Index: ssts-datasync-default-impl/src/main/java/com/forgon/disinfectsystem/verification/SmsVerificationCodeManagerImpl.java =================================================================== diff -u --- ssts-datasync-default-impl/src/main/java/com/forgon/disinfectsystem/verification/SmsVerificationCodeManagerImpl.java (revision 0) +++ ssts-datasync-default-impl/src/main/java/com/forgon/disinfectsystem/verification/SmsVerificationCodeManagerImpl.java (revision 40909) @@ -0,0 +1,248 @@ +package com.forgon.disinfectsystem.verification; + +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.concurrent.TimeUnit; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; +import org.hibernate.Query; +import org.hibernate.Session; + +import com.forgon.databaseadapter.service.DateQueryAdapter; +import com.forgon.directory.service.SmsVerificationCodeManager; +import com.forgon.disinfectsystem.verification.dao.VerificationCodeDao; +import com.forgon.exception.SystemException; +import com.forgon.runwithtrans.model.RunWithTransNewTask; +import com.forgon.runwithtrans.service.RunWithTransNewManager; +import com.forgon.security.model.SmsVerificationCode; +import com.forgon.security.model.User; +import com.forgon.security.service.IpLoginLockRecordManager; +import com.forgon.tools.StrutsParamUtils; +import com.forgon.tools.date.DateTools; +import com.forgon.tools.hibernate.ObjectDao; +import com.forgon.tools.util.ConfigUtils; + +public class SmsVerificationCodeManagerImpl implements SmsVerificationCodeManager { + + public static final Logger logger = Logger.getLogger(SmsVerificationCodeManagerImpl.class); + + private VerificationCodeDao verificationCodeDao; + + private ObjectDao objectDao; + + private RunWithTransNewManager runWithTransNewManager; + + private DateQueryAdapter dateQueryAdapter; + + private IpLoginLockRecordManager ipLoginLockRecordManager; + + public void setVerificationCodeDao(VerificationCodeDao verificationCodeDao) { + this.verificationCodeDao = verificationCodeDao; + } + + public void setObjectDao(ObjectDao objectDao) { + this.objectDao = objectDao; + } + + public void setRunWithTransNewManager(RunWithTransNewManager runWithTransNewManager) { + this.runWithTransNewManager = runWithTransNewManager; + } + + public void setDateQueryAdapter(DateQueryAdapter dateQueryAdapter) { + this.dateQueryAdapter = dateQueryAdapter; + } + + public void setIpLoginLockRecordManager(IpLoginLockRecordManager ipLoginLockRecordManager) { + this.ipLoginLockRecordManager = ipLoginLockRecordManager; + } + + @SuppressWarnings("unchecked") + @Override + public void sendVerificationCodeSms(String loginName) { + Date nowDateTime = new Date(); + Session session = objectDao.getHibernateSession(); + Query query = session.createQuery(String.format("select po from %s po where name = :name", User.class.getSimpleName())); + query.setParameter("name", loginName); + List userList = query.list(); + if(CollectionUtils.isEmpty(userList)){ + throw new RuntimeException(String.format("用户【%s】不存在!", loginName)); + } + if(userList.size() > 1){ + throw new RuntimeException(String.format("存在多个用户名为【%s】的用户!", loginName)); + } + User loginUser = userList.get(0); + String smsMumber = loginUser.getSmsMumber(); + if(StringUtils.isBlank(smsMumber)){ + throw new SystemException("未绑定手机号码,请补充或联系管理员。"); + } + Pattern p = Pattern.compile("^(1)[0-9]{10}$"); + Matcher m = p.matcher(loginUser.getSmsMumber()); + if(!m.matches()){ + throw new SystemException("该用户绑定手机号无效,请联系管理员更改手机号!"); + } + //若同时启用了配置项“loginSecurirtyConfig”时,验证码输入后的验证失败次数也计算为登录失败的次数。 + loginSecurirtyConfig(loginUser, nowDateTime); + //查询最后发送的验证码,用于校验用户是否频繁发送短信;同一个用户每次点击发送获取验证码后,有一分钟的冷却时间; + SmsVerificationCode lastSmsVerificationCode = getLastSmsVerificationCode(loginName, smsMumber); + if(lastSmsVerificationCode != null){ + //同一个用户每次点击发送获取验证码后,有一分钟的冷却时间; + //验证码在验证成功后直接废弃,废弃时冷却时间需要同步重置; + if(lastSmsVerificationCode.getVerified() == SmsVerificationCode.STATUS_UNVERIFIED + && DateTools.getDateDiff(lastSmsVerificationCode.getCreateDateTime(), nowDateTime, TimeUnit.SECONDS) < SmsVerificationCode.SMS_SEND_RATE_LIMIT_MIN * 60){ + throw new RuntimeException(String.format("用户【%s】短信发送间隔过短,请稍后再试!", loginName)); + } + } + //限制每天每个用户最多发送的短信数量 + String dateAreaSql = dateQueryAdapter.dateAreaSql("createDateTime", DateTools.getFormatDateStr(DateTools.startOfDate(nowDateTime), DateTools.COMMON_DATE_HMS), DateTools.getFormatDateStr(nowDateTime, DateTools.COMMON_DATE_HMS)); + String userSmsCountSql = String.format("select count(1) from %s where userName = '%s' and %s", SmsVerificationCode.class.getSimpleName(), loginName, dateAreaSql); + if(objectDao.countBySql(userSmsCountSql) >= SmsVerificationCode.MAX_SMS_AMOUNT_USER_DAY){ + logger.info(String.format("用户【%s】%s发送短信达到上限%s条!", loginName, DateTools.getCurrentDayByFormat(DateTools.COMMON_DATE_ONLY), SmsVerificationCode.MAX_SMS_AMOUNT_USER_DAY)); + throw new SystemException("验证码获取达到上限,请联系管理员处理。"); + } + //限制系统每天发送的短信数量 + String totalSmsCountSql = String.format("select count(1) from %s where %s", SmsVerificationCode.class.getSimpleName(), dateAreaSql); + if(objectDao.countBySql(totalSmsCountSql) >= SmsVerificationCode.MAX_SMS_AMOUNT_PER_DAY){ + logger.info(String.format("系统%s发送短信达到上限%s条!", loginName, DateTools.getCurrentDayByFormat(DateTools.COMMON_DATE_ONLY), SmsVerificationCode.MAX_SMS_AMOUNT_PER_DAY)); + throw new SystemException("验证码发送数量今日达到上限,请联系管理员处理。"); + } + //生成随机验证码6位 + Integer num = (int)((Math.random()*9+1)*100000); + String verificationCode = num.toString(); + //verificationCode="0000"; + String messageContent = "【丁香软件】验证码:" + verificationCode + ",用于安全验证。验证码请勿泄露给他人,谨防账号被盗。"; + //调用第三方接口,发送验证码短信 + verificationCodeDao.sendVerificationCodeSms(smsMumber, messageContent); + //保存短信验证码 + SmsVerificationCode newSmsVerificationCode = new SmsVerificationCode(); + newSmsVerificationCode.setCreateDateTime(nowDateTime); + newSmsVerificationCode.setSmsNumber(smsMumber); + newSmsVerificationCode.setUserName(loginName); + newSmsVerificationCode.setVerificationCode(verificationCode); + objectDao.saveOrUpdate(newSmsVerificationCode); + } + + /** + * 若同时启用了配置项“loginSecurirtyConfig”时,验证码输入后的验证失败次数也计算为登录失败的次数。 + * @param loginUser 当前登录用户 + * @param nowDateTime 当前时间 + */ + private void loginSecurirtyConfig(User loginUser, Date nowDateTime) { + Date lockEndDate = loginUser.getLockEndDate(); + if(lockEndDate != null){ + //1.