FIX:fix some bugs

@@ -76,12 +76,12 @@ public class SignAspect {
         String str="";
         for(String para:list){
             if(!para.equals("sign")&&!para.equals("t")&&!para.equals("type"))
-            str += map.get(para)[0];
+                str += map.get(para)[0];
         }
 
         String key = getKeyByType(type);
         long t1= UtilTools.getNow10Second();
-        String sign1= SecurityTool.encode("MD5",str+t1+key);
+        String sign1= SecurityTool.encode("MD5",str+t+key);
         /**
          *  比较sign和过期时间
          */

@@ -8,7 +8,7 @@ public enum ResultStatus {
 
     USER_REGISTER(1000,"用户注册成功"),
     USER_LOGOUT(1001,"退出登录成功"),
-    USER_MODPASS_LOGOUT(1002,"修改密码成功，退出登录"),
+    USER_MODPASS_LOGOUT(1002,"修改密码成功，请重新登录"),
     USERNAME_OR_PASSWORD_ERROR(-1001, "用户名或密码错误"),
     USER_NOT_FOUND(-1002, "用户不存在"),
     USER_NOT_LOGIN(-1004, "用户未登录"),

 package com.xkl.controller;
 
 import com.wordnik.swagger.annotations.ApiOperation;
+import com.xkl.authorization.annotation.Sign;
 import com.xkl.authorization.manager.ITokenManager;
 import com.xkl.authorization.model.TokenModel;
 import com.xkl.config.ResultStatus;
@@ -35,10 +36,10 @@ public class OpenIdController {
     private XklMemberOpenidRespository xklMemberOpenidRespository;
 
     @AntiXSS
-    //@Sign
+    @Sign
     @RequestMapping(method = RequestMethod.POST)
     @ApiOperation(value = "OpenId绑定接口")
-    public ResponseEntity<ResultModel> openIdBind(HttpServletRequest request,@RequestParam String username, @RequestParam String password, @RequestParam String openId, @RequestParam int openIdtype,
+    public ResponseEntity<ResultModel> openIdBind(HttpServletRequest request,@RequestParam String username, @RequestParam String password, @RequestParam String openId, @RequestParam int openIdType,
                                                 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
         Assert.notNull(username, "username can not be empty");
         Assert.notNull(password, "password can not be empty");
@@ -46,12 +47,12 @@ public class OpenIdController {
         User user = loginService.check(username, password);
 
         if (user == null) {//用户，密码错误
-            return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND);
+            return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         } else {
-            XklMemberOpenidEntity xklMemberOpenid=xklMemberOpenidRespository.findByAccountIdAndType(user.getId(),openIdtype);
+            XklMemberOpenidEntity xklMemberOpenid=xklMemberOpenidRespository.findByAccountIdAndType(user.getId(),openIdType);
             if(xklMemberOpenid == null ){
                 xklMemberOpenid = new XklMemberOpenidEntity();
-                xklMemberOpenid.setType(openIdtype);
+                xklMemberOpenid.setType(openIdType);
                 xklMemberOpenid.setAccountId(user.getId());
                 xklMemberOpenid.setMemberId(user.getMemberId());
                 xklMemberOpenid.setOpenid(openId);
@@ -65,10 +66,10 @@ public class OpenIdController {
 
 
     @AntiXSS
-    //@Sign
+    @Sign
     @RequestMapping(method = RequestMethod.DELETE)
     @ApiOperation(value = "OpenId解除绑定接口")
-    public ResponseEntity<ResultModel> openIdUnBind(HttpServletRequest request,@RequestParam String username,@RequestParam String password,@RequestParam String openId, @RequestParam int openIdtype,
+    public ResponseEntity<ResultModel> openIdUnBind(HttpServletRequest request,@RequestParam String username,@RequestParam String password,@RequestParam String openId, @RequestParam int openIdType,
                                                    @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
         Assert.notNull(username, "username can not be empty");
         Assert.notNull(password, "password can not be empty");
@@ -76,28 +77,28 @@ public class OpenIdController {
         User user = loginService.check(username, password);
 
         if (user == null) {//用户，密码错误
-            return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND);
+            return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         } else {
-            XklMemberOpenidEntity xklMemberOpenid = xklMemberOpenidRespository.findByAccountIdAndTypeAndOpenid(user.getId(), openIdtype,openId);
+            XklMemberOpenidEntity xklMemberOpenid = xklMemberOpenidRespository.findByAccountIdAndTypeAndOpenid(user.getId(), openIdType,openId);
             if(xklMemberOpenid!=null) {
                 xklMemberOpenidRespository.delete(xklMemberOpenid);
             }else{
-                return new ResponseEntity<>(ResultModel.error(ResultStatus.OPENID_ERROR), HttpStatus.NOT_FOUND);
+                return new ResponseEntity<>(ResultModel.error(ResultStatus.OPENID_ERROR), HttpStatus.OK);
             }
         }
         return new ResponseEntity<>(ResultModel.ok(ResultStatus.OPENID_UNBIND_SUCESS), HttpStatus.OK);
     }
 
     @AntiXSS
-    //@Sign
+    @Sign
     @RequestMapping(value="/login",method = RequestMethod.POST)
     @ApiOperation(value = "OpenId登录接口")
-    public ResponseEntity<ResultModel> openIdLogin(HttpServletRequest request,@RequestParam String openId, @RequestParam int openIdtype,
+    public ResponseEntity<ResultModel> openIdLogin(HttpServletRequest request,@RequestParam String openId, @RequestParam int openIdType,
                                                     @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
-        XklMemberOpenidEntity xklMemberOpenid = xklMemberOpenidRespository.findByOpenidAndType(openId, openIdtype);
+        XklMemberOpenidEntity xklMemberOpenid = xklMemberOpenidRespository.findByOpenidAndType(openId, openIdType);
 
         if(xklMemberOpenid == null){
-            return new ResponseEntity<>(ResultModel.error(ResultStatus.OPENID_ERROR), HttpStatus.NOT_FOUND);
+            return new ResponseEntity<>(ResultModel.error(ResultStatus.OPENID_ERROR), HttpStatus.OK);
         }
         long accountId = xklMemberOpenid.getId();
         TokenModel model = tokenManager.createToken(String.valueOf(accountId));

@@ -5,6 +5,7 @@ import com.wordnik.swagger.annotations.ApiImplicitParams;
 import com.wordnik.swagger.annotations.ApiOperation;
 import com.xkl.authorization.annotation.Authorization;
 import com.xkl.authorization.annotation.CurrentUser;
+import com.xkl.authorization.annotation.Sign;
 import com.xkl.config.Constants;
 import com.xkl.domain.*;
 import com.xkl.model.ReportDetailModel;
@@ -46,7 +47,7 @@ public class ReportController {
 
     @RequestMapping(value="/list",method = RequestMethod.GET)
     @Authorization
-    //@Sign
+    @Sign
     @ApiOperation(value = "体检报告列表查询接口")
     @ApiImplicitParams({
             @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息：userId_tokens", required = true, dataType = "string", paramType = "header"),
@@ -60,7 +61,7 @@ public class ReportController {
 
     @RequestMapping(value="/detail",method = RequestMethod.GET)
     @Authorization
-    //@Sign
+    @Sign
     @ApiOperation(value = "体检报告详情查询接口")
     @ApiImplicitParams({
             @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息：userId_tokens", required = true, dataType = "string", paramType = "header"),
@@ -100,7 +101,7 @@ public class ReportController {
 
     @RequestMapping(value="/score",method = RequestMethod.GET)
     @Authorization
-    //@Sign
+    @Sign
     @ApiOperation(value = "健康评分接口(测试service用，后续可以注释掉)")
     @ApiImplicitParams({
             @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息：userId_tokens", required = true, dataType = "string", paramType = "header"),
@@ -114,7 +115,7 @@ public class ReportController {
 
     @RequestMapping(value="/itemInfo",method = RequestMethod.GET)
     @Authorization
-    //@Sign
+    @Sign
     @ApiOperation(value = "指标解释查询接口")
     @ApiImplicitParams({
             @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息：userId_tokens", required = true, dataType = "string", paramType = "header"),
@@ -138,7 +139,7 @@ public class ReportController {
 
     @RequestMapping(value="/itemGraph",method = RequestMethod.GET)
     @Authorization
-    //@Sign
+    @Sign
     @ApiOperation(value = "指标曲线查询接口")
     @ApiImplicitParams({
             @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息：userId_tokens", required = true, dataType = "string", paramType = "header"),

@@ -2,6 +2,7 @@ package com.xkl.controller;
 
 import com.xkl.authorization.annotation.Authorization;
 import com.xkl.authorization.annotation.CurrentUser;
+import com.xkl.authorization.annotation.Sign;
 import com.xkl.authorization.manager.ITokenManager;
 import com.xkl.authorization.model.TokenModel;
 import com.xkl.config.ResultStatus;
@@ -35,7 +36,7 @@ public class TokenController {
     @Autowired
     private ITokenManager tokenManager;
 
-    //@Sign
+    @Sign
     @RequestMapping(method = RequestMethod.POST)
     @ApiOperation(value = "用户登录接口")
     public ResponseEntity<ResultModel> login(HttpServletRequest request,@RequestParam String username, @RequestParam String password,
@@ -46,7 +47,7 @@ public class TokenController {
         User user = loginService.check(username, password);
 
         if (user == null) {//用户，密码错误
-            return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND);
+            return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         }
         //生成一个token，保存用户登录状态
         TokenModel model = tokenManager.createToken(String.valueOf(user.getId()));
@@ -55,13 +56,14 @@ public class TokenController {
 
 
     @Authorization
-    //@Sign
+    @Sign
     @RequestMapping(method = RequestMethod.DELETE)
     @ApiOperation(value = "退出登录")
     @ApiImplicitParams({
             @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息：userId_tokens", required = true, dataType = "string", paramType = "header"),
     })
-    public ResponseEntity<ResultModel> logout(@CurrentUser User user) {
+    public ResponseEntity<ResultModel> logout(HttpServletRequest request,@CurrentUser User user,
+                                              @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
         tokenManager.deleteToken(String.valueOf(user.getId()));
         return new ResponseEntity<>(ResultModel.ok(ResultStatus.USER_LOGOUT), HttpStatus.OK);
     }

@@ -42,7 +42,7 @@ public class UserInfoController {
 
 
     @AntiXSS
-    //@Sign
+    @Sign
     @RequestMapping(method = RequestMethod.POST)
     @ApiOperation(value = "用户注册接口")
     public ResponseEntity<ResultModel> register(HttpServletRequest request,@RequestParam String username, @RequestParam String password,
@@ -52,7 +52,7 @@ public class UserInfoController {
 
         User user = userRepository.findByLoginAccount(username);
         if (user != null ) {  //用户已注册
-            return new ResponseEntity<>(ResultModel.error(ResultStatus.USER_IS_EXIT), HttpStatus.NOT_FOUND);
+            return new ResponseEntity<>(ResultModel.error(ResultStatus.USER_IS_EXIT), HttpStatus.OK);
         }else{
             String salt= SecurityTool.genSalt();
             String pass=SecurityTool.getPassword(username,password,salt);
@@ -76,7 +76,7 @@ public class UserInfoController {
 
     @Authorization
     @AntiXSS
-    //@Sign
+    @Sign
     @RequestMapping(method = RequestMethod.PUT)
     @ApiOperation(value = "用户密码修改接口")
     @ApiImplicitParams({
@@ -94,9 +94,10 @@ public class UserInfoController {
         return new ResponseEntity<>(new ResultModel(ResultStatus.USER_MODPASS_LOGOUT), HttpStatus.OK);
     }
 
-    @RequestMapping(method = RequestMethod.GET)
+
     @Authorization
-    //@Sign
+    @Sign
+    @RequestMapping(method = RequestMethod.GET)
     @ApiOperation(value = "个人信息查询接口")
     @ApiImplicitParams({
             @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息：userId_tokens", required = true, dataType = "string", paramType = "header"),