Merge remote-tracking branch 'origin/dev-login0218' into dev-login0218

8cba6c15 · fengyuan.wan · 06663e79 · f90e7c45 · 8cba6c15 · 8cba6c15
--- a/server/src/main/java/com/pica/cloud/account/account/server/controller/LoginController.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/controller/LoginController.java
@@ -217,7 +217,7 @@ public class LoginController extends AccountBaseController {
    }

    @ApiOperation(value = "苹果授权登录")
-    @GetMapping("/login/apple")
+    @PostMapping("/login/apple")
    public PicaResponse appleAuth(@RequestBody EncryptEntity entity) throws Exception{
        BaseRequest request = CryptoUtil.decrypt(entity, BaseRequest.class);
        request.setProductType(super.getProductType());

--- a/server/src/main/java/com/pica/cloud/account/account/server/controller/ProtocolController.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/controller/ProtocolController.java
@@ -35,7 +35,8 @@ public class ProtocolController extends AccountBaseController {
    @ApiOperation(value = "首次唤起App签订协议")
    @PostMapping("/firstCallApp")
    public PicaResponse firstCallApp(@RequestBody BatchSignReq req){
-        String appVersion = super.getDeviceInfo("appVersion");
+        String appVersion = super.getDeviceInfo("app_version");
+        req.setUserId(Integer.parseInt(String.valueOf(super.getDoctorIdByToken())));
        protocolService.firstCallAppSignProtocol(req, appVersion);
        return PicaResponse.toResponse();
    }

--- a/server/src/main/java/com/pica/cloud/account/account/server/enums/AccountExceptionEnum.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/enums/AccountExceptionEnum.java
@@ -33,7 +33,7 @@ public enum AccountExceptionEnum {
    PICA_PASSWORD_RULE_ERROR("216525","该手机号{mobile}尚未设置密码，请先设置密码。"),
    PICA_PWD_MISMATCH_4("216526", "密码错误,请重试"),
    PICA_PWD_MISMATCH_5("216527", "该账号{mobile}的密码错误次数已达上限请24小时后再试，或请使用其他登录方式或找回密码"),
-    PICA_APPLE_TOKEN_ERROR("216528", "微信登录授权identifyToken不正确"),
+    PICA_APPLE_TOKEN_ERROR("216528", "Apple登录授权token不正确"),
    PICA_APPLE_BIND_OTHER("216529", "该Apple账号已绑定其他账户"),
    PICA_MOBILE_BIND_OTHER("216530", "该手机号已绑定其他Apple账号"),


--- a/server/src/main/java/com/pica/cloud/account/account/server/service/impl/LoginServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/service/impl/LoginServiceImpl.java
@@ -24,14 +24,13 @@ import com.pica.cloud.account.account.server.util.AESUtil;
 import com.pica.cloud.account.account.server.util.AccountUtils;
 import com.pica.cloud.account.account.server.util.TokenUtils;
 import com.pica.cloud.account.account.server.util.WeChatUtils;
-import com.pica.cloud.account.account.server.vo.OneClickLoginResultVo;
 import com.pica.cloud.foundation.encryption.common.constants.EncryptConstants;
 import com.pica.cloud.foundation.encryption.util.EncryptUtils;
 import com.pica.cloud.foundation.entity.PicaException;
 import com.pica.cloud.foundation.entity.PicaResultCode;
 import com.pica.cloud.foundation.redis.ICacheClient;
-import com.pica.cloud.foundation.utils.utils.HttpClientUtil;
 import com.pica.cloud.foundation.utils.utils.ValidateUtils;
+import com.pica.cloud.patient.smartcontract.common.utils.HttpClientCloudUtils;
 import io.jsonwebtoken.*;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang3.StringUtils;
@@ -42,13 +41,6 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;

-
-import javax.servlet.http.HttpServletRequest;
-import java.io.BufferedReader;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.net.HttpURLConnection;
-import java.net.URL;
 import java.security.PublicKey;
 import java.util.Date;
 import java.util.HashMap;
@@ -605,14 +597,13 @@ public class LoginServiceImpl implements LoginService {
    @Override
    public LoginResult loginByApple(BaseRequest request) {
        //  入参非空判断
-        if (StringUtils.isEmpty(request.getIdentifyToken()) ||
-                StringUtils.isEmpty(request.getAppleUserId()) ||
-                StringUtils.isEmpty(request.getAppleId())) {
+        if (StringUtils.isEmpty(request.getIdentifyToken())) {
            throw new PicaException(AccountExceptionEnum.PICA_PARAMS_ERROR.getCode(),
                    AccountExceptionEnum.PICA_PARAMS_ERROR.getMessage());
        }
        //  identifyToken校验
-        if(!checkIdentifyToken(request.getIdentifyToken())){
+        if(!checkIdentifyToken(request)){
+            logger.info(JSON.toJSONString(request));
            throw new PicaException(
                    AccountExceptionEnum.PICA_APPLE_TOKEN_ERROR.getCode(),
                    AccountExceptionEnum.PICA_APPLE_TOKEN_ERROR.getMessage());
@@ -662,13 +653,14 @@ public class LoginServiceImpl implements LoginService {
     * @Params [identifyToekn]
     * @Return boolean false:未通过token校验，true:通过校验
     */
-    private boolean checkIdentifyToken(String identifyToken) {
+    private boolean checkIdentifyToken(BaseRequest request) {
+        String identifyToken = request.getIdentifyToken();
        logger.info("checkIdentifyToken-identifyToken:{}", identifyToken);
        //  向苹果后台获取公钥参数
        String appleResp = null;
        try {
-            appleResp = HttpClientUtil.getHttpExecute("https://appleid.apple.com/auth/keys");
-            logger.info("checkIdentifyToken-appleResp:{}", appleResp);
+            appleResp = HttpClientCloudUtils.getHttpExecute("https://appleid.apple.com/auth/keys");
+            //logger.info("checkIdentifyToken-appleResp:{}", appleResp);
        } catch (Exception e) {
            throw new PicaException("获取公钥失败", e.getMessage());
        }
@@ -676,7 +668,7 @@ public class LoginServiceImpl implements LoginService {
        String keys = jsonObject.getString("keys");
        JSONArray arr = JSONObject.parseArray(keys);
        JSONObject jsonObject1 = JSONObject.parseObject(arr.getString(0));
-        logger.info("checkIdentifyToken-jsonObject1:{}", jsonObject1);
+        //logger.info("checkIdentifyToken-jsonObject1:{}", jsonObject1);

        //  通过架包生成publicKey
        PublicKey publicKey;
@@ -688,10 +680,18 @@ public class LoginServiceImpl implements LoginService {
        }
        //  分割前台传过来的identifyToken（jwt格式的token）用base64解码使用
        if (identifyToken.split("\\.").length > 1) {
-            String claim = new String(Base64.decodeBase64(identifyToken.split("\\.")[1]));
-            logger.info("checkIdentifyToken-claim:{}", claim);
-            String aud = JSONObject.parseObject(claim).get("aud").toString();
-            String sub = JSONObject.parseObject(claim).get("sub").toString();
+            String aud;
+            String sub;
+            try {
+                String claim = new String(Base64.decodeBase64(identifyToken.split("\\.")[1]));
+                //logger.info("checkIdentifyToken-claim:{}", claim);
+                aud = JSONObject.parseObject(claim).get("aud").toString();
+                sub = JSONObject.parseObject(claim).get("sub").toString();
+                //  appleUserId从token中解码取出后赋值
+                request.setAppleUserId(sub);
+            } catch (Exception e) {
+                throw new PicaException("token格式错误", e.getMessage());
+            }
            return this.verify(publicKey, identifyToken, aud, sub);
        }
        return false;
@@ -712,9 +712,8 @@ public class LoginServiceImpl implements LoginService {
        jwtParser.requireSubject(subject);
        try {
            Jws<Claims> claim = jwtParser.parseClaimsJws(jwt);
-            logger.info("apple-verify-claim:{}", JSON.toJSONString(claim));
-            logger.info("apple-verify-claim.getBody:{}",
-                    JSON.toJSONString(claim.getBody()));
+            //logger.info("apple-verify-claim:{}", JSON.toJSONString(claim));
+            //logger.info("apple-verify-claim.getBody:{}", JSON.toJSONString(claim.getBody()));
            if (claim != null && claim.getBody().containsKey("auth_time")) {
                return true;
            }