Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
浙江兰德纵横网络技术股份有限公司
o2oa
提交
81930d53
o2oa
项目概览
浙江兰德纵横网络技术股份有限公司
/
o2oa
通知
332
Star
10
Fork
6
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
o2oa
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
81930d53
编写于
4月 16, 2024
作者:
O
o2sword
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
个人忘记密码安全性修改
上级
4effc19b
变更
6
隐藏空白更改
内联
并排
Showing
6 changed file
with
62 addition
and
43 deletion
+62
-43
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionCode.java
...rganization/assemble/personal/jaxrs/reset/ActionCode.java
+11
-1
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionReset.java
...ganization/assemble/personal/jaxrs/reset/ActionReset.java
+4
-2
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionSetPasswordAnonymous.java
...mble/personal/jaxrs/reset/ActionSetPasswordAnonymous.java
+13
-27
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidAnswer.java
...l/jaxrs/reset/ExceptionPersonNotExistOrInvalidAnswer.java
+13
-0
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidPassword.java
...jaxrs/reset/ExceptionPersonNotExistOrInvalidPassword.java
+14
-0
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ResetAction.java
...ganization/assemble/personal/jaxrs/reset/ResetAction.java
+7
-13
未找到文件。
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionCode.java
浏览文件 @
81930d53
...
...
@@ -5,12 +5,19 @@ import com.x.base.core.container.factory.EntityManagerContainerFactory;
import
com.x.base.core.project.config.Config
;
import
com.x.base.core.project.http.ActionResult
;
import
com.x.base.core.project.http.WrapOutBoolean
;
import
com.x.base.core.project.logger.Logger
;
import
com.x.base.core.project.logger.LoggerFactory
;
import
com.x.base.core.project.tools.Crypto
;
import
com.x.base.core.project.tools.DefaultCharset
;
import
com.x.organization.assemble.personal.Business
;
import
com.x.organization.core.entity.Person
;
import
org.apache.commons.lang3.BooleanUtils
;
import
org.codehaus.plexus.util.StringUtils
;
class
ActionCode
extends
BaseAction
{
import
java.net.URLDecoder
;
class
ActionCode
extends
BaseAction
{
private
static
final
Logger
LOGGER
=
LoggerFactory
.
getLogger
(
ActionCode
.
class
);
ActionResult
<
WrapOutBoolean
>
execute
(
String
credential
)
throws
Exception
{
try
(
EntityManagerContainer
emc
=
EntityManagerContainerFactory
.
instance
().
create
())
{
ActionResult
<
WrapOutBoolean
>
result
=
new
ActionResult
<>();
...
...
@@ -19,6 +26,9 @@ class ActionCode extends BaseAction {
if
(
BooleanUtils
.
isNotTrue
(
Config
.
collect
().
getEnable
()))
{
throw
new
ExceptionDisableCollect
();
}
credential
=
BooleanUtils
.
isTrue
(
Config
.
token
().
getRsaEnable
())
?
Crypto
.
rsaDecrypt
(
URLDecoder
.
decode
(
credential
,
DefaultCharset
.
charset
),
Config
.
privateKey
())
:
credential
;
LOGGER
.
info
(
"{} 用户进行忘记密码修改操作"
,
credential
);
Person
person
=
business
.
person
().
getWithCredential
(
credential
);
if
(
null
==
person
)
{
throw
new
ExceptionSendCodeError
();
...
...
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionReset.java
浏览文件 @
81930d53
...
...
@@ -44,9 +44,11 @@ class ActionReset extends BaseAction {
if
(
StringUtils
.
isBlank
(
password
))
{
throw
new
ExceptionPasswordEmpty
();
}
credential
=
BooleanUtils
.
isTrue
(
Config
.
token
().
getRsaEnable
())
?
Crypto
.
rsaDecrypt
(
credential
,
Config
.
privateKey
())
:
credential
;
password
=
BooleanUtils
.
isTrue
(
Config
.
token
().
getRsaEnable
())
?
Crypto
.
rsaDecrypt
(
password
,
Config
.
privateKey
())
:
password
;
Person
person
=
business
.
person
().
getWithCredential
(
credential
);
if
(
null
==
person
)
{
throw
new
ExceptionPersonNotExist
(
credential
);
throw
new
ExceptionPersonNotExist
OrInvalidAnswer
(
);
}
person
=
emc
.
find
(
person
.
getId
(),
Person
.
class
,
ExceptionWhen
.
not_found
);
if
(
BooleanUtils
.
isTrue
(
Config
.
person
().
getSuperPermission
())
...
...
