refactor(core): 支持用户密码过期

Finish 21.4.8

modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserPasswordService.java

@@ -28,4 +28,5 @@ public interface ISysUserPasswordService extends ICrudService<SysUserPassword> {
     @ApiOperation(value = "重置用户密码")
     void updatePassword(Long userId,String password);
 
+    void updatePasswordWizoutSession(String loginName,String password,String newPwd);
 }

modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserService.java

@@ -3,7 +3,11 @@ package cn.estsh.i3plus.core.api.iservice.busi;
 import cn.estsh.i3plus.pojo.base.bean.ListPager;
 import cn.estsh.i3plus.pojo.base.common.Pager;
 import cn.estsh.i3plus.pojo.base.shirotoken.BaseToken;
-import cn.estsh.i3plus.pojo.platform.bean.*;
+import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
+import cn.estsh.i3plus.pojo.platform.bean.SysLogUserLogin;
+import cn.estsh.i3plus.pojo.platform.bean.SysRefUserRole;
+import cn.estsh.i3plus.pojo.platform.bean.SysUser;
+import cn.estsh.i3plus.pojo.platform.bean.SysUserInfo;
 import io.swagger.annotations.ApiOperation;
 import org.apache.shiro.authc.AuthenticationException;
 
@@ -300,4 +304,14 @@ public interface ISysUserService {
      */
     @ApiOperation(value = "根据id查询用户信息")
     List<SysUser> findSysUserByIds(Long[] ids);
+
+
+    /**
+     * 根据用户名查询密码是否正确
+     *
+     * @param loginName 用户名
+     * @param password  密码
+     */
+    @ApiOperation(value = "根据用户名查询密码是否正确")
+    SysUser validatePasswordByLoginNameAndReturnUser(String loginName, String password);
 }

modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/SystemController.java

@@ -1,12 +1,10 @@
 package cn.estsh.i3plus.core.apiservice.controller.base;
 
-import cn.estsh.i3plus.core.api.iservice.busi.ISysDictionaryService;
-import cn.estsh.i3plus.icloud.wms.sdk.IWmsCommonCloud;
+import cn.estsh.i3plus.core.api.iservice.busi.ISysUserPasswordService;
 import cn.estsh.i3plus.platform.common.util.CommonConstWords;
 import cn.estsh.i3plus.platform.common.util.PlatformConstWords;
 import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil;
 import cn.estsh.i3plus.pojo.base.enumutil.ResourceEnumUtil;
-import cn.estsh.impp.framework.boot.configuration.SystemConfig;
 import cn.estsh.impp.framework.boot.exception.ImppBusiException;
 import cn.estsh.impp.framework.boot.exception.ImppExceptionBuilder;
 import cn.estsh.impp.framework.boot.util.ImppRedis;
@@ -28,7 +26,11 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
-import java.util.*;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+import java.util.TreeMap;
 
 /**
  * @Description :
@@ -47,17 +49,11 @@ public class SystemController {
     @Autowired
     private Environment environment;
 
-    @Autowired
-    private IWmsCommonCloud wmsCommonCloud;
-
     @Resource(name = CommonConstWords.IMPP_REDIS_CORE)
     protected ImppRedis redisCore;
 
     @Autowired
-    private ISysDictionaryService sysDictionaryService;
-
-    @Autowired
-    private SystemConfig systemConfig;
+    private ISysUserPasswordService userPasswordService;
 
     @GetMapping("/get-properties")
     @ApiOperation(value = "获取系统配置信息", notes = "获取系统配置信息")
@@ -139,4 +135,5 @@ public class SystemController {
             return ImppExceptionBuilder.newInstance().buildExceptionResult(e);
         }
     }
+
 }

modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java

@@ -2,7 +2,6 @@ package cn.estsh.i3plus.core.apiservice.controller.base;
 
 import cn.estsh.i3plus.core.api.iservice.base.ISynchronizedService;
 import cn.estsh.i3plus.core.api.iservice.base.ISystemInitService;
-import cn.estsh.i3plus.core.api.iservice.base.ISystemLoginService;
 import cn.estsh.i3plus.core.api.iservice.base.ISystemLoginStrategyService;
 import cn.estsh.i3plus.core.api.iservice.busi.*;
 import cn.estsh.i3plus.core.apiservice.controller.busi.PersonnelController;
@@ -133,7 +132,7 @@ public class WhiteController extends CoreBaseController {
     private ISysConfigService configService;
 
     @Autowired
-    private ISystemLoginService loginService;
+    private ISysUserPasswordService userPasswordService;
 
