修改重置加解密
This commit is contained in:
parent
bc2ee69dd7
commit
b8138072d4
|
|
@ -132,4 +132,25 @@ public class Constants
|
|||
*/
|
||||
public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml",
|
||||
"org.springframework", "org.apache", "com.bonus.sgzb.common.core.utils.file" };
|
||||
|
||||
/**
|
||||
* 系统初始密码
|
||||
*/
|
||||
public static final String USER_PASSWORD = "NwCc@2024*";
|
||||
|
||||
/**
|
||||
* 系统初始密码
|
||||
*/
|
||||
public static final String CONFIG_KEY = "sys.user.initPassword";
|
||||
|
||||
/**
|
||||
* 加密公钥
|
||||
*/
|
||||
public static final String publicKey = "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqzcWmOzbfj64K8ZIgOdHnzkXSOVOZbFu/TJhZ7rFAN+eaGkl3C4buccQd/EjEsj9ir7ijT7h96MCAwEAAQ==";
|
||||
|
||||
/**
|
||||
* 解密私钥
|
||||
*/
|
||||
public static final String privateKey = "MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqhHyZfSsYourNxaY7Nt+PrgrxkiA50efORdI5U5lsW79MmFnusUA355oaSXcLhu5xxB38SMSyP2KvuKNPuH3owIDAQABAkAfoiLyL+Z4lf4Myxk6xUDgLaWGximj20CUf+5BKKnlrK+Ed8gAkM0HqoTt2UZwA5E2MzS4EI2gjfQhz5X28uqxAiEA3wNFxfrCZlSZHb0gn2zDpWowcSxQAgiCstxGUoOqlW8CIQDDOerGKH5OmCJ4Z21v+F25WaHYPxCFMvwxpcw99EcvDQIgIdhDTIqD2jfYjPTY8Jj3EDGPbH2HHuffvflECt3Ek60CIQCFRlCkHpi7hthhYhovyloRYsM+IS9h/0BzlEAuO0ktMQIgSPT3aFAgJYwKpqRYKlLDVcflZFCKY7u3UP8iWi1Qw0Y=";
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,14 +1,9 @@
|
|||
package com.bonus.sgzb.system.controller;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.InputStream;
|
||||
import java.util.Arrays;
|
||||
|
||||
import cn.hutool.core.util.IdUtil;
|
||||
import com.bonus.sgzb.common.core.domain.R;
|
||||
import com.bonus.sgzb.common.core.utils.DateTimeHelper;
|
||||
import com.bonus.sgzb.system.api.domain.SysFile;
|
||||
import com.bonus.sgzb.common.core.constant.Constants;
|
||||
import com.bonus.sgzb.system.config.RsaUtil;
|
||||
import com.bonus.sgzb.system.domain.FileInfo;
|
||||
import com.bonus.sgzb.system.service.SysFileService;
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
|
|
@ -28,11 +23,8 @@ import com.bonus.sgzb.system.api.RemoteFileService;
|
|||
import com.bonus.sgzb.system.api.domain.SysUser;
|
||||
import com.bonus.sgzb.system.api.model.LoginUser;
|
||||
import com.bonus.sgzb.system.service.ISysUserService;
|
||||
import org.springframework.web.multipart.MultipartHttpServletRequest;
|
||||
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
/**
|
||||
* 个人信息 业务处理
|
||||
|
|
@ -98,20 +90,23 @@ public class SysProfileController extends BaseController {
|
|||
*/
|
||||
@Log(title = "个人信息", businessType = BusinessType.UPDATE)
|
||||
@PutMapping("/updatePwd")
|
||||
public AjaxResult updatePwd(String oldPassword, String newPassword) {
|
||||
public AjaxResult updatePwd(String oldPassword, String newPassword) throws Exception {
|
||||
//对新老密码进行解密
|
||||
String oldDecrypt = RsaUtil.decryptByPrivateKey(oldPassword, Constants.privateKey);
|
||||
String newDecrypt = RsaUtil.decryptByPrivateKey(newPassword, Constants.privateKey);
|
||||
String username = SecurityUtils.getUsername();
|
||||
SysUser user = userService.selectUserByUserName(username);
|
||||
String password = user.getPassword();
|
||||
if (!SecurityUtils.matchesPassword(oldPassword, password)) {
|
||||
if (!SecurityUtils.matchesPassword(oldDecrypt, password)) {
|
||||
return error("修改密码失败,旧密码错误");
|
||||
}
|
||||
if (SecurityUtils.matchesPassword(newPassword, password)) {
|
||||
if (SecurityUtils.matchesPassword(newDecrypt, password)) {
|
||||
return error("新密码不能与旧密码相同");
|
||||
}
|
||||
if (userService.resetUserPwd(username, SecurityUtils.encryptPassword(newPassword)) > 0) {
|
||||
if (userService.resetUserPwd(username, SecurityUtils.encryptPassword(newDecrypt)) > 0) {
|
||||
// 更新缓存用户密码
|
||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||
loginUser.getSysUser().setPassword(SecurityUtils.encryptPassword(newPassword));
|
||||
loginUser.getSysUser().setPassword(SecurityUtils.encryptPassword(newDecrypt));
|
||||
tokenService.setLoginUser(loginUser);
|
||||
return success();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ import com.bonus.sgzb.common.core.constant.SecurityConstants;
|
|||
import com.bonus.sgzb.common.core.constant.UserConstants;
|
||||
import com.bonus.sgzb.common.core.domain.R;
|
||||
import com.bonus.sgzb.common.core.exception.ServiceException;
|
||||
import com.bonus.sgzb.common.core.utils.GlobalConstants;
|
||||
import com.bonus.sgzb.common.core.utils.StringUtils;
|
||||
import com.bonus.sgzb.common.core.utils.poi.ExcelUtil;
|
||||
import com.bonus.sgzb.common.core.web.controller.BaseController;
|
||||
|
|
@ -21,11 +20,11 @@ import com.bonus.sgzb.system.api.domain.SysDept;
|
|||
import com.bonus.sgzb.system.api.domain.SysRole;
|
||||
import com.bonus.sgzb.system.api.domain.SysUser;
|
||||
import com.bonus.sgzb.system.api.model.LoginUser;
|
||||
import com.bonus.sgzb.system.config.RsaUtil;
|
||||
import com.bonus.sgzb.system.service.*;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.commons.collections4.CollectionUtils;
|
||||
import org.apache.commons.lang3.ArrayUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.validation.annotation.Validated;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
|
|
@ -33,7 +32,6 @@ import org.springframework.web.multipart.MultipartFile;
|
|||
import javax.annotation.Resource;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
|
|
@ -263,10 +261,12 @@ public class SysUserController extends BaseController {
|
|||
@RequiresPermissions("system:user:edit")
|
||||
@Log(title = "用户管理", businessType = BusinessType.UPDATE)
|
||||
@PutMapping("/resetPwd")
|
||||
public AjaxResult resetPwd(@RequestBody SysUser user) {
|
||||
public AjaxResult resetPwd(@RequestBody SysUser user) throws Exception {
|
||||
//对密码进行解密
|
||||
String decrypt = RsaUtil.decryptByPrivateKey(user.getPassword(), Constants.privateKey);
|
||||
userService.checkUserAllowed(user);
|
||||
userService.checkUserDataScope(user.getUserId());
|
||||
user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
|
||||
user.setPassword(SecurityUtils.encryptPassword(decrypt));
|
||||
user.setUpdateBy(SecurityUtils.getUsername());
|
||||
return toAjax(userService.resetPwd(user));
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue