Merge remote-tracking branch 'origin/master'

src/main/java/com/sooka/module/web/system/service/impl/CmsUserServiceImpl.java

@@ -1,20 +1,14 @@
 package com.sooka.module.web.system.service.impl;
 
 import com.google.common.collect.Maps;
-import com.sooka.common.constant.CmsConst;
-import com.sooka.common.utils.CheckSumUtil;
 import com.sooka.common.utils.ControllerUtil;
 import com.sooka.common.utils.JsonUtil;
 import com.sooka.common.utils.StrUtil;
-import com.sooka.component.shiro.PasswordKit;
 import com.sooka.module.web.system.service.CmsUserService;
-import com.sooka.module.web.system.vo.UserVo;
 import com.sooka.mybatis.mapper.TCmsUserMapper;
 import com.sooka.mybatis.model.TCmsUser;
-import org.apache.commons.beanutils.BeanUtils;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.authc.*;
-import org.apache.shiro.subject.Subject;
+import org.apache.shiro.crypto.SecureRandomNumberGenerator;
+import org.apache.shiro.crypto.hash.Md5Hash;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cache.Cache;
 import org.springframework.cache.ehcache.EhCacheCacheManager;
@@ -53,6 +47,14 @@ public class CmsUserServiceImpl implements CmsUserService {
         return tryCount;
     }
 
+    public boolean matches(TCmsUser user, String newPassword) {
+        return user.getPassword().equals(encryptPassword(user.getUsername(), newPassword, user.getSalt()));
+    }
+
+    public String encryptPassword(String loginName, String password, String salt) {
+        return new Md5Hash(loginName + password + salt).toHex();
+    }
+
     @Override
     public Map<String, Object> login(HttpServletRequest request) {
         String username = request.getParameter("username"), password = request.getParameter("password"),
@@ -66,37 +68,19 @@ public class CmsUserServiceImpl implements CmsUserService {
             return result;
         }
         HttpSession session = request.getSession();
-        Subject currentUser = SecurityUtils.getSubject();
-        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password);
-        /*是否需要记住我*/
-        if ("true".equals(remberMe)) {
-            usernamePasswordToken.setRememberMe(true);
-        }
         try {
-            currentUser.login(usernamePasswordToken);
             TCmsUser user = selectByUsername(username);
             user.setLoginTime(new Date());
             user.setLastIp(ControllerUtil.getRemoteAddress(request));
             /*更新用户的登陆信息*/
             userMapper.updateByPrimaryKey(user);
-            /*userVo和TSysUser没什么区别，只是增加了siteId*/
-            UserVo userVo = new UserVo();
-            BeanUtils.copyProperties(userVo, user);
             /*设置session*/
-            session.setAttribute(CmsConst.SITE_USER_SESSION_KEY, userVo);
+            session.setAttribute("cms-login-user", user);
             result.put("success", true);
             result.put("message", "登录成功！");
-        } catch (UnknownAccountException e) {
-            result.put("message", "账号输入错误！");
-        } catch (IncorrectCredentialsException e) {
-            result.put("message", "密码输入错误！");
-            putInCache(cache, username);
-        } catch (LockedAccountException e) {
-            result.put("message", "当前账号已被停用！");
-        } catch (AuthenticationException ae) {
-            result.put("message", "账号或者密码输入错误！");
         } catch (Exception e) {
-            result.put("message", "发生了一个错误！");
+            result.put("message", "账号或者密码输入错误！");
+            putInCache(cache, username);
         }
         return result;
     }
@@ -106,13 +90,25 @@ public class CmsUserServiceImpl implements CmsUserService {
         return userMapper.selectByUsername(username);
     }
 
+    /**
+     * 生成随机盐
+     */
+    public static String randomSalt() {
+        // 一个Byte占两个字节，此处生成的3字节，字符串长度为6
+        SecureRandomNumberGenerator secureRandom = new SecureRandomNumberGenerator();
+        String hex = secureRandom.nextBytes(3).toHex();
+        return hex;
+    }
+
     @Override
     public String insert(TCmsUser user) {
         /* 加工password */
         if (!StrUtil.isBlank(user.getPassword().trim())) {
-            String salt = CheckSumUtil.getMD5(user.getUsername().trim());
-            user.setPassword(PasswordKit.encodePassword(user.getPassword().trim(), salt));
-            user.setSalt(salt);
+//            String salt = CheckSumUtil.getMD5(user.getUsername().trim());
+//            user.setPassword(PasswordKit.encodePassword(user.getPassword().trim(), salt));
+//            user.setSalt(salt);
+            user.setSalt(randomSalt());
+            user.setPassword(encryptPassword(user.getUsername(), user.getPassword(), user.getSalt()));
         }
         if (userMapper.insert(user) > 0) {
             return JsonUtil.toSUCCESS("注册成功");

src/main/resources/static/js/register/login.js

@@ -6,10 +6,14 @@ $(function () {
         // ajax提交表单，#login_form为表单的ID。如：$('#login_form').ajaxSubmit(function(data)
         $.post("/login", {username: "test", password: "123456", "verifyCode": $("#j_captcha").val()}, function (data) {
             var obj = eval(data);
-            show_err_msg(obj.message);
-            setTimeout(function () {
-                location.reload();
-            }, 3000);
+            if (obj.success) {
+                show_msg(obj.message, "/");
+            } else {
+                show_err_msg(obj.message);
+                setTimeout(function () {
+                    location.reload();
+                }, 3000);
+            }
         }, "json");
     });
 });

src/main/resources/templates/www/tuiyijunren/login.html

@@ -12,10 +12,10 @@
 
 <body class="dl_body">
 	<div class="dl_con">
-	<div class="text">
-		<h1>吉林省退役军人<br>就业创业综合服务平台</h1>
-		<span>退伍不褪色&nbsp;&nbsp;&nbsp;忠诚永记心</span>
-	</div>
+		<div class="text">
+			<h1>吉林省退役军人<br>就业创业综合服务平台</h1>
+			<span>退伍不褪色&nbsp;&nbsp;&nbsp;忠诚永记心</span>
+		</div>
 		<div class="dl_form">
 			<input type="text" placeholder="账号：手机号/邮箱/昵称"/>
 			<input type="text" placeholder="密码：请输入您的密码"/>