refactor: 修改加密方式

2025-02-18 17:42:16 +08:00 · 2025-02-18 17:42:16 +08:00 · b7ba8d5af4
parent 95593f6a5c
commit b7ba8d5af4
5 changed files with 38 additions and 54 deletions
--- a/service/src/main/java/cn/bunny/services/ServiceApplication.java
+++ b/service/src/main/java/cn/bunny/services/ServiceApplication.java
@ -4,8 +4,11 @@ import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cache.annotation.EnableCaching;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.scheduling.annotation.EnableScheduling;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
@MapperScan("cn.bunny.services.mapper")
@ -18,4 +21,9 @@ public class ServiceApplication {
    public static void main(String[] args) {
        SpringApplication.run(ServiceApplication.class, args);
    }
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
 }
--- a/service/src/main/java/cn/bunny/services/security/config/WebSecurityConfig.java
+++ b/service/src/main/java/cn/bunny/services/security/config/WebSecurityConfig.java
@ -4,7 +4,6 @@ import cn.bunny.dao.entity.system.AdminUser;
 import cn.bunny.dao.vo.result.ResultCodeEnum;
 import cn.bunny.services.mapper.UserMapper;
 import cn.bunny.services.security.custom.CustomAuthorizationManagerServiceImpl;
 import cn.bunny.services.security.custom.CustomPasswordEncoder;
 import cn.bunny.services.security.filter.TokenLoginFilterService;
 import cn.bunny.services.security.handelr.SecurityAccessDeniedHandler;
 import cn.bunny.services.security.handelr.SecurityAuthenticationEntryPoint;
@ -40,9 +39,6 @@ public class WebSecurityConfig {
    @Autowired
    private UserService userService;
    @Autowired
    private CustomPasswordEncoder customPasswordEncoder;
    @Autowired
    private CustomAuthorizationManagerServiceImpl customAuthorizationManagerService;
@ -50,7 +46,7 @@ public class WebSecurityConfig {
    private AuthenticationConfiguration authenticationConfiguration;
    @Bean
-    public SecurityFilterChain filterChain(HttpSecurity httpSecurity, UserMapper userMapper) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                // 前端段分离不需要---禁用明文验证
                .httpBasic(AbstractHttpConfigurer::disable)
@ -76,14 +72,10 @@ public class WebSecurityConfig {
                    exception.accessDeniedHandler(new SecurityAccessDeniedHandler());
                })
                // 登录验证过滤器
-                .addFilterBefore(new TokenLoginFilterService(authenticationConfiguration, userService), UsernamePasswordAuthenticationFilter.class)
+                .addFilterBefore(new TokenLoginFilterService(authenticationConfiguration, userService), UsernamePasswordAuthenticationFilter.class);
                // 自定义密码加密器和用户登录
                .passwordManagement(customPasswordEncoder);
        return httpSecurity.build();
    }
    /**
     * 使用数据库方式
     * 登录方式：邮箱+用户名
--- a/service/src/main/java/cn/bunny/services/security/custom/CustomPasswordEncoder.java
+++ b/service/src/main/java/cn/bunny/services/security/custom/CustomPasswordEncoder.java
@ -1,28 +0,0 @@
 package cn.bunny.services.security.custom;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.PasswordManagementConfigurer;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.util.DigestUtils;
 /**
 * 自定义密码加密比对
 */
@Configuration
 public class CustomPasswordEncoder implements PasswordEncoder, Customizer<PasswordManagementConfigurer<HttpSecurity>> {
    @Override
    public String encode(CharSequence rawPassword) {
        return DigestUtils.md5DigestAsHex(rawPassword.toString().getBytes());
    }
    @Override
    public boolean matches(CharSequence rawPassword, String encodedPassword) {
        return encodedPassword.matches(DigestUtils.md5DigestAsHex(rawPassword.toString().getBytes()));
    }
    @Override
    public void customize(PasswordManagementConfigurer<HttpSecurity> httpSecurityPasswordManagementConfigurer) {
    }
 }
--- a/service/src/main/java/cn/bunny/services/service/impl/UserServiceImpl.java
+++ b/service/src/main/java/cn/bunny/services/service/impl/UserServiceImpl.java
@ -43,9 +43,9 @@ import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.util.DigestUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.multipart.MultipartFile;
@ -66,33 +66,26 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, AdminUser> implemen
    @Autowired
    private UserUtil userUtil;
    @Autowired
    private ConcreteSenderEmailTemplate concreteSenderEmailTemplate;
    @Autowired
    private RedisTemplate<String, Object> redisTemplate;
    @Autowired
    private FilesService filesService;
    @Autowired
    private UserDeptMapper userDeptMapper;
    @Autowired
    private UserRoleMapper userRoleMapper;
    @Autowired
    private UserLoginLogMapper userLoginLogMapper;
    @Autowired
    private EmailTemplateMapper emailTemplateMapper;
    @Autowired
    private RoleMapper roleMapper;
    @Autowired
    private UserMapper userMapper;
    @Autowired
    private PasswordEncoder passwordEncoder;
    /**
     * 前台用户登录接口
@ -237,19 +230,19 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, AdminUser> implemen
        String password = dto.getPassword();
        // 对密码加密
-        String md5Password = DigestUtils.md5DigestAsHex(password.getBytes());
+        String encode = passwordEncoder.encode(password);
        AdminUser adminUser = getOne(Wrappers.<AdminUser>lambdaQuery().eq(AdminUser::getId, userId));
        // 判断是否存在这个用户
        if (adminUser == null) throw new AuthCustomerException(ResultCodeEnum.USER_IS_EMPTY);
        // 判断新密码是否与旧密码相同
-        if (adminUser.getPassword().equals(md5Password))
+        if (adminUser.getPassword().equals(encode))
            throw new AuthCustomerException(ResultCodeEnum.UPDATE_NEW_PASSWORD_SAME_AS_OLD_PASSWORD);
        // 更新用户密码
        adminUser = new AdminUser();
-        adminUser.setPassword(md5Password);
+        adminUser.setPassword(encode);
        adminUser.setId(userId);
        updateById(adminUser);
@ -412,7 +405,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, AdminUser> implemen
        // 数据库中的密码
        String dbPassword = adminUser.getPassword();
-        password = DigestUtils.md5DigestAsHex(password.getBytes());
+        password = passwordEncoder.encode(password);
        // 判断数据库中密码是否和更新用户密码相同
        if (dbPassword.equals(password)) throw new AuthCustomerException(ResultCodeEnum.NEW_PASSWORD_SAME_OLD_PASSWORD);
@ -469,12 +462,12 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, AdminUser> implemen
    @Override
    public void addAdminUser(@Valid AdminUserAddDto dto) {
        // 对密码加密
-        String md5Password = DigestUtils.md5DigestAsHex(dto.getPassword().getBytes());
+        String encode = passwordEncoder.encode(dto.getPassword());
        // 保存数据
        AdminUser adminUser = new AdminUser();
        BeanUtils.copyProperties(dto, adminUser);
-        adminUser.setPassword(md5Password);
+        adminUser.setPassword(encode);
        save(adminUser);
        // 插入用户部门关系表
--- a/service/src/test/java/cn/bunny/services/service/impl/UserServiceImplTest.java
+++ b/service/src/test/java/cn/bunny/services/service/impl/UserServiceImplTest.java
@ -0,0 +1,19 @@
 package cn.bunny.services.service.impl;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.security.crypto.password.PasswordEncoder;
@SpringBootTest
 class UserServiceImplTest {
    @Autowired
    private PasswordEncoder passwordEncoder;
    @Test
    void updateUserPasswordByAdmin() {
        String encode = passwordEncoder.encode("123456");
        System.out.println(encode);
    }
 }