1、解决优化安全渗透问题

citu-module-member/citu-module-member-biz/src/main/java/com/citu/module/member/controller/app/invoice/AppInvoiceListController.java

@@ -1,23 +1,23 @@
 package com.citu.module.member.controller.app.invoice;
 
+import com.citu.framework.common.pojo.CommonResult;
+import com.citu.framework.common.pojo.PageResult;
+import com.citu.framework.common.util.object.BeanUtils;
+import com.citu.framework.security.core.annotations.PreAuthenticated;
 import com.citu.module.member.controller.app.invoice.vo.InvoiceListPageReqVO;
 import com.citu.module.member.controller.app.invoice.vo.InvoiceListRespVO;
 import com.citu.module.member.controller.app.invoice.vo.InvoiceListSaveReqVO;
 import com.citu.module.member.dal.dataobject.invoice.InvoiceListDO;
 import com.citu.module.member.service.invoice.InvoiceListService;
-import org.springframework.web.bind.annotation.*;
-import javax.annotation.Resource;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.security.access.prepost.PreAuthorize;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
 
-import javax.validation.*;
+import javax.annotation.Resource;
+import javax.validation.Valid;
 
-import com.citu.framework.common.pojo.PageResult;
-import com.citu.framework.common.pojo.CommonResult;
-import com.citu.framework.common.util.object.BeanUtils;
 import static com.citu.framework.common.pojo.CommonResult.success;
 
 
@@ -30,6 +30,7 @@ public class AppInvoiceListController {
     @Resource
     private InvoiceListService invoiceListService;
 
+    @PreAuthenticated
     @PostMapping("/create")
     @Operation(summary = "创建发票")
     public CommonResult<Long> createInvoiceList(@Valid @RequestBody InvoiceListSaveReqVO createReqVO) {
@@ -54,8 +55,8 @@ public class AppInvoiceListController {
 
     @GetMapping("/get")
     @Operation(summary = "获得发票清单")
+    @PreAuthenticated
     @Parameter(name = "id", description = "编号", required = true, example = "1024")
-    @PreAuthorize("@ss.hasPermission('member:invoice-list:query')")
     public CommonResult<InvoiceListRespVO> getInvoiceList(@RequestParam("id") Long id) {
         InvoiceListDO invoiceList = invoiceListService.getInvoiceList(id);
         return success(BeanUtils.toBean(invoiceList, InvoiceListRespVO.class));
@@ -63,7 +64,7 @@ public class AppInvoiceListController {
 
     @GetMapping("/page")
     @Operation(summary = "获得发票清单分页")
-//    @PreAuthorize("@ss.hasPermission('member:invoice-list:query')")
+    @PreAuthenticated
     public CommonResult<PageResult<InvoiceListRespVO>> getInvoiceListPage(@Valid InvoiceListPageReqVO pageReqVO) {
         PageResult<InvoiceListDO> pageResult = invoiceListService.getInvoiceListPage(pageReqVO);
         return success(BeanUtils.toBean(pageResult, InvoiceListRespVO.class));

citu-module-member/citu-module-member-biz/src/main/java/com/citu/module/member/controller/app/invoice/InvoiceTitleController.java

@@ -1,36 +1,32 @@
 package com.citu.module.member.controller.app.invoice;
 
+import com.citu.framework.apilog.core.annotation.ApiAccessLog;
+import com.citu.framework.common.pojo.CommonResult;
+import com.citu.framework.common.pojo.PageParam;
+import com.citu.framework.common.pojo.PageResult;
+import com.citu.framework.common.util.object.BeanUtils;
+import com.citu.framework.excel.core.util.ExcelUtils;
+import com.citu.framework.security.core.annotations.PreAuthenticated;
 import com.citu.module.member.controller.app.invoice.vo.InvoiceTitlePageReqVO;
 import com.citu.module.member.controller.app.invoice.vo.InvoiceTitleRespVO;
 import com.citu.module.member.controller.app.invoice.vo.InvoiceTitleSaveReqVO;
 import com.citu.module.member.dal.dataobject.invoice.InvoiceTitleDO;
 import com.citu.module.member.service.invoice.InvoiceTitleService;
-import org.springframework.web.bind.annotation.*;
-import javax.annotation.Resource;
-import org.springframework.validation.annotation.Validated;
-import org.springframework.security.access.prepost.PreAuthorize;
-import io.swagger.v3.oas.annotations.tags.Tag;
-import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
 
