Merge branch 'dev' of https://gitee.com/septemyang/RuoYi into bo_dev

box-test/src/main/java/com/ruoyi/test/conrtroller/WechatApiController.java

@@ -2,6 +2,7 @@ package com.ruoyi.test.conrtroller;
 
 import com.alibaba.fastjson.JSON;
 import com.ruoyi.common.core.controller.BaseController;
+import com.ruoyi.common.utils.ShiroUtils;
 import com.ruoyi.system.service.IWechatApiService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
@@ -46,9 +47,13 @@ public class WechatApiController extends BaseController {
     @ResponseBody
     public Map<String, String> SendTextMessageToWechatUser() {
         List<String> userIdList = new ArrayList<>();
-        userIdList.add("2342343243");
+        userIdList.add("2342343243");//错误userId示例
-        userIdList.add("erqrqwe");
+        userIdList.add("erqrqwe");//错误userId示例
+        userIdList.add("");    //空UserId示例
         userIdList.add("359");
+        if(!ShiroUtils.getUserId().equals("359")){
+        userIdList.add(String.valueOf(ShiroUtils.getUserId()));
+        }
         Map<String, String> resultMap = wechatApiService.SendTextMessageToWechatUser(userIdList,"<a href=\"www.baidu.com\">哈哈哈！</a>");
         return resultMap;
     }
@@ -57,11 +62,15 @@ public class WechatApiController extends BaseController {
     @ResponseBody
     public Map<String, String> SendTextCardMessageToWechatUser() {
         List<String> userIdList = new ArrayList<>();
-        userIdList.add("23456667");
+        userIdList.add("23456667");   //错误userId示例
-        userIdList.add("355354354");
+        userIdList.add("355354354");  //错误userId示例
+        userIdList.add("");    //空UserId示例
         userIdList.add("359");
-        userIdList.add("454");
+        //userIdList.add("454");
-        userIdList.add("408");
+        //userIdList.add("408");
+        if(!ShiroUtils.getUserId().equals("359")){
+            userIdList.add(String.valueOf(ShiroUtils.getUserId()));
+        }
         String title="号外：特大优惠！限时抢购";
         String description="今年仅此一次，苹果手机1000元起！欢迎前来购买！走过路过，不要错过！";
         String dtailUrl="https://item.jd.com/100008348530.html";

pom.xml

@@ -26,7 +26,7 @@
         <mybatis-spring-boot.version>2.1.4</mybatis-spring-boot.version>
         <pagehelper.boot.version>1.3.1</pagehelper.boot.version>
         <fastjson.version>1.2.76</fastjson.version>
-        <oshi.version>5.7.5</oshi.version>
+        <oshi.version>5.8.0</oshi.version>
         <jna.version>5.8.0</jna.version>
         <commons.io.version>2.10.0</commons.io.version>
         <commons.fileupload.version>1.4</commons.fileupload.version>

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java

@@ -38,17 +38,15 @@ public class SysLoginController extends BaseController
             String code= request.getParameter("code");
             //String state = request.getParameter("state");
             String username=wechatApiService.GetLoginNameWithWechatCode(code);
-            //如果没有获取到用户名，说明验证失败，跳转登录页
+            //如果没有获取到登录名，说明验证失败，跳转登录页
             if(StringUtils.isEmpty(username)){
                return "login";
             }
 
             String password="";
-            Boolean rememberMe=true;
             map.put("loginType","wechat");
             map.put("username",username);
             map.put("password",password);
-
             return "loginwechat";
 
 

ruoyi-admin/src/main/resources/application.yml

@@ -88,7 +88,6 @@ mybatis:
 # PageHelper分页插件
 pagehelper: 
   helperDialect: mysql
-  reasonable: true
   supportMethodsArguments: true
   params: count=countSql 
 

ruoyi-admin/src/main/resources/templates/loginwechat.html

@@ -51,7 +51,7 @@
     var loginType = [[${loginType}]];
     var username = [[${username}]];
     var password = [[${password}]];
-    var rememberMe = "true";
+    var rememberMe = true;
 
     $(function () {
         if (loginType == 'wechat') {

ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java

@@ -17,6 +17,16 @@ public class Constants
      */
     public static final String GBK = "GBK";
 
+    /**
+     * http请求
+     */
+    public static final String HTTP = "http://";
+
+    /**
+     * https请求
+     */
+    public static final String HTTPS = "https://";
+
     /**
      * 通用成功标识
      */

ruoyi-common/src/main/java/com/ruoyi/common/utils/StringUtils.java

@@ -1,7 +1,13 @@
 package com.ruoyi.common.utils;
 
+import java.util.ArrayList;
 import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
 import java.util.Map;
+import java.util.Set;
+import org.springframework.util.AntPathMatcher;
+import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.core.text.StrFormatter;
 
 /**
@@ -256,6 +262,91 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
         return StrFormatter.format(template, params);
     }
 
