|
|
@ -42,6 +42,7 @@ import org.jeecgframework.poi.excel.entity.ImportParams; |
|
|
|
import org.jeecgframework.poi.excel.view.JeecgEntityExcelView; |
|
|
|
import org.jeecgframework.poi.excel.view.JeecgEntityExcelView; |
|
|
|
import org.springframework.beans.factory.annotation.Autowired; |
|
|
|
import org.springframework.beans.factory.annotation.Autowired; |
|
|
|
import org.springframework.beans.factory.annotation.Value; |
|
|
|
import org.springframework.beans.factory.annotation.Value; |
|
|
|
|
|
|
|
import org.springframework.http.HttpStatus; |
|
|
|
import org.springframework.web.bind.annotation.*; |
|
|
|
import org.springframework.web.bind.annotation.*; |
|
|
|
import org.springframework.web.multipart.MultipartFile; |
|
|
|
import org.springframework.web.multipart.MultipartFile; |
|
|
|
import org.springframework.web.multipart.MultipartHttpServletRequest; |
|
|
|
import org.springframework.web.multipart.MultipartHttpServletRequest; |
|
|
@ -1133,14 +1134,31 @@ public class SysUserController { |
|
|
|
public Result<JSONObject> sturUserRegister(@RequestBody JSONObject jsonObject, SysUser user) { |
|
|
|
public Result<JSONObject> sturUserRegister(@RequestBody JSONObject jsonObject, SysUser user) { |
|
|
|
Result<JSONObject> result = new Result<JSONObject>(); |
|
|
|
Result<JSONObject> result = new Result<JSONObject>(); |
|
|
|
String phone = jsonObject.getString("phone"); |
|
|
|
String phone = jsonObject.getString("phone"); |
|
|
|
String smscode = jsonObject.getString("smscode"); |
|
|
|
String captcha = jsonObject.getString("smscode"); |
|
|
|
String departmentid = jsonObject.getString("departmentid"); |
|
|
|
String departmentid = jsonObject.getString("departmentid"); |
|
|
|
String realname = jsonObject.getString("realname"); |
|
|
|
String realname = jsonObject.getString("realname"); |
|
|
|
|
|
|
|
String checkKey = jsonObject.getString("checkKey"); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if(captcha==null){ |
|
|
|
|
|
|
|
result.error500("验证码无效"); |
|
|
|
|
|
|
|
return result; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
String lowerCaseCaptcha = captcha.toLowerCase(); |
|
|
|
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
|
|
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
|
|
String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; |
|
|
|
// 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
|
|
|
|
Object code = redisUtil.get(redisKey); |
|
|
|
String origin = lowerCaseCaptcha+checkKey+jeecgBaseConfig.getSignatureSecret(); |
|
|
|
|
|
|
|
String realKey = Md5Util.md5Encode(origin, "utf-8"); |
|
|
|
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
|
|
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
|
|
|
|
|
|
|
|
Object checkCode = redisUtil.get(realKey); |
|
|
|
|
|
|
|
//当进入登录页时,有一定几率出现验证码错误 #1714
|
|
|
|
|
|
|
|
if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) { |
|
|
|
|
|
|
|
log.warn("验证码错误,key= {} , Ui checkCode= {}, Redis checkCode = {}", checkKey, lowerCaseCaptcha, checkCode); |
|
|
|
|
|
|
|
result.error500("验证码错误"); |
|
|
|
|
|
|
|
// 改成特殊的code 便于前端判断
|
|
|
|
|
|
|
|
result.setCode(HttpStatus.PRECONDITION_FAILED.value()); |
|
|
|
|
|
|
|
return result; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
String username = jsonObject.getString("username"); |
|
|
|
String username = jsonObject.getString("username"); |
|
|
|
//未设置用户名,则用手机号作为用户名
|
|
|
|
//未设置用户名,则用手机号作为用户名
|
|
|
@ -1163,16 +1181,6 @@ public class SysUserController { |
|
|
|
return result; |
|
|
|
return result; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if(null == code){ |
|
|
|
|
|
|
|
result.setMessage("验证码失效,请重新获取"); |
|
|
|
|
|
|
|
result.setSuccess(false); |
|
|
|
|
|
|
|
return result; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if (!smscode.equals(code.toString())) { |
|
|
|
|
|
|
|
result.setMessage("验证码错误!"); |
|
|
|
|
|
|
|
result.setSuccess(false); |
|
|
|
|
|
|
|
return result; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if(oConvertUtils.isEmpty(realname)){ |
|
|
|
if(oConvertUtils.isEmpty(realname)){ |
|
|
|
realname = username; |
|
|
|
realname = username; |
|
|
|
} |
|
|
|
} |
|
|
|