Merge pull request #84 from lawrencehj/wvp-28181-2.0

修改用户密码前先验证旧密码,增加安全性
pull/87/head
648540858 2021-04-15 11:52:14 +08:00 committed by GitHub
commit 662ce3b484
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 41 additions and 31 deletions

View File

@ -7,7 +7,6 @@ import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;

View File

@ -7,17 +7,12 @@ import com.github.xiaoymin.knife4j.core.util.StrUtil;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.CredentialsContainer;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.stereotype.Service;
import java.time.LocalDateTime; import java.time.LocalDateTime;
import java.util.Collection;
/** /**
* *
@ -39,12 +34,12 @@ public class DefaultUserDetailsServiceImpl implements UserDetailsService {
// 查出密码 // 查出密码
User user = userService.getUserByUsername(username); User user = userService.getUserByUsername(username);
String password = SecurityUtils.encryptPassword(user.getPassword());
user.setPassword(password);
if (user == null) { if (user == null) {
logger.info("登录用户:{} 不存在", username); logger.info("登录用户:{} 不存在", username);
throw new UsernameNotFoundException("登录用户:" + username + " 不存在"); throw new UsernameNotFoundException("登录用户:" + username + " 不存在");
} }
String password = SecurityUtils.encryptPassword(user.getPassword());
user.setPassword(password);
return new LoginUser(user, LocalDateTime.now()); return new LoginUser(user, LocalDateTime.now());
} }

View File

@ -1,8 +1,6 @@
package com.genersoft.iot.vmp.conf.security; package com.genersoft.iot.vmp.conf.security;
import com.genersoft.iot.vmp.conf.security.dto.LoginUser; import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
import com.genersoft.iot.vmp.storager.dao.dto.User;
import gov.nist.javax.sip.address.UserInfo;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;

View File

@ -1,6 +1,5 @@
package com.genersoft.iot.vmp.storager.dao; package com.genersoft.iot.vmp.storager.dao;
import com.genersoft.iot.vmp.gb28181.bean.GbStream;
import com.genersoft.iot.vmp.storager.dao.dto.User; import com.genersoft.iot.vmp.storager.dao.dto.User;
import org.apache.ibatis.annotations.*; import org.apache.ibatis.annotations.*;
import org.springframework.stereotype.Repository; import org.springframework.stereotype.Repository;

View File

@ -3,16 +3,13 @@ package com.genersoft.iot.vmp.vmanager.user;
import com.genersoft.iot.vmp.conf.security.SecurityUtils; import com.genersoft.iot.vmp.conf.security.SecurityUtils;
import com.genersoft.iot.vmp.conf.security.dto.LoginUser; import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
import com.genersoft.iot.vmp.service.IUserService; import com.genersoft.iot.vmp.service.IUserService;
import com.genersoft.iot.vmp.storager.dao.dto.User;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.util.DigestUtils; import org.springframework.util.DigestUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import javax.security.sasl.AuthenticationException; import javax.security.sasl.AuthenticationException;
@ -53,17 +50,26 @@ public class UserController {
@ApiOperation("修改密码") @ApiOperation("修改密码")
@ApiImplicitParams({ @ApiImplicitParams({
@ApiImplicitParam(name = "username", value = "用户名", dataTypeClass = String.class), @ApiImplicitParam(name = "username", value = "用户名", dataTypeClass = String.class),
@ApiImplicitParam(name = "password", value = "密码未md5加密的密码", dataTypeClass = String.class), @ApiImplicitParam(name = "oldpassword", value = "旧密码已md5加密的密码", dataTypeClass = String.class),
@ApiImplicitParam(name = "password", value = "新密码未md5加密的密码", dataTypeClass = String.class),
}) })
@PostMapping("/changePassword") @PostMapping("/changePassword")
public String changePassword(String password){ public String changePassword(String oldpassword, String password){
// 获取当前登录用户id // 获取当前登录用户id
int userId = SecurityUtils.getUserId(); String username = SecurityUtils.getUserInfo().getUsername();
boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes())); LoginUser user = null;
if (result) { try {
return "success"; user = SecurityUtils.login(username, oldpassword, authenticationManager);
}else { if (user != null) {
return "fail"; int userId = SecurityUtils.getUserId();
boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes()));
if (result) {
return "success";
}
}
} catch (AuthenticationException e) {
e.printStackTrace();
} }
return "fail";
} }
} }

