fix: 移除JwtUserDto中的密码字段，修改验证密码逻辑

2025-02-18 15:55:28 +08:00 · 2025-02-18 15:55:28 +08:00 · af0aa425c2
commit af0aa425c2
parent 13dad5bcba
4 changed files with 7 additions and 11 deletions
--- a/eladmin/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java
+++ b/eladmin/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthController.java
@ -101,8 +101,6 @@ public class AuthController {
        SecurityContextHolder.getContext().setAuthentication(authentication);
        // 生成令牌
        String token = tokenProvider.createToken(jwtUser);
-        // 将密码设置为空
-        jwtUser.setPassword(null);
        // 返回 token 与 用户信息
        Map<String, Object> authInfo = new HashMap<String, Object>(2) {{
            put("token", properties.getTokenStartWith() + token);
@ -122,8 +120,6 @@ public class AuthController {
    @GetMapping(value = "/info")
    public ResponseEntity<UserDetails> getUserInfo() {
        JwtUserDto jwtUser = (JwtUserDto) SecurityUtils.getCurrentUser();
-        // 将密码设置为空
-        jwtUser.setPassword(null);
        return ResponseEntity.ok(jwtUser);
    }

--- a/eladmin/eladmin-system/src/main/java/me/zhengjie/modules/security/service/UserDetailsServiceImpl.java
+++ b/eladmin/eladmin-system/src/main/java/me/zhengjie/modules/security/service/UserDetailsServiceImpl.java
@ -55,7 +55,7 @@ public class UserDetailsServiceImpl implements UserDetailsService {
                // 获取用户的权限
                List<AuthorityDto> authorities = roleService.buildPermissions(user);
                // 初始化JwtUserDto
-                jwtUserDto = new JwtUserDto(user, dataService.getDeptIds(user), authorities, user.getPassword());
+                jwtUserDto = new JwtUserDto(user, dataService.getDeptIds(user), authorities);
                // 添加缓存数据
                userCacheManager.addUserCache(username, jwtUserDto);
            }
--- a/eladmin/eladmin-system/src/main/java/me/zhengjie/modules/security/service/dto/JwtUserDto.java
+++ b/eladmin/eladmin-system/src/main/java/me/zhengjie/modules/security/service/dto/JwtUserDto.java
@ -43,14 +43,16 @@ public class JwtUserDto implements UserDetails {
    @ApiModelProperty(value = "角色")
    private final List<AuthorityDto> authorities;

-    @Setter
-    @ApiModelProperty(value = "密码")
-    private String password;
-
    public Set<String> getRoles() {
        return authorities.stream().map(AuthorityDto::getAuthority).collect(Collectors.toSet());
    }

+    @Override
+    @JSONField(serialize = false)
+    public String getPassword() {
+        return user.getPassword();
+    }
+
    @Override
    @JSONField(serialize = false)
    public String getUsername() {
--- a/eladmin/eladmin-system/src/main/java/me/zhengjie/modules/system/domain/User.java
+++ b/eladmin/eladmin-system/src/main/java/me/zhengjie/modules/system/domain/User.java
@ -15,7 +15,6 @@
 */
 package me.zhengjie.modules.system.domain;

-import com.alibaba.fastjson2.annotation.JSONField;
 import com.baomidou.mybatisplus.annotation.IdType;
 import com.baomidou.mybatisplus.annotation.TableField;
 import com.baomidou.mybatisplus.annotation.TableId;
@ -88,7 +87,6 @@ public class User extends BaseEntity implements Serializable {
    @ApiModelProperty(value = "头像存储的路径", hidden = true)
    private String avatarPath;

-    @JSONField(serialize = false)
    @ApiModelProperty(value = "密码")
    private String password;