,报告对应会员不存在。 | 92 | // 返回,报告对应会员不存在。 |
@@ -112,9 +112,9 @@ public class ReportService implements IReportService { | @@ -112,9 +112,9 @@ public class ReportService implements IReportService { | ||
112 | public ResponseEntity<ResultModel> delete(Admin admin, long report_id) { | 112 | public ResponseEntity<ResultModel> delete(Admin admin, long report_id) { |
113 | // 1. 得到report,验证报告存在性 | 113 | // 1. 得到report,验证报告存在性 |
114 | AMPReport report = reportRepository.findById((int) report_id); | 114 | AMPReport report = reportRepository.findById((int) report_id); |
115 | - if (report == null) { | 115 | + if (report == null || report.getStatus() == 0) { |
116 | // 报告不存在,返回 | 116 | // 报告不存在,返回 |
117 | - return new ResponseEntity<>(ResultModel.error(ResultStatus.REPORT_INVALID__ERROR), HttpStatus.NOT_FOUND); | 117 | + return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK); |
118 | } | 118 | } |
119 | 119 | ||
120 | // 2. 验证admin | 120 | // 2. 验证admin |
-
Please register or login to post a comment