From cd66690bd55f769400fde6675778752d10208caf Mon Sep 17 00:00:00 2001 From: mashuai Date: Wed, 5 Jun 2024 14:56:09 +0800 Subject: [PATCH] =?UTF-8?q?=E9=87=8D=E7=BD=AE=EF=BC=8C=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E5=8A=A0=E8=A7=A3=E5=AF=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../sgzb/common/core/constant/Constants.java | 21 ++++++++++++++++ .../controller/SysProfileController.java | 24 +++++++------------ .../system/controller/SysUserController.java | 9 ++++--- 3 files changed, 34 insertions(+), 20 deletions(-) diff --git a/sgzb-common/sgzb-common-core/src/main/java/com/bonus/sgzb/common/core/constant/Constants.java b/sgzb-common/sgzb-common-core/src/main/java/com/bonus/sgzb/common/core/constant/Constants.java index 481950e1..3c4049b1 100644 --- a/sgzb-common/sgzb-common-core/src/main/java/com/bonus/sgzb/common/core/constant/Constants.java +++ b/sgzb-common/sgzb-common-core/src/main/java/com/bonus/sgzb/common/core/constant/Constants.java @@ -132,4 +132,25 @@ public class Constants */ public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml", "org.springframework", "org.apache", "com.bonus.sgzb.common.core.utils.file" }; + + /** + * 系统初始密码 + */ + public static final String USER_PASSWORD = "NxCc@2024*"; + + /** + * 系统初始密码 + */ + public static final String CONFIG_KEY = "sys.user.initPassword"; + + /** + * 加密公钥 + */ + public static final String publicKey = "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKoR8mX0rGKLqzcWmOzbfj64K8ZIgOdHnzkXSOVOZbFu/TJhZ7rFAN+eaGkl3C4buccQd/EjEsj9ir7ijT7h96MCAwEAAQ=="; + + /** + * 解密私钥 + */ + public static final String privateKey = "MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAqhHyZfSsYourNxaY7Nt+PrgrxkiA50efORdI5U5lsW79MmFnusUA355oaSXcLhu5xxB38SMSyP2KvuKNPuH3owIDAQABAkAfoiLyL+Z4lf4Myxk6xUDgLaWGximj20CUf+5BKKnlrK+Ed8gAkM0HqoTt2UZwA5E2MzS4EI2gjfQhz5X28uqxAiEA3wNFxfrCZlSZHb0gn2zDpWowcSxQAgiCstxGUoOqlW8CIQDDOerGKH5OmCJ4Z21v+F25WaHYPxCFMvwxpcw99EcvDQIgIdhDTIqD2jfYjPTY8Jj3EDGPbH2HHuffvflECt3Ek60CIQCFRlCkHpi7hthhYhovyloRYsM+IS9h/0BzlEAuO0ktMQIgSPT3aFAgJYwKpqRYKlLDVcflZFCKY7u3UP8iWi1Qw0Y="; + } diff --git a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysProfileController.java b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysProfileController.java index caf260c4..c758da78 100644 --- a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysProfileController.java +++ b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysProfileController.java @@ -1,14 +1,9 @@ package com.bonus.sgzb.system.controller; -import java.io.File; -import java.io.FileOutputStream; -import java.io.InputStream; import java.util.Arrays; -import cn.hutool.core.util.IdUtil; -import com.bonus.sgzb.common.core.domain.R; -import com.bonus.sgzb.common.core.utils.DateTimeHelper; -import com.bonus.sgzb.system.api.domain.SysFile; +import com.bonus.sgzb.common.core.constant.Constants; +import com.bonus.sgzb.system.config.RsaUtil; import com.bonus.sgzb.system.domain.FileInfo; import com.bonus.sgzb.system.service.SysFileService; import org.apache.commons.lang3.ObjectUtils; @@ -28,11 +23,8 @@ import com.bonus.sgzb.system.api.RemoteFileService; import com.bonus.sgzb.system.api.domain.SysUser; import com.bonus.sgzb.system.api.model.LoginUser; import com.bonus.sgzb.system.service.ISysUserService; -import org.springframework.web.multipart.MultipartHttpServletRequest; -import org.springframework.web.multipart.commons.CommonsMultipartResolver; import javax.annotation.Resource; -import javax.servlet.http.HttpServletRequest; /** * 个人信息 业务处理 @@ -98,20 +90,22 @@ public class SysProfileController extends BaseController { */ @Log(title = "个人信息", businessType = BusinessType.UPDATE) @PutMapping("/updatePwd") - public AjaxResult updatePwd(String oldPassword, String newPassword) { + public AjaxResult updatePwd(String oldPassword, String newPassword) throws Exception { + String oldDecrypt = RsaUtil.decryptByPrivateKey(oldPassword, Constants.privateKey); + String newDecrypt = RsaUtil.decryptByPrivateKey(newPassword, Constants.privateKey); String username = SecurityUtils.getLoginUser().getUsername(); SysUser user = userService.selectUserByUserName(username); String password = user.getPassword(); - if (!SecurityUtils.matchesPassword(oldPassword, password)) { + if (!SecurityUtils.matchesPassword(oldDecrypt, password)) { return error("修改密码失败,旧密码错误"); } - if (SecurityUtils.matchesPassword(newPassword, password)) { + if (SecurityUtils.matchesPassword(newDecrypt, password)) { return error("新密码不能与旧密码相同"); } - if (userService.resetUserPwd(username, SecurityUtils.encryptPassword(newPassword)) > 0) { + if (userService.resetUserPwd(username, SecurityUtils.encryptPassword(newDecrypt)) > 0) { // 更新缓存用户密码 LoginUser loginUser = SecurityUtils.getLoginUser(); - loginUser.getSysUser().setPassword(SecurityUtils.encryptPassword(newPassword)); + loginUser.getSysUser().setPassword(SecurityUtils.encryptPassword(newDecrypt)); tokenService.setLoginUser(loginUser); return success(); } diff --git a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysUserController.java b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysUserController.java index 952639cd..3692a086 100644 --- a/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysUserController.java +++ b/sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysUserController.java @@ -5,7 +5,6 @@ import com.bonus.sgzb.common.core.constant.SecurityConstants; import com.bonus.sgzb.common.core.constant.UserConstants; import com.bonus.sgzb.common.core.domain.R; import com.bonus.sgzb.common.core.exception.ServiceException; -import com.bonus.sgzb.common.core.utils.GlobalConstants; import com.bonus.sgzb.common.core.utils.StringUtils; import com.bonus.sgzb.common.core.utils.poi.ExcelUtil; import com.bonus.sgzb.common.core.web.controller.BaseController; @@ -21,13 +20,13 @@ import com.bonus.sgzb.system.api.domain.SysDept; import com.bonus.sgzb.system.api.domain.SysRole; import com.bonus.sgzb.system.api.domain.SysUser; import com.bonus.sgzb.system.api.model.LoginUser; +import com.bonus.sgzb.system.config.RsaUtil; import com.bonus.sgzb.system.domain.po.UrgentProcessingUser; import com.bonus.sgzb.system.service.*; import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.lang3.ArrayUtils; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @@ -35,7 +34,6 @@ import org.springframework.web.multipart.MultipartFile; import javax.annotation.Resource; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -import java.util.ArrayList; import java.util.List; import java.util.Objects; import java.util.Set; @@ -268,10 +266,11 @@ public class SysUserController extends BaseController { @RequiresPermissions("system:user:edit") @Log(title = "用户管理", businessType = BusinessType.UPDATE) @PutMapping("/resetPwd") - public AjaxResult resetPwd(@RequestBody SysUser user) { + public AjaxResult resetPwd(@RequestBody SysUser user) throws Exception { + String decrypt = RsaUtil.decryptByPrivateKey(user.getPassword(), Constants.privateKey); userService.checkUserAllowed(user); userService.checkUserDataScope(user.getUserId()); - user.setPassword(SecurityUtils.encryptPassword(user.getPassword())); + user.setPassword(SecurityUtils.encryptPassword(decrypt)); user.setUpdateBy(SecurityUtils.getUsername()); return toAjax(userService.resetPwd(user)); }