修改重置加解密
This commit is contained in:
parent
bc2ee69dd7
commit
b8138072d4
|
|
@ -132,4 +132,25 @@ public class Constants
|
||||||
*/
|
*/
|
||||||
public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml",
|
public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml",
|
||||||
"org.springframework", "org.apache", "com.bonus.sgzb.common.core.utils.file" };
|
"org.springframework", "org.apache", "com.bonus.sgzb.common.core.utils.file" };
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 系统初始密码
|
||||||
|
*/
|
||||||
|
public static final String USER_PASSWORD = "NwCc@2024*";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 系统初始密码
|
||||||
|
*/
|
||||||
|
public static final String CONFIG_KEY = "sys.user.initPassword";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 加密公钥
|
||||||
|
*/
|
||||||
|
public static final String publicKey = "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqzcWmOzbfj64K8ZIgOdHnzkXSOVOZbFu/TJhZ7rFAN+eaGkl3C4buccQd/EjEsj9ir7ijT7h96MCAwEAAQ==";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 解密私钥
|
||||||
|
*/
|
||||||
|
public static final String privateKey = "MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqhHyZfSsYourNxaY7Nt+PrgrxkiA50efORdI5U5lsW79MmFnusUA355oaSXcLhu5xxB38SMSyP2KvuKNPuH3owIDAQABAkAfoiLyL+Z4lf4Myxk6xUDgLaWGximj20CUf+5BKKnlrK+Ed8gAkM0HqoTt2UZwA5E2MzS4EI2gjfQhz5X28uqxAiEA3wNFxfrCZlSZHb0gn2zDpWowcSxQAgiCstxGUoOqlW8CIQDDOerGKH5OmCJ4Z21v+F25WaHYPxCFMvwxpcw99EcvDQIgIdhDTIqD2jfYjPTY8Jj3EDGPbH2HHuffvflECt3Ek60CIQCFRlCkHpi7hthhYhovyloRYsM+IS9h/0BzlEAuO0ktMQIgSPT3aFAgJYwKpqRYKlLDVcflZFCKY7u3UP8iWi1Qw0Y=";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,9 @@
|
||||||
package com.bonus.sgzb.system.controller;
|
package com.bonus.sgzb.system.controller;
|
||||||
|
|
||||||
import java.io.File;
|
|
||||||
import java.io.FileOutputStream;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
|
||||||
import cn.hutool.core.util.IdUtil;
|
import com.bonus.sgzb.common.core.constant.Constants;
|
||||||
import com.bonus.sgzb.common.core.domain.R;
|
import com.bonus.sgzb.system.config.RsaUtil;
|
||||||
import com.bonus.sgzb.common.core.utils.DateTimeHelper;
|
|
||||||
import com.bonus.sgzb.system.api.domain.SysFile;
|
|
||||||
import com.bonus.sgzb.system.domain.FileInfo;
|
import com.bonus.sgzb.system.domain.FileInfo;
|
||||||
import com.bonus.sgzb.system.service.SysFileService;
|
import com.bonus.sgzb.system.service.SysFileService;
|
||||||
import org.apache.commons.lang3.ObjectUtils;
|
import org.apache.commons.lang3.ObjectUtils;
|
||||||
|
|
@ -28,11 +23,8 @@ import com.bonus.sgzb.system.api.RemoteFileService;
|
||||||
import com.bonus.sgzb.system.api.domain.SysUser;
|
import com.bonus.sgzb.system.api.domain.SysUser;
|
||||||
import com.bonus.sgzb.system.api.model.LoginUser;
|
import com.bonus.sgzb.system.api.model.LoginUser;
|
||||||
import com.bonus.sgzb.system.service.ISysUserService;
|
import com.bonus.sgzb.system.service.ISysUserService;
|
||||||
import org.springframework.web.multipart.MultipartHttpServletRequest;
|
|
||||||
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
|
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 个人信息 业务处理
|
* 个人信息 业务处理
|
||||||
|
|
@ -98,20 +90,23 @@ public class SysProfileController extends BaseController {
|
||||||
*/
|
*/
|
||||||
@Log(title = "个人信息", businessType = BusinessType.UPDATE)
|
@Log(title = "个人信息", businessType = BusinessType.UPDATE)
|
||||||
@PutMapping("/updatePwd")
|
@PutMapping("/updatePwd")
|
||||||
public AjaxResult updatePwd(String oldPassword, String newPassword) {
|
public AjaxResult updatePwd(String oldPassword, String newPassword) throws Exception {
|
||||||
|
//对新老密码进行解密
|
||||||
|
String oldDecrypt = RsaUtil.decryptByPrivateKey(oldPassword, Constants.privateKey);
|
||||||
|
String newDecrypt = RsaUtil.decryptByPrivateKey(newPassword, Constants.privateKey);
|
||||||
String username = SecurityUtils.getUsername();
|
String username = SecurityUtils.getUsername();
|
||||||
SysUser user = userService.selectUserByUserName(username);
|
SysUser user = userService.selectUserByUserName(username);
|
||||||
String password = user.getPassword();
|
String password = user.getPassword();
|
||||||
if (!SecurityUtils.matchesPassword(oldPassword, password)) {
|
if (!SecurityUtils.matchesPassword(oldDecrypt, password)) {
|
||||||
return error("修改密码失败,旧密码错误");
|
return error("修改密码失败,旧密码错误");
|
||||||
}
|
}
|
||||||
if (SecurityUtils.matchesPassword(newPassword, password)) {
|
if (SecurityUtils.matchesPassword(newDecrypt, password)) {
|
||||||
return error("新密码不能与旧密码相同");
|
return error("新密码不能与旧密码相同");
|
||||||
}
|
}
|
||||||
if (userService.resetUserPwd(username, SecurityUtils.encryptPassword(newPassword)) > 0) {
|
if (userService.resetUserPwd(username, SecurityUtils.encryptPassword(newDecrypt)) > 0) {
|
||||||
// 更新缓存用户密码
|
// 更新缓存用户密码
|
||||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||||
loginUser.getSysUser().setPassword(SecurityUtils.encryptPassword(newPassword));
|
loginUser.getSysUser().setPassword(SecurityUtils.encryptPassword(newDecrypt));
|
||||||
tokenService.setLoginUser(loginUser);
|
tokenService.setLoginUser(loginUser);
|
||||||
return success();
|
return success();
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,6 @@ import com.bonus.sgzb.common.core.constant.SecurityConstants;
|
||||||
import com.bonus.sgzb.common.core.constant.UserConstants;
|
import com.bonus.sgzb.common.core.constant.UserConstants;
|
||||||
import com.bonus.sgzb.common.core.domain.R;
|
import com.bonus.sgzb.common.core.domain.R;
|
||||||
import com.bonus.sgzb.common.core.exception.ServiceException;
|
import com.bonus.sgzb.common.core.exception.ServiceException;
|
||||||
import com.bonus.sgzb.common.core.utils.GlobalConstants;
|
|
||||||
import com.bonus.sgzb.common.core.utils.StringUtils;
|
import com.bonus.sgzb.common.core.utils.StringUtils;
|
||||||
import com.bonus.sgzb.common.core.utils.poi.ExcelUtil;
|
import com.bonus.sgzb.common.core.utils.poi.ExcelUtil;
|
||||||
import com.bonus.sgzb.common.core.web.controller.BaseController;
|
import com.bonus.sgzb.common.core.web.controller.BaseController;
|
||||||
|
|
@ -21,11 +20,11 @@ import com.bonus.sgzb.system.api.domain.SysDept;
|
||||||
import com.bonus.sgzb.system.api.domain.SysRole;
|
import com.bonus.sgzb.system.api.domain.SysRole;
|
||||||
import com.bonus.sgzb.system.api.domain.SysUser;
|
import com.bonus.sgzb.system.api.domain.SysUser;
|
||||||
import com.bonus.sgzb.system.api.model.LoginUser;
|
import com.bonus.sgzb.system.api.model.LoginUser;
|
||||||
|
import com.bonus.sgzb.system.config.RsaUtil;
|
||||||
import com.bonus.sgzb.system.service.*;
|
import com.bonus.sgzb.system.service.*;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.apache.commons.collections4.CollectionUtils;
|
import org.apache.commons.collections4.CollectionUtils;
|
||||||
import org.apache.commons.lang3.ArrayUtils;
|
import org.apache.commons.lang3.ArrayUtils;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.validation.annotation.Validated;
|
import org.springframework.validation.annotation.Validated;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import org.springframework.web.multipart.MultipartFile;
|
import org.springframework.web.multipart.MultipartFile;
|
||||||
|
|
@ -33,7 +32,6 @@ import org.springframework.web.multipart.MultipartFile;
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
@ -263,10 +261,12 @@ public class SysUserController extends BaseController {
|
||||||
@RequiresPermissions("system:user:edit")
|
@RequiresPermissions("system:user:edit")
|
||||||
@Log(title = "用户管理", businessType = BusinessType.UPDATE)
|
@Log(title = "用户管理", businessType = BusinessType.UPDATE)
|
||||||
@PutMapping("/resetPwd")
|
@PutMapping("/resetPwd")
|
||||||
public AjaxResult resetPwd(@RequestBody SysUser user) {
|
public AjaxResult resetPwd(@RequestBody SysUser user) throws Exception {
|
||||||
|
//对密码进行解密
|
||||||
|
String decrypt = RsaUtil.decryptByPrivateKey(user.getPassword(), Constants.privateKey);
|
||||||
userService.checkUserAllowed(user);
|
userService.checkUserAllowed(user);
|
||||||
userService.checkUserDataScope(user.getUserId());
|
userService.checkUserDataScope(user.getUserId());
|
||||||
user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
|
user.setPassword(SecurityUtils.encryptPassword(decrypt));
|
||||||
user.setUpdateBy(SecurityUtils.getUsername());
|
user.setUpdateBy(SecurityUtils.getUsername());
|
||||||
return toAjax(userService.resetPwd(user));
|
return toAjax(userService.resetPwd(user));
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue