登录以及获取短信验证码优化

lift-common/src/main/java/cn.com.ty.lift.common/aliservice/constants/AliConstants.java

@@ -60,6 +60,11 @@ public class AliConstants {
          * 短信验证码字段
          */
         String SMS_CODE_NAME = "smsCode";
+
+        /**
+         * 手机号字段
+         */
+        String MOBILE = "mobile";
     }
 
 }

lift-system-service/src/main/java/cn/com/ty/lift/system/settings/service/impl/MaintenanceCompanyServiceImpl.java

@@ -67,7 +67,7 @@ public class MaintenanceCompanyServiceImpl extends ServiceImpl<MaintenanceCompan
     @Transactional
     public RestResponse createTeam(MaintenanceCompanyRequest maintenanceCompanyRequest) {
         MaintenanceCompany maintenanceCompany = new MaintenanceCompany();
-        //用户id
+        //当前登录，用户id
         Long userId = maintenanceCompanyRequest.getUserId();
         //设置申请团队信息
         maintenanceCompany.setName(maintenanceCompanyRequest.getCompanyName());
@@ -130,7 +130,7 @@ public class MaintenanceCompanyServiceImpl extends ServiceImpl<MaintenanceCompan
                 .eq("user_id", maintenanceCompanyRequest.getUserId())
         );
         //获取所在的团队信息
-        if(mtCompanyUserList != null){
+        if (mtCompanyUserList != null) {
             List<Long> companyIdList = ProjectUtils.getAttrList(mtCompanyUserList, "mtCompanyId", null);
             List<MaintenanceCompany> maintenanceCompanyList = (List<MaintenanceCompany>) this.listByIds(companyIdList);
             return RestResponse.success(maintenanceCompanyList, ApiConstants.RESULT_SUCCESS, "获取用户所在团队列表成功");

lift-system-service/src/main/java/cn/com/ty/lift/system/user/controller/LoginController.java

@@ -3,6 +3,7 @@ package cn.com.ty.lift.system.user.controller;
 import cn.com.ty.lift.common.aliservice.aliyunsms.AliyunSmsUtil;
 import cn.com.ty.lift.common.aliservice.constants.AliConstants;
 import cn.com.ty.lift.common.constants.ApiConstants;
+import cn.com.ty.lift.common.utils.DateUtils;
 import cn.com.ty.lift.system.user.dao.entity.UserAccount;
 import cn.com.ty.lift.system.user.dao.entity.model.UserRequest;
 import cn.com.ty.lift.system.user.service.ILoginService;
@@ -11,6 +12,7 @@ import cn.com.ty.lift.system.utils.RandomValidateCodeUtil;
 import cn.com.xwy.boot.web.dto.RestResponse;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -19,6 +21,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.util.concurrent.TimeUnit;
 
 /**
  * @author huangyuan
@@ -29,6 +32,9 @@ import javax.servlet.http.HttpServletResponse;
 @RequestMapping("/login")
 public class LoginController {
 
+    @Autowired
+    RedisTemplate redisTemplate;
+
     @Autowired
     private ILoginService loginService;
 
@@ -36,45 +42,45 @@ public class LoginController {
     private IUserAccountService userAccountService;
 
     /**
-     * @description 用户注册
-     * @date 2019/11/27 10:03 AM
      * @param userRequest 用户参数对象
      * @return
+     * @description 用户注册
+     * @date 2019/11/27 10:03 AM
      */
     @PostMapping("/register")
     @ResponseBody
-    public RestResponse register(@RequestBody UserRequest userRequest){
-        return loginService.register(userRequest);
+    public RestResponse register(HttpServletRequest request, @RequestBody UserRequest userRequest) {
+        return loginService.register(request, userRequest);
     }
 
     @RequestMapping("/changeTeam")
     @ResponseBody
-    public RestResponse changeTeam(UserRequest userRequest){
+    public RestResponse changeTeam(UserRequest userRequest) {
         return loginService.changeTeam(userRequest);
     }
 
     /**
-     * @description
-     * @date 2019/11/27 10:03 AM
-     * @param request 请求对象
+     * @param request     请求对象
      * @param userRequest 用户参数对象
      * @return
+     * @description
+     * @date 2019/11/27 10:03 AM
      */
     @RequestMapping("/login")
     @ResponseBody
-    public RestResponse login(HttpServletRequest request, @RequestBody UserRequest userRequest){
+    public RestResponse login(HttpServletRequest request, @RequestBody UserRequest userRequest) {
         return loginService.login(request, userRequest);
     }
 
