Merge pull request #19 from LookBackInTheRain/dev

Dev

Author: LookBackInTheRain

gitattributes

@@ -0,0 +1,3 @@
+*.js linguist-language=java
+*.css linguist-language=java
+*.html linguist-language=java

src/doc/table.sql

@@ -7,6 +7,7 @@ create table user
   username  varchar(255),
   password  varchar(255),
   gender    varchar(10) ,
+  mobile    varchar(16),
   email     varchar(100),
   isEnable  bit,
   isExpired bit,
@@ -35,7 +36,7 @@ create table clients (
 );
 
 -- user 测试数据 密码123qwe
-INSERT INTO boot.user (id, username, password, gender, email, isEnable, isExpired, isLocked) VALUES ('67842834823', 'admin', '$2a$10$06S5v7Mo47e8Qyv65Ltz.uhcQwfhIcgYDKVPVzBlPj6UHWV2ErbzK', '女', '阿斯达@as.com', true, false, true);
+INSERT INTO boot.user (id, username,mobile, password, gender, email, isEnable, isExpired, isLocked) VALUES ('67842834823', 'admin','18785471131', '$2a$10$06S5v7Mo47e8Qyv65Ltz.uhcQwfhIcgYDKVPVzBlPj6UHWV2ErbzK', '女', '阿斯达@as.com', true, false, true);
 
 -- clients 测试数据 密码123qwe
 INSERT INTO boot.clients (id, clientId, resourceIds, isSecretRequired, clientSecret, isScoped, scope, authorizedGrantTypes, registeredRedirectUri, authorities, isAutoApprove, accessTokenValiditySeconds, refreshTokenValiditySeconds, createTime, modifyTime) VALUES ('JKGJHGJHFGH89867', 'client', 'boot-server', true, '$2a$10$06S5v7Mo47e8Qyv65Ltz.uhcQwfhIcgYDKVPVzBlPj6UHWV2ErbzK', true, 'select', 'refresh_token,authorization_code,password', 'http://localhost:9000', 'CLIENT,ADMIN', false, 1800, 36000, '2018-10-16 10:02:14', '2018-12-14 09:05:03');
@@ -58,4 +59,4 @@ create table oauth_refresh_token
   token_id VARCHAR(256),
   token longblob,
   authentication longblob
-);
+);

src/main/java/club/yuit/oauth/boot/BootApplication.java

@@ -1,15 +1,10 @@
 package club.yuit.oauth.boot;
 
-import club.yuit.oauth.boot.support.oauth2.BootClientDetailsService;
 import org.mybatis.spring.annotation.MapperScan;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.ConfigurableApplicationContext;
 
-import javax.annotation.Resource;
-
 /**
  * @author yuit
  */

src/main/java/club/yuit/oauth/boot/authentication/sms/SmsAuthenticationProvider.java

@@ -2,6 +2,7 @@
 
 import lombok.Getter;
 import lombok.Setter;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.core.Authentication;
@@ -17,22 +18,26 @@
 @Setter
 public class SmsAuthenticationProvider implements AuthenticationProvider {
 
-    private UserDetailsService service;
+    private UserDetailsService userDetailsService;
+
+
+    public SmsAuthenticationProvider() {
+    }
 
     @Override
     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 
         SmsCodeAuthenticationToken authenticationToken = (SmsCodeAuthenticationToken) authentication;
 
-        UserDetails user = this.service.loadUserByUsername((String) authenticationToken.getPrincipal());
+        UserDetails user = this.userDetailsService.loadUserByUsername((String) authenticationToken.getPrincipal());
 
         if (user == null) {
             throw new InternalAuthenticationServiceException("无法获取用户信息");
         }
 
         SmsCodeAuthenticationToken authenticationResult = new SmsCodeAuthenticationToken(user,user.getAuthorities());
 
-        authenticationResult.setDetails(authenticationToken.getCredentials());
+        authenticationResult.setDetails(authenticationToken.getDetails());
 
         return authenticationResult;
     }

src/main/java/club/yuit/oauth/boot/authentication/sms/SmsCodeAuthenticationFilter.java

@@ -1,5 +1,6 @@
 package club.yuit.oauth.boot.authentication.sms;
 
