Merge branch 'master' into group5-msg

2021-01-02 21:06:14 +08:00 · 2021-01-02 21:06:14 +08:00 · 076e0e97ef
parent 4a5da6eaf5 75ae49bfa9
commit 076e0e97ef
15 changed files with 376 additions and 300 deletions
--- a/kernel-a-rule/src/main/java/cn/stylefeng/roses/kernel/rule/pojo/request/BaseRequest.java
+++ b/kernel-a-rule/src/main/java/cn/stylefeng/roses/kernel/rule/pojo/request/BaseRequest.java
@ -99,34 +99,4 @@ public class BaseRequest implements Serializable {
    public @interface updateStatus {
    }

-    /**
-     * 预留组1，用来给特殊业务的参数校验用
-     */
-    public @interface groupOne {
-    }
-
-    /**
-     * 预留组2，用来给特殊业务的参数校验用
-     */
-    public @interface groupTwo {
-    }
-
-    /**
-     * 预留组3，用来给特殊业务的参数校验用
-     */
-    public @interface groupThree {
-    }
-
-    /**
-     * 预留组4，用来给特殊业务的参数校验用
-     */
-    public @interface groupFour {
-    }
-
-    /**
-     * 预留组5，用来给特殊业务的参数校验用
-     */
-    public @interface groupFive {
-    }
-
 }
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/constants/AuthConstants.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/constants/AuthConstants.java
@ -43,4 +43,9 @@ public interface AuthConstants {
     */
    String DEFAULT_PASSWORD = "123456";

+    /**
+     * auth模块，jwt的失效时间，默认7天
+     */
+    Long DEFAULT_AUTH_JWT_TIMEOUT_SECONDS = 3600L * 24 * 7;
+
 }
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/expander/AuthConfigExpander.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/expander/AuthConfigExpander.java
@ -1,5 +1,6 @@
 package cn.stylefeng.roses.kernel.auth.api.expander;

+import cn.hutool.core.util.RandomUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.stylefeng.roses.kernel.config.api.context.ConfigContext;

@ -31,12 +32,43 @@ public class AuthConfigExpander {
        }
    }

+    /**
+     * 用于auth校验的jwt的秘钥
+     *
+     * @author fengshuonan
+     * @date 2021/1/2 18:52
+     */
+    public static String getAuthJwtSecret() {
+        String sysJwtSecret = ConfigContext.me().getConfigValueNullable("SYS_AUTH_JWT_SECRET", String.class);
+
+        // 没配置就返回一个随机密码
+        if (sysJwtSecret == null) {
+            return RandomUtil.randomString(20);
+        } else {
+            return sysJwtSecret;
+        }
+    }
+
+    /**
+     * 用于auth模块权限校验的jwt失效时间
+     * <p>
+     * 这个时间也是“记住我”功能的过期时间，默认为7天
+     * <p>
+     * 如果登录的时候开启了“记住我”，则用户7天内免登录
+     *
+     * @author fengshuonan
+     * @date 2021/1/2 18:53
+     */
+    public static Long getAuthJwtTimeoutSeconds() {
+        return ConfigContext.me().getSysConfigValueWithDefault("SYS_AUTH_JWT_TIMEOUT_SECONDS", Long.class, DEFAULT_AUTH_JWT_TIMEOUT_SECONDS);
+    }
+
    /**
     * 获取session过期时间，默认3600秒
     * <p>
     * 在这个时段内不操作，会将用户踢下线，从新登陆
     * <p>
-     * 关于记住我功能，如果开启了记住我功能，这个参数
+     * 如果开启了记住我功能，在session过期后会从新创建session
     *
     * @author fengshuonan
     * @date 2020/10/20 9:32
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java
@ -146,7 +146,7 @@ public class AuthServiceImpl implements AuthServiceApi {
        // 3. 获取用户密码的加密值和用户的状态
        UserLoginInfoDTO userValidateInfo = userServiceApi.getUserLoginInfo(loginRequest.getAccount());

-        // 4. 校验用户密码是否正确(BCrypt算法)
+        // 4. 校验用户密码是否正确
        if (validatePassword) {
            Boolean checkResult = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), userValidateInfo.getUserPasswordHexed());
            if (!checkResult) {
--- a/kernel-d-auth/auth-spring-boot-starter/pom.xml
+++ b/kernel-d-auth/auth-spring-boot-starter/pom.xml
@ -31,6 +31,13 @@
            <version>1.0.0</version>
        </dependency>

