diff --git a/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserPasswordService.java b/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserPasswordService.java index ac4a493..2c77db1 100644 --- a/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserPasswordService.java +++ b/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserPasswordService.java @@ -28,4 +28,5 @@ public interface ISysUserPasswordService extends ICrudService { @ApiOperation(value = "重置用户密码") void updatePassword(Long userId,String password); + void updatePasswordWizoutSession(String loginName,String password,String newPwd); } diff --git a/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserService.java b/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserService.java index df2219e..e6d1196 100644 --- a/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserService.java +++ b/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserService.java @@ -3,7 +3,11 @@ package cn.estsh.i3plus.core.api.iservice.busi; import cn.estsh.i3plus.pojo.base.bean.ListPager; import cn.estsh.i3plus.pojo.base.common.Pager; import cn.estsh.i3plus.pojo.base.shirotoken.BaseToken; -import cn.estsh.i3plus.pojo.platform.bean.*; +import cn.estsh.i3plus.pojo.platform.bean.SessionUser; +import cn.estsh.i3plus.pojo.platform.bean.SysLogUserLogin; +import cn.estsh.i3plus.pojo.platform.bean.SysRefUserRole; +import cn.estsh.i3plus.pojo.platform.bean.SysUser; +import cn.estsh.i3plus.pojo.platform.bean.SysUserInfo; import io.swagger.annotations.ApiOperation; import org.apache.shiro.authc.AuthenticationException; @@ -300,4 +304,14 @@ public interface ISysUserService { */ @ApiOperation(value = "根据id查询用户信息") List findSysUserByIds(Long[] ids); + + + /** + * 根据用户名查询密码是否正确 + * + * @param loginName 用户名 + * @param password 密码 + */ + @ApiOperation(value = "根据用户名查询密码是否正确") + SysUser validatePasswordByLoginNameAndReturnUser(String loginName, String password); } diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/SystemController.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/SystemController.java index 6de22d1..159748c 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/SystemController.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/SystemController.java @@ -1,12 +1,10 @@ package cn.estsh.i3plus.core.apiservice.controller.base; -import cn.estsh.i3plus.core.api.iservice.busi.ISysDictionaryService; -import cn.estsh.i3plus.icloud.wms.sdk.IWmsCommonCloud; +import cn.estsh.i3plus.core.api.iservice.busi.ISysUserPasswordService; import cn.estsh.i3plus.platform.common.util.CommonConstWords; import cn.estsh.i3plus.platform.common.util.PlatformConstWords; import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil; import cn.estsh.i3plus.pojo.base.enumutil.ResourceEnumUtil; -import cn.estsh.impp.framework.boot.configuration.SystemConfig; import cn.estsh.impp.framework.boot.exception.ImppBusiException; import cn.estsh.impp.framework.boot.exception.ImppExceptionBuilder; import cn.estsh.impp.framework.boot.util.ImppRedis; @@ -28,7 +26,11 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import javax.annotation.Resource; -import java.util.*; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; +import java.util.Set; +import java.util.TreeMap; /** * @Description : @@ -47,17 +49,11 @@ public class SystemController { @Autowired private Environment environment; - @Autowired - private IWmsCommonCloud wmsCommonCloud; - @Resource(name = CommonConstWords.IMPP_REDIS_CORE) protected ImppRedis redisCore; @Autowired - private ISysDictionaryService sysDictionaryService; - - @Autowired - private SystemConfig systemConfig; + private ISysUserPasswordService userPasswordService; @GetMapping("/get-properties") @ApiOperation(value = "获取系统配置信息", notes = "获取系统配置信息") @@ -139,4 +135,5 @@ public class SystemController { return ImppExceptionBuilder.newInstance().buildExceptionResult(e); } } + } diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java index e50d76e..2e08c19 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java @@ -2,7 +2,6 @@ package cn.estsh.i3plus.core.apiservice.controller.base; import cn.estsh.i3plus.core.api.iservice.base.ISynchronizedService; import cn.estsh.i3plus.core.api.iservice.base.ISystemInitService; -import cn.estsh.i3plus.core.api.iservice.base.ISystemLoginService; import cn.estsh.i3plus.core.api.iservice.base.ISystemLoginStrategyService; import cn.estsh.i3plus.core.api.iservice.busi.