From cb7d85cfe0bc12c435781baa26c8031a38b369e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=A2=81=E5=AE=87=E5=A5=87?= Date: Fri, 1 Aug 2025 15:15:06 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/system/SysLoginController.java | 9 +++++++-- .../controller/system/SysUserController.java | 6 +++++- ruoyi-admin/src/main/resources/application.yml | 2 +- .../src/main/resources/i18n/messages.properties | 2 +- .../UserPasswordRetryLimitExceedException.java | 4 ++-- .../framework/web/service/SysLoginService.java | 2 +- .../web/service/SysPasswordService.java | 17 ++++++++++++----- .../ruoyi/system/service/ISysUserService.java | 3 ++- .../system/service/impl/SysUserServiceImpl.java | 6 +++--- .../xkt/service/impl/AssetServiceImpl.java | 2 +- 10 files changed, 35 insertions(+), 18 deletions(-) diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java index 81cc40a28..e1d64b247 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java @@ -17,6 +17,7 @@ import com.ruoyi.common.enums.BusinessType; import com.ruoyi.common.exception.ServiceException; import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.framework.web.service.SysLoginService; +import com.ruoyi.framework.web.service.SysPasswordService; import com.ruoyi.framework.web.service.TokenService; import com.ruoyi.system.service.ISysMenuService; import com.ruoyi.system.service.ISysRoleService; @@ -62,6 +63,8 @@ public class SysLoginController { private RedisCache redisCache; @Autowired private AliAuthManager aliAuthManager; + @Autowired + private SysPasswordService passwordService; /** * 登录方法 @@ -180,7 +183,8 @@ public class SysLoginController { public R changePassword(@Validated @RequestBody PasswordChangeVO vo) { loginService.validateSmsVerificationCode(vo.getPhoneNumber(), vo.getCode()); UserInfo user = userService.getUserByPhoneNumber(vo.getPhoneNumber()); - userService.resetPassword(user.getUserId(), vo.getNewPassword()); + String username = userService.resetPassword(user.getUserId(), vo.getNewPassword()); + passwordService.clearLoginRecordCache(username); tokenService.deleteCacheUser(user.getUserId()); return R.ok(); } @@ -197,7 +201,8 @@ public class SysLoginController { if (SecurityUtils.matchesPassword(password, vo.getNewPassword())) { return R.fail("新密码不能与旧密码相同"); } - userService.resetPassword(loginUser.getUserId(), vo.getNewPassword()); + String username = userService.resetPassword(loginUser.getUserId(), vo.getNewPassword()); + passwordService.clearLoginRecordCache(username); tokenService.deleteCacheUser(loginUser.getUserId()); return R.ok(); } diff --git a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java index 126490a50..bf381e2cf 100644 --- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java +++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java @@ -19,6 +19,7 @@ import com.ruoyi.common.core.page.PageVO; import com.ruoyi.common.enums.BusinessType; import com.ruoyi.common.utils.poi.ExcelUtil; import com.ruoyi.framework.web.service.SysLoginService; +import com.ruoyi.framework.web.service.SysPasswordService; import com.ruoyi.framework.web.service.TokenService; import com.ruoyi.system.service.ISysRoleService; import com.ruoyi.system.service.ISysUserService; @@ -57,6 +58,8 @@ public class SysUserController extends BaseController { private TokenService tokenService; @Autowired private SysLoginService loginService; + @Autowired + private SysPasswordService passwordService; @PreAuthorize("@ss.hasAnyRoles('admin,general_admin')") @ApiOperation(value = "用户分页查询 - 管理员") @@ -167,7 +170,8 @@ public class SysUserController extends BaseController { @Log(title = "用户管理", businessType = BusinessType.UPDATE) @PostMapping("/resetPwd") public R resetPwd(@Validated @RequestBody PwdResetVO vo) { - userService.resetPassword(vo.getId(), vo.getNewPwd()); + String username = userService.resetPassword(vo.getId(), vo.getNewPwd()); + passwordService.clearLoginRecordCache(username); return R.ok(); } diff --git a/ruoyi-admin/src/main/resources/application.yml b/ruoyi-admin/src/main/resources/application.yml index 004678b16..f5c657101 100644 --- a/ruoyi-admin/src/main/resources/application.yml +++ b/ruoyi-admin/src/main/resources/application.yml @@ -83,7 +83,7 @@ user: # 密码最大错误次数 maxRetryCount: 5 # 密码锁定时间(默认10分钟) - lockTime: 10 + lockTime: 30 # Spring配置 spring: diff --git a/ruoyi-admin/src/main/resources/i18n/messages.properties b/ruoyi-admin/src/main/resources/i18n/messages.properties index c3956b27d..2f41837c0 100644 --- a/ruoyi-admin/src/main/resources/i18n/messages.properties +++ b/ruoyi-admin/src/main/resources/i18n/messages.properties @@ -5,7 +5,7 @@ user.jcaptcha.expire=验证码已失效 user.not.exists=用户不存在/密码错误 user.password.not.match=用户不存在/密码错误 user.password.retry.limit.count=密码输入错误{0}次 -user.password.retry.limit.exceed=密码输入错误{0}次,帐户锁定{1}分钟 +user.password.retry.limit.exceed=账号已锁定,请{0}分钟后重试或找回密码 user.password.delete=对不起,您的账号已被删除 user.blocked=用户已封禁,请联系管理员 role.blocked=角色已封禁,请联系管理员 diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/exception/user/UserPasswordRetryLimitExceedException.java