+        <!--jwt的sdk-->
+        <dependency>
+            <groupId>cn.stylefeng.roses</groupId>
+            <artifactId>jwt-sdk</artifactId>
+            <version>1.0.0</version>
+        </dependency>
+
    </dependencies>

    <build>
--- a/kernel-d-auth/auth-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/auth/starter/GunsAuthAutoConfiguration.java
+++ b/kernel-d-auth/auth-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/auth/starter/GunsAuthAutoConfiguration.java
@ -15,6 +15,9 @@ import cn.stylefeng.roses.kernel.auth.session.cache.logintoken.MemoryLoginTokenC
 import cn.stylefeng.roses.kernel.auth.session.cache.loginuser.MemoryLoginUserCache;
 import cn.stylefeng.roses.kernel.auth.session.cookie.DefaultSessionCookieCreator;
 import cn.stylefeng.roses.kernel.cache.api.constants.CacheConstants;
+import cn.stylefeng.roses.kernel.jwt.JwtTokenOperator;
+import cn.stylefeng.roses.kernel.jwt.api.JwtApi;
+import cn.stylefeng.roses.kernel.jwt.api.pojo.config.JwtConfig;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@ -32,14 +35,22 @@ import java.util.Set;
 public class GunsAuthAutoConfiguration {

    /**
-     * Bcrypt方式的密码加密
+     * jwt操作工具类的配置
     *
     * @author fengshuonan
-     * @date 2020/12/21 17:45
+     * @date 2020/12/1 14:40
     */
    @Bean
-    public PasswordStoredEncryptApi passwordStoredEncryptApi() {
-        return new BcryptPasswordStoredEncrypt();
+    @ConditionalOnMissingBean(SessionManagerApi.class)
+    public JwtApi jwtApi() {
+
+        JwtConfig jwtConfig = new JwtConfig();
+
+        // 从系统配置表中读取配置
+        jwtConfig.setJwtSecret(AuthConfigExpander.getAuthJwtSecret());
+        jwtConfig.setExpiredSeconds(AuthConfigExpander.getAuthJwtTimeoutSeconds());
+
+        return new JwtTokenOperator(jwtConfig);
    }

