From 89a72db182bc4312caf4abfa60969c325cbb98bb Mon Sep 17 00:00:00 2001
From: huangzhen <867217663@qq.com>
Date: Sun, 04 Feb 2024 10:29:05 +0800
Subject: [PATCH] bug修复

---
 src/main/java/com/gkhy/fourierSpecialGasMonitor/domain/account/service/impl/UserDomainServiceImpl.java |   51 +++++++++++++++++++++++++++++++++++++--------------
 1 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/src/main/java/com/gkhy/fourierSpecialGasMonitor/domain/account/service/impl/UserDomainServiceImpl.java b/src/main/java/com/gkhy/fourierSpecialGasMonitor/domain/account/service/impl/UserDomainServiceImpl.java
index f03d0bb..283d527 100644
--- a/src/main/java/com/gkhy/fourierSpecialGasMonitor/domain/account/service/impl/UserDomainServiceImpl.java
+++ b/src/main/java/com/gkhy/fourierSpecialGasMonitor/domain/account/service/impl/UserDomainServiceImpl.java
@@ -7,6 +7,7 @@
 import com.gkhy.fourierSpecialGasMonitor.commons.domain.SearchResult;
 import com.gkhy.fourierSpecialGasMonitor.commons.enums.ResultCode;
 import com.gkhy.fourierSpecialGasMonitor.commons.enums.SystemCacheKeyEnum;
+import com.gkhy.fourierSpecialGasMonitor.commons.enums.UserRoleEnum;
 import com.gkhy.fourierSpecialGasMonitor.commons.exception.BusinessException;
 import com.gkhy.fourierSpecialGasMonitor.commons.model.PageQuery;
 import com.gkhy.fourierSpecialGasMonitor.commons.utils.BeanCopyUtils;
@@ -25,6 +26,8 @@
 import com.gkhy.fourierSpecialGasMonitor.domain.account.service.SysDepartmentDomainService;
 import com.gkhy.fourierSpecialGasMonitor.domain.account.service.UserDomainService;
 import com.gkhy.fourierSpecialGasMonitor.domain.account.model.dto.UserInfoDomainDTO;
+import com.gkhy.fourierSpecialGasMonitor.utils.PasswordCheckUtil;
+import com.gkhy.fourierSpecialGasMonitor.utils.ThreadLocalUtil;
 import com.google.common.collect.Range;
 import com.google.common.hash.Hashing;
 import org.redisson.api.RMapCache;
@@ -67,6 +70,14 @@
 
     @Autowired
     private SysDepartmentDomainService departmentDomainService;
+
+    private User getCurrentUser(){
+        Long userId = ThreadLocalUtil.get().getId();
+        User user = userRepository.findUserByIdAndStatus(userId, UserStatusEnum.STATUS_ACTIVE.getStatus());
+        if (user == null)
+            throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(),"未成功获取用户信息");
+        return user;
+    }
 
     @Override
     @Transactional
@@ -291,22 +302,37 @@
     @Override
     @Transactional
     public boolean updateUserPwd(Long uid, String oldPwd, String newPwd) {
-        if(uid == null || oldPwd == null || newPwd == null || oldPwd.isEmpty() || newPwd.isEmpty())
+        User currentUser = getCurrentUser();
+        Boolean flag = false;
+        for (SysUserRoleBind sysUserRoleBind : currentUser.getSysUserRoleBinds()) {
+            if ("超级管理员".equals(sysUserRoleBind.getRole().getName())){
+                flag = true;
+            }
+        }
+        if(uid == null || oldPwd == null || newPwd == null || newPwd.isEmpty())
             throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(), "参数缺失");
         Optional<User> userOptional = userRepository.findById(uid);
         if(!userOptional.isPresent()){
             throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_ACCOUNT_NOT_EXIST.getCode(), "用户不存在");
         }
         User user = userOptional.get();
-        //验证旧密码
-        String hash = String.valueOf(Hashing.hmacMd5(user.getSalt().getBytes(StandardCharsets.UTF_8)).hashString(oldPwd,
-                StandardCharsets.UTF_8));
-        if(!hash.equals(user.getHash()))
-            throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_NOT_ALLOWED.getCode(), "旧密码错误");
-        String newSalt = String.valueOf(Hashing.hmacMd5("".getBytes()).hashString(""+uid+Range.atLeast(1)+System.nanoTime(),
-                StandardCharsets.UTF_8));
-        String newHash = String.valueOf(Hashing.hmacMd5(newSalt.getBytes(StandardCharsets.UTF_8)).hashString(newPwd,
-                StandardCharsets.UTF_8));
+        PasswordCheckUtil.passwordIsValid(newPwd.trim());
+        if (!flag){
+            if(oldPwd.isEmpty()) {
+                throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(), "参数缺失");
+            }
+            //验证旧密码
+            String hash = String.valueOf(Hashing.hmacMd5(user.getSalt().getBytes(StandardCharsets.UTF_8)).hashString(oldPwd,
+                    StandardCharsets.UTF_8));
+            if(!hash.equals(user.getHash()))
+                throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_NOT_ALLOWED.getCode(), "旧密码错误");
+        }
+        String newSalt = genPasswordSalt();
+        String newHash = genPasswordHash(newPwd, newSalt);
+        //String newSalt = String.valueOf(Hashing.hmacMd5("".getBytes()).hashString(""+uid+Range.atLeast(1)+System.nanoTime(),
+        //        StandardCharsets.UTF_8));
+        //String newHash = String.valueOf(Hashing.hmacMd5(newSalt.getBytes(StandardCharsets.UTF_8)).hashString(newPwd,
+        //        StandardCharsets.UTF_8));
         if(userRepository.updatePassword(uid,newHash,newSalt, LocalDateTime.now()) == 1){
 //            deleteUserCache(uid);
             return true;
@@ -361,7 +387,7 @@
         if(Hashing.hmacMd5(salt.getBytes(StandardCharsets.UTF_8)).hashString(pwd, StandardCharsets.UTF_8).toString().equals(hash)){
             return true;
         }else {
-            return true;
+            return false;
         }
     }
 
@@ -641,7 +667,4 @@
         String hash = Hashing.hmacMd5(salt.getBytes(StandardCharsets.UTF_8)).hashBytes(password.getBytes(StandardCharsets.UTF_8)).toString();
         return hash;
     }
-
-
-
 }

--
Gitblit v1.9.2