用户修改密码

src/main/java/com/educoder/bridge/user/controller/UserController.java

@@ -1,7 +1,12 @@
 package com.educoder.bridge.user.controller;
 
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -9,6 +14,8 @@ import org.springframework.web.bind.annotation.RestController;
 
 import com.educoder.bridge.common.model.ApiResult;
 import com.educoder.bridge.user.model.PasswordUpdateInfo;
+import com.educoder.bridge.user.service.UserService;
+import com.educoder.bridge.user.util.JwtUtils;
 
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -24,15 +31,22 @@ import io.swagger.annotations.ApiOperation;
 public class UserController {
 	private final Logger logger = LoggerFactory.getLogger(getClass());
 
+	@Autowired
+	private UserService userService;
+
 	/**
 	 * 登录
 	 */
 	@RequestMapping(path = "/passwords/update")
 	@ApiOperation(value = "修改密码", httpMethod = "POST", produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
-	public ApiResult<?> updatePassword(@RequestBody PasswordUpdateInfo pui) throws Exception {
+	public ApiResult<?> updatePassword(@RequestBody PasswordUpdateInfo pui, HttpServletRequest req) throws Exception {
 		logger.info("用户{}修改密码", "xxx");
 
 		ApiResult<?> result = new ApiResult<>();
+		String token = req.getHeader("ACCESS_TOKEN");
+		Map<String, String> map = JwtUtils.verifyToken(token);
+		String name = map.get("name");
+		userService.updatePassword(name, pui);
 
 		result.setMsg("修改成功");
 		return result;

src/main/java/com/educoder/bridge/user/model/User.java

@@ -1,85 +1,85 @@
 package com.educoder.bridge.user.model;
 
-import java.util.Date;
+import java.time.LocalDateTime;
 
 public class User {
-    private Long id;
+	private Long id;
 
-    private String name;
+	private String name;
 
-    private String password;
+	private String password;
 
-    private String email;
+	private String email;
 
-    private String mobile;
+	private String mobile;
 
-    private Date createTime;
+	private LocalDateTime createTime;
 
-    private Date updateTime;
+	private LocalDateTime updateTime;
 
-    private String status;
+	private String status;
 
-    public Long getId() {
-        return id;
-    }
+	public Long getId() {
+		return id;
+	}
 
-    public void setId(Long id) {
-        this.id = id;
-    }
+	public void setId(Long id) {
+		this.id = id;
+	}
 
-    public String getName() {
-        return name;
-    }
+	public String getName() {
+		return name;
+	}
 
-    public void setName(String name) {
-        this.name = name;
-    }
+	public void setName(String name) {
+		this.name = name;
+	}
 
-    public String getPassword() {
-        return password;
-    }
+	public String getPassword() {
+		return password;
+	}
 
-    public void setPassword(String password) {
-        this.password = password;
-    }
+	public void setPassword(String password) {
+		this.password = password;
+	}
 
-    public String getEmail() {
-        return email;
-    }
+	public String getEmail() {
+		return email;
+	}
 
-    public void setEmail(String email) {
-        this.email = email;
-    }
+	public void setEmail(String email) {
+		this.email = email;
+	}
 
-    public String getMobile() {
-        return mobile;
-    }
+	public String getMobile() {
+		return mobile;
+	}
 
-    public void setMobile(String mobile) {
-        this.mobile = mobile;
-    }
+	public void setMobile(String mobile) {
+		this.mobile = mobile;
+	}
 
-    public Date getCreateTime() {
-        return createTime;
-    }
+	public LocalDateTime getCreateTime() {
+		return createTime;
+	}
 
-    public void setCreateTime(Date createTime) {
-        this.createTime = createTime;
-    }
+	public void setCreateTime(LocalDateTime createTime) {
+		this.createTime = createTime;
+	}
 
-    public Date getUpdateTime() {
-        return updateTime;
-    }
+	public LocalDateTime getUpdateTime() {
+		return updateTime;
+	}
 
-    public void setUpdateTime(Date updateTime) {
-        this.updateTime = updateTime;
-    }
+	public void setUpdateTime(LocalDateTime updateTime) {
+		this.updateTime = updateTime;
+	}
 