    /**
@ -49,6 +60,19 @@ public class GunsAuthAutoConfiguration {
     * @date 2020/12/21 17:45
     */
    @Bean
+    @ConditionalOnMissingBean(SessionManagerApi.class)
+    public PasswordStoredEncryptApi passwordStoredEncryptApi() {
+        return new BcryptPasswordStoredEncrypt();
+    }
+
+    /**
+     * RSA方式密码加密传输
+     *
+     * @author fengshuonan
+     * @date 2020/12/21 17:45
+     */
+    @Bean
+    @ConditionalOnMissingBean(SessionManagerApi.class)
    public PasswordTransferEncryptApi passwordTransferEncryptApi() {
        String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCytSVn3ff7eBJckAFYwgJjqE9Zq2uAL4g+hkfQqGALdT8NJKALFxNzeSD/xTBLAJrtALWbN1dvyktoVNPAuuzCZO1BxYZNaAU3IKFaj73OSPzca5SGY0ibMw0KvEPkC3sZQeqBqx+VqYAqan90BeG/r9p36Eb0wrshj5XmsFeo6QIDAQAB";
        String privateKey = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALK1JWfd9/t4ElyQAVjCAmOoT1mra4AviD6GR9CoYAt1Pw0koAsXE3N5IP/FMEsAmu0AtZs3V2/KS2hU08C67MJk7UHFhk1oBTcgoVqPvc5I/NxrlIZjSJszDQq8Q+QLexlB6oGrH5WpgCpqf3QF4b+v2nfoRvTCuyGPleawV6jpAgMBAAECgYBS9fUfetQcUWl0vwVhBu/FA+WSYxnMsEQ3gm7kVsX/i7Zxi4cgnt3QxXKkSg5ZQzaov6OPIuncY7UOAhMrbZtq/Hh8atdTVC/Ng/X9Bomodplq/+KTe/vIfWW5rlQAnMNFVaidxhCVRlRHNusapmj2vYwsiyI9kXUJNHryxtFC4QJBANtQuh3dtd79t3MVaC3TUD/EsGBe9TB3Eykbgv0muannC2Oq8Ci4vIp0NSA+FNCoB8ctgfKJUdBS8RLVnYyu3RcCQQDQmY+AuAXEpO9SgcYeRnQSOU2OSuC1wLt1MRVpPTdvE3bfRnkVxMrK0n3YilQWkQzfkERSG4kRFLIw605xPWn/AkEAiw3vQ9p8Yyu5MiXDjTKrchMyxZfPnHATXQANmJcCJ0DQDtymMxuWp66wtIXIStgPPnGTMAVzM0Qzh/6bS0Tf9wJAWj+1yFjVlghNyoJ+9qZAnYnRNhjLM5dZAxDjVI65pwLi0SKqTHLB0hJThBYE32aODUNba7KiEJPFrEiBvZh2fQJARbboHuHT0PqD1UTJGgodHlaw48kreBU+twext/9/jIqvwmFF88BmQgssHGW/tn4E6Qy3+rCCNWreEReY0gATYw==";
@ -62,6 +86,7 @@ public class GunsAuthAutoConfiguration {
     * @date 2020/12/27 15:48
     */
    @Bean
+    @ConditionalOnMissingBean(SessionManagerApi.class)
    public SessionCookieCreator sessionCookieCreator() {
        return new DefaultSessionCookieCreator();
    }
--- a/kernel-d-timer/timer-business/src/main/java/cn/stylefeng/roses/kernel/timer/modular/controller/SysTimersController.java
+++ b/kernel-d-timer/timer-business/src/main/java/cn/stylefeng/roses/kernel/timer/modular/controller/SysTimersController.java
@ -3,7 +3,6 @@ package cn.stylefeng.roses.kernel.timer.modular.controller;
 import cn.stylefeng.roses.kernel.resource.api.annotation.ApiResource;
 import cn.stylefeng.roses.kernel.resource.api.annotation.GetResource;
 import cn.stylefeng.roses.kernel.resource.api.annotation.PostResource;
-import cn.stylefeng.roses.kernel.rule.pojo.request.BaseRequest;
 import cn.stylefeng.roses.kernel.rule.pojo.response.ResponseData;
 import cn.stylefeng.roses.kernel.rule.pojo.response.SuccessResponseData;
 import cn.stylefeng.roses.kernel.timer.modular.param.SysTimersParam;
@ -71,7 +70,7 @@ public class SysTimersController {
     * @date 2020/7/1 14:34
     */
    @PostResource(name = "启动定时任务", path = "/sysTimers/start")
-    public ResponseData start(@RequestBody @Validated(BaseRequest.groupOne.class) SysTimersParam sysTimersParam) {
+    public ResponseData start(@RequestBody @Validated(SysTimersParam.startTimer.class) SysTimersParam sysTimersParam) {
        sysTimersService.start(sysTimersParam);
        return new SuccessResponseData();
    }
@ -83,7 +82,7 @@ public class SysTimersController {
     * @date 2020/7/1 14:34
     */
    @PostResource(name = "停止定时任务", path = "/sysTimers/stop")
-    public ResponseData stop(@RequestBody @Validated(BaseRequest.groupOne.class) SysTimersParam sysTimersParam) {
+    public ResponseData stop(@RequestBody @Validated(SysTimersParam.stopTimer.class) SysTimersParam sysTimersParam) {
        sysTimersService.stop(sysTimersParam);
        return new SuccessResponseData();
    }
--- a/kernel-d-timer/timer-business/src/main/java/cn/stylefeng/roses/kernel/timer/modular/param/SysTimersParam.java
+++ b/kernel-d-timer/timer-business/src/main/java/cn/stylefeng/roses/kernel/timer/modular/param/SysTimersParam.java
@ -20,7 +20,7 @@ public class SysTimersParam extends BaseRequest {
    /**
     * 定时器id
     */
-    @NotNull(message = "主键timerId不能为空", groups = {edit.class, detail.class, delete.class, groupOne.class})
+    @NotNull(message = "主键timerId不能为空", groups = {edit.class, detail.class, delete.class, startTimer.class, stopTimer.class})
    private Long timerId;

    /**
@ -51,4 +51,16 @@ public class SysTimersParam extends BaseRequest {
     */
    private String remark;

+    /**
+     * 启用定时任务
+     */
+    public @interface startTimer {
+    }
+
+    /**
+     * 停止定时任务
+     */
+    public @interface stopTimer {
+    }
+
 }
--- a/kernel-s-system/_sql/system.sql
+++ b/kernel-s-system/_sql/system.sql
--- a/kernel-s-system/system-api/src/main/java/cn/stylefeng/roses/kernel/system/exception/enums/SysUserExceptionEnum.java
+++ b/kernel-s-system/system-api/src/main/java/cn/stylefeng/roses/kernel/system/exception/enums/SysUserExceptionEnum.java
@ -51,12 +51,12 @@ public enum SysUserExceptionEnum implements AbstractExceptionEnum {
    /**
     * 原密码错误
     */
-    USER_PWD_ERROR(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + SystemConstants.SYSTEM_EXCEPTION_STEP_CODE + "53", "原密码错误，请检查password参数"),
+    USER_PWD_ERROR(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + SystemConstants.SYSTEM_EXCEPTION_STEP_CODE + "53", "原密码错误，请重新输入"),

    /**
     * 新密码与原密码相同
     */
-    USER_PWD_REPEAT(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + SystemConstants.SYSTEM_EXCEPTION_STEP_CODE + "54", "新密码与原密码相同，请检查newPassword参数"),
+    USER_PWD_REPEAT(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + SystemConstants.SYSTEM_EXCEPTION_STEP_CODE + "54", "新密码与原密码相同，请更换新密码"),

    /**
     * 不能删除超级管理员
--- a/kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/SysUserController.java
+++ b/kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/controller/SysUserController.java
@ -1,5 +1,7 @@
 package cn.stylefeng.roses.kernel.system.modular.user.controller;

+import cn.stylefeng.roses.kernel.auth.api.context.LoginContext;
+import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
 import cn.stylefeng.roses.kernel.resource.api.annotation.ApiResource;
 import cn.stylefeng.roses.kernel.resource.api.annotation.GetResource;
 import cn.stylefeng.roses.kernel.resource.api.annotation.PostResource;
@ -58,12 +60,12 @@ public class SysUserController {
    }

    /**
-     * 更新信息
+     * 更新用户个人信息
     *
     * @author luojie
     * @date 2020/11/6 13:50
     */
-    @PostResource(name = "系统用户_更新信息", path = "/sysUser/updateInfo")
+    @PostResource(name = "系统用户_更新个人信息", path = "/sysUser/updateInfo")
    public ResponseData updateInfo(@RequestBody @Validated(SysUserRequest.updateInfo.class) SysUserRequest sysUserRequest) {
        sysUserService.updateInfo(sysUserRequest);
        return new SuccessResponseData();
@ -87,9 +89,9 @@ public class SysUserController {
     * @author luojie
     * @date 2020/11/6 13:50
     */
-    @PostResource(name = "系统用户_修改密码", path = "/sysUser/updatePwd")
+    @PostResource(name = "系统用户_修改密码", path = "/sysUser/updatePassword")
    public ResponseData updatePwd(@RequestBody @Validated(SysUserRequest.updatePwd.class) SysUserRequest sysUserRequest) {
-        sysUserService.updatePwd(sysUserRequest);
+        sysUserService.updatePassword(sysUserRequest);
        return new SuccessResponseData();
    }

@ -101,7 +103,7 @@ public class SysUserController {
     */
    @PostResource(name = "系统用户_重置密码", path = "/sysUser/resetPwd")
    public ResponseData resetPwd(@RequestBody @Validated(SysUserRequest.resetPwd.class) SysUserRequest sysUserRequest) {
-        sysUserService.resetPwd(sysUserRequest);
+        sysUserService.resetPassword(sysUserRequest);
        return new SuccessResponseData();
    }

@ -223,4 +225,19 @@ public class SysUserController {
        sysUserService.export(response);
    }

+    /**
+     * 获取当前登录用户的信息
+     *
+     * @author fengshuonan
+     * @date 2021/1/1 19:01
+     */
+    @GetResource(name = "获取当前登录用户的信息", path = "/sysUser/currentUserInfo", requiredPermission = false)
+    public ResponseData currentUserInfo() {
+        LoginUser loginUser = LoginContext.me().getLoginUser();
+
+        SysUserRequest sysUserRequest = new SysUserRequest();
+        sysUserRequest.setUserId(loginUser.getUserId());
+        return new SuccessResponseData(sysUserService.detail(sysUserRequest));
+    }
+
 }
--- a/kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/factory/SysUserCreateFactory.java
+++ b/kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/factory/SysUserCreateFactory.java
@ -2,8 +2,9 @@ package cn.stylefeng.roses.kernel.system.modular.user.factory;

 import cn.hutool.core.date.DateUtil;
 import cn.hutool.core.util.ObjectUtil;
-import cn.hutool.crypto.digest.BCrypt;
+import cn.hutool.extra.spring.SpringUtil;
 import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
+import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi;
 import cn.stylefeng.roses.kernel.rule.enums.SexEnum;
 import cn.stylefeng.roses.kernel.rule.enums.YesOrNotEnum;
 import cn.stylefeng.roses.kernel.system.enums.UserStatusEnum;
@ -33,12 +34,13 @@ public class SysUserCreateFactory {
        sysUser.setStatusFlag(UserStatusEnum.ENABLE.getCode());

        // 密码为空则设置为默认密码
+        PasswordStoredEncryptApi passwordStoredEncryptApi = SpringUtil.getBean(PasswordStoredEncryptApi.class);
        if (ObjectUtil.isEmpty(sysUser.getPassword())) {
            String defaultPassword = AuthConfigExpander.getDefaultPassWord();
-            sysUser.setPassword(BCrypt.hashpw(defaultPassword, BCrypt.gensalt()));
+            sysUser.setPassword(passwordStoredEncryptApi.encrypt(defaultPassword));
        } else {
            // 密码不为空，则将密码加密存储到库中
-            sysUser.setPassword(BCrypt.hashpw(sysUser.getPassword(), BCrypt.gensalt()));
+            sysUser.setPassword(passwordStoredEncryptApi.encrypt(sysUser.getPassword()));
        }

        // 用户头像为空
@ -76,21 +78,20 @@ public class SysUserCreateFactory {
     */
    public static void fillUpdateInfo(SysUserRequest sysUserRequest, SysUser sysUser) {

-        // 填充头像
-        sysUser.setAvatar(sysUserRequest.getAvatar());
-
-        // 生日
-        sysUser.setBirthday(DateUtil.parse(sysUserRequest.getBirthday()));
-
        // 性别（M-男，F-女）
        sysUser.setSex(sysUserRequest.getSex());

        // 邮箱
        sysUser.setEmail(sysUserRequest.getEmail());

+        // 姓名
+        sysUser.setRealName(sysUserRequest.getRealName());
+
+        // 生日
+        sysUser.setBirthday(DateUtil.parse(sysUserRequest.getBirthday()));
+
        // 手机
        sysUser.setPhone(sysUserRequest.getPhone());
-
    }

 }
--- a/kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/pojo/request/SysUserRequest.java
+++ b/kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/pojo/request/SysUserRequest.java
@ -26,7 +26,7 @@ public class SysUserRequest extends BaseRequest {
    /**
     * 主键
     */
-    @NotNull(message = "userId不能为空", groups = {edit.class, delete.class, detail.class, start.class, stop.class, grantRole.class, grantData.class, updateInfo.class, updatePwd.class, resetPwd.class, changeStatus.class, updateAvatar.class})
+    @NotNull(message = "userId不能为空", groups = {edit.class, delete.class, detail.class, grantRole.class, grantData.class, updateInfo.class, resetPwd.class, changeStatus.class, updateAvatar.class})
    private Long userId;

    /**
@ -62,7 +62,7 @@ public class SysUserRequest extends BaseRequest {
    /**
     * 姓名
     */
-    @NotBlank(message = "姓名不能为空", groups = {add.class, edit.class})
+    @NotBlank(message = "姓名不能为空", groups = {add.class, edit.class, updateInfo.class})
    private String realName;

    /**
@ -74,7 +74,7 @@ public class SysUserRequest extends BaseRequest {
    /**
     * 生日
     */
-    @DateValue(message = "生日格式不正确，请检查birthday参数", groups = {add.class, edit.class, updateInfo.class})
+    @DateValue(message = "生日格式不正确，请检查birthday参数", groups = {add.class, edit.class})
    private String birthday;

    /**
@ -92,8 +92,8 @@ public class SysUserRequest extends BaseRequest {
    /**
     * 手机
     */
-    @NotNull(message = "手机号码不能为空，请检查phone参数", groups = {add.class, edit.class, updateInfo.class})
-    @Size(min = 11, max = 11, message = "手机号码格式错误，请检查手机是否是11位", groups = {add.class, edit.class, updateInfo.class})
+    @NotNull(message = "手机号码不能为空，请检查phone参数", groups = {add.class, edit.class})
+    @Size(min = 11, max = 11, message = "手机号码格式错误，请检查手机是否是11位", groups = {add.class, edit.class})
    private String phone;

