From 144d7f7cf862536ee0637d3d3ef0e11c6c9dd8da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?= <15040126243@163.com> Date: Mon, 12 Jun 2023 14:08:31 +0800 Subject: [PATCH] =?UTF-8?q?fix=20=E4=BF=AE=E5=A4=8D=20=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E6=A0=A1=E9=AA=8C=E9=94=99=E8=AF=AF=E6=AC=A1=E6=95=B0=E6=9C=AA?= =?UTF-8?q?=E8=BE=BE=E5=88=B0=E4=B8=8A=E9=99=90=E6=97=B6=20=E9=94=99?= =?UTF-8?q?=E8=AF=AF=E6=AC=A1=E6=95=B0=E7=BC=93=E5=AD=98=E6=9C=AA=E8=AE=BE?= =?UTF-8?q?=E7=BD=AE=E6=9C=89=E6=95=88=E6=97=B6=E9=97=B4=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../dromara/auth/service/SysLoginService.java | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/ruoyi-auth/src/main/java/org/dromara/auth/service/SysLoginService.java b/ruoyi-auth/src/main/java/org/dromara/auth/service/SysLoginService.java index c197437b..390c7642 100644 --- a/ruoyi-auth/src/main/java/org/dromara/auth/service/SysLoginService.java +++ b/ruoyi-auth/src/main/java/org/dromara/auth/service/SysLoginService.java @@ -9,7 +9,6 @@ import lombok.extern.slf4j.Slf4j; import org.apache.dubbo.config.annotation.DubboReference; import org.dromara.auth.form.RegisterBody; import org.dromara.auth.properties.UserPasswordProperties; -import org.dromara.common.core.constant.CacheConstants; import org.dromara.common.core.constant.Constants; import org.dromara.common.core.constant.GlobalConstants; import org.dromara.common.core.constant.TenantConstants; @@ -202,34 +201,34 @@ public class SysLoginService { * 登录校验 */ private void checkLogin(LoginType loginType, String tenantId, String username, Supplier supplier) { - String errorKey = CacheConstants.PWD_ERR_CNT_KEY + username; + String errorKey = GlobalConstants.PWD_ERR_CNT_KEY + username; String loginFail = Constants.LOGIN_FAIL; Integer maxRetryCount = userPasswordProperties.getMaxRetryCount(); Integer lockTime = userPasswordProperties.getLockTime(); - // 获取用户登录错误次数(可自定义限制策略 例如: key + username + ip) - Integer errorNumber = RedisUtils.getCacheObject(errorKey); + // 获取用户登录错误次数,默认为0 (可自定义限制策略 例如: key + username + ip) + int errorNumber = ObjectUtil.defaultIfNull(RedisUtils.getCacheObject(errorKey), 0); // 锁定时间内登录 则踢出 - if (ObjectUtil.isNotNull(errorNumber) && errorNumber.equals(maxRetryCount)) { + if (errorNumber >= maxRetryCount) { recordLogininfor(tenantId, username, loginFail, MessageUtils.message(loginType.getRetryLimitExceed(), maxRetryCount, lockTime)); throw new UserException(loginType.getRetryLimitExceed(), maxRetryCount, lockTime); } if (supplier.get()) { - // 是否第一次 - errorNumber = ObjectUtil.isNull(errorNumber) ? 1 : errorNumber + 1; + // 错误次数递增 + errorNumber++; + RedisUtils.setCacheObject(errorKey, errorNumber, Duration.ofMinutes(lockTime)); // 达到规定错误次数 则锁定登录 - if (errorNumber.equals(maxRetryCount)) { - RedisUtils.setCacheObject(errorKey, errorNumber, Duration.ofMinutes(lockTime)); + if (errorNumber >= maxRetryCount) { recordLogininfor(tenantId, username, loginFail, MessageUtils.message(loginType.getRetryLimitExceed(), maxRetryCount, lockTime)); throw new UserException(loginType.getRetryLimitExceed(), maxRetryCount, lockTime); } else { - // 未达到规定错误次数 则递增 - RedisUtils.setCacheObject(errorKey, errorNumber); + // 未达到规定错误次数 recordLogininfor(tenantId, username, loginFail, MessageUtils.message(loginType.getRetryLimitCount(), errorNumber)); throw new UserException(loginType.getRetryLimitCount(), errorNumber); } } + // 登录成功 清空错误次数 RedisUtils.deleteObject(errorKey); }