-import javax.validation.constraints.*;
-import javax.validation.*;
-import javax.servlet.http.*;
-import java.util.*;
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletResponse;
+import javax.validation.Valid;
 import java.io.IOException;
+import java.util.List;
 
-import com.citu.framework.common.pojo.PageParam;
-import com.citu.framework.common.pojo.PageResult;
-import com.citu.framework.common.pojo.CommonResult;
-import com.citu.framework.common.util.object.BeanUtils;
+import static com.citu.framework.apilog.core.enums.OperateTypeEnum.EXPORT;
 import static com.citu.framework.common.pojo.CommonResult.success;
 
-import com.citu.framework.excel.core.util.ExcelUtils;
-
-import com.citu.framework.apilog.core.annotation.ApiAccessLog;
-import static com.citu.framework.apilog.core.enums.OperateTypeEnum.*;
-
-
 
 @Tag(name = "管理发票抬头")
 @RestController
@@ -42,12 +38,14 @@ public class InvoiceTitleController {
     private InvoiceTitleService invoiceTitleService;
 
     @PostMapping("/create")
+    @PreAuthenticated
     @Operation(summary = "创建发票抬头")
     public CommonResult<Long> createInvoiceTitle(@Valid @RequestBody InvoiceTitleSaveReqVO createReqVO) {
         return success(invoiceTitleService.createInvoiceTitle(createReqVO));
     }
 
     @PutMapping("/update")
+    @PreAuthenticated
     @Operation(summary = "更新发票抬头")
     public CommonResult<Boolean> updateInvoiceTitle(@Valid @RequestBody InvoiceTitleSaveReqVO updateReqVO) {
         invoiceTitleService.updateInvoiceTitle(updateReqVO);
@@ -56,8 +54,8 @@ public class InvoiceTitleController {
 
     @DeleteMapping("/delete")
     @Operation(summary = "删除发票抬头")
+    @PreAuthenticated
     @Parameter(name = "id", description = "编号", required = true)
-//    @PreAuthorize("@ss.hasPermission('member:invoice-title:delete')")
     public CommonResult<Boolean> deleteInvoiceTitle(@RequestParam("id") Long id) {
         invoiceTitleService.deleteInvoiceTitle(id);
         return success(true);
@@ -65,6 +63,7 @@ public class InvoiceTitleController {
 
     @GetMapping("/get")
     @Operation(summary = "获得发票抬头")
+    @PreAuthenticated
     @Parameter(name = "id", description = "编号", required = true, example = "1024")
     public CommonResult<InvoiceTitleRespVO> getInvoiceTitle(@RequestParam("id") Long id) {
         InvoiceTitleDO invoiceTitle = invoiceTitleService.getInvoiceTitle(id);
@@ -72,22 +71,24 @@ public class InvoiceTitleController {
     }
 
     @GetMapping("/page")
+    @PreAuthenticated
     @Operation(summary = "获得发票抬头分页")
     public CommonResult<PageResult<InvoiceTitleRespVO>> getInvoiceTitlePage(@Valid InvoiceTitlePageReqVO pageReqVO) {
         PageResult<InvoiceTitleDO> pageResult = invoiceTitleService.getInvoiceTitlePage(pageReqVO);
         return success(BeanUtils.toBean(pageResult, InvoiceTitleRespVO.class));
     }
 
