From 39fed9f57f67ff033e4df9f8b74e2ba1e1d28ba4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=97=B5=E5=AE=AA=E7=91=9E?= <9198107+min-xianrui@user.noreply.gitee.com> Date: Thu, 9 Jan 2025 23:25:20 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E7=99=BB=E5=BD=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../modules/security/config/FilterConfig.java | 42 ------------------- .../modules/security/config/ShiroConfig.java | 1 - .../security/controller/LoginController.java | 8 ++-- .../io/modules/security/dto/LoginDTO.java | 6 +-- .../modules/security/oauth2/Oauth2Filter.java | 2 - .../modules/security/oauth2/Oauth2Realm.java | 7 ---- .../io/modules/security/password/BCrypt.java | 39 ----------------- .../password/BCryptPasswordEncoder.java | 9 ---- .../sys/controller/SysUserController.java | 14 ------- front/src/main/java/io/FrontApplication.java | 3 -- .../java/io/controller/UserController.java | 6 +++ front/src/main/java/io/dto/RegisterDTO.java | 4 ++ 12 files changed, 17 insertions(+), 124 deletions(-) delete mode 100644 admin/src/main/java/io/modules/security/config/FilterConfig.java diff --git a/admin/src/main/java/io/modules/security/config/FilterConfig.java b/admin/src/main/java/io/modules/security/config/FilterConfig.java deleted file mode 100644 index 9102cd1..0000000 --- a/admin/src/main/java/io/modules/security/config/FilterConfig.java +++ /dev/null @@ -1,42 +0,0 @@ -// -//package io.modules.security.config; -// -//import io.common.xss.XssFilter; -//import jakarta.servlet.DispatcherType; -//import org.springframework.boot.web.servlet.FilterRegistrationBean; -//import org.springframework.context.annotation.Bean; -//import org.springframework.context.annotation.Configuration; -//import org.springframework.web.filter.DelegatingFilterProxy; -// -// -///** -// * Filter配置 -// * -// -// */ -//@Configuration -//public class FilterConfig { -// -// @Bean -// public FilterRegistrationBean shiroFilterRegistration() { -// FilterRegistrationBean registration = new FilterRegistrationBean(); -// registration.setFilter(new DelegatingFilterProxy("shiroFilter")); -// //该值缺省为false,表示生命周期由SpringApplicationContext管理,设置为true则表示由ServletContainer管理 -// registration.addInitParameter("targetFilterLifecycle", "true"); -// registration.setEnabled(true); -// registration.setOrder(Integer.MAX_VALUE - 1); -// registration.addUrlPatterns("/*"); -// return registration; -// } -// -// @Bean -// public FilterRegistrationBean xssFilterRegistration() { -// FilterRegistrationBean registration = new FilterRegistrationBean(); -// registration.setDispatcherTypes(DispatcherType.REQUEST); -// registration.setFilter(new XssFilter()); -// registration.addUrlPatterns("/*"); -// registration.setName("xssFilter"); -// registration.setOrder(Integer.MAX_VALUE); -// return registration; -// } -//} diff --git a/admin/src/main/java/io/modules/security/config/ShiroConfig.java b/admin/src/main/java/io/modules/security/config/ShiroConfig.java index 0bc8b1a..8f5b5b7 100644 --- a/admin/src/main/java/io/modules/security/config/ShiroConfig.java +++ b/admin/src/main/java/io/modules/security/config/ShiroConfig.java @@ -21,7 +21,6 @@ import java.util.Map; /** * Shiro的配置文件 * - */ @Configuration public class ShiroConfig { diff --git a/admin/src/main/java/io/modules/security/controller/LoginController.java b/admin/src/main/java/io/modules/security/controller/LoginController.java index 9766d02..fd24b0a 100644 --- a/admin/src/main/java/io/modules/security/controller/LoginController.java +++ b/admin/src/main/java/io/modules/security/controller/LoginController.java @@ -61,10 +61,10 @@ public class LoginController { //效验数据 ValidatorUtils.validateEntity(login); //验证码是否正确 - boolean flag = captchaService.validate(login.getUuid(), login.getCaptcha()); - if (!flag) { - return new Result().error("验证码不正确~"); - } +// boolean flag = captchaService.validate(login.getUuid(), login.getCaptcha()); +// if (!flag) { +// return new Result().error("验证码不正确~"); +// } //用户信息 SysUserDTO user = sysUserService.getByUsername(login.getUsername()); SysLogLoginEntity log = new SysLogLoginEntity(); diff --git a/admin/src/main/java/io/modules/security/dto/LoginDTO.java b/admin/src/main/java/io/modules/security/dto/LoginDTO.java index a74c516..83e6c8f 100644 --- a/admin/src/main/java/io/modules/security/dto/LoginDTO.java +++ b/admin/src/main/java/io/modules/security/dto/LoginDTO.java @@ -26,9 +26,9 @@ public class LoginDTO implements Serializable { @NotBlank(message="密码不能为空") private String password; - @Schema(title = "验证码") - @NotBlank(message="验证不能为空") - private String captcha; +// @Schema(title = "验证码") +// @NotBlank(message="验证不能为空") +// private String captcha; @Schema(title = "唯一标识") @NotBlank(message="唯一标识不能为空") diff --git a/admin/src/main/java/io/modules/security/oauth2/Oauth2Filter.java b/admin/src/main/java/io/modules/security/oauth2/Oauth2Filter.java index 0c471d2..6ad31d8 100644 --- a/admin/src/main/java/io/modules/security/oauth2/Oauth2Filter.java +++ b/admin/src/main/java/io/modules/security/oauth2/Oauth2Filter.java @@ -1,5 +1,3 @@ - - package io.modules.security.oauth2; import cn.hutool.core.util.StrUtil; diff --git a/admin/src/main/java/io/modules/security/oauth2/Oauth2Realm.java b/admin/src/main/java/io/modules/security/oauth2/Oauth2Realm.java index f87ddca..b5f0ccf 100644 --- a/admin/src/main/java/io/modules/security/oauth2/Oauth2Realm.java +++ b/admin/src/main/java/io/modules/security/oauth2/Oauth2Realm.java @@ -21,7 +21,6 @@ import java.util.Set; /** * 认证 * - */ @Component @AllArgsConstructor @@ -54,29 +53,23 @@ public class Oauth2Realm extends AuthorizingRealm { @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String accessToken = (String) token.getPrincipal(); - //根据accessToken,查询用户信息 SysUserTokenEntity tokenEntity = shiroService.getByToken(accessToken); //token失效 if (tokenEntity == null || tokenEntity.getExpireDate().getTime() < System.currentTimeMillis()) { throw new IncorrectCredentialsException("登录失效,请重新登录!"); } - //查询用户信息 SysUserEntity userEntity = shiroService.getUser(tokenEntity.getUserId()); - //转换成UserDetail对象 UserDetail userDetail = ConvertUtils.sourceToTarget(userEntity, UserDetail.class); - //获取用户对应的部门数据权限 List deptIdList = shiroService.getDataScopeList(userDetail.getId()); userDetail.setDeptIdList(deptIdList); - //账号锁定 if (userDetail.getStatus() == 0) { throw new LockedAccountException("账号已被锁定!"); } - SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userDetail, accessToken, getName()); return info; } diff --git a/admin/src/main/java/io/modules/security/password/BCrypt.java b/admin/src/main/java/io/modules/security/password/BCrypt.java index d18a7c1..f8034f1 100644 --- a/admin/src/main/java/io/modules/security/password/BCrypt.java +++ b/admin/src/main/java/io/modules/security/password/BCrypt.java @@ -4,45 +4,6 @@ import java.io.ByteArrayOutputStream; import java.io.UnsupportedEncodingException; import java.security.SecureRandom; -/** - * BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in - * "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres. - *

