数字社区修改密码 时填写原密码且加密

epmet-module/gov-mine/gov-mine-client/src/main/java/com/epmet/dto/form/StaffResetPassWordFormDTO.java

@@ -22,6 +22,10 @@ public class StaffResetPassWordFormDTO implements Serializable {
     public interface AddUserShowGroup extends CustomerClientShowGroup {
     }
 
+    /**
+     * 旧密码
+     */
+    private String oldPassword;
     @NotBlank(message = "新密码不能为空", groups = {AddUserShowGroup.class})
     private String newPassword;
     @NotBlank(message = "确认新密码不能为空", groups = {AddUserShowGroup.class})

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java

@@ -2,12 +2,15 @@ package com.epmet.controller;
 
 import com.epmet.commons.tools.annotation.LoginUser;
 import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.ValidatorUtils;
 import com.epmet.dto.form.StaffResetPassWordFormDTO;
 import com.epmet.dto.result.MineResultDTO;
 import com.epmet.service.MineService;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -21,6 +24,8 @@ import org.springframework.web.bind.annotation.RestController;
 @RestController
 @RequestMapping("mine")
 public class MineController {
+	@Value("${epmet.login.privateKey}")
+	private String privateKey;
 	@Autowired
 	private MineService mineService;
 
@@ -45,9 +50,20 @@ public class MineController {
 	 * @Date 2020/7/1 9:59
 	 **/
 	@PostMapping("resetpassword")
-	public Result resetPassword(@LoginUser TokenDto tokenDto, @RequestBody StaffResetPassWordFormDTO formDTO) {
+	public Result resetPassword(@LoginUser TokenDto tokenDto, @RequestBody StaffResetPassWordFormDTO formDTO) throws Exception {
 		formDTO.setStaffId(tokenDto.getUserId());
 		ValidatorUtils.validateEntity(formDTO, StaffResetPassWordFormDTO.AddUserShowGroup.class, StaffResetPassWordFormDTO.AddUserInternalGroup.class);
+		//解密密码
+		if (formDTO.getConfirmNewPassword().length() > 50) {
+			String confirmNewPassWord = RSASignature.decryptByPrivateKey(formDTO.getConfirmNewPassword(), privateKey);
+			String newPassword = RSASignature.decryptByPrivateKey(formDTO.getNewPassword(), privateKey);
+			formDTO.setConfirmNewPassword(confirmNewPassWord);
+			formDTO.setNewPassword(newPassword);
+			if (StringUtils.isNotBlank(formDTO.getOldPassword())){
+				String oldPassWord = RSASignature.decryptByPrivateKey(formDTO.getOldPassword(), privateKey);
+				formDTO.setOldPassword(oldPassWord);
+			}
+		}
 		return mineService.resetPassword(formDTO);
 	}
 }

epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java

@@ -59,6 +59,7 @@ public class MineServiceImpl implements MineService {
 		staffResetPwFormDTO.setNewPassword(formDTO.getNewPassword());
 		staffResetPwFormDTO.setConfirmNewPassword(formDTO.getConfirmNewPassword());
 		staffResetPwFormDTO.setStaffId(formDTO.getStaffId());
+		staffResetPwFormDTO.setOldPassword(formDTO.getOldPassword());
 		Result updatePassWordResult=epmetUserOpenFeignClient.resetStaffPassword(staffResetPwFormDTO);
 		if(updatePassWordResult.success()){
 			logger.info(String.format("调用%s服务,修改密码成功", ServiceConstant.EPMET_USER_SERVER));

epmet-module/gov-mine/gov-mine-server/src/main/resources/bootstrap.yml

@@ -119,3 +119,8 @@ thread:
     keepAliveSeconds: @thread.threadPool.keep-alive-seconds@
     threadNamePrefix: @thread.threadPool.thread-name-prefix@
     rejectedExecutionHandler: @thread.threadPool.rejected-execution-handler@
+epmet:
+  login:
+    publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjgDaHWqWgquoatbC4zzQCgqE8C425VIOyzJVVgH1HUYCHpuNUnGCv3HBAl2RsziWQqQgd1xxl0C3a5J4J69o8CAwEAAQ==
+    privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N
+

epmet-user/epmet-user-client/src/main/java/com/epmet/dto/form/StaffResetPwFormDTO.java

@@ -22,7 +22,10 @@ public class StaffResetPwFormDTO implements Serializable {
 
     public interface AddUserShowGroup extends CustomerClientShowGroup {
     }
-
+    /**
+     * 旧密码
+     */
+    private String oldPassword;
     @NotBlank(message = "新密码不能为空", groups = {AddUserShowGroup.class})
     private String newPassword;
     @NotBlank(message = "确认新密码不能为空", groups = {AddUserShowGroup.class})

epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/CustomerStaffServiceImpl.java

@@ -739,7 +739,15 @@ public class CustomerStaffServiceImpl extends BaseServiceImpl<CustomerStaffDao,
         if (null == customerStaffDTO) {
             return;
         }
+        String oldPasswordFormDB = customerStaffDTO.getPassword();
+        if (StringUtils.isNotBlank(staffResetPwFormDTO.getOldPassword())){
             //密码加密
+            String oldPasswordFormParam = PasswordUtils.encode(staffResetPwFormDTO.getOldPassword());
+            if (!oldPasswordFormDB.equals(oldPasswordFormParam)) {
+                throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(),EpmetErrorCode.ERR10004.getMsg(),EpmetErrorCode.ERR10004.getMsg());
+            }
+        }
+
         String password = PasswordUtils.encode(staffResetPwFormDTO.getNewPassword());
         logger.info(String.format("密码%s加密后为%s", staffResetPwFormDTO.getNewPassword(), password));
         customerStaffDTO.setPassword(password);