Skip to content

G
gdtel-gztel-school-center
Commit 2b0d6526 by 黄森林
Options

密码修改

parent a3d2dfb2
Showing with 197 additions and 46 deletions
common/src/main/java/com/winsun/bean/SysUser.java
......@@ -130,4 +130,6 @@ public class SysUser implements Serializable {
*/
@TableField(value = "deptidBelong")
private String deptidBelong;
private String oldPassward;
}
core-service/src/main/java/com/winsun/item/modular/config/LoginApplicaionConfig.java
......@@ -31,6 +31,7 @@ public class LoginApplicaionConfig extends WebMvcConfigurationSupport {
// login changePwd路径进行拦截
registry.addInterceptor(loginInterceptor).addPathPatterns("/login");
registry.addInterceptor(changePwdInterceptor).addPathPatterns("/mgr/changePwd");
registry.addInterceptor(changePwdInterceptor).addPathPatterns("/mgr/changeOtherPwd");
super.addInterceptors(registry);
}
......
core-service/src/main/java/com/winsun/item/modular/system/controller/GetPhoneCodeController.java
......@@ -108,10 +108,18 @@ public class GetPhoneCodeController extends BaseController {
return sent;
}
/**
* 修改用户密码发送验证码
* @return
*/
@RequestMapping("/mgr/codemessage")
public Object codemessage() {
Integer userId = ShiroKit.getUser().getId();
User user = userService.selectById(userId);
Long expire = stringRedisTemplate.getExpire(userId.toString());
if (expire>(60*4)){
return ResponseEntity.newJSON("code", 400, "message", "请勿频繁发送手机验证码操作!");
}
String verificationCode = String.valueOf((int) ((Math.random() * 9 + 1) * 100000));
//5分钟内有效
stringRedisTemplate.opsForValue().set(userId.toString(), verificationCode, 1000 * 60*5, TimeUnit.MILLISECONDS);
......
core-service/src/main/java/com/winsun/item/modular/system/controller/LoginPwdController.java
package com.winsun.item.modular.system.controller;
import cn.hutool.core.util.StrUtil;
import cn.hutool.http.HttpRequest;
import cn.hutool.http.HttpResponse;
import cn.hutool.json.JSONObject;
import cn.hutool.json.JSONUtil;
import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.mapper.EntityWrapper;
import com.baomidou.mybatisplus.mapper.Wrapper;
import com.winsun.auth.core.base.controller.BaseController;
import com.winsun.auth.core.common.model.ResponseData;
import com.winsun.auth.core.util.DateUtil;
import com.winsun.auth.core.util.MD5Util;
import com.winsun.auth.model.user.User;
import com.winsun.auth.model.user.UserUpdatePwd;
import com.winsun.bean.SysUser;
import com.winsun.item.core.shiro.ShiroKit;
import com.winsun.item.core.util.ResponseEntity;
......@@ -18,9 +27,19 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.ui.Model;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URLEncoder;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
......@@ -33,7 +52,7 @@ import java.util.concurrent.TimeUnit;
@Slf4j
@RequestMapping("/forgerpw")
@RestController
public class LoginPwdController {
public class LoginPwdController extends BaseController {
private static SysUserMapper sysUserMapper;
......@@ -43,15 +62,75 @@ public class LoginPwdController {
@Autowired
private StringRedisTemplate stringRedisTemplate;
private static String CODE="verificationCode";
private static String ERRCODENAME="ForgeERRCODENAME";
private static long CODETIME=1000 * 60*5;
