!134 优化登录、注册校验方式

Merge pull request !134 from KonBAI/fix_auth_valid

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java

@@ -51,7 +51,7 @@ public class SysLoginController {
      */
     @ApiOperation("登录方法")
     @PostMapping("/login")
-    public AjaxResult<Map<String, Object>> login(@RequestBody LoginBody loginBody) {
+    public AjaxResult<Map<String, Object>> login(@Validated @RequestBody LoginBody loginBody) {
         Map<String, Object> ajax = new HashMap<>();
         // 生成令牌
         String token = loginService.login(loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(),

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRegisterController.java

@@ -3,7 +3,6 @@ package com.ruoyi.web.controller.system;
 import com.ruoyi.common.core.controller.BaseController;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.domain.model.RegisterBody;
-import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.system.service.ISysConfigService;
 import com.ruoyi.system.service.SysRegisterService;
 import io.swagger.annotations.Api;
@@ -30,11 +29,11 @@ public class SysRegisterController extends BaseController {
 
     @ApiOperation("用户注册")
     @PostMapping("/register")
-    public AjaxResult<Void> register(@RequestBody RegisterBody user) {
+    public AjaxResult<Void> register(@Validated @RequestBody RegisterBody user) {
         if (!("true".equals(configService.selectConfigByKey("sys.account.registerUser")))) {
             return error("当前系统没有开启注册功能！");
         }
-        String msg = registerService.register(user);
-        return StringUtils.isEmpty(msg) ? success() : error(msg);
+        registerService.register(user);
+        return success();
     }
 }

ruoyi-admin/src/main/resources/i18n/messages.properties

@@ -1,5 +1,6 @@
 #错误消息
 not.null=* 必须填写
+user.jcaptcha.blank=验证码不能为空
 user.jcaptcha.error=验证码错误
 user.jcaptcha.expire=验证码已失效
 user.not.exists=对不起, 您的账号：{0} 不存在.
@@ -11,12 +12,18 @@ user.blocked=对不起，您的账号：{0} 已禁用，请联系管理员
 role.blocked=角色已封禁，请联系管理员
 user.logout.success=退出成功
 length.not.valid=长度必须在{min}到{max}个字符之间
+user.username.not.blank=用户名不能为空
 user.username.not.valid=* 2到20个汉字、字母、数字或下划线组成，且必须以非数字开头
+user.username.length.valid=账户长度必须在{min}到{max}个字符之间
+user.password.not.blank=用户密码不能为空
+user.password.length.valid=用户密码长度必须在{min}到{max}个字符之间
 user.password.not.valid=* 5-50个字符
 user.email.not.valid=邮箱格式错误
 user.mobile.phone.number.not.valid=手机号格式错误
 user.login.success=登录成功
 user.register.success=注册成功
+user.register.save.error=保存用户 {0} 失败，注册账号已存在
+user.register.error=注册失败，请联系系统管理人员
 user.notfound=请重新登录
 user.forcelogout=管理员强制退出，请重新登录
 user.unknown.error=未知错误，请重新登录

ruoyi-admin/src/main/resources/i18n/messages_en_US.properties

@@ -11,12 +11,18 @@ user.blocked=Sorry, your account: {0} has been disabled. Please contact the admi
 role.blocked=Role disabled，please contact administrators
 user.logout.success=Exit successful
 length.not.valid=The length must be between {min} and {max} characters
+user.username.not.blank=Username cannot be blank
 user.username.not.valid=* 2 to 20 chinese characters, letters, numbers or underscores, and must start with a non number
+user.username.length.valid=Account length must be between {min} and {max} characters
+user.password.not.blank=Password cannot be empty
+user.password.length.valid=Password length must be between {min} and {max} characters
 user.password.not.valid=* 5-50 characters
 user.email.not.valid=Mailbox format error
 user.mobile.phone.number.not.valid=Phone number format error
 user.login.success=Login successful
 user.register.success=Register successful
+user.register.save.error=Failed to save user {0}, The registered account already exists
+user.register.error=Register failed, please contact system administrator
 user.notfound=Please login again
 user.forcelogout=The administrator is forced to exit，please login again
 user.unknown.error=Unknown error, please login again