判断该用户的锁定截止时间是否晚于当时时间 + if(lockEndDate.after(nowDateTime)){ + throw new SystemException("当前用户被锁定,请联系管理员。"); + } + } + //判断IP是否被锁定 + try { + ipLoginLockRecordManager.isLockedIP(StrutsParamUtils.getRequest()); + } catch (Exception e) { + throw new SystemException("当前用户被锁定,请联系管理员。"); + } + } + + /** + * 获取已经发送成功的最新一条短信验证码 + * @param userName 用户名 + * @param smsMumber 手机号码 + * @return 短信验证码 + */ + @SuppressWarnings("unchecked") + private SmsVerificationCode getLastSmsVerificationCode(String userName, String smsNumber) { + String condition = " where userName = :userName and smsNumber = :smsNumber order by createDateTime desc"; + Map params = new HashMap(); + params.put("userName", userName); + params.put("smsNumber", smsNumber); + List smsVerificationCodeList = objectDao.getCollection(SmsVerificationCode.class.getSimpleName(), condition, params, 0, 1); + if(CollectionUtils.isNotEmpty(smsVerificationCodeList)){ + return smsVerificationCodeList.get(0); + } + return null; + } + + @SuppressWarnings("unchecked") + @Override + public void validateVerificationCode(String loginName, String smsVerificationCode) { + if(!StringUtils.equals("1", ConfigUtils.getSystemSetConfigByName("enableTwoFactorAuthentication"))){ + return; + } + String needBeStrongPwdWhenModifyPwd = ConfigUtils.getSystemSetConfigByName("needBeStrongPwdWhenModifyPwd"); + if(StringUtils.isBlank(needBeStrongPwdWhenModifyPwd)){ + return; + } + if(StringUtils.isBlank(loginName)){ + throw new SystemException("用户名不能为空!"); + } + if(StringUtils.isBlank(smsVerificationCode)){ + throw new SystemException("验证码不能为空!"); + } + Date nowDateTime = new Date(); + Session session = objectDao.getHibernateSession(); + Query query = session.createQuery(String.format("select po from %s po where name = :name", User.class.getSimpleName())); + query.setParameter("name", loginName); + List userList = query.list(); + if(CollectionUtils.isEmpty(userList)){ + throw new RuntimeException(String.format("用户【%s】不存在!", loginName)); + } + if(userList.size() > 1){ + throw new RuntimeException(String.format("存在多个用户名为【%s】的用户!", loginName)); + } + User loginUser = userList.get(0); + String smsMumber = loginUser.getSmsMumber(); + if(StringUtils.isBlank(smsMumber)){ + throw new SystemException("未绑定手机号码,请补充或联系管理员。"); + } + //若同时启用了配置项“loginSecurirtyConfig”时,验证码输入后的验证失败次数也计算为登录失败的次数。 + loginSecurirtyConfig(loginUser, nowDateTime); + //获取已经发送成功的最新一条短信验证码 + SmsVerificationCode lastSmsVerificationCode = getLastSmsVerificationCode(loginName, smsMumber); + if(lastSmsVerificationCode == null){ + throw new SystemException("验证码失效,请重新获取验证码。"); + } + //验证码在验证成功后直接废弃,需要重新获取验证码 + if(lastSmsVerificationCode.getVerified() == SmsVerificationCode.STATUS_VERIFIED){ + throw new SystemException("验证码失效,请重新获取验证码。"); + } + //同一个验证码有五分钟时效,超过五分钟后需要重新获取,需要重新获取验证码 + if(DateTools.getDateDiff(lastSmsVerificationCode.getCreateDateTime(), nowDateTime, TimeUnit.SECONDS) > SmsVerificationCode.SMS_VALIDITY_DURATION_MIN * 60){ + throw new SystemException("验证码失效,请重新获取验证码。"); + } + if(!StringUtils.equals(lastSmsVerificationCode.getVerificationCode(), smsVerificationCode)){ + //验证码校验失败 + Integer verifyFailTimes = lastSmsVerificationCode.getVerifyFailTimes(); + if(verifyFailTimes == null){ + verifyFailTimes = 0; + } + verifyFailTimes++; + lastSmsVerificationCode.setVerifyFailTimes(verifyFailTimes); + if(verifyFailTimes >= SmsVerificationCode.MAX_VERIFY_FAIL_TIMES){ + //多次验证失败,验证码失效,当成已经验证验证码处理 + lastSmsVerificationCode.setVerified(SmsVerificationCode.STATUS_VERIFIED); + } + runWithTransNewManager.runWith_TRANS_NEW(new RunWithTransNewTask() { + @Override + public void runTask() { + //验证码校验失败时,失败次数加一;达到最大失败次数时,验证码失效并要求用户重新获取 + objectDao.saveOrUpdate(lastSmsVerificationCode); + } + }); + if(verifyFailTimes >= SmsVerificationCode.MAX_VERIFY_FAIL_TIMES){ + throw new SystemException("验证码失效,请重新获取验证码。"); + }else{ + throw new SystemException("验证码错误,请重新输入。"); + } + }else{ + //验证成功后,验证码不能再用 + lastSmsVerificationCode.setVerified(SmsVerificationCode.STATUS_VERIFIED); + objectDao.saveOrUpdate(lastSmsVerificationCode); + } + } + +} Index: ssts-datasync-default-impl/src/main/java/com/forgon/disinfectsystem/verification/VerificationCodeManagerImpl.java =================================================================== diff -u -r40906 -r40909 --- ssts-datasync-default-impl/src/main/java/com/forgon/disinfectsystem/verification/VerificationCodeManagerImpl.java (.../VerificationCodeManagerImpl.java) (revision 40906) +++ ssts-datasync-default-impl/src/main/java/com/forgon/disinfectsystem/verification/VerificationCodeManagerImpl.java (.../VerificationCodeManagerImpl.java) (revision 40909) @@ -1,81 +1,36 @@ package com.forgon.disinfectsystem.verification; import java.util.Date; -import java.util.HashMap; import java.util.List; -import java.util.Map; import java.util.UUID; -import java.util.concurrent.TimeUnit; import java.util.regex.Matcher; import java.util.regex.Pattern; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; -import org.hibernate.Query; -import org.hibernate.Session; import net.sf.json.JSONObject; -import com.forgon.databaseadapter.service.DateQueryAdapter; import com.forgon.directory.mailremotemanager.service.RemoteManagerClient; -import com.forgon.directory.service.SmsVerificationCodeManager; import com.forgon.disinfectsystem.verification.dao.VerificationCodeDao; import com.forgon.disinfectsystem.verification.model.VerificationCode; import com.forgon.disinfectsystem.verification.service.VerificationCodeManager; import com.forgon.exception.SystemException; -import com.forgon.runwithtrans.model.RunWithTransNewTask; -import com.forgon.runwithtrans.service.RunWithTransNewManager; -import com.forgon.security.model.SmsVerificationCode; import com.forgon.security.model.User; -import com.forgon.security.service.IpLoginLockRecordManager; import com.forgon.security.service.UserManager; -import com.forgon.tools.StrutsParamUtils; -import com.forgon.tools.date.DateTools; -import com.forgon.tools.hibernate.ObjectDao; import com.forgon.tools.json.JSONUtil; -import com.forgon.tools.util.ConfigUtils; -public class VerificationCodeManagerImpl implements VerificationCodeManager, SmsVerificationCodeManager { +public class VerificationCodeManagerImpl implements VerificationCodeManager { public static final Logger logger = Logger.getLogger(VerificationCodeManagerImpl.class); private UserManager userManager; private VerificationCodeDao