     @Autowired
     private SysUserPasswordUtil userPasswordUtil;
@@ -720,6 +719,24 @@ public class WhiteController extends CoreBaseController {
         }
     }
 
+    @PutMapping(value = "/update-expired-password")
+    @ApiOperation(value = "修改密码", notes = "松下修改当前登录用户密码")
+    public ResultBean updateSysUserPassword(String loginName, String password, String newPwd) {
+        try {
+            // 数据校验
+            ValidatorBean.checkNotNull(password, "旧密码不能为空");
+            ValidatorBean.checkNotNull(newPwd, "新密码不能为空");
+            ValidatorBean.checkNotNull(loginName, "用户名不能为空");
+
+            userPasswordService.updatePasswordWizoutSession(loginName, password, newPwd.trim());
+            return ResultBean.success("修改密码成功，请重新登陆").setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode());
+        } catch (ImppBusiException busExcep) {
+            return ResultBean.fail(busExcep);
+        } catch (Exception e) {
+            return ImppExceptionBuilder.newInstance().buildExceptionResult(e);
+        }
+    }
+
     @PostMapping(value = "/license")
     @ApiOperation(value = "更新授权", notes = "更新授权")
     public ResultBean updateLicense(String content) {

modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysUserController.java

@@ -285,24 +285,6 @@ public class SysUserController extends CoreBaseController{
         }
     }
 
-    @PutMapping(value = "/update-expired-password")
-    @ApiOperation(value = "修改密码", notes = "修改当前登录用户密码")
-    public ResultBean updateSysUserPassword(String loginName,String password,String newPwd) {
-        try {
-            // 数据校验
-            ValidatorBean.checkNotNull(password, "旧密码不能为空");
-            ValidatorBean.checkNotNull(newPwd, "新密码不能为空");
-            ValidatorBean.checkNotNull(loginName, "用户名不能为空");
-
-            userPasswordService.updatePassword(loginName,password,newPwd.trim());
-            return ResultBean.success("操作成功").setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode());
-        } catch(ImppBusiException busExcep){
-            return ResultBean.fail(busExcep);
-        }catch(Exception e){
-            return ImppExceptionBuilder.newInstance().buildExceptionResult(e);
-        }
-    }
-
     /**
      * 查询所有用户
      * @return 查询所有用户

modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/login/strategy/DefaultLoginStrategy.java

@@ -72,6 +72,7 @@ public class DefaultLoginStrategy implements ISystemLoginStrategyService {
             }
             // 已经对用户名和密码做过验证了
             // 获取系统参数【密码过期时间】 进行密码有效时间判断
+            userService.validatePasswordByLoginNameAndReturnUser(loginModel.getLoginName(),loginModel.getLoginPwd());
             validatePasswordIsExpired(loginModel.getLoginName());
 
             SessionUser user = userService.loginUser(
@@ -110,7 +111,7 @@ public class DefaultLoginStrategy implements ISystemLoginStrategyService {
                     } catch (ParseException e) {
                         throw new ImppBusiException("验证用户密码登录时间，时间解析错误");
                     }
-                    long dayGap = System.currentTimeMillis() - lastModifyDate.getTime() / (60 * 60 * 1000 * 24);
+                    long dayGap = (System.currentTimeMillis() - lastModifyDate.getTime()) / (60 * 60 * 1000 * 24);
                     if ((int) dayGap >= Integer.parseInt(passwordExpireDays.getConfigValue())) {
                         throw new ExpiredCredentialsException("用户密码过期 请重新设置新密码");
                     }

modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserSavePasswordService.java

@@ -48,11 +48,11 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
     @Override
     public void updatePassword(Long userId, String password, String newPwd) {
         SysUser user = userService.getSysUserById(userId);
-        ValidatorBean.checkNotNull(user,"不存在的用户信息");
+        ValidatorBean.checkNotNull(user, "不存在的用户信息");
 
         SysUserPassword userPassword = userPasswordRDao.getById(user.getUserLoginPasswordId());
-        ValidatorBean.checkNotNull(userPassword,"不存在的用户密码信息");
-        if(StringUtils.equals(userPassword.getUserPassword(),password)){
+        ValidatorBean.checkNotNull(userPassword, "不存在的用户密码信息");
+        if (StringUtils.equals(userPassword.getUserPassword(), password)) {
             throw ImppExceptionBuilder.newInstance()
                     .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                     .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
@@ -66,10 +66,10 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
 
