Browse Source

Merge pull request #84 from lawrencehj/wvp-28181-2.0

修改用户密码前先验证旧密码,增加安全性
pull/87/head
648540858 4 years ago
committed by GitHub
parent
commit
662ce3b484
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
  1. 1
      src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java
  2. 9
      src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java
  3. 2
      src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java
  4. 1
      src/main/java/com/genersoft/iot/vmp/storager/dao/UserMapper.java
  5. 20
      src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
  6. 2
      src/main/java/com/genersoft/iot/vmp/web/AuthController.java
  7. 23
      web_src/src/components/dialog/changePassword.vue

1
src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java

@ -7,7 +7,6 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

9
src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java

@ -7,17 +7,12 @@ import com.github.xiaoymin.knife4j.core.util.StrUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.CredentialsContainer;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;
import java.time.LocalDateTime;
import java.util.Collection;
/**
* 用户登录认证逻辑
@ -39,12 +34,12 @@ public class DefaultUserDetailsServiceImpl implements UserDetailsService {
// 查出密码
User user = userService.getUserByUsername(username);
String password = SecurityUtils.encryptPassword(user.getPassword());
user.setPassword(password);
if (user == null) {
logger.info("登录用户:{} 不存在", username);
throw new UsernameNotFoundException("登录用户:" + username + " 不存在");
}
String password = SecurityUtils.encryptPassword(user.getPassword());
user.setPassword(password);
return new LoginUser(user, LocalDateTime.now());
}

2
src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java

@ -1,8 +1,6 @@
package com.genersoft.iot.vmp.conf.security;
import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
import com.genersoft.iot.vmp.storager.dao.dto.User;
import gov.nist.javax.sip.address.UserInfo;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;

1
src/main/java/com/genersoft/iot/vmp/storager/dao/UserMapper.java

@ -1,6 +1,5 @@
package com.genersoft.iot.vmp.storager.dao;
import com.genersoft.iot.vmp.gb28181.bean.GbStream;
import com.genersoft.iot.vmp.storager.dao.dto.User;
import org.apache.ibatis.annotations.*;
import org.springframework.stereotype.Repository;

20
src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java

@ -3,16 +3,13 @@ package com.genersoft.iot.vmp.vmanager.user;
import com.genersoft.iot.vmp.conf.security.SecurityUtils;
import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
import com.genersoft.iot.vmp.service.IUserService;
import com.genersoft.iot.vmp.storager.dao.dto.User;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.util.DigestUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
import javax.security.sasl.AuthenticationException;
@ -53,17 +50,26 @@ public class UserController {
@ApiOperation("修改密码")
@ApiImplicitParams({
@ApiImplicitParam(name = "username", value = "用户名", dataTypeClass = String.class),
@ApiImplicitParam(name = "password", value = "密码(未md5加密的密码)", dataTypeClass = String.class),
@ApiImplicitParam(name = "oldpassword", value = "旧密码(已md5加密的密码)", dataTypeClass = String.class),
@ApiImplicitParam(name = "password", value = "新密码(未md5加密的密码)", dataTypeClass = String.class),
})
@PostMapping("/changePassword")
public String changePassword(String password){
public String changePassword(String oldpassword, String password){
// 获取当前登录用户id
String username = SecurityUtils.getUserInfo().getUsername();
LoginUser user = null;
try {
user = SecurityUtils.login(username, oldpassword, authenticationManager);
if (user != null) {
int userId = SecurityUtils.getUserId();
boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes()));
if (result) {
return "success";
}else {
return "fail";
}
}
} catch (AuthenticationException e) {
e.printStackTrace();
}
return "fail";
}
}

2
src/main/java/com/genersoft/iot/vmp/web/AuthController.java

@ -3,8 +3,6 @@ package com.genersoft.iot.vmp.web;
import com.genersoft.iot.vmp.service.IUserService;
import com.genersoft.iot.vmp.storager.dao.dto.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
@CrossOrigin

23
web_src/src/components/dialog/changePassword.vue

@ -11,6 +11,9 @@
>
<div id="shared" style="margin-right: 20px;">
<el-form ref="passwordForm" :rules="rules" status-icon label-width="80px">
<el-form-item label="旧密码" prop="oldPassword" >
<el-input v-model="oldPassword" autocomplete="off"></el-input>
</el-form-item>
<el-form-item label="新密码" prop="newPassword" >
<el-input v-model="newPassword" autocomplete="off"></el-input>
</el-form-item>
@ -31,15 +34,23 @@
</template>
<script>
import crypto from 'crypto'
export default {
name: "changePassword",
props: {},
computed: {},
created() {},
data() {
let validatePass = (rule, value, callback) => {
let validatePass0 = (rule, value, callback) => {
if (value === '') {
callback(new Error('请输入旧密码'));
} else {
callback();
}
};
let validatePass1 = (rule, value, callback) => {
if (value === '') {
callback(new Error('请输入密码'));
callback(new Error('请输入密码'));
} else {
if (this.confirmPassword !== '') {
this.$refs.passwordForm.validateField('confirmPassword');
@ -57,12 +68,14 @@ export default {
}
};
return {
oldPassword: null,
newPassword: null,
confirmPassword: null,
showDialog: false,
isLoging: false,
rules: {
newPassword: [{ required: true, validator: validatePass, trigger: "blur" }],
oldPassword: [{ required: true, validator: validatePass0, trigger: "blur" }],
newPassword: [{ required: true, validator: validatePass1, trigger: "blur" }],
confirmPassword: [{ required: true, validator: validatePass2, trigger: "blur" }],
},
};
@ -76,13 +89,14 @@ export default {
method: 'post',
url:"/api/user/changePassword",
params: {
oldpassword: crypto.createHash('md5').update(this.oldPassword, "utf8").digest('hex'),
password: this.newPassword
}
}).then((res)=> {
if (res.data === "success"){
this.$message({
showClose: true,
message: '修改成功,请重新登',
message: '修改成功,请重新登',
type: 'success'
});
this.showDialog = false;
@ -99,6 +113,7 @@ export default {
},
close: function () {
this.showDialog = false;
this.oldPassword = null;
this.newPassword = null;
this.confirmPassword = null;
},

Loading…
Cancel
Save