+    @PreAuthenticated
     @GetMapping("/export-excel")
     @Operation(summary = "导出发票抬头 Excel")
     @ApiAccessLog(operateType = EXPORT)
     public void exportInvoiceTitleExcel(@Valid InvoiceTitlePageReqVO pageReqVO,
-              HttpServletResponse response) throws IOException {
+                                        HttpServletResponse response) throws IOException {
         pageReqVO.setPageSize(PageParam.PAGE_SIZE_NONE);
         List<InvoiceTitleDO> list = invoiceTitleService.getInvoiceTitlePage(pageReqVO).getList();
         // 导出 Excel
         ExcelUtils.write(response, "发票抬头.xls", "数据", InvoiceTitleRespVO.class,
-                        BeanUtils.toBean(list, InvoiceTitleRespVO.class));
+                BeanUtils.toBean(list, InvoiceTitleRespVO.class));
     }
 
 }

menduner/menduner-im-biz/pom.xml

@@ -37,6 +37,11 @@
             <version>${revision}</version>
         </dependency>
 
+        <dependency>
+            <groupId>com.citu</groupId>
+            <artifactId>citu-spring-boot-starter-protection</artifactId>
+        </dependency>
+
 
         <!-- Registry 注册中心相关 -->
         <dependency>

menduner/menduner-im-biz/src/main/java/com/citu/module/menduner/im/controller/app/WuKongSessionController.java

@@ -2,6 +2,7 @@ package com.citu.module.menduner.im.controller.app;
 
 import com.citu.framework.common.pojo.CommonResult;
 import com.citu.framework.security.core.annotations.PreAuthenticated;
+import com.citu.framework.signature.core.annotation.ApiSignature;
 import com.citu.module.menduner.im.controller.app.base.wukong.ConversationSyncReqVo;
 import com.citu.module.menduner.im.controller.app.base.wukong.ConversationsDeleteReqVo;
 import com.citu.module.menduner.im.controller.app.base.wukong.ConversationsUnreadReqVo;
@@ -33,6 +34,7 @@ public class WuKongSessionController {
      * @return CommonResult
      */
     @PreAuthenticated
+    @ApiSignature(timeout = 30)
     @PostMapping("/conversation/sync")
     public CommonResult conversatioSync(@RequestBody ConversationSyncReqVo reqVo){
         return  service.conversatioSync(reqVo);

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/controller/app/common/auth/AppMdeAuthController.java

@@ -4,6 +4,7 @@ import cn.hutool.core.util.StrUtil;
 import com.citu.framework.common.enums.UserTypeEnum;
 import com.citu.framework.common.pojo.CommonResult;
 import com.citu.framework.idempotent.core.annotation.Idempotent;
+import com.citu.framework.idempotent.core.keyresolver.impl.ExpressionIdempotentKeyResolver;
 import com.citu.framework.idempotent.core.keyresolver.impl.UserIdempotentKeyResolver;
 import com.citu.framework.security.config.SecurityProperties;
 import com.citu.framework.security.core.util.SecurityFrameworkUtils;
@@ -48,6 +49,7 @@ public class AppMdeAuthController {
 
     @PostMapping("/login")
     @Operation(summary = "使用手机/邮箱 + 密码登录")
+    @Idempotent(keyResolver = ExpressionIdempotentKeyResolver.class,keyArg = "#reqVO.account")
     public CommonResult<AppMdeAuthLoginRespVO> login(@RequestBody @Valid AppMdeAuthLoginReqVO reqVO) {
         return success(authService.login(reqVO));
     }

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/dal/redis/RedisKeyConstants.java

@@ -153,4 +153,12 @@ public interface RedisKeyConstants {
      * VALUE 数据类型：String
      **/
     String MDE_AUTH_USER_PWD_LOCK = "mde_auth_user_pwd_lock:%s";
+
+    /**
+     * 企业用户密码错误多次锁定
+     * <p>
+     * KEY 格式：mde_auth_enterprise_user_pwd_lock:{id}
+     * VALUE 数据类型：String
+     **/
+    String MDE_AUTH_ENTERPRISE_USER_PWD_LOCK = "mde_auth_enterprise_user_pwd_lock:%s";
 }

