Merge branch 'master' into b_lms2

lms/nladmin-system/src/main/java/org/nl/system/service/quartz/config/QuartzConfig.java

@@ -3,6 +3,7 @@ package org.nl.system.service.quartz.config;
 import org.quartz.Scheduler;
 import org.quartz.spi.TriggerFiredBundle;
 import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.scheduling.quartz.AdaptableJobFactory;
@@ -17,6 +18,7 @@ import java.util.Properties;
  * @date 2019-01-07
  */
 @Configuration
+@ConditionalOnProperty(name = "autojob", havingValue = "true")
 public class QuartzConfig {
 
     /**

lms/nladmin-system/src/main/java/org/nl/system/service/secutiry/impl/OnlineUserService.java

@@ -40,6 +40,7 @@ import org.nl.system.service.user.dao.SysUser;
 import org.nl.system.service.user.dto.OnlineUserDto;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Pageable;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Service;
 
@@ -47,6 +48,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.*;
+import java.util.concurrent.TimeUnit;
 
 /**
  * @author Zheng Jie
@@ -62,8 +64,11 @@ public class OnlineUserService {
     private ISysDeptService deptService;
     @Autowired
     private ISysRoleService roleService;
+    private final RedisUtils redisUtils;
     @Autowired
-    private RedisUtils redisUtils;
+    private RedisTemplate<Object, Object> redisTemplate;
+    @Value("${sa-token.cookie.domain}")
+    private String domain;
 
     public OnlineUserService(RedisUtils redisUtils) {
         this.redisUtils = redisUtils;
@@ -259,9 +264,52 @@ public class OnlineUserService {
         // 校验数据库
         // 根据用户名查询，在比对密码
         SysUser userInfo = sysUserService.getOne(new QueryWrapper<SysUser>().eq("username", authUser.getUsername()));
+
         // 这里需要密码加密
-        if (userInfo == null || !userInfo.getPassword().equals(SaSecureUtil.md5BySalt(password, GeneralDefinition.SALT))) {
-            throw new BadRequestException("账号或密码错误");
+        if (userInfo == null) {
+            throw new BadRequestException("当前用户不存在！");
+        }
+        String userName = userInfo.getUsername();
+        if (!userInfo.getPassword().equals(SaSecureUtil.md5BySalt(password, "salt"))) {
+            Boolean aBoolean = redisTemplate.hasKey("LoginName:" + userName);
+            if (aBoolean) {
+                String errorLoginCount = redisTemplate.opsForValue().get("LoginName:" + userName).toString();
+                Integer newerrorLoginCount = Integer.parseInt(errorLoginCount);
+                //key为 LoginName: userName  value是对应的错误登陆次数
+                if (newerrorLoginCount.intValue() == 3) {
+                    Long expire = redisTemplate.opsForValue().getOperations().getExpire("LoginName:" + userName);
+                    if (expire.intValue() > 0) {
+                        throw new BadRequestException("当前用户锁定中，请" + expire / 60 + "分钟后重试");
+                    }
+                } else {
+                    redisTemplate.opsForValue().set("LoginName:" + userName, newerrorLoginCount + 1);
+                    if (3 - newerrorLoginCount - 1 == 0) {
+                        redisTemplate.opsForValue().getOperations().expire("LoginName:" + userName, 300, TimeUnit.SECONDS);
+                        throw new BadRequestException("当前用户已锁定，请5分钟后重试");
+                    }
+                    throw new BadRequestException("密码错误，还有" + (3 - newerrorLoginCount - 1) + "次机会");
+                }
+            } else {
+                redisTemplate.opsForValue().set("LoginName:" + userName, "1");
+                throw new BadRequestException("密码错误，还有" + 2 + "次机会");
+            }
+        }
+        {
+            //密码正确，判断redis里面是否有值，有值就代表锁定中
+            Boolean aBoolean = redisTemplate.hasKey("LoginName:" + userName);
+            if (aBoolean) {
+                String errorLoginCount = redisTemplate.opsForValue().get("LoginName:" + userName).toString();
+                Integer newerrorLoginCount = Integer.parseInt(errorLoginCount);
+                if (newerrorLoginCount.intValue() == 3) {
+                    Long expire = redisTemplate.opsForValue().getOperations().getExpire("LoginName:" + userName);
+                    if (expire.intValue() > 0) {
+                        throw new BadRequestException("当前用户锁定中，请" + expire / 60 + "分钟后重试");
+                    }
+                } else {
+                    //直接删除key
+                    redisTemplate.delete("LoginName:" + userName);
+                }
+            }
         }
 
         // 获取权限列表 - 登录查找权限
@@ -289,6 +337,8 @@ public class OnlineUserService {
         jsonObject.put("user", userInfo);
         Map<String, Object> authInfo = new HashMap<String, Object>(2) {{
             put("token", "Bearer " + StpUtil.getTokenValue());
+            put("roles", permissionList);
+            put("domain", domain);
             put("user", user);
         }};
         // 保存在线信息