Inicio Explorar Axuda
Rexistro Iniciar sesión
yeshijie
/
guns-separation
Fork de Amoy2/guns-separation
Seguir 1
Destacar 0
Fork 0
Ficheiros
Explorar o código

!1 bug修复和更安全的密码加密方式
Merge pull request !1 from golucky/dev

就是那个锅 %!s(int64=4) %!d(string=hai) anos
pai
d480818eee 96acbca697
achega
18deb99843
Modificáronse 5 ficheiros con 19 adicións e 42 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 5 6
      _sql/guns-separation.sql
  2. 3 13
      guns-base-support/guns-system/src/main/java/cn/stylefeng/guns/sys/modular/auth/service/impl/AuthServiceImpl.java
  3. 0 5
      guns-base-support/guns-system/src/main/java/cn/stylefeng/guns/sys/modular/user/entity/SysUser.java
  4. 2 7
      guns-base-support/guns-system/src/main/java/cn/stylefeng/guns/sys/modular/user/factory/SysUserFactory.java
  5. 9 11
      guns-base-support/guns-system/src/main/java/cn/stylefeng/guns/sys/modular/user/service/impl/SysUserServiceImpl.java

+ 5 - 6
_sql/guns-separation.sql
Ver ficheiro 

@ -782,11 +782,10 @@ DROP TABLE IF EXISTS `sys_user`;
 
CREATE TABLE `sys_user`  (
 
  `id` bigint(20) NOT NULL COMMENT '主键',
 
  `account` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '账号',
 
  `password` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '密码',
 
  `password` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '密码',
 
  `nick_name` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '昵称',
 
  `name` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '员工姓名',
 
  `avatar` bigint(20) NULL DEFAULT NULL COMMENT '头像',
 
  `salt` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT 'md5密码盐',
 
  `birthday` date NULL DEFAULT NULL COMMENT '生日',
 
  `sex` tinyint(4) NOT NULL COMMENT '性别(字典 1男 2女 3未知)',
 
  `email` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '邮箱',
 
@ -806,10 +805,10 @@ CREATE TABLE `sys_user`  (
 
-- ----------------------------
 
-- Records of sys_user
 
-- ----------------------------
 
INSERT INTO `sys_user` VALUES (1265476890672672808, 'superAdmin', '0c45ea6e80876cf93e49677873c6af22', '超级管理员', '超级管理员', NULL, 'r10kd', '2020-03-18', 1, 'superAdmin@qq.com', '15228937093', '12345678', '127.0.0.1', '2020-07-16 10:51:01', 1, 0, '2020-05-29 16:39:28', -1, '2020-07-16 10:51:01', -1);
 
INSERT INTO `sys_user` VALUES (1275735541155614721, 'yubaoshan', 'bf93b090ac9289229e851ef5ca6cf20d', 'Await', '俞宝山', NULL, 'wbd7u', '1992-10-03', 1, 'await183@qq.com', '18200001102', '', '127.0.0.1', '2020-07-08 15:38:59', 2, 0, '2020-06-24 18:20:30', 1265476890672672808, '2020-07-08 15:48:39', 1265476890672672808);
 
INSERT INTO `sys_user` VALUES (1280700700074041345, 'fengshuonan', 'fc7b5930be8bf14c64e9cb2f88f4b7f3', 'stylefeng', '冯硕楠', NULL, 'syh39', '2020-07-01', 1, NULL, '18200001103', NULL, '39.106.98.24', '2020-07-12 14:59:41', 2, 0, '2020-07-08 11:10:16', 1265476890672672808, '2020-07-12 14:59:41', -1);
 
INSERT INTO `sys_user` VALUES (1280709549107552257, 'xuyuxiang', '2a4ff388bf923a7b3382fc904b015d2e', '就是那个锅', '徐玉祥', NULL, 'j4di1', '2020-07-01', 1, NULL, '18200001100', NULL, '127.0.0.1', '2020-07-09 10:58:59', 2, 0, '2020-07-08 11:45:26', 1265476890672672808, '2020-07-09 10:58:59', -1);
 
INSERT INTO `sys_user` VALUES (1265476890672672808, 'superAdmin', '$2a$09$PiCiFNspSlTBE9CakVs8ZOqx0xa03X9wOm01gMasHch4929TpEWCC', '超级管理员', '超级管理员', NULL, '2020-03-18', 1, 'superAdmin@qq.com', '15228937093', '12345678', '127.0.0.1', '2020-07-16 10:51:01', 1, 0, '2020-05-29 16:39:28', -1, '2020-07-16 10:51:01', -1);
 
INSERT INTO `sys_user` VALUES (1275735541155614721, 'yubaoshan', '$2a$09$PiCiFNspSlTBE9CakVs8ZOqx0xa03X9wOm01gMasHch4929TpEWCC', 'Await', '俞宝山', NULL, '1992-10-03', 1, 'await183@qq.com', '18200001102', '', '127.0.0.1', '2020-07-08 15:38:59', 2, 0, '2020-06-24 18:20:30', 1265476890672672808, '2020-07-08 15:48:39', 1265476890672672808);
 
