From abd569d79a346d9066c4b239dbc452861b26a6cb Mon Sep 17 00:00:00 2001
From: 64850858 <648540858@qq.com>
Date: 星期二, 08 六月 2021 14:43:03 +0800
Subject: [PATCH] 添加注册失败时回复403避免陷入401循环
---
src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java | 34 ++++++++++++++++++++--------------
1 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java b/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
index 4fd7b96..b552e1e 100644
--- a/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
+++ b/src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
@@ -3,16 +3,13 @@
import com.genersoft.iot.vmp.conf.security.SecurityUtils;
import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
import com.genersoft.iot.vmp.service.IUserService;
-import com.genersoft.iot.vmp.storager.dao.dto.User;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.util.DigestUtils;
-import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
import javax.security.sasl.AuthenticationException;
@@ -24,10 +21,10 @@
public class UserController {
@Autowired
- AuthenticationManager authenticationManager;
+ private AuthenticationManager authenticationManager;
@Autowired
- IUserService userService;
+ private IUserService userService;
@ApiOperation("鐧诲綍")
@ApiImplicitParams({
@@ -36,7 +33,7 @@
})
@GetMapping("/login")
public String login(String username, String password){
- LoginUser user = null;
+ LoginUser user;
try {
user = SecurityUtils.login(username, password, authenticationManager);
} catch (AuthenticationException e) {
@@ -53,17 +50,26 @@
@ApiOperation("淇敼瀵嗙爜")
@ApiImplicitParams({
@ApiImplicitParam(name = "username", value = "鐢ㄦ埛鍚�", dataTypeClass = String.class),
- @ApiImplicitParam(name = "password", value = "瀵嗙爜锛堟湭md5鍔犲瘑鐨勫瘑鐮侊級", dataTypeClass = String.class),
+ @ApiImplicitParam(name = "oldpassword", value = "鏃у瘑鐮侊紙宸瞞d5鍔犲瘑鐨勫瘑鐮侊級", dataTypeClass = String.class),
+ @ApiImplicitParam(name = "password", value = "鏂板瘑鐮侊紙鏈猰d5鍔犲瘑鐨勫瘑鐮侊級", dataTypeClass = String.class),
})
@PostMapping("/changePassword")
- public String changePassword(String password){
+ public String changePassword(String oldpassword, String password){
// 鑾峰彇褰撳墠鐧诲綍鐢ㄦ埛id
- int userId = SecurityUtils.getUserId();
- boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes()));
- if (result) {
- return "success";
- }else {
- return "fail";
+ String username = SecurityUtils.getUserInfo().getUsername();
+ LoginUser user = null;
+ try {
+ user = SecurityUtils.login(username, oldpassword, authenticationManager);
+ if (user != null) {
+ int userId = SecurityUtils.getUserId();
+ boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes()));
+ if (result) {
+ return "success";
+ }
+ }
+ } catch (AuthenticationException e) {
+ e.printStackTrace();
}
+ return "fail";
}
}
--
Gitblit v1.8.0