【7.0.4】【c】增加c端用户密码校验逻辑

2021-07-06 23:00:38 +08:00 · 2021-07-06 23:00:38 +08:00 · 112c21826b
parent 22a387dc3b
commit 112c21826b
2 changed files with 16 additions and 9 deletions
--- a/kernel-s-customer/customer-api/src/main/java/cn/stylefeng/roses/kernel/customer/api/constants/CustomerConstants.java
+++ b/kernel-s-customer/customer-api/src/main/java/cn/stylefeng/roses/kernel/customer/api/constants/CustomerConstants.java
@ -47,4 +47,9 @@ public interface CustomerConstants {
     */
    String CUSTOMER_CACHE_PREFIX = "customer:";

+    /**
+     * 默认的空bcrypt加密的密码
+     */
+    String DEFAULT_EMPTY_PASSWORD = "-1";
+
 }
--- a/kernel-s-customer/customer-business/src/main/java/cn/stylefeng/roses/kernel/customer/modular/service/impl/CustomerServiceImpl.java
+++ b/kernel-s-customer/customer-business/src/main/java/cn/stylefeng/roses/kernel/customer/modular/service/impl/CustomerServiceImpl.java
@ -15,6 +15,7 @@ import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginResponse;
 import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
 import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
 import cn.stylefeng.roses.kernel.customer.api.OldPasswordValidateApi;
+import cn.stylefeng.roses.kernel.customer.api.constants.CustomerConstants;
 import cn.stylefeng.roses.kernel.customer.api.exception.CustomerException;
 import cn.stylefeng.roses.kernel.customer.api.exception.enums.CustomerExceptionEnum;
 import cn.stylefeng.roses.kernel.customer.api.expander.CustomerConfigExpander;
@ -163,15 +164,16 @@ public class CustomerServiceImpl extends ServiceImpl<CustomerMapper, Customer> i
            throw new CustomerException(CustomerExceptionEnum.CANT_FIND_CUSTOMER, loginRequest.getAccount());
        }

-        // 校验用户密码
-        Boolean passwordFlag = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), customer.getPassword());
-        if (!passwordFlag) {
-            // 如果开启了旧版密码校验，则再校验一次
-            if (CustomerConfigExpander.getOldPasswordValidate()) {
-                if (!oldPasswordValidateApi.validatePassword(loginRequest.getPassword(), customer.getOldPassword(), customer.getOldPasswordSalt())) {
-                    throw new AuthException(AuthExceptionEnum.USERNAME_PASSWORD_ERROR);
-                }
-            } else {
+        // 如果开启了旧版密码，并且bcrypt密码是空
+        if (CustomerConfigExpander.getOldPasswordValidate()
+                && customer.getPassword().equals(CustomerConstants.DEFAULT_EMPTY_PASSWORD)) {
+            if (!oldPasswordValidateApi.validatePassword(loginRequest.getPassword(), customer.getOldPassword(), customer.getOldPasswordSalt())) {
+                throw new AuthException(AuthExceptionEnum.USERNAME_PASSWORD_ERROR);
+            }
+        } else {
+            // 校验用户密码
+            Boolean passwordFlag = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), customer.getPassword());
+            if (!passwordFlag) {
                throw new AuthException(AuthExceptionEnum.USERNAME_PASSWORD_ERROR);
            }
        }