Merge branch 'master' of http://git.elinkit.com.cn:7070/r/epmet-cloud into wxz_oper_access

3 years ago · 6bd0bbdd85
14 changed files with 188 additions and 51 deletions
--- a/epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java
+++ b/epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java
@ -23,7 +23,10 @@ import java.io.Serializable;
@Data
 public class PasswordDTO implements Serializable {
    private static final long serialVersionUID = 1L;
-
+    /**
+     * 旧密码
+     */
+    private String oldPassword;
    @NotBlank(message="{sysuser.password.require}")
    private String password;

--- a/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java
+++ b/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java
@ -1,6 +1,7 @@
 package com.epmet.controller;

 import com.epmet.auth.dto.result.BlockChainStaffAuthResultDTO;
+import com.epmet.commons.tools.constant.NumConstant;
 import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.ValidatorUtils;
@ -9,6 +10,7 @@ import com.epmet.dto.form.GovWebLoginFormDTO;
 import com.epmet.dto.result.UserTokenResultDTO;
 import com.epmet.service.GovWebService;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.PostMapping;
@ -44,10 +46,14 @@ public class GovWebController {
        ValidatorUtils.validateEntity(formDTO);

        try {
-            if (formDTO.getPassword().length() > 50) {
+            if (StringUtils.isNotBlank(formDTO.getPassword())&&formDTO.getPassword().length() > NumConstant.FIFTY) {
                String newPassword = RSASignature.decryptByPrivateKey(formDTO.getPassword(), privateKey);
                formDTO.setPassword(newPassword);
            }
+            if (StringUtils.isNotBlank(formDTO.getPhone())&&formDTO.getPhone().length() > NumConstant.FIFTY) {
+                String phone = RSASignature.decryptByPrivateKey(formDTO.getPhone(), privateKey);
+                formDTO.setPhone(phone);
+            }

        } catch (Exception e) {
            log.error("method exception", e);
--- a/epmet-auth/src/main/java/com/epmet/controller/LoginController.java
+++ b/epmet-auth/src/main/java/com/epmet/controller/LoginController.java
@ -1,8 +1,10 @@
 package com.epmet.controller;

 import com.epmet.commons.tools.annotation.LoginUser;
+import com.epmet.commons.tools.constant.NumConstant;
 import com.epmet.commons.tools.exception.ErrorCode;
 import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.AssertUtils;
 import com.epmet.commons.tools.validator.ValidatorUtils;
@ -15,6 +17,7 @@ import com.epmet.service.LoginService;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.*;

 import javax.imageio.ImageIO;
@ -36,6 +39,8 @@ import java.util.Arrays;
@RestController
@RequestMapping("login")
 public class LoginController {
+	@Value("${epmet.login.privateKey}")
+	private String privateKey;
 	@Autowired
 	private CaptchaService captchaService;

@ -90,11 +95,23 @@ public class LoginController {
 	 * @Date 2020/3/14 19:46
 	 **/
 	@PostMapping("/operweb/loginbypassword")
-	public Result<UserTokenResultDTO> loginByPassword(@RequestBody LoginByPassWordFormDTO formDTO) {
+	public Result<UserTokenResultDTO> loginByPassword(@RequestBody LoginByPassWordFormDTO formDTO) throws Exception {
 		//效验数据
 		ValidatorUtils.validateEntity(formDTO);
-		Result<UserTokenResultDTO> result = loginService.loginByPassword(formDTO);
-		return result;
+		//解密密码
+		if (StringUtils.isNotBlank(formDTO.getPhone())&&formDTO.getPhone().length() > NumConstant.FIFTY) {
+			String phone = RSASignature.decryptByPrivateKey(formDTO.getPhone(), privateKey);
+			formDTO.setPhone(phone);
+		}
+		if (StringUtils.isNotBlank(formDTO.getMobile())&&formDTO.getMobile().length() > NumConstant.FIFTY) {
+			String phone = RSASignature.decryptByPrivateKey(formDTO.getMobile(), privateKey);
+			formDTO.setMobile(phone);
+		}
+		if (StringUtils.isNotBlank(formDTO.getPassword())&&formDTO.getPassword().length() > NumConstant.FIFTY) {
+			String confirmNewPassWord = RSASignature.decryptByPrivateKey(formDTO.getPassword(), privateKey);
+			formDTO.setPassword(confirmNewPassWord);
+		}
+		return loginService.loginByPassword(formDTO);
 	}

 	/**
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java
@ -37,6 +37,43 @@ public class PasswordUtils {
        return passwordEncoder.matches(str, password);
    }