+import club.yuit.oauth.boot.support.BootSecurityProperties;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
@@ -15,27 +16,24 @@
  * @date 2018/10/19 15:33
  */
 public class SmsCodeAuthenticationFilter  extends AbstractAuthenticationProcessingFilter {
-    // ~ Static fields/initializers
-    // =====================================================================================
+
 
     public static final String BOOT_FORM_MOBILE_KEY = "mobile";
 
     private String mobileParameter = BOOT_FORM_MOBILE_KEY;
     private boolean postOnly = true;
 
-    // ~ Constructors
-    // ===================================================================================================
 
-    public SmsCodeAuthenticationFilter() {
-        super(new AntPathRequestMatcher("/authentication/mobile", "POST"));
+    public SmsCodeAuthenticationFilter(String path) {
+        super(new AntPathRequestMatcher(path, "POST"));
     }
 
     // ~ Methods
     // ========================================================================================================
     @Override
     public Authentication attemptAuthentication(HttpServletRequest request,
                                                 HttpServletResponse response) throws AuthenticationException {
-        if (postOnly && !request.getMethod().equals("POST")) {
+        if (postOnly && !request.getMethod().equalsIgnoreCase("POST")) {
             throw new AuthenticationServiceException(
                     "Authentication method not supported: " + request.getMethod());
         }

src/main/java/club/yuit/oauth/boot/authentication/sms/SmsCodeCheckFilter.java

@@ -4,11 +4,16 @@
 import club.yuit.oauth.boot.support.BootSecurityProperties;
 import lombok.Getter;
 import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
-import org.springframework.web.context.request.ServletWebRequest;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.util.AntPathMatcher;
+import org.springframework.util.PathMatcher;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import javax.servlet.FilterChain;
@@ -23,54 +28,68 @@
  */
 @Getter
 @Setter
+@Slf4j
 public class SmsCodeCheckFilter extends OncePerRequestFilter {
 
 
-    private AuthenticationFailureHandler authenticationFailureHandler;
-
-
+    private AuthenticationFailureHandler failureHandler;
     private BootSecurityProperties properties;
+    private StringRedisTemplate template;
+    private AuthenticationSuccessHandler successHandler;
+    private PathMatcher pathMatcher;
 
-    private boolean isDebug = false;
 
-    private Logger logger = LoggerFactory.getLogger(getClass());
 
-    public SmsCodeCheckFilter() {
-
-        if(properties.getLogging().getLevel().toUpperCase().equals("DEBUG")){
-            isDebug = true;
-        }
+    public SmsCodeCheckFilter(BootSecurityProperties properties) {
+        setProperties(properties);
+        this.pathMatcher = new AntPathMatcher();
 
     }
 
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
 
-        if(this.isDebug){
-            logger.debug("--------------> request method "+ request.getMethod());
-        }
-
-        if(StringUtils.equals("/authentication/mobile",request.getRequestURI())
+        if(this.pathMatcher.match("/authentication/mobile",request.getRequestURI())
                 && StringUtils.equalsAnyIgnoreCase(request.getMethod(),"post")){
-
             try {
-                check(new ServletWebRequest(request));
-
-            }catch (VerificationCodeFailureException ex){
-                authenticationFailureHandler.onAuthenticationFailure(request,response,ex);
+                check(request,response,filterChain);
+            }catch (Exception ex){
+                if (ex instanceof VerificationCodeFailureException){
+                    failureHandler.onAuthenticationFailure(request,response, (AuthenticationException) ex);
+                }
+                throw ex;
             }
 
-
         }else {
-
             filterChain.doFilter(request,response);
         }
     }
 
-    private void check(ServletWebRequest request) throws VerificationCodeFailureException{
+    private void check(HttpServletRequest request, HttpServletResponse response,FilterChain chain) throws VerificationCodeFailureException, IOException, ServletException {
+
+        String mobile = request.getParameter(properties.getSmsLogin().getMobileParameterName());
+        String code = request.getParameter(properties.getSmsLogin().getCodeParameterName());
+        if (mobile.trim().length()==0) {
+            throw new VerificationCodeFailureException("手机号不能为空");
+        }
+
+        if (!this.template.hasKey(mobile)) {
+            throw new VerificationCodeFailureException("验证码过期或手机号错误");
+        }
 
