diff --git a/jeecg-boot-master/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java b/jeecg-boot-master/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java index 2e572bbf..87d2159e 100644 --- a/jeecg-boot-master/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java +++ b/jeecg-boot-master/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java @@ -42,6 +42,7 @@ import org.jeecgframework.poi.excel.entity.ImportParams; import org.jeecgframework.poi.excel.view.JeecgEntityExcelView; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; +import org.springframework.http.HttpStatus; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartHttpServletRequest; @@ -1133,14 +1134,31 @@ public class SysUserController { public Result sturUserRegister(@RequestBody JSONObject jsonObject, SysUser user) { Result result = new Result(); String phone = jsonObject.getString("phone"); - String smscode = jsonObject.getString("smscode"); + String captcha = jsonObject.getString("smscode"); String departmentid = jsonObject.getString("departmentid"); String realname = jsonObject.getString("realname"); + String checkKey = jsonObject.getString("checkKey"); + if(captcha==null){ + result.error500("验证码无效"); + return result; + } + + String lowerCaseCaptcha = captcha.toLowerCase(); //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; - Object code = redisUtil.get(redisKey); + // 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可 + String origin = lowerCaseCaptcha+checkKey+jeecgBaseConfig.getSignatureSecret(); + String realKey = Md5Util.md5Encode(origin, "utf-8"); //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + Object checkCode = redisUtil.get(realKey); + //当进入登录页时,有一定几率出现验证码错误 #1714 + if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) { + log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", checkKey, lowerCaseCaptcha, checkCode); + result.error500("验证码错误"); + // 改成特殊的code 便于前端判断 + result.setCode(HttpStatus.PRECONDITION_FAILED.value()); + return result; + } String username = jsonObject.getString("username"); //未设置用户名,则用手机号作为用户名 @@ -1163,16 +1181,6 @@ public class SysUserController { return result; } - if(null == code){ - result.setMessage("验证码失效,请重新获取"); - result.setSuccess(false); - return result; - } - if (!smscode.equals(code.toString())) { - result.setMessage("验证码错误!"); - result.setSuccess(false); - return result; - } if(oConvertUtils.isEmpty(realname)){ realname = username; } diff --git a/jeecgboot-vue3-master/src/locales/lang/en/sys.ts b/jeecgboot-vue3-master/src/locales/lang/en/sys.ts index e0d54c00..9e3fd2ae 100644 --- a/jeecgboot-vue3-master/src/locales/lang/en/sys.ts +++ b/jeecgboot-vue3-master/src/locales/lang/en/sys.ts @@ -87,6 +87,7 @@ export default { // placeholder accountPlaceholder: 'Please input username', passwordPlaceholder: 'Please input password', + selectdep: 'Please select dep', smsPlaceholder: 'Please input sms code', mobilePlaceholder: 'Please input mobile', policyPlaceholder: 'Register after checking', diff --git a/jeecgboot-vue3-master/src/locales/lang/zh-CN/sys.ts b/jeecgboot-vue3-master/src/locales/lang/zh-CN/sys.ts index b76960b2..6d020b7c 100644 --- a/jeecgboot-vue3-master/src/locales/lang/zh-CN/sys.ts +++ b/jeecgboot-vue3-master/src/locales/lang/zh-CN/sys.ts @@ -86,6 +86,7 @@ export default { // placeholder accountPlaceholder: '请输入账号', passwordPlaceholder: '请输入密码', + selectdep: '请选择学院院系', inputCodePlaceholder: '请输入验证码', smsPlaceholder: '请输入验证码', mobilePlaceholder: '请输入手机号码', diff --git a/jeecgboot-vue3-master/src/views/system/loginmini/MiniRegister.vue b/jeecgboot-vue3-master/src/views/system/loginmini/MiniRegister.vue index ce776160..ba2d25c0 100644 --- a/jeecgboot-vue3-master/src/views/system/loginmini/MiniRegister.vue +++ b/jeecgboot-vue3-master/src/views/system/loginmini/MiniRegister.vue @@ -82,7 +82,7 @@
- +
@@ -220,6 +220,10 @@ const randCodeData = reactive({ createMessage.warn(t('sys.login.smsPlaceholder')); return; } + if (!formData.department) { + createMessage.warn(t('sys.login.selectdep')); + return; + } if (!formData.password) { createMessage.warn(t('sys.login.passwordPlaceholder')); return; @@ -252,6 +256,7 @@ const randCodeData = reactive({ password: formData.password, phone: formData.mobile, smscode: formData.smscode, + checkKey: randCodeData.checkKey, }) ); if (resultInfo && resultInfo.data.success) {