【7.6.0】【sys】【auth】修改登录密码校验改为md5盐方式，提升校验效率

kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java

@@ -2,6 +2,7 @@ package cn.stylefeng.roses.kernel.auth.auth;
 
 import cn.hutool.core.convert.Convert;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
 import cn.hutool.extra.spring.SpringUtil;
 import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
@@ -308,7 +309,8 @@ public class LoginService {
         }
 
         // 如果本次登录需要校验密码
-        Boolean checkResult = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), userValidateInfo.getUserPasswordHexed());
+        String encryptPassword = SecureUtil.md5(loginRequest.getPassword() + userValidateInfo.getUserPasswordSalt());
+        boolean checkResult = encryptPassword.equals(userValidateInfo.getUserPasswordHexed());
 
         // 校验用户表密码是否正确，如果正确则直接返回
         if (checkResult) {
@@ -323,7 +325,7 @@ public class LoginService {
                 String userTempSecretKey = tempSecretApi.getUserTempSecretKey(userValidateInfo.getUserId());
                 // 如果用户有临时秘钥，则校验秘钥是否正确
                 if (StrUtil.isNotBlank(userTempSecretKey)) {
-                    Boolean checkTempKeyResult = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), userTempSecretKey);
+                    Boolean checkTempKeyResult = loginRequest.getPassword().equals(userTempSecretKey);
                     if (checkTempKeyResult) {
                         return;
                     }

kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/pojo/user/UserValidateDTO.java

@@ -48,6 +48,12 @@ public class UserValidateDTO {
     @ChineseDescription("加密后的密码")
     private String userPasswordHexed;
 
+    /**
+     * 密码盐，存在sys_user表的password_salt字段
+     */
+    @ChineseDescription("加密后的密码")
+    private String userPasswordSalt;
+
     /**
      * 用户状态，状态在UserStatusEnum维护
      */
@@ -57,9 +63,10 @@ public class UserValidateDTO {
     public UserValidateDTO() {
     }
 
-    public UserValidateDTO(Long userId, String userPasswordHexed, Integer userStatus) {
+    public UserValidateDTO(Long userId, String userPasswordHexed, String salt, Integer userStatus) {
         this.userId = userId;
         this.userPasswordHexed = userPasswordHexed;
+        this.userPasswordSalt = salt;
         this.userStatus = userStatus;
     }
 

kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/biz/UserIntegrationService.java

@@ -82,14 +82,15 @@ public class UserIntegrationService implements SysUserServiceApi {
     public UserValidateDTO getUserLoginValidateDTO(String account) {
         LambdaQueryWrapper<SysUser> sysUserLambdaQueryWrapper = new LambdaQueryWrapper<>();
         sysUserLambdaQueryWrapper.eq(SysUser::getAccount, account);
-        sysUserLambdaQueryWrapper.select(SysUser::getPassword, SysUser::getStatusFlag, SysUser::getUserId);
+        sysUserLambdaQueryWrapper.select(SysUser::getPassword, SysUser::getPasswordSalt, SysUser::getStatusFlag, SysUser::getUserId);
         SysUser sysUserServiceOne = this.sysUserService.getOne(sysUserLambdaQueryWrapper, false);
 
         if (sysUserServiceOne == null) {
             throw new ServiceException(SysUserExceptionEnum.ACCOUNT_NOT_EXIST);
         }
 
-        return new UserValidateDTO(sysUserServiceOne.getUserId(), sysUserServiceOne.getPassword(), sysUserServiceOne.getStatusFlag());
+        return new UserValidateDTO(sysUserServiceOne.getUserId(), sysUserServiceOne.getPassword(), sysUserServiceOne.getPasswordSalt(),
+                sysUserServiceOne.getStatusFlag());
     }
 
     @Override