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/service/auth/MdeAuthServiceImpl.java

@@ -41,7 +41,8 @@ import com.xingyuv.captcha.model.vo.CaptchaVO;
 import com.xingyuv.captcha.service.CaptchaService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Service;
 
 import javax.annotation.Resource;
@@ -92,7 +93,8 @@ public class MdeAuthServiceImpl implements MdeAuthService {
     @Resource
     protected CaptchaService captchaService;
     @Resource
-    private StringRedisTemplate redisTemplate;
+    @Lazy
+    private RedisTemplate<String, String> redisTemplate;
 
     @VisibleForTesting
     protected void validateCaptcha(AppMdeAuthLoginReqVO reqVO) {
@@ -146,6 +148,12 @@ public class MdeAuthServiceImpl implements MdeAuthService {
             createLoginLog(null, account, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
             throw exception(MDE_USER_MOBILE_NOT_EXISTS);
         }
+        // 校验是否禁用
+        if (ObjectUtil.notEqual(user.getStatus(), MendunerStatusEnum.ENABLE.getStatus())) {
+            createLoginLog(user.getId(), account, logTypeEnum, LoginResultEnum.USER_DISABLED);
+            throw exception(MDE_AUTH_LOGIN_USER_DISABLED);
+        }
+
         if (!userService.isPasswordMatch(password, user.getPassword())) {
             // 只有输错密码并且是首次才提示修改密码
             if (null == user.getLoginDate()) {
@@ -155,15 +163,15 @@ public class MdeAuthServiceImpl implements MdeAuthService {
                 // 获取错误次数
                 String num =
                         redisTemplate.opsForValue()
-                                .get(String.format(MDE_AUTH_USER_PWD_LOCK, user.getPhone()));
+                                .get(String.format(MDE_AUTH_USER_PWD_LOCK, user.getId()));
                 Integer numInt = Integer.parseInt(null == num ? "0" : num) + 1;
 
                 redisTemplate.opsForValue()
-                        .setIfAbsent(MDE_AUTH_USER_PWD_LOCK, String.valueOf(numInt), 8, TimeUnit.HOURS);
+                        .set(String.format(MDE_AUTH_USER_PWD_LOCK, user.getId()), String.valueOf(numInt), 8, TimeUnit.HOURS);
                 if (numInt >= 5) {
                     // 8个小时内输错5次 锁定
                     userService.disable(Collections.singletonList(user.getId()));
-                    createLoginLog(user.getId(),account,logTypeEnum, LoginResultEnum.USER_DISABLED);
+                    createLoginLog(user.getId(), account, logTypeEnum, LoginResultEnum.USER_DISABLED);
                     throw exception(MDE_AUTH_LOGIN_USER_DISABLED);
                 } else {
                     // 提示账户密码错误
@@ -173,11 +181,8 @@ public class MdeAuthServiceImpl implements MdeAuthService {
             }
         }
 
-        // 校验是否禁用
-        if (ObjectUtil.notEqual(user.getStatus(), MendunerStatusEnum.ENABLE.getStatus())) {
-            createLoginLog(user.getId(), account, logTypeEnum, LoginResultEnum.USER_DISABLED);
-            throw exception(MDE_AUTH_LOGIN_USER_DISABLED);
-        }
+        // 登录成功就清理
+        redisTemplate.delete(String.format(MDE_AUTH_USER_PWD_LOCK, user.getId()));
         return user;
 
     }
@@ -207,7 +212,6 @@ public class MdeAuthServiceImpl implements MdeAuthService {
     }
 
     @Override
-    @DSTransactional
     public AppMdeAuthLoginRespVO smsLogin(AppMdeAuthSmsLoginReqVO reqVO) {
         // 校验验证码
         String userIp = getClientIP();
@@ -228,15 +232,21 @@ public class MdeAuthServiceImpl implements MdeAuthService {
             Assert.notNull(user, "获取用户失败，结果为空");
         }
 