@@ -57,7 +59,7 @@ class ActionReset extends BaseAction {
throw
new
ExceptionInvalidPassword
(
Config
.
person
().
getPasswordRegexHint
());
}
if
(
BooleanUtils
.
isFalse
(
business
.
instrument
().
code
().
validate
(
person
.
getMobile
(),
codeAnswer
)))
{
throw
new
Exception
InvalidCode
();
throw
new
Exception
PersonNotExistOrInvalidAnswer
();
}
}
emc
.
beginTransaction
(
Person
.
class
);
...
...
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionSetPasswordAnonymous.java
浏览文件 @
81930d53
package
com.x.organization.assemble.personal.jaxrs.reset
;
import
org.apache.commons.codec.binary.Base64
;
import
org.apache.commons.lang3.BooleanUtils
;
import
org.apache.commons.lang3.StringUtils
;
import
com.google.gson.JsonElement
;
import
com.x.base.core.container.EntityManagerContainer
;
import
com.x.base.core.container.factory.EntityManagerContainerFactory
;
import
com.x.base.core.project.annotation.FieldDescribe
;
import
com.x.base.core.project.cache.CacheManager
;
import
com.x.base.core.project.config.Config
;
import
com.x.base.core.project.exception.ExceptionPersonNotExist
;
import
com.x.base.core.project.gson.GsonPropertyObject
;
import
com.x.base.core.project.http.ActionResult
;
import
com.x.base.core.project.http.EffectivePerson
;
...
...
@@ -20,6 +15,9 @@ import com.x.base.core.project.logger.LoggerFactory;
import
com.x.base.core.project.tools.Crypto
;
import
com.x.organization.assemble.personal.Business
;
import
com.x.organization.core.entity.Person
;
import
org.apache.commons.codec.binary.Base64
;
import
org.apache.commons.lang3.BooleanUtils
;
import
org.apache.commons.lang3.StringUtils
;
public
class
ActionSetPasswordAnonymous
extends
BaseAction
{
private
static
final
Logger
LOGGER
=
LoggerFactory
.
getLogger
(
ActionSetPasswordAnonymous
.
class
);
...
...
@@ -30,7 +28,6 @@ public class ActionSetPasswordAnonymous extends BaseAction {
Wi
wi
=
this
.
convertToWrapIn
(
jsonElement
,
Wi
.
class
);
Business
business
=
new
Business
(
emc
);
/** 排除xadmin */
if
(
Config
.
token
().
isInitialManager
(
wi
.
getUserName
()))
{
throw
new
ExceptionEditInitialManagerDeny
();
}
else
{
...
...
@@ -40,13 +37,10 @@ public class ActionSetPasswordAnonymous extends BaseAction {
Person
o
=
business
.
person
().
getWithCredential
(
wi
.
getUserName
());
if
(
null
==
o
)
{
throw
new
ExceptionPersonNotExist
(
wi
.
getUserName
()
);
throw
new
ExceptionPersonNotExist
OrInvalidPassword
(
);
}
Person
person
=
emc
.
find
(
o
.
getId
(),
Person
.
class
);
if
(
null
==
person
)
{
throw
new
ExceptionPersonNotExist
(
wi
.
getUserName
());
}
if
(
StringUtils
.
isEmpty
(
wi
.
getOldPassword
()))
{
throw
new
ExceptionOldPasswordEmpty
();
...
...
@@ -54,31 +48,23 @@ public class ActionSetPasswordAnonymous extends BaseAction {
if
(
StringUtils
.
isEmpty
(
wi
.
getNewPassword
()))
{
throw
new
ExceptionPasswordEmpty
();
}
if
(
StringUtils
.
isEmpty
(
wi
.
getConfirmPassword
()))
{
throw
new
ExceptionConfirmPasswordEmpty
();
}
if
(!
StringUtils
.
equals
(
wi
.
getNewPassword
(),
wi
.
getConfirmPassword
()))
{
throw
new
ExceptionTwicePasswordNotMatch
();
}
String
oldPassword
=
BooleanUtils
.
isTrue
(
Config
.
token
().
getRsaEnable
())
?
Crypto
.
rsaDecrypt
(
wi
.
getOldPassword
(),
Config
.
privateKey
())
:
wi
.
getOldPassword
();
String
newPassword
=
BooleanUtils
.
isTrue
(
Config
.
token
().
getRsaEnable
())
?
Crypto
.
rsaDecrypt
(
wi
.
getNewPassword
(),
Config
.
privateKey
())
:
wi
.
getNewPassword
();
String
confirmPassword
=
BooleanUtils
.
isTrue
(
Config
.
token
().
getRsaEnable
())
?
