前端传输用户信息改为加密

2022-06-24 18:00:02 +08:00 · 2022-06-24 18:00:02 +08:00 · c5f8697a43
parent f185f943de
commit c5f8697a43
4 changed files with 43 additions and 15 deletions
--- a/renren-admin/src/main/java/io/renren/modules/security/controller/LoginController.java
+++ b/renren-admin/src/main/java/io/renren/modules/security/controller/LoginController.java
@ -87,7 +87,8 @@ public class LoginController {
        LoginDTO login = new LoginDTO();
        login.setUsername(String.valueOf(params.get("username")));
-        login.setPassword(String.valueOf(params.get("password")));
+        String password = PasswordUtils.desEncrypt(String.valueOf(params.get("password")));
        login.setPassword(password);
 //		login.setCaptcha(String.valueOf(params.get("captcha")));
        login.setUuid(String.valueOf(params.get("uuid")));
        //效验数据
--- a/renren-admin/src/main/java/io/renren/modules/security/password/PasswordUtils.java
+++ b/renren-admin/src/main/java/io/renren/modules/security/password/PasswordUtils.java
@ -1,12 +1,21 @@
 package io.renren.modules.security.password;
 import javax.crypto.Cipher;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import java.util.Base64;
 /**
 * 密码工具类
 *
 * @since 1.0.0
 */
 public class PasswordUtils {
-    private static PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+    private static final PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    // 密码传输密钥
    private static final String pwdKey = "YwwqhsxBkywjgm01";
    private static final String pwdIv = "SSXXZYZYBABA30TM";
    /**
     * 加密
@ -28,4 +37,20 @@ public class PasswordUtils {
        return passwordEncoder.matches(str, password);
    }
    // 解密前端传输过来的密码加密串
    public static String desEncrypt(String data) {
        try {
            byte[] encrypted1 = Base64.getDecoder().decode(data);
            Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
            SecretKeySpec keyspec = new SecretKeySpec(pwdKey.getBytes(), "AES");
            IvParameterSpec ivspec = new IvParameterSpec(pwdIv.getBytes());
            cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
            byte[] original = cipher.doFinal(encrypted1);
            return new String(original).trim();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }
 }
--- a/renren-admin/src/main/java/io/renren/modules/sys/controller/SysUserController.java
+++ b/renren-admin/src/main/java/io/renren/modules/sys/controller/SysUserController.java
@ -7,7 +7,6 @@ import io.renren.common.page.PageData;
 import io.renren.common.utils.ConvertUtils;
 import io.renren.common.utils.ExcelUtils;
 import io.renren.common.utils.Result;
 import io.renren.common.validator.AssertUtils;
 import io.renren.common.validator.ValidatorUtils;
 import io.renren.common.validator.group.AddGroup;
 import io.renren.common.validator.group.DefaultGroup;
@ -25,7 +24,6 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;
@ -103,12 +101,15 @@ public class SysUserController {
 		UserDetail user = SecurityUser.getUser();
 		String password = PasswordUtils.desEncrypt(dto.getPassword());
 		String newPassword = PasswordUtils.desEncrypt(dto.getNewPassword());
 		//原密码不正确
-		if(!PasswordUtils.matches(dto.getPassword(), user.getPassword())){
+		if(!PasswordUtils.matches(password, user.getPassword())){
 			return new Result().error(ErrorCode.PASSWORD_ERROR);
 		}
-		sysUserService.updatePassword(user.getId(), dto.getNewPassword());
+		sysUserService.updatePassword(user.getId(), newPassword);
 		return new Result();
 	}
--- a/renren-admin/src/main/java/io/renren/modules/sys/service/impl/SysUserServiceImpl.java
+++ b/renren-admin/src/main/java/io/renren/modules/sys/service/impl/SysUserServiceImpl.java
@ -108,9 +108,10 @@ public class SysUserServiceImpl extends BaseServiceImpl<SysUserDao, SysUserEntit
    public void save(SysUserDTO dto) {
        SysUserEntity entity = ConvertUtils.sourceToTarget(dto, SysUserEntity.class);
        String password = PasswordUtils.desEncrypt(dto.getPassword());
        //密码加密
-        String password = PasswordUtils.encode(entity.getPassword());
+        entity.setPassword(PasswordUtils.encode(password));
        entity.setPassword(password);
        //保存用户
        entity.setSuperAdmin(SuperAdminEnum.NO.value());
@ -128,13 +129,13 @@ public class SysUserServiceImpl extends BaseServiceImpl<SysUserDao, SysUserEntit
    public void update(SysUserDTO dto) {
        SysUserEntity entity = ConvertUtils.sourceToTarget(dto, SysUserEntity.class);
-        //密码加密
+        ////密码加密
-        if (StringUtils.isBlank(dto.getPassword())) {
+        //if (StringUtils.isBlank(dto.getPassword())) {
-            entity.setPassword(null);
+        //    entity.setPassword(null);
-        } else {
+        //} else {
-            String password = PasswordUtils.encode(entity.getPassword());
+        //    String password = PasswordUtils.encode(entity.getPassword());
-            entity.setPassword(password);
+        //    entity.setPassword(password);
-        }
+        //}
        //更新用户
        updateById(entity);