INSERT INTO `sys_user` VALUES (1280700700074041345, 'fengshuonan', '$2a$09$PiCiFNspSlTBE9CakVs8ZOqx0xa03X9wOm01gMasHch4929TpEWCC', 'stylefeng', '冯硕楠', NULL, '2020-07-01', 1, NULL, '18200001103', NULL, '39.106.98.24', '2020-07-12 14:59:41', 2, 0, '2020-07-08 11:10:16', 1265476890672672808, '2020-07-12 14:59:41', -1);
 
INSERT INTO `sys_user` VALUES (1280709549107552257, 'xuyuxiang', '$2a$09$PiCiFNspSlTBE9CakVs8ZOqx0xa03X9wOm01gMasHch4929TpEWCC', '就是那个锅', '徐玉祥', NULL, '2020-07-01', 1, NULL, '18200001100', NULL, '127.0.0.1', '2020-07-09 10:58:59', 2, 0, '2020-07-08 11:45:26', 1265476890672672808, '2020-07-09 10:58:59', -1);
 
-- ----------------------------
 
-- Table structure for sys_user_data_scope

+ 3 - 13
guns-base-support/guns-system/src/main/java/cn/stylefeng/guns/sys/modular/auth/service/impl/AuthServiceImpl.java
Ver ficheiro 

@ -27,7 +27,6 @@ package cn.stylefeng.guns.sys.modular.auth.service.impl;
 
import cn.hutool.core.bean.BeanUtil;
 
import cn.hutool.core.date.DateTime;
 
import cn.hutool.core.util.ObjectUtil;
 
import cn.hutool.crypto.SecureUtil;
 
import cn.stylefeng.guns.core.consts.CommonConstant;
 
import cn.stylefeng.guns.core.context.constant.ConstantContextHolder;
 
import cn.stylefeng.guns.core.enums.CommonStatusEnum;
 
@ -52,6 +51,7 @@ import org.springframework.security.core.Authentication;
 
import org.springframework.security.core.context.SecurityContextHolder;
 
import org.springframework.security.core.userdetails.UserDetailsService;
 
import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
import org.springframework.security.crypto.bcrypt.BCrypt;
 
import org.springframework.stereotype.Service;
 
import javax.annotation.Resource;
 
@ -89,20 +89,10 @@ public class AuthServiceImpl implements AuthService, UserDetailsService {
 
            throw new AuthException(AuthExceptionEnum.ACCOUNT_PWD_ERROR);
 
        }
 
        String sysUserSalt = sysUser.getSalt();
 
        //盐值不能为空
 
        if (ObjectUtil.isEmpty(sysUserSalt)) {
 
            LogManager.me().executeLoginLog(sysUser.getAccount(), LogSuccessStatusEnum.FAIL.getCode(), AuthExceptionEnum.USER_SALT_EMPTY.getMessage());
 
            throw new AuthException(AuthExceptionEnum.USER_SALT_EMPTY);
 
        }
 
        String requestMd5 = SecureUtil.md5(password + sysUserSalt);
 
        String passwordMd5 = sysUser.getPassword();
 
        String passwordBCrypt = sysUser.getPassword();
 
        //验证账号密码是否正确
 
        if (ObjectUtil.isEmpty(passwordMd5) || !requestMd5.equals(passwordMd5)) {
 
        if (ObjectUtil.isEmpty(passwordBCrypt) || !BCrypt.checkpw(password, passwordBCrypt)) {
 
            LogManager.me().executeLoginLog(sysUser.getAccount(), LogSuccessStatusEnum.FAIL.getCode(), AuthExceptionEnum.ACCOUNT_PWD_ERROR.getMessage());
 
            throw new AuthException(AuthExceptionEnum.ACCOUNT_PWD_ERROR);
 
        }

+ 0 - 5
guns-base-support/guns-system/src/main/java/cn/stylefeng/guns/sys/modular/user/entity/SysUser.java
Ver ficheiro 

@ -79,11 +79,6 @@ public class SysUser extends BaseEntity {
 
     */
 
    private Long avatar;
 
    /**
 
     * md5密码盐
 
     */
 
    private String salt;
 
    /**
 
     * 生日
 
     */

+ 2 - 7
guns-base-support/guns-system/src/main/java/cn/stylefeng/guns/sys/modular/user/factory/SysUserFactory.java
Ver ficheiro 

