fix 个人信息修改密码接口,隐藏新旧密码参数明文

2.X
bleachtred 1 year ago
parent ff9e541838
commit 1fb5e2d6d4

@ -9,6 +9,7 @@ import org.apache.dubbo.config.annotation.DubboReference;
import org.dromara.common.core.domain.R; import org.dromara.common.core.domain.R;
import org.dromara.common.core.utils.StringUtils; import org.dromara.common.core.utils.StringUtils;
import org.dromara.common.core.utils.file.MimeTypeUtils; import org.dromara.common.core.utils.file.MimeTypeUtils;
import org.dromara.common.core.validate.auth.PasswordGroup;
import org.dromara.common.web.core.BaseController; import org.dromara.common.web.core.BaseController;
import org.dromara.common.log.annotation.Log; import org.dromara.common.log.annotation.Log;
import org.dromara.common.log.enums.BusinessType; import org.dromara.common.log.enums.BusinessType;
@ -16,6 +17,7 @@ import org.dromara.common.satoken.utils.LoginHelper;
import org.dromara.resource.api.RemoteFileService; import org.dromara.resource.api.RemoteFileService;
import org.dromara.resource.api.domain.RemoteFile; import org.dromara.resource.api.domain.RemoteFile;
import org.dromara.system.domain.bo.SysUserBo; import org.dromara.system.domain.bo.SysUserBo;
import org.dromara.system.domain.bo.SysUserPasswordBo;
import org.dromara.system.domain.bo.SysUserProfileBo; import org.dromara.system.domain.bo.SysUserProfileBo;
import org.dromara.system.domain.vo.AvatarVo; import org.dromara.system.domain.vo.AvatarVo;
import org.dromara.system.domain.vo.ProfileVo; import org.dromara.system.domain.vo.ProfileVo;
@ -81,22 +83,21 @@ public class SysProfileController extends BaseController {
/** /**
* *
* *
* @param newPassword * @param bo
* @param oldPassword
*/ */
@Log(title = "个人信息", businessType = BusinessType.UPDATE) @Log(title = "个人信息", businessType = BusinessType.UPDATE)
@PutMapping("/updatePwd") @PutMapping("/updatePwd")
public R<Void> updatePwd(String oldPassword, String newPassword) { public R<Void> updatePwd(@Validated(PasswordGroup.class) @RequestBody SysUserPasswordBo bo) {
SysUserVo user = userService.selectUserById(LoginHelper.getUserId()); SysUserVo user = userService.selectUserById(LoginHelper.getUserId());
String password = user.getPassword(); String password = user.getPassword();
if (!BCrypt.checkpw(oldPassword, password)) { if (!BCrypt.checkpw(bo.getOldPassword(), password)) {
return R.fail("修改密码失败,旧密码错误"); return R.fail("修改密码失败,旧密码错误");
} }
if (BCrypt.checkpw(newPassword, password)) { if (BCrypt.checkpw(bo.getNewPassword(), password)) {
return R.fail("新密码不能与旧密码相同"); return R.fail("新密码不能与旧密码相同");
} }
if (userService.resetUserPwd(user.getUserId(), BCrypt.hashpw(newPassword)) > 0) { if (userService.resetUserPwd(user.getUserId(), BCrypt.hashpw(bo.getNewPassword())) > 0) {
return R.ok(); return R.ok();
} }
return R.fail("修改密码异常,请联系管理员"); return R.fail("修改密码异常,请联系管理员");

@ -0,0 +1,30 @@
package org.dromara.system.domain.bo;
import jakarta.validation.constraints.NotBlank;
import lombok.Data;
import org.dromara.common.core.validate.auth.PasswordGroup;
import java.io.Serial;
import java.io.Serializable;
/**
* bo
*/
@Data
public class SysUserPasswordBo implements Serializable {
@Serial
private static final long serialVersionUID = 1L;
/**
*
*/
@NotBlank(message = "旧密码不能为空", groups = { PasswordGroup.class })
private String oldPassword;
/**
*
*/
@NotBlank(message = "新密码不能为空", groups = { PasswordGroup.class })
private String newPassword;
}
Loading…
Cancel
Save