+        // 是否禁用
+        if (ObjectUtil.notEqual(user.getStatus(), MendunerStatusEnum.ENABLE.getStatus())) {
+            createLoginLog(user.getId(), user.getPhone(), LoginLogTypeEnum.LOGIN_SMS, LoginResultEnum.USER_DISABLED);
+            throw exception(MDE_AUTH_LOGIN_USER_DISABLED);
+        }
+
         if (result.isError()) {
             // 获取错误次数
             String num =
                     redisTemplate.opsForValue()
-                            .get(String.format(MDE_AUTH_USER_SMS_CODE_LOCK, reqVO.getPhone()));
+                            .get(String.format(MDE_AUTH_USER_SMS_CODE_LOCK, user.getId()));
             Integer numInt = Integer.parseInt(null == num ? "0" : num) + 1;
 
             redisTemplate.opsForValue()
-                    .setIfAbsent(MDE_AUTH_USER_SMS_CODE_LOCK, String.valueOf(numInt), 8, TimeUnit.HOURS);
+                    .set(String.format(MDE_AUTH_USER_SMS_CODE_LOCK, user.getId()), String.valueOf(numInt), 8, TimeUnit.HOURS);
 
             if (numInt >= 5) {
                 // 8个小时内输错5次 锁定
@@ -249,12 +259,6 @@ public class MdeAuthServiceImpl implements MdeAuthService {
             }
         }
 
-        // 是否禁用
-        if (ObjectUtil.notEqual(user.getStatus(), MendunerStatusEnum.ENABLE.getStatus())) {
-            createLoginLog(user.getId(), user.getPhone(), LoginLogTypeEnum.LOGIN_SMS, LoginResultEnum.USER_DISABLED);
-            throw exception(MDE_AUTH_LOGIN_USER_DISABLED);
-        }
-
         // 如果 socialType 非空，说明需要绑定社交用户
         String openid = null;
         if (reqVO.getSocialType() != null) {
@@ -262,7 +266,7 @@ public class MdeAuthServiceImpl implements MdeAuthService {
                     reqVO.getSocialType(), reqVO.getSocialCode(), reqVO.getSocialState())).getCheckedData();
         }
         // 登录成功就清理
-        redisTemplate.delete(MDE_AUTH_USER_SMS_CODE_LOCK);
+        redisTemplate.delete(String.format(MDE_AUTH_USER_SMS_CODE_LOCK, user.getId()));
         // 创建 Token 令牌，记录登录日志
         return createTokenAfterLoginSuccess(user, reqVO.getPhone(), LoginLogTypeEnum.LOGIN_SMS, openid);
     }

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/service/auth/MdeEnterpriseAuthServiceImpl.java

@@ -36,6 +36,7 @@ import com.xingyuv.captcha.model.common.ResponseModel;
 import com.xingyuv.captcha.model.vo.CaptchaVO;
 import com.xingyuv.captcha.service.CaptchaService;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Service;
 import org.springframework.validation.annotation.Validated;
@@ -47,6 +48,7 @@ import java.util.concurrent.TimeUnit;
 
 import static com.citu.framework.common.exception.util.ServiceExceptionUtil.exception;
 import static com.citu.framework.common.util.servlet.ServletUtils.getClientIP;
+import static com.citu.module.menduner.system.dal.redis.RedisKeyConstants.MDE_AUTH_ENTERPRISE_USER_PWD_LOCK;
 import static com.citu.module.menduner.system.enums.ErrorCodeConstants.*;
 
 /**
@@ -81,10 +83,10 @@ public class MdeEnterpriseAuthServiceImpl implements MdeEnterpriseAuthService {
     @Resource
     private MailSendApi mailSendApi;
     @Resource
+    @Lazy
     private RedisTemplate<String, Object> redisTemplate;
 
