diff --git a/physical-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java b/physical-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java index 9197565..3c309ba 100644 --- a/physical-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java +++ b/physical-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java @@ -38,9 +38,9 @@ import java.util.Date; public class JwtUtil { /** - * Token有效期为7天(Token在reids中缓存时间为两倍) + * Token有效期为30mins(Token在reids中缓存时间为两倍) */ - public static final long EXPIRE_TIME = (7 * 12) * 60 * 60 * 1000; + public static final long EXPIRE_TIME = 30 * 60 * 1000; static final String WELL_NUMBER = SymbolConstant.WELL_NUMBER + SymbolConstant.LEFT_CURLY_BRACKET; /** diff --git a/physical-module-system/physical-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java b/physical-module-system/physical-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java index 33cd72e..5f4aaac 100644 --- a/physical-module-system/physical-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java +++ b/physical-module-system/physical-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java @@ -1,10 +1,7 @@ package org.jeecg.modules.system.controller; - import cn.hutool.core.util.RandomUtil; -import com.alibaba.fastjson.JSON; -import com.alibaba.fastjson.JSONArray; -import com.alibaba.fastjson.JSONObject; +import com.alibaba.fastjson.*; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; @@ -19,8 +16,7 @@ import org.apache.shiro.authz.annotation.RequiresRoles; import org.jeecg.common.api.vo.Result; import org.jeecg.common.aspect.annotation.PermissionData; import org.jeecg.common.config.TenantContext; -import org.jeecg.common.constant.CommonConstant; -import org.jeecg.common.constant.SymbolConstant; +import org.jeecg.common.constant.*; import org.jeecg.common.modules.redis.client.JeecgRedisClient; import org.jeecg.common.system.query.QueryGenerator; import org.jeecg.common.system.util.JwtUtil; @@ -116,7 +112,8 @@ public class SysUserController { @PermissionData(pageComponent = "system/UserList") @RequestMapping(value = "/list", method = RequestMethod.GET) public Result> queryPageList(SysUser user, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, - @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, + HttpServletRequest req) { QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(user, req.getParameterMap()); //------------------------------------------------------------------------------------------------ //是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】 @@ -145,7 +142,8 @@ public class SysUserController { @RequiresPermissions("system:user:listAll") @RequestMapping(value = "/listAll", method = RequestMethod.GET) public Result> queryAllPageList(SysUser user, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, - @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, + HttpServletRequest req) { QueryWrapper queryWrapper = QueryGenerator.initQueryWrapper(user, req.getParameterMap()); return sysUserService.queryPageList(req, queryWrapper, pageSize, pageNo); } @@ -300,7 +298,6 @@ public class SysUserController { return result; } - /** * 校验用户账号是否唯一
* 可以校验其他 需要检验什么就传什么。。。 @@ -345,9 +342,16 @@ public class SysUserController { sysUser.setId(u.getId()); //update-begin---author:wangshuai ---date:20220316 for:[VUEN-234]修改密码添加敏感日志------------ LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal(); - baseCommonService.addLog("修改用户 " + sysUser.getUsername() + " 的密码,操作人: " + loginUser.getUsername(), CommonConstant.LOG_TYPE_2, 2); + baseCommonService.addLog("修改用户 " + sysUser.getUsername() + " 的密码,操作人: " + loginUser.getUsername(), + CommonConstant.LOG_TYPE_2, 2); //update-end---author:wangshuai ---date:20220316 for:[VUEN-234]修改密码添加敏感日志------------ - return sysUserService.changePassword(sysUser); + Result result = sysUserService.changePassword(sysUser); + if (result.isSuccess()) { + redisUtil.del(CommonConstant.PREFIX_USER_SHIRO_CACHE + sysUser.getId()); + //清空用户的缓存信息(包括部门信息),例如sys:cache:user:: + redisUtil.del(String.format("%s::%s", CacheConstant.SYS_USERS_CACHE, sysUser.getUsername())); + } + return result; } /** @@ -401,7 +405,8 @@ public class SysUserController { * @return */ @RequestMapping(value = "/queryUserByDepId", method = RequestMethod.GET) - public Result> queryUserByDepId(@RequestParam(name = "id", required = true) String id, @RequestParam(name = "realname", required = false) String realname) { + public Result> queryUserByDepId(@RequestParam(name = "id", required = true) String id, + @RequestParam(name = "realname", required = false) String realname) { Result> result = new Result<>(); //List userList = sysUserDepartService.queryUserByDepId(id); SysDepart sysDepart = sysDepartService.getById(id); @@ -447,10 +452,11 @@ public class SysUserController { @RequestParam(name = "isMultiTranslate", required = false) String isMultiTranslate, @RequestParam(name = "id", required = false) String id) { //update-begin-author:taoyan date:2022-7-14 for: VUEN-1702【禁止问题】sql注入漏洞 - String[] arr = new String[]{departId, realname, username, id}; + String[] arr = new String[] {departId, realname, username, id}; SqlInjectionUtil.filterContent(arr, SymbolConstant.SINGLE_QUOTATION_MARK); //update-end-author:taoyan date:2022-7-14 for: VUEN-1702【禁止问题】sql注入漏洞 - IPage pageList = sysUserDepartService.queryDepartUserPageList(departId, username, realname, pageSize, pageNo, id, isMultiTranslate); + IPage pageList = sysUserDepartService.queryDepartUserPageList(departId, username, realname, pageSize, pageNo, id, + isMultiTranslate); return Result.OK(pageList); } @@ -586,7 +592,6 @@ public class SysUserController { return result; } - /** * @param userNames * @return @@ -626,12 +631,18 @@ public class SysUserController { LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal(); baseCommonService.addLog("修改密码,username: " + loginUser.getUsername(), CommonConstant.LOG_TYPE_2, 2); //update-end---author:wangshuai ---date:20220316 for:[VUEN-234]修改密码添加敏感日志------------ - return sysUserService.resetPassword(username, oldpassword, password, confirmpassword); + Result result = sysUserService.resetPassword(username, oldpassword, password, confirmpassword); + if (result.isSuccess()) { + //退出登录 + SecurityUtils.getSubject().logout(); + } + return result; } @RequestMapping(value = "/userRoleList", method = RequestMethod.GET) public Result> userRoleList(@RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, - @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, + HttpServletRequest req) { Result> result = new Result>(); Page page = new Page(pageNo, pageSize); String roleId = req.getParameter("roleId"); @@ -730,7 +741,8 @@ public class SysUserController { */ @RequestMapping(value = "/departUserList", method = RequestMethod.GET) public Result> departUserList(@RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, - @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) { + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, + HttpServletRequest req) { Result> result = new Result>(); Page page = new Page(pageNo, pageSize); String depId = req.getParameter("depId"); @@ -773,7 +785,6 @@ public class SysUserController { return result; } - /** * 根据 orgCode 查询用户,包括子部门下的用户 * 若某个用户包含多个部门,则会显示多条记录,可自行处理成单条记录 @@ -824,7 +835,7 @@ public class SysUserController { json.put("userId", userId); json.put("departId", item.getDepartId()); json.put("departName", item.getDepartName()); -// json.put("avatar", item.getSysUser().getAvatar()); + // json.put("avatar", item.getSysUser().getAvatar()); resultJson.add(json); hasUser.put(userId, json); } @@ -943,7 +954,6 @@ public class SysUserController { return result; } - /** * 用户注册接口 * @@ -1031,41 +1041,41 @@ public class SysUserController { return result; } -// /** -// * 根据用户名或手机号查询用户信息 -// * @param -// * @return -// */ -// @GetMapping("/querySysUser") -// public Result> querySysUser(SysUser sysUser) { -// String phone = sysUser.getPhone(); -// String username = sysUser.getUsername(); -// Result> result = new Result>(); -// Map map = new HashMap(); -// if (oConvertUtils.isNotEmpty(phone)) { -// SysUser user = sysUserService.getUserByPhone(phone); -// if(user!=null) { -// map.put("username",user.getUsername()); -// map.put("phone",user.getPhone()); -// result.setSuccess(true); -// result.setResult(map); -// return result; -// } -// } -// if (oConvertUtils.isNotEmpty(username)) { -// SysUser user = sysUserService.getUserByName(username); -// if(user!=null) { -// map.put("username",user.getUsername()); -// map.put("phone",user.getPhone()); -// result.setSuccess(true); -// result.setResult(map); -// return result; -// } -// } -// result.setSuccess(false); -// result.setMessage("验证失败"); -// return result; -// } + // /** + // * 根据用户名或手机号查询用户信息 + // * @param + // * @return + // */ + // @GetMapping("/querySysUser") + // public Result> querySysUser(SysUser sysUser) { + // String phone = sysUser.getPhone(); + // String username = sysUser.getUsername(); + // Result> result = new Result>(); + // Map map = new HashMap(); + // if (oConvertUtils.isNotEmpty(phone)) { + // SysUser user = sysUserService.getUserByPhone(phone); + // if(user!=null) { + // map.put("username",user.getUsername()); + // map.put("phone",user.getPhone()); + // result.setSuccess(true); + // result.setResult(map); + // return result; + // } + // } + // if (oConvertUtils.isNotEmpty(username)) { + // SysUser user = sysUserService.getUserByName(username); + // if(user!=null) { + // map.put("username",user.getUsername()); + // map.put("phone",user.getPhone()); + // result.setSuccess(true); + // result.setResult(map); + // return result; + // } + // } + // result.setSuccess(false); + // result.setMessage("验证失败"); + // return result; + // } /** * 用户手机号验证 @@ -1114,7 +1124,8 @@ public class SysUserController { @RequestParam(name = "smscode") String smscode, @RequestParam(name = "phone") String phone) { Result result = new Result(); - if (oConvertUtils.isEmpty(username) || oConvertUtils.isEmpty(password) || oConvertUtils.isEmpty(smscode) || oConvertUtils.isEmpty(phone)) { + if (oConvertUtils.isEmpty(username) || oConvertUtils.isEmpty(password) || oConvertUtils.isEmpty(smscode) || oConvertUtils.isEmpty( + phone)) { result.setMessage("重置密码失败!"); result.setSuccess(false); return result; @@ -1135,7 +1146,8 @@ public class SysUserController { result.setSuccess(false); return result; } - sysUser = this.sysUserService.getOne(new LambdaQueryWrapper().eq(SysUser::getUsername, username).eq(SysUser::getPhone, phone)); + sysUser = this.sysUserService.getOne( + new LambdaQueryWrapper().eq(SysUser::getUsername, username).eq(SysUser::getPhone, phone)); if (sysUser == null) { result.setMessage("当前登录用户和绑定的手机号不匹配,无法修改密码!"); result.setSuccess(false); @@ -1157,7 +1169,6 @@ public class SysUserController { } } - /** * 根据TOKEN获取用户的部分信息(返回的数据是可供表单设计器使用的数据) * @@ -1285,7 +1296,6 @@ public class SysUserController { return Result.ok("删除成功"); } - /** * 移动端修改用户信息 * @@ -1430,7 +1440,8 @@ public class SysUserController { public Result> appQueryUser(@RequestParam(name = "keyword", required = false) String keyword, @RequestParam(name = "username", required = false) String username, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo, - @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest request) { + @RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, + HttpServletRequest request) { Result> result = new Result>(); LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper(); //TODO 外部模拟登陆临时账号,列表不显示 @@ -1514,7 +1525,6 @@ public class SysUserController { return Result.ok("手机号设置成功!"); } - /** * 根据对象里面的属性值作in查询 属性可能会变 用户组件用到 * @@ -1585,7 +1595,8 @@ public class SysUserController { log.info("---------简流中选择用户接口,通过租户筛选,租户ID={}", tenantId); } //------------------------------------------------------------------------------------------------ - IPage pageList = sysUserDepartService.getUserInformation(tenantId, departId, roleId, keyword, pageSize, pageNo, excludeUserIdList); + IPage pageList = sysUserDepartService.getUserInformation(tenantId, departId, roleId, keyword, pageSize, pageNo, + excludeUserIdList); return Result.OK(pageList); }