登录密码验证

src/main/java/com/glxp/api/controller/auth/AuthUserController.java

@@ -1,5 +1,6 @@
 package com.glxp.api.controller.auth;
 
+import com.glxp.api.util.PasswordUtils;
 import org.springframework.beans.BeanUtils;
 import com.github.pagehelper.PageInfo;
 import com.glxp.api.annotation.AuthRuleAnnotation;
@@ -139,14 +140,14 @@ public class AuthUserController extends BaseController {
     @AuthRuleAnnotation("")
     @GetMapping("/admin/auth/companyUser/list")
     public BaseResponse companyUser(FilterInvLinkDataRequest filterInvLinkDataRequest) {
-        List<AuthAdmin> hospitalUserList =authAdminService.companyUserList(filterInvLinkDataRequest);
+        List<AuthAdmin> hospitalUserList = authAdminService.companyUserList(filterInvLinkDataRequest);
         return ResultVOUtils.success(hospitalUserList);
     }
 
     //修改用户信息
     @AuthRuleAnnotation("")
     @PostMapping("/admin/auth/admin/updateUser")
-    public BaseResponse updateUser(@RequestBody @Valid UpdateUserRequset updateUserRequset,BindingResult bindingResult) {
+    public BaseResponse updateUser(@RequestBody @Valid UpdateUserRequset updateUserRequset, BindingResult bindingResult) {
         if (bindingResult.hasErrors()) {
             return ResultVOUtils.error(ResultEnum.PARAM_VERIFY_FALL.getCode(),
                     bindingResult.getFieldError().getDefaultMessage());
@@ -174,4 +175,34 @@ public class AuthUserController extends BaseController {
 
     }
 
+
+    @AuthRuleAnnotation("")
+    @PostMapping("/admin/auth/admin/force/updateUser")
+    public BaseResponse forceUpdateUser(@RequestBody @Valid UpdateUserRequset updateUserRequset, BindingResult bindingResult) {
+        if (bindingResult.hasErrors()) {
+            return ResultVOUtils.error(ResultEnum.PARAM_VERIFY_FALL, bindingResult.getFieldError().getDefaultMessage());
+        }
+        AuthAdmin authAdmin = customerService.getUserBean();
+        if (StringUtils.isBlank(updateUserRequset.getNewPassword())) {
+            return ResultVOUtils.error(500, "请输入新密码！");
+        }
+        if (StringUtils.isBlank(updateUserRequset.getConfirmPassword())) {
+            return ResultVOUtils.error(500, "请输入确认密码！");
+        }
+
+        if (updateUserRequset.getNewPassword().equals(updateUserRequset.getOldPassword())) {
+            return ResultVOUtils.error(500, "新密码与旧密码重复！请重新修改！");
+        }
+        if (updateUserRequset.getNewPassword().equals(updateUserRequset.getConfirmPassword()) && updateUserRequset.getOldPassword().equals(authAdmin.getPassWord())) {
+            String newPwd = PasswordUtils.authAdminPwd(updateUserRequset.getNewPassword());
+            authAdmin.setPassWord(newPwd);
+            authAdmin.setLastUpdatePwdTime(new Date());
+            authAdminService.updateAuthAdmin(authAdmin);
+            return ResultVOUtils.success("修改成功");
+        } else {
+            return ResultVOUtils.error(500, "新密码与确认密码不相同！请重新修改！");
+        }
+
+    }
+
 }

src/main/java/com/glxp/api/controller/auth/LoginController.java

@@ -81,14 +81,15 @@ public class LoginController extends BaseController {
         if (authAdmin == null) {
             throw new JsonException(ResultEnum.DATA_NOT, "用户名或密码错误");
         }
-// &&  !PasswordUtils.authAdminPwd(loginRequest.getPassword()).equals(authAdmin.getPassWord())
-        if (!PasswordUtils.authAdminPwd(loginRequest.getPassword()).equals(SecureUtil.sha256(authAdmin.getPassWord()))) {
-            throw new JsonException(ResultEnum.DATA_NOT, "用户名或密码错误");
-        }
+        if (PasswordUtils.authAdminPwd(loginRequest.getPassword()).equals(PasswordUtils.authAdminPwd(authAdmin.getPassWord()))
+                || loginRequest.getPassword().equals(authAdmin.getPassWord()) || (loginRequest.getPassword().equals(PasswordUtils.authAdminPwd(authAdmin.getPassWord())))
+        ) {
 
-//        if (!PasswordUtils.authAdminPwd(loginRequest.getPassword()).equals(authAdmin.getPassWord())) {
-//            throw new JsonException(ResultEnum.DATA_NOT, "用户名或密码错误");
-//        }
+        } else {
+            if (!PasswordUtils.authAdminPwd(loginRequest.getPassword()).equals(SecureUtil.sha256(authAdmin.getPassWord()))) {
+                throw new JsonException(ResultEnum.DATA_NOT, "用户名或密码错误");
+            }
+        }
         if (authAdmin.getUserFlag() == 0) {
             throw new JsonException(ResultEnum.DATA_NOT, "该用户已被禁用！");
         }
@@ -395,6 +396,7 @@ public class LoginController extends BaseController {
     private String WEB_TITLE;
     @Value("${WEB_SUB_TITLE}")
     private String WEB_SUB_TITLE;
+
     @GetMapping("/spms/getTitleConfig")
     public BaseResponse getTitleConfig() {
         WebTitleResponse webTitleResponse = new WebTitleResponse();

src/main/java/com/glxp/api/req/auth/UpdateUserRequset.java

@@ -21,6 +21,7 @@ public class UpdateUserRequset {
     @Pattern(regexp = Constant.passwordReg
             , message = "密码需要包含大写字母、小写字符、数字、特殊字符(含_.*%@!)其中任意三种,长度8-20位")
     private String newPassword;
+    private String oldPassword;
     private String confirmPassword;
     // 最后登录ip
     private String lastLoginIp;

src/main/java/com/glxp/api/util/PasswordUtils.java

@@ -1,5 +1,7 @@
 package com.glxp.api.util;
 
+import cn.hutool.crypto.SecureUtil;
+
 /**
  * 密码相关的工具类
  */
@@ -7,7 +9,7 @@ public class PasswordUtils {
 
     public static String authAdminPwd(String pwd) {
 //        return DigestUtils.md5DigestAsHex(DigestUtils.md5DigestAsHex(pwd.getBytes()).getBytes()).toLowerCase();
-        return pwd;
+        return SecureUtil.sha256(pwd);
     }
 
 }

src/main/resources/mybatis/mapper/auth/AuthAdminDao.xml

@@ -165,6 +165,9 @@
             <if test="comments != null">
                 comments=#{comments},
             </if>
+            <if test="lastUpdatePwdTime != null">
+                lastUpdatePwdTime=#{lastUpdatePwdTime},
+            </if>
         </set>
         WHERE id = #{id}
     </update>