From 9cc38738ec8d401e8a053a18d6f9f291f18f89ea Mon Sep 17 00:00:00 2001 From: fengshuonan Date: Wed, 21 Jun 2023 16:18:06 +0800 Subject: [PATCH 1/7] =?UTF-8?q?=E3=80=907.6.0=E3=80=91=E3=80=90sys?= =?UTF-8?q?=E3=80=91=E3=80=90permission=E3=80=91=E6=9B=B4=E6=96=B0?= =?UTF-8?q?=E6=B3=A8=E9=87=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../kernel/sys/modular/login/service/UserIndexInfoService.java | 1 - 1 file changed, 1 deletion(-) diff --git a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserIndexInfoService.java b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserIndexInfoService.java index 812fed953..0a7b45086 100644 --- a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserIndexInfoService.java +++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/login/service/UserIndexInfoService.java @@ -356,7 +356,6 @@ public class UserIndexInfoService { * * @param loginUser 登录用户 * @param appId 指定的应用id - * @return true-用户有该应用下的权限,false-用户没有该应用下的权限 * @author fengshuonan * @since 2023/6/21 16:23 */ From ec1f1764d820418e9245adb76ea405d0c2e675ec Mon Sep 17 00:00:00 2001 From: fengshuonan Date: Sun, 25 Jun 2023 00:39:40 +0800 Subject: [PATCH 2/7] =?UTF-8?q?=E3=80=907.6.0=E3=80=91=E3=80=90sys?= =?UTF-8?q?=E3=80=91=E6=96=B0=E5=A2=9E=E7=94=A8=E6=88=B7=E6=B7=BB=E5=8A=A0?= =?UTF-8?q?=E4=B8=80=E4=B8=AA=E9=BB=98=E8=AE=A4=E8=A7=92=E8=89=B2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../kernel/sys/api/SysRoleServiceApi.java | 45 +++++++++++++++++++ .../sys/api/constants/SysConstants.java | 5 +++ .../user/service/SysUserRoleService.java | 8 ++++ .../service/impl/SysUserRoleServiceImpl.java | 18 ++++++++ .../user/service/impl/SysUserServiceImpl.java | 4 +- .../modular/role/service/SysRoleService.java | 3 +- .../role/service/impl/SysRoleServiceImpl.java | 17 ++++++- 7 files changed, 96 insertions(+), 4 deletions(-) create mode 100644 kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/SysRoleServiceApi.java diff --git a/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/SysRoleServiceApi.java b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/SysRoleServiceApi.java new file mode 100644 index 000000000..2627fd061 --- /dev/null +++ b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/SysRoleServiceApi.java @@ -0,0 +1,45 @@ +/* + * Copyright [2020-2030] [https://www.stylefeng.cn] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Guns采用APACHE LICENSE 2.0开源协议,您在使用过程中,需要注意以下几点: + * + * 1.请不要删除和修改根目录下的LICENSE文件。 + * 2.请不要删除和修改Guns源码头部的版权声明。 + * 3.请保留源码和相关描述文件的项目出处,作者声明等。 + * 4.分发源码时候,请注明软件出处 https://gitee.com/stylefeng/guns + * 5.在修改包名,模块名称,项目代码等时,请注明软件出处 https://gitee.com/stylefeng/guns + * 6.若您的项目无法满足以上几点,可申请商业授权 + */ +package cn.stylefeng.roses.kernel.sys.api; + +/** + * 角色信息相关的Api + * + * @author fengshuonan + * @since 2023/6/25 0:35 + */ +public interface SysRoleServiceApi { + + /** + * 获取系统默认角色id,查询方式为找到角色编码为employee的角色id + *

+ * 一般在添加用户时用到 + * + * @author fengshuonan + * @since 2023/6/25 0:35 + */ + Long getDefaultRoleId(); + +} diff --git a/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/constants/SysConstants.java b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/constants/SysConstants.java index 2135a669b..d073ac734 100644 --- a/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/constants/SysConstants.java +++ b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/constants/SysConstants.java @@ -52,6 +52,11 @@ public interface SysConstants { */ String SUPER_ADMIN_ROLE_CODE = "superAdmin"; + /** + * 默认用户的初始角色编码 + */ + String DEFAULT_ROLE_CODE = "employee"; + /** * 初始化超级管理员的监听器顺序 */ diff --git a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/SysUserRoleService.java b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/SysUserRoleService.java index a6880167c..5edb093f2 100644 --- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/SysUserRoleService.java +++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/SysUserRoleService.java @@ -80,4 +80,12 @@ public interface SysUserRoleService extends IService, SysUserRoleSe */ void bindRoles(SysUserRoleRequest sysUserRoleRequest); + /** + * 给用户添加默认的角色 + * + * @author fengshuonan + * @since 2023/6/25 0:34 + */ + void bindUserDefaultRole(Long userId); + } \ No newline at end of file diff --git a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserRoleServiceImpl.java b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserRoleServiceImpl.java index 642e03d52..8df33a7dc 100644 --- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserRoleServiceImpl.java +++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserRoleServiceImpl.java @@ -6,6 +6,7 @@ import cn.stylefeng.roses.kernel.db.api.factory.PageFactory; import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory; import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult; import cn.stylefeng.roses.kernel.rule.exception.base.ServiceException; +import cn.stylefeng.roses.kernel.sys.api.SysRoleServiceApi; import cn.stylefeng.roses.kernel.sys.api.callback.RemoveRoleCallbackApi; import cn.stylefeng.roses.kernel.sys.api.callback.RemoveUserCallbackApi; import cn.stylefeng.roses.kernel.sys.modular.user.entity.SysUserRole; @@ -19,6 +20,7 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import javax.annotation.Resource; import java.util.ArrayList; import java.util.List; import java.util.Set; @@ -34,6 +36,9 @@ import java.util.stream.Collectors; public class SysUserRoleServiceImpl extends ServiceImpl implements SysUserRoleService, RemoveUserCallbackApi, RemoveRoleCallbackApi { + @Resource + private SysRoleServiceApi sysRoleServiceApi; + @Override public void add(SysUserRoleRequest sysUserRoleRequest) { SysUserRole sysUserRole = new SysUserRole(); @@ -86,6 +91,19 @@ public class SysUserRoleServiceImpl extends ServiceImpl findList(SysUserRoleRequest sysUserRoleRequest) { LambdaQueryWrapper wrapper = this.createWrapper(sysUserRoleRequest); diff --git a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java index 7f3110634..0c3960580 100644 --- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java +++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java @@ -70,8 +70,8 @@ public class SysUserServiceImpl extends ServiceImpl impl // 更新用户的任职信息 sysUserOrgService.updateUserOrg(sysUser.getUserId(), sysUserRequest.getUserOrgList()); - // 添加用户一个默认角色 todo - + // 添加用户一个默认角色 + sysUserRoleService.bindUserDefaultRole(sysUser.getUserId()); } @Override diff --git a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/SysRoleService.java b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/SysRoleService.java index 3a5f9ae86..5ae1dbdd0 100644 --- a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/SysRoleService.java +++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/SysRoleService.java @@ -1,6 +1,7 @@ package cn.stylefeng.roses.kernel.sys.modular.role.service; import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult; +import cn.stylefeng.roses.kernel.sys.api.SysRoleServiceApi; import cn.stylefeng.roses.kernel.sys.modular.role.entity.SysRole; import