派生自 projectDept/qhighschool
src/main/java/com/qxueyou/scc/sys/action/LoginController.java
@@ -1,5 +1,6 @@ package com.qxueyou.scc.sys.action; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -9,14 +10,21 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import com.alibaba.fastjson.JSONObject; import com.qxueyou.scc.base.util.*; import com.qxueyou.scc.wx.service.IWechatService; import freemarker.template.utility.StringUtil; import org.apache.commons.lang3.StringUtils; import org.apache.kafka.common.network.LoginType; import org.apache.tomcat.util.net.openssl.ciphers.Authentication; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.stereotype.Controller; import org.springframework.util.DigestUtils; import org.springframework.web.bind.annotation.*; import com.qxueyou.scc.admin.teacher.service.ITeacherService; @@ -46,12 +54,12 @@ import io.swagger.annotations.ApiOperation; /** * 注册controller 提供注册,登录,注销服务 * 注册controller 提供注册,录,注销服务 * * @author 德虎 * @history 2014-11-25 新建 夏德虎 */ @Api(tags="登入相关接口") @Api(tags="入相关接口") @Controller @CrossOrigin(origins="*",maxAge=3600) @EnableConfigurationProperties(SccConfig.class) @@ -95,9 +103,106 @@ @Autowired private IOrganizationService organizationService; public static String UUNUMBER="QXYUUNUMBER"; /** * 小程序appID */ @Value("${wx.appId}") private String appId; @ApiOperation(value = "登入接口", notes = "") /** * 小程序secret */ @Value("${wx.secret}") private String secret; /** * 公众号appID */ @Value("${wx.app.appId}") private String wxappId; /** * 公众号secret */ @Value("${wx.app.secret}") private String wxsecret; public static String UUNUMBER="QXYUUNUMBER"; @Autowired IWechatService wechatService; /** * 微信录 * * @param uid * @throws IOException */ @PostMapping("/wxAccountsLogin") @ApiOperation("微信公众号录") @ResponseBody public Result wxAccountsLogin(String code) { JSONObject gettoken = wechatService.gettoken(wxappId, wxsecret); JSONObject OpenId = wechatService.getSessionKeyOrOpenId(code); JSONObject user = wechatService.getUser(gettoken.get("access_token").toString(), OpenId.get("openid").toString()); return new Result(true,"成功",user); } @PostMapping("/wxlogin") @ApiOperation("微信小程序录") @ResponseBody public Result wechatLogin(String code,String number) { JSONObject sessionKeyOrOpenId = wechatService.getSessionKeyOrOpenId(code); JSONObject gettoken = wechatService.gettoken(appId, secret); Result phone = wechatService.getNumber(gettoken.get("access_token").toString(), number); if(phone.getSuccess()){ String hql = "from User where deleteFlag is false and mobilePhone = ? "; System.out.println(phone.getData()); List<Object> params = CollectionUtils.newList(phone.getData()); User user = commonDAO.findUnique(hql,params, User.class); if(user==null){ //新增用户 User user1=new User(); user1.setMobilePhone(phone.getData().toString()); user1.setOpenId(sessionKeyOrOpenId.get("openid").toString()); commonDAO.save(user1); //新增关联学员 String addUserSql = "from User where deleteFlag is false and mobilePhone = ? "; List<Object> newParams = CollectionUtils.newList(phone.getData()); User newUser = commonDAO.findUnique(addUserSql,newParams, User.class); StuStudent stuStudent=new StuStudent(); stuStudent.setStatus(StuStudent.STATUS_REGISTER); stuStudent.setUserId(newUser.getUserId()); stuStudent.setMobilePhone(newUser.getMobilePhone()); commonDAO.save(stuStudent); } if(StringUtils.isEmpty(user.getOpenId())){ user.setOpenId(sessionKeyOrOpenId.get("openid").toString()); commonDAO.saveOrUpdate(user); } String studentSql = "from StuStudent where deleteFlag is false and userId = ? "; List<Object> stuParams = CollectionUtils.newList(user.getUserId()); StuStudent stuStudent = commonDAO.findUnique(studentSql, stuParams, StuStudent.class); CacheParamters param = new CacheParamters(); param.setUserId(user.getUserId()); param.setCustomRoleValue(user.getEmail()); param.setCustomOrgId(user.getImei()); param.setCacheIpFlag(true); // 缓存到请求线程 UserInfoWrapper wrapper = cacheUserInfo(param, null); // 存到redis redisTemplate.opsForValue().set(UserInfoWrapper.SESSION_USER_INFO_KEY, wrapper); return new Result(true,"授权成功",CollectionUtils.newObjectMap("user",user,"ClassId",stuStudent.getClassId())); } return phone; } @ApiOperation(value = "入接口", notes = "") @ApiImplicitParams({ @ApiImplicitParam(name = "account", value = "账号", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "password", value = "密码", required = true, paramType="query", dataType = "String"), @@ -112,7 +217,7 @@ // 查询用户信息 String uuNumber=null; String uuReNumber=null; String hql = "from User where deleteFlag is false and account = ? and password = ? "; String hql = "from User where deleteFlag is false and account = ? and password= ?"; List<Object> params = CollectionUtils.newList(account,password); User user = commonDAO.findUnique(hql,params, User.class); if (user == null ) { @@ -142,11 +247,17 @@ } // 插入日志 insertLoginLog(request, user, account, "SYS-LOGIN"); String salt = user.getSalt(); String newPassword= DigestUtils.md5DigestAsHex((salt+password).getBytes()); //比较用户输入的密码加密后的字符串是否跟注册时填写的加密密码相同 if (!newPassword.equals(user.getPassword())) { return new Result(false, "用户账户、密码错误或缺少凭证"); } // 返回 return new Result(true, "验证成功",CollectionUtils.newObjectMap("uuNumber",uuNumber,"uuReNumber",uuReNumber)); } @ApiOperation(value = "登入接口", notes = "") @ApiOperation(value = "入接口", notes = "") @ApiImplicitParams({ @ApiImplicitParam(name = "uuNumber", value = "uuNumber", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "uuReNumber", value = "uuReNumber", required = true, paramType="query", dataType = "String"), @@ -182,7 +293,7 @@ return new Result(true, "验证成功"); } @ApiOperation(value = "登入接口", notes = "") @ApiOperation(value = "入接口", notes = "") @ApiImplicitParams({ @ApiImplicitParam(name = "uuNumber", value = "uuNumber", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "uuReNumber", value = "uuReNumber", required = true, paramType="query", dataType = "String"), @@ -216,7 +327,7 @@ return new Result(true, "验证成功"); } //退出登录 清除session //退出录 清除session @RequestMapping(value = "khdloginout", method = RequestMethod.POST) @ResponseBody public void khdloginout(HttpServletRequest request, HttpServletResponse response) { @@ -229,19 +340,19 @@ } /** * 学员端登录 * 学员端录 * * @param account 账户 * @param password 密码 * @return */ @ApiOperation(value = "登入接口", notes = "") @ApiOperation(value = "入接口", notes = "") @ApiImplicitParams({ @ApiImplicitParam(name = "account", value = "账号", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "password", value = "密码", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "organizationId", value = "机构id", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "platForm", value = "登入平台(app,web,qLive,pc,weixin)", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "logType", value = "登入type(study学员,teacher教师,否则为后台)", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "platForm", value = "入平台(app,web,qLive,pc,weixin)", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "logType", value = "入type(study学员,teacher教师,否则为后台)", required = true, paramType="query", dataType = "String"), }) @RequestMapping(value = "studentLogin", method = RequestMethod.POST) @ResponseBody @@ -275,42 +386,48 @@ } /** * 后台登录 * 后台录 * * @param account 账户 * @param password 密码 * @return */ @ApiOperation(value = "登入接口", notes = "") @ApiOperation(value = "入接口", notes = "") @ApiImplicitParams({ @ApiImplicitParam(name = "account", value = "账号", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "password", value = "密码", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "organizationId", value = "机构id", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "platForm", value = "登入平台(app,web,qLive,pc,weixin)", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "logType", value = "登入type(study学员,teacher教师,否则为后台)", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "platForm", value = "入平台(app,web,qLive,pc,weixin)", required = true, paramType="query", dataType = "String"), @ApiImplicitParam(name = "logType", value = "入type(study学员,teacher教师,否则为后台)", required = true, paramType="query", dataType = "String"), }) @RequestMapping(value = "platformLogin", method = RequestMethod.POST) @ResponseBody public Result platformLogin(@RequestParam("account") String account, @RequestParam("password") String password,String uuNumber,String uuReNumber, HttpServletRequest request, HttpServletResponse response, String logType,String organizationId, String platForm) { // response.setHeader("Access-Control-Allow-Origin", "*"); if(StringUtils.isEmpty(account)) { return new Result(false, "用户账号不能为空"); } if (StringUtils.isEmpty(account)) { return new Result(false, "用户账号不能为空"); } // System.out.println(account+password); // System.out.println("-------------------------"+organizationId+"--------------"+platForm+"-----------"+logType); String hql = null; List<Object> params = null; String hql = null; List<Object> params = null; // boolean flag=true; if("study".equals(logType)){ hql = "from User where deleteFlag is false and account = ? and password = ? "; params = CollectionUtils.newList(account,password); }else{ if ("study".equals(logType)) { hql = "from User where deleteFlag is false and account = ?"; params = CollectionUtils.newList(account); }else if("portal".equals(logType)){ hql = "from User where deleteFlag is false and email = ?"; params = CollectionUtils.newList(account); }else if("zhyly".equals(logType)){ hql = "from User where deleteFlag is false and mobilePhone = ?"; params = CollectionUtils.newList(account); }else{ if(StringUtils.isEmpty(password)) { return new Result(false, "用户密码不能为空"); } hql = "from User where deleteFlag is false and account = ? and password = ? "; params = CollectionUtils.newList(account,password); hql = "from User where deleteFlag is false and account = ?"; params = CollectionUtils.newList(account); } if(StringUtils.isNotEmpty(organizationId)){ @@ -322,30 +439,36 @@ User user = commonDAO.findUnique(hql,params, User.class); if(uuNumber!=null&&!"".equals(uuNumber)&&!"null".equals(uuNumber)){ //登录成功存入user里,删除session里的uuNumber,下个人无法使用 //录成功存入user里,删除session里的uuNumber,下个人无法使用 user.setEmail(uuNumber); // request.getSession().removeAttribute("uuNumber"); } // if(uuReNumber!