Tenlion/wg-basic
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加登录表单的refer验证

Browse Source
This commit is contained in:
WenG 2022-04-01 23:59:50 +08:00
parent 8c8b8b8037
commit 8726fb38ce
7 changed files with 63 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
login-base/src/main/java/ink/wgink/login/base/authentication/BaseAuthenticationProcessingFilter.java
View File

@ -1,6 +1,7 @@
package ink.wgink.login.base.authentication; package ink.wgink.login.base.authentication;
import ink.wgink.interfaces.consts.ISystemConstant; import ink.wgink.interfaces.consts.ISystemConstant;
import ink.wgink.login.base.consts.IUserCenterConst;
import ink.wgink.login.base.exceptions.UserAuthenticationException; import ink.wgink.login.base.exceptions.UserAuthenticationException;
import ink.wgink.login.base.manager.ConfigManager; import ink.wgink.login.base.manager.ConfigManager;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
@ -65,4 +66,24 @@ public abstract class BaseAuthenticationProcessingFilter extends AbstractAuthent
throw new UserAuthenticationException("登录方法必须是POST"); throw new UserAuthenticationException("登录方法必须是POST");
} }
} }
protected void checkReferToken(HttpServletRequest request) {
Object referToken = request.getSession().getAttribute(IUserCenterConst.REFER_TOKEN);
if(referToken == null) {
throw new UserAuthenticationException("refer参数为空请重新刷新页面");
}
String sessionReferToken = referToken.toString();
if(StringUtils.isBlank(sessionReferToken)) {
throw new UserAuthenticationException("refer参数为空请重新刷新页面");
}
String pageReferToken = request.getParameter(IUserCenterConst.REFER_TOKEN);
if(StringUtils.isBlank(pageReferToken)) {
throw new UserAuthenticationException("请求头中缺少refer参数");
}
if(!StringUtils.equals(sessionReferToken, pageReferToken)) {
throw new UserAuthenticationException("refer不匹配");
}
// 校验成功删除session中的refer
request.getSession().removeAttribute(IUserCenterConst.REFER_TOKEN);
}
} }

1
login-base/src/main/java/ink/wgink/login/base/authentication/user/UserAuthenticationFilter.java
View File

@ -32,6 +32,7 @@ public class UserAuthenticationFilter extends BaseAuthenticationProcessingFilter
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
checkVerificationCode(request); checkVerificationCode(request);
checkPostMethod(request); checkPostMethod(request);
checkReferToken(request);
String username = request.getParameter(KEY_USERNAME); String username = request.getParameter(KEY_USERNAME);
String password = request.getParameter(KEY_PASSWORD); String password = request.getParameter(KEY_PASSWORD);

5
login-base/src/main/java/ink/wgink/login/base/consts/IUserCenterConst.java
View File

@ -103,4 +103,9 @@ public interface IUserCenterConst {
*/ */
String CUSTOM_LOGIN_FORM = "customLoginForm"; String CUSTOM_LOGIN_FORM = "customLoginForm";
/**
* refer验证token
*/
String REFER_TOKEN = "referToken";
} }

7
login-base/src/main/java/ink/wgink/login/base/service/impl/OAuthServiceImpl.java
View File

