账号鉴权 bug fix

mall-account/src/main/java/com/suisung/mall/account/controller/LoginController.java

@@ -119,10 +119,10 @@ public class LoginController extends BaseControllerImpl {
     /**
      * 移动端登录
      */
-    @RequestMapping(value = "/doLogin", method = RequestMethod.GET)
+    @RequestMapping(value = "/doLogin", method = {RequestMethod.GET, RequestMethod.POST})
     public CommonResult doLogin(@RequestParam(name = "user_account", required = false) String user_account,
                                 @RequestParam(name = "user_password", required = false) String user_password) {
-        if (StrUtil.isEmpty(user_account) || StrUtil.isEmpty(user_password)) {
+        if (StrUtil.isBlank(user_account) || StrUtil.isBlank(user_password)) {
             return CommonResult.failed(I18nUtil._("用户名或密码不能为空！"));
         }
 
@@ -256,7 +256,6 @@ public class LoginController extends BaseControllerImpl {
         String cid = paramJSON.getStr("cid");
         String osType = paramJSON.getStr("osType");
 
-
         return accountUserBaseService.doMerchSmsRegisterAndLogin(userMobile, randKey, verifyCode, cid, osType);
     }
 

mall-account/src/main/java/com/suisung/mall/account/controller/admin/AccountUserBaseController.java

@@ -4,23 +4,32 @@ import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.convert.Convert;
 import cn.hutool.core.lang.Validator;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.suisung.mall.account.service.AccountBaseConfigService;
 import com.suisung.mall.account.service.AccountUserBaseService;
+import com.suisung.mall.account.service.AccountUserBindConnectService;
 import com.suisung.mall.account.service.AccountUserLoginService;
+import com.suisung.mall.common.api.BindCode;
 import com.suisung.mall.common.api.CommonResult;
+import com.suisung.mall.common.api.ResultCode;
 import com.suisung.mall.common.constant.AuthConstant;
 import com.suisung.mall.common.constant.CommonConstant;
 import com.suisung.mall.common.constant.RedisConstant;
 import com.suisung.mall.common.domain.UserDto;
+import com.suisung.mall.common.exception.ApiException;
 import com.suisung.mall.common.exception.ApiUserException;
 import com.suisung.mall.common.modules.account.AccountUserBase;
+import com.suisung.mall.common.modules.account.AccountUserBindConnect;
 import com.suisung.mall.common.service.impl.BaseControllerImpl;
 import com.suisung.mall.common.utils.I18nUtil;
 import com.suisung.mall.common.utils.phone.PhoneNumberUtils;
+import com.suisung.mall.core.web.service.RedisService;
 import io.seata.spring.annotation.GlobalTransactional;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -41,6 +50,7 @@ import java.util.stream.Collectors;
  * @author Xinze
  * @since 2021-03-30
  */
+@Slf4j
 @Api(tags = "用户基本信息表")
 @RestController("admin-account-user-base")
 @RequestMapping("/admin/account/account-user-base")
@@ -55,6 +65,12 @@ public class AccountUserBaseController extends BaseControllerImpl {
     @Autowired
     private AccountBaseConfigService accountBaseConfigService;
 
