From 16d1b061d8462aa5da6792cd65e36819b21f9d3f Mon Sep 17 00:00:00 2001
From: wuxw <928255095@qq.com>
Date: 星期一, 23 十月 2023 01:09:56 +0800
Subject: [PATCH] 优化西宁浦发银行 渗透测试漏洞解决
---
service-user/src/main/java/com/java110/user/cmd/user/UserSendSmsCmd.java | 34 ++++++++++++++++++++++------------
1 files changed, 22 insertions(+), 12 deletions(-)
diff --git a/service-user/src/main/java/com/java110/user/cmd/user/UserSendSmsCmd.java b/service-user/src/main/java/com/java110/user/cmd/user/UserSendSmsCmd.java
index ec8f557..619536c 100644
--- a/service-user/src/main/java/com/java110/user/cmd/user/UserSendSmsCmd.java
+++ b/service-user/src/main/java/com/java110/user/cmd/user/UserSendSmsCmd.java
@@ -15,6 +15,7 @@
import com.java110.utils.cache.MappingCache;
import com.java110.utils.constant.MappingConstant;
import com.java110.utils.exception.CmdException;
+import com.java110.utils.lock.DistributedLock;
import com.java110.utils.util.Assert;
import com.java110.utils.util.StringUtil;
import com.java110.utils.util.ValidatorUtil;
@@ -51,23 +52,32 @@
throw new IllegalArgumentException("鎵嬫満鍙锋牸寮忛敊璇�");
}
- //鏍¢獙鏄惁鏈夋湁鏁堢殑楠岃瘉鐮�
- String smsCode = CommonCache.getValue(reqJson.getString("tel") + SendSmsFactory.VALIDATE_CODE);
+ String requestId = DistributedLock.getLockUUID();
+ String key = this.getClass().getSimpleName() + reqJson.getString("tel");
+ try {
+ DistributedLock.waitGetDistributedLock(key, requestId);
+ //鏍¢獙鏄惁鏈夋湁鏁堢殑楠岃瘉鐮�
+ String smsCode = CommonCache.getValue(reqJson.getString("tel") + SendSmsFactory.VALIDATE_CODE);
- if (!StringUtil.isEmpty(smsCode) && smsCode.contains("-")) {
- long oldTime = Long.parseLong(smsCode.substring(smsCode.indexOf("-")+1, smsCode.length()));
- long nowTime = new Date().getTime();
- if (nowTime - oldTime < 1000 * 60 * 2) {
- throw new IllegalArgumentException("璇蜂笉瑕侀噸澶嶅彂閫侀獙璇佺爜");
+ if (!StringUtil.isEmpty(smsCode) && smsCode.contains("-")) {
+ long oldTime = Long.parseLong(smsCode.substring(smsCode.indexOf("-") + 1, smsCode.length()));
+ long nowTime = new Date().getTime();
+ if (nowTime - oldTime < 1000 * 60 * 2) {
+ throw new IllegalArgumentException("璇蜂笉瑕侀噸澶嶅彂閫侀獙璇佺爜");
+ }
}
+ } finally {
+ //娓呯悊浜嬪姟淇℃伅
+ DistributedLock.releaseDistributedLock(key, requestId);
}
+
}
@Override
public void doCmd(CmdEvent event, ICmdDataFlowContext context, JSONObject reqJson) throws CmdException {
String tel = reqJson.getString("tel");
String captchaType = reqJson.getString("captchaType");
- if(!StringUtil.isEmpty(captchaType) && "ownerBinding".equals(captchaType)){
+ if (!StringUtil.isEmpty(captchaType) && "ownerBinding".equals(captchaType)) {
OwnerDto ownerDto = new OwnerDto();
ownerDto.setCommunityId(reqJson.getString("communityId"));
ownerDto.setName(reqJson.getString("appUserName"));
@@ -76,21 +86,21 @@
//鍙栧嚭寮�鍏虫槧灏勭殑鍊�
String val = MappingCache.getValue(DOMAIN_COMMON, ID_CARD_SWITCH);
//鍙栧嚭韬唤璇�
- String idCardErrorMsg ="";
+ String idCardErrorMsg = "";
String idCard = reqJson.getString("idCard");
if ("1".equals(val) && !StringUtil.isEmpty(idCard)) {
ownerDto.setIdCard(idCard);
- idCardErrorMsg="鎴栬�呰韩浠借瘉鍙�";
+ idCardErrorMsg = "鎴栬�呰韩浠借瘉鍙�";
}
List<OwnerDto> ownerDtos = ownerInnerServiceSMOImpl.queryOwnerMembers(ownerDto);
- Assert.listOnlyOne(ownerDtos, "濉啓涓氫富淇℃伅閿欒锛岃纭锛岄鐣欎笟涓诲鍚嶃�佹墜鏈哄彿"+idCardErrorMsg+"淇℃伅鏄惁姝g‘锛�");
+ Assert.listOnlyOne(ownerDtos, "濉啓涓氫富淇℃伅閿欒锛岃纭锛岄鐣欎笟涓诲鍚嶃�佹墜鏈哄彿" + idCardErrorMsg + "淇℃伅鏄惁姝g‘锛�");
}
//鏍¢獙鏄惁浼犱簡 鍒嗛〉淇℃伅
String msgCode = SendSmsFactory.generateMessageCode(6);
SmsDto smsDto = new SmsDto();
smsDto.setTel(tel);
smsDto.setCode(msgCode);
- if ("ON".equals(MappingCache.getValue(MappingConstant.SMS_DOMAIN,SendSmsFactory.SMS_SEND_SWITCH))) {
+ if ("ON".equals(MappingCache.getValue(MappingConstant.SMS_DOMAIN, SendSmsFactory.SMS_SEND_SWITCH))) {
smsDto = smsInnerServiceSMOImpl.send(smsDto);
} else {
CommonCache.setValue(smsDto.getTel() + SendSmsFactory.VALIDATE_CODE, smsDto.getCode().toLowerCase() + "-" + new Date().getTime(), CommonCache.defaultExpireTime);
--
Gitblit v1.8.0