+    /**
+     * desc:校验密码规则是否
+     * 校验密码规则：密码必须8-20个字符，而且同时包含大小写字母和数字
+     * @param password
+     * @return
+     */
+    public static boolean checkPassWordRule(String password) {
+        boolean flag=false;
+        if(password.length()<8||password.length()>20){
+            return flag;
+        }
+        boolean numFlag=false;
+        boolean bigLetter=false;
+        boolean smallLetter=false;
+        char[] passwordArray = password.toCharArray();
+        for(int i=0;i < passwordArray.length;i++) {
+            char currentStr=passwordArray[i];
+            // 判断ch是否是数字字符，如'1'，'2‘，是返回true。否则返回false
+            if(Character.isDigit(currentStr)){
+                numFlag=true;
+                continue;
+            }
+            // 判断ch是否是字母字符，如'a'，'b‘，是返回true。否则返回false
+            if(Character.isUpperCase(currentStr)){
+                bigLetter=true;
+                continue;
+            }
+            if(Character.isLowerCase(currentStr)){
+                smallLetter=true;
+            }
+        }
+        if(numFlag&&bigLetter&&smallLetter){
+            flag=true;
+        }
+        return flag;
+    }
+

    public static void main(String[] args) {
        String str = "wangqing";
--- a/epmet-module/gov-mine/gov-mine-client/src/main/java/com/epmet/dto/form/StaffResetPassWordFormDTO.java
+++ b/epmet-module/gov-mine/gov-mine-client/src/main/java/com/epmet/dto/form/StaffResetPassWordFormDTO.java
@ -22,6 +22,10 @@ public class StaffResetPassWordFormDTO implements Serializable {
    public interface AddUserShowGroup extends CustomerClientShowGroup {
    }

+    /**
+     * 旧密码
+     */
+    private String oldPassword;
    @NotBlank(message = "新密码不能为空", groups = {AddUserShowGroup.class})
    private String newPassword;
    @NotBlank(message = "确认新密码不能为空", groups = {AddUserShowGroup.class})
--- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java
+++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java
@ -2,12 +2,15 @@ package com.epmet.controller;

 import com.epmet.commons.tools.annotation.LoginUser;
 import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.ValidatorUtils;
 import com.epmet.dto.form.StaffResetPassWordFormDTO;
 import com.epmet.dto.result.MineResultDTO;
 import com.epmet.service.MineService;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@ -21,6 +24,8 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("mine")
 public class MineController {
+	@Value("${epmet.login.privateKey}")
+	private String privateKey;
 	@Autowired
 	private MineService mineService;

