github
/
eladmin
mirror of https://github.com/elunez/eladmin
1
0
Fork 0
Code Issues Releases Wiki Activity

修改邮箱与修改密码传输的密码通过rsa加密传输

pull/214/head
dqjdda 2019-12-01 20:33:59 +08:00
parent 98f2db21d3
commit 84a65048f0
3 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
eladmin-common/src/main/java/me/zhengjie/exception/handler/GlobalExceptionHandler.java
View File

@ -8,6 +8,7 @@ import me.zhengjie.utils.ThrowableUtil;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.web.bind.MethodArgumentNotValidException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.RestControllerAdvice;
@ -32,6 +33,17 @@ public class GlobalExceptionHandler {
return buildResponseEntity(ApiError.error(e.getMessage()));
}
/**
* BadCredentialsException
*/
@ExceptionHandler(BadCredentialsException.class)
public ResponseEntity badCredentialsException(BadCredentialsException e){
// 打印堆栈信息
String message = "坏的凭证".equals(e.getMessage()) ? "用户名或密码不正确" : e.getMessage();
log.error(message);
return buildResponseEntity(ApiError.error(message));
}
/**
*
*/

24
eladmin-system/src/main/java/me/zhengjie/modules/system/rest/UserController.java
View File

@ -1,5 +1,7 @@
package me.zhengjie.modules.system.rest;
import cn.hutool.crypto.asymmetric.KeyType;
import cn.hutool.crypto.asymmetric.RSA;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import me.zhengjie.aop.log.Log;
@ -16,12 +18,11 @@ import me.zhengjie.modules.system.service.dto.UserQueryCriteria;
import me.zhengjie.service.VerificationCodeService;
import me.zhengjie.utils.*;
import me.zhengjie.modules.system.service.UserService;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.domain.Pageable;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ObjectUtils;
@ -42,6 +43,8 @@ import java.util.stream.Collectors;
@RequestMapping("/api/users")
public class UserController {
@Value("${rsa.private_key}")
private String privateKey;
private final PasswordEncoder passwordEncoder;
private final UserService userService;
private final DataScope dataScope;
@ -106,6 +109,8 @@ public class UserController {
@PreAuthorize("@el.check('user:add')")
public ResponseEntity create(@Validated @RequestBody User resources){
checkLevel(resources);
// 默认密码 123456
resources.setPassword(passwordEncoder.encode("123456"));
return new ResponseEntity<>(userService.create(resources),HttpStatus.CREATED);
}
@ -150,14 +155,18 @@ public class UserController {
@ApiOperation("修改密码")
@PostMapping(value = "/updatePass")
public ResponseEntity updatePass(@RequestBody UserPassVo passVo){
// 密码解密
RSA rsa = new RSA(privateKey, null);
String oldPass = new String(rsa.decrypt(passVo.getOldPass(), KeyType.PrivateKey));
String newPass = new String(rsa.decrypt(passVo.getNewPass(), KeyType.PrivateKey));
UserDto user = userService.findByName(SecurityUtils.getUsername());
if(!passwordEncoder.matches(passVo.getOldPass(), user.getPassword())){
if(!passwordEncoder.matches(oldPass, user.getPassword())){
throw new BadRequestException("修改失败,旧密码错误");
}
if(passwordEncoder.matches(passVo.getNewPass(), user.getPassword())){
if(passwordEncoder.matches(newPass, user.getPassword())){
throw new BadRequestException("新密码不能与旧密码相同");
}
userService.updatePass(user.getUsername(),passwordEncoder.encode(passVo.getNewPass()));
userService.updatePass(user.getUsername(),passwordEncoder.encode(newPass));
return new ResponseEntity(HttpStatus.OK);
}
@ -172,8 +181,11 @@ public class UserController {
@ApiOperation("修改邮箱")
@PostMapping(value = "/updateEmail/{code}")
public ResponseEntity updateEmail(@PathVariable String code,@RequestBody User user){
// 密码解密
RSA rsa = new RSA(privateKey, null);
String password = new String(rsa.decrypt(user.getPassword(), KeyType.PrivateKey));
UserDto userDto = userService.findByName(SecurityUtils.getUsername());
if(!passwordEncoder.matches(user.getPassword(), userDto.getPassword())){
if(!passwordEncoder.matches(password, userDto.getPassword())){
throw new BadRequestException("密码错误");
}
VerificationCode verificationCode = new VerificationCode(code, ElAdminConstant.RESET_MAIL,"email",user.getEmail());

8
eladmin-system/src/main/java/me/zhengjie/modules/system/service/impl/UserServiceImpl.java
View File

@ -38,11 +38,8 @@ import java.util.stream.Collectors;
public class UserServiceImpl implements UserService {
private final UserRepository userRepository;
private final UserMapper userMapper;
private final RedisUtils redisUtils;
private final UserAvatarRepository userAvatarRepository;
@Value("${file.avatar}")
@ -81,17 +78,12 @@ public class UserServiceImpl implements UserService {
@CacheEvict(allEntries = true)
@Transactional(rollbackFor = Exception.class)
public UserDto create(User resources) {
if(userRepository.findByUsername(resources.getUsername())!=null){
throw new EntityExistException(User.class,"username",resources.getUsername());
}
if(userRepository.findByEmail(resources.getEmail())!=null){
throw new EntityExistException(User.class,"email",resources.getEmail());
}
// 默认密码 123456此密码是加密后的字符
resources.setPassword("e10adc3949ba59abbe56e057f20f883e");
return userMapper.toDto(userRepository.save(resources));
}