ruoyi-admin/src/main/resources/i18n/messages_zh_CN.properties

@@ -11,12 +11,18 @@ user.blocked=对不起，您的账号：{0} 已禁用，请联系管理员
 role.blocked=角色已封禁，请联系管理员
 user.logout.success=退出成功
 length.not.valid=长度必须在{min}到{max}个字符之间
+user.username.not.blank=用户名不能为空
 user.username.not.valid=* 2到20个汉字、字母、数字或下划线组成，且必须以非数字开头
+user.username.length.valid=账户长度必须在{min}到{max}个字符之间
+user.password.not.blank=用户密码不能为空
+user.password.length.valid=用户密码长度必须在{min}到{max}个字符之间
 user.password.not.valid=* 5-50个字符
 user.email.not.valid=邮箱格式错误
 user.mobile.phone.number.not.valid=手机号格式错误
 user.login.success=登录成功
 user.register.success=注册成功
+user.register.save.error=保存用户 {0} 失败，注册账号已存在
+user.register.error=注册失败，请联系系统管理人员
 user.notfound=请重新登录
 user.forcelogout=管理员强制退出，请重新登录
 user.unknown.error=未知错误，请重新登录

ruoyi-common/src/main/java/com/ruoyi/common/core/domain/model/LoginBody.java

@@ -1,43 +1,52 @@
-package com.ruoyi.common.core.domain.model;
-
-import io.swagger.annotations.ApiModel;
-import io.swagger.annotations.ApiModelProperty;
-import lombok.Data;
-import lombok.experimental.Accessors;
-
-/**
- * 用户登录对象
- *
- * @author Lion Li
- */
-
-@Data
-@Accessors(chain = true)
-@ApiModel("用户登录对象")
-public class LoginBody {
-
-    /**
-     * 用户名
-     */
-    @ApiModelProperty(value = "用户名")
-    private String username;
-
-    /**
-     * 用户密码
-     */
-    @ApiModelProperty(value = "用户密码")
-    private String password;
-
-    /**
-     * 验证码
-     */
-    @ApiModelProperty(value = "验证码")
-    private String code;
-
-    /**
-     * 唯一标识
-     */
-    @ApiModelProperty(value = "唯一标识")
-    private String uuid = "";
-
-}
+package com.ruoyi.common.core.domain.model;
+
+import com.ruoyi.common.constant.UserConstants;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.experimental.Accessors;
+import org.hibernate.validator.constraints.Length;
+
+import javax.validation.constraints.NotBlank;
+
+/**
+ * 用户登录对象
+ *
+ * @author Lion Li
+ */
+
+@Data
+@Accessors(chain = true)
+@ApiModel("用户登录对象")
+public class LoginBody {
+
+    /**
+     * 用户名
+     */
+    @NotBlank(message = "{user.username.not.blank}")
+    @Length(min = UserConstants.USERNAME_MIN_LENGTH, max = UserConstants.USERNAME_MAX_LENGTH, message = "{user.username.length.valid}")
+    @ApiModelProperty(value = "用户名")
+    private String username;
+
+    /**
+     * 用户密码
+     */
+    @NotBlank(message = "{user.password.not.blank}")
+    @Length(min = UserConstants.PASSWORD_MIN_LENGTH, max = UserConstants.PASSWORD_MAX_LENGTH, message = "{user.password.length.valid}")
+    @ApiModelProperty(value = "用户密码")
+    private String password;
+
+    /**
+     * 验证码
+     */
+    @NotBlank(message = "{user.jcaptcha.blank}")
+    @ApiModelProperty(value = "验证码")
+    private String code;
+
+    /**
+     * 唯一标识
+     */
+    @ApiModelProperty(value = "唯一标识")
+    private String uuid = "";
+
+}

