admin/lx-admin-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

!424 fix 个人信息修改密码接口,隐藏新旧密码参数明文

Browse Source 
Merge pull request !424 from Bleachtred/5.X
This commit is contained in:
疯狂的狮子Li 2023-09-26 08:06:06 +00:00 committed by Gitee
commit 2c64c66ed1
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 35 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysProfileController.java
View File

@ -11,6 +11,7 @@ import org.dromara.common.log.enums.BusinessType;
import org.dromara.common.satoken.utils.LoginHelper; import org.dromara.common.satoken.utils.LoginHelper;
import org.dromara.common.web.core.BaseController; import org.dromara.common.web.core.BaseController;
import org.dromara.system.domain.bo.SysUserBo; import org.dromara.system.domain.bo.SysUserBo;
import org.dromara.system.domain.bo.SysUserPasswordBo;
import org.dromara.system.domain.bo.SysUserProfileBo; import org.dromara.system.domain.bo.SysUserProfileBo;
import org.dromara.system.domain.vo.AvatarVo; import org.dromara.system.domain.vo.AvatarVo;
import org.dromara.system.domain.vo.ProfileVo; import org.dromara.system.domain.vo.ProfileVo;
@ -76,22 +77,21 @@ public class SysProfileController extends BaseController {
/** /**
* 重置密码 * 重置密码
* *
* @param newPassword 旧密码 * @param bo 新旧密码
* @param oldPassword 新密码
*/ */
@Log(title = "个人信息", businessType = BusinessType.UPDATE) @Log(title = "个人信息", businessType = BusinessType.UPDATE)
@PutMapping("/updatePwd") @PutMapping("/updatePwd")
public R<Void> updatePwd(String oldPassword, String newPassword) { public R<Void> updatePwd(@Validated @RequestBody SysUserPasswordBo bo) {
SysUserVo user = userService.selectUserById(LoginHelper.getUserId()); SysUserVo user = userService.selectUserById(LoginHelper.getUserId());
String password = user.getPassword(); String password = user.getPassword();
if (!BCrypt.checkpw(oldPassword, password)) { if (!BCrypt.checkpw(bo.getOldPassword(), password)) {
return R.fail("修改密码失败,旧密码错误"); return R.fail("修改密码失败,旧密码错误");
} }
if (BCrypt.checkpw(newPassword, password)) { if (BCrypt.checkpw(bo.getNewPassword(), password)) {
return R.fail("新密码不能与旧密码相同"); return R.fail("新密码不能与旧密码相同");
} }
if (userService.resetUserPwd(user.getUserId(), BCrypt.hashpw(newPassword)) > 0) { if (userService.resetUserPwd(user.getUserId(), BCrypt.hashpw(bo.getNewPassword())) > 0) {
return R.ok(); return R.ok();
} }
return R.fail("修改密码异常,请联系管理员"); return R.fail("修改密码异常,请联系管理员");

29
ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysUserPasswordBo.java Normal file
View File

@ -0,0 +1,29 @@
package org.dromara.system.domain.bo;
import jakarta.validation.constraints.NotBlank;
import lombok.Data;
import java.io.Serial;
import java.io.Serializable;
/**
* 用户密码修改bo
*/
@Data
public class SysUserPasswordBo implements Serializable {
@Serial
private static final long serialVersionUID = 1L;
/**
* 旧密码
*/
@NotBlank(message = "旧密码不能为空")
private String oldPassword;
/**
* 新密码
*/
@NotBlank(message = "新密码不能为空")
private String newPassword;
}