修改校验密码都优先判断新加密方式

src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java

@@ -332,7 +332,8 @@ public class UserController implements IBaseController {
         verifyPhoneAndCode(phoneNo, verificationCode);
         User user = userService.findByPhoneInDb(phoneNo);
         if (user != null) {
-            user.setPassword(PasswordUtil.MD5WithSalt(password));
+            // 用户注册使用新加密方式
+//            user.setPassword(PasswordUtil.MD5WithSalt(password));
             user.setEncryptedPassword(BctyptPasswordUtil.BCryptWithSalt(password));
             userService.saveUser(user);
             log.info("用户注册失败，该手机号已经被注册：register -> registerFrom:{}, phoneNo:{}", registerFrom, phoneNo);
@@ -454,9 +455,17 @@ public class UserController implements IBaseController {
         if (StringUtils.isBlank(user.getPassword()) ^ StringUtils.isBlank(password)) {
             return JsonResult.buildErrorStateResult("修改密码失败", null);
         }
-        if (StringUtils.isNotBlank(user.getPassword()) && !PasswordUtil.validatePassword(password, user.getPassword())) {
-            return JsonResult.buildErrorStateResult("修改密码失败", null);
+        // 优先校验新的密码
+        if (StringUtils.isNotBlank(user.getEncryptedPassword()) ) {
+            if (!BctyptPasswordUtil.BCryptCheckPw(password, user.getEncryptedPassword())) {
+                return JsonResult.buildErrorStateResult("修改密码失败", null);
+            }
+        } else {
+            if (StringUtils.isNotBlank(user.getPassword()) && !PasswordUtil.validatePassword(password, user.getPassword())) {
+                return JsonResult.buildErrorStateResult("修改密码失败", null);
+            }
         }
+
         if (!userService.resetPassword(phoneNo, passwordNew)) {
             return JsonResult.buildErrorStateResult("修改密码失败", null);
         }
@@ -740,21 +749,25 @@ public class UserController implements IBaseController {
             lockIpv4Service.countErrorByPhoneNo(phoneNo);
             return null;
         }
-        System.out.println(user.getPassword());
-        if (!BctyptPasswordUtil.BCryptCheckPw(pass, user.getEncryptedPassword())) {
-            // 向该ipv4添加错误计数器
-            lockIpv4Service.countErrorByIpv4(clientIp);
-            // 向该phoneNo添加错误计数器
-            lockIpv4Service.countErrorByPhoneNo(phoneNo);
-            return null;
-        }
-        //验证密码
-        if (!PasswordUtil.validatePassword(pass, user.getPassword())) {
-            // 向该ipv4添加错误计数器
-            lockIpv4Service.countErrorByIpv4(clientIp);
-            // 向该phoneNo添加错误计数器
-            lockIpv4Service.countErrorByPhoneNo(phoneNo);
-            return null;
+
+        // 优先校验新密码加密方式 如果有并且密码校验不通过
+        if (StringUtils.isNotBlank(user.getEncryptedPassword())) {
+            if (!BctyptPasswordUtil.BCryptCheckPw(pass, user.getEncryptedPassword())) {
+                // 向该ipv4添加错误计数器
+                lockIpv4Service.countErrorByIpv4(clientIp);
+                // 向该phoneNo添加错误计数器
+                lockIpv4Service.countErrorByPhoneNo(phoneNo);
+                return null;
+            }
+        } else {
+            //验证密码
+            if (!PasswordUtil.validatePassword(pass, user.getPassword())) {
+                // 向该ipv4添加错误计数器
+                lockIpv4Service.countErrorByIpv4(clientIp);
+                // 向该phoneNo添加错误计数器
+                lockIpv4Service.countErrorByPhoneNo(phoneNo);
+                return null;
+            }
         }
 
         // 向该ipv4添加成功计数器

src/main/java/cn/quantgroup/xyqb/controller/middleoffice/common/PwdVerifyStrategy.java

@@ -2,6 +2,7 @@ package cn.quantgroup.xyqb.controller.middleoffice.common;
 
 import cn.quantgroup.xyqb.entity.User;
 import cn.quantgroup.xyqb.exception.DataException;
+import cn.quantgroup.xyqb.util.BctyptPasswordUtil;
 import cn.quantgroup.xyqb.util.PasswordUtil;
 import org.springframework.stereotype.Component;
 
@@ -19,6 +20,15 @@ public class PwdVerifyStrategy implements IVerifyStrategy {
 
     @Override
     public void verify(User user, String verify) {
+        // 如果新加密的密码不为空校验新密码
+        String encryptedPassword = user.getEncryptedPassword();
+        if (!"".equals(encryptedPassword)) {
+            if (Objects.equals(encryptedPassword, BctyptPasswordUtil.BCryptWithSalt(verify))) {
+                return;
+            }
+            throw new DataException("用户名或密码错误");
+        }
+        // 否则校验旧的密码
         String password = user.getPassword();
         if (Objects.equals(password, PasswordUtil.MD5WithSalt(verify))) {
             return;

src/main/java/cn/quantgroup/xyqb/service/register/impl/UserRegisterServiceImpl.java

@@ -159,7 +159,8 @@ public class UserRegisterServiceImpl implements IUserRegisterService {
             password = PasswordUtil.generateRandomPwd(Constants.RANDOM_PWD_LEN);
         }
         if (StringUtils.isNotBlank(password)) {
-            user.setPassword(PasswordUtil.MD5WithSalt(password));
+//            user.setPassword(PasswordUtil.MD5WithSalt(password));
+            // 新建用户使用新加密方式
             user.setEncryptedPassword(BctyptPasswordUtil.BCryptWithSalt(password));
         }
         user = userService.saveUser(user);

src/main/java/cn/quantgroup/xyqb/service/user/impl/UserServiceImpl.java

@@ -228,11 +228,12 @@ public class UserServiceImpl implements IUserService, IBaseController {
         if (user == null) {
             throw new RuntimeException("用户[" + phoneNo + "]不存在");
         }
-        user.setPassword(PasswordUtil.MD5WithSalt(password));
+        //修改密码使用新加密方式
+//        user.setPassword(PasswordUtil.MD5WithSalt(password));
         user.setEncryptedPassword(BctyptPasswordUtil.BCryptWithSalt(password));
         user = userRepository.save(user);
         stringRedisTemplate.expire("usercache:xyqbuser" + phoneNo, 1L, TimeUnit.MILLISECONDS);
-        return PasswordUtil.validatePassword(password, user.getPassword());
+        return BctyptPasswordUtil.BCryptCheckPw(password, user.getEncryptedPassword());
     }
 
     @Override