Upsoft pass testing, fix little bug

 git add --all src/*
 git add --all src/*
 git add push.sh
 git add push.sh
 git add pom.xml
 git add pom.xml
-git commit -m "FIX some conflicts"
+git commit -m "Upsoft pass testing, fix little bug"
 git push origin zhaoyue-dev2
 git push origin zhaoyue-dev2
 git status
 git status

@@ -2,6 +2,7 @@ package com.xkl.authorization.resolvers;
 
 
 import com.xkl.authorization.annotation.CurrentAdmin;
 import com.xkl.authorization.annotation.CurrentAdmin;
 import com.xkl.config.Constants;
 import com.xkl.config.Constants;
+import com.xkl.controller.uploadsoft.UpSoftAccountController;
 import com.xkl.domain.Admin;
 import com.xkl.domain.Admin;
 import com.xkl.repository.AdminRepository;
 import com.xkl.repository.AdminRepository;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -16,7 +17,8 @@ import org.springframework.web.multipart.support.MissingServletRequestPartExcept
 
 
 /**
 /**
  * 增加方法注入，将含有CurrentAdmin注解的方法参数注入当前登录用户
  * 增加方法注入，将含有CurrentAdmin注解的方法参数注入当前登录用户
- * @see  CurrentAdmin
+ *
+ * @see CurrentAdmin
  */
  */
 @Component
 @Component
 public class CurrentAdminMethodArgumentResolver implements HandlerMethodArgumentResolver {
 public class CurrentAdminMethodArgumentResolver implements HandlerMethodArgumentResolver {
@@ -37,10 +39,11 @@ public class CurrentAdminMethodArgumentResolver implements HandlerMethodArgument
     @Override
     @Override
     public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
     public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
         //取出鉴权时存入的登录用户Id
         //取出鉴权时存入的登录用户Id
-        Long currentAdminId = (Long) webRequest.getAttribute(Constants.CURRENT_USER_ID, RequestAttributes.SCOPE_REQUEST);
+        String currentAdminId = ((String) webRequest.getAttribute(Constants.CURRENT_USER_ID, RequestAttributes.SCOPE_REQUEST)).replace(UpSoftAccountController.UPSOFT_TOKEN_PREFIX, "");
         if (currentAdminId != null) {
         if (currentAdminId != null) {
             //从数据库中查询并返回
             //从数据库中查询并返回
-            return adminRepository.findOne(currentAdminId);
+            Admin admin = adminRepository.findByIdAndStatus(Long.parseLong(currentAdminId), Constants.STATUS_OK);
+            return admin;
         }
         }
         throw new MissingServletRequestPartException(Constants.CURRENT_USER_ID);
         throw new MissingServletRequestPartException(Constants.CURRENT_USER_ID);
     }
     }

@@ -66,4 +66,9 @@ public interface Constants {
     public static final int LOWER = 1;
     public static final int LOWER = 1;
     public static final int HIGHER = 2;
     public static final int HIGHER = 2;
 
 
+    public static final int STATUS_BAD = 0;
+    public static final boolean STATUS_BAD2 = false;
+    public static final int STATUS_OK = 1;
+    public static final boolean STATUS_OK2= true;
+
 }
 }

-package com.xkl.config;
+package com.xkl;
 
 
 import com.mangofactory.swagger.configuration.SpringSwaggerConfig;
 import com.mangofactory.swagger.configuration.SpringSwaggerConfig;
 import com.mangofactory.swagger.models.dto.ApiInfo;
 import com.mangofactory.swagger.models.dto.ApiInfo;
@@ -10,6 +10,8 @@ import org.springframework.context.annotation.Configuration;
 
 
 import java.sql.Timestamp;
 import java.sql.Timestamp;
 
 
+//import springfox.documentation.service.ApiInfo;
+
 /**
 /**
  * swagger-ui的配置
  * swagger-ui的配置
  */
  */
@@ -29,7 +31,7 @@ public class SwaggerConfig {
         return new SwaggerSpringMvcPlugin(this.springSwaggerConfig)
         return new SwaggerSpringMvcPlugin(this.springSwaggerConfig)
                 .apiInfo(new ApiInfo("xkl RESTful Api",
                 .apiInfo(new ApiInfo("xkl RESTful Api",
                         null, null, null, null, null)).
                         null, null, null, null, null)).
-                        //将Timestamp类型全部转为Long类型
+                //将Timestamp类型全部转为Long类型
                         directModelSubstitute(Timestamp.class, Long.class);
                         directModelSubstitute(Timestamp.class, Long.class);
     }
     }
 