b/ruoyi-common/src/main/java/com/ruoyi/common/exception/user/UserPasswordRetryLimitExceedException.java index 0de8d2408..7ba3aff05 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/exception/user/UserPasswordRetryLimitExceedException.java +++ b/ruoyi-common/src/main/java/com/ruoyi/common/exception/user/UserPasswordRetryLimitExceedException.java @@ -9,8 +9,8 @@ public class UserPasswordRetryLimitExceedException extends UserException { private static final long serialVersionUID = 1L; - public UserPasswordRetryLimitExceedException(int retryLimitCount, int lockTime) + public UserPasswordRetryLimitExceedException(Object lockTime) { - super("user.password.retry.limit.exceed", new Object[] { retryLimitCount, lockTime }); + super("user.password.retry.limit.exceed", new Object[] { lockTime }); } } diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java index 6393db320..849cdcb86 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java @@ -256,7 +256,7 @@ public class SysLoginService { public void validateSmsVerificationCode(String phoneNumber, String code) { boolean match = smsClient.matchVerificationCode(CacheConstants.SMS_LOGIN_CAPTCHA_CODE_KEY, phoneNumber, code); if (!match) { - throw new ServiceException("验证码错误"); + throw new ServiceException("验证码错误或已过期"); } } } diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPasswordService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPasswordService.java index 6e37791f2..635e4402a 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPasswordService.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysPasswordService.java @@ -1,5 +1,6 @@ package com.ruoyi.framework.web.service; +import cn.hutool.core.util.StrUtil; import com.ruoyi.common.constant.CacheConstants; import com.ruoyi.common.core.domain.entity.SysUser; import com.ruoyi.common.core.redis.RedisCache; @@ -44,7 +45,8 @@ public class SysPasswordService { String username = user.getUserName(); - Integer retryCount = redisCache.getCacheObject(getCacheKey(username)); + String cacheKey = getCacheKey(username); + Integer retryCount = redisCache.getCacheObject(cacheKey); if (retryCount == null) { @@ -53,13 +55,14 @@ public class SysPasswordService if (retryCount >= Integer.valueOf(maxRetryCount).intValue()) { - throw new UserPasswordRetryLimitExceedException(maxRetryCount, lockTime); + long expire = redisCache.getExpire(cacheKey) / 60; + throw new UserPasswordRetryLimitExceedException(expire); } if (!matches(user, password)) { retryCount = retryCount + 1; - redisCache.setCacheObject(getCacheKey(username), retryCount, lockTime, TimeUnit.MINUTES); + redisCache.setCacheObject(cacheKey, retryCount, lockTime, TimeUnit.MINUTES); throw new UserPasswordNotMatchException(); } else @@ -76,9 +79,13 @@ public class SysPasswordService public void clearLoginRecordCache(String loginName) { - if (redisCache.hasKey(getCacheKey(loginName))) + if (StrUtil.isEmpty(loginName)) { + return; + } + String cacheKey = getCacheKey(loginName); + if (redisCache.hasKey(cacheKey)) { - redisCache.deleteObject(getCacheKey(loginName)); + redisCache.deleteObject(cacheKey); } } } diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java index 5acdbce86..be770f8ff 100644 --- a/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java +++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java @@ -93,8 +93,9 @@ public interface ISysUserService { * * @param userId * @param password + * @return username */ - void resetPassword(Long userId, String password); + String resetPassword(Long userId, String password); /** * 更新登录信息 diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java index 8be368fde..8a92daa52 100644 --- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java +++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java @@ -176,14 +176,14 @@ public class SysUserServiceImpl implements ISysUserService { @Transactional(rollbackFor = Exception.class) @Override - public void resetPassword(Long userId, String password) { + public String resetPassword(Long userId, String password) { if (userId == null || StrUtil.isEmpty(password)) { - return; + return null; } SysUser user = userMapper.selectById(userId); user.setPassword(SecurityUtils.encryptPassword(password)); updateUserBase(user, true); - return; + return user.getUserName(); } @Transactional(rollbackFor = Exception.class) diff --git a/xkt/src/main/java/com/ruoyi/xkt/service/impl/AssetServiceImpl.java b/xkt/src/main/java/com/ruoyi/xkt/service/impl/AssetServiceImpl.java index b7f5340d1..e64ceff9a 100644 --- a/xkt/src/main/java/com/ruoyi/xkt/service/impl/AssetServiceImpl.java +++ b/xkt/src/main/java/com/ruoyi/xkt/service/impl/AssetServiceImpl.java @@ -365,7 +365,7 @@ public class AssetServiceImpl implements IAssetService { private void validateSmsVerificationCode(String phoneNumber, String code) { boolean match = smsClient.matchVerificationCode(CacheConstants.SMS_ASSET_CAPTCHA_CODE_KEY, phoneNumber, code); if (!match) { - throw new ServiceException("验证码错误"); + throw new ServiceException("验证码错误或已过期"); } }