'验证码登录'

hzgzpt-admin/src/main/java/com/miaxis/app/controller/school/SchoolRegionController.java

@@ -13,6 +13,7 @@ import com.miaxis.common.enums.BusinessTypeEnum;
 import com.miaxis.common.utils.poi.ExcelUtil;
 import io.swagger.annotations.*;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -33,7 +34,7 @@ public class SchoolRegionController extends BaseController{
     /**
      * 查询驾校训练场列表
      */
-    //@PreAuthorize("@ss.hasPermi('school:region:list')")
+    @PreAuthorize("@ss.hasPermi('school:region:list')")
     @GetMapping("/list")
     @ApiOperation("查询驾校训练场列表")
     @ApiImplicitParams({

hzgzpt-admin/src/main/java/com/miaxis/app/controller/user/UserInfoController.java

@@ -31,7 +31,7 @@ import java.util.Map;
  * @date 2020-12-23
  */
 @RestController
-@RequestMapping(Constants.OPEN_PREFIX+"/user/info")
+@RequestMapping(Constants.STUDENT_PREFIX+"/user/info")
 @Api(tags={"【app-普通用户信息】"})
 public class UserInfoController extends BaseController{
 

hzgzpt-admin/src/main/java/com/miaxis/system/controller/system/SysLoginController.java

@@ -120,8 +120,7 @@ public class SysLoginController
         SmsParameter smsParameter = new SmsParameter();
         smsParameter.setPhone(mobile);
         smsParameter.setType("login");
-        smsService.sendVerificationCode(smsParameter);
-        return Response.success();
+        return smsService.sendVerificationCode(smsParameter);
     }
     /**
      * 学员用户名密码登录方法

hzgzpt-admin/src/main/resources/application-dev.yml

@@ -8,14 +8,14 @@ spring:
             master:
                 url: jdbc:mysql://192.168.8.213:3306/hzgzpt?useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=convertToNull&useSSL=true&serverTimezone=GMT%2B8&autoReconnect=true
                 username: root
-                password: 123456
+                password: miaxis110
             # 从库数据源
             slave:
                 # 从数据源开关/默认关闭
                 enabled: false
-                url: 
-                username: 
-                password: 
+                url:
+                username:
+                password:
             # 初始连接数
             initialSize: 5
             # 最小连接池数量
@@ -35,7 +35,7 @@ spring:
             testWhileIdle: true
             testOnBorrow: false
             testOnReturn: false
-            webStatFilter: 
+            webStatFilter:
                 enabled: true
             statViewServlet:
                 enabled: true
@@ -43,8 +43,8 @@ spring:
                 allow:
                 url-pattern: /druid/*
                 # 控制台管理用户名和密码
-                login-username: 
-                login-password: 
+                login-username:
+                login-password:
             filter:
                 stat:
                     enabled: true
@@ -74,4 +74,4 @@ spring:
                 # 连接池的最大数据库连接数
                 max-active: 8
                 # #连接池最大阻塞等待时间（使用负值表示没有限制）
-                max-wait: -1ms
+                max-wait: -1ms

hzgzpt-common/src/main/java/com/miaxis/common/constant/Constants.java

@@ -141,4 +141,9 @@ public class Constants
      * 开放api路径 前缀
      */
     public static final String OPEN_PREFIX = "/open";
+
+    /**
+     * 学员权限路径
+     */
+    public static final String STUDENT_PREFIX = "/student";
 }

hzgzpt-common/src/main/java/com/miaxis/common/core/domain/model/LoginUser.java

@@ -8,9 +8,12 @@ import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 
+import java.util.ArrayList;
 import java.util.Collection;
+import java.util.List;
 import java.util.Set;
 
 /**
@@ -259,6 +262,14 @@ public class LoginUser implements UserDetails
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities()
     {
-        return null;
+        if (getStudent() != null){
+            List<SimpleGrantedAuthority> roleList = new ArrayList<SimpleGrantedAuthority>();
+            roleList.add(new SimpleGrantedAuthority("ROLE_STUDENT"));
+            return roleList;
+        }else {
+            return null;
+        }
+
+
     }
 }

hzgzpt-common/src/main/java/com/miaxis/common/utils/RedisPrefixUtils.java

@@ -18,7 +18,6 @@ public class RedisPrefixUtils {
      * @return
      */
     public static Map<String,String> smsRedisPrefix(String type, String phone){
-
         String keyPrefix = "sms:code:"+type+":"+phone;
         String smsKeyCountPrefix = "sms:code:count:"+type+":"+phone;
 