     @Override
     public void updatePassword(String loginName, String password, String newPwd) {
-        SysUser user= userService.getSysUserByLoginName(loginName);
+        SysUser user = userService.getSysUserByLoginName(loginName);
         SysUserPassword userPassword = userPasswordRDao.getById(user.getUserLoginPasswordId());
-        ValidatorBean.checkNotNull(userPassword,"不存在的用户密码信息");
-        if(StringUtils.equals(userPassword.getUserPassword(),password)){
+        ValidatorBean.checkNotNull(userPassword, "不存在的用户密码信息");
+        if (StringUtils.equals(userPassword.getUserPassword(), password)) {
             throw ImppExceptionBuilder.newInstance()
                     .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                     .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
@@ -84,26 +84,51 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
     @Override
     public void updatePassword(Long userId, String password) {
         SysUser user = userService.getSysUserById(userId);
-        ValidatorBean.checkNotNull(user,"不存在的用户信息");
+        ValidatorBean.checkNotNull(user, "不存在的用户信息");
         user.setUserLoginPassword(password);
         userPasswordUtil.checkPasswordSave(user);
 
         userPasswordRDao.updateByProperties(
-                new String[]{"userId","isDeleted"},
-                new Object[]{user.getId(),CommonEnumUtil.IS_DEAL.NO.getValue()},
-                new String[]{"isDeleted","modifyDatetime","modifyUser"},
+                new String[]{"userId", "isDeleted"},
+                new Object[]{user.getId(), CommonEnumUtil.IS_DEAL.NO.getValue()},
+                new String[]{"isDeleted", "modifyDatetime", "modifyUser"},
                 new Object[]{
                         CommonEnumUtil.IS_DEAL.YES.getValue(), TimeTool.getNowTime(true), AuthUtil.getSessionUser().getUserName()});
 
         SysUserPassword pwd = new SysUserPassword();
         pwd.setUserId(userId);
         pwd.setUserPassword(SysUserPasswordUtil.encoder(password));
-        ConvertBean.serviceModelInitialize(pwd,AuthUtil.getSessionUser());
+        ConvertBean.serviceModelInitialize(pwd, AuthUtil.getSessionUser());
         SysUserPassword save = userPasswordRDao.save(pwd);
 
         user.setUserLoginPasswordId(save.getId());
         user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true));
-        ConvertBean.serviceModelUpdate(user,AuthUtil.getSessionUser().getUserName());
+        ConvertBean.serviceModelUpdate(user, AuthUtil.getSessionUser().getUserName());
+        userService.updateSysUser(user);
+    }
+
+    @Override
+    public void updatePasswordWizoutSession(String loginName, String password, String newPwd) {
+        SysUser user = userService.validatePasswordByLoginNameAndReturnUser(loginName, password);
+        user.setUserLoginPassword(password);
+        userPasswordUtil.checkPasswordSave(user);
+
+        userPasswordRDao.updateByProperties(
+                new String[]{"userId", "isDeleted"},
+                new Object[]{user.getId(), CommonEnumUtil.IS_DEAL.NO.getValue()},
+                new String[]{"isDeleted", "modifyDatetime", "modifyUser"},
+                new Object[]{
+                        CommonEnumUtil.IS_DEAL.YES.getValue(), TimeTool.getNowTime(true), loginName});
+
+        SysUserPassword pwd = new SysUserPassword();
+        pwd.setUserId(user.getId());
+        pwd.setUserPassword(SysUserPasswordUtil.encoder(newPwd));
+        ConvertBean.serviceModelInitialize(pwd, loginName);
+        SysUserPassword save = userPasswordRDao.save(pwd);
+
+        user.setUserLoginPasswordId(save.getId());
+        user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true));
+        ConvertBean.serviceModelUpdate(user, loginName);
         userService.updateSysUser(user);
     }
 }

modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserService.java

@@ -37,6 +37,7 @@ import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.CredentialsException;
+import org.apache.shiro.authc.IncorrectCredentialsException;
 import org.apache.shiro.authc.UnknownAccountException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -724,6 +725,17 @@ public class SysUserService implements ISysUserService {
         return userRDao.findByHqlWhere(ddlPackBean);
     }
 
+    @Override
+    public SysUser validatePasswordByLoginNameAndReturnUser(String loginName, String password) {
+        SysUser userDb = getSysUserByLoginName(loginName);
+        ValidatorBean.checkNotNull(userDb, "不存在的用户信息");
+        SysUserPassword userPassword = userPasswordService.get(userDb.getUserLoginPasswordId());
+        if (!userPassword.getUserPassword().equals(SysUserPasswordUtil.encoder(password))) {
+            throw new IncorrectCredentialsException("用户密码错误");
+        }
+        return userDb;
+    }
+
     /**
      * 账号数据排序
      * 创建时间 角色升序