@ -45,9 +50,27 @@ public class MineController {
 	 * @Date 2020/7/1 9:59
 	 **/
 	@PostMapping("resetpassword")
-	public Result resetPassword(@LoginUser TokenDto tokenDto, @RequestBody StaffResetPassWordFormDTO formDTO) {
+	public Result resetPassword(@LoginUser TokenDto tokenDto, @RequestBody StaffResetPassWordFormDTO formDTO) throws Exception {
 		formDTO.setStaffId(tokenDto.getUserId());
 		ValidatorUtils.validateEntity(formDTO, StaffResetPassWordFormDTO.AddUserShowGroup.class, StaffResetPassWordFormDTO.AddUserInternalGroup.class);
+		//解密密码
+		if (formDTO.getConfirmNewPassword().length() > 50) {
+			String confirmNewPassWord = RSASignature.decryptByPrivateKey(formDTO.getConfirmNewPassword(), privateKey);
+			String newPassword = RSASignature.decryptByPrivateKey(formDTO.getNewPassword(), privateKey);
+			formDTO.setConfirmNewPassword(confirmNewPassWord);
+			formDTO.setNewPassword(newPassword);
+			if (StringUtils.isNotBlank(formDTO.getOldPassword())){
+				String oldPassWord = RSASignature.decryptByPrivateKey(formDTO.getOldPassword(), privateKey);
+				formDTO.setOldPassword(oldPassWord);
+			}
+		}
 		return mineService.resetPassword(formDTO);
 	}
+
+	public static void main(String[] args) throws Exception {
+		String p= "R16c3yJqCMyRFTxElBeBexTVlW1GArItaVqEEyF3o3jXVwq0G08ck8wEdBAEyQI1y4uCsw3UBgx1mqiMbIfvdg==";
+		String privateKey= "MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N";
+		String newPassword = RSASignature.decryptByPrivateKey(p, privateKey);
+		System.out.println(newPassword);
+	}
 }
--- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java
+++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java
@ -5,6 +5,7 @@ import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.security.password.PasswordUtils;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.dto.form.StaffInfoFromDTO;
 import com.epmet.dto.form.StaffResetPassWordFormDTO;
@ -50,7 +51,7 @@ public class MineServiceImpl implements MineService {
 			throw new RenException(EpmetErrorCode.PASSWORD_NOT_FIT.getCode());
 		}
 		//2、校验密码规则：密码必须8-20个字符，而且同时包含大小写字母和数字
-		boolean flag=this.checkPassWord(formDTO.getNewPassword());
+		boolean flag= PasswordUtils.checkPassWordRule(formDTO.getNewPassword());
 		if(!flag){
 			throw new RenException(EpmetErrorCode.PASSWORD_OUT_OF_ORDER.getCode());
 		}
@ -59,50 +60,15 @@ public class MineServiceImpl implements MineService {
 		staffResetPwFormDTO.setNewPassword(formDTO.getNewPassword());
 		staffResetPwFormDTO.setConfirmNewPassword(formDTO.getConfirmNewPassword());
 		staffResetPwFormDTO.setStaffId(formDTO.getStaffId());
+		staffResetPwFormDTO.setOldPassword(formDTO.getOldPassword());
 		Result updatePassWordResult=epmetUserOpenFeignClient.resetStaffPassword(staffResetPwFormDTO);
 		if(updatePassWordResult.success()){
 			logger.info(String.format("调用%s服务,修改密码成功", ServiceConstant.EPMET_USER_SERVER));
 		}else{
 			logger.warn(String.format("调用%s服务,修改密码失败,返参:%s", ServiceConstant.EPMET_USER_SERVER,
 					JSON.toJSONString(updatePassWordResult)));
-			return new Result().error(EpmetErrorCode.PASSWORD_UPDATE_FAILED.getCode());
+			return new Result().error(EpmetErrorCode.PASSWORD_UPDATE_FAILED.getCode(),updatePassWordResult.getMsg());
 		}
 		return new Result();
 	}
-
-	private boolean checkPassWord(String password) {
-		boolean flag=false;
-		if(password.length()<8||password.length()>20){
-			logger.warn(String.format("密码长度应为8-20位，当前输入密码%s,长度为%s",password,password.length()));
-			return flag;
-		}
-		boolean numFlag=false;
-		boolean bigLetter=false;
-		boolean smallLetter=false;
-		char[] passwordArray = password.toCharArray();
-		for(int i=0;i < passwordArray.length;i++) {
-			char currentStr=passwordArray[i];
-			logger.info(String.format("当前字符%s",currentStr));
-			// 判断ch是否是数字字符，如'1'，'2‘，是返回true。否则返回false
-			if(Character.isDigit(currentStr)){
-				numFlag=true;
-				continue;
-			}
-			// 判断ch是否是字母字符，如'a'，'b‘，是返回true。否则返回false
-			if(Character.isUpperCase(currentStr)){
-				bigLetter=true;
-				continue;
-			}
-			if(Character.isLowerCase(currentStr)){
-				smallLetter=true;
-				continue;
-			}
-		}
-		if(numFlag&&bigLetter&&smallLetter){
-			flag=true;
-		}else{
-			logger.warn(String.format("当前密码%s,是否包含数字%s,是否包含大写字母%s,是否包含小写字母%s",password,numFlag,bigLetter,smallLetter));
-		}
-		return flag;
-	}
 }
--- a/epmet-module/gov-mine/gov-mine-server/src/main/resources/bootstrap.yml
+++ b/epmet-module/gov-mine/gov-mine-server/src/main/resources/bootstrap.yml
@ -119,3 +119,8 @@ thread:
    keepAliveSeconds: @thread.threadPool.keep-alive-seconds@
    threadNamePrefix: @thread.threadPool.thread-name-prefix@
    rejectedExecutionHandler: @thread.threadPool.rejected-execution-handler@
+epmet:
+  login:
+    publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjgDaHWqWgquoatbC4zzQCgqE8C425VIOyzJVVgH1HUYCHpuNUnGCv3HBAl2RsziWQqQgd1xxl0C3a5J4J69o8CAwEAAQ==
+    privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N
+
--- a/epmet-user/epmet-user-client/src/main/java/com/epmet/dto/form/StaffResetPwFormDTO.java
+++ b/epmet-user/epmet-user-client/src/main/java/com/epmet/dto/form/StaffResetPwFormDTO.java
@ -22,7 +22,10 @@ public class StaffResetPwFormDTO implements Serializable {