+       Long expireTime= this.template.getExpire(mobile);
 
+        if (expireTime<=0){
+            throw new VerificationCodeFailureException("验证码过期");
+        }
+
+        String redisCode = this.template.opsForValue().get(mobile);
+
+        if (!code.equals(redisCode)) {
+            throw new VerificationCodeFailureException("验证码错误");
+        }
 
+        chain.doFilter(request,response);
     }
 
 

src/main/java/club/yuit/oauth/boot/authentication/sms/SmsSecurityConfig.java

@@ -0,0 +1,63 @@
+package club.yuit.oauth.boot.authentication.sms;
+
+import club.yuit.oauth.boot.handler.BootLoginFailureHandler;
+import club.yuit.oauth.boot.support.BootSecurityProperties;
+import club.yuit.oauth.boot.support.BootSmsUserDetailService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.DefaultSecurityFilterChain;
+import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+/**
+ * @author yuit
+ * @date 2019/11/26 9:27
+ **/
+@Configuration
+public class SmsSecurityConfig extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
+
+    private SmsAuthenticationProvider authenticationProvider;
+    private SmsCodeAuthenticationFilter authenticationFilter;
+    private SmsCodeCheckFilter codeCheckFilter;
+
+
+    public SmsSecurityConfig(BootSmsUserDetailService userDetailsService,
+                             StringRedisTemplate redisTemplate,
+                             @Autowired(required = false)
+                                     BootLoginFailureHandler failureHandler,
+                             @Autowired(required = false)
+                                     AuthenticationSuccessHandler successHandler,
+                             BootSecurityProperties properties) {
+
+
+        this.authenticationFilter = new SmsCodeAuthenticationFilter(properties.getSmsLogin().getLoginProcessUrl());
+        this.authenticationFilter.setAuthenticationFailureHandler(failureHandler);
+        if (successHandler!=null) {
+            this.authenticationFilter.setAuthenticationSuccessHandler(successHandler);
+        }
+
+        this.authenticationProvider = new SmsAuthenticationProvider();
+        this.authenticationProvider.setUserDetailsService(userDetailsService);
+
+        this.codeCheckFilter = new SmsCodeCheckFilter(properties);
+        this.codeCheckFilter.setFailureHandler(failureHandler);
+        this.codeCheckFilter.setTemplate(redisTemplate);
+        this.codeCheckFilter.setSuccessHandler(successHandler);
+
+
+    }
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        this.authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
+        http.authenticationProvider(this.authenticationProvider)
+                .addFilterBefore(this.codeCheckFilter,UsernamePasswordAuthenticationFilter.class)
+                .addFilterAfter(this.authenticationFilter, UsernamePasswordAuthenticationFilter.class);
+    }
+
+
+}

src/main/java/club/yuit/oauth/boot/config/CoreConfig.java

@@ -1,8 +1,15 @@
 package club.yuit.oauth.boot.config;
 
+import club.yuit.oauth.boot.support.BootSecurityProperties;
+import club.yuit.oauth.boot.support.code.BootCodeService;
+import club.yuit.oauth.boot.support.code.RedisCodeService;
+import club.yuit.oauth.boot.support.code.SessionCodeService;
+import club.yuit.oauth.boot.support.properities.BootBaseLoginProperties;
+import club.yuit.oauth.boot.support.properities.CodeStoreType;
 import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
@@ -33,6 +40,8 @@
 @EnableSwagger2
 public class CoreConfig extends WebMvcConfigurationSupport {
 
+
+
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
         registry.addResourceHandler("/swagger-ui.html").addResourceLocations("classpath:/META-INF/resources/");
@@ -83,6 +92,16 @@ private ApiInfo apiInfo() {
     }
 
 
+    @Bean
+    public BootCodeService codeService(StringRedisTemplate template, BootSecurityProperties properties){
+        if (properties.getCodeStoreType() == CodeStoreType.redis) {
+            return  new RedisCodeService(template,properties.getCodeExpireTime());
+        }else {
+            return   new SessionCodeService();
+        }
+    }
+
+
 
 
 }