     @Override
-    @DSTransactional
     public AppMdeAuthLoginRespVO login(String email, String password) {
         // 使用邮箱 + 密码，进行登录。
         EnterpriseUserBindDO bindUser = check(email, password);
@@ -133,9 +135,14 @@ public class MdeEnterpriseAuthServiceImpl implements MdeEnterpriseAuthService {
             createLoginLog(null, email, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
             throw exception(MDE_USER_EMAIL_NOT_REGISTERED);
         }
+        // 校验是否禁用
+        if (ObjectUtil.notEqual(user.getStatus(), MendunerStatusEnum.ENABLE.getStatus())) {
+            createLoginLog(user.getId(), email, logTypeEnum, LoginResultEnum.USER_DISABLED);
+            throw exception(MDE_ENTERPRISE_USER_BIND_IS_DISABLE);
+        }
         if (!userBindService.isPasswordMatch(password, user.getPassword())) {
             // 只有输错密码并且是首次and密码和邮箱一致(旧平台同步的数据才是邮箱和密码一致)才需要发邮箱告诉密码
-            if (null == user.getLoginDate()&&userBindService.isPasswordMatch(user.getEmail(), user.getPassword())) {
+            if (null == user.getLoginDate() && userBindService.isPasswordMatch(user.getEmail(), user.getPassword())) {
                 // 效验有没有更改过密码
                 // 没有则发送邮箱
                 MailSendSingleToUserReqDTO reqDTO = new MailSendSingleToUserReqDTO();
@@ -145,17 +152,28 @@ public class MdeEnterpriseAuthServiceImpl implements MdeEnterpriseAuthService {
                 mailSendApi.sendSingleMailToMember(reqDTO).getCheckedData();
                 throw exception(MDE_USER_EMAIL_INIT_PASSWORD);
             } else {
-                createLoginLog(user.getId(), email, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
-                throw exception(MDE_AUTH_LOGIN_BAD_CREDENTIALS);
+                // 获取错误次数
+                String num = (String) redisTemplate.opsForValue()
+                        .get(String.format(MDE_AUTH_ENTERPRISE_USER_PWD_LOCK, user.getId()));
+                Integer numInt = Integer.parseInt(null == num ? "0" : num) + 1;
+
+                redisTemplate.opsForValue()
+                        .set(String.format(MDE_AUTH_ENTERPRISE_USER_PWD_LOCK, user.getId())
+                                , String.valueOf(numInt), 8, TimeUnit.HOURS);
+                if (numInt >= 5) {
+                    // 8个小时内输错5次 锁定
+                    userBindService.disable(user.getId());
+                    createLoginLog(user.getId(), email, logTypeEnum, LoginResultEnum.USER_DISABLED);
+                    throw exception(MDE_ENTERPRISE_USER_BIND_IS_DISABLE);
+                } else {
+                    createLoginLog(user.getId(), email, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
+                    throw exception(MDE_AUTH_LOGIN_BAD_CREDENTIALS);
+                }
             }
         }
-        // 校验是否禁用
-        if (ObjectUtil.notEqual(user.getStatus(), MendunerStatusEnum.ENABLE.getStatus())) {
-            createLoginLog(user.getId(), email, logTypeEnum, LoginResultEnum.USER_DISABLED);
-            throw exception(MDE_AUTH_LOGIN_USER_DISABLED);
-        }
 
 
+        redisTemplate.delete(String.format(MDE_AUTH_ENTERPRISE_USER_PWD_LOCK, user.getId()));
         return user;
     }
 

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/service/enterprise/bind/EnterpriseUserBindService.java

@@ -223,6 +223,20 @@ public interface EnterpriseUserBindService {
      **/
     boolean enable(List<Long> ids);
 
+    /**
+     * 禁用账号
+     *
+     * @return id
+     **/
+    boolean disable(Long id);
+
+    /**
+     * 启用账户
+     *
+     * @return id
+     **/
+    boolean enable(Long ids);
+
     /**
      * 获取用户列表分页数据
      *

