From a70e327a8efaf38d74911ea568419a087fbd235a Mon Sep 17 00:00:00 2001
From: lawrencehj <1934378145@qq.com>
Date: 星期四, 15 四月 2021 11:42:05 +0800
Subject: [PATCH] 修改用户密码前先验证旧密码,增加安全性
---
web_src/src/components/Login.vue | 2
src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java | 1
web_src/src/components/dialog/changePassword.vue | 27 ++++++++++---
src/main/java/com/genersoft/iot/vmp/web/AuthController.java | 2 -
src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java | 2 -
src/main/java/com/genersoft/iot/vmp/storager/dao/UserMapper.java | 1
src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java | 9 +---
src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java | 28 ++++++++-----
8 files changed, 41 insertions(+), 31 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java b/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java
index 2064470..d4e25e3 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/AnonymousAuthenticationEntryPoint.java
@@ -7,7 +7,6 @@
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.stereotype.Component;
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java b/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java
index c010335..63569ef 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/DefaultUserDetailsServiceImpl.java
@@ -7,17 +7,12 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.CredentialsContainer;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
-import org.springframework.stereotype.Service;
import java.time.LocalDateTime;
-import java.util.Collection;
/**
* 鐢ㄦ埛鐧诲綍璁よ瘉閫昏緫
@@ -39,12 +34,12 @@
// 鏌ュ嚭瀵嗙爜
User user = userService.getUserByUsername(username);
- String password = SecurityUtils.encryptPassword(user.getPassword());
- user.setPassword(password);
if (user == null) {
logger.info("鐧诲綍鐢ㄦ埛锛歿} 涓嶅瓨鍦�", username);
throw new UsernameNotFoundException("鐧诲綍鐢ㄦ埛锛�" + username + " 涓嶅瓨鍦�");
}
+ String password = SecurityUtils.encryptPassword(user.getPassword());
+ user.setPassword(password);
return new LoginUser(user, LocalDateTime.now());
}
diff --git a/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java b/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java
index d186d84..81b3408 100644
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/SecurityUtils.java
@@ -1,8 +1,6 @@
package com.genersoft.iot.vmp.conf.security;
import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
-import com.genersoft.iot.vmp.storager.dao.dto.User;
-import gov.nist.javax.sip.address.UserInfo;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
diff --git a/src/main/java/com/genersoft/iot/vmp/storager/dao/UserMapper.java b/src/main/java/com/genersoft/iot/vmp/storager/dao/UserMapper.java
index e16cadc..f8507cb 100644
--- a/src/main/java/com/genersoft/iot/vmp/storager/dao/UserMapper.java
+++ b/src/main/java/com/genersoft/iot/vmp/storager/dao/UserMapper.java
@@ -1,6 +1,5 @@
package com.genersoft.iot.vmp.storager.dao;
-import com.genersoft.iot.vmp.gb28181.bean.GbStream;
import com.genersoft.iot.vmp.storager.dao.dto.User;
import org.apache.ibatis.annotations.*;
import org.springframework.stereotype.Repository;
diff --git a/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java b/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
index 4fd7b96..706f97e 100644
--- a/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
+++ b/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
@@ -3,16 +3,13 @@
import com.genersoft.iot.vmp.conf.security.SecurityUtils;
import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
import com.genersoft.iot.vmp.service.IUserService;
-import com.genersoft.iot.vmp.storager.dao.dto.User;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.util.DigestUtils;
-import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
import javax.security.sasl.AuthenticationException;
@@ -53,17 +50,26 @@
@ApiOperation("淇敼瀵嗙爜")
@ApiImplicitParams({
@ApiImplicitParam(name = "username", value = "鐢ㄦ埛鍚�", dataTypeClass = String.class),
- @ApiImplicitParam(name = "password", value = "瀵嗙爜锛堟湭md5鍔犲瘑鐨勫瘑鐮侊級", dataTypeClass = String.class),
+ @ApiImplicitParam(name = "oldpassword", value = "鏃у瘑鐮侊紙宸瞞d5鍔犲瘑鐨勫瘑鐮侊級", dataTypeClass = String.class),
+ @ApiImplicitParam(name = "password", value = "鏂板瘑鐮侊紙鏈猰d5鍔犲瘑鐨勫瘑鐮侊級", dataTypeClass = String.class),
})
@PostMapping("/changePassword")
- public String changePassword(String password){
+ public String changePassword(String oldpassword, String password){
// 鑾峰彇褰撳墠鐧诲綍鐢ㄦ埛id
- int userId = SecurityUtils.getUserId();
- boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes()));
- if (result) {
- return "success";
- }else {
- return "fail";
+ String username = SecurityUtils.getUserInfo().getUsername();
+ LoginUser user = null;
+ try {
+ user = SecurityUtils.login(username, oldpassword, authenticationManager);
+ if (user != null) {
+ int userId = SecurityUtils.getUserId();
+ boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes()));
+ if (result) {
+ return "success";
+ }
+ }
+ } catch (AuthenticationException e) {
+ e.printStackTrace();
}
+ return "fail";
}
}
diff --git a/src/main/java/com/genersoft/iot/vmp/web/AuthController.java b/src/main/java/com/genersoft/iot/vmp/web/AuthController.java
index 1a02c1e..f4a2af8 100644
--- a/src/main/java/com/genersoft/iot/vmp/web/AuthController.java
+++ b/src/main/java/com/genersoft/iot/vmp/web/AuthController.java
@@ -3,8 +3,6 @@
import com.genersoft.iot.vmp.service.IUserService;
import com.genersoft.iot.vmp.storager.dao.dto.User;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
@CrossOrigin
diff --git a/web_src/src/components/Login.vue b/web_src/src/components/Login.vue
index 65c27f6..6adf4a8 100644
--- a/web_src/src/components/Login.vue
+++ b/web_src/src/components/Login.vue
@@ -63,7 +63,7 @@
this.$axios({
method: 'get',
- url:"/api/user/login",
+ url:"/api/user/login",
params: loginParam
}).then(function (res) {
console.log(JSON.stringify(res));
diff --git a/web_src/src/components/dialog/changePassword.vue b/web_src/src/components/dialog/changePassword.vue
index 5842df0..39aba8d 100644
--- a/web_src/src/components/dialog/changePassword.vue
+++ b/web_src/src/components/dialog/changePassword.vue
@@ -11,6 +11,9 @@
>
<div id="shared" style="margin-right: 20px;">
<el-form ref="passwordForm" :rules="rules" status-icon label-width="80px">
+ <el-form-item label="鏃у瘑鐮�" prop="oldPassword" >
+ <el-input v-model="oldPassword" autocomplete="off"></el-input>
+ </el-form-item>
<el-form-item label="鏂板瘑鐮�" prop="newPassword" >
<el-input v-model="newPassword" autocomplete="off"></el-input>
</el-form-item>
@@ -31,15 +34,23 @@
</template>
<script>
+import crypto from 'crypto'
export default {
name: "changePassword",
props: {},
computed: {},
created() {},
data() {
- let validatePass = (rule, value, callback) => {
+ let validatePass0 = (rule, value, callback) => {
if (value === '') {
- callback(new Error('璇疯緭鍏ュ瘑鐮�'));
+ callback(new Error('璇疯緭鍏ユ棫瀵嗙爜'));
+ } else {
+ callback();
+ }
+ };
+ let validatePass1 = (rule, value, callback) => {
+ if (value === '') {
+ callback(new Error('璇疯緭鍏ユ柊瀵嗙爜'));
} else {
if (this.confirmPassword !== '') {
this.$refs.passwordForm.validateField('confirmPassword');
@@ -57,12 +68,14 @@
}
};
return {
+ oldPassword: null,
newPassword: null,
confirmPassword: null,
showDialog: false,
isLoging: false,
rules: {
- newPassword: [{ required: true, validator: validatePass, trigger: "blur" }],
+ oldPassword: [{ required: true, validator: validatePass0, trigger: "blur" }],
+ newPassword: [{ required: true, validator: validatePass1, trigger: "blur" }],
confirmPassword: [{ required: true, validator: validatePass2, trigger: "blur" }],
},
};
@@ -76,13 +89,14 @@
method: 'post',
url:"/api/user/changePassword",
params: {
+ oldpassword: crypto.createHash('md5').update(this.oldPassword, "utf8").digest('hex'),
password: this.newPassword
}
}).then((res)=> {
if (res.data === "success"){
this.$message({
showClose: true,
- message: '淇敼鎴愬姛锛岃閲嶆柊鐧婚檰',
+ message: '淇敼鎴愬姛锛岃閲嶆柊鐧诲綍',
type: 'success'
});
this.showDialog = false;
@@ -99,8 +113,9 @@
},
close: function () {
this.showDialog = false;
- this.newPassword= null;
- this.confirmPassword=null;
+ this.oldPassword = null;
+ this.newPassword = null;
+ this.confirmPassword = null;
},
},
};
--
Gitblit v1.8.0