From c661796dcbc4888b6f5ed9c26222596d9adfe58c Mon Sep 17 00:00:00 2001 From: admin <417727563@qq.com> Date: Thu, 25 Jul 2024 16:41:27 +0800 Subject: [PATCH 1/2] =?UTF-8?q?25-=E7=94=A8=E6=88=B7=E6=B3=A8=E5=86=8C-?= =?UTF-8?q?=E5=AE=8C=E7=BB=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../system/controller/SysUserController.java | 34 ++++++++++++------- .../src/locales/lang/en/sys.ts | 1 + .../src/locales/lang/zh-CN/sys.ts | 1 + .../views/system/loginmini/MiniRegister.vue | 7 +++- 4 files changed, 29 insertions(+), 14 deletions(-) diff --git a/jeecg-boot-master/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java b/jeecg-boot-master/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java index 2e572bbf..87d2159e 100644 --- a/jeecg-boot-master/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java +++ b/jeecg-boot-master/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java @@ -42,6 +42,7 @@ import org.jeecgframework.poi.excel.entity.ImportParams; import org.jeecgframework.poi.excel.view.JeecgEntityExcelView; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpStatus; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartHttpServletRequest; @@ -1133,14 +1134,31 @@ public class SysUserController { public Result sturUserRegister(@RequestBody JSONObject jsonObject, SysUser user) { Result result = new Result(); String phone = jsonObject.getString("phone"); - String smscode = jsonObject.getString("smscode"); + String captcha = jsonObject.getString("smscode"); String departmentid = jsonObject.getString("departmentid"); String realname = jsonObject.getString("realname"); + String checkKey = jsonObject.getString("checkKey"); + if(captcha==null){ + result.error500("验证码无效"); + return result; + } + + String lowerCaseCaptcha = captcha.toLowerCase(); //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; - Object code = redisUtil.get(redisKey); + // 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可 + String origin = lowerCaseCaptcha+checkKey+jeecgBaseConfig.getSignatureSecret(); + String realKey = Md5Util.md5Encode(origin, "utf-8"); //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + Object checkCode = redisUtil.get(realKey); + //当进入登录页时,有一定几率出现验证码错误 #1714 + if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) { + log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", checkKey, lowerCaseCaptcha, checkCode); + result.error500("验证码错误"); + // 改成特殊的code 便于前端判断 + result.setCode(HttpStatus.PRECONDITION_FAILED.value()); + return result; + } String username = jsonObject.getString("username"); //未设置用户名,则用手机号作为用户名 @@ -1163,16 +1181,6 @@ public class SysUserController { return result; } - if(null == code){ - result.setMessage("验证码失效,请重新获取"); - result.setSuccess(false); - return result; - } - if (!smscode.equals(code.toString())) { - result.setMessage("验证码错误!"); - result.setSuccess(false); - return result; - } if(oConvertUtils.isEmpty(realname)){ realname = username; } diff --git a/jeecgboot-vue3-master/src/locales/lang/en/sys.ts b/jeecgboot-vue3-master/src/locales/lang/en/sys.ts index e0d54c00..9e3fd2ae 100644 --- a/jeecgboot-vue3-master/src/locales/lang/en/sys.ts +++ b/jeecgboot-vue3-master/src/locales/lang/en/sys.ts @@ -87,6 +87,7 @@ export default { // placeholder accountPlaceholder: 'Please input username', passwordPlaceholder: 'Please input password', + selectdep: 'Please select dep', smsPlaceholder: 'Please input sms code', mobilePlaceholder: 'Please input mobile', policyPlaceholder: 'Register after checking', diff --git a/jeecgboot-vue3-master/src/locales/lang/zh-CN/sys.ts b/jeecgboot-vue3-master/src/locales/lang/zh-CN/sys.ts index b76960b2..6d020b7c 100644 --- a/jeecgboot-vue3-master/src/locales/lang/zh-CN/sys.ts +++ b/jeecgboot-vue3-master/src/locales/lang/zh-CN/sys.ts @@ -86,6 +86,7 @@ export default { // placeholder accountPlaceholder: '请输入账号', passwordPlaceholder: '请输入密码', + selectdep: '请选择学院院系', inputCodePlaceholder: '请输入验证码', smsPlaceholder: '请输入验证码', mobilePlaceholder: '请输入手机号码', diff --git a/jeecgboot-vue3-master/src/views/system/loginmini/MiniRegister.vue b/jeecgboot-vue3-master/src/views/system/loginmini/MiniRegister.vue index ce776160..ba2d25c0 100644 --- a/jeecgboot-vue3-master/src/views/system/loginmini/MiniRegister.vue +++ b/jeecgboot-vue3-master/src/views/system/loginmini/MiniRegister.vue @@ -82,7 +82,7 @@
