From a9fad52a4385c5577646c65588b5d8e18f3224c7 Mon Sep 17 00:00:00 2001
From: jianjun <jianjun4833@163.com>
Date: Tue, 27 Sep 2022 12:16:08 +0800
Subject: [PATCH] =?UTF-8?q?=E6=95=B0=E5=AD=97=E7=A4=BE=E5=8C=BA=E4=BF=AE?=
 =?UTF-8?q?=E6=94=B9=E5=AF=86=E7=A0=81=20=E6=97=B6=E5=A1=AB=E5=86=99?=
 =?UTF-8?q?=E5=8E=9F=E5=AF=86=E7=A0=81=E4=B8=94=E5=8A=A0=E5=AF=86=20?=
 =?UTF-8?q?=E8=BF=90=E8=90=A5=E7=AB=AF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../main/java/com/epmet/dto/PasswordDTO.java  |  5 ++-
 .../security/password/PasswordUtils.java      | 37 ++++++++++++++++++
 .../com/epmet/controller/MineController.java  |  7 ++++
 .../epmet/service/impl/MineServiceImpl.java   | 39 +------------------
 .../epmet/controller/OperUserController.java  | 18 ++++++++-
 .../service/impl/OperUserServiceImpl.java     | 27 ++++++++++++-
 .../src/main/resources/bootstrap.yml          |  5 +++
 7 files changed, 98 insertions(+), 40 deletions(-)

diff --git a/epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java b/epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java
index 7f3dec5314..7559bad559 100644
--- a/epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java
+++ b/epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java
@@ -23,7 +23,10 @@ import java.io.Serializable;
 @Data
 public class PasswordDTO implements Serializable {
     private static final long serialVersionUID = 1L;
-
+    /**
+     * 旧密码
+     */
+    private String oldPassword;
     @NotBlank(message="{sysuser.password.require}")
     private String password;
 
diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java
index d7a685b2f2..fdae188e6b 100644
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java
@@ -37,6 +37,43 @@ public class PasswordUtils {
         return passwordEncoder.matches(str, password);
     }
 
+    /**
+     * desc:校验密码规则是否
+     * 校验密码规则：密码必须8-20个字符，而且同时包含大小写字母和数字
+     * @param password
+     * @return
+     */
+    public static boolean checkPassWordRule(String password) {
+        boolean flag=false;
+        if(password.length()<8||password.length()>20){
+            return flag;
+        }
+        boolean numFlag=false;
+        boolean bigLetter=false;
+        boolean smallLetter=false;
+        char[] passwordArray = password.toCharArray();
+        for(int i=0;i < passwordArray.length;i++) {
+            char currentStr=passwordArray[i];
+            // 判断ch是否是数字字符，如'1'，'2‘，是返回true。否则返回false
+            if(Character.isDigit(currentStr)){
+                numFlag=true;
+                continue;
+            }
+            // 判断ch是否是字母字符，如'a'，'b‘，是返回true。否则返回false
+            if(Character.isUpperCase(currentStr)){
+                bigLetter=true;
+                continue;
+            }
+            if(Character.isLowerCase(currentStr)){
+                smallLetter=true;
+            }
+        }
+        if(numFlag&&bigLetter&&smallLetter){
+            flag=true;
+        }
+        return flag;
+    }
+
 
