25-用户注册-完结

jeecg-boot-master/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java

@@ -42,6 +42,7 @@ import org.jeecgframework.poi.excel.entity.ImportParams;
 import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.multipart.MultipartHttpServletRequest;
@@ -1133,14 +1134,31 @@ public class SysUserController {
     public Result<JSONObject> sturUserRegister(@RequestBody JSONObject jsonObject, SysUser user) {
         Result<JSONObject> result = new Result<JSONObject>();
         String phone = jsonObject.getString("phone");
-        String smscode = jsonObject.getString("smscode");
+        String captcha = jsonObject.getString("smscode");
         String departmentid = jsonObject.getString("departmentid");
         String realname = jsonObject.getString("realname");
+        String checkKey = jsonObject.getString("checkKey");
 
+        if(captcha==null){
+            result.error500("验证码无效");
+            return result;
+        }
+
+        String lowerCaseCaptcha = captcha.toLowerCase();
         //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
-        String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone;
-        Object code = redisUtil.get(redisKey);
+        // 加入密钥作为混淆，避免简单的拼接，被外部利用，用户自定义该密钥即可
+        String origin = lowerCaseCaptcha+checkKey+jeecgBaseConfig.getSignatureSecret();
+        String realKey = Md5Util.md5Encode(origin, "utf-8");
         //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
+        Object checkCode = redisUtil.get(realKey);
+        //当进入登录页时，有一定几率出现验证码错误 #1714
+        if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
+            log.warn("验证码错误，key= {} , Ui checkCode= {}, Redis checkCode = {}", checkKey, lowerCaseCaptcha, checkCode);
+            result.error500("验证码错误");
+            // 改成特殊的code 便于前端判断
+            result.setCode(HttpStatus.PRECONDITION_FAILED.value());
+            return result;
+        }
 
         String username = jsonObject.getString("username");
         //未设置用户名，则用手机号作为用户名
@@ -1163,16 +1181,6 @@ public class SysUserController {
             return result;
         }
 
-        if(null == code){
-            result.setMessage("验证码失效，请重新获取");
-            result.setSuccess(false);
-            return result;
-        }
-        if (!smscode.equals(code.toString())) {
-            result.setMessage("验证码错误!");
-            result.setSuccess(false);
-            return result;
-        }
         if(oConvertUtils.isEmpty(realname)){
             realname = username;
         }

jeecgboot-vue3-master/src/locales/lang/en/sys.ts

@@ -87,6 +87,7 @@ export default {
     // placeholder
     accountPlaceholder: 'Please input username',
     passwordPlaceholder: 'Please input password',
+    selectdep: 'Please select dep',
     smsPlaceholder: 'Please input sms code',
     mobilePlaceholder: 'Please input mobile',
     policyPlaceholder: 'Register after checking',

jeecgboot-vue3-master/src/locales/lang/zh-CN/sys.ts

@@ -86,6 +86,7 @@ export default {
     // placeholder
     accountPlaceholder: '请输入账号',
     passwordPlaceholder: '请输入密码',
+    selectdep: '请选择学院院系',
     inputCodePlaceholder: '请输入验证码',
     smsPlaceholder: '请输入验证码',
     mobilePlaceholder: '请输入手机号码',

jeecgboot-vue3-master/src/views/system/loginmini/MiniRegister.vue

@@ -82,7 +82,7 @@
                   <div class="aui-inputClear">
                         <i class="icon icon-code"></i>
                         <a-form-item>
-                          <a-input class="fix-auto-fill" type="text" :placeholder="t('sys.login.inputCode')" v-model:value="formData.inputCode" />
+                          <a-input class="fix-auto-fill" type="text" :placeholder="t('sys.login.inputCode')" v-model:value="formData.smscode" />
                         </a-form-item>
                         <div class="aui-code">
                           <img v-if="randCodeData.requestCodeSuccess" :src="randCodeData.randCodeImage" @click="handleChangeCheckCode" />
@@ -220,6 +220,10 @@ const randCodeData = reactive<any>({
       createMessage.warn(t('sys.login.smsPlaceholder'));
       return;
     }
+    if (!formData.department) {
+      createMessage.warn(t('sys.login.selectdep'));
+      return;
+    }
     if (!formData.password) {
       createMessage.warn(t('sys.login.passwordPlaceholder'));
       return;
@@ -252,6 +256,7 @@ const randCodeData = reactive<any>({
           password: formData.password,
           phone: formData.mobile,
           smscode: formData.smscode,
+          checkKey: randCodeData.checkKey,
         })
       );
       if (resultInfo && resultInfo.data.success) {