步骤一:验证加密信息是否存在
步骤二:判断失效性 并对其进行解密
步骤三:解密信息,得到注册实体信息,前往数据库DB判断是否有此账号
如果浏览器请求的参数中带有很多特殊符号,则会被转义。所以直接从浏览器中拿到参数再去匹配数据库,是无法匹配到的。改进:
String encryptInfo = env.getProperty("user.register.email.validate.url");
//TODO:浏览器转义urlEncoder = 请求过来的时候 自动进行解义
String encryptValue = getEncryptValue(usrDto);
encryptInfo = String.format(encryptInfo, URLEncoder.encode(encryptValue, "utf-8"));
dataMap.put("validateUrl", encryptInfo);
UserService.java
public void validateRegisterInfo(final String params) throws Exception{
//TODO: 验证加密串是否存在
MailEncrypt encrypt = mailEncryptMapper.selectByEncryptInfo(params);
if(encrypt == null){
throw new RuntimeException("待验证的链接不合法!");//表示这是伪造的链接
}
//TODO: 判断时效性
Long timeDiff = env.getProperty("user.register.email.time", Long.class);
if(System.currentTimeMillis() - encrypt.getSendTime().getTime() > timeDiff){
throw new RuntimeException("待验证的链接已失效!");
}
//TODO: 得到注册实体-前往DB校验注册账号是否存在
String tempValue = EncryptUtil.aesDecrypt(params, env.getProperty("encrypt.aes.alg.key"));
Map<String, Object> dataMap = objectMapper.readValue(tempValue, Map.class);
log.info("----解密得到的信息:{}", dataMap);
String email = String.valueOf(dataMap.get("email"));
Usr u = usrMapper.selectByEmail(email);
if(u == null){
throw new RuntimeException("待验证的链接不合法或该账户已激活!");
}
//TODO:到了这一步:说明验证过程几乎是合法的
u.setIsActive(1);
encrypt.setIsActive(Byte.valueOf("1"));
encrypt.setUpdateTime(DateTime.now().toDate());
usrMapper.updateByPrimaryKeySelective(u);
}
UserController.java
@RequestMapping(value = "validate", method = RequestMethod.GET)
@ResponseBody
public BaseResponse validate(@RequestParam String params){
BaseResponse response = new BaseResponse(StatusCode.Success);
try{
usrService.validateRegisterInfo(params);
}catch (Exception e){
log.info("用户Controller-用户激活邮箱-发生异常");
response = new BaseResponse(StatusCode.Fail.getCode(), e.getMessage());
}
return response;
}