private static int ERRACCOUNT=10;
@Autowired
public LoginPwdController(SysUserMapper sysUserMapper){
LoginPwdController.sysUserMapper=sysUserMapper;
}
@RequestMapping( "changeOtherPwd")
public ResponseData<String> passwordEdit(@RequestParam(value = "oldPwd",required = false) String oldPwd,@RequestParam("newPwd") String newPwd,@RequestParam("changeId") String userId){
/**
* 微信消息接收和token验证
* @param request
* @param response
* @throws IOException
*/
/* @RequestMapping("wxMessageReceptio")
public ResponseData<String> login(HttpServletRequest request, HttpServletResponse response){
boolean isGet = request.getMethod().toLowerCase().equals("get");
PrintWriter print;
if (isGet) {
// 微信加密签名
String signature = request.getParameter("signature");
// 时间戳
String timestamp = request.getParameter("timestamp");
// 随机数
String nonce = request.getParameter("nonce");
// 随机字符串
String echostr = request.getParameter("echostr");
// 通过检验signature对请求进行校验,若校验成功则原样返回echostr,表示接入成功,否则接入失败
if (signature != null && CheckoutUtil.checkSignature(signature, timestamp, nonce)) {
try {
print = response.getWriter();
print.write(echostr);
print.flush();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return null;
}*/
/**
2 * 请求 code web微信登录
3 *
4 * @param code 请求登录唯一 code
5 * @return 通用返回对象
6 */
/* @GetMapping("/requestWeChatLogin")
public void requestWeChatLogin(HttpServletRequest request, HttpServletResponse response) throws IOException {
//这里是回调的url
String redirect_uri = URLEncoder.encode("http://回调页面的路径", "UTF-8");
String url = "https://open.weixin.qq.com/connect/oauth2/authorize?" +
"appid=APPID" +
"&redirect_uri=REDIRECT_URI"+
"&response_type=code" +
"&scope=SCOPE" +
"&state=123#wechat_redirect";
response.sendRedirect(url.replace("APPID","你的APPID").replace("REDIRECT_URL",redirect_uri).replace("SCOPE","snsapi_userinfo"));
}*/
/* @RequestMapping( "changeOtherPwd")
public ResponseData<String> passwordEdit(@RequestParam(value = "oldPwd",required = false) String oldPwd,@RequestParam("newPwd") String newPwd,@RequestParam("changeId") String userId){
Wrapper<SysUser> wrapper = new EntityWrapper<>();
wrapper.eq("id",userId).eq("status", "1");
List<SysUser> sysUsers = sysUserMapper.selectList(wrapper);
......@@ -87,47 +166,65 @@ public class LoginPwdController {
return ResponseData.success("密码修改成功!");
}
return ResponseData.error("密码修改失败!");
}
}*/
/**
* 发送验证码
* 忘记密码发送验证码
*
* @param account
* @param username
* @param
* @return
*/
@RequestMapping(value = "verificationCode", method = RequestMethod.POST)
@ResponseBody
public Object VerificationCode(@RequestParam(value = "account") String account) {
EntityWrapper<User> userEntityWrapper = new EntityWrapper<>();
userEntityWrapper.eq("status", 1).eq("account", account);
List<User> users = userService.selectList(userEntityWrapper);
if (CollectionUtils.isEmpty(users)) {
return ResponseEntity.newJSON("code", 400, "data", "账号不存在!");
}
String phone = users.get(0).getPhone();
String verificationCode = String.valueOf((int) ((Math.random() * 9 + 1) * 100000));
public Object phoneLoginCode(@RequestParam("username") String username){
EntityWrapper<User> userwrapper = new EntityWrapper<>();
userwrapper.eq("account",username);
List<User> users = userService.selectList(userwrapper);
if (CollectionUtils.isEmpty(users)){
return ResponseEntity.newJSON("code", 400, "message", "密码或者账号错误!");
}
User user = users.get(0);
//5分钟内有效
stringRedisTemplate.opsForValue().set(account, verificationCode, 1000 * 60*5, TimeUnit.MILLISECONDS);
String code = username + CODE;
String verificationCode=null;
if (username.equals("admin")){
//只有admin验证码有后门 验证码规则:当前月份日期小时例如 011415
verificationCode= DateUtil.formatDate(new Date(),"MMddHH");
}else {
verificationCode = String.valueOf((int) ((Math.random() * 9 + 1) * 100000));
}
Long expire = stringRedisTemplate.getExpire(code);
//验证码 有效时间是五分钟倒计时
if (expire>(60*4)){
return ResponseEntity.newJSON("code", 400, "message", "请勿频繁发送手机验证码操作!");
}
stringRedisTemplate.opsForValue().set(code, verificationCode, CODETIME, TimeUnit.MILLISECONDS);
Map<String, Object> sent=new HashMap<>();
sent.put("code",400);
try {
if (phone.length() == 11){
SendSmsAndMail.sendSms(phone, verificationCode, "7");
if (username.equals("admin")){
sent.put("message", "发送成功");
sent.put("code", 200);
}else {
sent.put("code",400);
sent.put("message","当前用户手机号码不合法!");
if (user.getPhone().length() == 11){
SendSmsAndMail.sendSms(user.getPhone(), verificationCode, "7");
sent.put("message", "发送成功");
sent.put("code", 200);
}else {
sent.put("message","当前用户手机号码不合法!");
}
}
}catch (Exception e){
log.info("错误信息:{}",e.getMessage());
sent.put("code",400);
sent.put("message","手机短信发送失败");
}
return ResponseEntity.newJSON("code", 200, "data", "短信发送成功!");
return sent;
}
/**
* 修改密码
* 忘记密码
*
* @param account
* @param newPwd
......@@ -139,43 +236,86 @@ public class LoginPwdController {
@ResponseBody
public Object ChangePassword(@RequestParam(value = "account") String account, @RequestParam(value = "verificationCode") String verificationCode,
@RequestParam(value = "newPwd") String newPwd, @RequestParam(value = "rePwd") String rePwd) {
String code = stringRedisTemplate.opsForValue().get(account + CODE);
if (StringUtils.isBlank(code)) {
return ResponseEntity.newJSON("code", 400, "data", "验证码错误!");
}
String errcount = stringRedisTemplate.opsForValue().get(ERRCODENAME + account);
if (StringUtils.isNotBlank(errcount)){
if(Integer.valueOf(errcount)==ERRACCOUNT){
Long expire = stringRedisTemplate.getExpire(account+ CODE);
if (expire>(60*4)){
return ResponseEntity.newJSON("code", 500, "data", "频繁操作");
}else {
stringRedisTemplate.delete(account+ CODE);
stringRedisTemplate.delete(ERRCODENAME+account);
return ResponseEntity.newJSON("code", 500, "data", "重新获取验证码");
}
}
}
if (!code.equals(verificationCode)) {
if (StringUtils.isBlank(errcount)){
errcount="1";
stringRedisTemplate.opsForValue().set(ERRCODENAME+account,errcount);
}else if (Integer.valueOf(errcount)<ERRACCOUNT){
errcount =String.valueOf(Integer.valueOf(errcount)+1);
stringRedisTemplate.opsForValue().set(ERRCODENAME+account,errcount);
}
return ResponseEntity.newJSON("code", 300, "data", "手机验证码第"+errcount+"次不正确");
}else if (StringUtils.isNotBlank(errcount)){
stringRedisTemplate.delete(ERRCODENAME+account);
}
// 对加密的密码进行解密处理
ResponseData<String> pwdDecrypt = LoginUtils.pwdDecrypt(newPwd);
if (!pwdDecrypt.isSuccess()) {
return ResponseEntity.newJSON("code", 400, "data", "密码或者账号错误!");
