前端传输用户信息改为加密
This commit is contained in:
parent
f185f943de
commit
c5f8697a43
|
|
@ -87,7 +87,8 @@ public class LoginController {
|
|||
|
||||
LoginDTO login = new LoginDTO();
|
||||
login.setUsername(String.valueOf(params.get("username")));
|
||||
login.setPassword(String.valueOf(params.get("password")));
|
||||
String password = PasswordUtils.desEncrypt(String.valueOf(params.get("password")));
|
||||
login.setPassword(password);
|
||||
// login.setCaptcha(String.valueOf(params.get("captcha")));
|
||||
login.setUuid(String.valueOf(params.get("uuid")));
|
||||
//效验数据
|
||||
|
|
|
|||
|
|
@ -1,12 +1,21 @@
|
|||
package io.renren.modules.security.password;
|
||||
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
import java.util.Base64;
|
||||
|
||||
/**
|
||||
* 密码工具类
|
||||
*
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public class PasswordUtils {
|
||||
private static PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
|
||||
private static final PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
|
||||
|
||||
// 密码传输密钥
|
||||
private static final String pwdKey = "YwwqhsxBkywjgm01";
|
||||
private static final String pwdIv = "SSXXZYZYBABA30TM";
|
||||
|
||||
/**
|
||||
* 加密
|
||||
|
|
@ -28,4 +37,20 @@ public class PasswordUtils {
|
|||
return passwordEncoder.matches(str, password);
|
||||
}
|
||||
|
||||
// 解密前端传输过来的密码加密串
|
||||
public static String desEncrypt(String data) {
|
||||
try {
|
||||
byte[] encrypted1 = Base64.getDecoder().decode(data);
|
||||
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
|
||||
SecretKeySpec keyspec = new SecretKeySpec(pwdKey.getBytes(), "AES");
|
||||
IvParameterSpec ivspec = new IvParameterSpec(pwdIv.getBytes());
|
||||
cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
|
||||
byte[] original = cipher.doFinal(encrypted1);
|
||||
return new String(original).trim();
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@ import io.renren.common.page.PageData;
|
|||
import io.renren.common.utils.ConvertUtils;
|
||||
import io.renren.common.utils.ExcelUtils;
|
||||
import io.renren.common.utils.Result;
|
||||
import io.renren.common.validator.AssertUtils;
|
||||
import io.renren.common.validator.ValidatorUtils;
|
||||
import io.renren.common.validator.group.AddGroup;
|
||||
import io.renren.common.validator.group.DefaultGroup;
|
||||
|
|
@ -25,7 +24,6 @@ import io.swagger.annotations.Api;
|
|||
import io.swagger.annotations.ApiImplicitParam;
|
||||
import io.swagger.annotations.ApiImplicitParams;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
import org.apache.shiro.authz.annotation.RequiresPermissions;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import springfox.documentation.annotations.ApiIgnore;
|
||||
|
|
@ -103,12 +101,15 @@ public class SysUserController {
|
|||
|
||||
UserDetail user = SecurityUser.getUser();
|
||||
|
||||
String password = PasswordUtils.desEncrypt(dto.getPassword());
|
||||
String newPassword = PasswordUtils.desEncrypt(dto.getNewPassword());
|
||||
|
||||
//原密码不正确
|
||||
if(!PasswordUtils.matches(dto.getPassword(), user.getPassword())){
|
||||
if(!PasswordUtils.matches(password, user.getPassword())){
|
||||
return new Result().error(ErrorCode.PASSWORD_ERROR);
|
||||
}
|
||||
|
||||
sysUserService.updatePassword(user.getId(), dto.getNewPassword());
|
||||
sysUserService.updatePassword(user.getId(), newPassword);
|
||||
|
||||
return new Result();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -108,9 +108,10 @@ public class SysUserServiceImpl extends BaseServiceImpl<SysUserDao, SysUserEntit
|
|||
public void save(SysUserDTO dto) {
|
||||
SysUserEntity entity = ConvertUtils.sourceToTarget(dto, SysUserEntity.class);
|
||||
|
||||
String password = PasswordUtils.desEncrypt(dto.getPassword());
|
||||
|
||||
//密码加密
|
||||
String password = PasswordUtils.encode(entity.getPassword());
|
||||
entity.setPassword(password);
|
||||
entity.setPassword(PasswordUtils.encode(password));
|
||||
|
||||
//保存用户
|
||||
entity.setSuperAdmin(SuperAdminEnum.NO.value());
|
||||
|
|
@ -128,13 +129,13 @@ public class SysUserServiceImpl extends BaseServiceImpl<SysUserDao, SysUserEntit
|
|||
public void update(SysUserDTO dto) {
|
||||
SysUserEntity entity = ConvertUtils.sourceToTarget(dto, SysUserEntity.class);
|
||||
|
||||
//密码加密
|
||||
if (StringUtils.isBlank(dto.getPassword())) {
|
||||
entity.setPassword(null);
|
||||
} else {
|
||||
String password = PasswordUtils.encode(entity.getPassword());
|
||||
entity.setPassword(password);
|
||||
}
|
||||
////密码加密
|
||||
//if (StringUtils.isBlank(dto.getPassword())) {
|
||||
// entity.setPassword(null);
|
||||
//} else {
|
||||
// String password = PasswordUtils.encode(entity.getPassword());
|
||||
// entity.setPassword(password);
|
||||
//}
|
||||
|
||||
//更新用户
|
||||
updateById(entity);
|
||||
|
|
|
|||
Loading…
Reference in New Issue