From 81930d5304e0324e853bac793a960c84499b5483 Mon Sep 17 00:00:00 2001 From: o2sword <171715986@qq.com> Date: Tue, 16 Apr 2024 18:32:12 +0800 Subject: [PATCH] =?UTF-8?q?=E4=B8=AA=E4=BA=BA=E5=BF=98=E8=AE=B0=E5=AF=86?= =?UTF-8?q?=E7=A0=81=E5=AE=89=E5=85=A8=E6=80=A7=E4=BF=AE=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../personal/jaxrs/reset/ActionCode.java | 12 +++++- .../personal/jaxrs/reset/ActionReset.java | 6 ++- .../reset/ActionSetPasswordAnonymous.java | 40 ++++++------------- ...xceptionPersonNotExistOrInvalidAnswer.java | 13 ++++++ ...eptionPersonNotExistOrInvalidPassword.java | 14 +++++++ .../personal/jaxrs/reset/ResetAction.java | 20 ++++------ 6 files changed, 62 insertions(+), 43 deletions(-) create mode 100755 o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidAnswer.java create mode 100755 o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidPassword.java diff --git a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionCode.java b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionCode.java index 2723c68724..28ede5e7c8 100755 --- a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionCode.java +++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionCode.java @@ -5,12 +5,19 @@ import com.x.base.core.container.factory.EntityManagerContainerFactory; import com.x.base.core.project.config.Config; import com.x.base.core.project.http.ActionResult; import com.x.base.core.project.http.WrapOutBoolean; +import com.x.base.core.project.logger.Logger; +import com.x.base.core.project.logger.LoggerFactory; +import com.x.base.core.project.tools.Crypto; +import com.x.base.core.project.tools.DefaultCharset; import com.x.organization.assemble.personal.Business; import com.x.organization.core.entity.Person; import org.apache.commons.lang3.BooleanUtils; +import org.codehaus.plexus.util.StringUtils; -class ActionCode extends BaseAction { +import java.net.URLDecoder; +class ActionCode extends BaseAction { + private static final Logger LOGGER = LoggerFactory.getLogger(ActionCode.class); ActionResult execute(String credential) throws Exception { try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) { ActionResult result = new ActionResult<>(); @@ -19,6 +26,9 @@ class ActionCode extends BaseAction { if (BooleanUtils.isNotTrue(Config.collect().getEnable())) { throw new ExceptionDisableCollect(); } + credential = BooleanUtils.isTrue(Config.token().getRsaEnable()) ? Crypto.rsaDecrypt(URLDecoder.decode(credential, DefaultCharset.charset), + Config.privateKey()) : credential; + LOGGER.info("{} 用户进行忘记密码修改操作", credential); Person person = business.person().getWithCredential(credential); if (null == person) { throw new ExceptionSendCodeError(); diff --git a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionReset.java b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionReset.java index 3edbdaf855..24c2e93def 100755 --- a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionReset.java +++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionReset.java @@ -44,9 +44,11 @@ class ActionReset extends BaseAction { if (StringUtils.isBlank(password)) { throw new ExceptionPasswordEmpty(); } + credential = BooleanUtils.isTrue(Config.token().getRsaEnable()) ? Crypto.rsaDecrypt(credential, Config.privateKey()) : credential; + password = BooleanUtils.isTrue(Config.token().getRsaEnable()) ? Crypto.rsaDecrypt(password, Config.privateKey()) : password; Person person = business.person().getWithCredential(credential); if (null == person) { - throw new ExceptionPersonNotExist(credential); + throw new ExceptionPersonNotExistOrInvalidAnswer(); } person = emc.find(person.getId(), Person.class, ExceptionWhen.not_found); if (BooleanUtils.isTrue(Config.person().getSuperPermission()) @@ -57,7 +59,7 @@ class ActionReset extends BaseAction { throw new ExceptionInvalidPassword(Config.person().getPasswordRegexHint()); } if (BooleanUtils.isFalse(business.instrument().code().validate(person.getMobile(), codeAnswer))) { - throw new ExceptionInvalidCode(); + throw new ExceptionPersonNotExistOrInvalidAnswer(); } } emc.beginTransaction(Person.class); diff --git a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionSetPasswordAnonymous.java b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionSetPasswordAnonymous.java index 1cd4fa6435..9ec39cdb97 100755 --- a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionSetPasswordAnonymous.java +++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionSetPasswordAnonymous.java @@ -1,16 +1,11 @@ package com.x.organization.assemble.personal.jaxrs.reset; -import org.apache.commons.codec.binary.Base64; -import org.apache.commons.lang3.BooleanUtils; -import org.apache.commons.lang3.StringUtils; - import com.google.gson.JsonElement; import com.x.base.core.container.EntityManagerContainer; import com.x.base.core.container.factory.EntityManagerContainerFactory; import com.x.base.core.project.annotation.FieldDescribe; import com.x.base.core.project.cache.CacheManager; import com.x.base.core.project.config.Config; -import com.x.base.core.project.exception.ExceptionPersonNotExist; import com.x.base.core.project.gson.GsonPropertyObject; import com.x.base.core.project.http.ActionResult; import com.x.base.core.project.http.EffectivePerson; @@ -20,6 +15,9 @@ import com.x.base.core.project.logger.LoggerFactory; import com.x.base.core.project.tools.Crypto; import com.x.organization.assemble.personal.Business; import com.x.organization.core.entity.Person; +import org.apache.commons.codec.binary.Base64; +import org.apache.commons.lang3.BooleanUtils; +import org.apache.commons.lang3.StringUtils; public class ActionSetPasswordAnonymous extends BaseAction { private static final Logger LOGGER = LoggerFactory.getLogger(ActionSetPasswordAnonymous.class); @@ -30,7 +28,6 @@ public class ActionSetPasswordAnonymous extends BaseAction { Wi wi = this.convertToWrapIn(jsonElement, Wi.class); Business business = new Business(emc); - /** 排除xadmin */ if (Config.token().isInitialManager(wi.getUserName())) { throw new ExceptionEditInitialManagerDeny(); } else { @@ -40,13 +37,10 @@ public class ActionSetPasswordAnonymous extends BaseAction { Person o = business.person().getWithCredential(wi.getUserName()); if (null == o) { - throw new ExceptionPersonNotExist(wi.getUserName()); + throw new ExceptionPersonNotExistOrInvalidPassword(); } Person person = emc.find(o.getId(), Person.class); - if (null == person) { - throw new ExceptionPersonNotExist(wi.getUserName()); - } if (StringUtils.isEmpty(wi.getOldPassword())) { throw new ExceptionOldPasswordEmpty(); @@ -54,31 +48,23 @@ public class ActionSetPasswordAnonymous extends BaseAction { if (StringUtils.isEmpty(wi.getNewPassword())) { throw new ExceptionPasswordEmpty(); } - if (StringUtils.isEmpty(wi.getConfirmPassword())) { throw new ExceptionConfirmPasswordEmpty(); } - if (!StringUtils.equals(wi.getNewPassword(), wi.getConfirmPassword())) { - throw new ExceptionTwicePasswordNotMatch(); - } + String oldPassword = BooleanUtils.isTrue(Config.token().getRsaEnable()) ? Crypto.rsaDecrypt(wi.getOldPassword(), Config.privateKey()) + : wi.getOldPassword(); + String newPassword = BooleanUtils.isTrue(Config.token().getRsaEnable()) ? Crypto.rsaDecrypt(wi.getNewPassword(), Config.privateKey()) + : wi.getNewPassword(); + String confirmPassword = BooleanUtils.isTrue(Config.token().getRsaEnable()) ? Crypto.rsaDecrypt(wi.getConfirmPassword(), Config.privateKey()) + : wi.getConfirmPassword(); if (StringUtils.equals(wi.getNewPassword(), wi.getOldPassword())) { throw new ExceptionNewPasswordSameAsOldPassword(); } - String oldPassword = wi.getOldPassword(); - String newPassword = wi.getNewPassword(); - String confirmPassword = wi.getConfirmPassword(); - String isEncrypted = wi.getIsEncrypted(); - - // RSA解秘 - if (!StringUtils.isEmpty(isEncrypted)) { - if (isEncrypted.trim().equalsIgnoreCase("y")) { - oldPassword = this.decryptRSA(oldPassword); - newPassword = this.decryptRSA(newPassword); - confirmPassword = this.decryptRSA(confirmPassword); - } + if(!StringUtils.equals(newPassword, confirmPassword)){ + throw new ExceptionTwicePasswordNotMatch(); } if (BooleanUtils.isTrue(Config.person().getSuperPermission()) @@ -88,7 +74,7 @@ public class ActionSetPasswordAnonymous extends BaseAction { if (!StringUtils.equals( Crypto.encrypt(oldPassword, Config.token().getKey(), Config.person().getEncryptType()), person.getPassword())) { - throw new ExceptionOldPasswordNotMatch(); + throw new ExceptionPersonNotExistOrInvalidPassword(); } if (!newPassword.matches(Config.person().getPasswordRegex())) { throw new ExceptionInvalidPassword(Config.person().getPasswordRegexHint()); diff --git a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidAnswer.java b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidAnswer.java new file mode 100755 index 0000000000..cf0d5a6b82 --- /dev/null +++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidAnswer.java @@ -0,0 +1,13 @@ +package com.x.organization.assemble.personal.jaxrs.reset; + +import com.x.base.core.project.exception.PromptException; + +class ExceptionPersonNotExistOrInvalidAnswer extends PromptException { + + private static final long serialVersionUID = -8334021007462970656L; + public static String defaultMessage = "用户不存在或者验证码错误."; + + ExceptionPersonNotExistOrInvalidAnswer( ) { + super(defaultMessage); + } +} diff --git a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidPassword.java b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidPassword.java new file mode 100755 index 0000000000..a2fb65cafc --- /dev/null +++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidPassword.java @@ -0,0 +1,14 @@ +package com.x.organization.assemble.personal.jaxrs.reset; + +import com.x.base.core.project.exception.PromptException; + +class ExceptionPersonNotExistOrInvalidPassword extends PromptException { + + + private static final long serialVersionUID = 2537120821114609351L; + public static String defaultMessage = "用户不存在或者密码错误."; + + ExceptionPersonNotExistOrInvalidPassword( ) { + super(defaultMessage); + } +} diff --git a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ResetAction.java b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ResetAction.java index 0918785f3b..73cefaf5c1 100755 --- a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ResetAction.java +++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ResetAction.java @@ -1,18 +1,5 @@ package com.x.organization.assemble.personal.jaxrs.reset; -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.Consumes; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.container.AsyncResponse; -import javax.ws.rs.container.Suspended; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.MediaType; - import com.google.gson.JsonElement; import com.x.base.core.project.annotation.JaxrsDescribe; import com.x.base.core.project.annotation.JaxrsMethodDescribe; @@ -26,6 +13,13 @@ import com.x.base.core.project.jaxrs.StandardJaxrsAction; import com.x.base.core.project.logger.Logger; import com.x.base.core.project.logger.LoggerFactory; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.*; +import javax.ws.rs.container.AsyncResponse; +import javax.ws.rs.container.Suspended; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; + @Path("reset") @JaxrsDescribe("重置操作") public class ResetAction extends StandardJaxrsAction { -- GitLab