ruoyi-system/src/main/java/com/ruoyi/system/service/SysRegisterService.java

@@ -8,14 +8,16 @@ import com.ruoyi.common.core.service.LogininforService;
 import com.ruoyi.common.enums.UserType;
 import com.ruoyi.common.exception.user.CaptchaException;
 import com.ruoyi.common.exception.user.CaptchaExpireException;
+import com.ruoyi.common.exception.user.UserException;
 import com.ruoyi.common.utils.MessageUtils;
 import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.ServletUtils;
-import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.common.utils.redis.RedisUtils;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
+import javax.servlet.http.HttpServletRequest;
+
 /**
  * 注册校验方法
  *
@@ -32,8 +34,8 @@ public class SysRegisterService {
     /**
      * 注册
      */
-    public String register(RegisterBody registerBody) {
-        String msg = "";
+    public void register(RegisterBody registerBody) {
+        HttpServletRequest request = ServletUtils.getRequest();
         String username = registerBody.getUsername();
         String password = registerBody.getPassword();
         // 校验用户类型是否存在
@@ -42,36 +44,22 @@ public class SysRegisterService {
         boolean captchaOnOff = configService.selectCaptchaOnOff();
         // 验证码开关
         if (captchaOnOff) {
-            validateCaptcha(username, registerBody.getCode(), registerBody.getUuid());
+            validateCaptcha(username, registerBody.getCode(), registerBody.getUuid(), request);
         }
 
-        if (StringUtils.isEmpty(username)) {
-            msg = "用户名不能为空";
-        } else if (StringUtils.isEmpty(password)) {
-            msg = "用户密码不能为空";
-        } else if (username.length() < UserConstants.USERNAME_MIN_LENGTH
-            || username.length() > UserConstants.USERNAME_MAX_LENGTH) {
-            msg = "账户长度必须在2到20个字符之间";
-        } else if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
-            || password.length() > UserConstants.PASSWORD_MAX_LENGTH) {
-            msg = "密码长度必须在5到20个字符之间";
-        } else if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(username))) {
-            msg = "保存用户'" + username + "'失败，注册账号已存在";
-        } else {
-            SysUser sysUser = new SysUser();
-            sysUser.setUserName(username);
-            sysUser.setNickName(username);
-            sysUser.setPassword(SecurityUtils.encryptPassword(registerBody.getPassword()));
-            sysUser.setUserType(userType);
-            boolean regFlag = userService.registerUser(sysUser);
-            if (!regFlag) {
-                msg = "注册失败,请联系系统管理人员";
-            } else {
-                asyncService.recordLogininfor(username, Constants.REGISTER,
-                    MessageUtils.message("user.register.success"), ServletUtils.getRequest());
-            }
+        if (UserConstants.NOT_UNIQUE.equals(userService.checkUserNameUnique(username))) {
+            throw new UserException("user.register.save.error", username);
+        }
+        SysUser sysUser = new SysUser();
+        sysUser.setUserName(username);
+        sysUser.setNickName(username);
+        sysUser.setPassword(SecurityUtils.encryptPassword(password));
+        sysUser.setUserType(userType);
+        boolean regFlag = userService.registerUser(sysUser);
+        if (!regFlag) {
+            throw new UserException("user.register.error");
         }
-        return msg;
+        asyncService.recordLogininfor(username, Constants.REGISTER, MessageUtils.message("user.register.success"), request);
     }
 
     /**
@@ -82,14 +70,16 @@ public class SysRegisterService {
      * @param uuid     唯一标识
      * @return 结果
      */
-    public void validateCaptcha(String username, String code, String uuid) {
+    public void validateCaptcha(String username, String code, String uuid, HttpServletRequest request) {
         String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid;
         String captcha = RedisUtils.getCacheObject(verifyKey);
         RedisUtils.deleteObject(verifyKey);
         if (captcha == null) {
+            asyncService.recordLogininfor(username, Constants.REGISTER, MessageUtils.message("user.jcaptcha.expire"), request);
             throw new CaptchaExpireException();
         }
         if (!code.equalsIgnoreCase(captcha)) {
+            asyncService.recordLogininfor(username, Constants.REGISTER, MessageUtils.message("user.jcaptcha.error"), request);
             throw new CaptchaException();
         }
     }