=null&&!"".equals(uuReNumber)&&!"null".equals(uuReNumber)){ // //登录成功存入user里,删除session里的uuReNumber,下个人无法使用 // //录成功存入user里,删除session里的uuReNumber,下个人无法使用 // user.setImei(uuReNumber); // request.getSession().removeAttribute("uuReNumber"); // } if (user == null) { return new Result(false, "用户账户不存在"); } // 插入日志 insertLoginLog(request, user, account, "SYS-LOGIN"); //考试登录会控制flag变量 其他登录不会 默认true if (user == null) { return new Result(false, "用户账户、密码错误或缺少凭证"); } String salt = user.getSalt(); String newPassword= DigestUtils.md5DigestAsHex((salt+password).getBytes()); //比较用户输入的密码加密后的字符串是否跟注册时填写的加密密码相同 if("study".equals(logType) || "portal".equals(logType) || "adminis".equals(logType)){ if (!newPassword.equals(user.getPassword())) { return new Result(false, "用户账户、密码错误或缺少凭证"); } } // 返回用户基本信息 return this.loginValidate(user, 1, request, response, logType, platForm, organizationId); } /** * 登入验证 * 入验证 * @param user * @param type * @param request @@ -371,26 +494,26 @@ // 存到redis redisTemplate.opsForValue().set(UserInfoWrapper.SESSION_USER_INFO_KEY, wrapper); request.getSession().setAttribute(UserInfoWrapper.SESSION_USER_INFO_KEY, wrapper); if ("study".equals(logType)) { if ("study".equals(logType) || "portal".equals(logType) || "zhyly".equals(logType)) { /*if (StringUtils.isEmpty(ClientUtils.getClassId()) && user.getRoles() == null) { return new Result(false, "该用户未加入任何班级或未激活,请联系班主任"); }*/ if (StringUtils.isEmpty(user.getOrganizationId())) { return new Result(false, "该用户不属于任何机构,无法登入"); return new Result(false, "该用户不属于任何机构,无法入"); } if (StringUtils.isNoneBlank(organizationId) && !user.getOrganizationId().equals(organizationId)) { return new Result(false, "选择的机构错误,请确认"); } //判断是否为学生,如果是学生,判断是否已冻结或移除,冻结或移除的学生不让登录 //判断是否为学生,如果是学生,判断是否已冻结或移除,冻结或移除的学生不让录 StuStudent stu = this.studentService.getStudentByUserId(user.getUserId()); if(stu!=null && (stu.getDeleteFlag() || stu.getStatus().equalsIgnoreCase(StuStudent.STATUS_DEACTIVE))){ return new Result(false, "用户账户已经被冻结或移除"); } /*if(StringUtils.isEmpty(wrapper.getInfo(UserInfoWrapper.INF_CLASS_ID))) { return new Result(false, "该用户未加入任何班级,无法登入"); return new Result(false, "该用户未加入任何班级,无法入"); }*/ // 保存到session中 return new Result(true, "success", @@ -401,16 +524,16 @@ }else if("teacher".equals(logType)) { String teacherId = teacherService.getTeacherIdByUserId(user.getUserId()); if (StringUtils.isEmpty(teacherId)) { return new Result(false, "该账户不是老师角色,无法登入"); return new Result(false, "该账户不是老师角色,无法入"); } if (StringUtils.isEmpty(user.getOrganizationId())) { return new Result(false, "该用户不属于任何机构,无法登入"); return new Result(false, "该用户不属于任何机构,无法入"); } if (StringUtils.isNoneBlank(organizationId) && !user.getOrganizationId().equals(organizationId)) { return new Result(false, "选择的机构错误,请确认"); } //获取用户对应的sessionId是否与保存在redis中的一致,如果不一致则跳转到登录页面 //获取用户对应的sessionId是否与保存在redis中的一致,如果不一致则跳转到录页面 // stringRedisTemplate.opsForHash().put(UserInfoWrapper.REDIS_USER_ONLINE_MAP_KEY, user.getUserId(), request.getSession().getId()); return new Result(true, "success", CollectionUtils.newObjectMap("userId", user.getUserId(), "userName", user.getName(), "imgPath", @@ -437,7 +560,7 @@ } /** * 后台:退出登录,后台系统 * 后台:退出录,后台系统 * * @param account 账户 * @return @@ -446,11 +569,11 @@ @RequestMapping(value = "release", method = RequestMethod.GET) public String release(HttpServletRequest httpRequest, HttpServletResponse response) { doRelease(httpRequest, response); return "redirect:/web/admin/index.html#login"; return null; } /** * 后台:退出登录,后台系统 * 后台:退出录,后台系统 * * @return */ @@ -480,7 +603,7 @@ } /** * 插入登录日志 * 插入录日志 * * @param request * @param lstUser @@ -528,7 +651,7 @@ @ApiOperation(value = "修改密码", notes = "") @ApiImplicitParams({ @ApiImplicitParam(name = "usedPass", value = "老密码", required = false, paramType="query", dataType = "String"), @ApiImplicitParam(name = "pass", value = "新密码", required = false, paramType="query", dataType = "String"), @ApiImplicitParam(name = "pass", value = "新密码", required = false, paramType=" query", dataType = "String"), }) @RequestMapping(value = "updatePassword", method = RequestMethod.POST) @ResponseBody
