Search in sources :

Example 6 with LoginUser

use of com.ruoyi.common.core.domain.model.LoginUser in project RuoYi-Vue-Plus by JavaLionLi.

the class SysLoginService method login.

/**
 * 登录验证
 *
 * @param username 用户名
 * @param password 密码
 * @param code     验证码
 * @param uuid     唯一标识
 * @return 结果
 */
public String login(String username, String password, String code, String uuid) {
    HttpServletRequest request = ServletUtils.getRequest();
    boolean captchaOnOff = configService.selectCaptchaOnOff();
    // 验证码开关
    if (captchaOnOff) {
        validateCaptcha(username, code, uuid, request);
    }
    // 获取用户登录错误次数(可自定义限制策略 例如: key + username + ip)
    Integer errorNumber = RedisUtils.getCacheObject(Constants.LOGIN_ERROR + username);
    // 锁定时间内登录 则踢出
    if (ObjectUtil.isNotNull(errorNumber) && errorNumber.equals(Constants.LOGIN_ERROR_NUMBER)) {
        asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME), request);
        throw new UserException("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME);
    }
    SysUser user = loadUserByUsername(username);
    if (!BCrypt.checkpw(password, user.getPassword())) {
        // 是否第一次
        errorNumber = ObjectUtil.isNull(errorNumber) ? 1 : errorNumber + 1;
        // 达到规定错误次数 则锁定登录
        if (errorNumber.equals(Constants.LOGIN_ERROR_NUMBER)) {
            RedisUtils.setCacheObject(Constants.LOGIN_ERROR + username, errorNumber, Constants.LOGIN_ERROR_LIMIT_TIME, TimeUnit.MINUTES);
            asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME), request);
            throw new UserException("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME);
        } else {
            // 未达到规定错误次数 则递增
            RedisUtils.setCacheObject(Constants.LOGIN_ERROR + username, errorNumber);
            asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.count", errorNumber), request);
            throw new UserException("user.password.retry.limit.count", errorNumber);
        }
    }
    // 登录成功 清空错误次数
    RedisUtils.deleteObject(Constants.LOGIN_ERROR + username);
    LoginUser loginUser = buildLoginUser(user);
    // 生成token
    LoginHelper.loginByDevice(loginUser, DeviceType.PC);
    asyncService.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"), request);
    recordLoginInfo(user.getUserId(), username);
    return StpUtil.getTokenValue();
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SysUser(com.ruoyi.common.core.domain.entity.SysUser) UserException(com.ruoyi.common.exception.user.UserException) LoginUser(com.ruoyi.common.core.domain.model.LoginUser)

Example 7 with LoginUser

use of com.ruoyi.common.core.domain.model.LoginUser in project RuoYi-Vue-Plus by JavaLionLi.

the class SysRoleController method edit.

/**
 * 修改保存角色
 */
@ApiOperation("修改保存角色")
@SaCheckPermission("system:role:edit")
@Log(title = "角色管理", businessType = BusinessType.UPDATE)
@PutMapping
public R<Void> edit(@Validated @RequestBody SysRole role) {
    roleService.checkRoleAllowed(role);
    roleService.checkRoleDataScope(role.getRoleId());
    if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleNameUnique(role))) {
        return R.fail("修改角色'" + role.getRoleName() + "'失败,角色名称已存在");
    } else if (UserConstants.NOT_UNIQUE.equals(roleService.checkRoleKeyUnique(role))) {
        return R.fail("修改角色'" + role.getRoleName() + "'失败,角色权限已存在");
    }
    if (roleService.updateRole(role) > 0) {
        // 更新缓存用户权限
        LoginUser loginUser = getLoginUser();
        SysUser sysUser = userService.selectUserById(loginUser.getUserId());
        if (ObjectUtil.isNotNull(sysUser) && !sysUser.isAdmin()) {
            loginUser.setMenuPermission(permissionService.getMenuPermission(sysUser));
            LoginHelper.setLoginUser(loginUser);
        }
        return R.ok();
    }
    return R.fail("修改角色'" + role.getRoleName() + "'失败,请联系管理员");
}
Also used : SysUser(com.ruoyi.common.core.domain.entity.SysUser) LoginUser(com.ruoyi.common.core.domain.model.LoginUser) Log(com.ruoyi.common.annotation.Log) SaCheckPermission(cn.dev33.satoken.annotation.SaCheckPermission)

Example 8 with LoginUser

use of com.ruoyi.common.core.domain.model.LoginUser in project RuoYi-Vue-Plus by JavaLionLi.

the class UserActionListener method doLogin.