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/service/enterprise/bind/EnterpriseUserBindServiceImpl.java

@@ -8,7 +8,10 @@ import com.citu.framework.common.util.validation.ValidationUtils;
 import com.citu.framework.security.core.LoginUser;
 import com.citu.module.menduner.common.util.LoginUserContext;
 import com.citu.module.menduner.system.controller.app.jobhunt.enterprise.vo.AppEnterpriseUserBindRespVO;
-import com.citu.module.menduner.system.controller.app.recruit.user.vo.*;
+import com.citu.module.menduner.system.controller.app.recruit.user.vo.AppRecruitEnterpriseUserRespVO;
+import com.citu.module.menduner.system.controller.app.recruit.user.vo.AppRecruitUserPageReqVO;
+import com.citu.module.menduner.system.controller.app.recruit.user.vo.AppRecruitUserRespVO;
+import com.citu.module.menduner.system.controller.app.recruit.user.vo.AppRecruitUserSaveReqVO;
 import com.citu.module.menduner.system.controller.base.contact.EnterpriseUserContactRespVO;
 import com.citu.module.menduner.system.controller.base.contact.EnterpriseUserSummaryRespVO;
 import com.citu.module.menduner.system.controller.base.enterprise.bind.*;
@@ -21,8 +24,8 @@ import com.citu.module.menduner.system.enums.MendunerStatusEnum;
 import com.citu.module.menduner.system.enums.enterprise.EnterpriseUserTypeEnum;
 import com.citu.module.menduner.system.enums.permission.MdeDefaultRoleEnum;
 import com.citu.module.menduner.system.service.permission.MdePermissionService;
-import com.citu.module.menduner.system.service.user.MdeUserService;
 import org.springframework.context.annotation.Lazy;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;
@@ -37,6 +40,7 @@ import java.util.List;
 import static com.citu.framework.common.exception.enums.GlobalErrorCodeConstants.FORBIDDEN;
 import static com.citu.framework.common.exception.util.ServiceExceptionUtil.exception;
 import static com.citu.module.menduner.common.util.LoginUserContext.checkIsEnterpriseUser;
+import static com.citu.module.menduner.system.dal.redis.RedisKeyConstants.MDE_AUTH_ENTERPRISE_USER_PWD_LOCK;
 import static com.citu.module.menduner.system.enums.ErrorCodeConstants.*;
 
 /**
@@ -59,11 +63,11 @@ public class EnterpriseUserBindServiceImpl implements EnterpriseUserBindService
     private EnterpriseMapper enterpriseMapper;
 
     @Resource
-    @Lazy
-    private MdeUserService mdeUserService;
+    private PasswordEncoder passwordEncoder;
 
     @Resource
-    private PasswordEncoder passwordEncoder;
+    @Lazy
+    private RedisTemplate<String, String> redisTemplate;
 
