修改漏洞

src/main/java/platform/common/util/AlibabaSMSUtil.java

@@ -77,7 +77,7 @@ public class AlibabaSMSUtil {
                         /*&& !Constant.Environment.ALIYUN.equals(profiles)*/
         ) {
             //phone = "18626210573";
-            if (Constant.Environment.ALIYUN.equals(profiles) || Constant.Environment.TEST.equals(profiles)) {
+             if (!templateCode.equals(Constant.SMS_TemplateCode.VALIDATE_CODE) && Constant.Environment.ALIYUN.equals(profiles) || Constant.Environment.TEST.equals(profiles)) {
                 phone = "18626210573";
             }
             SendSmsResponse response = sendSMSMessage(phone, templateCode, signName, templateParam);

src/main/java/platform/modules/build/entity/Company.java

@@ -65,6 +65,8 @@ public class Company extends BaseEntity {
     private String post_address;//企业邮寄地址
 
     private String password;//注册密码
+    @Transient
+    private String confirm_password;// 确认密码
     private Integer is_register;//0,未通过，1.已通过
 
     @Transient

src/main/java/platform/modules/government/service/ContentService.java

@@ -155,9 +155,9 @@ public class ContentService extends BaseService<Content> {
         int count = contentDao.findContentsCount(request);
         if (count > 0) {
             // 处理分页参数
-            if (request.getPage_size() > 0) {
+            if (request.getPageSize() > 0) {
                 //如果输入的页码大于实际的分页数，将页码设置为最后一页的页码
-                lastPageNumber = (int) ((count - 1) / request.getPage_size() + 1);
+                lastPageNumber = (int) ((count - 1) / request.getPageSize() + 1);
                 if (request.getPage_number() > lastPageNumber) {
                     request.setPage_no(lastPageNumber);
                 }

src/main/java/platform/modules/government/service/ProjectDeclarationService.java

@@ -2280,7 +2280,7 @@ public class ProjectDeclarationService extends BaseService<ProjectDeclaration> {
 
     public FindResponseProject findProejctsOnHome(FindRequest request) {
         FindResponseProject response = new FindResponseProject();
-        PageHelper.startPage(request.getPage_no(), request.getPage_size());
+        PageHelper.startPage(request.getPage_no(), request.getPageSize());
         List<ProjectDeclaration> contents;
         //报表填报
         if (request.getId() == 77) {
@@ -2344,7 +2344,7 @@ public class ProjectDeclarationService extends BaseService<ProjectDeclaration> {
      * @return
      */
     public PageInfo<ProjectDeclaration> findProjectList(FindRequest request) {
-        PageHelper.startPage(request.getPage_no(), request.getPage_size());
+        PageHelper.startPage(request.getPage_no(), request.getPageSize());
         List<ProjectDeclaration> contents = projectDeclarationDao.findUnionProjectsOnHome(request);
         return new PageInfo<>(contents);
     }

src/main/java/platform/modules/home/HomeController.java

@@ -867,24 +867,24 @@ public class HomeController extends BaseController {
 
     /**********************政策雷达***********************/
 
-//    /**
-//     * 跳转到登录页面
-//     *
-//     * @return
-//     */
-//    @RequestMapping(value = "/login")
-//    public String toLogin(HttpServletRequest request, HttpServletResponse response, ModelMap modelMap) throws Exception {
-//        log.info("跳转到登录页面！");
-//        //Ajax登录超时校验,如果超时，进行前台响应提示
-//        if (WebUtil.isAjaxRequest(request)) {
-//            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-//            response.setHeader(HEAD_SESSION_STATUS_KEY, HEAD_SESSION_STATUS_VALUE);
-//            response.setContentType("text/html;charset=utf-8");
-//        }
-//        this.commonObject(modelMap, false);
-//        return BASE_HOME_PATH + "html/login";
-////        return "/index";
-//    }
+    /**
+     * 跳转到登录页面
+     *
+     * @return
+     */
+    @RequestMapping(value = "/login")
+    public String toLogin(HttpServletRequest request, HttpServletResponse response, ModelMap modelMap) throws Exception {
+        log.info("跳转到登录页面！");
+        //Ajax登录超时校验,如果超时，进行前台响应提示
+        if (WebUtil.isAjaxRequest(request)) {
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.setHeader(HEAD_SESSION_STATUS_KEY, HEAD_SESSION_STATUS_VALUE);
+            response.setContentType("text/html;charset=utf-8");
+        }
+        this.commonObject(modelMap, false);
+        return BASE_HOME_PATH + "html/login";
+//        return "/index";
+    }
 