hzgzpt-framework/src/main/java/com/miaxis/framework/config/SecurityConfig.java

@@ -106,6 +106,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                 .antMatchers("/open/**").permitAll()
                 // 对于登录login 验证码captchaImage 允许匿名访问
                 .antMatchers("/login", "/login/noCode","/captchaImage","/login/studentpassword","/login/studentMobileCode","/login/studentMobile").anonymous()
+                .antMatchers("/student/**").hasRole("STUDENT")
                 .antMatchers(
                         HttpMethod.GET,
                         "/*.html",
@@ -152,9 +153,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
         DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
         MobileCodeAuthenticationProvider mobileCodeAuthenticationProvider = new MobileCodeAuthenticationProvider();
 //        daoAuthenticationProvider.setUserDetailsService(userDetailsService);
-//        mobileCodeAuthenticationProvider.setUserDetailsService(userDetailsService);
+        mobileCodeAuthenticationProvider.setUserDetailsService(userDetailsService);
         //ProviderManager providerManager = new ProviderManager(Arrays.asList(mobileCodeAuthenticationProvider,daoAuthenticationProvider));
         auth.authenticationProvider(mobileCodeAuthenticationProvider);
         auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
+
     }
 }

hzgzpt-framework/src/main/java/com/miaxis/framework/security/token/MoblieCodeAuthenticationToken.java

@@ -97,7 +97,7 @@ public class MoblieCodeAuthenticationToken extends AbstractAuthenticationToken {
 
 	@Override
 	public void eraseCredentials() {
-		super.eraseCredentials();
+		//super.eraseCredentials();
 
 	}
 }

hzgzpt-framework/src/main/java/com/miaxis/framework/web/service/SysLoginService.java

@@ -24,6 +24,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Component;
 
 import javax.annotation.Resource;
+import java.util.Map;
 
 /**
  * 登录校验方法
@@ -103,8 +104,8 @@ public class SysLoginService
             return authenticate(principal,new UsernamePasswordAuthenticationToken(principal, credential));
         } else if (StudentLoginTypeEnum.MOBILELOGIN.getCode().equals(loginType)){
             //验证码是否正确
-            validateCode(principal,credential);
-            return authenticate(principal,new MoblieCodeAuthenticationToken(credential));
+//            validateCode(principal,credential);
+            return authenticate(principal,new MoblieCodeAuthenticationToken(principal));
         }
         else{
             throw new CustomException("loginType参数错误");
@@ -117,7 +118,8 @@ public class SysLoginService
         if (StringUtils.isEmpty(credential)){
             throw new CustomException("验证码不能为空");
         }
-        String cacheCode = (String) redisTemplate.opsForValue().get(RedisPrefixUtils.smsRedisPrefix("login", principal));
+        Map map = (Map)RedisPrefixUtils.smsRedisPrefix("login", principal);
+        String  cacheCode = (String) redisTemplate.opsForValue().get(map.get("keyPrefix"));
         if (StringUtils.isEmpty(cacheCode)){
             throw new CustomException("验证码已过期,请重新发送");
         }else if (!credential.equals(cacheCode)){

hzgzpt-service-app/src/main/java/com/miaxis/app/sms/impl/SmsServiceImpl.java

@@ -2,7 +2,6 @@ package com.miaxis.app.sms.impl;
 
 import com.miaxis.app.sms.ISmsService;
 import com.miaxis.app.sms.domain.SmsParameter;
-import com.miaxis.common.constant.Constants;
 import com.miaxis.common.constant.SmsTemplateConstants;
 import com.miaxis.common.core.domain.Response;
 import com.miaxis.common.core.domain.ResponseEnum;
@@ -14,7 +13,10 @@ import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Service;
 
 import java.net.URLEncoder;
-import java.util.*;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.Random;
 import java.util.concurrent.TimeUnit;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -31,7 +33,7 @@ public class SmsServiceImpl implements ISmsService {
 
     private final String MOBILE_REGEX = "^((13[0-9])|(14[0-9])|(15[0-9])|(17[0-9])|(18[0-9])|(19[0-9]))\\d{8}$";//手机号码验证
     private final Integer SMS_MAX_COUNT = 500 ;//每天系统发送最大次数(预留)
-    private final Integer MAX_COUNT = 5 ;//每个手机号验证发送最大次数
+    private final Integer MAX_COUNT = 50 ;//每个手机号验证发送最大次数
     private final long SEND_INTERVAL = 3 ;//发送间隔时间