- * This password hashing system tries to thwart off-line password cracking using a - * computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. - * The work factor of the algorithm is parameterised, so it can be increased as computers - * get faster. - *

- * Usage is really simple. To hash a password for the first time, call the hashpw method - * with a random salt, like this: - *

- * - * String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());
- * - *

- * To check whether a plaintext password matches one that has been hashed previously, use - * the checkpw method: - *

- * - * if (BCrypt.checkpw(candidate_password, stored_hash))
- *     System.out.println("It matches");
- * else
- *     System.out.println("It does not match");
- * - *

- * The gensalt() method takes an optional parameter (log_rounds) that determines the - * computational complexity of the hashing: - *

- * - * String strong_salt = BCrypt.gensalt(10)
- * String stronger_salt = BCrypt.gensalt(12)
- * - *

- * The amount of work increases exponentially (2**log_rounds), so each increment is twice - * as much work. The default log_rounds is 10, and the valid range is 4 to 31. - * - * @author Damien Miller - */ public class BCrypt { // BCrypt parameters diff --git a/admin/src/main/java/io/modules/security/password/BCryptPasswordEncoder.java b/admin/src/main/java/io/modules/security/password/BCryptPasswordEncoder.java index 69bd5e7..731cb4b 100644 --- a/admin/src/main/java/io/modules/security/password/BCryptPasswordEncoder.java +++ b/admin/src/main/java/io/modules/security/password/BCryptPasswordEncoder.java @@ -6,15 +6,6 @@ import org.apache.commons.logging.LogFactory; import java.security.SecureRandom; import java.util.regex.Pattern; -/** - * Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients - * can optionally supply a "strength" (a.k.a. log rounds in BCrypt) and a SecureRandom - * instance. The larger the strength parameter the more work will have to be done - * (exponentially) to hash the passwords. The default value is 10. - * - * @author Dave Syer - * - */ public class BCryptPasswordEncoder implements PasswordEncoder { private Pattern BCRYPT_PATTERN = Pattern .compile("\\A\\$2a?\\$\\d\\d\\$[./0-9A-Za-z]{53}"); diff --git a/admin/src/main/java/io/modules/sys/controller/SysUserController.java b/admin/src/main/java/io/modules/sys/controller/SysUserController.java index 8808741..31cd02a 100644 --- a/admin/src/main/java/io/modules/sys/controller/SysUserController.java +++ b/admin/src/main/java/io/modules/sys/controller/SysUserController.java @@ -72,11 +72,9 @@ public class SysUserController { @RequiresPermissions("sys:user:info") public Result get(@PathVariable("id") Long id) { SysUserDTO data = sysUserService.get(id); - //用户角色列表 List roleIdList = sysRoleUserService.getRoleIdList(id); data.setRoleIdList(roleIdList); - return new Result().ok(data); } @@ -93,16 +91,12 @@ public class SysUserController { public Result password(@RequestBody PasswordDTO dto) { //效验数据 ValidatorUtils.validateEntity(dto); - UserDetail user = SecurityUser.getUser(); - //原密码不正确 if (!PasswordUtils.matches(dto.getPassword(), user.getPassword())) { return new Result().error("原密码不正确!"); } - sysUserService.updatePassword(user.getId(), dto.getNewPassword()); - return new Result(); } @@ -113,9 +107,7 @@ public class SysUserController { public Result save(@RequestBody SysUserDTO dto) { //效验数据 ValidatorUtils.validateEntity(dto, AddGroup.class, DefaultGroup.class); - sysUserService.save(dto); - return new Result(); } @@ -126,9 +118,7 @@ public class SysUserController { public Result update(@RequestBody SysUserDTO dto) { //效验数据 ValidatorUtils.validateEntity(dto, UpdateGroup.class, DefaultGroup.class); - sysUserService.update(dto); - return new Result(); } @@ -139,12 +129,9 @@ public class SysUserController { public Result delete(@RequestBody Long[] ids) { //效验数据 AssertUtils.isArrayEmpty(ids, "id"); - sysUserService.deleteBatchIds(Arrays.asList(ids)); - return new Result(); } - @GetMapping("export") @Operation(summary = "导出") @LogOperation("导出") @@ -152,7 +139,6 @@ public class SysUserController { @Parameter(name = "username", description = "用户名", in = ParameterIn.QUERY, ref = "String") public void export(@Parameter(hidden = true) @RequestParam Map params, HttpServletResponse response) throws Exception { List list = sysUserService.list(params); - ExcelUtils.exportExcelToTarget(response, null, "用户管理", list, SysUserExcel.class); } } diff --git a/front/src/main/java/io/FrontApplication.java b/front/src/main/java/io/FrontApplication.java index 921c517..037cf9d 100644 --- a/front/src/main/java/io/FrontApplication.java +++ b/front/src/main/java/io/FrontApplication.java @@ -1,5 +1,3 @@ - - package io; import org.springframework.boot.SpringApplication; @@ -9,7 +7,6 @@ import org.springframework.boot.web.servlet.support.SpringBootServletInitializer /** * front - * */ @SpringBootApplication public class FrontApplication extends SpringBootServletInitializer { diff --git a/front/src/main/java/io/controller/UserController.java b/front/src/main/java/io/controller/UserController.java index bc18773..7d3ea97 100644 --- a/front/src/main/java/io/controller/UserController.java +++ b/front/src/main/java/io/controller/UserController.java @@ -34,6 +34,12 @@ public class UserController { @PostMapping("register") @Operation(summary = "注册") public Result register(@RequestBody RegisterDTO dto) { + //表单校验 + ValidatorUtils.validateEntity(dto); + if (!dto.getPassword().equals(dto.getConfirmPassword())){ + return new Result().error("两次密码输入不一致~"); + } + if (userService.getByUsername(dto.getUsername()) != null) { return new Result().error("用户名已经存在~"); } diff --git a/front/src/main/java/io/dto/RegisterDTO.java b/front/src/main/java/io/dto/RegisterDTO.java index 6354ab4..c587bc7 100644 --- a/front/src/main/java/io/dto/RegisterDTO.java +++ b/front/src/main/java/io/dto/RegisterDTO.java @@ -23,6 +23,10 @@ public class RegisterDTO { @NotBlank(message="密码不能为空") private String password; + @Schema(title = "密码") + @NotBlank(message="确认密码不能为空") + private String confirmPassword; + @Schema(title = "昵称") private String nickName;