修复个人信息修改漏洞

pull/61/head
RuoYi 2019-01-08 15:56:49 +08:00
parent 0c76d45349
commit dd37524b04
4 changed files with 48 additions and 37 deletions

View File

@ -1,13 +1,11 @@
package com.ruoyi.web.controller.system; package com.ruoyi.web.controller.system;
import org.apache.shiro.crypto.hash.Md5Hash;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap; import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
@ -17,6 +15,7 @@ import com.ruoyi.common.annotation.Log;
import com.ruoyi.common.base.AjaxResult; import com.ruoyi.common.base.AjaxResult;
import com.ruoyi.common.config.Global; import com.ruoyi.common.config.Global;
import com.ruoyi.common.enums.BusinessType; import com.ruoyi.common.enums.BusinessType;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.framework.shiro.service.SysPasswordService; import com.ruoyi.framework.shiro.service.SysPasswordService;
import com.ruoyi.framework.util.FileUploadUtils; import com.ruoyi.framework.util.FileUploadUtils;
import com.ruoyi.framework.util.ShiroUtils; import com.ruoyi.framework.util.ShiroUtils;
@ -66,54 +65,63 @@ public class SysProfileController extends BaseController
public boolean checkPassword(String password) public boolean checkPassword(String password)
{ {
SysUser user = getSysUser(); SysUser user = getSysUser();
String encrypt = new Md5Hash(user.getLoginName() + password + user.getSalt()).toHex().toString(); if (passwordService.matches(user, password))
if (user.getPassword().equals(encrypt))
{ {
return true; return true;
} }
return false; return false;
} }
@GetMapping("/resetPwd/{userId}") @GetMapping("/resetPwd")
public String resetPwd(@PathVariable("userId") Long userId, ModelMap mmap) public String resetPwd(ModelMap mmap)
{ {
mmap.put("user", userService.selectUserById(userId)); SysUser user = getSysUser();
mmap.put("user", userService.selectUserById(user.getUserId()));
return prefix + "/resetPwd"; return prefix + "/resetPwd";
} }
@Log(title = "重置密码", businessType = BusinessType.UPDATE) @Log(title = "重置密码", businessType = BusinessType.UPDATE)
@PostMapping("/resetPwd") @PostMapping("/resetPwd")
@ResponseBody @ResponseBody
public AjaxResult resetPwd(SysUser user) public AjaxResult resetPwd(String oldPassword, String newPassword)
{
SysUser user = getSysUser();
if (StringUtils.isNotEmpty(newPassword) && passwordService.matches(user, oldPassword))
{ {
user.setSalt(ShiroUtils.randomSalt()); user.setSalt(ShiroUtils.randomSalt());
user.setPassword(passwordService.encryptPassword(user.getLoginName(), user.getPassword(), user.getSalt())); user.setPassword(passwordService.encryptPassword(user.getLoginName(), newPassword, user.getSalt()));
int rows = userService.resetUserPwd(user); if (userService.resetUserPwd(user) > 0)
if (rows > 0)
{ {
setSysUser(userService.selectUserById(user.getUserId())); setSysUser(userService.selectUserById(user.getUserId()));
return success(); return success();
} }
return error(); return error();
} }
else
{
return error("修改密码失败,旧密码错误");
}
}
/** /**
* *
*/ */
@GetMapping("/edit/{userId}") @GetMapping("/edit")
public String edit(@PathVariable("userId") Long userId, ModelMap mmap) public String edit(ModelMap mmap)
{ {
mmap.put("user", userService.selectUserById(userId)); SysUser user = getSysUser();
mmap.put("user", userService.selectUserById(user.getUserId()));
return prefix + "/edit"; return prefix + "/edit";
} }
/** /**
* *
*/ */
@GetMapping("/avatar/{userId}") @GetMapping("/avatar")
public String avatar(@PathVariable("userId") Long userId, ModelMap mmap) public String avatar(ModelMap mmap)
{ {
mmap.put("user", userService.selectUserById(userId)); SysUser user = getSysUser();
mmap.put("user", userService.selectUserById(user.getUserId()));
return prefix + "/avatar"; return prefix + "/avatar";
} }
@ -125,9 +133,14 @@ public class SysProfileController extends BaseController
@ResponseBody @ResponseBody
public AjaxResult update(SysUser user) public AjaxResult update(SysUser user)
{ {
if (userService.updateUserInfo(user) > 0) SysUser currentUser = getSysUser();
currentUser.setUserName(user.getUserName());
currentUser.setEmail(user.getEmail());
currentUser.setPhonenumber(user.getPhonenumber());
currentUser.setSex(user.getSex());
if (userService.updateUserInfo(currentUser) > 0)
{ {
setSysUser(userService.selectUserById(user.getUserId())); setSysUser(userService.selectUserById(currentUser.getUserId()));
return success(); return success();
} }
return error(); return error();
@ -139,17 +152,18 @@ public class SysProfileController extends BaseController
@Log(title = "个人信息", businessType = BusinessType.UPDATE) @Log(title = "个人信息", businessType = BusinessType.UPDATE)
@PostMapping("/updateAvatar") @PostMapping("/updateAvatar")
@ResponseBody @ResponseBody
public AjaxResult updateAvatar(SysUser user, @RequestParam("avatarfile") MultipartFile file) public AjaxResult updateAvatar(@RequestParam("avatarfile") MultipartFile file)
{ {
SysUser currentUser = getSysUser();
try try
{ {
if (!file.isEmpty()) if (!file.isEmpty())
{ {
String avatar = FileUploadUtils.upload(Global.getAvatarPath(), file); String avatar = FileUploadUtils.upload(Global.getAvatarPath(), file);
user.setAvatar(avatar); currentUser.setAvatar(avatar);
if (userService.updateUserInfo(user) > 0) if (userService.updateUserInfo(currentUser) > 0)
{ {
setSysUser(userService.selectUserById(user.getUserId())); setSysUser(userService.selectUserById(currentUser.getUserId()));
return success(); return success();
} }
} }

View File

@ -4,7 +4,6 @@
<title>用户头像修改</title> <title>用户头像修改</title>
<link th:href="@{/ajax/libs/cropbox/cropbox.css}" rel="stylesheet"/> <link th:href="@{/ajax/libs/cropbox/cropbox.css}" rel="stylesheet"/>
<body class="white-bg"> <body class="white-bg">
<input name="userId" id="userId" type="hidden" th:value="${user.userId}" />
<div class="container"> <div class="container">
<div class="imageBox"> <div class="imageBox">
<div class="thumbBox"></div> <div class="thumbBox"></div>
@ -68,7 +67,6 @@ function submitHandler() {
var img = cropper.getBlob(); var img = cropper.getBlob();
var formdata = new FormData(); var formdata = new FormData();
formdata.append("avatarfile", img); formdata.append("avatarfile", img);
formdata.append("userId", $("#userId").val());
$.ajax({ $.ajax({
url: ctx + "system/user/profile/updateAvatar", url: ctx + "system/user/profile/updateAvatar",
data: formdata, data: formdata,

View File

@ -58,20 +58,19 @@
<div th:include="include::footer"></div> <div th:include="include::footer"></div>
<script> <script>
var userId = [[${user.userId}]];
/*用户信息-修改*/ /*用户信息-修改*/
function edit() { function edit() {
var url = ctx + "system/user/profile/edit/" + userId; var url = ctx + 'system/user/profile/edit';
$.modal.open("修改用户", url); $.modal.open("修改用户", url);
} }
/*用户管理-重置密码*/ /*用户管理-重置密码*/
function resetPwd() { function resetPwd() {
var url = ctx + 'system/user/profile/resetPwd/' + userId; var url = ctx + 'system/user/profile/resetPwd';
$.modal.open("重置密码", url, '800', '500'); $.modal.open("重置密码", url, '800', '500');
} }
/*用户管理-头像*/ /*用户管理-头像*/
function avatar() { function avatar() {
var url = ctx + 'system/user/profile/avatar/' + userId; var url = ctx + 'system/user/profile/avatar';
$.modal.open("修改头像", url); $.modal.open("修改头像", url);
} }
</script> </script>

View File

@ -21,7 +21,7 @@
<div class="form-group"> <div class="form-group">
<label class="col-sm-3 control-label">新密码:</label> <label class="col-sm-3 control-label">新密码:</label>
<div class="col-sm-8"> <div class="col-sm-8">
<input class="form-control" type="password" name="password" id="password"> <input class="form-control" type="password" name="newPassword" id="newPassword">
</div> </div>
</div> </div>
<div class="form-group"> <div class="form-group">
@ -51,14 +51,14 @@
} }
} }
}, },
password: { newPassword: {
required: true, required: true,
minlength: 5, minlength: 5,
maxlength: 20 maxlength: 20
}, },
confirm: { confirm: {
required: true, required: true,
equalTo: "#password" equalTo: "#newPassword"
} }
}, },
messages: { messages: {
@ -66,7 +66,7 @@
required: "请输入原密码", required: "请输入原密码",
remote: "原密码错误" remote: "原密码错误"
}, },
password: { newPassword: {
required: "请输入新密码", required: "请输入新密码",
minlength: "密码不能小于6个字符", minlength: "密码不能小于6个字符",
maxlength: "密码不能大于20个字符" maxlength: "密码不能大于20个字符"