     /**
-     * @description 获取图片验证码
-     * @date 2019/11/27 10:03 AM
      * @param response http相应类
-     * @param request http请求类
+     * @param request  http请求类
      * @return
+     * @description 获取图片验证码
+     * @date 2019/11/27 10:03 AM
      */
     @RequestMapping("/getImagCode")
-    public void getImageCode(HttpServletResponse response, HttpServletRequest request){
+    public void getImageCode(HttpServletResponse response, HttpServletRequest request) {
         try {
             response.setContentType("image/jpeg");//设置相应类型,告诉浏览器输出的内容为图片
             response.setHeader("Pragma", "No-cache");//设置响应头信息，告诉浏览器不要缓存此内容
@@ -88,17 +94,17 @@ public class LoginController {
     }
 
     /**
-     * @description 图形验证码校验
-     * @date 2019/11/27 10:03 AM
-     * @param request http请求对象
+     * @param request  http请求对象
      * @param inputStr 输入字符串
      * @return
+     * @description 图形验证码校验
+     * @date 2019/11/27 10:03 AM
      */
     @RequestMapping("/checkImagCode")
     @ResponseBody
     public RestResponse checkVerify(HttpServletRequest request, String inputStr) {
         String random = (String) request.getSession().getAttribute(RandomValidateCodeUtil.RANDOMCODEKEY);
-        if(StringUtils.isBlank(inputStr)){
+        if (StringUtils.isBlank(inputStr)) {
             return RestResponse.fail(ApiConstants.RESULT_ERROR, "验证码为空");
         }
         if (random != null && random.toLowerCase().equals(inputStr.toLowerCase())) {
@@ -110,35 +116,46 @@ public class LoginController {
     }
 
     /**
-     * @description 验证用户手机号是否注册过
-     * @date 2019/11/27 10:03 AM
      * @param mobile 手机号
      * @return
+     * @description 验证用户手机号是否注册过
+     * @date 2019/11/27 10:03 AM
      */
     @RequestMapping("/checkMobile")
     @ResponseBody
-    public RestResponse checkMobile(String mobile){
+    public RestResponse checkMobile(String mobile) {
         UserAccount userAccount = userAccountService.getByMobile(mobile);
-        if(userAccount != null){
+        if (userAccount != null) {
             return RestResponse.fail(ApiConstants.RESULT_ERROR, "手机号已经被注册过了");
         }
         return RestResponse.success(null, ApiConstants.RESULT_SUCCESS, "验证通过");
     }
 
     /**
-     * @description
-     * @date 2019/11/27 10:03 AM
      * @param request
-     * @param mobile 手机号
+     * @param mobile  手机号
      * @return
+     * @description
+     * @date 2019/11/27 10:03 AM
      */
     @RequestMapping("/smsCode")
     @ResponseBody
-    public RestResponse smsCode(HttpServletRequest request, String mobile){
-        if(StringUtils.isNotBlank(mobile)){
+    public RestResponse smsCode(HttpServletRequest request, String mobile) {
+        if (StringUtils.isNotBlank(mobile)) {
+            //校验同一号码两次获取间隔是否有一分钟
+            Object timeStampCode = redisTemplate.opsForValue().get(mobile);
+            if (timeStampCode != null) {
+                return RestResponse.fail(ApiConstants.RESULT_ERROR, "请一分钟后重复获取");
+            }
+            //校验通过获取短信验证码
             String smsCode = AliyunSmsUtil.sendSmsCode(mobile, AliConstants.SmsConstants.TEST_TEMPLATE_CODE);
-            if(StringUtils.isNotBlank(smsCode)){
-                request.getSession().setAttribute(AliConstants.SmsConstants.SMS_CODE_NAME, smsCode);
+            if (StringUtils.isNotBlank(smsCode)) {
+                //将手机号放入session中
+                request.getSession().setAttribute(AliConstants.SmsConstants.MOBILE, mobile);
+                //将短信验证码放入session中设置过期时间为5分钟
+                redisTemplate.opsForValue().set(mobile + AliConstants.SmsConstants.SMS_CODE_NAME, smsCode, 5L, TimeUnit.MINUTES);
+                //将手机号存到redis中，并设置一分钟后过期
+                redisTemplate.opsForValue().set(mobile, DateUtils.generateCode(), 1L, TimeUnit.MINUTES);
                 return RestResponse.success(null, ApiConstants.RESULT_SUCCESS, "发送验证码成功");
             }
             return RestResponse.fail(ApiConstants.RESULT_ERROR, "手机号不存在，发送验证码失败");
@@ -147,31 +164,38 @@ public class LoginController {
     }
 
