clunt
/
RuoYi-Cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Pre Merge pull request !140 from dazer007/login_error_times

This commit is contained in:
dazer007 2022-02-13 13:10:15 +00:00 committed by Gitee
parent 0e13296752 7004713633
commit f9a8d979d6
3 changed files with 91 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java
View File

@ -1,5 +1,7 @@
package com.ruoyi.auth.service; package com.ruoyi.auth.service;
import com.ruoyi.common.core.constant.CacheConstants;
import com.ruoyi.common.redis.service.RedisService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import com.ruoyi.common.core.constant.Constants; import com.ruoyi.common.core.constant.Constants;
@ -18,6 +20,9 @@ import com.ruoyi.system.api.domain.SysLogininfor;
import com.ruoyi.system.api.domain.SysUser; import com.ruoyi.system.api.domain.SysUser;
import com.ruoyi.system.api.model.LoginUser; import com.ruoyi.system.api.model.LoginUser;
import java.util.Date;
import java.util.concurrent.TimeUnit;
/** /**
* 登录校验方法 * 登录校验方法
* *
@ -32,6 +37,9 @@ public class SysLoginService
@Autowired @Autowired
private RemoteUserService remoteUserService; private RemoteUserService remoteUserService;
@Autowired
private RedisService redisService;
/** /**
* 登录 * 登录
*/ */
@ -87,6 +95,7 @@ public class SysLoginService
recordLogininfor(username, Constants.LOGIN_FAIL, "用户密码错误"); recordLogininfor(username, Constants.LOGIN_FAIL, "用户密码错误");
throw new ServiceException("用户不存在/密码错误"); throw new ServiceException("用户不存在/密码错误");
} }
recordLogininfor(username, Constants.LOGIN_SUCCESS, "登录成功"); recordLogininfor(username, Constants.LOGIN_SUCCESS, "登录成功");
return userInfo; return userInfo;
} }
@ -155,5 +164,40 @@ public class SysLoginService
logininfor.setStatus("1"); logininfor.setStatus("1");
} }
remoteLogService.saveLogininfor(logininfor, SecurityConstants.INNER); remoteLogService.saveLogininfor(logininfor, SecurityConstants.INNER);
//记录错误次数 防止无限重试进行暴力破解
recordLoginErrorTimes(username, status);
}
/**
* @author dazer
* @date 2022-01-21
* 记录username错误次数超过指定次数 锁定xx分钟防止暴力破解
* @param username 登录用户名
* @param status {@link Constants#LOGIN_SUCCESS}
* {@link Constants#LOGIN_FAIL}
*/
private void recordLoginErrorTimes(String username, String status)
{
String loginErrorTimesKey = CacheConstants.REDIS_KEY_ERROR_TIMES + username;
Long redisKeyTimeout = 30L;
long maxErrorTimes = 5L;
if (Constants.LOGIN_SUCCESS.equals(status)) {
redisService.deleteObject(loginErrorTimesKey);
} else if (Constants.LOGIN_FAIL.equals(status)) {
Integer errorTimes = redisService.getCacheObject(loginErrorTimesKey);
if (errorTimes == null) {
errorTimes = 0;
}
// 登录错误进行累加错误次数
errorTimes++;
// 登录错误缓存30分钟
redisService.setCacheObject(loginErrorTimesKey, errorTimes, redisKeyTimeout, TimeUnit.MINUTES);
// 连续错误5次进行账号锁定
if (errorTimes >= maxErrorTimes) {
throw new ServiceException("用户名密码错误次数已达上限,账号已被锁定请" + redisKeyTimeout + "分钟后再试!");
}
}
} }
} }

5
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/CacheConstants.java
View File

@ -21,4 +21,9 @@ public class CacheConstants
* 权限缓存前缀 * 权限缓存前缀
*/ */
public final static String LOGIN_TOKEN_KEY = "login_tokens:"; public final static String LOGIN_TOKEN_KEY = "login_tokens:";
/**
* username登录错误次数的 redis key
*/
public final static String REDIS_KEY_ERROR_TIMES = "login:error:times:";
} }

12
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java
View File

@ -4,6 +4,9 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import javax.validation.Validator; import javax.validation.Validator;
import com.ruoyi.common.core.constant.CacheConstants;
import com.ruoyi.common.redis.service.RedisService;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -61,6 +64,9 @@ public class SysUserServiceImpl implements ISysUserService
@Autowired @Autowired
protected Validator validator; protected Validator validator;
@Autowired
private RedisService redisService;
/** /**
* 根据条件分页查询用户列表 * 根据条件分页查询用户列表
* *
@ -358,6 +364,9 @@ public class SysUserServiceImpl implements ISysUserService
@Override @Override
public int resetPwd(SysUser user) public int resetPwd(SysUser user)
{ {
// 重置密码的时候同步删除 登录错误次数 缓存
redisService.deleteObject(CacheConstants.REDIS_KEY_ERROR_TIMES + user.getUserName());
return userMapper.updateUser(user); return userMapper.updateUser(user);
} }
@ -371,6 +380,9 @@ public class SysUserServiceImpl implements ISysUserService
@Override @Override
public int resetUserPwd(String userName, String password) public int resetUserPwd(String userName, String password)
{ {
// 重置密码的时候同步删除 登录错误次数 缓存
redisService.deleteObject(CacheConstants.REDIS_KEY_ERROR_TIMES + userName);
return userMapper.resetUserPwd(userName, password); return userMapper.resetUserPwd(userName, password);
} }