github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix NPE when resetting password

pull/137/head
johnniang 2019-03-04 17:17:18 +08:00
parent 6e0d4e5d8b
commit ce3da2398d
2 changed files with 19 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/main/java/cc/ryanc/halo/web/controller/admin/AdminController.java
View File

@ -2,9 +2,9 @@ package cc.ryanc.halo.web.controller.admin;
import cc.ryanc.halo.logging.Logger; import cc.ryanc.halo.logging.Logger;
import cc.ryanc.halo.model.domain.*; import cc.ryanc.halo.model.domain.*;
import cc.ryanc.halo.model.enums.*;
import cc.ryanc.halo.model.support.JsonResult; import cc.ryanc.halo.model.support.JsonResult;
import cc.ryanc.halo.model.support.LogsRecord; import cc.ryanc.halo.model.support.LogsRecord;
import cc.ryanc.halo.model.enums.*;
import cc.ryanc.halo.service.*; import cc.ryanc.halo.service.*;
import cc.ryanc.halo.utils.LocaleMessageUtil; import cc.ryanc.halo.utils.LocaleMessageUtil;
import cc.ryanc.halo.utils.MarkdownUtils; import cc.ryanc.halo.utils.MarkdownUtils;
@ -49,6 +49,8 @@ import static cc.ryanc.halo.model.support.HaloConst.USER_SESSION_KEY;
@RequestMapping(value = "/admin") @RequestMapping(value = "/admin")
public class AdminController extends BaseController { public class AdminController extends BaseController {
private final static String RESET_PASSWORD_SESSION_KEY = "resetPasswordCode";
private final Logger log = Logger.getLogger(getClass()); private final Logger log = Logger.getLogger(getClass());
@Autowired @Autowired
@ -234,7 +236,7 @@ public class AdminController extends BaseController {
url.append("/admin/toResetPassword?code="); url.append("/admin/toResetPassword?code=");
url.append(code); url.append(code);
mailService.sendMail(user.getUserEmail(), "请根据该链接重置你的博客密码", "请点击该链接重置你的密码:" + url); mailService.sendMail(user.getUserEmail(), "请根据该链接重置你的博客密码", "请点击该链接重置你的密码:" + url);
session.setAttribute("resetPasswordCode", code); session.setAttribute(RESET_PASSWORD_SESSION_KEY, code);
return JsonResult.success("邮件发送成功,请登录您的邮箱进行下一步操作"); return JsonResult.success("邮件发送成功,请登录您的邮箱进行下一步操作");
} catch (Exception e) { } catch (Exception e) {
return JsonResult.fail("邮件发送失败,请确定已经配置好了发信服务器信息"); return JsonResult.fail("邮件发送失败,请确定已经配置好了发信服务器信息");
@ -251,15 +253,10 @@ public class AdminController extends BaseController {
public String toResetPassword(@RequestParam(value = "code", defaultValue = "") String code, public String toResetPassword(@RequestParam(value = "code", defaultValue = "") String code,
Model model, Model model,
HttpSession session) { HttpSession session) {
final String sessionCode = (String) session.getAttribute("resetPasswordCode"); String sessionCode = (String) session.getAttribute(RESET_PASSWORD_SESSION_KEY);
if (StrUtil.isEmpty(code)) {
this.renderNotFound(); model.addAttribute("isRight", StrUtil.equals(sessionCode, code));
}
if (!sessionCode.equals(code)) {
model.addAttribute("isRight", false);
} else {
model.addAttribute("isRight", true);
}
model.addAttribute("code", code); model.addAttribute("code", code);
return "admin/admin_resetpassword"; return "admin/admin_resetpassword";
} }
@ -277,14 +274,11 @@ public class AdminController extends BaseController {
@RequestParam(value = "definePassword") String definePassword, @RequestParam(value = "definePassword") String definePassword,
@RequestParam(value = "code") String code, @RequestParam(value = "code") String code,
HttpSession session) { HttpSession session) {
final String sessionCode = (String) session.getAttribute("resetPasswordCode"); final String sessionCode = (String) session.getAttribute(RESET_PASSWORD_SESSION_KEY);
if (null == sessionCode) { if (null == sessionCode || !StrUtil.equals(sessionCode, code)) {
return JsonResult.fail("不允许该操作!"); return JsonResult.fail("不允许该操作!");
} }
if (!StrUtil.equals(code, sessionCode)) { if (StrUtil.isBlank(password) || StrUtil.isBlank(definePassword)) {
return JsonResult.fail("不允许该操作!");
}
if (StrUtil.isEmpty(password) || StrUtil.isEmpty(definePassword)) {
return JsonResult.fail("请输入完整信息!"); return JsonResult.fail("请输入完整信息!");
} }
if (!StrUtil.equals(password, definePassword)) { if (!StrUtil.equals(password, definePassword)) {
@ -294,7 +288,7 @@ public class AdminController extends BaseController {
user.setUserPass(SecureUtil.md5(password)); user.setUserPass(SecureUtil.md5(password));
userService.update(user); userService.update(user);
userService.updateUserNormal(); userService.updateUserNormal();
session.removeAttribute("resetPasswordCode"); session.removeAttribute(RESET_PASSWORD_SESSION_KEY);
return JsonResult.success("重置密码成功!"); return JsonResult.success("重置密码成功!");
} }

5
src/main/java/cc/ryanc/halo/web/controller/core/CommonController.java
View File

@ -38,12 +38,15 @@ public class CommonController implements ErrorController {
// Get the exception // Get the exception
Throwable throwable = (Throwable) request.getAttribute("javax.servlet.error.exception"); Throwable throwable = (Throwable) request.getAttribute("javax.servlet.error.exception");
if (throwable != null && StringUtils.startsWithIgnoreCase(throwable.getMessage(), "Could not resolve view with name '")) { if (throwable != null) {
log.error("Captured an exception", throwable); log.error("Captured an exception", throwable);
if (StringUtils.startsWithIgnoreCase(throwable.getMessage(), "Could not resolve view with name '")) {
// TODO May cause unreasoned problem // TODO May cause unreasoned problem
// if Ftl was not found then redirect to /404 // if Ftl was not found then redirect to /404
return "redirect:/404"; return "redirect:/404";
} }
}
if (statusCode.equals(CommonParamsEnum.NOT_FOUND.getValue())) { if (statusCode.equals(CommonParamsEnum.NOT_FOUND.getValue())) {
return "redirect:/404"; return "redirect:/404";