From a70e327a8efaf38d74911ea568419a087fbd235a Mon Sep 17 00:00:00 2001 From: lawrencehj <1934378145@qq.com> Date: 星期四, 15 四月 2021 11:42:05 +0800 Subject: [PATCH] 修改用户密码前先验证旧密码,增加安全性 --- web_src/src/components/Login.vue | 2 src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java | 1 web_src/src/components/dialog/changePassword.vue | 27 ++++++++++--- src/main/java/com/genersoft/iot/vmp/web/AuthController.java | 2 - src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java | 2 - src/main/java/com/genersoft/iot/vmp/storager/dao/UserMapper.java | 1 src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java | 9 +--- src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java | 28 ++++++++----- 8 files changed, 41 insertions(+), 31 deletions(-) diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java b/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java index 2064470..d4e25e3 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java @@ -7,7 +7,6 @@ import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.stereotype.Component; -import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java b/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java index c010335..63569ef 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java @@ -7,17 +7,12 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.CredentialsContainer; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.SpringSecurityCoreVersion; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; -import org.springframework.stereotype.Service; import java.time.LocalDateTime; -import java.util.Collection; /** * 鐢ㄦ埛鐧诲綍璁よ瘉閫昏緫 @@ -39,12 +34,12 @@ // 鏌ュ嚭瀵嗙爜 User user = userService.getUserByUsername(username); - String password = SecurityUtils.encryptPassword(user.getPassword()); - user.setPassword(password); if (user == null) { logger.info("鐧诲綍鐢ㄦ埛锛歿} 涓嶅瓨鍦�", username); throw new UsernameNotFoundException("鐧诲綍鐢ㄦ埛锛�" + username + " 涓嶅瓨鍦�"); } + String password = SecurityUtils.encryptPassword(user.getPassword()); + user.setPassword(password); return new LoginUser(user, LocalDateTime.now()); } diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java b/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java index d186d84..81b3408 100644 --- a/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java +++ b/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java @@ -1,8 +1,6 @@ package com.genersoft.iot.vmp.conf.security; import com.genersoft.iot.vmp.conf.security.dto.LoginUser; -import com.genersoft.iot.vmp.storager.dao.dto.User; -import gov.nist.javax.sip.address.UserInfo; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; diff --git a/src/main/java/com/genersoft/iot/vmp/storager/dao/UserMapper.java b/src/main/java/com/genersoft/iot/vmp/storager/dao/UserMapper.java index e16cadc..f8507cb 100644 --- a/src/main/java/com/genersoft/iot/vmp/storager/dao/UserMapper.java +++ b/src/main/java/com/genersoft/iot/vmp/storager/dao/UserMapper.java @@ -1,6 +1,5 @@ package com.genersoft.iot.vmp.storager.dao; -import com.genersoft.iot.vmp.gb28181.bean.GbStream; import com.genersoft.iot.vmp.storager.dao.dto.User; import org.apache.ibatis.annotations.*; import org.springframework.stereotype.Repository; diff --git a/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java b/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java index 4fd7b96..706f97e 100644 --- a/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java +++ b/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java @@ -3,16 +3,13 @@ import com.genersoft.iot.vmp.conf.security.SecurityUtils; import com.genersoft.iot.vmp.conf.security.dto.LoginUser; import com.genersoft.iot.vmp.service.IUserService; -import com.genersoft.iot.vmp.storager.dao.dto.User; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiOperation; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.util.DigestUtils; -import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; import javax.security.sasl.AuthenticationException; @@ -53,17 +50,26 @@ @ApiOperation("淇敼瀵嗙爜") @ApiImplicitParams({ @ApiImplicitParam(name = "username", value = "鐢ㄦ埛鍚�", dataTypeClass = String.class), - @ApiImplicitParam(name = "password", value = "瀵嗙爜锛堟湭md5鍔犲瘑鐨勫瘑鐮侊級", dataTypeClass = String.class), + @ApiImplicitParam(name = "oldpassword", value = "鏃у瘑鐮侊紙宸瞞d5鍔犲瘑鐨勫瘑鐮侊級", dataTypeClass = String.class), + @ApiImplicitParam(name = "password", value = "鏂板瘑鐮侊紙鏈猰d5鍔犲瘑鐨勫瘑鐮侊級", dataTypeClass = String.class), }) @PostMapping("/changePassword") - public String changePassword(String password){ + public String changePassword(String oldpassword, String password){ // 鑾峰彇褰撳墠鐧诲綍鐢ㄦ埛id - int userId = SecurityUtils.getUserId(); - boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes())); - if (result) { - return "success"; - }else { - return "fail"; + String username = SecurityUtils.getUserInfo().getUsername(); + LoginUser user = null; + try { + user = SecurityUtils.login(username, oldpassword, authenticationManager); + if (user != null) { + int userId = SecurityUtils.getUserId(); + boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes())); + if (result) { + return "success"; + } + } + } catch (AuthenticationException e) { + e.printStackTrace(); } + return "fail"; } } diff --git a/src/main/java/com/genersoft/iot/vmp/web/AuthController.java b/src/main/java/com/genersoft/iot/vmp/web/AuthController.java index 1a02c1e..f4a2af8 100644 --- a/src/main/java/com/genersoft/iot/vmp/web/AuthController.java +++ b/src/main/java/com/genersoft/iot/vmp/web/AuthController.java @@ -3,8 +3,6 @@ import com.genersoft.iot.vmp.service.IUserService; import com.genersoft.iot.vmp.storager.dao.dto.User; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.*; @CrossOrigin diff --git a/web_src/src/components/Login.vue b/web_src/src/components/Login.vue index 65c27f6..6adf4a8 100644 --- a/web_src/src/components/Login.vue +++ b/web_src/src/components/Login.vue @@ -63,7 +63,7 @@ this.$axios({ method: 'get', - url:"/api/user/login", + url:"/api/user/login", params: loginParam }).then(function (res) { console.log(JSON.stringify(res)); diff --git a/web_src/src/components/dialog/changePassword.vue b/web_src/src/components/dialog/changePassword.vue index 5842df0..39aba8d 100644 --- a/web_src/src/components/dialog/changePassword.vue +++ b/web_src/src/components/dialog/changePassword.vue @@ -11,6 +11,9 @@ > <div id="shared" style="margin-right: 20px;"> <el-form ref="passwordForm" :rules="rules" status-icon label-width="80px"> + <el-form-item label="鏃у瘑鐮�" prop="oldPassword" > + <el-input v-model="oldPassword" autocomplete="off"></el-input> + </el-form-item> <el-form-item label="鏂板瘑鐮�" prop="newPassword" > <el-input v-model="newPassword" autocomplete="off"></el-input> </el-form-item> @@ -31,15 +34,23 @@ </template> <script> +import crypto from 'crypto' export default { name: "changePassword", props: {}, computed: {}, created() {}, data() { - let validatePass = (rule, value, callback) => { + let validatePass0 = (rule, value, callback) => { if (value === '') { - callback(new Error('璇疯緭鍏ュ瘑鐮�')); + callback(new Error('璇疯緭鍏ユ棫瀵嗙爜')); + } else { + callback(); + } + }; + let validatePass1 = (rule, value, callback) => { + if (value === '') { + callback(new Error('璇疯緭鍏ユ柊瀵嗙爜')); } else { if (this.confirmPassword !== '') { this.$refs.passwordForm.validateField('confirmPassword'); @@ -57,12 +68,14 @@ } }; return { + oldPassword: null, newPassword: null, confirmPassword: null, showDialog: false, isLoging: false, rules: { - newPassword: [{ required: true, validator: validatePass, trigger: "blur" }], + oldPassword: [{ required: true, validator: validatePass0, trigger: "blur" }], + newPassword: [{ required: true, validator: validatePass1, trigger: "blur" }], confirmPassword: [{ required: true, validator: validatePass2, trigger: "blur" }], }, }; @@ -76,13 +89,14 @@ method: 'post', url:"/api/user/changePassword", params: { + oldpassword: crypto.createHash('md5').update(this.oldPassword, "utf8").digest('hex'), password: this.newPassword } }).then((res)=> { if (res.data === "success"){ this.$message({ showClose: true, - message: '淇敼鎴愬姛锛岃閲嶆柊鐧婚檰', + message: '淇敼鎴愬姛锛岃閲嶆柊鐧诲綍', type: 'success' }); this.showDialog = false; @@ -99,8 +113,9 @@ }, close: function () { this.showDialog = false; - this.newPassword= null; - this.confirmPassword=null; + this.oldPassword = null; + this.newPassword = null; + this.confirmPassword = null; }, }, }; -- Gitblit v1.8.0