From 9ed5b521d613edb51b160cca931ee680019e2896 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期二, 07 三月 2023 22:26:13 +0800
Subject: [PATCH] fix 修复 用户密码暴露问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysProfileController.java | 22 +++++++++-------------
1 files changed, 9 insertions(+), 13 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysProfileController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysProfileController.java
index 48c78d3..28b21c9 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysProfileController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/system/SysProfileController.java
@@ -1,8 +1,8 @@
package com.ruoyi.system.controller.system;
import cn.dev33.satoken.secure.BCrypt;
+import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.io.FileUtil;
-import com.ruoyi.common.core.constant.UserConstants;
import com.ruoyi.common.core.domain.R;
import com.ruoyi.common.core.utils.StringUtils;
import com.ruoyi.common.core.utils.file.MimeTypeUtils;
@@ -11,6 +11,7 @@
import com.ruoyi.common.satoken.utils.LoginHelper;
import com.ruoyi.common.web.core.BaseController;
import com.ruoyi.system.domain.bo.SysUserBo;
+import com.ruoyi.system.domain.bo.SysUserProfileBo;
import com.ruoyi.system.domain.vo.AvatarVo;
import com.ruoyi.system.domain.vo.ProfileVo;
import com.ruoyi.system.domain.vo.SysOssVo;
@@ -37,7 +38,7 @@
public class SysProfileController extends BaseController {
private final ISysUserService userService;
- private final ISysOssService iSysOssService;
+ private final ISysOssService sysOssService;
/**
* 涓汉淇℃伅
@@ -57,20 +58,15 @@
*/
@Log(title = "涓汉淇℃伅", businessType = BusinessType.UPDATE)
@PutMapping
- public R<Void> updateProfile(@RequestBody SysUserBo user) {
- if (StringUtils.isNotEmpty(user.getPhonenumber())
- && UserConstants.NOT_UNIQUE.equals(userService.checkPhoneUnique(user))) {
+ public R<Void> updateProfile(@RequestBody SysUserProfileBo profile) {
+ SysUserBo user = BeanUtil.toBean(profile, SysUserBo.class);
+ if (StringUtils.isNotEmpty(user.getPhonenumber()) && !userService.checkPhoneUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛屾墜鏈哄彿鐮佸凡瀛樺湪");
}
- if (StringUtils.isNotEmpty(user.getEmail())
- && UserConstants.NOT_UNIQUE.equals(userService.checkEmailUnique(user))) {
+ if (StringUtils.isNotEmpty(user.getEmail()) && !userService.checkEmailUnique(user)) {
return R.fail("淇敼鐢ㄦ埛'" + user.getUserName() + "'澶辫触锛岄偖绠辫处鍙峰凡瀛樺湪");
}
user.setUserId(LoginHelper.getUserId());
- user.setUserName(null);
- user.setPassword(null);
- user.setAvatar(null);
- user.setDeptId(null);
if (userService.updateUserProfile(user) > 0) {
return R.ok();
}
@@ -115,9 +111,9 @@
if (!StringUtils.equalsAnyIgnoreCase(extension, MimeTypeUtils.IMAGE_EXTENSION)) {
return R.fail("鏂囦欢鏍煎紡涓嶆纭紝璇蜂笂浼�" + Arrays.toString(MimeTypeUtils.IMAGE_EXTENSION) + "鏍煎紡");
}
- SysOssVo oss = iSysOssService.upload(avatarfile);
+ SysOssVo oss = sysOssService.upload(avatarfile);
String avatar = oss.getUrl();
- if (userService.updateUserAvatar(LoginHelper.getUsername(), avatar)) {
+ if (userService.updateUserAvatar(LoginHelper.getUsername(), oss.getOssId())) {
AvatarVo avatarVo = new AvatarVo();
avatarVo.setImgUrl(avatar);
return R.ok(avatarVo);
--
Gitblit v1.9.3