@ -25,13 +25,12 @@ Guns采用APACHE LICENSE 2.0开源协议,您在使用过程中,需要注意
 
package cn.stylefeng.guns.sys.modular.user.factory;
 
import cn.hutool.core.util.ObjectUtil;
 
import cn.hutool.core.util.RandomUtil;
 
import cn.hutool.crypto.SecureUtil;
 
import cn.stylefeng.guns.core.context.constant.ConstantContextHolder;
 
import cn.stylefeng.guns.sys.core.enums.AdminTypeEnum;
 
import cn.stylefeng.guns.core.enums.CommonStatusEnum;
 
import cn.stylefeng.guns.sys.core.enums.SexEnum;
 
import cn.stylefeng.guns.sys.modular.user.entity.SysUser;
 
import org.springframework.security.crypto.bcrypt.BCrypt;
 
/**
 
 * 填充用户附加信息工厂
 
@ -60,16 +59,12 @@ public class SysUserFactory {
 
     * @date 2020/3/23 16:50
 
     */
 
    public static void fillBaseUserInfo(SysUser sysUser) {
 
        //盐值为空则设置盐值
 
        if(ObjectUtil.isEmpty(sysUser.getSalt())) {
 
            sysUser.setSalt(RandomUtil.randomString(5));
 
        }
 
        //密码为空则设置密码
 
        if(ObjectUtil.isEmpty(sysUser.getPassword())) {
 
            //没有密码则设置默认密码
 
            String password = ConstantContextHolder.getDefaultPassWord();
 
            //设置密码为Md5加密后的密码
 
            sysUser.setPassword(SecureUtil.md5(password + sysUser.getSalt()));
 
            sysUser.setPassword(BCrypt.hashpw(password, BCrypt.gensalt()));
 
        }
 
        if(ObjectUtil.isEmpty(sysUser.getAvatar())) {

+ 9 - 11
guns-base-support/guns-system/src/main/java/cn/stylefeng/guns/sys/modular/user/service/impl/SysUserServiceImpl.java
Ver ficheiro 

@ -28,7 +28,6 @@ import cn.hutool.core.bean.BeanUtil;
 
import cn.hutool.core.collection.CollectionUtil;
 
import cn.hutool.core.lang.Dict;
 
import cn.hutool.core.util.ObjectUtil;
 
import cn.hutool.crypto.SecureUtil;
 
import cn.stylefeng.guns.core.consts.SymbolConstant;
 
import cn.stylefeng.guns.core.context.constant.ConstantContextHolder;
 
import cn.stylefeng.guns.core.context.login.LoginContextHolder;
 
@ -59,6 +58,7 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
 
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 
import org.springframework.security.crypto.bcrypt.BCrypt;
 
import org.springframework.stereotype.Service;
 
import org.springframework.transaction.annotation.Transactional;
 
@ -181,6 +181,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 
        SysUser sysUser = new SysUser();
 
        BeanUtil.copyProperties(sysUserParam, sysUser);
 
        SysUserFactory.fillAddCommonUserInfo(sysUser);
 
        sysUser.setPassword(BCrypt.hashpw(sysUser.getPassword(), BCrypt.gensalt()));
 
        this.save(sysUser);
 
        Long sysUserId = sysUser.getId();
 
        //增加员工信息
 
@ -351,18 +352,15 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 
    @Override
 
    public void updatePwd(SysUserParam sysUserParam) {
 
        SysUser sysUser = this.querySysUser(sysUserParam);
 
        String passwordMd5 = SecureUtil.md5(sysUserParam.getPassword() + sysUser.getSalt());
 
        String currentPwdMd5 = sysUser.getPassword();
 
        //原密码错误
 
        if (!passwordMd5.equals(currentPwdMd5)) {
 
            throw new ServiceException(SysUserExceptionEnum.USER_PWD_ERROR);
 
        }
 
        String newPasswordMd5 = SecureUtil.md5(sysUserParam.getNewPassword() + sysUser.getSalt());
 
        //新密码与原密码相同
 
        if (passwordMd5.equals(newPasswordMd5)) {
 
        if (sysUserParam.getNewPassword().equals(sysUserParam.getPassword())) {
 
            throw new ServiceException(SysUserExceptionEnum.USER_PWD_REPEAT);
 
        }
 
        sysUser.setPassword(newPasswordMd5);
 
        //原密码错误
 
        if (!BCrypt.checkpw(sysUserParam.getPassword(), sysUser.getPassword())) {
 
            throw new ServiceException(SysUserExceptionEnum.USER_PWD_ERROR);
 
        }
 
        sysUser.setPassword(BCrypt.hashpw(sysUserParam.getNewPassword(), BCrypt.gensalt()));
 
        this.updateById(sysUser);
 
    }
 
@ -408,7 +406,7 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 
    public void resetPwd(SysUserParam sysUserParam) {
 
        SysUser sysUser = this.querySysUser(sysUserParam);
 
        String password = ConstantContextHolder.getDefaultPassWord();
 
        sysUser.setPassword(SecureUtil.md5(password + sysUser.getSalt()));
 
        sysUser.setPassword(BCrypt.hashpw(password, BCrypt.gensalt()));
 
        this.updateById(sysUser);
 
    }