View File

@ -3,8 +3,6 @@ package com.genersoft.iot.vmp.web;
import com.genersoft.iot.vmp.service.IUserService; import com.genersoft.iot.vmp.service.IUserService;
import com.genersoft.iot.vmp.storager.dao.dto.User; import com.genersoft.iot.vmp.storager.dao.dto.User;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
@CrossOrigin @CrossOrigin

View File

@ -63,7 +63,7 @@ export default {
this.$axios({ this.$axios({
method: 'get', method: 'get',
url:"/api/user/login", url:"/api/user/login",
params: loginParam params: loginParam
}).then(function (res) { }).then(function (res) {
console.log(JSON.stringify(res)); console.log(JSON.stringify(res));

View File

@ -11,6 +11,9 @@
> >
<div id="shared" style="margin-right: 20px;"> <div id="shared" style="margin-right: 20px;">
<el-form ref="passwordForm" :rules="rules" status-icon label-width="80px"> <el-form ref="passwordForm" :rules="rules" status-icon label-width="80px">
<el-form-item label="旧密码" prop="oldPassword" >
<el-input v-model="oldPassword" autocomplete="off"></el-input>
</el-form-item>
<el-form-item label="新密码" prop="newPassword" > <el-form-item label="新密码" prop="newPassword" >
<el-input v-model="newPassword" autocomplete="off"></el-input> <el-input v-model="newPassword" autocomplete="off"></el-input>
</el-form-item> </el-form-item>
@ -31,15 +34,23 @@
</template> </template>
<script> <script>
import crypto from 'crypto'
export default { export default {
name: "changePassword", name: "changePassword",
props: {}, props: {},
computed: {}, computed: {},
created() {}, created() {},
data() { data() {
let validatePass = (rule, value, callback) => { let validatePass0 = (rule, value, callback) => {
if (value === '') { if (value === '') {
callback(new Error('请输入密码')); callback(new Error('请输入旧密码'));
} else {
callback();
}
};
let validatePass1 = (rule, value, callback) => {
if (value === '') {
callback(new Error('请输入新密码'));
} else { } else {
if (this.confirmPassword !== '') { if (this.confirmPassword !== '') {
this.$refs.passwordForm.validateField('confirmPassword'); this.$refs.passwordForm.validateField('confirmPassword');
@ -57,12 +68,14 @@ export default {
} }
}; };
return { return {
oldPassword: null,
newPassword: null, newPassword: null,
confirmPassword: null, confirmPassword: null,
showDialog: false, showDialog: false,
isLoging: false, isLoging: false,
rules: { rules: {
newPassword: [{ required: true, validator: validatePass, trigger: "blur" }], oldPassword: [{ required: true, validator: validatePass0, trigger: "blur" }],
newPassword: [{ required: true, validator: validatePass1, trigger: "blur" }],
confirmPassword: [{ required: true, validator: validatePass2, trigger: "blur" }], confirmPassword: [{ required: true, validator: validatePass2, trigger: "blur" }],
}, },
}; };
@ -76,13 +89,14 @@ export default {
method: 'post', method: 'post',
url:"/api/user/changePassword", url:"/api/user/changePassword",
params: { params: {
oldpassword: crypto.createHash('md5').update(this.oldPassword, "utf8").digest('hex'),
password: this.newPassword password: this.newPassword
} }
}).then((res)=> { }).then((res)=> {
if (res.data === "success"){ if (res.data === "success"){
this.$message({ this.$message({
showClose: true, showClose: true,
message: '修改成功,请重新登', message: '修改成功,请重新登',
type: 'success' type: 'success'
}); });
this.showDialog = false; this.showDialog = false;
@ -99,8 +113,9 @@ export default {
}, },
close: function () { close: function () {
this.showDialog = false; this.showDialog = false;
this.newPassword= null; this.oldPassword = null;
this.confirmPassword=null; this.newPassword = null;
this.confirmPassword = null;
}, },
}, },
}; };