提交短信认证后端逻辑判断

2025-12-07 17:38:32 +08:00 · 2022-11-18 10:14:47 +08:00 · 2022-11-18 10:14:47 +08:00 · 0bd384b76a
commit 0bd384b76a
parent 756993053b
2 changed files with 139 additions and 123 deletions
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/LoginCredential.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/LoginCredential.java
@ -49,7 +49,7 @@ public class LoginCredential  implements Authentication {
    ArrayList<GrantedAuthority> grantedAuthority;
    boolean authenticated;
    boolean roleAdministrators;
-
+    String mobile;
    /**
     * BasicAuthentication.
     */
@ -230,6 +230,15 @@ public class LoginCredential  implements Authentication {
        this.instId = instId;
    }

+    public String getMobile() {
+        return mobile;
+    }
+
+    public void setMobile(String mobile) {
+        this.mobile = mobile;
+    }
+
+
    @Override
    public String toString() {
        StringBuilder builder = new StringBuilder();
@ -241,6 +250,8 @@ public class LoginCredential  implements Authentication {
        builder.append(password);
        builder.append(", state=");
        builder.append(state);
+        builder.append(", mobile=");
+        builder.append(mobile);
        builder.append(", captcha=");
        builder.append(captcha);
        builder.append(", otpCaptcha=");
--- a/maxkey-authentications/maxkey-authentication-provider/src/main/java/org/maxkey/authn/provider/impl/MobileAuthenticationProvider.java
+++ b/maxkey-authentications/maxkey-authentication-provider/src/main/java/org/maxkey/authn/provider/impl/MobileAuthenticationProvider.java
@ -74,6 +74,11 @@ public class MobileAuthenticationProvider extends AbstractAuthenticationProvider
                loginCredential.getPrincipal(), getProviderName());
        try {

+            //如果是验证码登录，设置mobile为username
+            loginCredential.setUsername(loginCredential.getMobile());
+            //设置密码为验证码
+            loginCredential.setPassword(loginCredential.getOtpCaptcha());
+
            _logger.debug("authentication " + loginCredential);

            emptyPasswordValid(loginCredential.getPassword());
@ -84,8 +89,8 @@ public class MobileAuthenticationProvider extends AbstractAuthenticationProvider

            statusValid(loginCredential , userInfo);

-	        //Validate PasswordPolicy
-	        authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
+            //Validate PasswordPolicy 取消密码策略验证
+            //authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);

            mobileCaptchaValid(loginCredential.getPassword(),userInfo);