- +
@@ -220,6 +220,10 @@ const randCodeData = reactive({ createMessage.warn(t('sys.login.smsPlaceholder')); return; } + if (!formData.department) { + createMessage.warn(t('sys.login.selectdep')); + return; + } if (!formData.password) { createMessage.warn(t('sys.login.passwordPlaceholder')); return; @@ -252,6 +256,7 @@ const randCodeData = reactive({ password: formData.password, phone: formData.mobile, smscode: formData.smscode, + checkKey: randCodeData.checkKey, }) ); if (resultInfo && resultInfo.data.success) { From f7b1467d3dd3fca99f9c2de3d0c918905bbab956 Mon Sep 17 00:00:00 2001 From: admin <417727563@qq.com> Date: Fri, 26 Jul 2024 14:55:36 +0800 Subject: [PATCH 2/2] =?UTF-8?q?26-=E5=8A=9F=E8=83=BD-=E5=A5=96=E9=A1=B9?= =?UTF-8?q?=E7=AE=A1=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/AnnualCompAwardController.java | 1 + .../controller/CompskillController.java | 20 +++++++++----- .../src/router/routes/index.ts | 8 +++--- .../depart/DepartAbilityEvaluation.data.ts | 6 +++-- .../committee/AnnualCompPointList.vue | 2 +- .../committee/AnnualCompPoint_menu_insert.sql | 26 ------------------- .../components/AnnualCompPointForm.vue | 2 +- .../AnnualCompPoint_menu_insert.sql | 26 ------------------- .../annualcompaward/AnnualCompAwardList.vue | 2 +- .../AnnualCompAward_menu_insert.sql | 26 ------------------- .../src/views/compskill/Compskill.data.ts | 18 ++++++++++--- .../src/views/compskill/CompskillList.vue | 13 +++++----- .../views/compskill/Compskill_menu_insert.sql | 26 ------------------- .../compskill/components/CompskillModal.vue | 7 ++--- .../system/usercompexpert/UserDrawer.vue | 3 +-- .../views/system/usercompexpert/user.data.ts | 17 +++++++++--- 16 files changed, 64 insertions(+), 139 deletions(-) delete mode 100644 jeecgboot-vue3-master/src/views/annualCompPoint/committee/AnnualCompPoint_menu_insert.sql delete mode 100644 jeecgboot-vue3-master/src/views/annualCompPoint/department/AnnualCompPoint_menu_insert.sql delete mode 100644 jeecgboot-vue3-master/src/views/annualcompaward/AnnualCompAward_menu_insert.sql delete mode 100644 jeecgboot-vue3-master/src/views/compskill/Compskill_menu_insert.sql diff --git a/jeecg-boot-master/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/annualcompaward/controller/AnnualCompAwardController.java b/jeecg-boot-master/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/annualcompaward/controller/AnnualCompAwardController.java index ee01aae9..c200b48a 100644 --- a/jeecg-boot-master/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/annualcompaward/controller/AnnualCompAwardController.java +++ b/jeecg-boot-master/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/annualcompaward/controller/AnnualCompAwardController.java @@ -94,6 +94,7 @@ public class AnnualCompAwardController extends JeecgController queryWrapper = new LambdaQueryWrapper<>(); + queryWrapper.orderByDesc(AnnualCompAward::getCreateTime); Page page = new Page(pageNo, pageSize); // 查询所属当前登录用户数据 if (containsEfficientRole) diff --git a/jeecg-boot-master/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/compskill/controller/CompskillController.java b/jeecg-boot-master/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/compskill/controller/CompskillController.java index 1f2d530a..2d20780a 100644 --- a/jeecg-boot-master/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/compskill/controller/CompskillController.java +++ b/jeecg-boot-master/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/compskill/controller/CompskillController.java @@ -90,7 +90,7 @@ public class CompskillController extends JeecgController roleList = iSysUserRoleService.getUserRoleByUserId(loginUser.getId()); Map roleMap = Optional.ofNullable(roleList).orElse(new