Crypto
.
rsaDecrypt
(
wi
.
getConfirmPassword
(),
Config
.
privateKey
())
:
wi
.
getConfirmPassword
();
if
(
StringUtils
.
equals
(
wi
.
getNewPassword
(),
wi
.
getOldPassword
()))
{
throw
new
ExceptionNewPasswordSameAsOldPassword
();
}
String
oldPassword
=
wi
.
getOldPassword
();
String
newPassword
=
wi
.
getNewPassword
();
String
confirmPassword
=
wi
.
getConfirmPassword
();
String
isEncrypted
=
wi
.
getIsEncrypted
();
// RSA解秘
if
(!
StringUtils
.
isEmpty
(
isEncrypted
))
{
if
(
isEncrypted
.
trim
().
equalsIgnoreCase
(
"y"
))
{
oldPassword
=
this
.
decryptRSA
(
oldPassword
);
newPassword
=
this
.
decryptRSA
(
newPassword
);
confirmPassword
=
this
.
decryptRSA
(
confirmPassword
);
}
if
(!
StringUtils
.
equals
(
newPassword
,
confirmPassword
)){
throw
new
ExceptionTwicePasswordNotMatch
();
}
if
(
BooleanUtils
.
isTrue
(
Config
.
person
().
getSuperPermission
())
...
...
@@ -88,7 +74,7 @@ public class ActionSetPasswordAnonymous extends BaseAction {
if
(!
StringUtils
.
equals
(
Crypto
.
encrypt
(
oldPassword
,
Config
.
token
().
getKey
(),
Config
.
person
().
getEncryptType
()),
person
.
getPassword
()))
{
throw
new
Exception
OldPasswordNotMatch
();
throw
new
Exception
PersonNotExistOrInvalidPassword
();
}
if
(!
newPassword
.
matches
(
Config
.
person
().
getPasswordRegex
()))
{
throw
new
ExceptionInvalidPassword
(
Config
.
person
().
getPasswordRegexHint
());
...
...
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidAnswer.java
0 → 100755
浏览文件 @
81930d53
package
com.x.organization.assemble.personal.jaxrs.reset
;
import
com.x.base.core.project.exception.PromptException
;
class
ExceptionPersonNotExistOrInvalidAnswer
extends
PromptException
{
private
static
final
long
serialVersionUID
=
-
8334021007462970656L
;
public
static
String
defaultMessage
=
"用户不存在或者验证码错误."
;
ExceptionPersonNotExistOrInvalidAnswer
(
)
{
super
(
defaultMessage
);
}
}
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidPassword.java
0 → 100755
浏览文件 @
81930d53
package
com.x.organization.assemble.personal.jaxrs.reset
;
import
com.x.base.core.project.exception.PromptException
;
class
ExceptionPersonNotExistOrInvalidPassword
extends
PromptException
{
private
static
final
long
serialVersionUID
=
2537120821114609351L
;
public
static
String
defaultMessage
=
"用户不存在或者密码错误."
;
ExceptionPersonNotExistOrInvalidPassword
(
)
{
super
(
defaultMessage
);
}
}
o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ResetAction.java
浏览文件 @
81930d53
package
com.x.organization.assemble.personal.jaxrs.reset
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.ws.rs.Consumes
;
import
javax.ws.rs.GET
;
import
javax.ws.rs.POST
;
import
javax.ws.rs.PUT
;
import
javax.ws.rs.Path
;
import
javax.ws.rs.PathParam
;
import
javax.ws.rs.Produces
;
import
javax.ws.rs.container.AsyncResponse
;
import
javax.ws.rs.container.Suspended
;
import
javax.ws.rs.core.Context
;
import
javax.ws.rs.core.MediaType
;
import
com.google.gson.JsonElement
;
import
com.x.base.core.project.annotation.JaxrsDescribe
;
import
com.x.base.core.project.annotation.JaxrsMethodDescribe
;
...
...
@@ -26,6 +13,13 @@ import com.x.base.core.project.jaxrs.StandardJaxrsAction;
import
com.x.base.core.project.logger.Logger
;
import
com.x.base.core.project.logger.LoggerFactory
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.ws.rs.*
;
import
javax.ws.rs.container.AsyncResponse
;
import
javax.ws.rs.container.Suspended
;
import
javax.ws.rs.core.Context
;
import
javax.ws.rs.core.MediaType
;
@Path
(
"reset"
)
@JaxrsDescribe
(
"重置操作"
)
public
class
ResetAction
extends
StandardJaxrsAction
{
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录