*; import cn.estsh.i3plus.core.apiservice.controller.busi.PersonnelController; @@ -133,7 +132,7 @@ public class WhiteController extends CoreBaseController { private ISysConfigService configService; @Autowired - private ISystemLoginService loginService; + private ISysUserPasswordService userPasswordService; @Autowired private SysUserPasswordUtil userPasswordUtil; @@ -720,6 +719,24 @@ public class WhiteController extends CoreBaseController { } } + @PutMapping(value = "/update-expired-password") + @ApiOperation(value = "修改密码", notes = "松下修改当前登录用户密码") + public ResultBean updateSysUserPassword(String loginName, String password, String newPwd) { + try { + // 数据校验 + ValidatorBean.checkNotNull(password, "旧密码不能为空"); + ValidatorBean.checkNotNull(newPwd, "新密码不能为空"); + ValidatorBean.checkNotNull(loginName, "用户名不能为空"); + + userPasswordService.updatePasswordWizoutSession(loginName, password, newPwd.trim()); + return ResultBean.success("修改密码成功,请重新登陆").setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()); + } catch (ImppBusiException busExcep) { + return ResultBean.fail(busExcep); + } catch (Exception e) { + return ImppExceptionBuilder.newInstance().buildExceptionResult(e); + } + } + @PostMapping(value = "/license") @ApiOperation(value = "更新授权", notes = "更新授权") public ResultBean updateLicense(String content) { diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysUserController.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysUserController.java index 49ea348..aace7cf 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysUserController.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysUserController.java @@ -285,24 +285,6 @@ public class SysUserController extends CoreBaseController{ } } - @PutMapping(value = "/update-expired-password") - @ApiOperation(value = "修改密码", notes = "修改当前登录用户密码") - public ResultBean updateSysUserPassword(String loginName,String password,String newPwd) { - try { - // 数据校验 - ValidatorBean.checkNotNull(password, "旧密码不能为空"); - ValidatorBean.checkNotNull(newPwd, "新密码不能为空"); - ValidatorBean.checkNotNull(loginName, "用户名不能为空"); - - userPasswordService.updatePassword(loginName,password,newPwd.trim()); - return ResultBean.success("操作成功").setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()); - } catch(ImppBusiException busExcep){ - return ResultBean.fail(busExcep); - }catch(Exception e){ - return ImppExceptionBuilder.newInstance().buildExceptionResult(e); - } - } - /** * 查询所有用户 * @return 查询所有用户 diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/login/strategy/DefaultLoginStrategy.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/login/strategy/DefaultLoginStrategy.java index 66f1c5d..9c0f7f2 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/login/strategy/DefaultLoginStrategy.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/login/strategy/DefaultLoginStrategy.java @@ -72,6 +72,7 @@ public class DefaultLoginStrategy implements ISystemLoginStrategyService { } // 已经对用户名和密码做过验证了 // 获取系统参数【密码过期时间】 进行密码有效时间判断 + userService.validatePasswordByLoginNameAndReturnUser(loginModel.getLoginName(),loginModel.getLoginPwd()); validatePasswordIsExpired(loginModel.getLoginName()); SessionUser user = userService.loginUser( @@ -110,7 +111,7 @@ public class DefaultLoginStrategy implements ISystemLoginStrategyService { } catch (ParseException e) { throw new ImppBusiException("验证用户密码登录时间,时间解析错误"); } - long dayGap = System.currentTimeMillis() - lastModifyDate.getTime() / (60 * 60 * 1000 * 24); + long dayGap = (System.currentTimeMillis() - lastModifyDate.getTime()) / (60 * 60 * 1000 * 24); if ((int) dayGap >= Integer.parseInt(passwordExpireDays.getConfigValue())) { throw new ExpiredCredentialsException("用户密码过期 请重新设置新密码"); } diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserSavePasswordService.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserSavePasswordService.java index 8256ce3..f0800f5 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserSavePasswordService.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserSavePasswordService.java @@ -48,11 +48,11 @@ public class SysUserSavePasswordService extends CrudService imp @Override public void updatePassword(Long userId, String password, String newPwd) { SysUser user = userService.getSysUserById(userId); - ValidatorBean.checkNotNull(user,"不存在的用户信息"); + ValidatorBean.checkNotNull(user, "不存在的用户信息"); SysUserPassword userPassword = userPasswordRDao.getById(user.getUserLoginPasswordId()); - ValidatorBean.checkNotNull(userPassword,"不存在的用户密码信息"); - if(StringUtils.equals(userPassword.getUserPassword(),password)){ + ValidatorBean.checkNotNull(userPassword, "不存在的用户密码信息"); + if (StringUtils.equals(userPassword.getUserPassword(), password)) { throw ImppExceptionBuilder.newInstance() .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode()) .