verificationCodeDaoMybatis; - private VerificationCodeDao verificationCodeDao; - private RemoteManagerClient remoteManagerClient; - private ObjectDao objectDao; - - private RunWithTransNewManager runWithTransNewManager; - - private DateQueryAdapter dateQueryAdapter; - - private IpLoginLockRecordManager ipLoginLockRecordManager; - - public void setIpLoginLockRecordManager(IpLoginLockRecordManager ipLoginLockRecordManager) { - this.ipLoginLockRecordManager = ipLoginLockRecordManager; - } - - public void setDateQueryAdapter(DateQueryAdapter dateQueryAdapter) { - this.dateQueryAdapter = dateQueryAdapter; - } - - public void setVerificationCodeDao(VerificationCodeDao verificationCodeDao) { - this.verificationCodeDao = verificationCodeDao; - } - - public void setRunWithTransNewManager(RunWithTransNewManager runWithTransNewManager) { - this.runWithTransNewManager = runWithTransNewManager; - } - - public void setObjectDao(ObjectDao objectDao) { - this.objectDao = objectDao; - } - public void setRemoteManagerClient(RemoteManagerClient remoteManagerClient) { this.remoteManagerClient = remoteManagerClient; } @@ -201,187 +156,4 @@ return messageContent.substring(startIndex + 1, endIndex); } - @SuppressWarnings("unchecked") - @Override - public void sendVerificationCodeSms(String loginName) { - Date nowDateTime = new Date(); - Session session = objectDao.getHibernateSession(); - Query query = session.createQuery(String.format("select po from %s po where name = :name", User.class.getSimpleName())); - query.setParameter("name", loginName); - List userList = query.list(); - if(CollectionUtils.isEmpty(userList)){ - throw new RuntimeException(String.format("用户【%s】不存在!", loginName)); - } - if(userList.size() > 1){ - throw new RuntimeException(String.format("存在多个用户名为【%s】的用户!", loginName)); - } - User loginUser = userList.get(0); - String smsMumber = loginUser.getSmsMumber(); - if(StringUtils.isBlank(smsMumber)){ - throw new SystemException("未绑定手机号码,请补充或联系管理员。"); - } - Pattern p = Pattern.compile("^(1)[0-9]{10}$"); - Matcher m = p.matcher(loginUser.getSmsMumber()); - if(!m.matches()){ - throw new SystemException("该用户绑定手机号无效,请联系管理员更改手机号!"); - } - //若同时启用了配置项“loginSecurirtyConfig”时,验证码输入后的验证失败次数也计算为登录失败的次数。 - loginSecurirtyConfig(loginUser, nowDateTime); - //查询最后发送的验证码,用于校验用户是否频繁发送短信;同一个用户每次点击发送获取验证码后,有一分钟的冷却时间; - SmsVerificationCode lastSmsVerificationCode = getLastSmsVerificationCode(loginName, smsMumber); - if(lastSmsVerificationCode != null){ - //同一个用户每次点击发送获取验证码后,有一分钟的冷却时间; - //验证码在验证成功后直接废弃,废弃时冷却时间需要同步重置; - if(lastSmsVerificationCode.getVerified() == SmsVerificationCode.STATUS_UNVERIFIED - && DateTools.getDateDiff(lastSmsVerificationCode.getCreateDateTime(), nowDateTime, TimeUnit.SECONDS) < SmsVerificationCode.SMS_SEND_RATE_LIMIT_MIN * 60){ - throw new RuntimeException(String.format("用户【%s】短信发送间隔过短,请稍后再试!", loginName)); - } - } - //限制每天每个用户最多发送的短信数量 - String dateAreaSql = dateQueryAdapter.dateAreaSql("createDateTime", DateTools.getFormatDateStr(DateTools.startOfDate(nowDateTime), DateTools.COMMON_DATE_HMS), DateTools.getFormatDateStr(nowDateTime, DateTools.COMMON_DATE_HMS)); - String userSmsCountSql = String.format("select count(1) from %s where userName = '%s' and %s", SmsVerificationCode.class.getSimpleName(), loginName, dateAreaSql); - if(objectDao.countBySql(userSmsCountSql) >= SmsVerificationCode.MAX_SMS_AMOUNT_USER_DAY){ - logger.info(String.format("用户【%s】%s发送短信达到上限%s条!", loginName, DateTools.getCurrentDayByFormat(DateTools.COMMON_DATE_ONLY), SmsVerificationCode.MAX_SMS_AMOUNT_USER_DAY)); - throw new SystemException("验证码获取达到上限,请联系管理员处理。"); - } - //限制系统每天发送的短信数量 - String totalSmsCountSql = String.format("select count(1) from %s where %s", SmsVerificationCode.class.getSimpleName(), dateAreaSql); - if(objectDao.countBySql(totalSmsCountSql) >= SmsVerificationCode.MAX_SMS_AMOUNT_PER_DAY){ - logger.info(String.format("系统%s发送短信达到上限%s条!", loginName, DateTools.getCurrentDayByFormat(DateTools.COMMON_DATE_ONLY), SmsVerificationCode.MAX_SMS_AMOUNT_PER_DAY)); - throw new SystemException("验证码获取达到上限,请联系管理员处理。"); - } - //生成随机验证码6位 - Integer num = (int)((Math.random()*9+1)*100000); - String verificationCode = num.toString(); - //verificationCode="0000"; - String messageContent = "【丁香软件】验证码:" + verificationCode + ",用于安全验证。验证码请勿泄露给他人,谨防账号被盗。"; - //调用第三方接口,发送验证码短信 - verificationCodeDao.sendVerificationCodeSms(smsMumber, messageContent); - //保存短信验证码 - SmsVerificationCode newSmsVerificationCode = new SmsVerificationCode(); - newSmsVerificationCode.setCreateDateTime(nowDateTime); - newSmsVerificationCode.setSmsNumber(smsMumber); - newSmsVerificationCode.setUserName(loginName); - newSmsVerificationCode.setVerificationCode(verificationCode); - objectDao.saveOrUpdate(newSmsVerificationCode); - } - - /** - * 若同时启用了配置项“loginSecurirtyConfig”时,验证码输入后的验证失败次数也计算为登录失败的次数。 - * @param loginUser 当前登录用户 - * @param nowDateTime 当前时间 - */ - private void loginSecurirtyConfig(User loginUser, Date nowDateTime) { - Date lockEndDate = loginUser.getLockEndDate(); - if(lockEndDate != null){ - //1.判断该用户的锁定截止时间是否晚于当时时间 - if(lockEndDate.after(nowDateTime)){ - throw new SystemException("当前用户被锁定,请联系管理员。"); - } - } - //判断IP是否被锁定 - try { - ipLoginLockRecordManager.isLockedIP(StrutsParamUtils.getRequest()); - } catch (Exception e) { - throw new SystemException("当前用户被锁定,请联系管理员。"); - } - } - - /** - * 获取已经发送成功的最新一条短信验证码 - * @param userName 用户名 - * @param smsMumber 手机号码 - * @return 短信验证码 - */ - @SuppressWarnings("unchecked") - private SmsVerificationCode getLastSmsVerificationCode(String userName, String smsNumber) { - String condition = " where userName = :userName and smsNumber = :smsNumber order by createDateTime desc"; - Map params = new HashMap(); - params.put("userName", userName); - params.put("smsNumber", smsNumber); - List smsVerificationCodeList = objectDao.getCollection(SmsVerificationCode.class.getSimpleName(), condition, params, 0, 1); - if(CollectionUtils.isNotEmpty(smsVerificationCodeList)){ - return smsVerificationCodeList.get(0); - } - return null; - } - - @SuppressWarnings("unchecked") - @Override - public void validateVerificationCode(String loginName, String smsVerificationCode) { - if(!StringUtils.equals("1", ConfigUtils.getSystemSetConfigByName("enableTwoFactorAuthentication"))){ - return; - } - String needBeStrongPwdWhenModifyPwd = ConfigUtils.getSystemSetConfigByName("needBeStrongPwdWhenModifyPwd"); - if(StringUtils.isBlank(needBeStrongPwdWhenModifyPwd)){ - return; - } - if(StringUtils.isBlank(loginName)){ - throw new SystemException("用户名不能为空!"); - } - if(StringUtils.isBlank(smsVerificationCode)){ - throw new SystemException("验证码不能为空!"); - } - Date nowDateTime = new Date(); - Session session = objectDao.getHibernateSession(); - Query query = session.createQuery(String.format("select po from %s po where name = :name", User.class.getSimpleName())); - query.setParameter("name", loginName); - List userList = query.list(); - if(CollectionUtils.isEmpty(userList)){ - throw new RuntimeException(String.format("用户【%s】不存在!", loginName)); - } - if(userList.size() > 1){ - throw new RuntimeException(String.format("存在多个用户名为【%s】的用户!", loginName)); - } - User loginUser = userList.get(0); - String smsMumber = loginUser.getSmsMumber(); - if(StringUtils.isBlank(smsMumber)){ - throw new SystemException("未绑定手机号码,请补充或联系管理员。"); - } - //若同时启用了配置项“loginSecurirtyConfig”时,验证码输入后的验证失败次数也计算为登录失败的次数。 - loginSecurirtyConfig(loginUser, nowDateTime); - //获取已经发送成功的最新一条短信验证码 - SmsVerificationCode lastSmsVerificationCode = getLastSmsVerificationCode(loginName, smsMumber); - if(lastSmsVerificationCode == null){ - throw new SystemException("验证码失效,请重新获取验证码。"); - } - //验证码在验证成功后直接废弃,需要重新获取验证码 - if(lastSmsVerificationCode.getVerified() == SmsVerificationCode.STATUS_VERIFIED){ - throw new SystemException("验证码失效,请重新获取验证码。"); - } - //同一个验证码有五分钟时效,超过五分钟后需要重新获取,需要重新获取验证码 - if(DateTools.getDateDiff(lastSmsVerificationCode.getCreateDateTime(), nowDateTime, TimeUnit.SECONDS) > SmsVerificationCode.SMS_VALIDITY_DURATION_MIN * 60){ - throw new SystemException("验证码失效,请重新获取验证码。"); - } - if(!StringUtils.equals(lastSmsVerificationCode.getVerificationCode(), smsVerificationCode)){ - //验证码校验失败 - Integer verifyFailTimes = lastSmsVerificationCode.getVerifyFailTimes(); - if(verifyFailTimes == null){ - verifyFailTimes = 0; - } - verifyFailTimes++; - lastSmsVerificationCode.setVerifyFailTimes(verifyFailTimes); - if(verifyFailTimes >= SmsVerificationCode.MAX_VERIFY_FAIL_TIMES){ - //多次验证失败,验证码失效,当成已经验证验证码处理 - lastSmsVerificationCode.setVerified(SmsVerificationCode.STATUS_VERIFIED); - } - runWithTransNewManager.runWith_TRANS_NEW(new RunWithTransNewTask() { - @Override - public void runTask() { - //验证码校验失败时,失败次数加一;达到最大失败次数时,验证码失效并要求用户重新获取 - objectDao.saveOrUpdate(lastSmsVerificationCode); - } - }); - if(verifyFailTimes >= SmsVerificationCode.MAX_VERIFY_FAIL_TIMES){ - throw new SystemException("验证码失效,请重新获取验证码。"); - }else{ - throw new SystemException("验证码错误,请重新输入。"); - } - }else{ - //验证成功后,验证码不能再用 - lastSmsVerificationCode.setVerified(SmsVerificationCode.STATUS_VERIFIED); - objectDao.saveOrUpdate(lastSmsVerificationCode); - } - } - } Index: ssts-web/src/main/webapp/disinfectsystem/config/zsyy/spring/his.xml =================================================================== diff -u -r40894 -r40909 --- ssts-web/src/main/webapp/disinfectsystem/config/zsyy/spring/his.xml (.../his.xml) (revision 40894) +++ ssts-web/src/main/webapp/disinfectsystem/config/zsyy/spring/his.xml (.../his.xml) (revision 40909) @@ -199,7 +199,7 @@ + class="com.forgon.disinfectsystem.verification.SmsVerificationCodeManagerImpl"> \ No newline at end of file