From bfe1b2ae508df731c43f25a286da252ed24cc0a0 Mon Sep 17 00:00:00 2001
From: bleachtred <bleachtred@163.com>
Date: 星期一, 25 九月 2023 15:21:29 +0800
Subject: [PATCH] fix 个人信息修改密码接口隐藏新旧密码参数明文
---
ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysProfileController.java | 13 +++++++------
ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysUserPasswordBo.java | 30 ++++++++++++++++++++++++++++++
2 files changed, 37 insertions(+), 6 deletions(-)
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysProfileController.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysProfileController.java
index 60d1682..36411b7 100644
--- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysProfileController.java
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/controller/system/SysProfileController.java
@@ -6,11 +6,13 @@
import org.dromara.common.core.domain.R;
import org.dromara.common.core.utils.StringUtils;
import org.dromara.common.core.utils.file.MimeTypeUtils;
+import org.dromara.common.core.validate.auth.PasswordGroup;
import org.dromara.common.log.annotation.Log;
import org.dromara.common.log.enums.BusinessType;
import org.dromara.common.satoken.utils.LoginHelper;
import org.dromara.common.web.core.BaseController;
import org.dromara.system.domain.bo.SysUserBo;
+import org.dromara.system.domain.bo.SysUserPasswordBo;
import org.dromara.system.domain.bo.SysUserProfileBo;
import org.dromara.system.domain.vo.AvatarVo;
import org.dromara.system.domain.vo.ProfileVo;
@@ -76,22 +78,21 @@
/**
* 閲嶇疆瀵嗙爜
*
- * @param newPassword 鏃у瘑鐮�
- * @param oldPassword 鏂板瘑鐮�
+ * @param bo 鏂版棫瀵嗙爜
*/
@Log(title = "涓汉淇℃伅", businessType = BusinessType.UPDATE)
@PutMapping("/updatePwd")
- public R<Void> updatePwd(String oldPassword, String newPassword) {
+ public R<Void> updatePwd(@Validated(PasswordGroup.class) @RequestBody SysUserPasswordBo bo) {
SysUserVo user = userService.selectUserById(LoginHelper.getUserId());
String password = user.getPassword();
- if (!BCrypt.checkpw(oldPassword, password)) {
+ if (!BCrypt.checkpw(bo.getOldPassword(), password)) {
return R.fail("淇敼瀵嗙爜澶辫触锛屾棫瀵嗙爜閿欒");
}
- if (BCrypt.checkpw(newPassword, password)) {
+ if (BCrypt.checkpw(bo.getNewPassword(), password)) {
return R.fail("鏂板瘑鐮佷笉鑳戒笌鏃у瘑鐮佺浉鍚�");
}
- if (userService.resetUserPwd(user.getUserId(), BCrypt.hashpw(newPassword)) > 0) {
+ if (userService.resetUserPwd(user.getUserId(), BCrypt.hashpw(bo.getNewPassword())) > 0) {
return R.ok();
}
return R.fail("淇敼瀵嗙爜寮傚父锛岃鑱旂郴绠$悊鍛�");
diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysUserPasswordBo.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysUserPasswordBo.java
new file mode 100644
index 0000000..298ea3a
--- /dev/null
+++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/domain/bo/SysUserPasswordBo.java
@@ -0,0 +1,30 @@
+package org.dromara.system.domain.bo;
+
+import jakarta.validation.constraints.NotBlank;
+import lombok.Data;
+import org.dromara.common.core.validate.auth.PasswordGroup;
+
+import java.io.Serial;
+import java.io.Serializable;
+
+/**
+ * 鐢ㄦ埛瀵嗙爜淇敼bo
+ */
+@Data
+public class SysUserPasswordBo implements Serializable {
+
+ @Serial
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * 鏃у瘑鐮�
+ */
+ @NotBlank(message = "鏃у瘑鐮佷笉鑳戒负绌�", groups = { PasswordGroup.class })
+ private String oldPassword;
+
+ /**
+ * 鏂板瘑鐮�
+ */
+ @NotBlank(message = "鏂板瘑鐮佷笉鑳戒负绌�", groups = { PasswordGroup.class })
+ private String newPassword;
+}
--
Gitblit v1.9.3