     /**
-     * @description 校验短信验证码
-     * @date 2019/11/27 10:03 AM
      * @param request
      * @param inputSmsCode 输入的短信验证码
      * @return
+     * @description 校验短信验证码
+     * @date 2019/11/27 10:03 AM
      */
     @RequestMapping("/checkSmsCode")
     @ResponseBody
-    public RestResponse checkSmsCode(HttpServletRequest request, String inputSmsCode){
-        String smsCode = (String) request.getSession().getAttribute(AliConstants.SmsConstants.SMS_CODE_NAME);
-        if(StringUtils.isNotBlank(inputSmsCode) && inputSmsCode.equals(smsCode)){
-            return RestResponse.success(null, ApiConstants.RESULT_SUCCESS, "短信验证码校验成功");
+    public RestResponse checkSmsCode(HttpServletRequest request, String inputSmsCode) {
+        //从session中获取手机号
+        String mobile = (String) request.getSession().getAttribute(AliConstants.SmsConstants.MOBILE);
+        //从redis中获取短信验证码
+        Object smsCode = redisTemplate.opsForValue().get(mobile + AliConstants.SmsConstants.SMS_CODE_NAME);
+        if (smsCode != null) {
+            if (StringUtils.isNotBlank(inputSmsCode) && inputSmsCode.equals(smsCode)) {
+                return RestResponse.success(null, ApiConstants.RESULT_SUCCESS, "短信验证码校验成功");
+            } else {
+                RestResponse.fail(ApiConstants.RESULT_ERROR, "短信验证码输入有误");
+            }
         }
-        return RestResponse.fail(ApiConstants.RESULT_ERROR, "短信验证码校验失败");
+        return RestResponse.fail(ApiConstants.RESULT_ERROR, "短信验证码已经过期，请重新获取");
     }
 
     /**
-     * @description 找回密码
-     * @date 2019-12-10
      * @param userRequest
      * @return
+     * @description 找回密码
+     * @date 2019-12-10
      */
     @PostMapping("/resetPassword")
     @ResponseBody
-    public RestResponse resetPassword(@RequestBody UserRequest userRequest){
+    public RestResponse resetPassword(@RequestBody UserRequest userRequest) {
         return loginService.resetPassword(userRequest);
     }
 

lift-system-service/src/main/java/cn/com/ty/lift/system/user/dao/entity/model/UserRequest.java

@@ -17,6 +17,7 @@ public class UserRequest {
     private String password;//密码
     private String name;//用户真实姓名
     private String queryCondition;//查询条件
+    private String inputSmsCode;//用户输入的短信验证码
     private Long pageSize;//每页条数
     private Long pageNum;//页数
 }

lift-system-service/src/main/java/cn/com/ty/lift/system/user/service/ILoginService.java

@@ -13,7 +13,7 @@ public interface ILoginService {
      * @param userRequest  用户请求参数
      * @return
      */
-    RestResponse register(UserRequest userRequest);
+    RestResponse register(HttpServletRequest request, UserRequest userRequest);
 
     /**
      * @description

lift-system-service/src/main/java/cn/com/ty/lift/system/user/service/impl/LoginService.java

@@ -1,5 +1,6 @@
 package cn.com.ty.lift.system.user.service.impl;
 
+import cn.com.ty.lift.common.aliservice.constants.AliConstants;
 import cn.com.ty.lift.common.constants.ApiConstants;
 import cn.com.ty.lift.system.user.dao.entity.*;
 import cn.com.ty.lift.system.user.dao.entity.model.UserRequest;
@@ -49,7 +50,7 @@ public class LoginService implements ILoginService {
     private IRoleMenuService roleMenuService;
 
     @Override
-    public RestResponse register(UserRequest userRequest) {
+    public RestResponse register(HttpServletRequest request, UserRequest userRequest) {
         //判断手机号是否为空
         if(StringUtils.isBlank(userRequest.getMobile())){
             return RestResponse.fail(ApiConstants.RESULT_ERROR, "手机号为空");
@@ -58,9 +59,23 @@ public class LoginService implements ILoginService {
         if(StringUtils.isBlank(userRequest.getPassword())){
             return RestResponse.fail(ApiConstants.RESULT_ERROR, "密码为空");
         }
+        //获取session中的短信验证码
+        Object smsCode = redisTemplate.opsForValue().get(userRequest.getMobile() + AliConstants.SmsConstants.SMS_CODE_NAME);
+        if(smsCode != null){
+            if(!(smsCode.equals(userRequest.getInputSmsCode()))){
+                return RestResponse.fail(ApiConstants.RESULT_ERROR, "短信验证码输入有误");
+            }
+        } else {
+            return RestResponse.fail(ApiConstants.RESULT_ERROR, "验证码过期，无法注册，请重新获取验证码");
+        }
+        //判断手机号是否注册过
+        UserAccount userAccount = userAccountService.getByMobile(userRequest.getMobile());
+        if(userAccount !=  null){
+            return RestResponse.fail(ApiConstants.RESULT_ERROR, "用户手机号已经注册过了");
+        }
 
         //保存用户信息,并返回用户账户信息
-        UserAccount userAccount = userService.saveUserInfo(userRequest);
+        userAccount = userService.saveUserInfo(userRequest);
         if(userAccount != null){
             return RestResponse.success(null, ApiConstants.RESULT_SUCCESS, "注册成功");
         }