+    @Autowired
+    private AccountUserBindConnectService accountUserBindConnectService;
+
+    @Autowired
+    private RedisService redisService;
+
     /**
      * 分页列表查询
      */
@@ -133,26 +149,83 @@ public class AccountUserBaseController extends BaseControllerImpl {
     public CommonResult doLogin(@RequestParam(name = "user_account", required = false) String user_account,
                                 @RequestParam(name = "user_password", required = false) String user_password,
                                 @RequestParam(name = "verify_code") String verificationCode,
-                                @RequestParam(name = "verify_token") String verify_token) {
-        if (StrUtil.isBlank(user_account) || StrUtil.isBlank(user_password)) {
+                                @RequestParam(name = "verify_token") String verify_token,
+                                @RequestParam(name = "cid", required = false) String cid,
+                                @RequestParam(name = "osType", required = false) String osType) {
+        if (StringUtils.isAnyBlank(user_account, user_password)) {
             return CommonResult.failed(I18nUtil._("用户名或密码不能为空！"));
         }
+
+        // accountUserBaseService.login 里重复代码,为了兼容商家版登录
+        String verifyCode = RedisConstant.Verifycode_NameSpace + verify_token + verificationCode;
+        // 随机数图形验证码，有效期一分钟
+        if (StrUtil.isNotBlank(verifyCode) && !redisService.hasKey(verifyCode)) {
+            //验证码错误
+            throw new ApiException(ResultCode.VERIFYCODE_FAILED);
+        }
+        // ccountUserBaseService.login 里重复代码,为了兼容商家版登录
+
         Map<String, String> params = new HashMap<>();
+
+        // 商家手机账号登录
+        String userMobile = PhoneNumberUtils.convZhPhoneNumber(user_account);
+        Boolean isMobileAccount = Validator.isNumber(user_account) && PhoneNumberUtils.isValidNumber(userMobile);
+        if (isMobileAccount) {
+            AccountUserBindConnect bind_row = accountUserBindConnectService.getBindByBindId(user_account, BindCode.MOBILE, CommonConstant.USER_TYPE_MCH);
+            if (bind_row != null) {
+                AccountUserBase accountUserBase = accountUserBaseService.get(bind_row.getUser_id());
+                if (accountUserBase == null) {
+                    return CommonResult.failed("获取不到用户信息！");
+                }
+
+
+                String user_password_entry = SecureUtil.md5(accountUserBase.getUser_salt() + SecureUtil.md5(user_password));
+                if (!user_password_entry.equals(accountUserBase.getUser_password())) {
+                    return CommonResult.failed("账号或密码错误！");
+                }
+
+//                log.info("bind:{}", bind_row);
+//                log.info("pwd:{}", "b3d1339eb3948463522cd115094856a5");
+//                log.info("salt:{}", accountUserBase.getUser_salt());
+//                log.info("npwd:{}, eq?:{}", user_password_entry, user_password_entry.equals("b3d1339eb3948463522cd115094856a5"));
+
+
+                // 手机注册的商家账号
+                params.put("client_id", AuthConstant.MCH_CLIENT_ID);
+                params.put("client_secret", AuthConstant.AUTHORITY_MOBILE_SECRET);
+                params.put("grant_type", "password");
+                params.put("verify_pwd", "1001");  // 是否验证密码 1001：不验证；1002：验证（内部登录没有用户明文密码，只能不验证）
+                params.put("username", userMobile);
+                params.put("password", "");
+                params.put("user_mobile", userMobile);
+                params.put("is_merch", "1"); // 是否为商家入驻 1-是；其他-否
+
+                if (StrUtil.isNotBlank(cid)) {
+                    params.put("cid", cid); // 个推客户端Id
+                    params.put("osType", osType);// 个推客系统类别 1-Android；2-iOS;3-微信小程序；
+                }
+
+                return accountUserBaseService.login(params);
+            }
+        }
+
+
+        // 非商家手机账号登录
         params.put("client_id", AuthConstant.ADMIN_CLIENT_ID);
         params.put("client_secret", AuthConstant.AUTHORITY_ADMIN_SECRET);
         params.put("grant_type", "password");
         params.put("username", user_account);
         params.put("password", user_password);
-        params.put("verify_code", RedisConstant.Verifycode_NameSpace + verify_token + verificationCode);
+        // 随机数图形验证码，有效期一分钟
+        params.put("verify_code", verifyCode);
+
+
         CommonResult result = accountUserBaseService.login(params);
 
         //user_account判断是否手机号
-        if (result.getStatus() != 200 && Validator.isNumber(user_account)) {
-            user_account = CommonConstant.IDD_ZH_CN + user_account;
-            if (PhoneNumberUtils.isValidNumber(user_account)) {
-                //尝试手机号绑定登录
-                result = accountUserBaseService.doMobileBindLogin(user_account, user_password);
-            }
+        if (result.getStatus() != 200 && isMobileAccount) {
+            //尝试手机号绑定登录
+            result = accountUserBaseService.doMobileBindLogin(userMobile, user_password);
         }
 
         return result;

mall-account/src/main/java/com/suisung/mall/account/service/impl/AccountUserBaseServiceImpl.java

