From b12b98ab1c20030d163ed5651d6fe5ce41b20928 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90li?= <15040126243@163.com> Date: Fri, 11 Feb 2022 15:04:25 +0800 Subject: [PATCH] =?UTF-8?q?update=20=E4=BD=BF=E7=94=A8=20satoken=20?= =?UTF-8?q?=E8=87=AA=E5=B8=A6=E7=9A=84=20BCrypt=20=E5=B7=A5=E5=85=B7=20?= =?UTF-8?q?=E6=9B=BF=E6=8D=A2=20Security=20=E5=8A=A0=E5=AF=86=E5=B7=A5?= =?UTF-8?q?=E5=85=B7=20=E5=87=8F=E5=B0=91=E4=BE=9D=E8=B5=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ruoyi/auth/service/SysLoginService.java | 7 ++- .../handler/PlusDataPermissionHandler.java | 3 +- .../common/satoken/utils/LoginHelper.java | 15 ++++++ .../common/security/utils/SecurityUtils.java | 47 ------------------- .../controller/SysProfileController.java | 8 ++-- .../system/controller/SysRoleController.java | 3 +- .../system/controller/SysUserController.java | 6 +-- .../listener/SysUserImportListener.java | 4 +- .../service/impl/SysMenuServiceImpl.java | 4 +- 9 files changed, 31 insertions(+), 66 deletions(-) delete mode 100644 ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/utils/SecurityUtils.java diff --git a/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java b/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java index 6f33d570..7ab9ade6 100644 --- a/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java +++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java @@ -1,15 +1,14 @@ package com.ruoyi.auth.service; +import cn.dev33.satoken.secure.BCrypt; import cn.hutool.core.util.ObjectUtil; import com.ruoyi.common.core.constant.CacheConstants; import com.ruoyi.common.core.constant.Constants; import com.ruoyi.common.core.constant.UserConstants; -import com.ruoyi.common.core.enums.UserStatus; import com.ruoyi.common.core.exception.ServiceException; import com.ruoyi.common.core.utils.ServletUtils; import com.ruoyi.common.core.utils.StringUtils; import com.ruoyi.common.redis.utils.RedisUtils; -import com.ruoyi.common.security.utils.SecurityUtils; import com.ruoyi.system.api.RemoteLogService; import com.ruoyi.system.api.RemoteUserService; import com.ruoyi.system.api.domain.SysLogininfor; @@ -77,7 +76,7 @@ public class SysLoginService { throw new ServiceException(msg, null); } - if (!SecurityUtils.matchesPassword(password, userInfo.getPassword())) { + if (!BCrypt.checkpw(password, userInfo.getPassword())) { // 是否第一次 errorNumber = ObjectUtil.isNull(errorNumber) ? 1 : errorNumber + 1; // 达到规定错误次数 则锁定登录 @@ -125,7 +124,7 @@ public class SysLoginService { SysUser sysUser = new SysUser(); sysUser.setUserName(username); sysUser.setNickName(username); - sysUser.setPassword(SecurityUtils.encryptPassword(password)); + sysUser.setPassword(BCrypt.hashpw(password)); remoteUserService.registerUserInfo(sysUser); recordLogininfor(username, Constants.REGISTER, "注册成功"); diff --git a/ruoyi-common/ruoyi-common-mybatis/src/main/java/com/ruoyi/common/mybatis/handler/PlusDataPermissionHandler.java b/ruoyi-common/ruoyi-common-mybatis/src/main/java/com/ruoyi/common/mybatis/handler/PlusDataPermissionHandler.java index fe64e619..e2191744 100644 --- a/ruoyi-common/ruoyi-common-mybatis/src/main/java/com/ruoyi/common/mybatis/handler/PlusDataPermissionHandler.java +++ b/ruoyi-common/ruoyi-common-mybatis/src/main/java/com/ruoyi/common/mybatis/handler/PlusDataPermissionHandler.java @@ -13,7 +13,6 @@ import com.ruoyi.common.mybatis.annotation.DataPermission; import com.ruoyi.common.mybatis.enums.DataScopeType; import com.ruoyi.common.mybatis.helper.DataPermissionHelper; import com.ruoyi.common.satoken.utils.LoginHelper; -import com.ruoyi.common.security.utils.SecurityUtils; import com.ruoyi.system.api.model.LoginUser; import com.ruoyi.system.api.model.RoleDTO; import lombok.extern.slf4j.Slf4j; @@ -80,7 +79,7 @@ public class PlusDataPermissionHandler { DataPermissionHelper.setVariable("user", currentUser); } // 如果是超级管理员,则不过滤数据 - if (ObjectUtil.isNull(currentUser) || SecurityUtils.isAdmin(currentUser.getUserId())) { + if (ObjectUtil.isNull(currentUser) || LoginHelper.isAdmin(currentUser.getUserId())) { return where; } String dataFilterSql = buildDataFilter(dataColumns, isSelect); diff --git a/ruoyi-common/ruoyi-common-satoken/src/main/java/com/ruoyi/common/satoken/utils/LoginHelper.java b/ruoyi-common/ruoyi-common-satoken/src/main/java/com/ruoyi/common/satoken/utils/LoginHelper.java index 422c74a0..36457887 100644 --- a/ruoyi-common/ruoyi-common-satoken/src/main/java/com/ruoyi/common/satoken/utils/LoginHelper.java +++ b/ruoyi-common/ruoyi-common-satoken/src/main/java/com/ruoyi/common/satoken/utils/LoginHelper.java @@ -118,4 +118,19 @@ public class LoginHelper { return UserType.getUserType(loginId); } + /** + * 是否为管理员 + * + * @param userId 用户ID + * @return 结果 + */ + public static boolean isAdmin(Long userId) { + return userId != null && 1L == userId; + } + + public static boolean isAdmin() { + Long userId = getUserId(); + return userId != null && 1L == userId; + } + } diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/utils/SecurityUtils.java b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/utils/SecurityUtils.java deleted file mode 100644 index 6d7c8c1a..00000000 --- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/utils/SecurityUtils.java +++ /dev/null @@ -1,47 +0,0 @@ -package com.ruoyi.common.security.utils; - -import lombok.AccessLevel; -import lombok.NoArgsConstructor; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; - -/** - * 权限获取工具类 - * - * @author ruoyi - */ -@NoArgsConstructor(access = AccessLevel.PRIVATE) -public class SecurityUtils { - - /** - * 是否为管理员 - * - * @param userId 用户ID - * @return 结果 - */ - public static boolean isAdmin(Long userId) { - return userId != null && 1L == userId; - } - - /** - * 生成BCryptPasswordEncoder密码 - * - * @param password 密码 - * @return 加密字符串 - */ - public static String encryptPassword(String password) { - BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); - return passwordEncoder.encode(password); - } - - /** - * 判断密码是否相同 - * - * @param rawPassword 真实密码 - * @param encodedPassword 加密后字符 - * @return 结果 - */ - public static boolean matchesPassword(String rawPassword, String encodedPassword) { - BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); - return passwordEncoder.matches(rawPassword, encodedPassword); - } -} diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysProfileController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysProfileController.java index cae472a9..56c423c5 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysProfileController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysProfileController.java @@ -1,5 +1,6 @@ package com.ruoyi.system.controller; +import cn.dev33.satoken.secure.BCrypt; import cn.hutool.core.util.ObjectUtil; import com.ruoyi.common.core.constant.UserConstants; import com.ruoyi.common.core.domain.R; @@ -8,7 +9,6 @@ import com.ruoyi.common.core.web.controller.BaseController; import com.ruoyi.common.log.annotation.Log; import com.ruoyi.common.log.enums.BusinessType; import com.ruoyi.common.satoken.utils.LoginHelper; -import com.ruoyi.common.security.utils.SecurityUtils; import com.ruoyi.resource.api.RemoteFileService; import com.ruoyi.resource.api.domain.SysFile; import com.ruoyi.system.api.domain.SysUser; @@ -97,13 +97,13 @@ public class SysProfileController extends BaseController { public R updatePwd(String oldPassword, String newPassword) { SysUser user = userService.selectUserById(LoginHelper.getUserId()); String password = user.getPassword(); - if (!SecurityUtils.matchesPassword(oldPassword, password)) { + if (!BCrypt.checkpw(oldPassword, password)) { return R.fail("修改密码失败,旧密码错误"); } - if (SecurityUtils.matchesPassword(newPassword, password)) { + if (BCrypt.checkpw(newPassword, password)) { return R.fail("新密码不能与旧密码相同"); } - if (userService.resetUserPwd(user.getUserName(), SecurityUtils.encryptPassword(newPassword)) > 0) { + if (userService.resetUserPwd(user.getUserName(), BCrypt.hashpw(newPassword)) > 0) { return R.ok(); } return R.fail("修改密码异常,请联系管理员"); diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java index 0912ec8f..4919af1c 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java @@ -10,7 +10,6 @@ import com.ruoyi.common.log.enums.BusinessType; import com.ruoyi.common.mybatis.core.page.PageQuery; import com.ruoyi.common.mybatis.core.page.TableDataInfo; import com.ruoyi.common.satoken.utils.LoginHelper; -import com.ruoyi.common.security.utils.SecurityUtils; import com.ruoyi.system.api.domain.SysRole; import com.ruoyi.system.api.domain.SysUser; import com.ruoyi.system.api.model.LoginUser; @@ -108,7 +107,7 @@ public class SysRoleController extends BaseController { // 更新缓存用户权限 LoginUser loginUser = LoginHelper.getLoginUser(); Long userId = loginUser.getUserId(); - if (!SecurityUtils.isAdmin(userId)) { + if (!LoginHelper.isAdmin(userId)) { loginUser.setMenuPermission(permissionService.getMenuPermission(userId)); LoginHelper.setLoginUser(loginUser); } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java index 1bc473e1..5ab1d2b5 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java @@ -1,6 +1,7 @@ package com.ruoyi.system.controller; import cn.dev33.satoken.annotation.SaCheckPermission; +import cn.dev33.satoken.secure.BCrypt; import cn.hutool.core.bean.BeanUtil; import cn.hutool.core.util.ObjectUtil; import com.ruoyi.common.core.constant.UserConstants; @@ -14,7 +15,6 @@ import com.ruoyi.common.log.enums.BusinessType; import com.ruoyi.common.mybatis.core.page.PageQuery; import com.ruoyi.common.mybatis.core.page.TableDataInfo; import com.ruoyi.common.satoken.utils.LoginHelper; -import com.ruoyi.common.security.utils.SecurityUtils; import com.ruoyi.system.api.domain.SysDept; import com.ruoyi.system.api.domain.SysRole; import com.ruoyi.system.api.domain.SysUser; @@ -161,7 +161,7 @@ public class SysUserController extends BaseController { && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user))) { return R.fail("新增用户'" + user.getUserName() + "'失败,邮箱账号已存在"); } - user.setPassword(SecurityUtils.encryptPassword(user.getPassword())); + user.setPassword(BCrypt.hashpw(user.getPassword())); return toAjax(userService.insertUser(user)); } @@ -209,7 +209,7 @@ public class SysUserController extends BaseController { public R resetPwd(@RequestBody SysUser user) { userService.checkUserAllowed(user); userService.checkUserDataScope(user.getUserId()); - user.setPassword(SecurityUtils.encryptPassword(user.getPassword())); + user.setPassword(BCrypt.hashpw(user.getPassword())); return toAjax(userService.resetPwd(user)); } diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java index 81fe5c6b..ea4e0f7c 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java @@ -1,5 +1,6 @@ package com.ruoyi.system.listener; +import cn.dev33.satoken.secure.BCrypt; import cn.hutool.core.bean.BeanUtil; import cn.hutool.core.util.ObjectUtil; import com.alibaba.excel.context.AnalysisContext; @@ -10,7 +11,6 @@ import com.ruoyi.common.core.utils.ValidatorUtils; import com.ruoyi.common.excel.core.ExcelListener; import com.ruoyi.common.excel.core.ExcelResult; import com.ruoyi.common.satoken.utils.LoginHelper; -import com.ruoyi.common.security.utils.SecurityUtils; import com.ruoyi.system.api.domain.SysUser; import com.ruoyi.system.domain.vo.SysUserImportVo; import com.ruoyi.system.service.ISysConfigService; @@ -43,7 +43,7 @@ public class SysUserImportListener extends AnalysisEventListener selectMenuTreeByUserId(Long userId) { List menus = null; - if (SecurityUtils.isAdmin(userId)) { + if (LoginHelper.isAdmin(userId)) { menus = baseMapper.selectMenuTreeAll(); } else { menus = baseMapper.selectMenuTreeByUserId(userId);