 

 package com.xkl.controller;
 package com.xkl.controller;
 
 
+import com.wordnik.swagger.annotations.ApiImplicitParam;
+import com.wordnik.swagger.annotations.ApiImplicitParams;
+import com.wordnik.swagger.annotations.ApiOperation;
 import com.xkl.authorization.annotation.Authorization;
 import com.xkl.authorization.annotation.Authorization;
 import com.xkl.authorization.annotation.CurrentUser;
 import com.xkl.authorization.annotation.CurrentUser;
 import com.xkl.authorization.annotation.Sign;
 import com.xkl.authorization.annotation.Sign;
@@ -8,11 +11,6 @@ import com.xkl.authorization.model.TokenModel;
 import com.xkl.config.ResultStatus;
 import com.xkl.config.ResultStatus;
 import com.xkl.domain.User;
 import com.xkl.domain.User;
 import com.xkl.model.ResultModel;
 import com.xkl.model.ResultModel;
-import com.xkl.repository.UserRepository;
-import com.wordnik.swagger.annotations.ApiImplicitParam;
-import com.wordnik.swagger.annotations.ApiImplicitParams;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.xkl.security.SecurityTool;
 import com.xkl.service.ILoginService;
 import com.xkl.service.ILoginService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.HttpStatus;
@@ -39,16 +37,15 @@ public class TokenController {
     @Sign
     @Sign
     @RequestMapping(method = RequestMethod.POST)
     @RequestMapping(method = RequestMethod.POST)
     @ApiOperation(value = "用户登录接口")
     @ApiOperation(value = "用户登录接口")
-    public ResponseEntity<ResultModel> login(HttpServletRequest request,@RequestParam String username, @RequestParam String password,
-                                             @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
-        if(!(boolean)request.getAttribute("signAspect"))
+    public ResponseEntity<ResultModel> login(HttpServletRequest request, @RequestParam String username, @RequestParam String password,
+                                             @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
+        if (!(boolean) request.getAttribute("signAspect"))
             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
 
 
         Assert.notNull(username, "username can not be empty");
         Assert.notNull(username, "username can not be empty");
         Assert.notNull(password, "password can not be empty");
         Assert.notNull(password, "password can not be empty");
 
 
         User user = loginService.check(username, password);
         User user = loginService.check(username, password);
-
         if (user == null) {//用户，密码错误
         if (user == null) {//用户，密码错误
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         }
         }
@@ -65,9 +62,9 @@ public class TokenController {
     @ApiImplicitParams({
     @ApiImplicitParams({
             @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息：userId_tokens", required = true, dataType = "string", paramType = "header"),
             @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息：userId_tokens", required = true, dataType = "string", paramType = "header"),
     })
     })
-    public ResponseEntity<ResultModel> logout(HttpServletRequest request,@CurrentUser User user,
-                                              @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
-        if(!(boolean)request.getAttribute("signAspect"))
+    public ResponseEntity<ResultModel> logout(HttpServletRequest request, @CurrentUser User user,
+                                              @RequestParam String sign, @RequestParam long t, @RequestParam int type) {
+        if (!(boolean) request.getAttribute("signAspect"))
             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
             return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
 
 
         tokenManager.deleteToken(String.valueOf(user.getId()));
         tokenManager.deleteToken(String.valueOf(user.getId()));

@@ -4,6 +4,7 @@ import com.xkl.authorization.annotation.Authorization;
 import com.xkl.authorization.annotation.CurrentUser;
 import com.xkl.authorization.annotation.CurrentUser;
 import com.xkl.authorization.annotation.Sign;
 import com.xkl.authorization.annotation.Sign;
 import com.xkl.authorization.manager.ITokenManager;
 import com.xkl.authorization.manager.ITokenManager;
+import com.xkl.config.Constants;
 import com.xkl.config.ResultStatus;
 import com.xkl.config.ResultStatus;
 import com.xkl.domain.User;
 import com.xkl.domain.User;
 import com.xkl.domain.XklMemberEntity;
 import com.xkl.domain.XklMemberEntity;
@@ -53,7 +54,7 @@ public class UserInfoController {
         Assert.notNull(username, "username can not be empty");
         Assert.notNull(username, "username can not be empty");
         Assert.notNull(password, "password can not be empty");
         Assert.notNull(password, "password can not be empty");
 
