Merge remote-tracking branch 'origin/master'

mec-auth/mec-auth-api/src/main/java/com/ym/mec/auth/api/entity/LoginEntity.java

@@ -10,6 +10,8 @@ public class LoginEntity {
     private Boolean isRegister;
 
     private String phone;
+    
+    private String deviceNum;
 
     public Boolean getIsRegister() {
 		return isRegister;
@@ -50,4 +52,12 @@ public class LoginEntity {
     public void setPhone(String phone) {
         this.phone = phone;
     }
+
+	public String getDeviceNum() {
+		return deviceNum;
+	}
+
+	public void setDeviceNum(String deviceNum) {
+		this.deviceNum = deviceNum;
+	}
 }

mec-auth/mec-auth-api/src/main/java/com/ym/mec/auth/api/entity/SysUserDevice.java

@@ -0,0 +1,70 @@
+package com.ym.mec.auth.api.entity;
+
+import org.apache.commons.lang3.builder.ToStringBuilder;
+
+/**
+ * 对应数据库表(sys_user_device):
+ */
+public class SysUserDevice {
+
+	/**  */
+	private Integer id;
+	
+	/** 用户编号 */
+	private Integer userId;
+	
+	/** 设备号 */
+	private String deviceNum;
+	
+	/** 绑定时间 */
+	private java.util.Date bindTime;
+	
+	/** 设备类型 */
+	private String deviceType;
+	
+	public void setId(Integer id){
+		this.id = id;
+	}
+	
+	public Integer getId(){
+		return this.id;
+	}
+			
+	public void setUserId(Integer userId){
+		this.userId = userId;
+	}
+	
+	public Integer getUserId(){
+		return this.userId;
+	}
+			
+	public void setDeviceNum(String deviceNum){
+		this.deviceNum = deviceNum;
+	}
+	
+	public String getDeviceNum(){
+		return this.deviceNum;
+	}
+			
+	public void setBindTime(java.util.Date bindTime){
+		this.bindTime = bindTime;
+	}
+	
+	public java.util.Date getBindTime(){
+		return this.bindTime;
+	}
+			
+	public void setDeviceType(String deviceType){
+		this.deviceType = deviceType;
+	}
+	
+	public String getDeviceType(){
+		return this.deviceType;
+	}
+			
+	@Override
+	public String toString() {
+		return ToStringBuilder.reflectionToString(this);
+	}
+
+}

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/WebSecurityConfig.java

@@ -1,13 +1,5 @@
 package com.ym.mec.auth.config;
 
-import com.ym.mec.auth.core.filter.PhoneLoginAuthenticationFilter;
-import com.ym.mec.auth.core.filter.UsernameAuthenticationFilter;
-import com.ym.mec.auth.core.handler.BaseAuthenticationFailureEvenHandler;
-import com.ym.mec.auth.core.handler.BaseAuthenticationSuccessEventHandler;
-import com.ym.mec.auth.core.provider.PhoneAuthenticationProvider;
-import com.ym.mec.auth.core.provider.service.DefaultUserDetailsService;
-import com.ym.mec.auth.service.SysUserService;
-import com.ym.mec.common.service.IdGeneratorService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -23,6 +15,16 @@ import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
+import com.ym.mec.auth.core.filter.PhoneLoginAuthenticationFilter;
+import com.ym.mec.auth.core.filter.UsernameAuthenticationFilter;
+import com.ym.mec.auth.core.handler.BaseAuthenticationFailureEvenHandler;
+import com.ym.mec.auth.core.handler.BaseAuthenticationSuccessEventHandler;
+import com.ym.mec.auth.core.provider.PhoneAuthenticationProvider;
+import com.ym.mec.auth.core.provider.service.DefaultUserDetailsService;
+import com.ym.mec.auth.service.SysUserDeviceService;
+import com.ym.mec.auth.service.SysUserService;
+import com.ym.mec.common.service.IdGeneratorService;
+
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)//会拦截注解了@PreAuthrize注解的配置.
@@ -43,6 +45,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Autowired
 	private SysUserService sysUserService;
 	