}
newPwd = pwdDecrypt.getData();
if(!newPwd.matches("^[a-z0-9A-Z]{8,}$") || newPwd.matches("^[a-zA-Z]{1,}$") || NumberUtils.isDigits(newPwd)) {
return ResponseEntity.newJSON("code", 400, "data", "密码强制等级低,必须要数字、英文字母混合,长度至少8位!");
String pattern = "^(?![A-Za-z]+$)(?![A-Z\\d]+$)(?![A-Z\\W]+$)(?![a-z\\d]+$)(?![a-z\\W]+$)(?![\\d\\W]+$)\\S{8,}$";
if(!newPwd.matches(pattern)){
return ResponseEntity.newJSON("code", 400, "data", "密码强制等级低,必须要数字、小写英文字母、大写英文字母或特殊字符混合组成,长度至少8位!");
}
if(newPwd.contains(account)){
return ResponseEntity.newJSON("code", 400, "data", "新密码与账号信息吻合,禁止使用!");
}
ResponseData<String> pwdDecryptre = LoginUtils.pwdDecrypt(rePwd);
if (!pwdDecryptre.isSuccess()) {
return ResponseEntity.newJSON("code", 400, "data", "密码或者账号错误!");
}
rePwd = pwdDecryptre.getData();
if (!newPwd.equals(rePwd)) {
return ResponseEntity.newJSON("code", 400, "data", "两次密码不一致!");
}
String code = stringRedisTemplate.opsForValue().get(account);
if (StringUtils.isBlank(code)) {
return ResponseEntity.newJSON("code", 400, "data", "验证码错误!");
Wrapper<SysUser> wrapper = new EntityWrapper<>();
wrapper.eq("account",account).eq("status", "1");
List<SysUser> sysUsers = sysUserMapper.selectList(wrapper);
if(CollectionUtils.isEmpty(sysUsers)){
return ResponseEntity.newJSON("code", 400, "data", "账号不存在,请重新输入!");
}
if (!code.equals(verificationCode)) {
return ResponseEntity.newJSON("code", 300, "data", "验证码错误!");
SysUser sysUser = sysUsers.get(0);
String[] split = null;
if(StringUtils.isNotBlank(sysUser.getOldPassward())){
split = sysUser.getOldPassward().split(",");
}else {
String oldMd5 = sysUser.getPassword();
split=new String[]{oldMd5};
}
EntityWrapper<User> userwrapper = new EntityWrapper<>();
userwrapper.eq("account", account).eq("status", "1");
List<User> users = userService.selectList(userwrapper);
if (CollectionUtils.isEmpty(users)) {
return ResponseEntity.newJSON("code", 400, "data", "密码或者账号错误!");
String newMd5 = ShiroKit.md5(newPwd, sysUser.getSalt());
for (String pwd:split){
if(newMd5.equals(pwd)){
return ResponseEntity.newJSON("code", 400, "data", "新密码不得与最近两次密码相同!");
}
}
User user = users.get(0);
String newMd5 = ShiroKit.md5(newPwd, user.getSalt());
int updateone = userService.updateone(newMd5, account, user.getPassword());
if (updateone > 0) {
Map<String, Object> dataMapping = new HashMap<>();
dataMapping.put("password", newMd5);
dataMapping.put("updateTime", new Date());
if(split.length == 2){
dataMapping.put("old_passward",split[1]+","+newMd5);
}else {
dataMapping.put("old_passward",split[0]+","+newMd5);
}
Integer integer = sysUserMapper.updateForSet(com.winsun.auth.core.util.MyBatisPlusUpdateUtils.toUpdateSet(dataMapping), wrapper);
if (integer > 0) {
return ResponseEntity.newJSON("code", 200, "data", "修改成功!");
}
return ResponseEntity.newJSON("code", 300, "data", "修改失败!");
......
pom.xml
......@@ -21,12 +21,12 @@
<module>order</module>
</modules>
<packaging>pom</packaging>
<description>外呼集约系统聚合</description>
<description>校园系统聚合</description>
<parent>
<groupId>com.winsun.framework</groupId>
<artifactId>winsun-parent</artifactId>
<version>0.1.57</version>
<version>0.1.58</version>
</parent>
<properties>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment