public async Task <UserValidateDto> Login(UserValidateInputDto inputDto, CurrenUserInfoDto currentUser)
{
//var user4 = _userRepository.GetAll<SysMenu>().FirstOrDefault();
//var user0 = _rsp.GetAll<SysUser>().FirstOrDefault();
var user = await _userRepository.FetchAsync(x => new { x.Password, x.Salt, x.Name, x.Email, x.RoleId, x.Account, x.ID, x.Status }, x => x.Account == inputDto.Account);
dynamic log = new ExpandoObject();
log.ID = IdGenerater.GetNextId(IdGenerater.DatacenterId, IdGenerater.WorkerId);
log.Account = inputDto.Account;
log.CreateTime = DateTime.Now;
log.Device = currentUser.Device;
log.RemoteIpAddress = currentUser.RemoteIpAddress;
log.Message = string.Empty;
log.Succeed = false;
log.UserId = user?.ID;
log.UserName = user?.Name;
if (user == null)
{
var errorModel = new ErrorModel(ErrorCode.NotFound, "用户名或密码错误");
log.Message = JsonSerializer.Serialize(errorModel);
throw new BusinessException(errorModel);
}
else
{
if (user.Status != 1)
{
var errorModel = new ErrorModel(ErrorCode.TooManyRequests, "账号已锁定");
log.Message = JsonSerializer.Serialize(errorModel);
_mqProducer.BasicPublish(MqExchanges.Logs, MqRoutingKeys.Loginlog, log);
throw new BusinessException(errorModel);
}
//var logins = await _loginLogRepository.SelectAsync(5, x => new { x.ID, x.Succeed,x.CreateTime }, x => x.UserId == user.ID, x => x.ID, false);
//var failLoginCount = logins.Count(x => x.Succeed == false);
var failLoginCount = 2;
if (failLoginCount == 5)
{
var errorModel = new ErrorModel(ErrorCode.TooManyRequests, "连续登录失败次数超过5次,账号已锁定");
log.Message = JsonSerializer.Serialize(errorModel);
await _userRepository.UpdateAsync(new SysUser()
{
ID = user.ID, Status = 2
}, x => x.Status);
throw new BusinessException(errorModel);
}
if (HashHelper.GetHashedString(HashType.MD5, inputDto.Password, user.Salt) != user.Password)
{
var errorModel = new ErrorModel(ErrorCode.NotFound, "用户名或密码错误");
log.Message = JsonSerializer.Serialize(errorModel);
_mqProducer.BasicPublish(MqExchanges.Logs, MqRoutingKeys.Loginlog, log);
throw new BusinessException(errorModel);
}
if (string.IsNullOrEmpty(user.RoleId))
{
var errorModel = new ErrorModel(ErrorCode.Forbidden, "未分配任务角色,请联系管理员");
log.Message = JsonSerializer.Serialize(errorModel);
_mqProducer.BasicPublish(MqExchanges.Logs, MqRoutingKeys.Loginlog, log);
throw new BusinessException(errorModel);
}
}
log.Message = "登录成功";
log.Succeed = true;
_mqProducer.BasicPublish(MqExchanges.Logs, MqRoutingKeys.Loginlog, log);
return(_mapper.Map <UserValidateDto>(user));
}
public async Task <UserValidateDto> UpdatePassword(UserChangePwdInputDto passwordDto, CurrenUserInfoDto currentUser)
{
if (string.Equals(currentUser.Account, "admin", StringComparison.OrdinalIgnoreCase))
{
throw new BusinessException(new ErrorModel(ErrorCode.Forbidden, "不能修改超级管理员密码"));
}
if (!string.Equals(passwordDto.Password, passwordDto.RePassword))
{
throw new BusinessException(new ErrorModel(ErrorCode.Forbidden, "新密码前后不一致"));
}
var user = (await _userRepository.FetchAsync(x => new { x.Password, x.Salt, x.Name, x.Email, x.RoleId, x.Account, x.ID, x.Status }, x => x.ID == currentUser.ID)).To <SysUser>();
if (!string.Equals(HashHelper.GetHashedString(HashType.MD5, passwordDto.OldPassword, user.Salt), user.Password, StringComparison.OrdinalIgnoreCase))
{
throw new BusinessException(new ErrorModel(ErrorCode.Forbidden, "旧密码输入错误"));
}
await _userRepository.UpdateAsync(user, p => p.Password);
return(_mapper.Map <UserValidateDto>(user));
}