@@ -146,7 +146,7 @@ public class AccountUserBaseServiceImpl extends BaseServiceImpl<AccountUserBaseM
     @Override
     public CommonResult login(Map<String, String> params) {
         Boolean hasKey = false;
-        // 短信验证码
+        // 随机数图形验证码，有效期一分钟
         String verifyCode = params.get("verify_code");
         if (StrUtil.isNotBlank(verifyCode)) {
             hasKey = redisService.hasKey(verifyCode);
@@ -198,8 +198,9 @@ public class AccountUserBaseServiceImpl extends BaseServiceImpl<AccountUserBaseM
         data.put("key", token);
         data.put("rid", rid); // 用户角色 rid：0-用户;2-商家;3-门店;9-平台;
 
+        //user_type 用户类型，对应user_base 的 is_admin：0-普通用户；1-管理员；2-入驻商家；
         String as = bindConnectService.getBind(user_id, BindCode.MOBILE, userDto.getUserType()) == null ? "0" : "1";
-        data.put("as", as);
+        data.put("as", as); // 是否绑定了手机号 0-否 1-是
         CookieUtils.setCookie("as", as);
 
         // IM连接配置信息
@@ -217,6 +218,7 @@ public class AccountUserBaseServiceImpl extends BaseServiceImpl<AccountUserBaseM
             // 商家版app，显示申请入驻的状态
             data.put("is_merch", CommonConstant.Enable);
             data.put("user_mobile", params.get("user_mobile"));
+
             //入驻商家的审批状态：1-已通过；2-未通过；3-待审核；4-未申请；
 //            Map<String, Object> params2 = new HashMap<>();
 //            params2.put("user_mobile", params.get("user_mobile"));
@@ -2858,8 +2860,9 @@ public class AccountUserBaseServiceImpl extends BaseServiceImpl<AccountUserBaseM
         }
 
         String verifyMobile = PhoneNumberUtils.convZhPhoneNumber(user_mobile);
+        // TODO 短信验证码切换到正式平台,记得注释 9999
         if (!checkVerifyCode(verifyMobile, verify_code)) {
-            // TODO 切换到正式平台
+            // 短信验证码
             return CommonResult.failed(_("验证码错误!"));
         }
 
@@ -3130,7 +3133,7 @@ public class AccountUserBaseServiceImpl extends BaseServiceImpl<AccountUserBaseM
         if (StrUtil.isNotBlank(cid)) {
             params.put("cid", cid); // 个推客户端Id
             params.put("osType", osType);// 个推客系统类别 1-Android；2-iOS;3-微信小程序；
-            logger.info("推送参数2 cid:{}， osType：{}", cid, osType);
+//            logger.info("推送参数2 cid:{}， osType：{}", cid, osType);
         }
 
         return login(params);

mall-account/src/main/java/com/suisung/mall/account/service/impl/AccountUserBindConnectServiceImpl.java

@@ -65,7 +65,7 @@ public class AccountUserBindConnectServiceImpl extends BaseServiceImpl<AccountUs
                 .eq("user_type", user_type)
                 .eq("bind_active", CommonConstant.Enable);
 
-        return findOne(queryWrapper);
+        return getOne(queryWrapper);
     }
 
     /**
@@ -95,7 +95,7 @@ public class AccountUserBindConnectServiceImpl extends BaseServiceImpl<AccountUs
                 .eq("bind_type", bind_type)
                 .eq("user_type", user_type)
                 .eq("bind_active", CommonConstant.Enable);
-        return findOne(queryWrapper);
+        return getOne(queryWrapper);
     }
 
     @Override
@@ -114,7 +114,7 @@ public class AccountUserBindConnectServiceImpl extends BaseServiceImpl<AccountUs
                 .eq("user_type", user_type)
                 .eq("user_id", user_id)
                 .eq("bind_active", CommonConstant.Enable);
-        return findOne(queryWrapper);
+        return getOne(queryWrapper);
     }
 
     @Override