/**
 * 每次登录时触发
 */
@Override
public void doLogin(String loginType, Object loginId, SaLoginModel loginModel) {
    UserType userType = UserType.getUserType(loginId.toString());
    if (userType == UserType.SYS_USER) {
        UserAgent userAgent = UserAgentUtil.parse(ServletUtils.getRequest().getHeader("User-Agent"));
        String ip = ServletUtils.getClientIP();
        LoginUser user = LoginHelper.getLoginUser();
        String tokenValue = StpUtil.getTokenValueByLoginId(loginId);
        UserOnlineDTO dto = new UserOnlineDTO();
        dto.setIpaddr(ip);
        dto.setLoginLocation(AddressUtils.getRealAddressByIP(ip));
        dto.setBrowser(userAgent.getBrowser().getName());
        dto.setOs(userAgent.getOs().getName());
        dto.setLoginTime(System.currentTimeMillis());
        dto.setTokenId(tokenValue);
        dto.setUserName(user.getUsername());
        dto.setDeptName(user.getDeptName());
        RedisUtils.setCacheObject(Constants.ONLINE_TOKEN_KEY + tokenValue, dto, tokenConfig.getTimeout(), TimeUnit.SECONDS);
        log.info("user doLogin, useId:{}, token:{}", loginId, tokenValue);
    } else if (userType == UserType.APP_USER) {
    // app端 自行根据业务编写
    }
}
Also used : UserOnlineDTO(com.ruoyi.common.core.domain.dto.UserOnlineDTO) UserAgent(cn.hutool.http.useragent.UserAgent) LoginUser(com.ruoyi.common.core.domain.model.LoginUser) UserType(com.ruoyi.common.enums.UserType)

Example 9 with LoginUser

use of com.ruoyi.common.core.domain.model.LoginUser in project RuoYi-Vue-Plus by JavaLionLi.

the class SaInterfaceImpl method getRoleList.

@Override
public List<String> getRoleList(Object loginId, String loginType) {
    LoginUser loginUser = LoginHelper.getLoginUser();
    UserType userType = UserType.getUserType(loginUser.getUserType());
    if (userType == UserType.SYS_USER) {
        return new ArrayList<>(loginUser.getRolePermission());
    } else if (userType == UserType.APP_USER) {
    // app端权限返回 自行根据业务编写
    }
    return new ArrayList<>();
}
Also used : ArrayList(java.util.ArrayList) LoginUser(com.ruoyi.common.core.domain.model.LoginUser) UserType(com.ruoyi.common.enums.UserType)

Example 10 with LoginUser

use of com.ruoyi.common.core.domain.model.LoginUser in project wumei-smart by kerwincui.

the class LogAspect method handleLog.

protected void handleLog(final JoinPoint joinPoint, Log controllerLog, final Exception e, Object jsonResult) {
    try {
        // 获取当前的用户
        LoginUser loginUser = SecurityUtils.getLoginUser();
        // *========数据库日志=========*//
        SysOperLog operLog = new SysOperLog();
        operLog.setStatus(BusinessStatus.SUCCESS.ordinal());
        // 请求的地址
        String ip = IpUtils.getIpAddr(ServletUtils.getRequest());
        operLog.setOperIp(ip);
        operLog.setOperUrl(ServletUtils.getRequest().getRequestURI());
        if (loginUser != null) {
            operLog.setOperName(loginUser.getUsername());
        }
        if (e != null) {
            operLog.setStatus(BusinessStatus.FAIL.ordinal());
            operLog.setErrorMsg(StringUtils.substring(e.getMessage(), 0, 2000));
        }
        // 设置方法名称
        String className = joinPoint.getTarget().getClass().getName();
        String methodName = joinPoint.getSignature().getName();
        operLog.setMethod(className + "." + methodName + "()");
        // 设置请求方式
        operLog.setRequestMethod(ServletUtils.getRequest().getMethod());
        // 处理设置注解上的参数
        getControllerMethodDescription(joinPoint, controllerLog, operLog, jsonResult);
        // 保存数据库
        AsyncManager.me().execute(AsyncFactory.recordOper(operLog));
    } catch (Exception exp) {
        // 记录本地异常日志
        log.error("==前置通知异常==");
        log.error("异常信息:{}", exp.getMessage());
        exp.printStackTrace();
    }
}
Also used : SysOperLog(com.ruoyi.system.domain.SysOperLog) LoginUser(com.ruoyi.common.core.domain.model.LoginUser)

Aggregations

LoginUser (com.ruoyi.common.core.domain.model.LoginUser)65 Log (com.ruoyi.common.annotation.Log)16 SysUser (com.ruoyi.common.core.domain.entity.SysUser)13 GetMapping (org.springframework.web.bind.annotation.GetMapping)10 AjaxResult (com.ruoyi.common.core.domain.AjaxResult)9 UserType (com.ruoyi.common.enums.UserType)8 PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)8 ServiceException (com.ruoyi.common.exception.ServiceException)7 ArrayList (java.util.ArrayList)7 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)7 PutMapping (org.springframework.web.bind.annotation.PutMapping)7 UserPasswordNotMatchException (com.ruoyi.common.exception.user.UserPasswordNotMatchException)5 DataColumn (com.ruoyi.common.annotation.DataColumn)4 RoleDTO (com.ruoyi.common.core.domain.dto.RoleDTO)4 SysMenu (com.ruoyi.common.core.domain.entity.SysMenu)4 CaptchaException (com.ruoyi.common.exception.user.CaptchaException)4 CaptchaExpireException (com.ruoyi.common.exception.user.CaptchaExpireException)4 Claims (io.jsonwebtoken.Claims)4 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)4 Authentication (org.springframework.security.core.Authentication)4