+    /**
+     * 是否为http(s)://开头
+     * 
+     * @param link 链接
+     * @return 结果
+     */
+    public static boolean ishttp(String link)
+    {
+        return StringUtils.startsWithAny(link, Constants.HTTP, Constants.HTTPS);
+    }
+
+    /**
+     * 字符串转set
+     * 
+     * @param str 字符串
+     * @param sep 分隔符
+     * @return set集合
+     */
+    public static final Set<String> str2Set(String str, String sep)
+    {
+        return new HashSet<String>(str2List(str, sep, true, false));
+    }
+
+    /**
+     * 字符串转list
+     * 
+     * @param str 字符串
+     * @param sep 分隔符
+     * @param filterBlank 过滤纯空白
+     * @param trim 去掉首尾空白
+     * @return list集合
+     */
+    public static final List<String> str2List(String str, String sep, boolean filterBlank, boolean trim)
+    {
+        List<String> list = new ArrayList<String>();
+        if (StringUtils.isEmpty(str))
+        {
+            return list;
+        }
+
+        // 过滤空白字符串
+        if (filterBlank && StringUtils.isBlank(str))
+        {
+            return list;
+        }
+        String[] split = str.split(sep);
+        for (String string : split)
+        {
+            if (filterBlank && StringUtils.isBlank(string))
+            {
+                continue;
+            }
+            if (trim)
+            {
+                string = string.trim();
+            }
+            list.add(string);
+        }
+
+        return list;
+    }
+
+    /**
+     * 查找指定字符串是否包含指定字符串列表中的任意一个字符串同时串忽略大小写
+     *
+     * @param cs 指定字符串
+     * @param searchCharSequences 需要检查的字符串数组
+     * @return 是否包含任意一个字符串
+     */
+    public static boolean containsAnyIgnoreCase(CharSequence cs, CharSequence... searchCharSequences)
+    {
+        if (isEmpty(cs) || isEmpty(searchCharSequences))
+        {
+            return false;
+        }
+        for (CharSequence testStr : searchCharSequences)
+        {
+            if (containsIgnoreCase(cs, testStr))
+            {
+                return true;
+            }
+        }
+        return false;
+    }
+
     /**
      * 驼峰转下划线命名
      */
@@ -301,6 +392,7 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
             }
             sb.append(Character.toLowerCase(c));
         }
+
         return sb.toString();
     }
 
@@ -400,6 +492,45 @@ public class StringUtils extends org.apache.commons.lang3.StringUtils
         return sb.toString();
     }
 
+    /**
+     * 查找指定字符串是否匹配指定字符串列表中的任意一个字符串
+     * 
+     * @param str 指定字符串
+     * @param strs 需要检查的字符串数组
+     * @return 是否匹配
+     */
+    public static boolean matches(String str, List<String> strs)
+    {
+        if (isEmpty(str) || isEmpty(strs))
+        {
+            return false;
+        }
+        for (String pattern : strs)
+        {
+            if (isMatch(pattern, str))
+            {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 判断url是否与规则配置: 
+     * ? 表示单个字符; 
+     * * 表示一层路径内的任意字符串，不可跨层级; 
+     * ** 表示任意层路径;
+     * 
+     * @param pattern 匹配规则
+     * @param url 需要匹配的url
+     * @return
+     */
+    public static boolean isMatch(String pattern, String url)
+    {
+        AntPathMatcher matcher = new AntPathMatcher();
+        return matcher.match(pattern, url);
+    }
+
     @SuppressWarnings("unchecked")
     public static <T> T cast(Object obj)
     {

ruoyi-common/src/main/java/com/ruoyi/common/xss/XssFilter.java

@@ -3,8 +3,6 @@ package com.ruoyi.common.xss;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -27,16 +25,10 @@ public class XssFilter implements Filter
      */
     public List<String> excludes = new ArrayList<>();
 
-    /**
-     * xss过滤开关
-     */
-    public boolean enabled = false;
-
     @Override
     public void init(FilterConfig filterConfig) throws ServletException
     {
         String tempExcludes = filterConfig.getInitParameter("excludes");
-        String tempEnabled = filterConfig.getInitParameter("enabled");
         if (StringUtils.isNotEmpty(tempExcludes))
         {
             String[] url = tempExcludes.split(",");
@@ -45,10 +37,6 @@ public class XssFilter implements Filter
                 excludes.add(url[i]);
             }
         }
-        if (StringUtils.isNotEmpty(tempEnabled))
-        {
-            enabled = Boolean.valueOf(tempEnabled);
-        }
     }
 
     @Override
@@ -68,25 +56,14 @@ public class XssFilter implements Filter
 
     private boolean handleExcludeURL(HttpServletRequest request, HttpServletResponse response)
     {
-        if (!enabled)
+        String url = request.getServletPath();
+        String method = request.getMethod();
+        // GET DELETE 不过滤
+        if (method == null || method.matches("GET") || method.matches("DELETE"))
         {
             return true;
         }
-        if (excludes == null || excludes.isEmpty())
+        return StringUtils.matches(url, excludes);
-        {
-            return false;
-        }
-        String url = request.getServletPath();
-        for (String pattern : excludes)
-        {
-            Pattern p = Pattern.compile("^" + pattern);
-            Matcher m = p.matcher(url);
-            if (m.find())
-            {
-                return true;
-            }
-        }
-        return false;
     }
 
