潘钊 / bsth_control · Files

package com.bsth.controller.sys;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;

import com.bsth.controller.BaseController;
import com.bsth.entity.sys.SysUser;
import com.bsth.security.util.SecurityUtils;
import com.bsth.service.sys.SysUserService;

@RestController
@RequestMapping("user")
public class UserController extends BaseController<SysUser, Integer>{
	
	@Autowired
	SysUserService sysUserService;
	
	/**
	 * 
	 * @Title: loginFailure 
	 * @Description: TODO(查询登录失败的详细信息) 
	 * @param @param request
	 * @return String    返回类型 
	 * @throws
	 */
	@RequestMapping("/loginFailure")
	public String loginFailure(HttpServletRequest request){
		String msg = "";
		HttpSession session = request.getSession();
		
		Object obj = session.getAttribute("SPRING_SECURITY_LAST_EXCEPTION");
		
		if(obj instanceof BadCredentialsException)
			msg = "登录失败，用户名或密码错误.";
		else if(obj instanceof SessionAuthenticationException)
			msg = "登录失败，当前策略不允许重复登录.";
		session.removeAttribute("SPRING_SECURITY_LAST_EXCEPTION");
		return msg;
	}
	
	/**
	 * 
	 * @Title: logout 
	 * @Description: TODO(注销吧皮卡丘) 
	 * @param @param request
	 * @return ModelAndView    返回类型 
	 * @throws
	 */
	@RequestMapping("/logout")
	public ModelAndView logout(HttpServletRequest request, HttpServletResponse response){
		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
		if (auth != null){
			new SecurityContextLogoutHandler().logout(request, response, auth);
		}
		return new ModelAndView("/");
	}
	
	@RequestMapping("/currentUser")
	public SysUser currentUser(){
		return SecurityUtils.getCurrentUser();
	}
	
	/**
	 * @Title changeEnabled
	 * @Description: TODO(改变用户状态) 
	 * @param id 用户ID
	 * @param enabled 状态
	 * @return
	 */
	@RequestMapping("/changeEnabled")
	public int changeEnabled(@RequestParam int id,@RequestParam int enabled){
		return sysUserService.changeEnabled(id,enabled);
	}
	
	/**
	 * @Title changePWD
	 * @Description: TODO(修改密码) 
	 * @param oldPWD 原始密码
	 * @param newwPWD 新密码
	 * @param cnewPWD 确认新密码
	 * @return
	 */
	@RequestMapping("/changePWD")
	public String changePWD(@RequestParam String oldPWD,@RequestParam String newPWD,@RequestParam String cnewPWD){
		SysUser sysUser = SecurityUtils.getCurrentUser();
		String msg = "";
		if(new BCryptPasswordEncoder(4).matches(oldPWD, sysUser.getPassword())){
			if(oldPWD.equals(newPWD)){
				msg = "新密码不能跟原始密码一样！";
			}else{
				if(newPWD.equals(cnewPWD)){
					sysUserService.changePWD(sysUser.getId(),newPWD);
					msg = "修改成功！";
				}else{
					msg= "新密码两次输入不一致！";
				}
			}
		}else{
			msg = "原始密码错误！";
		}
		return msg;
	}
}