登陆漏洞修复和改造

登陆漏洞修复和改造

登陆漏洞修复和改造
886fb9d9 · realize1020 · d9745b92 · 886fb9d9 · 886fb9d9 · 886fb9d9
Commit 886fb9d9 authored Mar 27, 2024 by realize1020
4 changed files
--- a/OBE-BUSINESS/src/com/gx/obe/WebserviceConstants.java
+++ b/OBE-BUSINESS/src/com/gx/obe/WebserviceConstants.java
@@ -442,5 +442,10 @@ public class WebserviceConstants {
 		 */
 		public static final String GET_AI_RESULT_METHOD = "getAIResult.method";
+		/**
+		 * 二次校验
+		 */
+		public static final String TWO_VIRIF = "userHS.do?checkEncryptionInfo";
 }
--- a/OBE-BUSINESS/src/com/gx/obe/business/UserLogin.java
+++ b/OBE-BUSINESS/src/com/gx/obe/business/UserLogin.java
@@ -2,6 +2,8 @@ package com.gx.obe.business;
 import java.util.Map;
+import org.apache.commons.lang3.StringUtils;
 import com.gx.obe.components.core.Constants;
 import com.gx.obe.components.core.enumeration.CommonEnum;
 import com.gx.obe.components.core.enumeration.UserEnum;
@@ -93,6 +95,14 @@ public class UserLogin {
 			if(result.isStatus()) {
 				Constants.USER = user;
 				//修改本地用户密码
+ 				boolean updateResult = userService.updatePassword(userName, MD5Utils.getMD5String(password),result.getStrMessage().length()>4?result.getStrMessage():null);
+ 				if(updateResult) {
+ 					result.setStatus(true);
+ 					result.setStrMessage("已更新本地密码，登录成功");
+ 				}else {
+ 					result.setStrMessage("更新本地密码失败，登录失败");
+ 				}
 				user.setUserPassword(MD5Utils.getMD5String(password));
 				Constants.USER = userService.loginRemote(user);
 				if(null == Constants.USER) {
@@ -128,6 +138,10 @@ public class UserLogin {
 		}else {
 			result = new BooleanResultDO(false,(String) platformResult.getHeader().getMsg());	
 		}
+		LoginUserDTO loginUserDTO = platformResult.getData();
+		String checkUserLogin = loginUserDTO.getCheckUserLogin();          
 		if(result.isStatus()) {
 			// 用户保存到本地库
 			LoginUserDTO loginUser = platformResult.getData();
@@ -167,10 +181,12 @@ public class UserLogin {
 		if(null == platformResult) { 
 			return new BooleanResultDO(false,"登录异常");	
 		}
-		if(Constants.PLATFOR_STATUS_OK.equals((String) platformResult.getHeader().getRet())) {
 		LoginUserDTO loginUserDTO = platformResult.getData();
-			if(isRemote){
 		String checkUserLogin = loginUserDTO.getCheckUserLogin();
+		if(StringUtils.isEmpty(checkUserLogin)) {
+			return new BooleanResultDO(false,"登录异常");
+		}
+		if(Constants.PLATFOR_STATUS_OK.equals((String) platformResult.getHeader().getRet())) {
 			String result = platformUserService.verify(checkUserLogin);
 			if(null == result) {
 				return new BooleanResultDO(false,"登录异常");	
@@ -179,20 +195,16 @@ public class UserLogin {
 				String decrypt = DESUtils.decrypt(result, "utf-8");
 				Map<String,String> resultMap = JsonUtil.strToMap(decrypt);
 				if(resultMap.get("ret").equals(Constants.PLATFOR_STATUS_OK)) {
-						return new BooleanResultDO(true,"");
+					return new BooleanResultDO(true,checkUserLogin);
 				}
 				return new BooleanResultDO(false,(String) platformResult.getHeader().getMsg()); 
 			} catch (Exception e) {
 				// TODO Auto-generated catch block
 				return new BooleanResultDO(false,"登录异常");
 			}   
-//				Map<String, Object> resultMap = JSONHelperTwo.toHashMap(decrypt);
-//				resultMap.get("ret");
-			}
-			return new BooleanResultDO(false,"登录异常");
 		}else {
-			return new BooleanResultDO(false,(String) platformResult.getHeader().getMsg());	
+			return new BooleanResultDO(false,checkUserLogin);	
 		}
 	}

--- a/OBE-BUSINESS/src/com/gx/obe/web/platform/service/PlatformUserService.java
+++ b/OBE-BUSINESS/src/com/gx/obe/web/platform/service/PlatformUserService.java
@@ -59,7 +59,7 @@ public class PlatformUserService {
 	 */
 	public String verify(String checkUserLogin) {
 		// TODO Auto-generated method stub
-		String method = PropertiesUtils.getWebserviceProperty("userHS.do?checkEncryptionInfo", "userHS.do?checkEncryptionInfo");
+		String method = PropertiesUtils.getWebserviceProperty(WebserviceConstants.TWO_VIRIF, "userHS.do?checkEncryptionInfo");
 		String stPlatformUrl = Constants.getPlatformUrl(method);
 		Map<String, Object> param = new HashMap<String, Object>();
 		param.put("checkUserLogin", checkUserLogin);

--- a/OBE-BUSINESS/src/com/gx/obe/web/service/UserService.java
+++ b/OBE-BUSINESS/src/com/gx/obe/web/service/UserService.java
@@ -221,14 +221,12 @@ public class UserService {
 	 * @param USER_PASSWORD
 	 * @return 
 	 */
-	public boolean updatePassword(String USER_ACCOUNT, String USER_PASSWORD){
+	public boolean updatePassword(String USER_ACCOUNT, String USER_PASSWORD,String code){
 		//获取服务器地址
 		String strWebServerUrl = Constants.getServiceUrl( URL + "/updatePassword");
-		Map<String, Object> param = new HashMap<String, Object>();
+		strWebServerUrl=strWebServerUrl+"?userAccount="+USER_ACCOUNT+"&userPassword="+USER_PASSWORD+"&code="+code;
-		param.put("userAccount", USER_ACCOUNT);
-		param.put("userPassword", USER_PASSWORD);
 		try{
-			String result =NetworkRequest.get(strWebServerUrl, param);
+			String result =NetworkRequest.get(strWebServerUrl);
 			return ResultStatus.getReultStatusBoolean(result);
 		} catch (Exception e) {
 			logger.error(e.getMessage(), e);