From 2c64c66ed111ac903c6bd8cd823a62b3aabb7120 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期二, 26 九月 2023 16:06:06 +0800
Subject: [PATCH] !424 fix 个人信息修改密码接口,隐藏新旧密码参数明文 Merge pull request !424 from Bleachtred/5.X
---
ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysProfileController.java | 12 ++++++------
ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysUserPasswordBo.java | 29 +++++++++++++++++++++++++++++
2 files changed, 35 insertions(+), 6 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysProfileController.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysProfileController.java
index 60d1682..c9be0da 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysProfileController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysProfileController.java
@@ -11,6 +11,7 @@
import org.dromara.common.satoken.utils.LoginHelper;
import org.dromara.common.web.core.BaseController;
import org.dromara.system.domain.bo.SysUserBo;
+import org.dromara.system.domain.bo.SysUserPasswordBo;
import org.dromara.system.domain.bo.SysUserProfileBo;
import org.dromara.system.domain.vo.AvatarVo;
import org.dromara.system.domain.vo.ProfileVo;
@@ -76,22 +77,21 @@
/**
* 閲嶇疆瀵嗙爜
*
- * @param newPassword 鏃у瘑鐮�
- * @param oldPassword 鏂板瘑鐮�
+ * @param bo 鏂版棫瀵嗙爜
*/
@Log(title = "涓汉淇℃伅", businessType = BusinessType.UPDATE)
@PutMapping("/updatePwd")
- public R<Void> updatePwd(String oldPassword, String newPassword) {
+ public R<Void> updatePwd(@Validated @RequestBody SysUserPasswordBo bo) {
SysUserVo user = userService.selectUserById(LoginHelper.getUserId());
String password = user.getPassword();
- if (!BCrypt.checkpw(oldPassword, password)) {
+ if (!BCrypt.checkpw(bo.getOldPassword(), password)) {
return R.fail("淇敼瀵嗙爜澶辫触锛屾棫瀵嗙爜閿欒");
}
- if (BCrypt.checkpw(newPassword, password)) {
+ if (BCrypt.checkpw(bo.getNewPassword(), password)) {
return R.fail("鏂板瘑鐮佷笉鑳戒笌鏃у瘑鐮佺浉鍚�");
}
- if (userService.resetUserPwd(user.getUserId(), BCrypt.hashpw(newPassword)) > 0) {
+ if (userService.resetUserPwd(user.getUserId(), BCrypt.hashpw(bo.getNewPassword())) > 0) {
return R.ok();
}
return R.fail("淇敼瀵嗙爜寮傚父锛岃鑱旂郴绠$悊鍛�");
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysUserPasswordBo.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysUserPasswordBo.java
new file mode 100644
index 0000000..8615fcd
--- /dev/null
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysUserPasswordBo.java
@@ -0,0 +1,29 @@
+package org.dromara.system.domain.bo;
+
+import jakarta.validation.constraints.NotBlank;
+import lombok.Data;
+
+import java.io.Serial;
+import java.io.Serializable;
+
+/**
+ * 鐢ㄦ埛瀵嗙爜淇敼bo
+ */
+@Data
+public class SysUserPasswordBo implements Serializable {
+
+ @Serial
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * 鏃у瘑鐮�
+ */
+ @NotBlank(message = "鏃у瘑鐮佷笉鑳戒负绌�")
+ private String oldPassword;
+
+ /**
+ * 鏂板瘑鐮�
+ */
+ @NotBlank(message = "鏂板瘑鐮佷笉鑳戒负绌�")
+ private String newPassword;
+}
--
Gitblit v1.9.3