修改密码

common/src/main/java/com/jeesite/common/constant/Constants.java

@@ -178,4 +178,6 @@ public interface Constants {
      * 网站token名称
      */
     String WEBSITE_TOKEN = "website-token";
+
+    String PREFIX_USER_FORGET_TOKEN = "bjfl:user:forget:token:";
 }

modules/bjflapi/src/main/java/com/jeesite/modules/bjflapi/report/WebsiteUserControllerApi.java

@@ -3,7 +3,9 @@ package com.jeesite.modules.bjflapi.report;
 import com.jeesite.common.codec.DesUtils;
 import com.jeesite.common.config.Global;
 import com.jeesite.common.constant.Constants;
+import com.jeesite.common.idgen.IdGen;
 import com.jeesite.common.lang.StringUtils;
+import com.jeesite.common.msg.EmailUtils;
 import com.jeesite.modules.bjflapi.AbstractController;
 import com.jeesite.modules.report.entity.WebsiteUser;
 import com.jeesite.modules.report.service.WebsiteUserService;
@@ -13,7 +15,9 @@ import com.jeesite.modules.report.util.oConvertUtils;
 import com.jeesite.modules.sys.annotation.WebsiteAuth;
 import com.jeesite.modules.sys.utils.R;
 import com.jeesite.modules.sys.utils.RedisUtil;
+import com.jeesite.modules.sys.utils.UserUtils;
 import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -23,13 +27,14 @@ import org.springframework.web.bind.annotation.RestController;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
 @RestController
 @RequestMapping(value = "${adminPath}/api/report/websiteUser")
-@Api(value = "WebsiteUserControllerApi",tags = "网站用户接口")
+@Api(value = "WebsiteUserControllerApi", tags = "网站用户接口")
 public class WebsiteUserControllerApi extends AbstractController {
     @Resource
     private RedisUtil redisUtil;
@@ -98,10 +103,19 @@ public class WebsiteUserControllerApi extends AbstractController {
         }
         loginCode = DesUtils.decode(loginCode, secretKey);
         password = DesUtils.decode(password, secretKey);
+        String confirmNewPassword = DesUtils.decode(websiteUser.getConfirmNewPassword(), secretKey);
+        // 验证新密码和确认密码
+        if (!StringUtils.equals(password, confirmNewPassword)) {
+            return R.error("两次密码不一致");
+        }
         WebsiteUser oldUser = websiteUserService.findLoginCode(loginCode);
         if (oldUser != null) {
             return R.error("用户已存在");
         }
+        oldUser = websiteUserService.findEmail(websiteUser.getEmail());
+        if (oldUser != null) {
+            return R.error("邮箱已存在");
+        }
         WebsiteUser newUser = new WebsiteUser();
         BeanUtils.copyProperties(websiteUser, newUser);
         newUser.setLoginCode(loginCode);
@@ -120,12 +134,16 @@ public class WebsiteUserControllerApi extends AbstractController {
     @WebsiteAuth
     @PostMapping(value = "updatePwd")
     public String updatePwd(String newPassword,
-                              String confirmNewPassword) {
+                            String confirmNewPassword) {
         String userId = getUserIdByRequest();
         WebsiteUser websiteUser = websiteUserService.get(userId);
+        return updatePass(websiteUser, newPassword, confirmNewPassword);
+    }
+
+    private String updatePass(WebsiteUser websiteUser, String newPassword, String confirmNewPassword) {
         // 登录密码解密（解决密码明文传输安全问题）
         String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
-        if (StringUtils.isNotBlank(secretKey)){
+        if (StringUtils.isNotBlank(secretKey)) {
             newPassword = DesUtils.decode(newPassword, secretKey);
             confirmNewPassword = DesUtils.decode(confirmNewPassword, secretKey);
         }
@@ -133,7 +151,7 @@ public class WebsiteUserControllerApi extends AbstractController {
             return "密码为空";
         }
         // 验证新密码和确认密码
-        if(!StringUtils.equals(newPassword, confirmNewPassword)){
+        if (!StringUtils.equals(newPassword, confirmNewPassword)) {
             return "两次密码不一致";
         }
         // 更新密码
@@ -143,6 +161,55 @@ public class WebsiteUserControllerApi extends AbstractController {
         return "成功";
     }
 
+    @PostMapping(value = "forgetPwd")
+    public Map<String, Object> forgetPwd(String uuid, String newPassword,
+                            String confirmNewPassword) {
+        String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
+        String userId = (String) redisUtil.get(Constants.PREFIX_USER_FORGET_TOKEN + uuid);
+        if (userId == null) {
+            return R.error("链接已过期");
+        }
+        WebsiteUser websiteUser = websiteUserService.get(userId);
+        updatePass(websiteUser, newPassword, confirmNewPassword);
+        WebsiteUser newWebsiteUser = new WebsiteUser();
+        newWebsiteUser.setPassword(newPassword);
+        newWebsiteUser.setLoginCode(DesUtils.encode(websiteUser.getLoginCode(), secretKey));
+        return login(newWebsiteUser);
+    }
+
+    /**
+     * 获取找回密码邮件验证码
+     */
+    @PostMapping(value = "getWuValidCode")
+    @ApiOperation(value = "获取找回密码的邮件验证码")
+    public String getWuValidCode(String email) {
+        if (StringUtils.isEmpty(email)) {
+            return "邮箱为空";
+        }
+        WebsiteUser websiteUser = websiteUserService.findEmail(email);
+        if (websiteUser == null) {
+            return "邮箱不存在";
+        }
+        String dateKey = "wuLastDate";
+        // 操作是否频繁验证， 如果离上次获取验证码小于60秒，则提示操作频繁。
+        Date date = UserUtils.getCache(dateKey);
+        if (date != null && (System.currentTimeMillis()-date.getTime())/(1000L) < 60L){
+            return "您当前操作太频繁，请稍等一会再操作！";
+        }else{
+            UserUtils.putCache(dateKey, new Date());
+        }
+        String uuid = IdGen.uuid();
+        // 设置token缓存有效时间
+        redisUtil.set(Constants.PREFIX_USER_FORGET_TOKEN + uuid, websiteUser.getId());
+        redisUtil.expire(Constants.PREFIX_USER_FORGET_TOKEN + uuid, 7200);
+        // TODO 构建重置密码的链接
+        String resetUrl = "http://yourdomain.com/resetPassword.html?token=" + uuid;
+        // 准备邮件内容，包含重置密码链接
+        String emailContent = "请点击以下链接重置密码: <a href='" + resetUrl + "'>" + resetUrl + "</a>";
+        EmailUtils.send(email, "找回密码，请点击以下链接重置密码", emailContent);
+        return "成功";
+    }
+
     /**
      * 退出登录
      *

modules/report/src/main/java/com/jeesite/modules/report/entity/WebsiteUser.java

@@ -39,6 +39,7 @@ public class WebsiteUser extends DataEntity<WebsiteUser> {
 	private String companyName;		// 公司名称
 	private String demand;		// 需求
 	private String addr;		// 公司职务
+	private String confirmNewPassword;
 
 	public WebsiteUser() {
 		this(null);
@@ -130,5 +131,12 @@ public class WebsiteUser extends DataEntity<WebsiteUser> {
 	public void setAddr(String addr) {
 		this.addr = addr;
 	}
-	
+
+	public String getConfirmNewPassword() {
+		return confirmNewPassword;
+	}
+
+	public void setConfirmNewPassword(String confirmNewPassword) {
+		this.confirmNewPassword = confirmNewPassword;
+	}
 }

modules/report/src/main/java/com/jeesite/modules/report/service/WebsiteUserService.java

@@ -87,4 +87,10 @@ public class WebsiteUserService extends CrudService<WebsiteUserDao, WebsiteUser>
 	public void updatePass(WebsiteUser websiteUser) {
 		dao.updatePass(websiteUser);
 	}
+
+	public WebsiteUser findEmail(String email) {
+		WebsiteUser where = new WebsiteUser();
+		where.setEmail(email);
+		return dao.getByEntity(where);
+	}
 }

web/src/main/resources/config/application.yml

@@ -904,14 +904,14 @@ msg:
 #  # 推送失败次数，如果推送次数超过了设定次数，仍不成功，则放弃并保存到历史
 #  pushFailNumber: 3
 #
-#  # 邮件发送参数
-#  email:
-#    beanName: emailSendService
-#    fromAddress: test@163.com
-#    fromPassword: 123456
-#    fromHostName: smtp.163.com
-#    sslOnConnect: false
-#    sslSmtpPort: 994
+  # 邮件发送参数
+  email:
+    beanName: emailSendService
+    fromAddress: 17798203568@163.com
+    fromPassword: Gmj19981010
+    fromHostName: smtp.163.com
+    sslOnConnect: false
+    sslSmtpPort: 994
 #
 #  # 短信网关
 #  sms: