elink-star
/
epmet-cloud-zhengwu-yantai
12
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

数字社区修改密码 时填写原密码且加密 运营端

feature/evaluate
jianjun 3 years ago
parent
1e2438cd0a
commit
a9fad52a43
7 changed files with 98 additions and 40 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java
  2. 37
      epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java
  3. 7
      epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java
  4. 39
      epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java
  5. 18
      epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java
  6. 27
      epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java
  7. 5
      epmet-user/epmet-user-server/src/main/resources/bootstrap.yml

5
epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java
View File

@ -23,7 +23,10 @@ import java.io.Serializable;
@Data @Data
public class PasswordDTO implements Serializable { public class PasswordDTO implements Serializable {
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
/**
* 旧密码
*/
private String oldPassword;
@NotBlank(message="{sysuser.password.require}") @NotBlank(message="{sysuser.password.require}")
private String password; private String password;

37
epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java
View File

@ -37,6 +37,43 @@ public class PasswordUtils {
return passwordEncoder.matches(str, password); return passwordEncoder.matches(str, password);
} }
/**
* desc:校验密码规则是否
* 校验密码规则密码必须8-20个字符而且同时包含大小写字母和数字
* @param password
* @return
*/
public static boolean checkPassWordRule(String password) {
boolean flag=false;
if(password.length()<8||password.length()>20){
return flag;
}
boolean numFlag=false;
boolean bigLetter=false;
boolean smallLetter=false;
char[] passwordArray = password.toCharArray();
for(int i=0;i < passwordArray.length;i++) {
char currentStr=passwordArray[i];
// 判断ch是否是数字字符,如'1','2‘,是返回true。否则返回false
if(Character.isDigit(currentStr)){
numFlag=true;
continue;
}
// 判断ch是否是字母字符,如'a','b‘,是返回true。否则返回false
if(Character.isUpperCase(currentStr)){
bigLetter=true;
continue;
}
if(Character.isLowerCase(currentStr)){
smallLetter=true;
}
}
if(numFlag&&bigLetter&&smallLetter){
flag=true;
}
return flag;
}
public static void main(String[] args) { public static void main(String[] args) {
String str = "wangqing"; String str = "wangqing";

7
epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java
View File

@ -66,4 +66,11 @@ public class MineController {
} }
return mineService.resetPassword(formDTO); return mineService.resetPassword(formDTO);
} }
public static void main(String[] args) throws Exception {
String p= "R16c3yJqCMyRFTxElBeBexTVlW1GArItaVqEEyF3o3jXVwq0G08ck8wEdBAEyQI1y4uCsw3UBgx1mqiMbIfvdg==";
String privateKey= "MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N";
String newPassword = RSASignature.decryptByPrivateKey(p, privateKey);
System.out.println(newPassword);
}
} }