@ -6,6 +6,7 @@ import ink.wgink.login.base.manager.ConfigManager;
import ink.wgink.login.base.service.IOAuthService; import ink.wgink.login.base.service.IOAuthService;
import ink.wgink.properties.BaseProperties; import ink.wgink.properties.BaseProperties;
import ink.wgink.properties.ServerProperties; import ink.wgink.properties.ServerProperties;
import ink.wgink.util.UUIDUtil;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
@ -30,8 +31,14 @@ public class OAuthServiceImpl implements IOAuthService {
@Override @Override
public Map<String, String> getPageParams(HttpServletRequest request) { public Map<String, String> getPageParams(HttpServletRequest request) {
// session中设置refer验证token
String referHeaderToken = UUIDUtil.getUUID();
request.getSession().setAttribute(IUserCenterConst.REFER_TOKEN, referHeaderToken);
Map<String, String> config = ConfigManager.getInstance().getConfig(); Map<String, String> config = ConfigManager.getInstance().getConfig();
Map<String, String> pageParams = new HashMap<>(16); Map<String, String> pageParams = new HashMap<>(16);
pageParams.put(IUserCenterConst.REFER_TOKEN, referHeaderToken);
Object errorMessage = request.getSession().getAttribute(IUserCenterConst.ERROR_MESSAGE); Object errorMessage = request.getSession().getAttribute(IUserCenterConst.ERROR_MESSAGE);
Object loginUsername = request.getSession().getAttribute(IUserCenterConst.LOGIN_USERNAME); Object loginUsername = request.getSession().getAttribute(IUserCenterConst.LOGIN_USERNAME);
pageParams.put(IUserCenterConst.ERROR_MESSAGE, errorMessage == null ? null : errorMessage.toString()); pageParams.put(IUserCenterConst.ERROR_MESSAGE, errorMessage == null ? null : errorMessage.toString());

4
login-base/src/main/resources/templates/login.html
View File

@ -50,6 +50,7 @@
</div> </div>
<div id="loginFormBox" class="layadmin-user-login-box layadmin-user-login-body layui-form"> <div id="loginFormBox" class="layadmin-user-login-box layadmin-user-login-body layui-form">
<form id="loginForm" :action="pageParams.loginFormAction" method="post" @submit.prevent="submitForm"> <form id="loginForm" :action="pageParams.loginFormAction" method="post" @submit.prevent="submitForm">
<input type="hidden" name="referToken" v-model="formData.referToken"/>
<div class="layui-form-item"> <div class="layui-form-item">
<label class="layadmin-user-login-icon layui-icon layui-icon-username" for="username"></label> <label class="layadmin-user-login-icon layui-icon layui-icon-username" for="username"></label>
<input type="text" v-model="formData.username" id="username" name="username" lay-verify="username" placeholder="用户名" class="layui-input"> <input type="text" v-model="formData.username" id="username" name="username" lay-verify="username" placeholder="用户名" class="layui-input">
@ -103,6 +104,7 @@
var cookie = layui.cookie; var cookie = layui.cookie;
var md5 = layui.md5; var md5 = layui.md5;
var base64 = layui.base64; var base64 = layui.base64;
var restAjax = layui.restajax;
var pageParams = [[${pageParams}]]; var pageParams = [[${pageParams}]];
new Vue({ new Vue({
@ -110,6 +112,7 @@
data: { data: {
pageParams: pageParams, pageParams: pageParams,
formData: { formData: {
referToken: pageParams.referToken,
verificationCode: '', verificationCode: '',
username: pageParams.loginUsername, username: pageParams.loginUsername,
password: '', password: '',
@ -202,7 +205,6 @@
form.on('checkbox(rememberFilter)', function(data) { form.on('checkbox(rememberFilter)', function(data) {
self.formData.remember = data.elem.checked; self.formData.remember = data.elem.checked;
}); });
$('#')
// 保单验证 // 保单验证
form.verify({ form.verify({
username: function(value, item) { username: function(value, item) {

22
login-base/src/main/resources/templates/login/form/save.html
View File

@ -122,10 +122,11 @@
</div> </div>
<blockquote class="layui-elem-quote"> <blockquote class="layui-elem-quote">
<ul> <ul>
<li>1. form表单代码表单的HTML代码。</li> <li>1. form表单的ID为<b>loginForm</b></li>
<li>2. form表单样式表单的CSS代码。</li> <li>2. form表单代码表单的HTML代码。</li>
<li>3. dom节点的条件判断使用vue判断根据<b>pageParams</b>中的属性动态判断dom元素的展示方式。</li> <li>3. form表单样式表单的CSS代码。</li>
<li>4. pageParams 属性说明:</li> <li>4. dom节点的条件判断使用vue判断根据<b>pageParams</b>中的属性动态判断dom元素的展示方式。</li>
<li>5. pageParams 属性说明:</li>
<li> <li>
<table class="layui-table"> <table class="layui-table">
<colgroup> <colgroup>
@ -232,9 +233,9 @@
</tbody> </tbody>
</table> </table>
</li> </li>
<li>5. 表单提交method为<b>POST</b></li> <li>6. 表单提交method为<b>POST</b></li>
<li>6. form表单上添加<b>@submit.prevent="submitForm"</b>用于控制表单提交</li> <li>7. form表单上添加<b>@submit.prevent="submitForm"</b>用于控制表单提交</li>
<li>7. 表单具体内容如下表所示</li> <li>8. 表单具体内容如下表所示</li>
<li> <li>
<table class="layui-table"> <table class="layui-table">
<colgroup> <colgroup>
@ -285,10 +286,13 @@
</tbody> </tbody>
</table> </table>
</li> </li>
<li>8. 图形验证码的地址为:<b>oauth/verification-code/png</b></li> <li>9. 图形验证码的地址为:<b>oauth/verification-code/png</b></li>
<li>9. 提交按钮固定写法 <li>10. 提交按钮固定写法
<xmp><button type="submit" lay-submit>登 录</button></xmp> <xmp><button type="submit" lay-submit>登 录</button></xmp>
</li> </li>
<li>11. 表单中必须添加隐藏验证参数,否则将无法登录系统
<xmp><input type="hidden" name="referToken" v-model="formData.referToken"/></xmp>
</li>
</ul> </ul>
</blockquote> </blockquote>
<div class="layui-row layui-col-space15"> <div class="layui-row layui-col-space15">

22
login-base/src/main/resources/templates/login/form/update.html
View File

@ -122,10 +122,11 @@
</div> </div>
<blockquote class="layui-elem-quote"> <blockquote class="layui-elem-quote">
<ul> <ul>
<li>1. form表单代码表单的HTML代码。</li> <li>1. form表单的ID为<b>loginForm</b></li>
<li>2. form表单样式表单的CSS代码。</li> <li>2. form表单代码表单的HTML代码。</li>
<li>3. dom节点的条件判断使用vue判断根据<b>pageParams</b>中的属性动态判断dom元素的展示方式。</li> <li>3. form表单样式表单的CSS代码。</li>
<li>4. pageParams 属性说明:</li> <li>4. dom节点的条件判断使用vue判断根据<b>pageParams</b>中的属性动态判断dom元素的展示方式。</li>
<li>5. pageParams 属性说明:</li>
<li> <li>
<table class="layui-table"> <table class="layui-table">
<colgroup> <colgroup>
@ -232,9 +233,9 @@
</tbody> </tbody>
</table> </table>
</li> </li>
<li>5. 表单提交method为<b>POST</b></li> <li>6. 表单提交method为<b>POST</b></li>
<li>6. form表单上添加<b>@submit.prevent="submitForm"</b>用于控制表单提交</li> <li>7. form表单上添加<b>@submit.prevent="submitForm"</b>用于控制表单提交</li>
<li>7. 表单具体内容如下表所示</li> <li>8. 表单具体内容如下表所示</li>
<li> <li>
<table class="layui-table"> <table class="layui-table">
<colgroup> <colgroup>
@ -285,10 +286,13 @@
</tbody> </tbody>
</table> </table>
</li> </li>
<li>8. 图形验证码的地址为:<b>oauth/verification-code/png</b></li> <li>9. 图形验证码的地址为:<b>oauth/verification-code/png</b></li>
<li>9. 提交按钮固定写法 <li>10. 提交按钮固定写法
<xmp><button type="submit" lay-submit>登 录</button></xmp> <xmp><button type="submit" lay-submit>登 录</button></xmp>
</li> </li>
<li>11. 表单中必须添加隐藏验证参数,否则将无法登录系统
<xmp><input type="hidden" name="referToken" v-model="formData.referToken"/></xmp>
</li>
</ul> </ul>
</blockquote> </blockquote>
<div class="layui-row layui-col-space15"> <div class="layui-row layui-col-space15">