mirror of https://gitee.com/stylefeng/roses
【system】整理修改密码的业务,所有出现Bcrypt的地方用PasswordStoredEncryptApi接口替代
parent
48200d5fe6
commit
1a303301fd
|
@ -146,7 +146,7 @@ public class AuthServiceImpl implements AuthServiceApi {
|
|||
// 3. 获取用户密码的加密值和用户的状态
|
||||
UserLoginInfoDTO userValidateInfo = userServiceApi.getUserLoginInfo(loginRequest.getAccount());
|
||||
|
||||
// 4. 校验用户密码是否正确(BCrypt算法)
|
||||
// 4. 校验用户密码是否正确
|
||||
if (validatePassword) {
|
||||
Boolean checkResult = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), userValidateInfo.getUserPasswordHexed());
|
||||
if (!checkResult) {
|
||||
|
|
|
@ -43,7 +43,7 @@ public class GunsAuthAutoConfiguration {
|
|||
}
|
||||
|
||||
/**
|
||||
* Bcrypt方式的密码加密
|
||||
* RSA方式密码加密传输
|
||||
*
|
||||
* @author fengshuonan
|
||||
* @date 2020/12/21 17:45
|
||||
|
|
|
@ -51,12 +51,12 @@ public enum SysUserExceptionEnum implements AbstractExceptionEnum {
|
|||
/**
|
||||
* 原密码错误
|
||||
*/
|
||||
USER_PWD_ERROR(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + SystemConstants.SYSTEM_EXCEPTION_STEP_CODE + "53", "原密码错误,请检查password参数"),
|
||||
USER_PWD_ERROR(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + SystemConstants.SYSTEM_EXCEPTION_STEP_CODE + "53", "原密码错误,请重新输入"),
|
||||
|
||||
/**
|
||||
* 新密码与原密码相同
|
||||
*/
|
||||
USER_PWD_REPEAT(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + SystemConstants.SYSTEM_EXCEPTION_STEP_CODE + "54", "新密码与原密码相同,请检查newPassword参数"),
|
||||
USER_PWD_REPEAT(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + SystemConstants.SYSTEM_EXCEPTION_STEP_CODE + "54", "新密码与原密码相同,请更换新密码"),
|
||||
|
||||
/**
|
||||
* 不能删除超级管理员
|
||||
|
|
|
@ -65,7 +65,7 @@ public class SysUserController {
|
|||
* @author luojie
|
||||
* @date 2020/11/6 13:50
|
||||
*/
|
||||
@PostResource(name = "更新用户个人信息", path = "/sysUser/updateInfo")
|
||||
@PostResource(name = "系统用户_更新个人信息", path = "/sysUser/updateInfo")
|
||||
public ResponseData updateInfo(@RequestBody @Validated(SysUserRequest.updateInfo.class) SysUserRequest sysUserRequest) {
|
||||
sysUserService.updateInfo(sysUserRequest);
|
||||
return new SuccessResponseData();
|
||||
|
@ -89,9 +89,9 @@ public class SysUserController {
|
|||
* @author luojie
|
||||
* @date 2020/11/6 13:50
|
||||
*/
|
||||
@PostResource(name = "系统用户_修改密码", path = "/sysUser/updatePwd")
|
||||
@PostResource(name = "系统用户_修改密码", path = "/sysUser/updatePassword")
|
||||
public ResponseData updatePwd(@RequestBody @Validated(SysUserRequest.updatePwd.class) SysUserRequest sysUserRequest) {
|
||||
sysUserService.updatePwd(sysUserRequest);
|
||||
sysUserService.updatePassword(sysUserRequest);
|
||||
return new SuccessResponseData();
|
||||
}
|
||||
|
||||
|
@ -103,7 +103,7 @@ public class SysUserController {
|
|||
*/
|
||||
@PostResource(name = "系统用户_重置密码", path = "/sysUser/resetPwd")
|
||||
public ResponseData resetPwd(@RequestBody @Validated(SysUserRequest.resetPwd.class) SysUserRequest sysUserRequest) {
|
||||
sysUserService.resetPwd(sysUserRequest);
|
||||
sysUserService.resetPassword(sysUserRequest);
|
||||
return new SuccessResponseData();
|
||||
}
|
||||
|
||||
|
|
|
@ -2,8 +2,9 @@ package cn.stylefeng.roses.kernel.system.modular.user.factory;
|
|||
|
||||
import cn.hutool.core.date.DateUtil;
|
||||
import cn.hutool.core.util.ObjectUtil;
|
||||
import cn.hutool.crypto.digest.BCrypt;
|
||||
import cn.hutool.extra.spring.SpringUtil;
|
||||
import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
|
||||
import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi;
|
||||
import cn.stylefeng.roses.kernel.rule.enums.SexEnum;
|
||||
import cn.stylefeng.roses.kernel.rule.enums.YesOrNotEnum;
|
||||
import cn.stylefeng.roses.kernel.system.enums.UserStatusEnum;
|
||||
|
@ -33,12 +34,13 @@ public class SysUserCreateFactory {
|
|||
sysUser.setStatusFlag(UserStatusEnum.ENABLE.getCode());
|
||||
|
||||
// 密码为空则设置为默认密码
|
||||
PasswordStoredEncryptApi passwordStoredEncryptApi = SpringUtil.getBean(PasswordStoredEncryptApi.class);
|
||||
if (ObjectUtil.isEmpty(sysUser.getPassword())) {
|
||||
String defaultPassword = AuthConfigExpander.getDefaultPassWord();
|
||||
sysUser.setPassword(BCrypt.hashpw(defaultPassword, BCrypt.gensalt()));
|
||||
