个人信息修改

2023-06-25 09:29:30 +08:00 · 2023-06-25 09:29:30 +08:00 · f3e595adf5
parent 94cbca9177 55eb24ddf8
commit f3e595adf5
15 changed files with 200 additions and 20 deletions
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/password/PasswordStoredEncryptApi.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/password/PasswordStoredEncryptApi.java
@ -24,6 +24,8 @@
 */
 package cn.stylefeng.roses.kernel.auth.api.password;

+import cn.stylefeng.roses.kernel.auth.api.pojo.password.SaltedEncryptResult;
+
 /**
 * 密码存储时，将密码进行加密的api
 *
@ -42,6 +44,16 @@ public interface PasswordStoredEncryptApi {
     */
    String encrypt(String originPassword);

+    /**
+     * 加密密码，通过密码 + 盐的方式
+     *
+     * @param originPassword 密码明文，待加密的密码
+     * @return 加密后的密码
+     * @author fengshuonan
+     * @since 2023/6/25 8:49
+     */
+    SaltedEncryptResult encryptWithSalt(String originPassword);
+
    /**
     * 校验密码加密前和加密后是否一致，多用于判断用户输入密码是否正确
     *
@ -52,4 +64,12 @@ public interface PasswordStoredEncryptApi {
     */
    Boolean checkPassword(String encryptBefore, String encryptAfter);

+    /**
+     * 校验密码，通过密码 + 盐的方式
+     *
+     * @author fengshuonan
+     * @since 2023/6/25 8:51
+     */
+    Boolean checkPasswordWithSalt(String encryptBefore, String passwordSalt, String encryptAfter);
+
 }
--- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/pojo/password/SaltedEncryptResult.java
+++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/pojo/password/SaltedEncryptResult.java
@ -0,0 +1,24 @@
+package cn.stylefeng.roses.kernel.auth.api.pojo.password;
+
+import lombok.Data;
+
+/**
+ * 密码加密结果
+ *
+ * @author fengshuonan
+ * @since 2023/6/25 8:48
+ */
+@Data
+public class SaltedEncryptResult {
+
+    /**
+     * 加密后的密码
+     */
+    private String encryptPassword;
+
+    /**
+     * 密码盐
+     */
+    private String passwordSalt;
+
+}
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java
@ -308,7 +308,8 @@ public class LoginService {
        }

        // 如果本次登录需要校验密码
-        Boolean checkResult = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), userValidateInfo.getUserPasswordHexed());
+        Boolean checkResult = passwordStoredEncryptApi.checkPasswordWithSalt(loginRequest.getPassword(),
+                userValidateInfo.getUserPasswordSalt(), userValidateInfo.getUserPasswordHexed());

        // 校验用户表密码是否正确，如果正确则直接返回
        if (checkResult) {
@ -323,7 +324,7 @@ public class LoginService {
                String userTempSecretKey = tempSecretApi.getUserTempSecretKey(userValidateInfo.getUserId());
                // 如果用户有临时秘钥，则校验秘钥是否正确
                if (StrUtil.isNotBlank(userTempSecretKey)) {
-                    Boolean checkTempKeyResult = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), userTempSecretKey);
+                    boolean checkTempKeyResult = loginRequest.getPassword().equals(userTempSecretKey);
                    if (checkTempKeyResult) {
                        return;
                    }
--- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/password/BcryptPasswordStoredEncrypt.java
+++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/password/BcryptPasswordStoredEncrypt.java
@ -24,9 +24,12 @@
 */
 package cn.stylefeng.roses.kernel.auth.password;

+import cn.hutool.core.util.RandomUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
 import cn.hutool.crypto.digest.BCrypt;
 import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi;
+import cn.stylefeng.roses.kernel.auth.api.pojo.password.SaltedEncryptResult;

 /**
 * 基于BCrypt算法实现的密码加密解密器
@ -45,9 +48,30 @@ public class BcryptPasswordStoredEncrypt implements PasswordStoredEncryptApi {
        return BCrypt.hashpw(originPassword, BCrypt.gensalt());
    }