     @Override
     public Long createEnterpriseUserBind(EnterpriseUserBindSaveReqVO createReqVO) {
@@ -180,19 +184,19 @@ public class EnterpriseUserBindServiceImpl implements EnterpriseUserBindService
     @DSTransactional
     public void createUser(EnterpriseUserBindDO userBindDO) {
         userBindDO.setEmail(userBindDO.getEmail().trim());
-        if(!StringUtils.hasText(userBindDO.getEmail())) {
+        if (!StringUtils.hasText(userBindDO.getEmail())) {
             throw exception(MDE_ENTERPRISE_USER_BIND_EMAIL_NOT_NULL);
         }
-        if(!ValidationUtils.isEmail(userBindDO.getEmail())) {
+        if (!ValidationUtils.isEmail(userBindDO.getEmail())) {
             throw exception(MDE_ENTERPRISE_USER_BIND_EMAIL_FORMAT_ERROR);
         }
-        if(null != getByEmail(userBindDO.getEmail())) {
+        if (null != getByEmail(userBindDO.getEmail())) {
             throw exception(MDE_ENTERPRISE_USER_BIND_EMAIL_DUPLICATE);
         }
         if (!StringUtils.hasText(userBindDO.getPassword())) {
             // 没有输入密码,则邮箱作为密码
             userBindDO.setPassword(encodePassword(userBindDO.getEmail()));
-        }else {
+        } else {
             userBindDO.setPassword(encodePassword(userBindDO.getPassword()));
         }
         mapper.insert(userBindDO);
@@ -378,8 +382,7 @@ public class EnterpriseUserBindServiceImpl implements EnterpriseUserBindService
             if (MendunerStatusEnum.DISABLE.getStatus().equals(userBindDO.getStatus())) {
                 throw exception(MDE_ENTERPRISE_USER_BIND_IS_DISABLE);
             }
-            userBindDO.setStatus(MendunerStatusEnum.DISABLE.getStatus());
-            mapper.updateById(userBindDO);
+            disable(id);
         }
         return true;
     }
@@ -392,12 +395,26 @@ public class EnterpriseUserBindServiceImpl implements EnterpriseUserBindService
             if (MendunerStatusEnum.ENABLE.getStatus().equals(userBindDO.getStatus())) {
                 return true;
             }
-            userBindDO.setStatus(MendunerStatusEnum.ENABLE.getStatus());
-            mapper.updateById(userBindDO);
+            enable(id);
         }
         return true;
     }
 
+    @Override
+    public boolean disable(Long id) {
+        mapper.updateById(EnterpriseUserBindDO.builder()
+                .id(id).status(MendunerStatusEnum.DISABLE.getStatus()).build());
+        return true;
+    }
+
+    @Override
+    public boolean enable(Long id) {
+        mapper.updateById(EnterpriseUserBindDO.builder()
+                .id(id).status(MendunerStatusEnum.ENABLE.getStatus()).build());
+        redisTemplate.delete(String.format(MDE_AUTH_ENTERPRISE_USER_PWD_LOCK, id));
+        return true;
+    }
+
     private EnterpriseUserBindDO valid(Long id) {
         LoginUser loginUser = checkIsEnterpriseUser();
 

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/service/user/MdeUserServiceImpl.java

@@ -28,6 +28,7 @@ import com.mzt.logapi.context.LogRecordContext;
 import com.mzt.logapi.service.impl.DiffParseFunction;
 import com.mzt.logapi.starter.annotation.LogRecord;
 import org.springframework.context.annotation.Lazy;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.validation.annotation.Validated;
@@ -39,6 +40,7 @@ import java.util.List;
 import static com.citu.framework.common.exception.util.ServiceExceptionUtil.exception;
 import static com.citu.framework.common.util.servlet.ServletUtils.getClientIP;
 import static com.citu.framework.web.core.util.WebFrameworkUtils.getTerminal;
+import static com.citu.module.menduner.system.dal.redis.RedisKeyConstants.MDE_AUTH_USER_PWD_LOCK;
 import static com.citu.module.menduner.system.enums.ErrorCodeConstants.*;
 import static com.citu.module.menduner.system.enums.MdeLogRecordConstants.*;
 import static com.citu.module.system.enums.ErrorCodeConstants.USER_USERNAME_EXISTS;
@@ -68,6 +70,10 @@ public class MdeUserServiceImpl implements MdeUserService {
     @Resource
     private SocialClientApi socialClientApi;
 
+    @Resource
+    @Lazy
+    private RedisTemplate<String,String> redisTemplate;
+
 
     @Override
     @DSTransactional // 单机+多数据源方案，使用 @DSTransactional 保证本地事务，以及数据源的切换
@@ -411,6 +417,7 @@ public class MdeUserServiceImpl implements MdeUserService {
         for (Long id : ids) {
             mdeUserMapper
                     .updateById(MdeUserDO.builder().id(id).status(MendunerStatusEnum.ENABLE.getStatus()).build());
+            redisTemplate.delete(String.format(MDE_AUTH_USER_PWD_LOCK, id));
         }
     }