From e10efae34a92fdcb6451f1a6a823a72b8c394d43 Mon Sep 17 00:00:00 2001
From: yn147 <2270338776@qq.com>
Date: 星期四, 13 四月 2023 14:27:26 +0800
Subject: [PATCH] 密码加密
---
src/main/java/com/qxueyou/scc/user/service/impl/UserService.java | 37 ++++++++++++++----
src/main/java/com/qxueyou/scc/user/model/User.java | 13 ++++++
src/main/java/com/qxueyou/scc/sys/action/LoginController.java | 37 ++++++++++++------
3 files changed, 67 insertions(+), 20 deletions(-)
diff --git a/src/main/java/com/qxueyou/scc/sys/action/LoginController.java b/src/main/java/com/qxueyou/scc/sys/action/LoginController.java
index 81ed905..859e5e5 100644
--- a/src/main/java/com/qxueyou/scc/sys/action/LoginController.java
+++ b/src/main/java/com/qxueyou/scc/sys/action/LoginController.java
@@ -24,6 +24,7 @@
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Controller;
+import org.springframework.util.DigestUtils;
import org.springframework.web.bind.annotation.*;
import com.qxueyou.scc.admin.teacher.service.ITeacherService;
@@ -183,8 +184,8 @@
// 鏌ヨ鐢ㄦ埛淇℃伅
String uuNumber=null;
String uuReNumber=null;
- String hql = "from User where deleteFlag is false and account = ? and password = ? ";
- List<Object> params = CollectionUtils.newList(account,password);
+ String hql = "from User where deleteFlag is false and account = ?";
+ List<Object> params = CollectionUtils.newList(account);
User user = commonDAO.findUnique(hql,params, User.class);
if (user == null ) {
return new Result(false, "鐢ㄦ埛璐︽埛銆佸瘑鐮侀敊璇�");
@@ -213,6 +214,12 @@
}
// 鎻掑叆鏃ュ織
insertLoginLog(request, user, account, "SYS-LOGIN");
+ String salt = user.getSalt();
+ String newPassword= DigestUtils.md5DigestAsHex((salt+password).getBytes());
+ //姣旇緝鐢ㄦ埛杈撳叆鐨勫瘑鐮佸姞瀵嗗悗鐨勫瓧绗︿覆鏄惁璺熸敞鍐屾椂濉啓鐨勫姞瀵嗗瘑鐮佺浉鍚�
+ if (!newPassword.equals(user.getPassword())) {
+ return new Result(false, "鐢ㄦ埛璐︽埛銆佸瘑鐮侀敊璇垨缂哄皯鍑瘉");
+ }
// 杩斿洖
return new Result(true, "楠岃瘉鎴愬姛",CollectionUtils.newObjectMap("uuNumber",uuNumber,"uuReNumber",uuReNumber));
}
@@ -374,16 +381,16 @@
List<Object> params = null;
// boolean flag=true;
if ("study".equals(logType)) {
- hql = "from User where deleteFlag is false and account = ? and password = ? ";
- params = CollectionUtils.newList(account, password);
+ hql = "from User where deleteFlag is false and account = ?";
+ params = CollectionUtils.newList(account);
}else if("portal".equals(logType)){
- hql = "from User where deleteFlag is false and mobilePhone = ? and password = ? ";
- params = CollectionUtils.newList(account, password);
+ hql = "from User where deleteFlag is false and mobilePhone = ?";
+ params = CollectionUtils.newList(account);
}else{
if(StringUtils.isEmpty(password)) {
return new Result(false, "鐢ㄦ埛瀵嗙爜涓嶈兘涓虹┖");
}
- hql = "from User where deleteFlag is false and account = ? and password = ? ";
+ hql = "from User where deleteFlag is false and account = ? and password = ?";
params = CollectionUtils.newList(account,password);
}
@@ -406,13 +413,19 @@
// request.getSession().removeAttribute("uuReNumber");
// }
+ if (user == null) {
+ return new Result(false, "鐢ㄦ埛璐︽埛涓嶅瓨鍦�");
+ }
// 鎻掑叆鏃ュ織
insertLoginLog(request, user, account, "SYS-LOGIN");
-
- //鑰冭瘯鐧诲綍浼氭帶鍒秄lag鍙橀噺 鍏朵粬鐧诲綍涓嶄細 榛樿true
- if (user == null) {
- return new Result(false, "鐢ㄦ埛璐︽埛銆佸瘑鐮侀敊璇垨缂哄皯鍑瘉");
- }
+ String salt = user.getSalt();
+ String newPassword= DigestUtils.md5DigestAsHex((salt+password).getBytes());
+ //姣旇緝鐢ㄦ埛杈撳叆鐨勫瘑鐮佸姞瀵嗗悗鐨勫瓧绗︿覆鏄惁璺熸敞鍐屾椂濉啓鐨勫姞瀵嗗瘑鐮佺浉鍚�
+ if("study".equals(logType) || "portal".equals(logType)){
+ if (!newPassword.equals(user.getPassword())) {
+ return new Result(false, "鐢ㄦ埛璐︽埛銆佸瘑鐮侀敊璇垨缂哄皯鍑瘉");
+ }
+ }
// 杩斿洖鐢ㄦ埛鍩烘湰淇℃伅
return this.loginValidate(user, 1, request, response, logType, platForm, organizationId);
diff --git a/src/main/java/com/qxueyou/scc/user/model/User.java b/src/main/java/com/qxueyou/scc/user/model/User.java
index 7975abc..a460450 100644
--- a/src/main/java/com/qxueyou/scc/user/model/User.java
+++ b/src/main/java/com/qxueyou/scc/user/model/User.java
@@ -38,6 +38,19 @@
@JsonIgnore
private String createId;
+
+ @Column(name = "SALT", nullable = false, length = 32)
+ @JsonIgnore
+ private String salt;
+
+ public String getSalt() {
+ return salt;
+ }
+
+ public void setSalt(String salt) {
+ this.salt = salt;
+ }
+
/**
* 鍒涘缓鏃堕棿
*/
diff --git a/src/main/java/com/qxueyou/scc/user/service/impl/UserService.java b/src/main/java/com/qxueyou/scc/user/service/impl/UserService.java
index 3610bfb..7820d96 100644
--- a/src/main/java/com/qxueyou/scc/user/service/impl/UserService.java
+++ b/src/main/java/com/qxueyou/scc/user/service/impl/UserService.java
@@ -1,6 +1,7 @@
package com.qxueyou.scc.user.service.impl;
import java.util.List;
+import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
@@ -20,6 +21,7 @@
import com.qxueyou.scc.user.model.User;
import com.qxueyou.scc.user.model.UserReRoleUser;
import com.qxueyou.scc.user.service.IUserService;
+import org.springframework.util.DigestUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
@@ -85,13 +87,18 @@
}
private User newUser(String name, String account, String mobilePhone, String password, Boolean sex, String orgId) {
-
+ //闅忔満瀛楃涓�
+ String salt= UUID.randomUUID().toString();
User user = new User();
TraceUtils.setCreateTrace(user);
user.setAccount(account);
user.setName(name);
+ //鐩愬��
+ user.setSalt(salt);
+ //瀵瑰瘑鐮佽繘琛屽姞瀵嗗鐞�
+ String newPassword= DigestUtils.md5DigestAsHex((salt+password).getBytes());
+ user.setPassword(newPassword);
user.setMobilePhone(mobilePhone);
- user.setPassword(password);
user.setSex(sex);
user.setOrganizationId(orgId);
save(user);
@@ -125,11 +132,18 @@
@Override
public Result updatePassword(String userId, String usedPass, String pass) {
User user = read(User.class, userId);
+ //闅忔満瀛楃涓�
+ String salt= UUID.randomUUID().toString();
+ //鐩愬��
+ user.setSalt(salt);
+ //瀵瑰瘑鐮佽繘琛屽姞瀵嗗鐞�
+ String newPassword= DigestUtils.md5DigestAsHex((salt+pass).getBytes());
+ String newPasswords= DigestUtils.md5DigestAsHex((salt+usedPass).getBytes());
if (StringUtils.isNotBlank(usedPass) && StringUtils.isNotBlank(pass)) {
- if (!user.getPassword().equals(usedPass)) {
+ if (!user.getPassword().equals(newPasswords)) {
return new Result(false, "杈撳叆鐨勬棫瀵嗙爜閿欒");
}
- user.setPassword(pass);
+ user.setPassword(newPassword);
}
TraceUtils.setUpdateTrace(user);
save(user);
@@ -177,8 +191,14 @@
public Result updatePassword(String userId, String password) {
User user = read(User.class, userId);
+ //闅忔満瀛楃涓�
+ String salt= UUID.randomUUID().toString();
+ //鐩愬��
+ user.setSalt(salt);
+ //瀵瑰瘑鐮佽繘琛屽姞瀵嗗鐞�
+ String newPassword= DigestUtils.md5DigestAsHex((salt+password).getBytes());
TraceUtils.setUpdateTrace(user);
- user.setPassword(password);
+ user.setPassword(newPassword);
save(user);
@@ -219,11 +239,12 @@
Boolean sex) {
User dbUser = read(User.class, userId);
-
+ String salt = dbUser.getSalt();
+ String newPassword= DigestUtils.md5DigestAsHex((salt+password).getBytes());
if (dbUser.getAccount().equals(account)) {
dbUser.setName(name);
dbUser.setMobilePhone(mobilePhone);
- dbUser.setPassword(password);
+ dbUser.setPassword(newPassword);
TraceUtils.setCreateTrace(dbUser);
save(dbUser);
return new Result(true, "success");
@@ -236,7 +257,7 @@
dbUser.setAccount(account);
dbUser.setName(name);
dbUser.setMobilePhone(mobilePhone);
- dbUser.setPassword(password);
+ dbUser.setPassword(newPassword);
TraceUtils.setCreateTrace(dbUser);
save(dbUser);
return new Result(true, "success");
--
Gitblit v1.8.0