 
-        User user = userRepository.findByLoginAccount(username);
+        User user = userRepository.findByLoginAccountAndStatus(username, Constants.STATUS_OK2);
         if (user != null ) {  //用户已注册
         if (user != null ) {  //用户已注册
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USER_IS_EXIT), HttpStatus.OK);
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USER_IS_EXIT), HttpStatus.OK);
         }else{
         }else{

 package com.xkl.controller.uploadsoft;
 package com.xkl.controller.uploadsoft;
 
 
-import com.wordnik.swagger.annotations.*;
+import com.wordnik.swagger.annotations.Api;
+import com.wordnik.swagger.annotations.ApiImplicitParam;
+import com.wordnik.swagger.annotations.ApiImplicitParams;
+import com.wordnik.swagger.annotations.ApiOperation;
 import com.xkl.authorization.annotation.Authorization;
 import com.xkl.authorization.annotation.Authorization;
 import com.xkl.authorization.annotation.CurrentAdmin;
 import com.xkl.authorization.annotation.CurrentAdmin;
-import com.xkl.authorization.annotation.CurrentUser;
 import com.xkl.authorization.manager.ITokenManager;
 import com.xkl.authorization.manager.ITokenManager;
 import com.xkl.authorization.model.TokenModel;
 import com.xkl.authorization.model.TokenModel;
 import com.xkl.config.Constants;
 import com.xkl.config.Constants;
 import com.xkl.config.ResultStatus;
 import com.xkl.config.ResultStatus;
-import com.xkl.domain.AMPMachine;
 import com.xkl.domain.Admin;
 import com.xkl.domain.Admin;
 import com.xkl.model.ResultModel;
 import com.xkl.model.ResultModel;
 import com.xkl.repository.AMPMachineRepository;
 import com.xkl.repository.AMPMachineRepository;
 import com.xkl.repository.AdminRepository;
 import com.xkl.repository.AdminRepository;
-import org.hibernate.validator.constraints.SafeHtml;
+import com.xkl.security.SecurityTool;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.ResponseEntity;
@@ -39,29 +40,33 @@ public class UpSoftAccountController {
     @Autowired
     @Autowired
     private ITokenManager tokenManager;
     private ITokenManager tokenManager;
 
 
-    private static final String UPSOFT_TOKEN_PREFIX = "UPSOFT_TOKEN";
+    public static final String UPSOFT_TOKEN_PREFIX = "UPSOFTTOKEN";
 
 
     @RequestMapping(method = RequestMethod.POST)
     @RequestMapping(method = RequestMethod.POST)
     @ApiOperation(value = "报告上传软件登录", notes = "login")
     @ApiOperation(value = "报告上传软件登录", notes = "login")
 
 
-    public ResponseEntity<ResultModel> login(@RequestParam String account, @RequestParam String password
-            , @RequestParam String ampserial, @RequestParam String ampkey) {
+    public ResponseEntity<ResultModel> login(@RequestParam String account, @RequestParam String password) {
+        //  , @RequestParam String ampserial, @RequestParam String ampkey
         Assert.notNull(account, "account can not be empty");
         Assert.notNull(account, "account can not be empty");
         Assert.notNull(password, "password can not be empty");
         Assert.notNull(password, "password can not be empty");
-        Assert.notNull(ampserial, "ampserial can not be empty");
-        Assert.notNull(ampkey, "ampkey can not be empty");
-
-        AMPMachine ampMachine = ampMachineRepository.findBySecretKey(ampkey.trim());
-        if (ampMachine == null ||// 未找到密钥所对应的机器
-                !ampMachine.getAMPSerial().equals(ampserial) ||//amp序号不符合
-                ampMachine.getStatus() != 1) {//用户无效
-            return new ResponseEntity<>(ResultModel.error(ResultStatus.AMP_KEY_ERROR), HttpStatus.NOT_FOUND);
-
+//        Assert.notNull(ampserial, "ampserial can not be empty");
+//        Assert.notNull(ampkey, "ampkey can not be empty");
+//        AMPMachine ampMachine = ampMachineRepository.findBySecretKey(ampkey.trim());
+//        if (ampMachine == null ||// 未找到密钥所对应的机器
+//                !ampMachine.getAMPSerial().equals(ampserial) ||//amp序号不符合
+//                ampMachine.getStatus() != 1) {//用户无效
+//            return new ResponseEntity<>(ResultModel.error(ResultStatus.AMP_KEY_ERROR), HttpStatus.NOT_FOUND);
+//        }
+        Admin admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK);
+        //未注册
+        if (admin == null) {
+            //提示用户名或密码错误
+            return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND);
         }
         }
-
-        Admin admin = adminRepository.findByAccount(account);
-        if (admin == null ||  //未注册
-                !admin.getPwd().equals(password) ||//密码错误
+        String salt = admin.getSalt();
+        String pass_in_db = admin.getPwd();
+        String calcuPass = SecurityTool.getPassword(account, password, salt);
+        if (!calcuPass.equals(pass_in_db) ||//密码错误
                 admin.getStatus() != 1) {//用户无效
                 admin.getStatus() != 1) {//用户无效
             //提示用户名或密码错误
             //提示用户名或密码错误
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND);
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND);
@@ -83,17 +88,20 @@ public class UpSoftAccountController {
         return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
         return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
     }
     }
 
 
-    @RequestMapping(value = "/upsoft/modpwd", method = RequestMethod.PUT)
+    @RequestMapping(method = RequestMethod.PUT)
     @Authorization
     @Authorization
     @ApiOperation(value = "报告上传软件修改密码")
     @ApiOperation(value = "报告上传软件修改密码")
     @ApiImplicitParams({
     @ApiImplicitParams({
             @ApiImplicitParam(name = "authorization", value = "请以如下格式输入登录返回信息：adminId_tokens", required = true, dataType = "string", paramType = "header"),
             @ApiImplicitParam(name = "authorization", value = "请以如下格式输入登录返回信息：adminId_tokens", required = true, dataType = "string", paramType = "header"),
     })
     })
     public ResponseEntity<ResultModel> modpwd(@CurrentAdmin Admin admin, @RequestParam String newpwd) {
     public ResponseEntity<ResultModel> modpwd(@CurrentAdmin Admin admin, @RequestParam String newpwd) {
-
-        admin = adminRepository.findById(admin.getId());
-        admin.setPwd(newpwd);
+        Assert.notNull(newpwd, "password can not be empty");
+        String salt = SecurityTool.genSalt();
+        String pass2Db = SecurityTool.getPassword(admin.getAccount(), newpwd, salt);
+        admin.setPwd(pass2Db);
+        admin.setSalt(salt);
         adminRepository.save(admin);
         adminRepository.save(admin);
+        tokenManager.deleteToken(UPSOFT_TOKEN_PREFIX + admin.getId());
         return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
         return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
     }
     }
 }
 }

@@ -33,6 +33,10 @@ public class Admin {
     @Column(name = "coid")
     @Column(name = "coid")
     private int coid;
     private int coid;
 
 
+    //salt
+    @Column(name = "salt")
+    private String salt;
+
     //备注
     //备注
     @Column(name = "note")
     @Column(name = "note")
     private String note;
     private String note;
@@ -82,6 +86,14 @@ public class Admin {
         this.coid = coid;
         this.coid = coid;
     }
     }
 
 
+    public String getSalt() {
+        return salt;
+    }
+
+    public void setSalt(String salt) {
+        this.salt = salt;
+    }
+
     public String getNote() {
     public String getNote() {
         return note;
         return note;
     }
     }

@@ -9,7 +9,8 @@ import org.springframework.data.repository.CrudRepository;
  */
  */
 public interface AdminRepository extends CrudRepository<Admin, Long> {
 public interface AdminRepository extends CrudRepository<Admin, Long> {
 