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode()) @@ -66,10 +66,10 @@ public class SysUserSavePasswordService extends CrudService imp @Override public void updatePassword(String loginName, String password, String newPwd) { - SysUser user= userService.getSysUserByLoginName(loginName); + SysUser user = userService.getSysUserByLoginName(loginName); SysUserPassword userPassword = userPasswordRDao.getById(user.getUserLoginPasswordId()); - ValidatorBean.checkNotNull(userPassword,"不存在的用户密码信息"); - if(StringUtils.equals(userPassword.getUserPassword(),password)){ + ValidatorBean.checkNotNull(userPassword, "不存在的用户密码信息"); + if (StringUtils.equals(userPassword.getUserPassword(), password)) { throw ImppExceptionBuilder.newInstance() .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode()) .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode()) @@ -84,26 +84,51 @@ public class SysUserSavePasswordService extends CrudService imp @Override public void updatePassword(Long userId, String password) { SysUser user = userService.getSysUserById(userId); - ValidatorBean.checkNotNull(user,"不存在的用户信息"); + ValidatorBean.checkNotNull(user, "不存在的用户信息"); user.setUserLoginPassword(password); userPasswordUtil.checkPasswordSave(user); userPasswordRDao.updateByProperties( - new String[]{"userId","isDeleted"}, - new Object[]{user.getId(),CommonEnumUtil.IS_DEAL.NO.getValue()}, - new String[]{"isDeleted","modifyDatetime","modifyUser"}, + new String[]{"userId", "isDeleted"}, + new Object[]{user.getId(), CommonEnumUtil.IS_DEAL.NO.getValue()}, + new String[]{"isDeleted", "modifyDatetime", "modifyUser"}, new Object[]{ CommonEnumUtil.IS_DEAL.YES.getValue(), TimeTool.getNowTime(true), AuthUtil.getSessionUser().getUserName()}); SysUserPassword pwd = new SysUserPassword(); pwd.setUserId(userId); pwd.setUserPassword(SysUserPasswordUtil.encoder(password)); - ConvertBean.serviceModelInitialize(pwd,AuthUtil.getSessionUser()); + ConvertBean.serviceModelInitialize(pwd, AuthUtil.getSessionUser()); SysUserPassword save = userPasswordRDao.save(pwd); user.setUserLoginPasswordId(save.getId()); user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true)); - ConvertBean.serviceModelUpdate(user,AuthUtil.getSessionUser().getUserName()); + ConvertBean.serviceModelUpdate(user, AuthUtil.getSessionUser().getUserName()); + userService.updateSysUser(user); + } + + @Override + public void updatePasswordWizoutSession(String loginName, String password, String newPwd) { + SysUser user = userService.validatePasswordByLoginNameAndReturnUser(loginName, password); + user.setUserLoginPassword(password); + userPasswordUtil.checkPasswordSave(user); + + userPasswordRDao.updateByProperties( + new String[]{"userId", "isDeleted"}, + new Object[]{user.getId(), CommonEnumUtil.IS_DEAL.NO.getValue()}, + new String[]{"isDeleted", "modifyDatetime", "modifyUser"}, + new Object[]{ + CommonEnumUtil.IS_DEAL.YES.getValue(), TimeTool.getNowTime(true), loginName}); + + SysUserPassword pwd = new SysUserPassword(); + pwd.setUserId(user.getId()); + pwd.setUserPassword(SysUserPasswordUtil.encoder(newPwd)); + ConvertBean.serviceModelInitialize(pwd, loginName); + SysUserPassword save = userPasswordRDao.save(pwd); + + user.setUserLoginPasswordId(save.getId()); + user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true)); + ConvertBean.serviceModelUpdate(user, loginName); userService.updateSysUser(user); } } diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserService.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserService.java index ac437fc..75f1e0e 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserService.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserService.java @@ -37,6 +37,7 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang3.StringUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.CredentialsException; +import org.apache.shiro.authc.IncorrectCredentialsException; import org.apache.shiro.authc.UnknownAccountException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -724,6 +725,17 @@ public class SysUserService implements ISysUserService { return userRDao.findByHqlWhere(ddlPackBean); } + @Override + public SysUser validatePasswordByLoginNameAndReturnUser(String loginName, String password) { + SysUser userDb = getSysUserByLoginName(loginName); + ValidatorBean.checkNotNull(userDb, "不存在的用户信息"); + SysUserPassword userPassword = userPasswordService.get(userDb.getUserLoginPasswordId()); + if (!userPassword.getUserPassword().equals(SysUserPasswordUtil.encoder(password))) { + throw new IncorrectCredentialsException("用户密码错误"); + } + return userDb; + } + /** * 账号数据排序 * 创建时间 角色升序