用户登陆失败次数过多时锁定账户30分钟

master
chendengyao 4 years ago
parent c67d9ee139
commit 90b030448b
  1. 33
      src/main/java/com/yipin/liuwanr/service/UserInfoService.java

@ -397,7 +397,15 @@ public class UserInfoService {
} }
//登陆获取学校/电子科大 //登陆获取学校/电子科大
public HashMap<String, Object> loginSchoolClient(String account,String password,Integer schoolId,Integer source){ public HashMap<String, Object> loginSchoolClient(String account,String password,Integer schoolId,Integer source){
ValueOperations<String, String> redis = stringRedisTemplate.opsForValue();
HashMap<String, Object> resp = new HashMap<String, Object>(); HashMap<String, Object> resp = new HashMap<String, Object>();
//用户登录失败次数
String userLoginNum = redis.get(account + "LoginNum");
if (userLoginNum != null && Integer.valueOf(userLoginNum) > 4) {
resp.put("retcode", 500);
resp.put("retvalue", "登录失败次数过多,账户已锁定!");
return resp;
}
HashMap<String, Object> obj = new HashMap<String, Object>(); HashMap<String, Object> obj = new HashMap<String, Object>();
UserInfo userInfo = new UserInfo(); UserInfo userInfo = new UserInfo();
userInfo.setPassword(MD5.encrypt(password)); userInfo.setPassword(MD5.encrypt(password));
@ -441,8 +449,9 @@ public class UserInfoService {
List<UserInfoReceiveVo> studentList = userInfoMapper.loginsGetStudentSchoolInfo(userId,schoolId); List<UserInfoReceiveVo> studentList = userInfoMapper.loginsGetStudentSchoolInfo(userId,schoolId);
obj.put("studentList",studentList); obj.put("studentList",studentList);
//登录成功删除redis登录失败次数
redis.getOperations().delete(account + "LoginNum");
//鉴权,登录后将信息存入redis //鉴权,登录后将信息存入redis
ValueOperations<String, String> redis = stringRedisTemplate.opsForValue();
String loginToken = UUID.randomUUID().toString(); String loginToken = UUID.randomUUID().toString();
redis.set(loginToken,user.getUserId().toString(),2, TimeUnit.HOURS); redis.set(loginToken,user.getUserId().toString(),2, TimeUnit.HOURS);
obj.put("loginToken",loginToken); obj.put("loginToken",loginToken);
@ -450,6 +459,11 @@ public class UserInfoService {
resp.put("retcode", 200); resp.put("retcode", 200);
resp.put("retvalue", obj); resp.put("retvalue", obj);
}else { }else {
//记录登录失败次数30分钟
int loginNum = 1;
if (userLoginNum != null) loginNum = loginNum + Integer.valueOf(userLoginNum);
redis.set(account+"LoginNum", String.valueOf(loginNum), 30,TimeUnit.MINUTES);
resp.put("retcode", 300); resp.put("retcode", 300);
resp.put("retvalue", "登录失败,密码有误!"); resp.put("retvalue", "登录失败,密码有误!");
} }
@ -506,7 +520,15 @@ public class UserInfoService {
//登陆 //登陆
public HashMap<String, Object> adminLogins(String account,String password,Integer source){ public HashMap<String, Object> adminLogins(String account,String password,Integer source){
ValueOperations<String, String> redis = stringRedisTemplate.opsForValue();
HashMap<String, Object> resp = new HashMap<String, Object>(); HashMap<String, Object> resp = new HashMap<String, Object>();
//用户登录失败次数
String userLoginNum = redis.get(account + "LoginNum");
if (userLoginNum != null && Integer.valueOf(userLoginNum) > 4) {
resp.put("retcode", 500);
resp.put("retvalue", "登录失败次数过多,账户已锁定!");
return resp;
}
UserInfo user = new UserInfo(); UserInfo user = new UserInfo();
user.setPassword(MD5.encrypt(password)); user.setPassword(MD5.encrypt(password));
try { try {
@ -535,6 +557,11 @@ public class UserInfoService {
} }
} }
if (user == null){ if (user == null){
//记录登录失败次数30分钟
int num = 1;
if (userLoginNum != null) num = num + Integer.valueOf(userLoginNum);
redis.set(account+"LoginNum", String.valueOf(num), 30,TimeUnit.MINUTES);
resp.put("retvalue","账号密码有误,请稍后再试!"); resp.put("retvalue","账号密码有误,请稍后再试!");
resp.put("retcode", 300); resp.put("retcode", 300);
}else{ }else{
@ -544,10 +571,10 @@ public class UserInfoService {
//登录成功,重新设置最后登录时间以及登录次数 //登录成功,重新设置最后登录时间以及登录次数
userInfoMapper.updateLogInNumber(user); userInfoMapper.updateLogInNumber(user);
String token = user.getToken(); String token = user.getToken();
ValueOperations<String, String> redis = stringRedisTemplate.opsForValue();
redis.set(token,lastLoginTime, 24, TimeUnit.HOURS); redis.set(token,lastLoginTime, 24, TimeUnit.HOURS);
user.setDataTime(lastLoginTime); user.setDataTime(lastLoginTime);
//登录成功删除redis登录失败次数
redis.getOperations().delete(account + "LoginNum");
//鉴权,登录后将信息存入redis //鉴权,登录后将信息存入redis
String loginToken = UUID.randomUUID().toString(); String loginToken = UUID.randomUUID().toString();
redis.set(loginToken,user.getUserId().toString(),2, TimeUnit.HOURS); redis.set(loginToken,user.getUserId().toString(),2, TimeUnit.HOURS);

Loading…
Cancel
Save