    public interface AddUserShowGroup extends CustomerClientShowGroup {
    }
-
+    /**
+     * 旧密码
+     */
+    private String oldPassword;
    @NotBlank(message = "新密码不能为空", groups = {AddUserShowGroup.class})
    private String newPassword;
    @NotBlank(message = "确认新密码不能为空", groups = {AddUserShowGroup.class})
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/CustomerStaffController.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/CustomerStaffController.java
@ -26,6 +26,7 @@ import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.commons.tools.security.user.LoginUserUtil;
 import com.epmet.commons.tools.utils.ExcelUtils;
+import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.AssertUtils;
 import com.epmet.commons.tools.validator.ValidatorUtils;
@ -39,7 +40,9 @@ import com.epmet.excel.CustomerStaffExcel;
 import com.epmet.feign.EpmetMessageOpenFeignClient;
 import com.epmet.send.SendMqMsgUtil;
 import com.epmet.service.CustomerStaffService;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.*;

 import javax.servlet.http.HttpServletResponse;
@ -57,7 +60,8 @@ import java.util.Map;
@RestController
@RequestMapping("customerstaff")
 public class CustomerStaffController {
-
+    @Value("${epmet.login.privateKey}")
+    private String privateKey;
    @Autowired
    private CustomerStaffService customerStaffService;
    @Autowired
@ -500,7 +504,12 @@ public class CustomerStaffController {
     * @Date 10:03 2020-08-25
     **/
    @PostMapping(value = "customerlist")
-    public Result<List<CustomerListResultDTO>> customerList(@RequestBody CustomerListFormDTO formDTO){
+    public Result<List<CustomerListResultDTO>> customerList(@RequestBody CustomerListFormDTO formDTO) throws Exception {
+        //解密密码
+        if (StringUtils.isNotBlank(formDTO.getPhone())&&formDTO.getPhone().length() > 50) {
+            String phone = RSASignature.decryptByPrivateKey(formDTO.getPhone(), privateKey);
+            formDTO.setPhone(phone);
+        }
        return customerStaffService.selectCustomerList(formDTO);
    }

--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java
@ -25,6 +25,7 @@ import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.commons.tools.utils.ConvertUtils;
 import com.epmet.commons.tools.utils.ExcelUtils;
+import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.AssertUtils;
 import com.epmet.commons.tools.validator.ValidatorUtils;
@ -38,6 +39,7 @@ import com.epmet.excel.OperUserExcel;
 import com.epmet.service.OperUserService;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.*;

 import javax.servlet.http.HttpServletResponse;
@ -54,6 +56,8 @@ import java.util.Map;
@RestController
@RequestMapping("operuser")
 public class OperUserController {
+	@Value("${epmet.login.privateKey}")
+	private String privateKey;

 	@Autowired
 	private OperUserService operUserService;
@ -72,9 +76,18 @@ public class OperUserController {
 	}

 	@PostMapping
-	public Result save(@RequestBody OperUserDTO dto) {
+	public Result save(@RequestBody OperUserDTO dto) throws Exception {
 		//效验数据
 		ValidatorUtils.validateEntity(dto, AddGroup.class, DefaultGroup.class);
+		//解密密码
+		if (dto.getPassword().length() > 50) {
+			String password = RSASignature.decryptByPrivateKey(dto.getPassword(), privateKey);
+			String email = RSASignature.decryptByPrivateKey(dto.getEmail(), privateKey);
+			String phone = RSASignature.decryptByPrivateKey(dto.getPhone(), privateKey);
+			dto.setPassword(password);
+			dto.setEmail(email);
+			dto.setPhone(phone);
+		}
 		operUserService.save(dto);
 		return new Result();
 	}
@ -94,10 +107,22 @@ public class OperUserController {
 	 * @return
 	 */
 	@PostMapping(value = "updatePwd")
-	public Result updatePwd(@LoginUser TokenDto tokenDto,@RequestBody PasswordDTO dto) {
+	public Result updatePwd(@LoginUser TokenDto tokenDto,@RequestBody PasswordDTO dto) throws Exception {
 		if (StringUtils.isBlank(dto.getNewPassword()) && AppClientConstant.APP_OPER.equals(tokenDto.getClient())){
 			throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(),"参数错误","参数错误");
 		}
+		//解密密码
+		if (dto.getPassword().length() > 50) {
+			String confirmNewPassWord = RSASignature.decryptByPrivateKey(dto.getPassword(), privateKey);
+			String newPassword = RSASignature.decryptByPrivateKey(dto.getNewPassword(), privateKey);
+			dto.setPassword(confirmNewPassWord);
+			dto.setNewPassword(newPassword);
+			if (StringUtils.isNotBlank(dto.getOldPassword())){
+				String oldPassWord = RSASignature.decryptByPrivateKey(dto.getOldPassword(), privateKey);
+				dto.setOldPassword(oldPassWord);
+			}
+		}
+		//校验长度和 密码是否一致。
 		operUserService.updatePwd(tokenDto.getUserId(),dto);
 		return new Result();
 	}
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/CustomerStaffServiceImpl.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/CustomerStaffServiceImpl.java
@ -739,7 +739,16 @@ public class CustomerStaffServiceImpl extends BaseServiceImpl<CustomerStaffDao,
        if (null == customerStaffDTO) {
            return;
        }
+        String oldPasswordFormDB = customerStaffDTO.getPassword();
+        if (StringUtils.isNotBlank(staffResetPwFormDTO.getOldPassword())){
            //密码加密
+            String oldPasswordFormParam = staffResetPwFormDTO.getOldPassword();
+            log.info("resetStaffPassword:oldP:{},DB:{}",oldPasswordFormParam,oldPasswordFormDB);
+            if (!PasswordUtils.matches(oldPasswordFormParam, oldPasswordFormDB)) {
+                throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(),EpmetErrorCode.ERR10004.getMsg(),EpmetErrorCode.ERR10004.getMsg());
+            }
+        }
+
        String password = PasswordUtils.encode(staffResetPwFormDTO.getNewPassword());
        logger.info(String.format("密码%s加密后为%s", staffResetPwFormDTO.getNewPassword(), password));
        customerStaffDTO.setPassword(password);
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java
@ -24,6 +24,9 @@ import com.epmet.commons.mybatis.service.impl.BaseServiceImpl;
 import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.constant.FieldConstant;
 import com.epmet.commons.tools.enums.SuperAdminEnum;
+import com.epmet.commons.tools.exception.EpmetErrorCode;
+import com.epmet.commons.tools.exception.EpmetException;
+import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.security.password.PasswordUtils;
 import com.epmet.commons.tools.utils.ConvertUtils;
@ -147,12 +150,34 @@ public class OperUserServiceImpl extends BaseServiceImpl<OperUserDao, OperUserEn

    @Override
    public void updatePwd(String userId, PasswordDTO dto) {
+        //1、两次填写的密码需要保持一致
+        if(!dto.getNewPassword().equals(dto.getPassword())){
+            throw new RenException(EpmetErrorCode.PASSWORD_NOT_FIT.getCode());
+        }
+        //2、校验密码规则：密码必须8-20个字符，而且同时包含大小写字母和数字
+        boolean flag=PasswordUtils.checkPassWordRule(dto.getNewPassword());
+        if(!flag){
+            throw new RenException(EpmetErrorCode.PASSWORD_OUT_OF_ORDER.getCode());
+        }
+        OperUserDTO operUserDTO = baseDao.selectOperUserInfoById(userId);
+        if (operUserDTO == null){
+            throw new EpmetException(EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getCode());
+        }
+        //校验旧密码是否正确
+        if (StringUtils.isNotBlank(dto.getOldPassword())){
+            boolean matches = PasswordUtils.matches(dto.getOldPassword(), operUserDTO.getPassword());
+            if (!matches){
+                throw new EpmetException(EpmetErrorCode.ERR10004.getCode());
+            }
+        }
        OperUserEntity param = new OperUserEntity();
        param.setPassword(PasswordUtils.encode(dto.getNewPassword()));
        param.setUpdatedTime(new Date());
        param.setUpdatedBy(userId);
        LambdaQueryWrapper<OperUserEntity> lambdaQueryWrapper = new LambdaQueryWrapper<>();
        lambdaQueryWrapper.eq(OperUserEntity::getUserId,userId);
+
+
        baseDao.update(param, lambdaQueryWrapper);
    }

--- a/epmet-user/epmet-user-server/src/main/resources/bootstrap.yml
+++ b/epmet-user/epmet-user-server/src/main/resources/bootstrap.yml
@ -185,3 +185,8 @@ thread:
    keepAliveSeconds: @thread.threadPool.keep-alive-seconds@
    threadNamePrefix: @thread.threadPool.thread-name-prefix@
    rejectedExecutionHandler: @thread.threadPool.rejected-execution-handler@
+epmet:
+  login:
+    publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjgDaHWqWgquoatbC4zzQCgqE8C425VIOyzJVVgH1HUYCHpuNUnGCv3HBAl2RsziWQqQgd1xxl0C3a5J4J69o8CAwEAAQ==
+    privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N
+