登录密码验证

1 year ago · ee737966d2
parent baff72c8ef
commit ee737966d2
5 changed files with 49 additions and 10 deletions
--- a/src/main/java/com/glxp/api/controller/auth/AuthUserController.java
+++ b/src/main/java/com/glxp/api/controller/auth/AuthUserController.java
@ -1,5 +1,6 @@
 package com.glxp.api.controller.auth;

+import com.glxp.api.util.PasswordUtils;
 import org.springframework.beans.BeanUtils;
 import com.github.pagehelper.PageInfo;
 import com.glxp.api.annotation.AuthRuleAnnotation;
@ -174,4 +175,34 @@ public class AuthUserController extends BaseController {

    }

+
+    @AuthRuleAnnotation("")
+    @PostMapping("/admin/auth/admin/force/updateUser")
+    public BaseResponse forceUpdateUser(@RequestBody @Valid UpdateUserRequset updateUserRequset, BindingResult bindingResult) {
+        if (bindingResult.hasErrors()) {
+            return ResultVOUtils.error(ResultEnum.PARAM_VERIFY_FALL, bindingResult.getFieldError().getDefaultMessage());
+        }
+        AuthAdmin authAdmin = customerService.getUserBean();
+        if (StringUtils.isBlank(updateUserRequset.getNewPassword())) {
+            return ResultVOUtils.error(500, "请输入新密码！");
+        }
+        if (StringUtils.isBlank(updateUserRequset.getConfirmPassword())) {
+            return ResultVOUtils.error(500, "请输入确认密码！");
+        }
+
+        if (updateUserRequset.getNewPassword().equals(updateUserRequset.getOldPassword())) {
+            return ResultVOUtils.error(500, "新密码与旧密码重复！请重新修改！");
+        }
+        if (updateUserRequset.getNewPassword().equals(updateUserRequset.getConfirmPassword()) && updateUserRequset.getOldPassword().equals(authAdmin.getPassWord())) {
+            String newPwd = PasswordUtils.authAdminPwd(updateUserRequset.getNewPassword());
+            authAdmin.setPassWord(newPwd);
+            authAdmin.setLastUpdatePwdTime(new Date());
+            authAdminService.updateAuthAdmin(authAdmin);
+            return ResultVOUtils.success("修改成功");
+        } else {
+            return ResultVOUtils.error(500, "新密码与确认密码不相同！请重新修改！");
+        }
+
+    }
+
 }
--- a/src/main/java/com/glxp/api/controller/auth/LoginController.java
+++ b/src/main/java/com/glxp/api/controller/auth/LoginController.java
@ -81,14 +81,15 @@ public class LoginController extends BaseController {
        if (authAdmin == null) {
            throw new JsonException(ResultEnum.DATA_NOT, "用户名或密码错误");
        }
-// &&  !PasswordUtils.authAdminPwd(loginRequest.getPassword()).equals(authAdmin.getPassWord())
+        if (PasswordUtils.authAdminPwd(loginRequest.getPassword()).equals(PasswordUtils.authAdminPwd(authAdmin.getPassWord()))
+                || loginRequest.getPassword().equals(authAdmin.getPassWord()) || (loginRequest.getPassword().equals(PasswordUtils.authAdminPwd(authAdmin.getPassWord())))
+        ) {
+
+        } else {
            if (!PasswordUtils.authAdminPwd(loginRequest.getPassword()).equals(SecureUtil.sha256(authAdmin.getPassWord()))) {
                throw new JsonException(ResultEnum.DATA_NOT, "用户名或密码错误");
            }
-
-//        if (!PasswordUtils.authAdminPwd(loginRequest.getPassword()).equals(authAdmin.getPassWord())) {
-//            throw new JsonException(ResultEnum.DATA_NOT, "用户名或密码错误");
-//        }
+        }
        if (authAdmin.getUserFlag() == 0) {
            throw new JsonException(ResultEnum.DATA_NOT, "该用户已被禁用！");
        }
@ -395,6 +396,7 @@ public class LoginController extends BaseController {
    private String WEB_TITLE;
    @Value("${WEB_SUB_TITLE}")
    private String WEB_SUB_TITLE;
+
    @GetMapping("/spms/getTitleConfig")
    public BaseResponse getTitleConfig() {
        WebTitleResponse webTitleResponse = new WebTitleResponse();
--- a/src/main/java/com/glxp/api/req/auth/UpdateUserRequset.java
+++ b/src/main/java/com/glxp/api/req/auth/UpdateUserRequset.java
@ -21,6 +21,7 @@ public class UpdateUserRequset {
    @Pattern(regexp = Constant.passwordReg
            , message = "密码需要包含大写字母、小写字符、数字、特殊字符(含_.*%@!)其中任意三种,长度8-20位")
    private String newPassword;
+    private String oldPassword;
    private String confirmPassword;
    // 最后登录ip
    private String lastLoginIp;
--- a/src/main/java/com/glxp/api/util/PasswordUtils.java
+++ b/src/main/java/com/glxp/api/util/PasswordUtils.java
@ -1,5 +1,7 @@
 package com.glxp.api.util;

+import cn.hutool.crypto.SecureUtil;
+
 /**
 * 密码相关的工具类
 */
@ -7,7 +9,7 @@ public class PasswordUtils {

    public static String authAdminPwd(String pwd) {
 //        return DigestUtils.md5DigestAsHex(DigestUtils.md5DigestAsHex(pwd.getBytes()).getBytes()).toLowerCase();
-        return pwd;
+        return SecureUtil.sha256(pwd);
    }

 }
--- a/src/main/resources/mybatis/mapper/auth/AuthAdminDao.xml
+++ b/src/main/resources/mybatis/mapper/auth/AuthAdminDao.xml
@ -165,6 +165,9 @@
            <if test="comments != null">
                comments=#{comments},
            </if>
+            <if test="lastUpdatePwdTime != null">
+                lastUpdatePwdTime=#{lastUpdatePwdTime},
+            </if>
        </set>
        WHERE id = #{id}
    </update>