mirror of https://gitee.com/stylefeng/roses
【7.6.0】【sys】【auth】修改登录密码校验改为md5盐方式,提升校验效率
fengshuonan
parent
d1cb8a8a88
commit
6492daeadf
|
|
@ -2,6 +2,7 @@ package cn.stylefeng.roses.kernel.auth.auth;
|
|||
|
||||
import cn.hutool.core.convert.Convert;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import cn.hutool.crypto.SecureUtil;
|
||||
import cn.hutool.extra.spring.SpringUtil;
|
||||
import cn.hutool.http.HttpRequest;
|
||||
import cn.hutool.http.HttpResponse;
|
||||
|
|
@ -308,7 +309,8 @@ public class LoginService {
|
|||
}
|
||||
|
||||
// 如果本次登录需要校验密码
|
||||
Boolean checkResult = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), userValidateInfo.getUserPasswordHexed());
|
||||
String encryptPassword = SecureUtil.md5(loginRequest.getPassword() + userValidateInfo.getUserPasswordSalt());
|
||||
boolean checkResult = encryptPassword.equals(userValidateInfo.getUserPasswordHexed());
|
||||
|
||||
// 校验用户表密码是否正确,如果正确则直接返回
|
||||
if (checkResult) {
|
||||
|
|
@ -323,7 +325,7 @@ public class LoginService {
|
|||
String userTempSecretKey = tempSecretApi.getUserTempSecretKey(userValidateInfo.getUserId());
|
||||
// 如果用户有临时秘钥,则校验秘钥是否正确
|
||||
if (StrUtil.isNotBlank(userTempSecretKey)) {
|
||||
Boolean checkTempKeyResult = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), userTempSecretKey);
|
||||
Boolean checkTempKeyResult = loginRequest.getPassword().equals(userTempSecretKey);
|
||||
if (checkTempKeyResult) {
|
||||
return;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -48,6 +48,12 @@ public class UserValidateDTO {
|
|||
@ChineseDescription("加密后的密码")
|
||||
private String userPasswordHexed;
|
||||
|
||||
/**
|
||||
* 密码盐,存在sys_user表的password_salt字段
|
||||
*/
|
||||
@ChineseDescription("加密后的密码")
|
||||
private String userPasswordSalt;
|
||||
|
||||
/**
|
||||
* 用户状态,状态在UserStatusEnum维护
|
||||
*/
|
||||
|
|
@ -57,9 +63,10 @@ public class UserValidateDTO {
|
|||
public UserValidateDTO() {
|
||||
}
|
||||
|
||||
public UserValidateDTO(Long userId, String userPasswordHexed, Integer userStatus) {
|
||||
public UserValidateDTO(Long userId, String userPasswordHexed, String salt, Integer userStatus) {
|
||||
this.userId = userId;
|
||||
this.userPasswordHexed = userPasswordHexed;
|
||||
this.userPasswordSalt = salt;
|
||||
this.userStatus = userStatus;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -82,14 +82,15 @@ public class UserIntegrationService implements SysUserServiceApi {
|
|||
public UserValidateDTO getUserLoginValidateDTO(String account) {
|
||||
LambdaQueryWrapper<SysUser> sysUserLambdaQueryWrapper = new LambdaQueryWrapper<>();
|
||||
sysUserLambdaQueryWrapper.eq(SysUser::getAccount, account);
|
||||
sysUserLambdaQueryWrapper.select(SysUser::getPassword, SysUser::getStatusFlag, SysUser::getUserId);
|
||||
sysUserLambdaQueryWrapper.select(SysUser::getPassword, SysUser::getPasswordSalt, SysUser::getStatusFlag, SysUser::getUserId);
|
||||
SysUser sysUserServiceOne = this.sysUserService.getOne(sysUserLambdaQueryWrapper, false);
|
||||
|
||||
if (sysUserServiceOne == null) {
|
||||
throw new ServiceException(SysUserExceptionEnum.ACCOUNT_NOT_EXIST);
|
||||
}
|
||||
|
||||
return new UserValidateDTO(sysUserServiceOne.getUserId(), sysUserServiceOne.getPassword(), sysUserServiceOne.getStatusFlag());
|
||||
return new UserValidateDTO(sysUserServiceOne.getUserId(), sysUserServiceOne.getPassword(), sysUserServiceOne.getPasswordSalt(),
|
||||
sysUserServiceOne.getStatusFlag());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
Loading…
Reference in New Issue