sysUser.setPassword(passwordStoredEncryptApi.encrypt(defaultPassword));
|
||||
} else {
|
||||
// 密码不为空,则将密码加密存储到库中
|
||||
sysUser.setPassword(BCrypt.hashpw(sysUser.getPassword(), BCrypt.gensalt()));
|
||||
sysUser.setPassword(passwordStoredEncryptApi.encrypt(sysUser.getPassword()));
|
||||
}
|
||||
|
||||
// 用户头像为空
|
||||
|
|
|
@ -26,7 +26,7 @@ public class SysUserRequest extends BaseRequest {
|
|||
/**
|
||||
* 主键
|
||||
*/
|
||||
@NotNull(message = "userId不能为空", groups = {edit.class, delete.class, detail.class, grantRole.class, grantData.class, updateInfo.class, updatePwd.class, resetPwd.class, changeStatus.class, updateAvatar.class})
|
||||
@NotNull(message = "userId不能为空", groups = {edit.class, delete.class, detail.class, grantRole.class, grantData.class, updateInfo.class, resetPwd.class, changeStatus.class, updateAvatar.class})
|
||||
private Long userId;
|
||||
|
||||
/**
|
||||
|
|
|
@ -62,7 +62,7 @@ public interface SysUserService extends IService<SysUser>, UserServiceApi {
|
|||
* @author fengshuonan
|
||||
* @date 2020/11/21 14:26
|
||||
*/
|
||||
void updatePwd(SysUserRequest sysUserRequest);
|
||||
void updatePassword(SysUserRequest sysUserRequest);
|
||||
|
||||
/**
|
||||
* 重置密码
|
||||
|
@ -71,7 +71,7 @@ public interface SysUserService extends IService<SysUser>, UserServiceApi {
|
|||
* @author luojie
|
||||
* @date 2020/11/6 13:47
|
||||
*/
|
||||
void resetPwd(SysUserRequest sysUserRequest);
|
||||
void resetPassword(SysUserRequest sysUserRequest);
|
||||
|
||||
/**
|
||||
* 修改头像
|
||||
|
|
|
@ -2,8 +2,10 @@ package cn.stylefeng.roses.kernel.system.modular.user.service.impl;
|
|||
|
||||
import cn.hutool.core.bean.BeanUtil;
|
||||
import cn.hutool.core.util.ObjectUtil;
|
||||
import cn.hutool.crypto.digest.BCrypt;
|
||||
import cn.stylefeng.roses.kernel.auth.api.context.LoginContext;
|
||||
import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
|
||||
import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi;
|
||||
import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
|
||||
import cn.stylefeng.roses.kernel.db.api.factory.PageFactory;
|
||||
import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory;
|
||||
import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult;
|
||||
|
@ -86,6 +88,9 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
|
|||
@Resource
|
||||
private FileInfoApi fileInfoApi;
|
||||
|
||||
@Resource
|
||||
private PasswordStoredEncryptApi passwordStoredEncryptApi;
|
||||
|
||||
@Override
|
||||
@Transactional(rollbackFor = Exception.class)
|
||||
public void add(SysUserRequest sysUserRequest) {
|
||||
|
@ -172,7 +177,12 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
|
|||
}
|
||||
|
||||
@Override
|
||||
public void updatePwd(SysUserRequest sysUserRequest) {
|
||||
public void updatePassword(SysUserRequest sysUserRequest) {
|
||||
|
||||
// 获取当前用户的userId
|
||||
LoginUser loginUser = LoginContext.me().getLoginUser();
|
||||
sysUserRequest.setUserId(loginUser.getUserId());
|
||||
|
||||
SysUser sysUser = this.querySysUser(sysUserRequest);
|
||||
|
||||
// 新密码与原密码相同
|
||||
|
@ -181,21 +191,21 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
|
|||
}
|
||||
|
||||
// 原密码错误
|
||||
if (!BCrypt.checkpw(sysUserRequest.getPassword(), sysUser.getPassword())) {
|
||||
if (!passwordStoredEncryptApi.checkPassword(sysUserRequest.getPassword(), sysUser.getPassword())) {
|
||||
throw new SystemModularException(SysUserExceptionEnum.USER_PWD_ERROR);
|
||||
}
|
||||
|
||||
sysUser.setPassword(BCrypt.hashpw(sysUserRequest.getNewPassword(), BCrypt.gensalt()));
|
||||
sysUser.setPassword(passwordStoredEncryptApi.encrypt(sysUserRequest.getNewPassword()));
|
||||
this.updateById(sysUser);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void resetPwd(SysUserRequest sysUserRequest) {
|
||||
public void resetPassword(SysUserRequest sysUserRequest) {
|
||||
SysUser sysUser = this.querySysUser(sysUserRequest);
|
||||
|
||||
// 获取系统配置的默认密码
|
||||
String password = AuthConfigExpander.getDefaultPassWord();
|
||||
sysUser.setPassword(BCrypt.hashpw(password, BCrypt.gensalt()));
|
||||
sysUser.setPassword(passwordStoredEncryptApi.encrypt(password));
|
||||
|
||||
this.updateById(sysUser);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue