From 55eb24ddf8286dfd3191fc707ceabf71c7b11554 Mon Sep 17 00:00:00 2001
From: fengshuonan <sn93@qq.com>
Date: Sun, 25 Jun 2023 09:00:44 +0800
Subject: [PATCH] =?UTF-8?q?=E3=80=907.6.0=E3=80=91=E3=80=90sys=E3=80=91?=
 =?UTF-8?q?=E3=80=90user=E3=80=91=E7=94=A8=E6=88=B7=E7=99=BB=E5=BD=95?=
 =?UTF-8?q?=E5=AF=86=E7=A0=81=E6=A0=A1=E9=AA=8C=EF=BC=8C=E8=B0=83=E7=94=A8?=
 =?UTF-8?q?=E9=80=9A=E7=94=A8=E6=8E=A5=E5=8F=A3=E8=BF=9B=E8=A1=8C=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../cn/stylefeng/roses/kernel/auth/auth/LoginService.java  | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java
index 59ef12b1a..febfaf421 100644
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java
@@ -2,7 +2,6 @@ package cn.stylefeng.roses.kernel.auth.auth;
 
 import cn.hutool.core.convert.Convert;
 import cn.hutool.core.util.StrUtil;
-import cn.hutool.crypto.SecureUtil;
 import cn.hutool.extra.spring.SpringUtil;
 import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
@@ -309,8 +308,8 @@ public class LoginService {
         }
 
         // 如果本次登录需要校验密码
-        String encryptPassword = SecureUtil.md5(loginRequest.getPassword() + userValidateInfo.getUserPasswordSalt());
-        boolean checkResult = encryptPassword.equals(userValidateInfo.getUserPasswordHexed());
+        Boolean checkResult = passwordStoredEncryptApi.checkPasswordWithSalt(loginRequest.getPassword(),
+                userValidateInfo.getUserPasswordSalt(), userValidateInfo.getUserPasswordHexed());
 
         // 校验用户表密码是否正确，如果正确则直接返回
         if (checkResult) {
@@ -325,7 +324,7 @@ public class LoginService {
                 String userTempSecretKey = tempSecretApi.getUserTempSecretKey(userValidateInfo.getUserId());
                 // 如果用户有临时秘钥，则校验秘钥是否正确
                 if (StrUtil.isNotBlank(userTempSecretKey)) {
-                    Boolean checkTempKeyResult = loginRequest.getPassword().equals(userTempSecretKey);
+                    boolean checkTempKeyResult = loginRequest.getPassword().equals(userTempSecretKey);
                     if (checkTempKeyResult) {
                         return;
                     }