LinkedList<>()).stream().collect(Collectors.toMap(SysRole::getRoleCode, SysRole::getRoleCode)); - //角色编码 管理员&组委会&教务处 可以看到所有,其它用户可见到所属自己数据 + //角色编码 管理员&组委会&学校管理员 可以看到所有,其它用户可见到所属自己数据 Map efficientRoleMap = new LinkedHashMap<>(); efficientRoleMap.put("admin", "admin"); efficientRoleMap.put("committee", "committee"); @@ -98,9 +98,9 @@ public class CompskillController extends JeecgController queryWrapper = new LambdaQueryWrapper<>(); // 查询所属当前登录用户数据 - if (!efficientRoleMap.containsValue(roleMap.get("admin")) - && !efficientRoleMap.containsValue(roleMap.get("committee")) - && !efficientRoleMap.containsValue(roleMap.get("superAdmin"))) { + if (efficientRoleMap.containsValue(roleMap.get("admin")) + || efficientRoleMap.containsValue(roleMap.get("committee")) + || efficientRoleMap.containsValue(roleMap.get("superAdmin"))) { List compList = iCompService.list(new LambdaQueryWrapper().eq(Comp::getCompAdmin, loginUser.getUsername())); if (!ObjectUtils.isEmpty(compList)) { Set compIds = compList.stream().map(c -> c.getId()).collect(Collectors.toSet()); @@ -133,7 +133,13 @@ public class CompskillController extends JeecgController basicsskillList= basicsskillService.query().eq("id", compskill1.getCapacityid()).list(); + Basicsskill basicsskill=null; + if(basicsskillList.size()>0) + { + basicsskill=basicsskillList.get(0); + } + if (annualCompPoint != null && basicsskill != null && annualComp != null && annual != null) { compskill1.setAnnucompid(annualCompPoint.getObjName()); compskill1.setCapacityid(basicsskill.getName()); @@ -157,14 +163,14 @@ public class CompskillController extends JeecgController add(@RequestBody Compskill compskill) { - if (compskill != null) { + /* if (compskill != null) { AnnualCompPoint annualCompPoint = annualCompPointService.query().eq("obj_name", compskill.getAnnucompid()).one(); Basicsskill basicsskill = basicsskillService.query().eq("name", compskill.getCapacityid()).one(); if (annualCompPoint != null && basicsskill != null) { compskill.setAnnucompid(annualCompPoint.getId()); compskill.setCapacityid(basicsskill.getId()); } - } + }*/ compskillService.save(compskill); return Result.OK("添加成功!"); } diff --git a/jeecgboot-vue3-master/src/router/routes/index.ts b/jeecgboot-vue3-master/src/router/routes/index.ts index 23e65368..eb35dc67 100644 --- a/jeecgboot-vue3-master/src/router/routes/index.ts +++ b/jeecgboot-vue3-master/src/router/routes/index.ts @@ -95,7 +95,7 @@ export const compcom = { title:'年度比赛项目', }, children:[ - { + /* { path:'annualcompaward', name:'annualcompaward', component: ()=> import('/@/views/annualcompaward/AnnualCompAwardList.vue'), @@ -103,8 +103,8 @@ export const compcom = { title:'比赛奖项管理' } - }, - { + },*/ +/* { path:'compskill', name:'compskill', component: ()=> import('/@/views/compskill/CompskillList.vue'), @@ -112,7 +112,7 @@ export const compcom = { title:'项目能力管理' } - }, + },*/ { path:'topic', name:'topic', diff --git a/jeecgboot-vue3-master/src/views/abilityEvaluation/depart/DepartAbilityEvaluation.data.ts b/jeecgboot-vue3-master/src/views/abilityEvaluation/depart/DepartAbilityEvaluation.data.ts index 525362a0..fe950756 100644 --- a/jeecgboot-vue3-master/src/views/abilityEvaluation/depart/DepartAbilityEvaluation.data.ts +++ b/jeecgboot-vue3-master/src/views/abilityEvaluation/depart/DepartAbilityEvaluation.data.ts @@ -86,7 +86,8 @@ export const formSchema: FormSchema[] = [ component: 'Input', componentProps:{ disabled: true, - } + }, + show: false }, { label: '能力值', @@ -94,7 +95,8 @@ export const formSchema: FormSchema[] = [ component: 'InputNumber', componentProps:{ disabled: true, - } + }, + show: false }, // TODO 主键隐藏字段,目前写死为ID diff --git a/jeecgboot-vue3-master/src/views/annualCompPoint/committee/AnnualCompPointList.vue b/jeecgboot-vue3-master/src/views/annualCompPoint/committee/AnnualCompPointList.vue index f828318d..06e125db 100644 --- a/jeecgboot-vue3-master/src/views/annualCompPoint/committee/AnnualCompPointList.vue +++ b/jeecgboot-vue3-master/src/views/annualCompPoint/committee/AnnualCompPointList.vue @@ -19,7 +19,7 @@ 导入报名 - 导出报名的模版 + 导入报名的模版