From 9ed5b521d613edb51b160cca931ee680019e2896 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子Li <15040126243@163.com>
Date: 星期二, 07 三月 2023 22:26:13 +0800
Subject: [PATCH] fix 修复 用户密码暴露问题
---
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java | 25 +++++++++++++------------
1 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
index 7919aac..b201e3d 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
@@ -11,8 +11,9 @@
import com.ruoyi.common.excel.core.ExcelListener;
import com.ruoyi.common.excel.core.ExcelResult;
import com.ruoyi.common.satoken.utils.LoginHelper;
-import com.ruoyi.system.domain.SysUser;
+import com.ruoyi.system.domain.bo.SysUserBo;
import com.ruoyi.system.domain.vo.SysUserImportVo;
+import com.ruoyi.system.domain.vo.SysUserVo;
import com.ruoyi.system.service.ISysConfigService;
import com.ruoyi.system.service.ISysUserService;
import lombok.extern.slf4j.Slf4j;
@@ -33,7 +34,7 @@
private final Boolean isUpdateSupport;
- private final String operName;
+ private final Long operUserId;
private int successNum = 0;
private int failureNum = 0;
@@ -45,40 +46,40 @@
this.userService = SpringUtils.getBean(ISysUserService.class);
this.password = BCrypt.hashpw(initPassword);
this.isUpdateSupport = isUpdateSupport;
- this.operName = LoginHelper.getUsername();
+ this.operUserId = LoginHelper.getUserId();
}
@Override
public void invoke(SysUserImportVo userVo, AnalysisContext context) {
- SysUser user = this.userService.selectUserByUserName(userVo.getUserName());
+ SysUserVo sysUser = this.userService.selectUserByUserName(userVo.getUserName());
try {
// 楠岃瘉鏄惁瀛樺湪杩欎釜鐢ㄦ埛
- if (ObjectUtil.isNull(user)) {
- user = BeanUtil.toBean(userVo, SysUser.class);
+ if (ObjectUtil.isNull(sysUser)) {
+ SysUserBo user = BeanUtil.toBean(userVo, SysUserBo.class);
ValidatorUtils.validate(user);
user.setPassword(password);
- user.setCreateBy(LoginHelper.getUserId());
+ user.setCreateBy(operUserId);
userService.insertUser(user);
successNum++;
successMsg.append("<br/>").append(successNum).append("銆佽处鍙� ").append(user.getUserName()).append(" 瀵煎叆鎴愬姛");
} else if (isUpdateSupport) {
- Long userId = user.getUserId();
- user = BeanUtil.toBean(userVo, SysUser.class);
+ Long userId = sysUser.getUserId();
+ SysUserBo user = BeanUtil.toBean(userVo, SysUserBo.class);
user.setUserId(userId);
ValidatorUtils.validate(user);
userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId());
- user.setUpdateBy(LoginHelper.getUserId());
+ user.setUpdateBy(operUserId);
userService.updateUser(user);
successNum++;
successMsg.append("<br/>").append(successNum).append("銆佽处鍙� ").append(user.getUserName()).append(" 鏇存柊鎴愬姛");
} else {
failureNum++;
- failureMsg.append("<br/>").append(failureNum).append("銆佽处鍙� ").append(user.getUserName()).append(" 宸插瓨鍦�");
+ failureMsg.append("<br/>").append(failureNum).append("銆佽处鍙� ").append(sysUser.getUserName()).append(" 宸插瓨鍦�");
}
} catch (Exception e) {
failureNum++;
- String msg = "<br/>" + failureNum + "銆佽处鍙� " + user.getUserName() + " 瀵煎叆澶辫触锛�";
+ String msg = "<br/>" + failureNum + "銆佽处鍙� " + sysUser.getUserName() + " 瀵煎叆澶辫触锛�";
failureMsg.append(msg).append(e.getMessage());
log.error(msg, e);
}
--
Gitblit v1.9.3