登陆漏洞修复和改造

登陆漏洞修复和改造

登陆漏洞修复和改造
886fb9d9 · realize1020 · d9745b92 · 886fb9d9 · 886fb9d9 · 886fb9d9
Commit 886fb9d9 authored Mar 27, 2024 by realize1020
4 changed files
--- a/OBE-BUSINESS/src/com/gx/obe/WebserviceConstants.java
+++ b/OBE-BUSINESS/src/com/gx/obe/WebserviceConstants.java
@@ -442,5 +442,10 @@ public class WebserviceConstants {
 		 */
 		public static final String GET_AI_RESULT_METHOD = "getAIResult.method";
 		
+		/**
+		 * 二次校验
+		 */
+		public static final String TWO_VIRIF = "userHS.do?checkEncryptionInfo";
+		

 }
--- a/OBE-BUSINESS/src/com/gx/obe/business/UserLogin.java
+++ b/OBE-BUSINESS/src/com/gx/obe/business/UserLogin.java
@@ -2,6 +2,8 @@ package com.gx.obe.business;

 import java.util.Map;

+import org.apache.commons.lang3.StringUtils;
+
 import com.gx.obe.components.core.Constants;
 import com.gx.obe.components.core.enumeration.CommonEnum;
 import com.gx.obe.components.core.enumeration.UserEnum;
@@ -93,6 +95,14 @@ public class UserLogin {
 			if(result.isStatus()) {
 				Constants.USER = user;
 				//修改本地用户密码
+ 				boolean updateResult = userService.updatePassword(userName, MD5Utils.getMD5String(password),result.getStrMessage().length()>4?result.getStrMessage():null);
+ 				if(updateResult) {
+ 					result.setStatus(true);
+ 					result.setStrMessage("已更新本地密码，登录成功");
+ 				}else {
+ 					result.setStrMessage("更新本地密码失败，登录失败");
+ 				}
+ 				
 				user.setUserPassword(MD5Utils.getMD5String(password));
 				Constants.USER = userService.loginRemote(user);
 				if(null == Constants.USER) {
@@ -100,7 +110,7 @@ public class UserLogin {
 					result.setStrMessage("远程登录异常！");
 				}
 			}else {
- 				return new BooleanResultDO(false,"用户名或密码错误");
+ 				return new BooleanResultDO(false,"用户名或密码错误");		
 			}
 			return result;
 		}else {
@@ -128,6 +138,10 @@ public class UserLogin {
 		}else {
 			result = new BooleanResultDO(false,(String) platformResult.getHeader().getMsg());	
 		}
+		
+		LoginUserDTO loginUserDTO = platformResult.getData();
+		String checkUserLogin = loginUserDTO.getCheckUserLogin();          
+		
 		if(result.isStatus()) {
 			// 用户保存到本地库
 			LoginUserDTO loginUser = platformResult.getData();
@@ -167,32 +181,30 @@ public class UserLogin {
 		if(null == platformResult) { 
 			return new BooleanResultDO(false,"登录异常");	
 		}
+		LoginUserDTO loginUserDTO = platformResult.getData();
+		String checkUserLogin = loginUserDTO.getCheckUserLogin();
+		if(StringUtils.isEmpty(checkUserLogin)) {
+			return new BooleanResultDO(false,"登录异常");
+		}
 		if(Constants.PLATFOR_STATUS_OK.equals((String) platformResult.getHeader().getRet())) {
-			LoginUserDTO loginUserDTO = platformResult.getData();
-			if(isRemote){
-				String checkUserLogin = loginUserDTO.getCheckUserLogin();
-				String result = platformUserService.verify(checkUserLogin);
-				if(null == result) {
-					return new BooleanResultDO(false,"登录异常");	
-				}
-				try {
-					String decrypt = DESUtils.decrypt(result, "utf-8");
-					Map<String,String> resultMap = JsonUtil.strToMap(decrypt);
-					if(resultMap.get("ret").equals(Constants.PLATFOR_STATUS_OK)) {
-						return new BooleanResultDO(true,"");
-					}
-					return new BooleanResultDO(false,(String) platformResult.getHeader().getMsg()); 
-				} catch (Exception e) {
-					// TODO Auto-generated catch block
-					return new BooleanResultDO(false,"登录异常");
-				}             
-//				Map<String, Object> resultMap = JSONHelperTwo.toHashMap(decrypt);
-//				resultMap.get("ret");
+			String result = platformUserService.verify(checkUserLogin);
+			if(null == result) {
+				return new BooleanResultDO(false,"登录异常");	
 			}
-			return new BooleanResultDO(false,"登录异常");
+			try {
+				String decrypt = DESUtils.decrypt(result, "utf-8");
+				Map<String,String> resultMap = JsonUtil.strToMap(decrypt);
+				if(resultMap.get("ret").equals(Constants.PLATFOR_STATUS_OK)) {
+					return new BooleanResultDO(true,checkUserLogin);
+				}
+				return new BooleanResultDO(false,(String) platformResult.getHeader().getMsg()); 
+			} catch (Exception e) {
+				// TODO Auto-generated catch block
+				return new BooleanResultDO(false,"登录异常");
+			}   
 			
 		}else {
-			return new BooleanResultDO(false,(String) platformResult.getHeader().getMsg());	
+			return new BooleanResultDO(false,checkUserLogin);	
 		}
 	}
 	

--- a/OBE-BUSINESS/src/com/gx/obe/web/platform/service/PlatformUserService.java
+++ b/OBE-BUSINESS/src/com/gx/obe/web/platform/service/PlatformUserService.java
@@ -59,7 +59,7 @@ public class PlatformUserService {
 	 */
 	public String verify(String checkUserLogin) {
 		// TODO Auto-generated method stub
-		String method = PropertiesUtils.getWebserviceProperty("userHS.do?checkEncryptionInfo", "userHS.do?checkEncryptionInfo");
+		String method = PropertiesUtils.getWebserviceProperty(WebserviceConstants.TWO_VIRIF, "userHS.do?checkEncryptionInfo");
 		String stPlatformUrl = Constants.getPlatformUrl(method);
 		Map<String, Object> param = new HashMap<String, Object>();
 		param.put("checkUserLogin", checkUserLogin);

--- a/OBE-BUSINESS/src/com/gx/obe/web/service/UserService.java
+++ b/OBE-BUSINESS/src/com/gx/obe/web/service/UserService.java
@@ -221,14 +221,12 @@ public class UserService {
 	 * @param USER_PASSWORD
 	 * @return 
 	 */
-	public boolean updatePassword(String USER_ACCOUNT, String USER_PASSWORD){
+	public boolean updatePassword(String USER_ACCOUNT, String USER_PASSWORD,String code){
 		//获取服务器地址
 		String strWebServerUrl = Constants.getServiceUrl( URL + "/updatePassword");
-		Map<String, Object> param = new HashMap<String, Object>();
-		param.put("userAccount", USER_ACCOUNT);
-		param.put("userPassword", USER_PASSWORD);
+		strWebServerUrl=strWebServerUrl+"?userAccount="+USER_ACCOUNT+"&userPassword="+USER_PASSWORD+"&code="+code;
 		try{
-			String result =NetworkRequest.get(strWebServerUrl, param);
+			String result =NetworkRequest.get(strWebServerUrl);
 			return ResultStatus.getReultStatusBoolean(result);
 		} catch (Exception e) {
 			logger.error(e.getMessage(), e);