-    public String getStatus() {
-        return status;
-    }
+	public String getStatus() {
+		return status;
+	}
 
-    public void setStatus(String status) {
-        this.status = status;
-    }
+	public void setStatus(String status) {
+		this.status = status;
+	}
 }

src/main/java/com/educoder/bridge/user/service/UserService.java

@@ -1,5 +1,6 @@
 package com.educoder.bridge.user.service;
 
+import java.time.LocalDateTime;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -19,6 +20,7 @@ import org.springframework.stereotype.Service;
 import com.educoder.bridge.game.exception.GameException;
 import com.educoder.bridge.user.dao.UserMapper;
 import com.educoder.bridge.user.model.LoginInfo;
+import com.educoder.bridge.user.model.PasswordUpdateInfo;
 import com.educoder.bridge.user.model.User;
 
 @Service
@@ -40,6 +42,38 @@ public class UserService {
 		}
 
 		// 用户密码
+		boolean r = this.verifyPassword(user, loginInfo.getPassword());
+		if (!r) {
+			logger.error("用户{}密码错误 ", name);
+			throw new GameException(-2, "用户名或者密码错误：" + name);
+		}
+
+		return user;
+	}
+
+	public void updatePassword(String name, PasswordUpdateInfo pui) throws GameException {
+		// 查询用户
+		Map<String, Object> param = new HashMap<>();
+		param.put("name", name);
+		List<User> list = userMapper.selectUser(param);
+		User user = list.size() > 0 ? list.get(0) : null;
+		if (user == null) {
+			logger.error("不存在的用户{}请求修改密码 ", name);
+			throw new GameException(-2, "不存在的用户请求修改密码：" + name);
+		}
+
+		// 验证用户密码
+		boolean r = this.verifyPassword(user, pui.getPassword());
+		if (!r) {
+			logger.error("用户{}修改密码，原密码错误 ", name);
+			throw new GameException(-2, "原密码错误");
+		}
+
+		this.updatePassword(user, pui);
+
+	}
+
+	private boolean verifyPassword(User user, String inputPassword) {
 		String password = user.getPassword();
 		int index = password.indexOf("$");
 		String salt = password.substring(0, index);
@@ -50,17 +84,31 @@ public class UserService {
 		hashService.setPrivateSalt(new SimpleByteSource("bridge_admin"));
 		hashService.setRandomNumberGenerator(new SecureRandomNumberGenerator());// 用于生成公盐。默认就这个
 		hashService.setHashIterations(1000); // 生成Hash值的迭代次数
-		HashRequest request = new HashRequest.Builder().setSource(ByteSource.Util.bytes(loginInfo.getPassword()))
+		HashRequest request = new HashRequest.Builder().setSource(ByteSource.Util.bytes(inputPassword))
 				.setSalt(ByteSource.Util.bytes(Base64.decode(salt))).build();
 		Hash hash = hashService.computeHash(request);
 
 		boolean r = hash.toHex().equals(realPassword);
-		if (!r) {
-			logger.error("用户{}密码错误 ", name);
-			throw new GameException(-2, "用户名或者密码错误：" + name);
-		}
-
-		return user;
+		return r;
 	}
 
+	private void updatePassword(User user, PasswordUpdateInfo pui) {
+		User param = new User();
+		param.setId(user.getId());
+		String newPassword = this.encryptPassword(pui.getNewPassword());
+		param.setPassword(newPassword);
+		param.setUpdateTime(LocalDateTime.now());
+		userMapper.updateByPrimaryKeySelective(param);
+	}
+
+	private String encryptPassword(String password) {
+		DefaultHashService hashService = new DefaultHashService();
+		hashService.setHashAlgorithmName("MD5");
+		hashService.setPrivateSalt(new SimpleByteSource("bridge_admin"));
+		hashService.setRandomNumberGenerator(new SecureRandomNumberGenerator());// 用于生成公盐。默认就这个
+		hashService.setHashIterations(1000); // 生成Hash值的迭代次数
+		HashRequest request = new HashRequest.Builder().setSource(ByteSource.Util.bytes(password)).build();
+		Hash hash = hashService.computeHash(request);
+		return hash.getSalt() + "$" + hash.toHex();
+	}
 }