     public static void main(String[] args) {
         String str = "wangqing";
diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java
index df6158f6c3..3191db2685 100644
--- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java
+++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java
@@ -66,4 +66,11 @@ public class MineController {
 		}
 		return mineService.resetPassword(formDTO);
 	}
+
+	public static void main(String[] args) throws Exception {
+		String p= "R16c3yJqCMyRFTxElBeBexTVlW1GArItaVqEEyF3o3jXVwq0G08ck8wEdBAEyQI1y4uCsw3UBgx1mqiMbIfvdg==";
+		String privateKey= "MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N";
+		String newPassword = RSASignature.decryptByPrivateKey(p, privateKey);
+		System.out.println(newPassword);
+	}
 }
diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java
index 387c067b76..44fb7f61a4 100644
--- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java
+++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java
@@ -5,6 +5,7 @@ import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.security.password.PasswordUtils;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.dto.form.StaffInfoFromDTO;
 import com.epmet.dto.form.StaffResetPassWordFormDTO;
@@ -50,7 +51,7 @@ public class MineServiceImpl implements MineService {
 			throw new RenException(EpmetErrorCode.PASSWORD_NOT_FIT.getCode());
 		}
 		//2、校验密码规则：密码必须8-20个字符，而且同时包含大小写字母和数字
-		boolean flag=this.checkPassWord(formDTO.getNewPassword());
+		boolean flag= PasswordUtils.checkPassWordRule(formDTO.getNewPassword());
 		if(!flag){
 			throw new RenException(EpmetErrorCode.PASSWORD_OUT_OF_ORDER.getCode());
 		}
@@ -70,40 +71,4 @@ public class MineServiceImpl implements MineService {
 		}
 		return new Result();
 	}
-
-	private boolean checkPassWord(String password) {
-		boolean flag=false;
-		if(password.length()<8||password.length()>20){
-			logger.warn(String.format("密码长度应为8-20位，当前输入密码%s,长度为%s",password,password.length()));
-			return flag;
-		}
-		boolean numFlag=false;
-		boolean bigLetter=false;
-		boolean smallLetter=false;
-		char[] passwordArray = password.toCharArray();
-		for(int i=0;i < passwordArray.length;i++) {
-			char currentStr=passwordArray[i];
-			logger.info(String.format("当前字符%s",currentStr));
-			// 判断ch是否是数字字符，如'1'，'2‘，是返回true。否则返回false
-			if(Character.isDigit(currentStr)){
-				numFlag=true;
-				continue;
-			}
-			// 判断ch是否是字母字符，如'a'，'b‘，是返回true。否则返回false
-			if(Character.isUpperCase(currentStr)){
-				bigLetter=true;
-				continue;
-			}
-			if(Character.isLowerCase(currentStr)){
-				smallLetter=true;
-				continue;
-			}
-		}
-		if(numFlag&&bigLetter&&smallLetter){
-			flag=true;
-		}else{
-			logger.warn(String.format("当前密码%s,是否包含数字%s,是否包含大写字母%s,是否包含小写字母%s",password,numFlag,bigLetter,smallLetter));
-		}
-		return flag;
-	}
 }
diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java
index 02d15a0b46..1beabc2f09 100644
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java
@@ -25,6 +25,7 @@ import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.commons.tools.utils.ConvertUtils;
 import com.epmet.commons.tools.utils.ExcelUtils;
+import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.AssertUtils;
 import com.epmet.commons.tools.validator.ValidatorUtils;
@@ -38,6 +39,7 @@ import com.epmet.excel.OperUserExcel;
 import com.epmet.service.OperUserService;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletResponse;
@@ -54,6 +56,8 @@ import java.util.Map;
 @RestController
 @RequestMapping("operuser")
 public class OperUserController {
+	@Value("${epmet.login.privateKey}")
+	private String privateKey;
 
