修改密码

common/src/main/java/com/jeesite/common/constant/Constants.java

@@ -173,4 +173,9 @@ public interface Constants {
      * 未知的
      */
     String UNKNOWN = "unknown";
+
+    /**
+     * 网站token名称
+     */
+    String WEBSITE_TOKEN = "website-token";
 }

modules/bjflapi/src/main/java/com/jeesite/modules/bjflapi/AbstractController.java

@@ -8,11 +8,8 @@
 
 package com.jeesite.modules.bjflapi;
 
-import com.jeesite.common.constant.Constants;
-import com.jeesite.modules.sys.utils.RedisUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 
-import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 
 /**
@@ -24,11 +21,8 @@ public abstract class AbstractController {
 
     @Autowired
     HttpServletRequest request;
-    @Resource
-    private RedisUtil redisUtil;
 
     protected String getUserIdByRequest() {
-        String token = (String) request.getAttribute("token");
-        return (String) redisUtil.get(Constants.PREFIX_USER_TOKEN + token);
+        return (String) request.getAttribute("uid");
     }
 }

modules/bjflapi/src/main/java/com/jeesite/modules/bjflapi/report/WebsiteUserControllerApi.java

@@ -9,17 +9,20 @@ import com.jeesite.modules.report.entity.WebsiteUser;
 import com.jeesite.modules.report.service.WebsiteUserService;
 import com.jeesite.modules.report.util.JwtUtil;
 import com.jeesite.modules.report.util.PasswordUtil;
-import com.jeesite.modules.sys.utils.RedisUtil;
 import com.jeesite.modules.report.util.oConvertUtils;
 import com.jeesite.modules.sys.annotation.WebsiteAuth;
 import com.jeesite.modules.sys.utils.R;
+import com.jeesite.modules.sys.utils.RedisUtil;
 import io.swagger.annotations.Api;
 import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -32,6 +35,9 @@ public class WebsiteUserControllerApi extends AbstractController {
     private RedisUtil redisUtil;
     @Resource
     private WebsiteUserService websiteUserService;
+    @Value("${token.expiretime}")
+    private int EXPIRE;
+
     /**
      * 登录页面
      */
@@ -69,7 +75,7 @@ public class WebsiteUserControllerApi extends AbstractController {
         String token = JwtUtil.sign(loginCode, password);
         // 设置token缓存有效时间
         redisUtil.set(Constants.PREFIX_USER_TOKEN + token, oldUser.getId());
-        redisUtil.expire(Constants.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME * 2 / 1000);
+        redisUtil.expire(Constants.PREFIX_USER_TOKEN + token, EXPIRE);
         //TODO 单点登录，缓存登录用户的Token
         redisUtil.lSet(Constants.PREFIX_USER_TOKEN_LIST + loginCode, token);
         Map<String, Object> map = new HashMap<>();
@@ -113,33 +119,46 @@ public class WebsiteUserControllerApi extends AbstractController {
      */
     @WebsiteAuth
     @PostMapping(value = "updatePwd")
-    public String infoSavePwd(String newPassword,
+    public String updatePwd(String newPassword,
                               String confirmNewPassword) {
         String userId = getUserIdByRequest();
         WebsiteUser websiteUser = websiteUserService.get(userId);
         // 登录密码解密（解决密码明文传输安全问题）
         String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
-//        if (StringUtils.isNotBlank(secretKey)){
-//            oldPassword = DesUtils.decode(oldPassword, secretKey);
-//            newPassword = DesUtils.decode(newPassword, secretKey);
-//            confirmNewPassword = DesUtils.decode(confirmNewPassword, secretKey);
-//        }
-//        // 验证旧密码
-//        if(!PwdUtils.validatePassword(oldPassword, currentUser.getPassword())){
-//            return renderResult(Global.FALSE, text("sys.user.oldPasswordError"));
-//        }
-//        // 验证新密码和确认密码
-//        if(!StringUtils.equals(newPassword, confirmNewPassword)){
-//            return renderResult(Global.FALSE, text("sys.user.confirmPasswrodError"));
-//        }
-//        // 更新密码
-//        try{
-//            userService.updatePassword(currentUser.getUserCode(), confirmNewPassword);
-//            return renderResult(Global.TRUE, text("sys.user.passwordModifySuccess"));
-//        }catch(ServiceException se){
-//            return renderResult(Global.FALSE, se.getMessage());
-//        }
-        return null;
+        if (StringUtils.isNotBlank(secretKey)){
+            newPassword = DesUtils.decode(newPassword, secretKey);
+            confirmNewPassword = DesUtils.decode(confirmNewPassword, secretKey);
+        }
+        if (StringUtils.isEmpty(newPassword)) {
+            return "密码为空";
+        }
+        // 验证新密码和确认密码
+        if(!StringUtils.equals(newPassword, confirmNewPassword)){
+            return "两次密码不一致";
+        }
+        // 更新密码
+        String passwordEncode = PasswordUtil.encrypt(websiteUser.getLoginCode(), newPassword, websiteUser.getSalt());
+        websiteUser.setPassword(passwordEncode);
+        websiteUserService.updatePass(websiteUser);
+        return "成功";
     }
 
+    /**
+     * 退出登录
+     *
+     * @param request
+     * @param response
+     * @return
+     */
+    @RequestMapping(value = "/logout")
+    public String logout(HttpServletRequest request, HttpServletResponse response) {
+        //用户退出逻辑
+        String token = request.getHeader(Constants.WEBSITE_TOKEN);
+        if (oConvertUtils.isEmpty(token)) {
+            return "退出登录失败！";
+        }
+        //清空用户登录Token缓存
+        redisUtil.del(Constants.PREFIX_USER_TOKEN + token);
+        return "退出登录成功！";
+    }
 }

modules/core/src/main/java/com/jeesite/modules/sys/interceptor/WebsiteLoginInterceptor.java

@@ -1,10 +1,13 @@
 package com.jeesite.modules.sys.interceptor;
 
 import com.alibaba.fastjson.JSON;
+import com.jeesite.common.constant.Constants;
 import com.jeesite.common.service.BaseService;
+import com.jeesite.common.utils.SpringUtils;
 import com.jeesite.modules.sys.annotation.WebsiteAuth;
 import com.jeesite.modules.sys.utils.R;
 import org.apache.shiro.util.StringUtils;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
@@ -31,7 +34,7 @@ public class WebsiteLoginInterceptor extends BaseService implements HandlerInter
             return true;
         }
 
-        String token = request.getHeader("website-token");//header方式
+        String token = request.getHeader(Constants.WEBSITE_TOKEN);//header方式
         if (!StringUtils.hasText(token)) {
             response.setCharacterEncoding("UTF-8"); //设置编码格式
             response.setContentType("application/json");
@@ -39,8 +42,16 @@ public class WebsiteLoginInterceptor extends BaseService implements HandlerInter
             response.getWriter().write(JSON.toJSONString(responseBean));
             return false;
         }
-
-        request.setAttribute("token", token);
+        RedisTemplate<Object, Object> redisTemplate = SpringUtils.getBean("redisTemplate");
+        String uid = (String) redisTemplate.opsForValue().get(Constants.PREFIX_USER_TOKEN + token);
+        if (!StringUtils.hasText(uid)) {
+            response.setCharacterEncoding("UTF-8"); //设置编码格式
+            response.setContentType("application/json");
+            R responseBean = R.error(-400, "访问需要令牌");
+            response.getWriter().write(JSON.toJSONString(responseBean));
+            return false;
+        }
+        request.setAttribute("uid", uid);
         return true;
     }
 

modules/report/src/main/java/com/jeesite/modules/report/dao/WebsiteUserDao.java

@@ -11,5 +11,6 @@ import com.jeesite.modules.report.entity.WebsiteUser;
  */
 @MyBatisDao
 public interface WebsiteUserDao extends CrudDao<WebsiteUser> {
-	
+
+    int updatePass(WebsiteUser websiteUser);
 }

modules/report/src/main/java/com/jeesite/modules/report/service/WebsiteUserService.java

@@ -83,4 +83,8 @@ public class WebsiteUserService extends CrudService<WebsiteUserDao, WebsiteUser>
 		where.setLoginCode(loginCode);
 		return dao.getByEntity(where);
 	}
+
+	public void updatePass(WebsiteUser websiteUser) {
+		dao.updatePass(websiteUser);
+	}
 }

modules/report/src/main/resources/mappings/modules/report/WebsiteUserDao.xml

@@ -11,5 +11,8 @@
 		</where>
 		ORDER BY ${sqlMap.order.toSql()}
 	</select> -->
-	
+
+    <update id="updatePass">
+        update website_user set password = #{password} where id = #{id}
+    </update>
 </mapper>

web/src/main/resources/config/application.yml

@@ -770,7 +770,7 @@ web:
     websiteLogin:
       enabled: true
       addPathPatterns: >
-        ${adminPath}/api/report/websiteUser/**
+        ${adminPath}/api/**
       excludePathPatterns: ~
 #  # 静态文件后缀，过滤静态文件，以提高访问性能。
 #  staticFile: .css,.js,.map,.png,.jpg,.gif,.jpeg,.bmp,.ico,.swf,.psd,.htc,.crx,.xpi,.exe,.ipa,.apk,.otf,.eot,.svg,.ttf,.woff,.woff2
@@ -811,6 +811,11 @@ error:
   page:
     printErrorInfo: true
 
+#token过期时间，单位分钟
+token:
+  # 单位秒 (一年365*24*60*60=31536000)
+  expiretime: 31536000
+
 #======================================#
 #======== FileUpload settings =========#
 #======================================#