    /**
@ -136,63 +136,54 @@ public class SysUserRequest extends BaseRequest {
     * 参数校验分组：修改密码
     */
    public @interface updatePwd {
-
    }

    /**
     * 参数校验分组：重置密码
     */
    public @interface resetPwd {
-
    }

    /**
     * 参数校验分组：修改头像
     */
    public @interface updateAvatar {
-
    }

    /**
     * 参数校验分组：停用
     */
    public @interface stop {
-
    }

    /**
     * 参数校验分组：启用
     */
    public @interface start {
-
    }

    /**
     * 参数校验分组：更新信息
     */
    public @interface updateInfo {
-
    }

    /**
     * 参数校验分组：授权角色
     */
    public @interface grantRole {
-
    }

    /**
     * 参数校验分组：授权数据
     */
    public @interface grantData {
-
    }

    /**
     * 参数校验分组：修改状态
     */
    public @interface changeStatus {
-
    }

 }
--- a/kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/service/SysUserService.java
+++ b/kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/service/SysUserService.java
@ -62,7 +62,7 @@ public interface SysUserService extends IService<SysUser>, UserServiceApi {
     * @author fengshuonan
     * @date 2020/11/21 14:26
     */
-    void updatePwd(SysUserRequest sysUserRequest);
+    void updatePassword(SysUserRequest sysUserRequest);

    /**
     * 重置密码
@ -71,7 +71,7 @@ public interface SysUserService extends IService<SysUser>, UserServiceApi {
     * @author luojie
     * @date 2020/11/6 13:47
     */
-    void resetPwd(SysUserRequest sysUserRequest);
+    void resetPassword(SysUserRequest sysUserRequest);

    /**
     * 修改头像
--- a/kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/service/impl/SysUserServiceImpl.java
+++ b/kernel-s-system/system-business-user/src/main/java/cn/stylefeng/roses/kernel/system/modular/user/service/impl/SysUserServiceImpl.java
@ -2,8 +2,10 @@ package cn.stylefeng.roses.kernel.system.modular.user.service.impl;

 import cn.hutool.core.bean.BeanUtil;
 import cn.hutool.core.util.ObjectUtil;
-import cn.hutool.crypto.digest.BCrypt;
+import cn.stylefeng.roses.kernel.auth.api.context.LoginContext;
 import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
+import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi;
+import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
 import cn.stylefeng.roses.kernel.db.api.factory.PageFactory;
 import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory;
 import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult;
@ -86,6 +88,9 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
    @Resource
    private FileInfoApi fileInfoApi;

+    @Resource
+    private PasswordStoredEncryptApi passwordStoredEncryptApi;
+
    @Override
    @Transactional(rollbackFor = Exception.class)
    public void add(SysUserRequest sysUserRequest) {
@ -172,7 +177,12 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
    }

    @Override
-    public void updatePwd(SysUserRequest sysUserRequest) {
+    public void updatePassword(SysUserRequest sysUserRequest) {
+
+        // 获取当前用户的userId
+        LoginUser loginUser = LoginContext.me().getLoginUser();
+        sysUserRequest.setUserId(loginUser.getUserId());
+
        SysUser sysUser = this.querySysUser(sysUserRequest);

        // 新密码与原密码相同
@ -181,21 +191,21 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
        }

        // 原密码错误
-        if (!BCrypt.checkpw(sysUserRequest.getPassword(), sysUser.getPassword())) {
+        if (!passwordStoredEncryptApi.checkPassword(sysUserRequest.getPassword(), sysUser.getPassword())) {
            throw new SystemModularException(SysUserExceptionEnum.USER_PWD_ERROR);
        }

-        sysUser.setPassword(BCrypt.hashpw(sysUserRequest.getNewPassword(), BCrypt.gensalt()));
+        sysUser.setPassword(passwordStoredEncryptApi.encrypt(sysUserRequest.getNewPassword()));
        this.updateById(sysUser);
    }

    @Override
-    public void resetPwd(SysUserRequest sysUserRequest) {
+    public void resetPassword(SysUserRequest sysUserRequest) {
        SysUser sysUser = this.querySysUser(sysUserRequest);

        // 获取系统配置的默认密码
        String password = AuthConfigExpander.getDefaultPassWord();
-        sysUser.setPassword(BCrypt.hashpw(password, BCrypt.gensalt()));
+        sysUser.setPassword(passwordStoredEncryptApi.encrypt(password));

        this.updateById(sysUser);
    }