 	@Autowired
 	private OperUserService operUserService;
@@ -94,10 +98,22 @@ public class OperUserController {
 	 * @return
 	 */
 	@PostMapping(value = "updatePwd")
-	public Result updatePwd(@LoginUser TokenDto tokenDto,@RequestBody PasswordDTO dto) {
+	public Result updatePwd(@LoginUser TokenDto tokenDto,@RequestBody PasswordDTO dto) throws Exception {
 		if (StringUtils.isBlank(dto.getNewPassword()) && AppClientConstant.APP_OPER.equals(tokenDto.getClient())){
 			throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(),"参数错误","参数错误");
 		}
+		//解密密码
+		if (dto.getPassword().length() > 50) {
+			String confirmNewPassWord = RSASignature.decryptByPrivateKey(dto.getPassword(), privateKey);
+			String newPassword = RSASignature.decryptByPrivateKey(dto.getNewPassword(), privateKey);
+			dto.setPassword(confirmNewPassWord);
+			dto.setNewPassword(newPassword);
+			if (StringUtils.isNotBlank(dto.getOldPassword())){
+				String oldPassWord = RSASignature.decryptByPrivateKey(dto.getOldPassword(), privateKey);
+				dto.setOldPassword(oldPassWord);
+			}
+		}
+		//校验长度和 密码是否一致。
 		operUserService.updatePwd(tokenDto.getUserId(),dto);
 		return new Result();
 	}
diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java
index 2ebbcb49ac..119e07c453 100644
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java
@@ -24,6 +24,9 @@ import com.epmet.commons.mybatis.service.impl.BaseServiceImpl;
 import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.constant.FieldConstant;
 import com.epmet.commons.tools.enums.SuperAdminEnum;
+import com.epmet.commons.tools.exception.EpmetErrorCode;
+import com.epmet.commons.tools.exception.EpmetException;
+import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.security.password.PasswordUtils;
 import com.epmet.commons.tools.utils.ConvertUtils;
@@ -147,13 +150,35 @@ public class OperUserServiceImpl extends BaseServiceImpl<OperUserDao, OperUserEn
 
     @Override
     public void updatePwd(String userId, PasswordDTO dto) {
+        //1、两次填写的密码需要保持一致
+        if(!dto.getNewPassword().equals(dto.getPassword())){
+            throw new RenException(EpmetErrorCode.PASSWORD_NOT_FIT.getCode());
+        }
+        //2、校验密码规则：密码必须8-20个字符，而且同时包含大小写字母和数字
+        boolean flag=PasswordUtils.checkPassWordRule(dto.getNewPassword());
+        if(!flag){
+            throw new RenException(EpmetErrorCode.PASSWORD_OUT_OF_ORDER.getCode());
+        }
+        OperUserDTO operUserDTO = baseDao.selectOperUserInfoById(userId);
+        if (operUserDTO == null){
+            throw new EpmetException(EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getCode());
+        }
+        //校验旧密码是否正确
+        if (StringUtils.isNotBlank(dto.getOldPassword())){
+            boolean matches = PasswordUtils.matches(dto.getOldPassword(), operUserDTO.getPassword());
+            if (!matches){
+                throw new EpmetException(EpmetErrorCode.ERR10004.getCode());
+            }
+        }
         OperUserEntity param = new OperUserEntity();
         param.setPassword(PasswordUtils.encode(dto.getNewPassword()));
         param.setUpdatedTime(new Date());
         param.setUpdatedBy(userId);
         LambdaQueryWrapper<OperUserEntity> lambdaQueryWrapper = new LambdaQueryWrapper<>();
         lambdaQueryWrapper.eq(OperUserEntity::getUserId,userId);
-         baseDao.update(param, lambdaQueryWrapper);
+
+
+        baseDao.update(param, lambdaQueryWrapper);
     }
 
 }
diff --git a/epmet-user/epmet-user-server/src/main/resources/bootstrap.yml b/epmet-user/epmet-user-server/src/main/resources/bootstrap.yml
index a9ec2fcadb..11018f0592 100644
--- a/epmet-user/epmet-user-server/src/main/resources/bootstrap.yml
+++ b/epmet-user/epmet-user-server/src/main/resources/bootstrap.yml
@@ -185,3 +185,8 @@ thread:
     keepAliveSeconds: @thread.threadPool.keep-alive-seconds@
     threadNamePrefix: @thread.threadPool.thread-name-prefix@
     rejectedExecutionHandler: @thread.threadPool.rejected-execution-handler@
+epmet:
+  login:
+    publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjgDaHWqWgquoatbC4zzQCgqE8C425VIOyzJVVgH1HUYCHpuNUnGCv3HBAl2RsziWQqQgd1xxl0C3a5J4J69o8CAwEAAQ==
+    privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N
+