 
-    public Admin findByAccount(String account);
-    public Admin findById(long id);
+//    public Admin findByAccount(String account);
+    public Admin findByAccountAndStatus(String account,int status);
+    public Admin findByIdAndStatus(long id,int status);
 
 
 }
 }

@@ -10,7 +10,7 @@ import org.springframework.data.repository.CrudRepository;
  * @see AMPReport
  * @see AMPReport
  */
  */
 public interface ReportRepository extends CrudRepository<AMPReport, Long> {
 public interface ReportRepository extends CrudRepository<AMPReport, Long> {
-    public AMPReport findByMd5(String md5);
+    public AMPReport findByMd5AndStatus(String md5,int status);
 
 
     public AMPReport findById(int id);
     public AMPReport findById(int id);
 
 

@@ -8,6 +8,5 @@ import org.springframework.data.repository.CrudRepository;
  * @see com.xkl.domain.User
  * @see com.xkl.domain.User
  */
  */
 public interface UserRepository extends CrudRepository<User, Long> {
 public interface UserRepository extends CrudRepository<User, Long> {
-
-    public User findByLoginAccount(String username);
+    public User findByLoginAccountAndStatus(String username,boolean status);
 }
 }

@@ -53,14 +53,14 @@ public class ReportService implements IReportService {
     public ResponseEntity<ResultModel> save(Admin admin, String json_report) {
     public ResponseEntity<ResultModel> save(Admin admin, String json_report) {
         // 验证存在性
         // 验证存在性
         String reportMd5 = SecurityTool.encode("MD5", json_report);
         String reportMd5 = SecurityTool.encode("MD5", json_report);
-        // 验证是否有对应的会员
+        // 验证是无对应的会员，rediskey
         String reportWithNoUser = reportMd5 + "Member";
         String reportWithNoUser = reportMd5 + "Member";
-        // 验证报告格式是否有问题
+        // 验证报告格式有问题，rediskey
         String reportWrongFormat = reportMd5 + "Format";
         String reportWrongFormat = reportMd5 + "Format";
         /*
         /*
          * 如果已经处理过的报告，不再进行处理。
          * 如果已经处理过的报告，不再进行处理。
          */
          */
-        AMPReport report = reportRepository.findByMd5(reportMd5);
+        AMPReport report = reportRepository.findByMd5AndStatus(reportMd5, Constants.STATUS_OK);
         if (report != null && report.getStatus() > 0) {
         if (report != null && report.getStatus() > 0) {
             // 返回，报告已存在。
             // 返回，报告已存在。
             return new ResponseEntity<>(ResultModel.ok(new ReportIdModel(report.getId())), HttpStatus.OK);
             return new ResponseEntity<>(ResultModel.ok(new ReportIdModel(report.getId())), HttpStatus.OK);
@@ -86,7 +86,7 @@ public class ReportService implements IReportService {
         /*
         /*
          * 检验会员存在性
          * 检验会员存在性
          */
          */
-        User user = userRepository.findByLoginAccount(reportData.getAmpReport().getAccount_str());
+        User user = userRepository.findByLoginAccountAndStatus(reportData.getAmpReport().getAccount_str(), Constants.STATUS_OK2);
         if (user == null) {
         if (user == null) {
             redis.boundValueOps(reportWithNoUser).set("");
             redis.boundValueOps(reportWithNoUser).set("");
             // 返回，报告对应会员不存在。
             // 返回，报告对应会员不存在。
@@ -112,9 +112,9 @@ public class ReportService implements IReportService {
     public ResponseEntity<ResultModel> delete(Admin admin, long report_id) {
     public ResponseEntity<ResultModel> delete(Admin admin, long report_id) {
         //  1. 得到report，验证报告存在性
         //  1. 得到report，验证报告存在性
         AMPReport report = reportRepository.findById((int) report_id);
         AMPReport report = reportRepository.findById((int) report_id);
-        if (report == null) {
+        if (report == null || report.getStatus() == 0) {
             // 报告不存在，返回
             // 报告不存在，返回
-            return new ResponseEntity<>(ResultModel.error(ResultStatus.REPORT_INVALID__ERROR), HttpStatus.NOT_FOUND);
+            return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
         }
         }
 
 
         // 2. 验证admin
         // 2. 验证admin