【7.0.4】【c】增加c端用户密码校验逻辑

kernel-s-customer/customer-api/src/main/java/cn/stylefeng/roses/kernel/customer/api/OldPasswordValidateApi.java

@@ -0,0 +1,19 @@
+package cn.stylefeng.roses.kernel.customer.api;
+
+/**
+ * 旧版密码校验api
+ *
+ * @author fengshuonan
+ * @date 2021/7/6 22:01
+ */
+public interface OldPasswordValidateApi {
+
+    /**
+     * 校验密码
+     *
+     * @author fengshuonan
+     * @date 2021/7/6 22:02
+     */
+    boolean validatePassword(String passwordOriginal, String passwordEncrypt, String salt);
+
+}

kernel-s-customer/customer-api/src/main/java/cn/stylefeng/roses/kernel/customer/api/expander/CustomerConfigExpander.java

@@ -81,4 +81,14 @@ public class CustomerConfigExpander {
         return ConfigContext.me().getSysConfigValueWithDefault("CUSTOMER_CACHE_EXPIRED_SECONDS", Long.class, 3600L);
     }
 
+    /**
+     * 是否开启旧版密码校验
+     *
+     * @author fengshuonan
+     * @date 2021/7/6 22:00
+     */
+    public static Boolean getOldPasswordValidate() {
+        return ConfigContext.me().getSysConfigValueWithDefault("CUSTOMER_OPEN_OLD_PASSWORD_VALIDATE", Boolean.class, Boolean.FALSE);
+    }
+
 }

kernel-s-customer/customer-business/src/main/java/cn/stylefeng/roses/kernel/customer/modular/entity/Customer.java

@@ -43,6 +43,20 @@ public class Customer extends BaseEntity {
     @ChineseDescription("密码")
     private String password;
 
+    /**
+     * 旧网站密码（可选）
+     */
+    @TableField("old_password")
+    @ChineseDescription("旧网站密码")
+    private String oldPassword;
+
+    /**
+     * 旧网站密码盐（可选）
+     */
+    @TableField("old_password_salt")
+    @ChineseDescription("旧网站密码盐")
+    private String oldPasswordSalt;
+
     /**
      * 昵称（显示名称）
      */

kernel-s-customer/customer-business/src/main/java/cn/stylefeng/roses/kernel/customer/modular/service/OldPasswordValidateService.java

@@ -0,0 +1,21 @@
+package cn.stylefeng.roses.kernel.customer.modular.service;
+
+import cn.hutool.crypto.SecureUtil;
+import cn.stylefeng.roses.kernel.customer.api.OldPasswordValidateApi;
+import org.springframework.stereotype.Service;
+
+/**
+ * 旧验证码校验
+ *
+ * @author fengshuonan
+ * @date 2021/7/6 22:03
+ */
+@Service
+public class OldPasswordValidateService implements OldPasswordValidateApi {
+
+    @Override
+    public boolean validatePassword(String passwordOriginal, String passwordEncrypt, String salt) {
+        return SecureUtil.md5(passwordOriginal + salt).equals(passwordEncrypt);
+    }
+
+}

kernel-s-customer/customer-business/src/main/java/cn/stylefeng/roses/kernel/customer/modular/service/impl/CustomerServiceImpl.java

@@ -14,6 +14,7 @@ import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginRequest;
 import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginResponse;
 import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
 import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
+import cn.stylefeng.roses.kernel.customer.api.OldPasswordValidateApi;
 import cn.stylefeng.roses.kernel.customer.api.exception.CustomerException;
 import cn.stylefeng.roses.kernel.customer.api.exception.enums.CustomerExceptionEnum;
 import cn.stylefeng.roses.kernel.customer.api.expander.CustomerConfigExpander;
@@ -99,6 +100,9 @@ public class CustomerServiceImpl extends ServiceImpl<CustomerMapper, Customer> i
     @Resource
     private DragCaptchaApi dragCaptchaApi;
 
+    @Resource
+    private OldPasswordValidateApi oldPasswordValidateApi;
+
     @Override
     @Transactional(rollbackFor = Exception.class)
     public void reg(CustomerRequest customerRequest) {
@@ -162,7 +166,14 @@ public class CustomerServiceImpl extends ServiceImpl<CustomerMapper, Customer> i
         // 校验用户密码
         Boolean passwordFlag = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), customer.getPassword());
         if (!passwordFlag) {
-            throw new AuthException(AuthExceptionEnum.USERNAME_PASSWORD_ERROR);
+            // 如果开启了旧版密码校验，则再校验一次
+            if (CustomerConfigExpander.getOldPasswordValidate()) {
+                if (!oldPasswordValidateApi.validatePassword(loginRequest.getPassword(), customer.getOldPassword(), customer.getOldPasswordSalt())) {
+                    throw new AuthException(AuthExceptionEnum.USERNAME_PASSWORD_ERROR);
+                }
+            } else {
+                throw new AuthException(AuthExceptionEnum.USERNAME_PASSWORD_ERROR);
+            }
         }
 
         // 校验用户状态