 
     /**
@@ -895,55 +895,55 @@ public class HomeController extends BaseController {
      * @param password 密码
      * @return
      */
-//    @OperationLog(value = "用户登录")
-//    @PostMapping(value = "/login")
-//    @ResponseBody
-//    public ResponseMessage login(HttpServletRequest request, String username, String password, Boolean isMobile) {
-//        try {
-//            //changeNewSession(request);
-//            Base64.Decoder decoder = Base64.getDecoder();
-//            username = new String(decoder.decode(username), "UTF-8");
-//            password = new String(decoder.decode(password), "UTF-8");
-//
-//            //获取当前的Subject
-//            Subject currentUser = ShiroUtils.getSubject();
-//            UsernamePasswordToken token = new UsernamePasswordToken(username, password, isMobile, false);
-//            //在调用了login方法后,SecurityManager会收到AuthenticationToken,并将其发送给已配置的Realm执行必须的认证检查
-//            //每个Realm都能在必要时对提交的AuthenticationTokens作出反应
-//            //所以这一步在调用login(token)方法时,它会走到MyRealm.doGetAuthenticationInfo()方法中,具体验证方式详见此方法
-//            log.info("对用户进行登录验证..验证开始! username = {}", username);
-//            currentUser.login(token);
-//            //验证是否登录成功
-//            if (currentUser.isAuthenticated()) {
-//                log.info("对用户进行登录验证..验证通过! username = {}", username);
-//                ModelMap modelMap = new ModelMap();
-//                this.commonObject(modelMap, false);
-//
-//                //获取token
-//                modelMap.put("token", userService.createToken());
-//                return ResponseMessage.success(Constant.USER_LOGIN_IN, modelMap);
-//            }
-//        } catch (UnknownAccountException e) {  //账号不存在
-//            log.info("! username = {}", username);
-//            return ResponseMessage.error(Constant.USER_NOT_FIND);
-//
-//        } catch (IncorrectCredentialsException e) {
-//            log.info("对用户进行登录验证..验证未通过,错误的凭证! username = {}", username);
-//            return ResponseMessage.error(Constant.USER_INVALID);
-//
-//        } catch (LockedAccountException e) {
-//            log.info("对用户进行登录验证..验证未通过,账户已锁定! username = {}", username);
-//            return ResponseMessage.error(Constant.USER_HAS_REGISTERING);
-//        } catch (ExcessiveAttemptsException eae) {
-//            log.info("对用户进行登录验证..验证未通过,错误次数过多! username = {}", username);
-//            return ResponseMessage.error(Constant.USER_ERROR_MANY);
-//        } catch (AuthenticationException e) {
-//            return ResponseMessage.error(Constant.SYSTEM_ERRORS);
-//        } catch (Exception e) {
-//            log.error("对用户进行登录验证失败! username = {} e = {}", username, e);
-//        }
-//        return ResponseMessage.error(Constant.SYSTEM_ERRORS);
-//    }
+    @OperationLog(value = "用户登录")
+    @PostMapping(value = "/login")
+    @ResponseBody
+    public ResponseMessage login(HttpServletRequest request, String username, String pd, Boolean isMobile) {
+        try {
+            //changeNewSession(request);
+            Base64.Decoder decoder = Base64.getDecoder();
+            username = new String(decoder.decode(username), "UTF-8");
+            String password = new String(decoder.decode(pd), "UTF-8");
+
+            //获取当前的Subject
+            Subject currentUser = ShiroUtils.getSubject();
+            UsernamePasswordToken token = new UsernamePasswordToken(username, password, isMobile, false);
+            //在调用了login方法后,SecurityManager会收到AuthenticationToken,并将其发送给已配置的Realm执行必须的认证检查
+            //每个Realm都能在必要时对提交的AuthenticationTokens作出反应
+            //所以这一步在调用login(token)方法时,它会走到MyRealm.doGetAuthenticationInfo()方法中,具体验证方式详见此方法
+            log.info("对用户进行登录验证..验证开始! username = {}", username);
+            currentUser.login(token);
+            //验证是否登录成功
+            if (currentUser.isAuthenticated()) {
+                log.info("对用户进行登录验证..验证通过! username = {}", username);
+                ModelMap modelMap = new ModelMap();
+                this.commonObject(modelMap, false);
+
+                //获取token
+                modelMap.put("token", userService.createToken());
+                return ResponseMessage.success(Constant.USER_LOGIN_IN, modelMap);
+            }
+        } catch (UnknownAccountException e) {  //账号不存在
+            log.info("! username = {}", username);
+            return ResponseMessage.error(Constant.USER_NOT_FIND);
+
+        } catch (IncorrectCredentialsException e) {
+            log.info("对用户进行登录验证..验证未通过,错误的凭证! username = {}", username);
+            return ResponseMessage.error(Constant.USER_INVALID);
+
+        } catch (LockedAccountException e) {
+            log.info("对用户进行登录验证..验证未通过,账户已锁定! username = {}", username);
+            return ResponseMessage.error(Constant.USER_HAS_REGISTERING);
+        } catch (ExcessiveAttemptsException eae) {
+            log.info("对用户进行登录验证..验证未通过,错误次数过多! username = {}", username);
+            return ResponseMessage.error(Constant.USER_ERROR_MANY);
+        } catch (AuthenticationException e) {
+            return ResponseMessage.error(Constant.SYSTEM_ERRORS);
+        } catch (Exception e) {
+            log.error("对用户进行登录验证失败! username = {} e = {}", username, e);
+        }
+        return ResponseMessage.error(Constant.SYSTEM_ERRORS);
+    }
 
     /**
      * 改变session

src/main/java/platform/modules/home/request/FindRequest.java

@@ -17,7 +17,8 @@ public class FindRequest {
     // 页索引
     private int page_no = 1;
     // 页大小
-    private int page_size = 10;
+    private int pageSize = 10;
+    private Integer page_size;
 
     private Integer company_id;
     private Integer street_id;
@@ -33,6 +34,10 @@ public class FindRequest {
 
     private String endTime;
 
+    public int getPageSize() {
+        return page_size != null ? page_size: pageSize;
+    }
+
     /**
      * 获取页索引。如果当前索引小于1，则回1.
      *
@@ -51,6 +56,6 @@ public class FindRequest {
      * @return
      */
     public int getStart() {
-        return ((this.getPage_number() - 1) * this.getPage_size());
+        return ((this.getPage_number() - 1) * this.getPageSize());
     }
 }

src/main/java/platform/modules/home/service/HomeRefactorService.java

@@ -94,7 +94,7 @@ public class HomeRefactorService {
     public HomeRefactorDto findHomeIndex() {
         HomeRefactorDto refactor = new HomeRefactorDto();
         FindRequest request = new FindRequest();
-        request.setPage_size(1);
+        request.setPageSize(1);
         request.setId(64);
         refactor.setMessage(contentService.findContentList(request).get(0));
         request.setId(1);
@@ -112,7 +112,7 @@ public class HomeRefactorService {
      * @return
      */
     public PageInfo<Content> findContentList(FindRequest request) {
-        PageHelper.startPage(request.getPage_no(), request.getPage_size());
+        PageHelper.startPage(request.getPage_no(), request.getPageSize());
         return new PageInfo<>(contentService.findContentList(request));
     }
 

src/main/java/platform/modules/home/web/HomeRefactorController.java

@@ -440,6 +440,7 @@ public class HomeRefactorController extends BaseController {
                 return ResponseMessage.error("验证码错误！");
             }
 //            }
+            information.setConfirm_password(null);
             Street street = new Street();
             if (null != information.getStreet_id()) {
                 street = streetService.findById(information.getStreet_id());

src/main/java/platform/modules/sys/service/ActivityService.java

@@ -414,9 +414,9 @@ public class ActivityService extends BaseService<ActivityDetail> {
         int count = activityDetailDao.findAvtivityPage(activityDetail).size();
         if (count > 0) {
             // 处理分页参数
-            if (request.getPage_size() > 0) {
+            if (request.getPageSize() > 0) {
                 //如果输入的页码大于实际的分页数，将页码设置为最后一页的页码
-                lastPageNumber = (int) ((count - 1) / request.getPage_size() + 1);
+                lastPageNumber = (int) ((count - 1) / request.getPageSize() + 1);
                 if (request.getPage_number() > lastPageNumber) {
                     request.setPage_no(lastPageNumber);
                 }
@@ -582,7 +582,7 @@ public class ActivityService extends BaseService<ActivityDetail> {
         if (Objects.equals(activityDetail.getSort_criteria(), null) || Objects.equals(activityDetail.getSort_criteria(), "")) {
             activityDetail.setSort_criteria("0");
         }
-        PageHelper.startPage(request.getPage_no(), request.getPage_size());
+        PageHelper.startPage(request.getPage_no(), request.getPageSize());
         List<ActivityDetail> contents = activityDetailDao.findAvtivityPage(activityDetail);
         if (contents.size() > 0) {
             List<DictionaryItem> activityTypeList = dictionaryItemService.findListByTypeName(Constant.DictionaryType.ACTIVITY_TYPE);

src/main/resources/templates/home/html/login.html

@@ -121,7 +121,7 @@
             url: pagePath + url,
             data: {
                 "username": username,
-                "password": password,
+                "pd": password,
                 "timestamp": new Date().getTime()
             },