+    @Override
+    public SaltedEncryptResult encryptWithSalt(String originPassword) {
+
+        SaltedEncryptResult saltedEncryptResult = new SaltedEncryptResult();
+
+        // 创建密码盐
+        String salt = RandomUtil.randomString(8);
+        saltedEncryptResult.setPasswordSalt(salt);
+
+        // 将原密码进行md5加密
+        String encryptAfter = SecureUtil.md5(originPassword + salt);
+        saltedEncryptResult.setEncryptPassword(encryptAfter);
+
+        return saltedEncryptResult;
+    }
+
    @Override
    public Boolean checkPassword(String encryptBefore, String encryptAfter) {
        return BCrypt.checkpw(encryptBefore, encryptAfter);
    }

+    @Override
+    public Boolean checkPasswordWithSalt(String encryptBefore, String passwordSalt, String encryptAfter) {
+        return SecureUtil.md5(encryptBefore + passwordSalt).equals(encryptAfter);
+    }
+
 }
--- a/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/SysRoleServiceApi.java
+++ b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/SysRoleServiceApi.java
@ -0,0 +1,45 @@
+/*
+ * Copyright [2020-2030] [https://www.stylefeng.cn]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Guns采用APACHE LICENSE 2.0开源协议，您在使用过程中，需要注意以下几点：
+ *
+ * 1.请不要删除和修改根目录下的LICENSE文件。
+ * 2.请不要删除和修改Guns源码头部的版权声明。
+ * 3.请保留源码和相关描述文件的项目出处，作者声明等。
+ * 4.分发源码时候，请注明软件出处 https://gitee.com/stylefeng/guns
+ * 5.在修改包名，模块名称，项目代码等时，请注明软件出处 https://gitee.com/stylefeng/guns
+ * 6.若您的项目无法满足以上几点，可申请商业授权
+ */
+package cn.stylefeng.roses.kernel.sys.api;
+
+/**
+ * 角色信息相关的Api
+ *
+ * @author fengshuonan
+ * @since 2023/6/25 0:35
+ */
+public interface SysRoleServiceApi {
+
+    /**
+     * 获取系统默认角色id，查询方式为找到角色编码为employee的角色id
+     * <p>
+     * 一般在添加用户时用到
+     *
+     * @author fengshuonan
+     * @since 2023/6/25 0:35
+     */
+    Long getDefaultRoleId();
+
+}
--- a/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/constants/SysConstants.java
+++ b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/constants/SysConstants.java
@ -52,6 +52,11 @@ public interface SysConstants {
     */
    String SUPER_ADMIN_ROLE_CODE = "superAdmin";

+    /**
+     * 默认用户的初始角色编码
+     */
+    String DEFAULT_ROLE_CODE = "employee";
+
    /**
     * 初始化超级管理员的监听器顺序
     */
--- a/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/pojo/user/UserValidateDTO.java
+++ b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/pojo/user/UserValidateDTO.java
@ -48,6 +48,12 @@ public class UserValidateDTO {
    @ChineseDescription("加密后的密码")
    private String userPasswordHexed;

+    /**
+     * 密码盐，存在sys_user表的password_salt字段
+     */
+    @ChineseDescription("加密后的密码")
+    private String userPasswordSalt;
+
    /**
     * 用户状态，状态在UserStatusEnum维护
     */
@ -57,9 +63,10 @@ public class UserValidateDTO {
    public UserValidateDTO() {
    }

-    public UserValidateDTO(Long userId, String userPasswordHexed, Integer userStatus) {
+    public UserValidateDTO(Long userId, String userPasswordHexed, String salt, Integer userStatus) {
        this.userId = userId;
        this.userPasswordHexed = userPasswordHexed;
+        this.userPasswordSalt = salt;
        this.userStatus = userStatus;
    }

--- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/biz/UserIntegrationService.java
+++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/biz/UserIntegrationService.java
@ -82,14 +82,15 @@ public class UserIntegrationService implements SysUserServiceApi {
    public UserValidateDTO getUserLoginValidateDTO(String account) {
        LambdaQueryWrapper<SysUser> sysUserLambdaQueryWrapper = new LambdaQueryWrapper<>();
        sysUserLambdaQueryWrapper.eq(SysUser::getAccount, account);
-        sysUserLambdaQueryWrapper.select(SysUser::getPassword, SysUser::getStatusFlag, SysUser::getUserId);
+        sysUserLambdaQueryWrapper.select(SysUser::getPassword, SysUser::getPasswordSalt, SysUser::getStatusFlag, SysUser::getUserId);
        SysUser sysUserServiceOne = this.sysUserService.getOne(sysUserLambdaQueryWrapper, false);

        if (sysUserServiceOne == null) {
            throw new ServiceException(SysUserExceptionEnum.ACCOUNT_NOT_EXIST);
        }

-        return new UserValidateDTO(sysUserServiceOne.getUserId(), sysUserServiceOne.getPassword(), sysUserServiceOne.getStatusFlag());
+        return new UserValidateDTO(sysUserServiceOne.getUserId(), sysUserServiceOne.getPassword(), sysUserServiceOne.getPasswordSalt(),
+                sysUserServiceOne.getStatusFlag());
    }

    @Override
--- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/entity/SysUser.java
+++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/entity/SysUser.java
@ -58,12 +58,19 @@ public class SysUser extends BaseExpandFieldEntity {
    private String account;

    /**
-     * 密码，加密方式为BCrypt
+     * 密码，加密方式：md5+盐
     */
    @TableField("password")
-    @ChineseDescription("密码，加密方式为BCrypt")
+    @ChineseDescription("密码，加密方式：md5+盐")
    private String password;

+    /**
+     * 密码盐，加密方式：md5+盐
+     */
+    @TableField("password_salt")
+    @ChineseDescription("密码盐，加密方式：md5+盐")
+    private String passwordSalt;
+
    /**
     * 头像，存的为文件id
     */
--- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/SysUserRoleService.java
+++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/SysUserRoleService.java
@ -80,4 +80,12 @@ public interface SysUserRoleService extends IService<SysUserRole>, SysUserRoleSe
     */
    void bindRoles(SysUserRoleRequest sysUserRoleRequest);

+    /**
+     * 给用户添加默认的角色
+     *
+     * @author fengshuonan
+     * @since 2023/6/25 0:34
+     */
+    void bindUserDefaultRole(Long userId);
+
 }
--- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserRoleServiceImpl.java
+++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserRoleServiceImpl.java
@ -6,6 +6,7 @@ import cn.stylefeng.roses.kernel.db.api.factory.PageFactory;
 import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory;
 import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult;
 import cn.stylefeng.roses.kernel.rule.exception.base.ServiceException;
+import cn.stylefeng.roses.kernel.sys.api.SysRoleServiceApi;
 import cn.stylefeng.roses.kernel.sys.api.callback.RemoveRoleCallbackApi;
 import cn.stylefeng.roses.kernel.sys.api.callback.RemoveUserCallbackApi;
 import cn.stylefeng.roses.kernel.sys.modular.user.entity.SysUserRole;
@ -19,6 +20,7 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;

+import javax.annotation.Resource;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
@ -34,6 +36,9 @@ import java.util.stream.Collectors;
 public class SysUserRoleServiceImpl extends ServiceImpl<SysUserRoleMapper, SysUserRole> implements SysUserRoleService,
        RemoveUserCallbackApi, RemoveRoleCallbackApi {

+    @Resource
+    private SysRoleServiceApi sysRoleServiceApi;
+
    @Override
    public void add(SysUserRoleRequest sysUserRoleRequest) {
        SysUserRole sysUserRole = new SysUserRole();
@ -86,6 +91,19 @@ public class SysUserRoleServiceImpl extends ServiceImpl<SysUserRoleMapper, SysUs
        this.saveBatch(newUserRoles);
    }

+    @Override
+    public void bindUserDefaultRole(Long userId) {
+
+        // 查询默认角色的角色id
+        Long defaultRoleId = sysRoleServiceApi.getDefaultRoleId();
+
+        // 给用户绑定默认角色
+        SysUserRole sysUserRole = new SysUserRole();
+        sysUserRole.setUserId(userId);
+        sysUserRole.setRoleId(defaultRoleId);
+        this.save(sysUserRole);
+    }
+
    @Override
    public List<SysUserRole> findList(SysUserRoleRequest sysUserRoleRequest) {
        LambdaQueryWrapper<SysUserRole> wrapper = this.createWrapper(sysUserRoleRequest);
--- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java
+++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java
@ -7,6 +7,7 @@ import cn.hutool.extra.spring.SpringUtil;
 import cn.stylefeng.roses.kernel.auth.api.context.LoginContext;
 import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi;
 import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
+import cn.stylefeng.roses.kernel.auth.api.pojo.password.SaltedEncryptResult;
 import cn.stylefeng.roses.kernel.db.api.factory.PageFactory;
 import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory;
 import cn.stylefeng.roses.kernel.db.api.pojo.entity.BaseEntity;
@ -63,7 +64,9 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
        BeanUtil.copyProperties(sysUserRequest, sysUser);

        // 将密码加密存储到库中
-        sysUser.setPassword(passwordStoredEncryptApi.encrypt(sysUser.getPassword()));
+        SaltedEncryptResult saltedEncryptResult = passwordStoredEncryptApi.encryptWithSalt(sysUser.getPassword());
+        sysUser.setPassword(saltedEncryptResult.getEncryptPassword());
+        sysUser.setPasswordSalt(saltedEncryptResult.getPasswordSalt());

        // 设置用户默认头像
        sysUser.setAvatar(FileConstants.DEFAULT_AVATAR_FILE_ID);
@ -73,8 +76,8 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
        // 更新用户的任职信息
        sysUserOrgService.updateUserOrg(sysUser.getUserId(), sysUserRequest.getUserOrgList());

-        // 添加用户一个默认角色 todo
-
+        // 添加用户一个默认角色
+        sysUserRoleService.bindUserDefaultRole(sysUser.getUserId());
    }

    @Override
@ -147,8 +150,8 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
        LambdaQueryWrapper<SysUser> wrapper = createWrapper(sysUserRequest);

        // 只查询需要的字段
-        wrapper.select(SysUser::getUserId, SysUser::getRealName, SysUser::getAccount, SysUser::getSex,
-                SysUser::getStatusFlag, BaseEntity::getCreateTime);
+        wrapper.select(SysUser::getUserId, SysUser::getRealName, SysUser::getAccount, SysUser::getSex, SysUser::getStatusFlag,
+                BaseEntity::getCreateTime);

        // 分页查询
        Page<SysUser> sysUserPage = this.page(PageFactory.defaultPage(), wrapper);
@ -182,7 +185,11 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl

        // 获取系统配置的默认密码
        String password = SysConfigExpander.getDefaultPassWord();
-        sysUser.setPassword(passwordStoredEncryptApi.encrypt(password));
+
+        // 密码加密后，存储到数据库中
+        SaltedEncryptResult saltedEncryptResult = passwordStoredEncryptApi.encryptWithSalt(password);
+        sysUser.setPassword(saltedEncryptResult.getEncryptPassword());
+        sysUser.setPasswordSalt(saltedEncryptResult.getPasswordSalt());

        this.updateById(sysUser);
    }
@ -234,8 +241,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl

        // 如果传递了组织机构id查询条件，则查询对应机构id下有哪些用户，再拼接用户查询条件
        if (ObjectUtil.isNotEmpty(sysUserRequest.getOrgIdCondition())) {
-            List<Long> orgUserIdList = this.sysUserOrgService.getOrgUserIdList(sysUserRequest.getOrgIdCondition(),
-                    true);
+            List<Long> orgUserIdList = this.sysUserOrgService.getOrgUserIdList(sysUserRequest.getOrgIdCondition(), true);
            queryWrapper.in(SysUser::getUserId, orgUserIdList);
        }

@ -250,8 +256,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
     */
    private void baseRemoveUser(Set<Long> userIdList) {
        // 校验是否有其他业务绑定了用户信息
-        Map<String, RemoveUserCallbackApi> removeUserCallbackApiMap = SpringUtil.getBeansOfType(
-                RemoveUserCallbackApi.class);
+        Map<String, RemoveUserCallbackApi> removeUserCallbackApiMap = SpringUtil.getBeansOfType(RemoveUserCallbackApi.class);
        for (RemoveUserCallbackApi removeUserCallbackApi : removeUserCallbackApiMap.values()) {
            removeUserCallbackApi.validateHaveUserBind(userIdList);
        }
--- a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserIndexInfoService.java
+++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserIndexInfoService.java
@ -356,7 +356,6 @@ public class UserIndexInfoService {
     *
     * @param loginUser 登录用户
     * @param appId     指定的应用id
-     * @return true-用户有该应用下的权限，false-用户没有该应用下的权限
     * @author fengshuonan
     * @since 2023/6/21 16:23
     */
--- a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/SysRoleService.java
+++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/SysRoleService.java
@ -1,6 +1,7 @@
 package cn.stylefeng.roses.kernel.sys.modular.role.service;

 import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult;
+import cn.stylefeng.roses.kernel.sys.api.SysRoleServiceApi;
 import cn.stylefeng.roses.kernel.sys.modular.role.entity.SysRole;
 import cn.stylefeng.roses.kernel.sys.modular.role.pojo.request.SysRoleRequest;
 import com.baomidou.mybatisplus.extension.service.IService;
@ -13,7 +14,7 @@ import java.util.List;
 * @author fengshuonan
 * @date 2023/06/10 21:29
 */
-public interface SysRoleService extends IService<SysRole> {
+public interface SysRoleService extends IService<SysRole>, SysRoleServiceApi {

    /**
     * 新增
--- a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleServiceImpl.java
+++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleServiceImpl.java
@ -12,6 +12,7 @@ import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult;
 import cn.stylefeng.roses.kernel.rule.enums.YesOrNotEnum;
 import cn.stylefeng.roses.kernel.rule.exception.base.ServiceException;
 import cn.stylefeng.roses.kernel.sys.api.callback.RemoveRoleCallbackApi;
+import cn.stylefeng.roses.kernel.sys.api.constants.SysConstants;
 import cn.stylefeng.roses.kernel.sys.modular.role.entity.SysRole;
 import cn.stylefeng.roses.kernel.sys.modular.role.enums.exception.SysRoleExceptionEnum;
 import cn.stylefeng.roses.kernel.sys.modular.role.mapper.SysRoleMapper;
@ -117,6 +118,21 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
        return this.list(wrapper);
    }

+    @Override
+    public Long getDefaultRoleId() {
+
+        LambdaQueryWrapper<SysRole> sysRoleLambdaQueryWrapper = new LambdaQueryWrapper<>();
+        sysRoleLambdaQueryWrapper.eq(SysRole::getRoleCode, SysConstants.DEFAULT_ROLE_CODE);
+        sysRoleLambdaQueryWrapper.select(SysRole::getRoleId);
+        SysRole sysRole = this.getOne(sysRoleLambdaQueryWrapper, false);
+
+        if (sysRole != null) {
+            return sysRole.getRoleId();
+        }
+
+        return null;
+    }
+
    /**
     * 获取信息
     *
@ -174,5 +190,4 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
        // 删除角色
        this.removeBatchByIds(roleIdList);
    }
-
 }