+	@Autowired
+	private SysUserDeviceService sysUserDeviceService;
+	
 	@Override
 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 		auth.authenticationProvider(daoAuthenticationProvider());
@@ -102,6 +107,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         provider.setUserDetailsService(defaultUserDetailsService);
         provider.setSmsCodeService(smsCodeService);
         provider.setSysUserService(sysUserService);
+        provider.setSysUserDeviceService(sysUserDeviceService);
 		// 禁止隐藏用户未找到异常
 		provider.setHideUserNotFoundExceptions(false);
 		
@@ -115,6 +121,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 		filter.setAuthenticationSuccessHandler(successEventHandler);
 		filter.setAuthenticationFailureHandler(failureEvenHandler);
 		filter.setSysUserService(sysUserService);
+		filter.setSysUserDeviceService(sysUserDeviceService);
 		return filter;
 	}
 

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/PhoneLoginAuthenticationFilter.java

@@ -25,6 +25,8 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 	private static final String SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY = "smsCode";
 	private static final String clientIdParameter = "clientId";
 	private static final String IS_LESSEE = "isLessee";
+	
+	private static final String DEVICE_NUM = "deviceNum";
 
 	private static final String SPRING_SECURITY_RESTFUL_LOGIN_URL = "/smsLogin";
 	private boolean postOnly = true;
@@ -53,6 +55,8 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 		if ("EDUCATION".equals(clientId)) {
 			clientId = "SYSTEM";
 		}
+		
+		String deviceNum = request.getParameter(DEVICE_NUM);
 
 		principal = principal.trim();
 
@@ -61,6 +65,7 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 		loginEntity.setPhone(principal);
 		loginEntity.setSmsCode(credentials);
 		loginEntity.setIsRegister(isRegister);
+		loginEntity.setDeviceNum(deviceNum);
 
 		authRequest = new PhoneAuthenticationToken(SecurityConstants.PHONE_PRINCIPAL_PREFIX + principal, loginEntity);
 

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/UsernameAuthenticationFilter.java

@@ -7,7 +7,9 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.LockedException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -18,12 +20,15 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.util.Assert;
 
 import com.ym.mec.auth.api.dto.SysUserInfo;
+import com.ym.mec.auth.service.SysUserDeviceService;
 import com.ym.mec.auth.service.SysUserService;
 import com.ym.mec.common.security.SecurityConstants;
 
 public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
 	private SysUserService sysUserService;
+	
+	private SysUserDeviceService sysUserDeviceService;
 
 	// ~ Static fields/initializers
 	// =====================================================================================
@@ -31,6 +36,7 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 	private String usernameParameter = "username";
 	private String passwordParameter = "password";
 	private String clientIdParameter = "clientId";
+	private String deviceNumParameter = "deviceNum";
 	private boolean postOnly = true;
 
 	// ~ Constructors
@@ -78,6 +84,16 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 		if (!userInfo.getSysUser().getUserType().contains(clientId)) {
 			throw new LockedException("用户不存在,请联系教务老师");
 		}
+		
+		String deviceNum = request.getParameter(deviceNumParameter);
+		if (StringUtils.isNotBlank(deviceNum) && !StringUtils.equals("STUDENT", clientId)) {
+			// 检查设备
+			try {
+				sysUserDeviceService.bindDevice(userInfo.getSysUser().getId(), deviceNum);
+			} catch (Exception e) {
+				throw new BadCredentialsException("当前设备已绑定账号，请更换设备");
+			}
+		}
 
 		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(SecurityConstants.USERNAME_PRINCIPAL_PREFIX + username,
 				password);
@@ -186,4 +202,8 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 		this.sysUserService = sysUserService;
 	}
 
+	public void setSysUserDeviceService(SysUserDeviceService sysUserDeviceService) {
+		this.sysUserDeviceService = sysUserDeviceService;
+	}
+
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/PhoneAuthenticationProvider.java

@@ -1,6 +1,7 @@
 package com.ym.mec.auth.core.provider;
 
 import java.util.Date;
+import java.util.List;
 
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -16,9 +17,11 @@ import org.springframework.transaction.annotation.Transactional;
 import com.ym.mec.auth.api.dto.SysUserInfo;
 import com.ym.mec.auth.api.entity.LoginEntity;
 import com.ym.mec.auth.api.entity.SysUser;
+import com.ym.mec.auth.api.entity.SysUserDevice;
 import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
+import com.ym.mec.auth.service.SysUserDeviceService;
 import com.ym.mec.auth.service.SysUserService;
-import com.ym.mec.common.security.SecurityConstants;
+import com.ym.mec.common.exception.BizException;
 import com.ym.mec.common.service.IdGeneratorService;
 
 public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider {
@@ -28,7 +31,9 @@ public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider
 	private IdGeneratorService smsCodeService;
 
 	private SysUserService sysUserService;
-
+	
+	private SysUserDeviceService sysUserDeviceService;
+	
 	@Override
 	protected void additionalAuthenticationChecks(UserDetails userDetails, Authentication authentication) throws AuthenticationException {
 
@@ -48,7 +53,7 @@ public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider
 
 		String smsCode = loginEntity.getSmsCode();
 		
-		String phone = StringUtils.substringAfter(username, SecurityConstants.PHONE_PRINCIPAL_PREFIX);
+		String phone = loginEntity.getPhone();
 
 		// 验证码验证
 		boolean b = smsCodeService.verifyValidCode(phone, smsCode);
@@ -59,26 +64,53 @@ public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider
 		String clientId = loginEntity.getClientId();
 
 		Boolean isRegister = loginEntity.getIsRegister();
+		
+		String deviceNum = loginEntity.getDeviceNum();
 
-		SysUserInfo userInfo = sysUserService.queryUserInfoByPhone(loginEntity.getPhone());
+		SysUserInfo userInfo = sysUserService.queryUserInfoByPhone(phone);
 
 		if (userInfo == null) {
 			if (isRegister == false || StringUtils.equals("SYSTEM", clientId)) {
 				throw new LockedException("用户不存在");
 			}
-			sysUserService.initUser(loginEntity.getPhone(), clientId);
+			if (StringUtils.isNotBlank(deviceNum) && !StringUtils.equals("STUDENT", clientId)) {
+				// 检查设备
+				List<SysUserDevice> sysUserDeviceList = sysUserDeviceService.queryByDeviceNum(deviceNum);
+
+				if (sysUserDeviceList != null && sysUserDeviceList.size() > 0) {
+					throw new BadCredentialsException("当前设备已绑定账号，请更换设备");
+				}
+
+				userInfo = sysUserService.initUser(loginEntity.getPhone(), clientId);
+
+				SysUserDevice sysUserDevice = new SysUserDevice();
+				sysUserDevice.setUserId(userInfo.getSysUser().getId());
+				sysUserDevice.setDeviceNum(deviceNum);
+				sysUserDevice.setBindTime(new Date());
+				sysUserDeviceService.insert(sysUserDevice);
+			} else {
+				userInfo = sysUserService.initUser(loginEntity.getPhone(), clientId);
+			}
 		} else {
+			SysUser user = userInfo.getSysUser();
+			if (user == null) {
+				throw new LockedException("用户不存在");
+			}
+			if (StringUtils.isNotBlank(deviceNum) && !StringUtils.equals("STUDENT", clientId)) {
+				// 检查设备
+				try {
+					sysUserDeviceService.bindDevice(user.getId(), deviceNum);
+				} catch (Exception e) {
+					throw new BadCredentialsException("当前设备已绑定账号，请更换设备");
+				}
+			}
 			if (!userInfo.getSysUser().getUserType().contains(clientId)) {
 				if (isRegister == false || StringUtils.equals("SYSTEM", clientId)) {
 					throw new LockedException("用户不存在");
 				} else {
-					SysUser user = sysUserService.queryByPhone(phone);
-					if(user == null){
-						throw new LockedException("用户不存在");
-					}
-					user.setUserType(user.getUserType()+","+clientId);
+					user.setUserType(user.getUserType() + "," + clientId);
 					user.setUpdateTime(new Date());
-					
+
 					// 添加userType以及附加信息
 					if (StringUtils.equals("STUDENT", clientId)) {
 						user.setOrganId(sysUserService.getLesseeOrganId());
@@ -130,4 +162,8 @@ public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider
 	public void setSmsCodeService(IdGeneratorService smsCodeService) {
 		this.smsCodeService = smsCodeService;
 	}
+
+	public void setSysUserDeviceService(SysUserDeviceService sysUserDeviceService) {
+		this.sysUserDeviceService = sysUserDeviceService;
+	}
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/dal/dao/SysUserDeviceDao.java

@@ -0,0 +1,13 @@
+package com.ym.mec.auth.dal.dao;
+
+import java.util.List;
+
+import com.ym.mec.auth.api.entity.SysUserDevice;
+import com.ym.mec.common.dal.BaseDAO;
+
+public interface SysUserDeviceDao extends BaseDAO<Integer, SysUserDevice> {
+
+	List<SysUserDevice> queryByUserId(Integer userId);
+	
+	List<SysUserDevice> queryByDeviceNum(String deviceNum);
+}

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/SysUserDeviceService.java

@@ -0,0 +1,21 @@
+package com.ym.mec.auth.service;
+
+import java.util.List;
+
+import com.ym.mec.auth.api.entity.SysUserDevice;
+import com.ym.mec.common.service.BaseService;
+
+public interface SysUserDeviceService extends BaseService<Integer, SysUserDevice> {
+
+	List<SysUserDevice> queryByUserId(Integer userId);
+
+	List<SysUserDevice> queryByDeviceNum(String deviceNum);
+
+	/**
+	 * 绑定设备号
+	 * @param userId
+	 * @param deviceNum
+	 * @return
+	 */
+	boolean bindDevice(Integer userId, String deviceNum) throws Exception;
+}

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/impl/SysUserDeviceServiceImpl.java

@@ -0,0 +1,58 @@
+package com.ym.mec.auth.service.impl;
+
+import java.util.Date;
+import java.util.List;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import com.ym.mec.auth.api.entity.SysUserDevice;
+import com.ym.mec.auth.dal.dao.SysUserDeviceDao;
+import com.ym.mec.auth.service.SysUserDeviceService;
+import com.ym.mec.common.dal.BaseDAO;
+import com.ym.mec.common.service.impl.BaseServiceImpl;
+
+@Service
+public class SysUserDeviceServiceImpl extends BaseServiceImpl<Integer, SysUserDevice>  implements SysUserDeviceService {
+	
+	@Autowired
+	private SysUserDeviceDao sysUserDeviceDao;
+
+	@Override
+	public BaseDAO<Integer, SysUserDevice> getDAO() {
+		return sysUserDeviceDao;
+	}
+
+	@Override
+	public List<SysUserDevice> queryByUserId(Integer userId) {
+		return sysUserDeviceDao.queryByUserId(userId);
+	}
+
+	@Override
+	public List<SysUserDevice> queryByDeviceNum(String deviceNum) {
+		return sysUserDeviceDao.queryByDeviceNum(deviceNum);
+	}
+
+	@Override
+	public boolean bindDevice(Integer userId, String deviceNum) throws Exception {
+		//查询设备号是否已存在
+		List<SysUserDevice> sysUserDeviceList = sysUserDeviceDao.queryByDeviceNum(deviceNum);
+		
+		if (sysUserDeviceList != null && sysUserDeviceList.size() > 0) {
+			if (sysUserDeviceList.stream().filter(sud -> sud.getUserId().equals(userId)).count() > 0) {
+				return true;
+			} else {
+				throw new Exception("当前设备已绑定账号，请更换设备");
+			}
+		}
+		
+		SysUserDevice sysUserDevice = new SysUserDevice();
+		sysUserDevice.setUserId(userId);
+		sysUserDevice.setDeviceNum(deviceNum);
+		sysUserDevice.setBindTime(new Date());
+		sysUserDeviceDao.insert(sysUserDevice);
+		
+		return true;
+	}
+	
+}

mec-auth/mec-auth-server/src/main/resources/config/mybatis/SysUserDeviceMapper.xml

@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<!-- 这个文件是自动生成的。 不要修改此文件。所有改动将在下次重新自动生成时丢失。 -->
+<mapper namespace="com.ym.mec.auth.dal.dao.SysUserDeviceDao">
+
+	<resultMap type="com.ym.mec.auth.api.entity.SysUserDevice" id="SysUserDevice">
+		<result column="id_" property="id" />
+		<result column="user_id_" property="userId" />
+		<result column="device_num_" property="deviceNum" />
+		<result column="bind_time_" property="bindTime" />
+		<result column="device_type_" property="deviceType" />
+	</resultMap>
+
+	<!-- 根据主键查询一条记录 -->
+	<select id="get" resultMap="SysUserDevice">
+		SELECT * FROM
+		sys_user_device WHERE id_ = #{id}
+	</select>
+
+	<!-- 全查询 -->
+	<select id="findAll" resultMap="SysUserDevice">
+		SELECT * FROM sys_user_device
+		ORDER BY id_
+	</select>
+
+	<!-- 向数据库增加一条记录 -->
+	<insert id="insert" parameterType="com.ym.mec.auth.api.entity.SysUserDevice"
+		useGeneratedKeys="true" keyColumn="id" keyProperty="id">
+		<!-- <selectKey resultClass="int" keyProperty="id" > SELECT SEQ_WSDEFINITION_ID.nextval 
+			AS ID FROM DUAL </selectKey> -->
+		INSERT INTO sys_user_device
+		(id_,user_id_,device_num_,bind_time_,device_type_)
+		VALUES(#{id},#{userId},#{deviceNum},#{bindTime},#{deviceType})
+	</insert>
+
+	<!-- 根据主键查询一条记录 -->
+	<update id="update" parameterType="com.ym.mec.auth.api.entity.SysUserDevice">
+		UPDATE sys_user_device
+		<set>
+			<if test="deviceType != null">
+				device_type_ = #{deviceType},
+			</if>
+			<if test="userId != null">
+				user_id_ = #{userId},
+			</if>
+			<if test="deviceNum != null">
+				device_num_ = #{deviceNum},
+			</if>
+			<if test="id != null">
+				id_ = #{id},
+			</if>
+			<if test="bindTime != null">
+				bind_time_ = #{bindTime},
+			</if>
+		</set>
+		WHERE id_ = #{id}
+	</update>
+
+	<!-- 根据主键删除一条记录 -->
+	<delete id="delete">
+		DELETE FROM sys_user_device WHERE id_ = #{id}
+	</delete>
+
+	<!-- 分页查询 -->
+	<select id="queryPage" resultMap="SysUserDevice" parameterType="map">
+		SELECT * FROM sys_user_device ORDER BY id_
+		<include refid="global.limit" />
+	</select>
+
+	<!-- 查询当前表的总记录数 -->
+	<select id="queryCount" resultType="int">
+		SELECT COUNT(*) FROM sys_user_device
+	</select>
+	
+	<select id="queryByUserId" resultMap="SysUserDevice">
+		SELECT * FROM sys_user_device WHERE user_id_ = #{userId}
+	</select>
+	
+	<select id="queryByDeviceNum" resultMap="SysUserDevice">
+		SELECT * FROM sys_user_device WHERE device_num_ = #{deviceNum}
+	</select>
+	
+</mapper>

mec-biz/src/main/java/com/ym/mec/biz/dal/page/MusicCalenderDetailQueryInfo.java

@@ -17,6 +17,8 @@ public class MusicCalenderDetailQueryInfo extends QueryInfo {
 	private Long id;
 	
 	private String responsibleRealName;
+	
+	private String batchNo;
 
 	public String getPaymentStatus() {
 		return paymentStatus;
@@ -73,4 +75,12 @@ public class MusicCalenderDetailQueryInfo extends QueryInfo {
 	public void setResponsibleRealName(String responsibleRealName) {
 		this.responsibleRealName = responsibleRealName;
 	}
+
+	public String getBatchNo() {
+		return batchNo;
+	}
+
+	public void setBatchNo(String batchNo) {
+		this.batchNo = batchNo;
+	}
 }