authimage,sessionid

src/main/java/com/fdkankan/fusion/controller/LoginController.java

@@ -45,16 +45,20 @@ public class LoginController extends BaseController{
     ITmDepartmentService tmDepartmentService;
 
     @PostMapping("/fdLogin")
-    public ResultData fdLogin(@RequestBody FdkkLoginRequest request){
-        if(StringUtils.isBlank(request.getPhoneNum()) || StringUtils.isBlank(request.getPassword())
-                || StringUtils.isBlank(request.getCode()) || StringUtils.isBlank(request.getDeptId())){
+    public ResultData fdLogin(@RequestBody FdkkLoginRequest param){
+        if(StringUtils.isBlank(param.getPhoneNum()) || StringUtils.isBlank(param.getPassword())
+                || StringUtils.isBlank(param.getCode()) || StringUtils.isBlank(param.getDeptId())){
             throw new BusinessException(ResultCode.MISSING_REQUIRED_PARAMETERS);
         }
-        if(!redisUtil.hasKey(String.format(RedisKeyUtil.loginAuthCode,request.getCode()))){
+        String id = request.getSession().getId();
+        if(!redisUtil.hasKey(String.format(RedisKeyUtil.loginAuthCode,id))){
             throw new BusinessException(ResultCode.LOGIN_AUTH_NOT_EXIST);
         }
-        redisUtil.del(String.format(RedisKeyUtil.loginAuthCode,request.getCode()));
-        TmUser tmUser = tmUserService.getByUserName(request.getPhoneNum());
+        if(!redisUtil.get(id).equals(param.getCode())){
+            throw new BusinessException(ResultCode.LOGIN_AUTH_NOT_EXIST);
+        }
+        redisUtil.del(String.format(RedisKeyUtil.loginAuthCode,param.getCode()));
+        TmUser tmUser = tmUserService.getByUserName(param.getPhoneNum());
         if(tmUser == null){
             throw new BusinessException(ResultCode.PASSWORD_ERROR);
         }
@@ -62,8 +66,8 @@ public class LoginController extends BaseController{
             throw new BusinessException(ResultCode.USER_NOT_LOGIN_PERM);
         }
         //超管除外
-        if(!tmUser.getDeptId().equals("0") && !tmUser.getDeptId().equals(request.getDeptId())){
-            List<TmDepartment> deptList = tmDepartmentService.getSonByDeptId(request.getDeptId());
+        if(!tmUser.getDeptId().equals("0") && !tmUser.getDeptId().equals(param.getDeptId())){
+            List<TmDepartment> deptList = tmDepartmentService.getSonByDeptId(param.getDeptId());
             if(deptList == null || deptList.size() <=0){
                 throw new BusinessException(ResultCode.DEPT_NOT_EXITS);
             }
@@ -74,7 +78,7 @@ public class LoginController extends BaseController{
         }
 
         //对前端传的密码解密
-        FdkkResponse<FdkkLoginVo> fdkkLoginVo = fdKKClient.fdkkLogin(request);
+        FdkkResponse<FdkkLoginVo> fdkkLoginVo = fdKKClient.fdkkLogin(param);
         if(fdkkLoginVo.getCode() == 0){
             FdkkLoginVo data = fdkkLoginVo.getData();
             StpUtil.login(tmUser.getId(), SaLoginConfig

src/main/java/com/fdkankan/fusion/controller/NoLoginController.java

@@ -36,12 +36,13 @@ public class NoLoginController {
     public void  getLoginCode(HttpServletRequest request, HttpServletResponse response) throws IOException {
         response.setHeader("Cache-Control", "no-store, no-cache");
         response.setContentType("image/jpeg");
+        String id = request.getSession().getId();
         try {
             LineCaptcha lineCaptcha = CaptchaUtil.createLineCaptcha(200, 100,4,60);
-            while (redisUtil.hasKey(String.format(RedisKeyUtil.loginAuthCode,lineCaptcha.getCode()))){
+            while (redisUtil.hasKey(String.format(RedisKeyUtil.loginAuthCode,id))){
                 lineCaptcha = CaptchaUtil.createLineCaptcha(200, 100,4,60);
             }
-            redisUtil.set(String.format(RedisKeyUtil.loginAuthCode,lineCaptcha.getCode()),lineCaptcha.getCode(),30);
+            redisUtil.set(String.format(RedisKeyUtil.loginAuthCode,id),lineCaptcha.getCode(),30);
             lineCaptcha.write(response.getOutputStream());
             response.getOutputStream().close();
         } catch (Exception e){