gitee
/
roses
mirror of https://gitee.com/stylefeng/roses
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

【7.6.0】【sys】【user】保存用户密码保存方式改为md5

pull/57/head
fengshuonan 2023-06-25 08:37:51 +08:00
parent ec1f1764d8
commit d1cb8a8a88
2 changed files with 24 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/entity/SysUser.java
View File

@ -58,12 +58,19 @@ public class SysUser extends BaseExpandFieldEntity {
private String account; private String account;
/** /**
* BCrypt * md5+
*/ */
@TableField("password") @TableField("password")
@ChineseDescription("密码,加密方式为BCrypt") @ChineseDescription("密码,加密方式md5+盐")
private String password; private String password;
/**
* md5+
*/
@TableField("password_salt")
@ChineseDescription("密码盐加密方式md5+盐")
private String passwordSalt;
/** /**
* id * id
*/ */

27
kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java
View File

@ -3,8 +3,9 @@ package cn.stylefeng.roses.kernel.sys.modular.user.service.impl;
import cn.hutool.core.bean.BeanUtil; import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.ObjectUtil; import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.RandomUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.extra.spring.SpringUtil; import cn.hutool.extra.spring.SpringUtil;
import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi;
import cn.stylefeng.roses.kernel.db.api.factory.PageFactory; import cn.stylefeng.roses.kernel.db.api.factory.PageFactory;
import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory; import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory;
import cn.stylefeng.roses.kernel.db.api.pojo.entity.BaseEntity; import cn.stylefeng.roses.kernel.db.api.pojo.entity.BaseEntity;
@ -44,9 +45,6 @@ import java.util.Set;
@Service @Service
public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> implements SysUserService { public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> implements SysUserService {
@Resource
private PasswordStoredEncryptApi passwordStoredEncryptApi;
@Resource @Resource
private SysUserOrgService sysUserOrgService; private SysUserOrgService sysUserOrgService;
@ -59,8 +57,12 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
SysUser sysUser = new SysUser(); SysUser sysUser = new SysUser();
BeanUtil.copyProperties(sysUserRequest, sysUser); BeanUtil.copyProperties(sysUserRequest, sysUser);
// 创建密码盐
String salt = RandomUtil.randomString(8);
sysUser.setPasswordSalt(salt);
// 将密码加密存储到库中 // 将密码加密存储到库中
sysUser.setPassword(passwordStoredEncryptApi.encrypt(sysUser.getPassword())); sysUser.setPassword(SecureUtil.md5(sysUser.getPassword() + salt));
// 设置用户默认头像 // 设置用户默认头像
sysUser.setAvatar(FileConstants.DEFAULT_AVATAR_FILE_ID); sysUser.setAvatar(FileConstants.DEFAULT_AVATAR_FILE_ID);
@ -144,8 +146,8 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
LambdaQueryWrapper<SysUser> wrapper = createWrapper(sysUserRequest); LambdaQueryWrapper<SysUser> wrapper = createWrapper(sysUserRequest);
// 只查询需要的字段 // 只查询需要的字段
wrapper.select(SysUser::getUserId, SysUser::getRealName, SysUser::getAccount, SysUser::getSex, wrapper.select(SysUser::getUserId, SysUser::getRealName, SysUser::getAccount, SysUser::getSex, SysUser::getStatusFlag,
SysUser::getStatusFlag, BaseEntity::getCreateTime); BaseEntity::getCreateTime);
// 分页查询 // 分页查询
Page<SysUser> sysUserPage = this.page(PageFactory.defaultPage(), wrapper); Page<SysUser> sysUserPage = this.page(PageFactory.defaultPage(), wrapper);
@ -177,9 +179,12 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
public void resetPassword(SysUserRequest sysUserRequest) { public void resetPassword(SysUserRequest sysUserRequest) {
SysUser sysUser = this.querySysUser(sysUserRequest); SysUser sysUser = this.querySysUser(sysUserRequest);
// 创建密码盐
String salt = RandomUtil.randomString(8);
// 获取系统配置的默认密码 // 获取系统配置的默认密码
String password = SysConfigExpander.getDefaultPassWord(); String password = SysConfigExpander.getDefaultPassWord();
sysUser.setPassword(passwordStoredEncryptApi.encrypt(password)); sysUser.setPassword(SecureUtil.md5(password + salt));
this.updateById(sysUser); this.updateById(sysUser);
} }
@ -231,8 +236,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
// 如果传递了组织机构id查询条件则查询对应机构id下有哪些用户再拼接用户查询条件 // 如果传递了组织机构id查询条件则查询对应机构id下有哪些用户再拼接用户查询条件
if (ObjectUtil.isNotEmpty(sysUserRequest.getOrgIdCondition())) { if (ObjectUtil.isNotEmpty(sysUserRequest.getOrgIdCondition())) {
List<Long> orgUserIdList = this.sysUserOrgService.getOrgUserIdList(sysUserRequest.getOrgIdCondition(), List<Long> orgUserIdList = this.sysUserOrgService.getOrgUserIdList(sysUserRequest.getOrgIdCondition(), true);
true);
queryWrapper.in(SysUser::getUserId, orgUserIdList); queryWrapper.in(SysUser::getUserId, orgUserIdList);
} }
@ -247,8 +251,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
*/ */
private void baseRemoveUser(Set<Long> userIdList) { private void baseRemoveUser(Set<Long> userIdList) {
// 校验是否有其他业务绑定了用户信息 // 校验是否有其他业务绑定了用户信息
Map<String, RemoveUserCallbackApi> removeUserCallbackApiMap = SpringUtil.getBeansOfType( Map<String, RemoveUserCallbackApi> removeUserCallbackApiMap = SpringUtil.getBeansOfType(RemoveUserCallbackApi.class);
RemoveUserCallbackApi.class);
for (RemoveUserCallbackApi removeUserCallbackApi : removeUserCallbackApiMap.values()) { for (RemoveUserCallbackApi removeUserCallbackApi : removeUserCallbackApiMap.values()) {
removeUserCallbackApi.validateHaveUserBind(userIdList); removeUserCallbackApi.validateHaveUserBind(userIdList);
} }