diff --git a/renren-admin/src/main/java/io/renren/modules/security/controller/LoginController.java b/renren-admin/src/main/java/io/renren/modules/security/controller/LoginController.java index 43552c1e..f68847b6 100644 --- a/renren-admin/src/main/java/io/renren/modules/security/controller/LoginController.java +++ b/renren-admin/src/main/java/io/renren/modules/security/controller/LoginController.java @@ -87,7 +87,8 @@ public class LoginController { LoginDTO login = new LoginDTO(); login.setUsername(String.valueOf(params.get("username"))); - login.setPassword(String.valueOf(params.get("password"))); + String password = PasswordUtils.desEncrypt(String.valueOf(params.get("password"))); + login.setPassword(password); // login.setCaptcha(String.valueOf(params.get("captcha"))); login.setUuid(String.valueOf(params.get("uuid"))); //效验数据 diff --git a/renren-admin/src/main/java/io/renren/modules/security/password/PasswordUtils.java b/renren-admin/src/main/java/io/renren/modules/security/password/PasswordUtils.java index 93afeb62..2bbd0e4a 100644 --- a/renren-admin/src/main/java/io/renren/modules/security/password/PasswordUtils.java +++ b/renren-admin/src/main/java/io/renren/modules/security/password/PasswordUtils.java @@ -1,12 +1,21 @@ package io.renren.modules.security.password; +import javax.crypto.Cipher; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.util.Base64; + /** * 密码工具类 * * @since 1.0.0 */ public class PasswordUtils { - private static PasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); + private static final PasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); + + // 密码传输密钥 + private static final String pwdKey = "YwwqhsxBkywjgm01"; + private static final String pwdIv = "SSXXZYZYBABA30TM"; /** * 加密 @@ -28,4 +37,20 @@ public class PasswordUtils { return passwordEncoder.matches(str, password); } + // 解密前端传输过来的密码加密串 + public static String desEncrypt(String data) { + try { + byte[] encrypted1 = Base64.getDecoder().decode(data); + Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); + SecretKeySpec keyspec = new SecretKeySpec(pwdKey.getBytes(), "AES"); + IvParameterSpec ivspec = new IvParameterSpec(pwdIv.getBytes()); + cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec); + byte[] original = cipher.doFinal(encrypted1); + return new String(original).trim(); + } catch (Exception e) { + e.printStackTrace(); + } + return null; + } + } diff --git a/renren-admin/src/main/java/io/renren/modules/sys/controller/SysUserController.java b/renren-admin/src/main/java/io/renren/modules/sys/controller/SysUserController.java index 99efc1a3..126496af 100644 --- a/renren-admin/src/main/java/io/renren/modules/sys/controller/SysUserController.java +++ b/renren-admin/src/main/java/io/renren/modules/sys/controller/SysUserController.java @@ -7,7 +7,6 @@ import io.renren.common.page.PageData; import io.renren.common.utils.ConvertUtils; import io.renren.common.utils.ExcelUtils; import io.renren.common.utils.Result; -import io.renren.common.validator.AssertUtils; import io.renren.common.validator.ValidatorUtils; import io.renren.common.validator.group.AddGroup; import io.renren.common.validator.group.DefaultGroup; @@ -25,7 +24,6 @@ import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiOperation; -import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import springfox.documentation.annotations.ApiIgnore; @@ -103,12 +101,15 @@ public class SysUserController { UserDetail user = SecurityUser.getUser(); + String password = PasswordUtils.desEncrypt(dto.getPassword()); + String newPassword = PasswordUtils.desEncrypt(dto.getNewPassword()); + //原密码不正确 - if(!PasswordUtils.matches(dto.getPassword(), user.getPassword())){ + if(!PasswordUtils.matches(password, user.getPassword())){ return new Result().error(ErrorCode.PASSWORD_ERROR); } - sysUserService.updatePassword(user.getId(), dto.getNewPassword()); + sysUserService.updatePassword(user.getId(), newPassword); return new Result(); } diff --git a/renren-admin/src/main/java/io/renren/modules/sys/service/impl/SysUserServiceImpl.java b/renren-admin/src/main/java/io/renren/modules/sys/service/impl/SysUserServiceImpl.java index 666e44e3..b52d59b7 100644 --- a/renren-admin/src/main/java/io/renren/modules/sys/service/impl/SysUserServiceImpl.java +++ b/renren-admin/src/main/java/io/renren/modules/sys/service/impl/SysUserServiceImpl.java @@ -108,9 +108,10 @@ public class SysUserServiceImpl extends BaseServiceImpl