     @Override

ruoyi-framework/src/main/java/com/ruoyi/framework/config/FilterConfig.java

@@ -4,6 +4,7 @@ import java.util.HashMap;
 import java.util.Map;
 import javax.servlet.DispatcherType;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -16,11 +17,9 @@ import com.ruoyi.common.xss.XssFilter;
  * @author ruoyi
  */
 @Configuration
+@ConditionalOnProperty(value = "xss.enabled", havingValue = "true")
 public class FilterConfig
 {
-    @Value("${xss.enabled}")
-    private String enabled;
-
     @Value("${xss.excludes}")
     private String excludes;
 
@@ -36,10 +35,9 @@ public class FilterConfig
         registration.setFilter(new XssFilter());
         registration.addUrlPatterns(StringUtils.split(urlPatterns, ","));
         registration.setName("xssFilter");
-        registration.setOrder(Integer.MAX_VALUE);
+        registration.setOrder(FilterRegistrationBean.HIGHEST_PRECEDENCE);
         Map<String, String> initParameters = new HashMap<String, String>();
         initParameters.put("excludes", excludes);
-        initParameters.put("enabled", enabled);
         registration.setInitParameters(initParameters);
         return registration;
     }

ruoyi-generator/src/main/resources/vm/html/add.html.vm

@@ -238,6 +238,7 @@
         $(function() {
             $('.summernote').summernote({
                 lang: 'zh-CN',
+                dialogsInBody: true,
                 callbacks: {
                     onChange: function(contents, $edittable) {
                         $("input[name='" + this.id + "']").val(contents);

ruoyi-generator/src/main/resources/vm/html/edit.html.vm

@@ -245,6 +245,7 @@
             $('.summernote').each(function(i) {
                 $('#' + this.id).summernote({
                     lang: 'zh-CN',
+                    dialogsInBody: true,
                     callbacks: {
                         onChange: function(contents, $edittable) {
                             $("input[name='" + this.id + "']").val(contents);

ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java

@@ -137,7 +137,11 @@ public class SysJobController extends BaseController
         }
         else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI))
         {
-            return AjaxResult.error("新增任务'" + job.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
+            return error("新增任务'" + job.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
+        }
+        else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
+        {
+            return error("新增任务'" + job.getJobName() + "'失败，目标字符串不允许'http(s)//'调用");
         }
         return toAjax(jobService.insertJob(job));
     }
@@ -167,7 +171,11 @@ public class SysJobController extends BaseController
         }
         else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI))
         {
-            return AjaxResult.error("修改任务'" + job.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
+            return error("修改任务'" + job.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
+        }
+        else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
+        {
+            return error("修改任务'" + job.getJobName() + "'失败，目标字符串不允许'http(s)//'调用");
         }
         return toAjax(jobService.updateJob(job));
     }

ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java

@@ -233,7 +233,7 @@ public class SysDeptServiceImpl implements ISysDeptService
             updateDeptChildren(dept.getDeptId(), newAncestors, oldAncestors);
         }
         int result = deptMapper.updateDept(dept);
-        if (UserConstants.DEPT_NORMAL.equals(dept.getStatus()))
+        if (UserConstants.DEPT_NORMAL.equals(dept.getStatus()) && StringUtils.isNotEmpty(dept.getAncestors()))
         {
             // 如果该部门是启用状态，则启用该部门的所有上级部门
             updateParentDeptStatusNormal(dept);

ruoyi-system/src/main/java/com/ruoyi/system/service/impl/WechatApiServiceImpl.java

@@ -112,12 +112,19 @@ public class WechatApiServiceImpl implements IWechatApiService {
     @Override
     public String GetLoginNameWithWechatCode(String code)
     {
+        if(StringUtils.isEmpty(code)){
+            return "";
+        }
         //获取访问用户身份ID
         String userId= GetUseridByWechatLogin(code);
-
+        if(StringUtils.isEmpty(userId)){
+            return "";
+        }
         //获取用户邮箱与姓名
         WechatUserInfo wechatUserInfo = GetWechatUserInfoDetailByUserId(userId);
-
+        if (null==wechatUserInfo || null==wechatUserInfo.getName()){
+            return "";
+        }
         //根据用户id+邮箱名+用户名匹配本地用户对应的userId+邮箱名与用户名
         SysUser sysUserWechat=new SysUser();
         sysUserWechat.setUserId(Long.parseLong(wechatUserInfo.getUserid()));
@@ -131,7 +138,7 @@ public class WechatApiServiceImpl implements IWechatApiService {
             return ""; //系统里没有用户，没有从OA同步？ 处理逻辑待定
         }
         if(count > 1){
-            return ""; //本地数据库存在多个姓名与邮箱相同的记录，如何处理？？
+            return ""; //本地数据库存在多个姓名与邮箱相同的记录，如何处理？？--加上了sysUserWechat.setUserId(Long.parseLong(wechatUserInfo.getUserid()));，不存在这种情况了。
         }
         String loginName= userList.get(0).getLoginName();
       return loginName;