|
|
@@ -70,6 +70,7 @@ public class UserController extends MyController {
|
|
|
String verifyCode = VerifyCode.randomVerifyCode();
|
|
|
|
|
|
// 4. 将验证码和发送时间戳存入 Session
|
|
|
+ setSessionAttr("verify_mobile_number", mobileNumber); // 是谁发的验证码
|
|
|
setSessionAttr("verify_code", verifyCode); // 验证码本身
|
|
|
setSessionAttr("last_send_verify_code_time", System.currentTimeMillis()); // 记录本次发送时间戳
|
|
|
|
|
|
@@ -104,7 +105,7 @@ public class UserController extends MyController {
|
|
|
}
|
|
|
|
|
|
// 3. 验证码校验
|
|
|
- MyRet verifyCodeRet = checkVerifyCode(userVerifyCode);
|
|
|
+ MyRet verifyCodeRet = checkVerifyCode(userVerifyCode, mobileNumber);
|
|
|
if (!verifyCodeRet.isOk()) {
|
|
|
renderJson(verifyCodeRet);
|
|
|
return;
|
|
|
@@ -132,6 +133,41 @@ public class UserController extends MyController {
|
|
|
// 5. 调用服务层进行用户保存
|
|
|
renderJson(service.saveUser(user));
|
|
|
}
|
|
|
+
|
|
|
+ @Before(LoginInterceptor.class)
|
|
|
+ @EmptyInterface({"pwd_md5", "repeat_pwd_md5", "verify_code"})
|
|
|
+ public void updatePwd() {
|
|
|
+ // --- 从 JSON 请求体中获取参数 ---
|
|
|
+ JSONObject requestBodyJson = MyController.getJsonModelByRequestAndType(getRequest(), JSONObject.class);
|
|
|
+ String pwdMd5 = requestBodyJson.getString("pwd_md5");
|
|
|
+ String repeatPwdMd5 = requestBodyJson.getString("repeat_pwd_md5");
|
|
|
+ String verifyCode = requestBodyJson.getString("verify_code");
|
|
|
+
|
|
|
+ // 获取当前已登录用户
|
|
|
+ User user = service.findUserByMobileNumber(getSessionAttr("mobile_number"));
|
|
|
+
|
|
|
+ // 2. 密码重复校验
|
|
|
+ if (!pwdMd5.equals(repeatPwdMd5)) {
|
|
|
+ renderJson(MyRet.fail("两次输入密码不一致"));
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
+ // 3. 验证码校验
|
|
|
+ MyRet verifyCodeRet = checkVerifyCode(verifyCode, getSessionAttr("mobile_number"));
|
|
|
+ if (!verifyCodeRet.isOk()) {
|
|
|
+ renderJson(verifyCodeRet);
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
+ user.set("pwd_md5_md5", HashKit.md5(pwdMd5));
|
|
|
+
|
|
|
+ // 直接调用修改并返回
|
|
|
+ if (user.update()) {
|
|
|
+ renderJson(MyRet.ok("密码修改成功"));
|
|
|
+ } else {
|
|
|
+ renderJson(MyRet.fail("密码修改失败"));
|
|
|
+ }
|
|
|
+ }
|
|
|
|
|
|
@EmptyInterface({"mobile_number"})
|
|
|
public void login() {
|
|
|
@@ -157,7 +193,7 @@ public class UserController extends MyController {
|
|
|
}
|
|
|
// 如果有验证码传入进行验证码校验
|
|
|
if (StrKit.notBlank(verifyCode)) {
|
|
|
- MyRet verifyCodeRet = checkVerifyCode(verifyCode);
|
|
|
+ MyRet verifyCodeRet = checkVerifyCode(verifyCode, mobileNumber);
|
|
|
if (!verifyCodeRet.isOk()) {
|
|
|
renderJson(verifyCodeRet);
|
|
|
return;
|
|
|
@@ -562,15 +598,21 @@ public class UserController extends MyController {
|
|
|
// String verifyCode = requestBodyJson.getString("verify_code");
|
|
|
// }
|
|
|
|
|
|
- private MyRet checkVerifyCode(String userVerifyCode) {
|
|
|
+ private MyRet checkVerifyCode(String userVerifyCode, String mobileNumber) {
|
|
|
// 3. 验证码校验
|
|
|
String storedVerifyCode = getSessionAttr("verify_code");
|
|
|
Long sendTime = getSessionAttr("last_send_verify_code_time");
|
|
|
+ String verifyMobileNumber = getSessionAttr("verify_mobile_number"); // 是谁发的验证码
|
|
|
|
|
|
if (StrKit.isBlank(storedVerifyCode) || sendTime == null) {
|
|
|
// Session中没有验证码或发送时间,可能从未发送过,或Session已失效/过期
|
|
|
return MyRet.fail("请先获取验证码或验证码已失效");
|
|
|
}
|
|
|
+
|
|
|
+ // 是不是该手机号发送的验证码
|
|
|
+ if (!verifyMobileNumber.equals(mobileNumber)) {
|
|
|
+ return MyRet.fail("手机号校验失败!");
|
|
|
+ }
|
|
|
|
|
|
// 校验有效期
|
|
|
long currentTime = System.currentTimeMillis();
|
|
|
@@ -584,8 +626,7 @@ public class UserController extends MyController {
|
|
|
|
|
|
// 校验用户输入的验证码是否与Session中存储的一致
|
|
|
if (!userVerifyCode.equals(storedVerifyCode)) {
|
|
|
- renderJson(MyRet.fail("验证码不正确"));
|
|
|
- return MyRet.fail("验证码已过期,请重新获取");
|
|
|
+ return MyRet.fail("验证码错误");
|
|
|
}
|
|
|
|
|
|
removeSessionAttr("verify_code");
|