cn.stylefeng.roses.kernel.sys.modular.role.pojo.request.SysRoleRequest; import com.baomidou.mybatisplus.extension.service.IService; @@ -13,7 +14,7 @@ import java.util.List; * @author fengshuonan * @date 2023/06/10 21:29 */ -public interface SysRoleService extends IService { +public interface SysRoleService extends IService, SysRoleServiceApi { /** * 新增 diff --git a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleServiceImpl.java b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleServiceImpl.java index 684182d6f..58d499931 100644 --- a/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleServiceImpl.java +++ b/kernel-s-sys/sys-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/role/service/impl/SysRoleServiceImpl.java @@ -12,6 +12,7 @@ import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult; import cn.stylefeng.roses.kernel.rule.enums.YesOrNotEnum; import cn.stylefeng.roses.kernel.rule.exception.base.ServiceException; import cn.stylefeng.roses.kernel.sys.api.callback.RemoveRoleCallbackApi; +import cn.stylefeng.roses.kernel.sys.api.constants.SysConstants; import cn.stylefeng.roses.kernel.sys.modular.role.entity.SysRole; import cn.stylefeng.roses.kernel.sys.modular.role.enums.exception.SysRoleExceptionEnum; import cn.stylefeng.roses.kernel.sys.modular.role.mapper.SysRoleMapper; @@ -117,6 +118,21 @@ public class SysRoleServiceImpl extends ServiceImpl impl return this.list(wrapper); } + @Override + public Long getDefaultRoleId() { + + LambdaQueryWrapper sysRoleLambdaQueryWrapper = new LambdaQueryWrapper<>(); + sysRoleLambdaQueryWrapper.eq(SysRole::getRoleCode, SysConstants.DEFAULT_ROLE_CODE); + sysRoleLambdaQueryWrapper.select(SysRole::getRoleId); + SysRole sysRole = this.getOne(sysRoleLambdaQueryWrapper, false); + + if (sysRole != null) { + return sysRole.getRoleId(); + } + + return null; + } + /** * 获取信息 * @@ -174,5 +190,4 @@ public class SysRoleServiceImpl extends ServiceImpl impl // 删除角色 this.removeBatchByIds(roleIdList); } - } \ No newline at end of file From d1cb8a8a881528daa59d847379ec624379299844 Mon Sep 17 00:00:00 2001 From: fengshuonan Date: Sun, 25 Jun 2023 08:37:51 +0800 Subject: [PATCH 3/7] =?UTF-8?q?=E3=80=907.6.0=E3=80=91=E3=80=90sys?= =?UTF-8?q?=E3=80=91=E3=80=90user=E3=80=91=E4=BF=9D=E5=AD=98=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E5=AF=86=E7=A0=81=E4=BF=9D=E5=AD=98=E6=96=B9=E5=BC=8F?= =?UTF-8?q?=E6=94=B9=E4=B8=BAmd5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../sys/modular/user/entity/SysUser.java | 11 ++++++-- .../user/service/impl/SysUserServiceImpl.java | 27 ++++++++++--------- 2 files changed, 24 insertions(+), 14 deletions(-) diff --git a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/entity/SysUser.java b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/entity/SysUser.java index 7cde1963e..b9f2551c6 100644 --- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/entity/SysUser.java +++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/entity/SysUser.java @@ -58,12 +58,19 @@ public class SysUser extends BaseExpandFieldEntity { private String account; /** - * 密码,加密方式为BCrypt + * 密码,加密方式:md5+盐 */ @TableField("password") - @ChineseDescription("密码,加密方式为BCrypt") + @ChineseDescription("密码,加密方式:md5+盐") private String password; + /** + * 密码盐,加密方式:md5+盐 + */ + @TableField("password_salt") + @ChineseDescription("密码盐,加密方式:md5+盐") + private String passwordSalt; + /** * 头像,存的为文件id */ diff --git a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java index 0c3960580..36e6dbc41 100644 --- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java +++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java @@ -3,8 +3,9 @@ package cn.stylefeng.roses.kernel.sys.modular.user.service.impl; import cn.hutool.core.bean.BeanUtil; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.util.ObjectUtil; +import cn.hutool.core.util.RandomUtil; +import cn.hutool.crypto.SecureUtil; import cn.hutool.extra.spring.SpringUtil; -import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi; import cn.stylefeng.roses.kernel.db.api.factory.PageFactory; import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory; import cn.stylefeng.roses.kernel.db.api.pojo.entity.BaseEntity; @@ -44,9 +45,6 @@ import java.util.Set; @Service public class SysUserServiceImpl extends ServiceImpl implements SysUserService { - @Resource - private PasswordStoredEncryptApi passwordStoredEncryptApi; - @Resource private SysUserOrgService sysUserOrgService; @@ -59,8 +57,12 @@ public class SysUserServiceImpl extends ServiceImpl impl SysUser sysUser = new SysUser(); BeanUtil.copyProperties(sysUserRequest, sysUser); + // 创建密码盐 + String salt = RandomUtil.randomString(8); + sysUser.setPasswordSalt(salt); + // 将密码加密存储到库中 - sysUser.setPassword(passwordStoredEncryptApi.encrypt(sysUser.getPassword())); + sysUser.setPassword(SecureUtil.md5(sysUser.getPassword() + salt)); // 设置用户默认头像 sysUser.setAvatar(FileConstants.DEFAULT_AVATAR_FILE_ID); @@ -144,8 +146,8 @@ public class SysUserServiceImpl extends ServiceImpl impl LambdaQueryWrapper wrapper = createWrapper(sysUserRequest); // 只查询需要的字段 - wrapper.select(SysUser::getUserId, SysUser::getRealName, SysUser::getAccount, SysUser::getSex, - SysUser::getStatusFlag, BaseEntity::getCreateTime); + wrapper.select(SysUser::getUserId, SysUser::getRealName, SysUser::getAccount, SysUser::getSex, SysUser::getStatusFlag, + BaseEntity::getCreateTime); // 分页查询 Page sysUserPage = this.page(PageFactory.defaultPage(), wrapper); @@ -177,9 +179,12 @@ public class SysUserServiceImpl extends ServiceImpl impl public void resetPassword(SysUserRequest sysUserRequest) { SysUser sysUser = this.querySysUser(sysUserRequest); + // 创建密码盐 + String salt = RandomUtil.randomString(8); + // 获取系统配置的默认密码 String password = SysConfigExpander.getDefaultPassWord(); - sysUser.setPassword(passwordStoredEncryptApi.encrypt(password)); + sysUser.setPassword(SecureUtil.md5(password + salt)); this.updateById(sysUser); } @@ -231,8 +236,7 @@ public class SysUserServiceImpl extends ServiceImpl impl // 如果传递了组织机构id查询条件,则查询对应机构id下有哪些用户,再拼接用户查询条件 if (ObjectUtil.isNotEmpty(sysUserRequest.getOrgIdCondition())) { - List orgUserIdList = this.sysUserOrgService.getOrgUserIdList(sysUserRequest.getOrgIdCondition(), - true); + List orgUserIdList = this.sysUserOrgService.getOrgUserIdList(sysUserRequest.getOrgIdCondition(), true); queryWrapper.in(SysUser::getUserId, orgUserIdList); } @@ -247,8 +251,7 @@ public class SysUserServiceImpl extends ServiceImpl impl */ private void baseRemoveUser(Set userIdList) { // 校验是否有其他业务绑定了用户信息 - Map removeUserCallbackApiMap = SpringUtil.getBeansOfType( - RemoveUserCallbackApi.class); + Map removeUserCallbackApiMap = SpringUtil.getBeansOfType(RemoveUserCallbackApi.class); for (RemoveUserCallbackApi removeUserCallbackApi : removeUserCallbackApiMap.values()) { removeUserCallbackApi.validateHaveUserBind(userIdList); } From 6492daeadf11c578778fb81589a2a8105edd787c Mon Sep 17 00:00:00 2001 From: fengshuonan Date: Sun, 25 Jun 2023 08:46:07 +0800 Subject: [PATCH 4/7] =?UTF-8?q?=E3=80=907.6.0=E3=80=91=E3=80=90sys?= =?UTF-8?q?=E3=80=91=E3=80=90auth=E3=80=91=E4=BF=AE=E6=94=B9=E7=99=BB?= =?UTF-8?q?=E5=BD=95=E5=AF=86=E7=A0=81=E6=A0=A1=E9=AA=8C=E6=94=B9=E4=B8=BA?= =?UTF-8?q?md5=E7=9B=90=E6=96=B9=E5=BC=8F=EF=BC=8C=E6=8F=90=E5=8D=87?= =?UTF-8?q?=E6=A0=A1=E9=AA=8C=E6=95=88=E7=8E=87?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../stylefeng/roses/kernel/auth/auth/LoginService.java | 6 ++++-- .../roses/kernel/sys/api/pojo/user/UserValidateDTO.java | 9 ++++++++- .../sys/modular/user/biz/UserIntegrationService.java | 5 +++-- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java index 2d6d5e04f..59ef12b1a 100644 --- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java +++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java @@ -2,6 +2,7 @@ package cn.stylefeng.roses.kernel.auth.auth; import cn.hutool.core.convert.Convert; import cn.hutool.core.util.StrUtil; +import cn.hutool.crypto.SecureUtil; import cn.hutool.extra.spring.SpringUtil; import cn.hutool.http.HttpRequest; import cn.hutool.http.HttpResponse; @@ -308,7 +309,8 @@ public class LoginService { } // 如果本次登录需要校验密码 - Boolean checkResult = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), userValidateInfo.getUserPasswordHexed()); + String encryptPassword = SecureUtil.md5(loginRequest.getPassword() + userValidateInfo.getUserPasswordSalt()); + boolean checkResult = encryptPassword.equals(userValidateInfo.getUserPasswordHexed()); // 校验用户表密码是否正确,如果正确则直接返回 if (checkResult) { @@ -323,7 +325,7 @@ public class LoginService { String userTempSecretKey = tempSecretApi.getUserTempSecretKey(userValidateInfo.getUserId()); // 如果用户有临时秘钥,则校验秘钥是否正确 if (StrUtil.isNotBlank(userTempSecretKey)) { - Boolean checkTempKeyResult = passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), userTempSecretKey); + Boolean checkTempKeyResult = loginRequest.getPassword().equals(userTempSecretKey); if (checkTempKeyResult) { return; } diff --git a/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/pojo/user/UserValidateDTO.java b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/pojo/user/UserValidateDTO.java index f755e7490..0cd786d62 100644 --- a/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/pojo/user/UserValidateDTO.java +++ b/kernel-s-sys/sys-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/pojo/user/UserValidateDTO.java @@ -48,6 +48,12 @@ public class UserValidateDTO { @ChineseDescription("加密后的密码") private String userPasswordHexed; + /** + * 密码盐,存在sys_user表的password_salt字段 + */ + @ChineseDescription("加密后的密码") + private String userPasswordSalt; + /** * 用户状态,状态在UserStatusEnum维护 */ @@ -57,9 +63,10 @@ public class UserValidateDTO { public UserValidateDTO() { } - public UserValidateDTO(Long userId, String userPasswordHexed, Integer userStatus) { + public UserValidateDTO(Long userId, String userPasswordHexed, String salt, Integer userStatus) { this.userId = userId; this.userPasswordHexed = userPasswordHexed; + this.userPasswordSalt = salt; this.userStatus = userStatus; } diff --git a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/biz/UserIntegrationService.java b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/biz/UserIntegrationService.java index 51144a7c0..0a532842f 100644 --- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/biz/UserIntegrationService.java +++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/biz/UserIntegrationService.java @@ -82,14 +82,15 @@ public class UserIntegrationService implements SysUserServiceApi { public UserValidateDTO getUserLoginValidateDTO(String account) { LambdaQueryWrapper sysUserLambdaQueryWrapper = new LambdaQueryWrapper<>(); sysUserLambdaQueryWrapper.eq(SysUser::getAccount, account); - sysUserLambdaQueryWrapper.select(SysUser::getPassword, SysUser::getStatusFlag, SysUser::getUserId); + sysUserLambdaQueryWrapper.select(SysUser::getPassword, SysUser::getPasswordSalt, SysUser::getStatusFlag, SysUser::getUserId); SysUser sysUserServiceOne = this.sysUserService.getOne(sysUserLambdaQueryWrapper, false); if (sysUserServiceOne == null) { throw new ServiceException(SysUserExceptionEnum.ACCOUNT_NOT_EXIST); } - return new UserValidateDTO(sysUserServiceOne.getUserId(), sysUserServiceOne.getPassword(), sysUserServiceOne.getStatusFlag()); + return new UserValidateDTO(sysUserServiceOne.getUserId(), sysUserServiceOne.getPassword(), sysUserServiceOne.getPasswordSalt(), + sysUserServiceOne.getStatusFlag()); } @Override From 1af9fe733a536902092553c192251d6e59002aa4 Mon Sep 17 00:00:00 2001 From: fengshuonan Date: Sun, 25 Jun 2023 08:55:58 +0800 Subject: [PATCH 5/7] =?UTF-8?q?=E3=80=907.6.0=E3=80=91=E3=80=90sys?= =?UTF-8?q?=E3=80=91=E3=80=90auth=E3=80=91=E6=9B=B4=E6=96=B0=E5=8A=A0?= =?UTF-8?q?=E5=AF=86=E6=8E=A5=E5=8F=A3=EF=BC=8C=E5=A2=9E=E5=8A=A0=E4=B8=A4?= =?UTF-8?q?=E4=B8=AA=E5=AF=B9=E5=8A=A0=E7=9B=90=E5=AF=86=E7=A0=81=E7=9A=84?= =?UTF-8?q?=E6=93=8D=E4=BD=9C=E6=96=B9=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../password/PasswordStoredEncryptApi.java | 20 ++++++++++++++++ .../pojo/password/SaltedEncryptResult.java | 24 +++++++++++++++++++ .../password/BcryptPasswordStoredEncrypt.java | 24 +++++++++++++++++++ 3 files changed, 68 insertions(+) create mode 100644 kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/pojo/password/SaltedEncryptResult.java diff --git a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/password/PasswordStoredEncryptApi.java b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/password/PasswordStoredEncryptApi.java index 6b6b801cd..4a6e85e11 100644 --- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/password/PasswordStoredEncryptApi.java +++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/password/PasswordStoredEncryptApi.java @@ -24,6 +24,8 @@ */ package cn.stylefeng.roses.kernel.auth.api.password; +import cn.stylefeng.roses.kernel.auth.api.pojo.password.SaltedEncryptResult; + /** * 密码存储时,将密码进行加密的api * @@ -42,6 +44,16 @@ public interface PasswordStoredEncryptApi { */ String encrypt(String originPassword); + /** + * 加密密码,通过密码 + 盐的方式 + * + * @param originPassword 密码明文,待加密的密码 + * @return 加密后的密码 + * @author fengshuonan + * @since 2023/6/25 8:49 + */ + SaltedEncryptResult encryptWithSalt(String originPassword); + /** * 校验密码加密前和加密后是否一致,多用于判断用户输入密码是否正确 * @@ -52,4 +64,12 @@ public interface PasswordStoredEncryptApi { */ Boolean checkPassword(String encryptBefore, String encryptAfter); + /** + * 校验密码,通过密码 + 盐的方式 + * + * @author fengshuonan + * @since 2023/6/25 8:51 + */ + Boolean checkPasswordWithSalt(String encryptBefore, String passwordSalt, String encryptAfter); + } diff --git a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/pojo/password/SaltedEncryptResult.java b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/pojo/password/SaltedEncryptResult.java new file mode 100644 index 000000000..fd459fefb --- /dev/null +++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/pojo/password/SaltedEncryptResult.java @@ -0,0 +1,24 @@ +package cn.stylefeng.roses.kernel.auth.api.pojo.password; + +import lombok.Data; + +/** + * 密码加密结果 + * + * @author fengshuonan + * @since 2023/6/25 8:48 + */ +@Data +public class SaltedEncryptResult { + + /** + * 加密后的密码 + */ + private String encryptPassword; + + /** + * 密码盐 + */ + private String passwordSalt; + +} diff --git a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/password/BcryptPasswordStoredEncrypt.java b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/password/BcryptPasswordStoredEncrypt.java index 76504324c..4c2339cc6 100644 --- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/password/BcryptPasswordStoredEncrypt.java +++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/password/BcryptPasswordStoredEncrypt.java @@ -24,9 +24,12 @@ */ package cn.stylefeng.roses.kernel.auth.password; +import cn.hutool.core.util.RandomUtil; import cn.hutool.core.util.StrUtil; +import cn.hutool.crypto.SecureUtil; import cn.hutool.crypto.digest.BCrypt; import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi; +import cn.stylefeng.roses.kernel.auth.api.pojo.password.SaltedEncryptResult; /** * 基于BCrypt算法实现的密码加密解密器 @@ -45,9 +48,30 @@ public class BcryptPasswordStoredEncrypt implements PasswordStoredEncryptApi { return BCrypt.hashpw(originPassword, BCrypt.gensalt()); } + @Override + public SaltedEncryptResult encryptWithSalt(String originPassword) { + + SaltedEncryptResult saltedEncryptResult = new SaltedEncryptResult(); + + // 创建密码盐 + String salt = RandomUtil.randomString(8); + saltedEncryptResult.setPasswordSalt(salt); + + // 将原密码进行md5加密 + String encryptAfter = SecureUtil.md5(originPassword + salt); + saltedEncryptResult.setEncryptPassword(encryptAfter); + + return saltedEncryptResult; + } + @Override public Boolean checkPassword(String encryptBefore, String encryptAfter) { return BCrypt.checkpw(encryptBefore, encryptAfter); } + @Override + public Boolean checkPasswordWithSalt(String encryptBefore, String passwordSalt, String encryptAfter) { + return SecureUtil.md5(encryptBefore + passwordSalt).equals(encryptAfter); + } + } From 7e0f8cdbc96e6f5cd1a4d5a2efbf6ab760275a4a Mon Sep 17 00:00:00 2001 From: fengshuonan Date: Sun, 25 Jun 2023 08:58:44 +0800 Subject: [PATCH 6/7] =?UTF-8?q?=E3=80=907.6.0=E3=80=91=E3=80=90sys?= =?UTF-8?q?=E3=80=91=E3=80=90user=E3=80=91=E6=9B=B4=E6=96=B0=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E5=8A=A0=E5=AF=86=E5=AD=98=E5=82=A8=E5=AF=86=E7=A0=81?= =?UTF-8?q?=E8=B0=83=E7=94=A8=E9=80=9A=E7=94=A8=E7=9A=84=E5=8A=A0=E5=AF=86?= =?UTF-8?q?=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../user/service/impl/SysUserServiceImpl.java | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java index 36e6dbc41..25a73654f 100644 --- a/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java +++ b/kernel-s-sys/sys-business-hr/src/main/java/cn/stylefeng/roses/kernel/sys/modular/user/service/impl/SysUserServiceImpl.java @@ -3,9 +3,9 @@ package cn.stylefeng.roses.kernel.sys.modular.user.service.impl; import cn.hutool.core.bean.BeanUtil; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.util.ObjectUtil; -import cn.hutool.core.util.RandomUtil; -import cn.hutool.crypto.SecureUtil; import cn.hutool.extra.spring.SpringUtil; +import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi; +import cn.stylefeng.roses.kernel.auth.api.pojo.password.SaltedEncryptResult; import cn.stylefeng.roses.kernel.db.api.factory.PageFactory; import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory; import cn.stylefeng.roses.kernel.db.api.pojo.entity.BaseEntity; @@ -45,6 +45,9 @@ import java.util.Set; @Service public class SysUserServiceImpl extends ServiceImpl implements SysUserService { + @Resource + private PasswordStoredEncryptApi passwordStoredEncryptApi; + @Resource private SysUserOrgService sysUserOrgService; @@ -57,12 +60,10 @@ public class SysUserServiceImpl extends ServiceImpl impl SysUser sysUser = new SysUser(); BeanUtil.copyProperties(sysUserRequest, sysUser); - // 创建密码盐 - String salt = RandomUtil.randomString(8); - sysUser.setPasswordSalt(salt); - // 将密码加密存储到库中 - sysUser.setPassword(SecureUtil.md5(sysUser.getPassword() + salt)); + SaltedEncryptResult saltedEncryptResult = passwordStoredEncryptApi.encryptWithSalt(sysUser.getPassword()); + sysUser.setPassword(saltedEncryptResult.getEncryptPassword()); + sysUser.setPasswordSalt(saltedEncryptResult.getPasswordSalt()); // 设置用户默认头像 sysUser.setAvatar(FileConstants.DEFAULT_AVATAR_FILE_ID); @@ -179,12 +180,13 @@ public class SysUserServiceImpl extends ServiceImpl impl public void resetPassword(SysUserRequest sysUserRequest) { SysUser sysUser = this.querySysUser(sysUserRequest); - // 创建密码盐 - String salt = RandomUtil.randomString(8); - // 获取系统配置的默认密码 String password = SysConfigExpander.getDefaultPassWord(); - sysUser.setPassword(SecureUtil.md5(password + salt)); + + // 密码加密后,存储到数据库中 + SaltedEncryptResult saltedEncryptResult = passwordStoredEncryptApi.encryptWithSalt(password); + sysUser.setPassword(saltedEncryptResult.getEncryptPassword()); + sysUser.setPasswordSalt(saltedEncryptResult.getPasswordSalt()); this.updateById(sysUser); } From 55eb24ddf8286dfd3191fc707ceabf71c7b11554 Mon Sep 17 00:00:00 2001 From: fengshuonan Date: Sun, 25 Jun 2023 09:00:44 +0800 Subject: [PATCH 7/7] =?UTF-8?q?=E3=80=907.6.0=E3=80=91=E3=80=90sys?= =?UTF-8?q?=E3=80=91=E3=80=90user=E3=80=91=E7=94=A8=E6=88=B7=E7=99=BB?= =?UTF-8?q?=E5=BD=95=E5=AF=86=E7=A0=81=E6=A0=A1=E9=AA=8C=EF=BC=8C=E8=B0=83?= =?UTF-8?q?=E7=94=A8=E9=80=9A=E7=94=A8=E6=8E=A5=E5=8F=A3=E8=BF=9B=E8=A1=8C?= =?UTF-8?q?=E9=AA=8C=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cn/stylefeng/roses/kernel/auth/auth/LoginService.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java index 59ef12b1a..febfaf421 100644 --- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java +++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/LoginService.java @@ -2,7 +2,6 @@ package cn.stylefeng.roses.kernel.auth.auth; import cn.hutool.core.convert.Convert; import cn.hutool.core.util.StrUtil; -import cn.hutool.crypto.SecureUtil; import cn.hutool.extra.spring.SpringUtil; import cn.hutool.http.HttpRequest; import cn.hutool.http.HttpResponse; @@ -309,8 +308,8 @@ public class LoginService { } // 如果本次登录需要校验密码 - String encryptPassword = SecureUtil.md5(loginRequest.getPassword() + userValidateInfo.getUserPasswordSalt()); - boolean checkResult = encryptPassword.equals(userValidateInfo.getUserPasswordHexed()); + Boolean checkResult = passwordStoredEncryptApi.checkPasswordWithSalt(loginRequest.getPassword(), + userValidateInfo.getUserPasswordSalt(), userValidateInfo.getUserPasswordHexed()); // 校验用户表密码是否正确,如果正确则直接返回 if (checkResult) { @@ -325,7 +324,7 @@ public class LoginService { String userTempSecretKey = tempSecretApi.getUserTempSecretKey(userValidateInfo.getUserId()); // 如果用户有临时秘钥,则校验秘钥是否正确 if (StrUtil.isNotBlank(userTempSecretKey)) { - Boolean checkTempKeyResult = loginRequest.getPassword().equals(userTempSecretKey); + boolean checkTempKeyResult = loginRequest.getPassword().equals(userTempSecretKey); if (checkTempKeyResult) { return; }