39
epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java
View File

@ -5,6 +5,7 @@ import com.epmet.commons.tools.constant.ServiceConstant;
import com.epmet.commons.tools.exception.EpmetErrorCode; import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.exception.RenException;
import com.epmet.commons.tools.security.dto.TokenDto; import com.epmet.commons.tools.security.dto.TokenDto;
import com.epmet.commons.tools.security.password.PasswordUtils;
import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.utils.Result;
import com.epmet.dto.form.StaffInfoFromDTO; import com.epmet.dto.form.StaffInfoFromDTO;
import com.epmet.dto.form.StaffResetPassWordFormDTO; import com.epmet.dto.form.StaffResetPassWordFormDTO;
@ -50,7 +51,7 @@ public class MineServiceImpl implements MineService {
throw new RenException(EpmetErrorCode.PASSWORD_NOT_FIT.getCode()); throw new RenException(EpmetErrorCode.PASSWORD_NOT_FIT.getCode());
} }
//2、校验密码规则:密码必须8-20个字符,而且同时包含大小写字母和数字 //2、校验密码规则:密码必须8-20个字符,而且同时包含大小写字母和数字
boolean flag=this.checkPassWord(formDTO.getNewPassword()); boolean flag= PasswordUtils.checkPassWordRule(formDTO.getNewPassword());
if(!flag){ if(!flag){
throw new RenException(EpmetErrorCode.PASSWORD_OUT_OF_ORDER.getCode()); throw new RenException(EpmetErrorCode.PASSWORD_OUT_OF_ORDER.getCode());
} }
@ -70,40 +71,4 @@ public class MineServiceImpl implements MineService {
} }
return new Result(); return new Result();
} }
private boolean checkPassWord(String password) {
boolean flag=false;
if(password.length()<8||password.length()>20){
logger.warn(String.format("密码长度应为8-20位,当前输入密码%s,长度为%s",password,password.length()));
return flag;
}
boolean numFlag=false;
boolean bigLetter=false;
boolean smallLetter=false;
char[] passwordArray = password.toCharArray();
for(int i=0;i < passwordArray.length;i++) {
char currentStr=passwordArray[i];
logger.info(String.format("当前字符%s",currentStr));
// 判断ch是否是数字字符,如'1','2‘,是返回true。否则返回false
if(Character.isDigit(currentStr)){
numFlag=true;
continue;
}
// 判断ch是否是字母字符,如'a','b‘,是返回true。否则返回false
if(Character.isUpperCase(currentStr)){
bigLetter=true;
continue;
}
if(Character.isLowerCase(currentStr)){
smallLetter=true;
continue;
}
}
if(numFlag&&bigLetter&&smallLetter){
flag=true;
}else{
logger.warn(String.format("当前密码%s,是否包含数字%s,是否包含大写字母%s,是否包含小写字母%s",password,numFlag,bigLetter,smallLetter));
}
return flag;
}
} }

18
epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java
View File

@ -25,6 +25,7 @@ import com.epmet.commons.tools.page.PageData;
import com.epmet.commons.tools.security.dto.TokenDto; import com.epmet.commons.tools.security.dto.TokenDto;
import com.epmet.commons.tools.utils.ConvertUtils; import com.epmet.commons.tools.utils.ConvertUtils;
import com.epmet.commons.tools.utils.ExcelUtils; import com.epmet.commons.tools.utils.ExcelUtils;
import com.epmet.commons.tools.utils.RSASignature;
import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.utils.Result;
import com.epmet.commons.tools.validator.AssertUtils; import com.epmet.commons.tools.validator.AssertUtils;
import com.epmet.commons.tools.validator.ValidatorUtils; import com.epmet.commons.tools.validator.ValidatorUtils;
@ -38,6 +39,7 @@ import com.epmet.excel.OperUserExcel;
import com.epmet.service.OperUserService; import com.epmet.service.OperUserService;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
@ -54,6 +56,8 @@ import java.util.Map;
@RestController @RestController
@RequestMapping("operuser") @RequestMapping("operuser")
public class OperUserController { public class OperUserController {
@Value("${epmet.login.privateKey}")
private String privateKey;
@Autowired @Autowired
private OperUserService operUserService; private OperUserService operUserService;
@ -94,10 +98,22 @@ public class OperUserController {
* @return * @return
*/ */
@PostMapping(value = "updatePwd") @PostMapping(value = "updatePwd")
public Result updatePwd(@LoginUser TokenDto tokenDto,@RequestBody PasswordDTO dto) { public Result updatePwd(@LoginUser TokenDto tokenDto,@RequestBody PasswordDTO dto) throws Exception {
if (StringUtils.isBlank(dto.getNewPassword()) && AppClientConstant.APP_OPER.equals(tokenDto.getClient())){ if (StringUtils.isBlank(dto.getNewPassword()) && AppClientConstant.APP_OPER.equals(tokenDto.getClient())){
throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(),"参数错误","参数错误"); throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(),"参数错误","参数错误");
} }
//解密密码
if (dto.getPassword().length() > 50) {
String confirmNewPassWord = RSASignature.decryptByPrivateKey(dto.getPassword(), privateKey);
String newPassword = RSASignature.decryptByPrivateKey(dto.getNewPassword(), privateKey);
dto.setPassword(confirmNewPassWord);
dto.setNewPassword(newPassword);
if (StringUtils.isNotBlank(dto.getOldPassword())){
String oldPassWord = RSASignature.decryptByPrivateKey(dto.getOldPassword(), privateKey);
dto.setOldPassword(oldPassWord);
}
}
//校验长度和 密码是否一致。
operUserService.updatePwd(tokenDto.getUserId(),dto); operUserService.updatePwd(tokenDto.getUserId(),dto);
return new Result(); return new Result();
} }

27
epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java
View File

@ -24,6 +24,9 @@ import com.epmet.commons.mybatis.service.impl.BaseServiceImpl;
import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.constant.AppClientConstant;
import com.epmet.commons.tools.constant.FieldConstant; import com.epmet.commons.tools.constant.FieldConstant;
import com.epmet.commons.tools.enums.SuperAdminEnum; import com.epmet.commons.tools.enums.SuperAdminEnum;
import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.EpmetException;
import com.epmet.commons.tools.exception.RenException;
import com.epmet.commons.tools.page.PageData; import com.epmet.commons.tools.page.PageData;
import com.epmet.commons.tools.security.password.PasswordUtils; import com.epmet.commons.tools.security.password.PasswordUtils;
import com.epmet.commons.tools.utils.ConvertUtils; import com.epmet.commons.tools.utils.ConvertUtils;
@ -147,13 +150,35 @@ public class OperUserServiceImpl extends BaseServiceImpl<OperUserDao, OperUserEn
@Override @Override
public void updatePwd(String userId, PasswordDTO dto) { public void updatePwd(String userId, PasswordDTO dto) {
//1、两次填写的密码需要保持一致
if(!dto.getNewPassword().equals(dto.getPassword())){
throw new RenException(EpmetErrorCode.PASSWORD_NOT_FIT.getCode());
}
//2、校验密码规则:密码必须8-20个字符,而且同时包含大小写字母和数字
boolean flag=PasswordUtils.checkPassWordRule(dto.getNewPassword());
if(!flag){
throw new RenException(EpmetErrorCode.PASSWORD_OUT_OF_ORDER.getCode());
}
OperUserDTO operUserDTO = baseDao.selectOperUserInfoById(userId);
if (operUserDTO == null){
throw new EpmetException(EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getCode());
}
//校验旧密码是否正确
if (StringUtils.isNotBlank(dto.getOldPassword())){
boolean matches = PasswordUtils.matches(dto.getOldPassword(), operUserDTO.getPassword());
if (!matches){
throw new EpmetException(EpmetErrorCode.ERR10004.getCode());
}
}
OperUserEntity param = new OperUserEntity(); OperUserEntity param = new OperUserEntity();
param.setPassword(PasswordUtils.encode(dto.getNewPassword())); param.setPassword(PasswordUtils.encode(dto.getNewPassword()));
param.setUpdatedTime(new Date()); param.setUpdatedTime(new Date());
param.setUpdatedBy(userId); param.setUpdatedBy(userId);
LambdaQueryWrapper<OperUserEntity> lambdaQueryWrapper = new LambdaQueryWrapper<>(); LambdaQueryWrapper<OperUserEntity> lambdaQueryWrapper = new LambdaQueryWrapper<>();
lambdaQueryWrapper.eq(OperUserEntity::getUserId,userId); lambdaQueryWrapper.eq(OperUserEntity::getUserId,userId);
baseDao.update(param, lambdaQueryWrapper);
baseDao.update(param, lambdaQueryWrapper);
} }
} }

5
epmet-user/epmet-user-server/src/main/resources/bootstrap.yml
View File

@ -185,3 +185,8 @@ thread:
keepAliveSeconds: @thread.threadPool.keep-alive-seconds@ keepAliveSeconds: @thread.threadPool.keep-alive-seconds@
threadNamePrefix: @thread.threadPool.thread-name-prefix@ threadNamePrefix: @thread.threadPool.thread-name-prefix@
rejectedExecutionHandler: @thread.threadPool.rejected-execution-handler@ rejectedExecutionHandler: @thread.threadPool.rejected-execution-handler@
epmet:
login:
publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjgDaHWqWgquoatbC4zzQCgqE8C425VIOyzJVVgH1HUYCHpuNUnGCv3HBAl2RsziWQqQgd1xxl0C3a5J4J69o8CAwEAAQ==
privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N

Write Preview
Loading…
Cancel
Save