登录密码加密解码报错处理

ant-design-vue-jeecg/src/store/mutation-types.js

@@ -13,6 +13,7 @@ export const USER_NAME = 'Login_Username'
 export const USER_INFO = 'Login_Userinfo'
 export const USER_AUTH = 'LOGIN_USER_BUTTON_AUTH'
 export const SYS_BUTTON_AUTH = 'SYS_BUTTON_AUTH'
+export const ENCRYPTED_STRING = 'ENCRYPTED_STRING'
 
 export const CONTENT_WIDTH_TYPE = {
   Fluid: 'Fluid',

ant-design-vue-jeecg/src/utils/encryption/aesEncrypt.js

@@ -1,4 +1,19 @@
+import { getAction } from '@/api/manage'
+import { ENCRYPTED_STRING } from "@/store/mutation-types"
+import Vue from 'vue'
 
+/**
+ * 获取加密字符串，并对结果进行缓存
+ */
+export function getEncryptedString() {
+  return getAction("/sys/getEncryptedString",{}).then((res)=>{
+    let encryptedString = {};
+    encryptedString.key = res.result.key;
+    encryptedString.iv = res.result.iv;
+    Vue.ls.set(ENCRYPTED_STRING, encryptedString, 7 * 24 * 60 * 60 * 1000);
+    return encryptedString;
+  });
+}
 
 /**
  * AES加密 ：字符串 key iv  返回base64

ant-design-vue-jeecg/src/views/user/Login.vue

@@ -171,12 +171,11 @@
   import { mapActions } from "vuex"
   import { timeFix } from "@/utils/util"
   import Vue from 'vue'
-  import { ACCESS_TOKEN } from "@/store/mutation-types"
+  import { ACCESS_TOKEN ,ENCRYPTED_STRING} from "@/store/mutation-types"
   import JGraphicCode from '@/components/jeecg/JGraphicCode'
   import { putAction } from '@/api/manage'
   import { postAction } from '@/api/manage'
-  import { getAction} from '@/api/manage'
-  import { encryption } from '@/utils/encryption/aesEncrypt'
+  import { encryption , getEncryptedString } from '@/utils/encryption/aesEncrypt'
 
   export default {
     components: {
@@ -192,6 +191,10 @@
         requiredTwoStepCaptcha: false,
         stepCaptchaVisible: false,
         form: this.$form.createForm(this),
+        encryptedString:{
+          key:"",
+          iv:"",
+        },
         state: {
           time: 60,
           smsSendBtn: false,
@@ -224,6 +227,7 @@
     created () {
       Vue.ls.remove(ACCESS_TOKEN)
       this.getRouterData();
+      this.getEncrypte();
       // update-begin- --- author:scott ------ date:20190225 ---- for:暂时注释，未实现登录验证码功能
 //      this.$http.get('/auth/2step-code')
 //        .then(res => {
@@ -256,23 +260,23 @@
         let loginParams = {
           remember_me: that.formLogin.rememberMe
         };
-
+        that.loginBtn = true;
         // 使用账户密码登陆
         if (that.customActiveKey === 'tab1') {
           that.form.validateFields([ 'username', 'password','inputCode' ], { force: true }, (err, values) => {
             if (!err) {
-              getAction("/sys/getEncryptedString",{}).then((res)=>{
-                loginParams.username = values.username
-                //loginParams.password = md5(values.password)
-                loginParams.password = encryption(values.password,res.result.key,res.result.iv)
-                that.Login(loginParams).then((res) => {
-                  this.departConfirm(res)
-                }).catch((err) => {
-                  that.requestFailed(err);
-                })
+              loginParams.username = values.username
+              //loginParams.password = md5(values.password)
+              loginParams.password = encryption(values.password,that.encryptedString.key,that.encryptedString.iv).replace(/\+/g,"%2B");
+              that.Login(loginParams).then((res) => {
+                this.departConfirm(res)
               }).catch((err) => {
                 that.requestFailed(err);
               });
+
+
+            }else {
+              that.loginBtn = false;
             }
           })
           // 使用手机号登陆
@@ -453,6 +457,17 @@
       });
     })
     },
+    //获取密码加密规则
+    getEncrypte(){
+      var encryptedString = Vue.ls.get(ENCRYPTED_STRING);
+      if(encryptedString == null){
+        getEncryptedString().then((data) => {
+          this.encryptedString = data
+        });
+      }else{
+        this.encryptedString = encryptedString;
+      }
+    },
     }
   }
 </script>

jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/config/RedisConfig.java

@@ -86,7 +86,7 @@ public class RedisConfig extends CachingConfigurerSupport {
 		RedisCacheWriter writer = RedisCacheWriter.lockingRedisCacheWriter(factory);
 		// 创建默认缓存配置对象
 		/* 默认配置，设置缓存有效期 1小时*/
-		RedisCacheConfiguration defaultCacheConfig = RedisCacheConfiguration.defaultCacheConfig().entryTtl(Duration.ofHours(1)).disableCachingNullValues();
+		RedisCacheConfiguration defaultCacheConfig = RedisCacheConfiguration.defaultCacheConfig().entryTtl(Duration.ofHours(1));
 		/* 配置test的超时时间为120s*/
 		RedisCacheManager cacheManager = RedisCacheManager.builder(RedisCacheWriter.lockingRedisCacheWriter(lettuceConnectionFactory)).cacheDefaults(defaultCacheConfig)
 				.withInitialCacheConfigurations(singletonMap("test", RedisCacheConfiguration.defaultCacheConfig().entryTtl(Duration.ofMinutes(120)).disableCachingNullValues()))

jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/LoginController.java

@@ -68,7 +68,7 @@ public class LoginController {
 		String username = sysLoginModel.getUsername();
 		String password = sysLoginModel.getPassword();
 		//步骤1：TODO 前端密码加密，后端进行密码解密，防止传输密码篡改等问题，不配就直接提示密码错误，并记录日志后期进行统计分析是否锁定
-		password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword()).trim();//密码解密
+		password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword().replaceAll("%2B", "\\+")).trim();//密码解密
 		//1. 校验用户是否有效
 		SysUser sysUser = sysUserService.getUserByName(username);
 		result = sysUserService.checkUserIsEffective(sysUser);
@@ -249,7 +249,7 @@ public class LoginController {
 
 		} catch (ClientException e) {
 			e.printStackTrace();
-			result.error500(" 短信接口异常，请联系管理员！");
+			result.error500(" 短信接口未配置，请联系管理员！");
 			return result;
 		}
 		return result;