修改密码加密方式

a5fbd6fc · 李健华 · 73250bec · a5fbd6fc · a5fbd6fc · a5fbd6fc
Commit a5fbd6fc authored Jul 25, 2022 by 李健华
5 changed files
--- a/src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
@@ -24,10 +24,7 @@ import cn.quantgroup.xyqb.service.sms.ISmsService;
 import cn.quantgroup.xyqb.service.user.*;
 import cn.quantgroup.xyqb.service.wechat.IWechatService;
 import cn.quantgroup.xyqb.session.XyqbSessionContextHolder;
-import cn.quantgroup.xyqb.util.IpUtil;
-import cn.quantgroup.xyqb.util.PasswordUtil;
-import cn.quantgroup.xyqb.util.TenantUtil;
-import cn.quantgroup.xyqb.util.ValidationUtil;
+import cn.quantgroup.xyqb.util.*;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.alibaba.fastjson.TypeReference;
@@ -336,6 +333,7 @@ public class UserController implements IBaseController {
        User user = userService.findByPhoneInDb(phoneNo);
        if (user != null) {
            user.setPassword(PasswordUtil.MD5WithSalt(password));
+            user.setEncryptedPassword(BctyptPasswordUtil.BCryptWithSalt(password));
            userService.saveUser(user);
            log.info("用户注册失败，该手机号已经被注册：register -> registerFrom:{}, phoneNo:{}", registerFrom, phoneNo);
            //已存在的用户, 经过短信认证, 也认为是注册成功的
@@ -742,6 +740,14 @@ public class UserController implements IBaseController {
            lockIpv4Service.countErrorByPhoneNo(phoneNo);
            return null;
        }
+        System.out.println(user.getPassword());
+        if (!BctyptPasswordUtil.BCryptCheckPw(pass, user.getEncryptedPassword())) {
+            // 向该ipv4添加错误计数器
+            lockIpv4Service.countErrorByIpv4(clientIp);
+            // 向该phoneNo添加错误计数器
+            lockIpv4Service.countErrorByPhoneNo(phoneNo);
+            return null;
+        }
        //验证密码
        if (!PasswordUtil.validatePassword(pass, user.getPassword())) {
            // 向该ipv4添加错误计数器

--- a/src/main/java/cn/quantgroup/xyqb/entity/User.java
+++ b/src/main/java/cn/quantgroup/xyqb/entity/User.java
@@ -45,6 +45,9 @@ public class User extends BaseEntity implements Serializable {
    @Convert(converter = EncryptConverter.class)
    private String encryptedPhoneNo;

+    @Column(name = "encrypted_password")
+    private String encryptedPassword;
+
    public String getEncryptedPhoneNo() {
        return StringUtils.isBlank(encryptedPhoneNo) ? phoneNo : encryptedPhoneNo;
    }

--- a/src/main/java/cn/quantgroup/xyqb/service/register/impl/UserRegisterServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/register/impl/UserRegisterServiceImpl.java
@@ -13,6 +13,7 @@ import cn.quantgroup.xyqb.service.register.IUserDeregisterService;
 import cn.quantgroup.xyqb.service.register.IUserRegisterService;
 import cn.quantgroup.xyqb.service.user.ILoginRecordService;
 import cn.quantgroup.xyqb.service.user.IUserService;
+import cn.quantgroup.xyqb.util.BctyptPasswordUtil;
 import cn.quantgroup.xyqb.util.DateUtils;
 import cn.quantgroup.xyqb.util.PasswordUtil;
 import cn.quantgroup.xyqb.util.TenantUtil;
@@ -159,6 +160,7 @@ public class UserRegisterServiceImpl implements IUserRegisterService {
        }
        if (StringUtils.isNotBlank(password)) {
            user.setPassword(PasswordUtil.MD5WithSalt(password));
+            user.setEncryptedPassword(BctyptPasswordUtil.BCryptWithSalt(password));
        }
        user = userService.saveUser(user);


--- a/src/main/java/cn/quantgroup/xyqb/service/user/impl/UserServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/user/impl/UserServiceImpl.java
@@ -229,6 +229,7 @@ public class UserServiceImpl implements IUserService, IBaseController {
            throw new RuntimeException("用户[" + phoneNo + "]不存在");
        }
        user.setPassword(PasswordUtil.MD5WithSalt(password));
+        user.setEncryptedPassword(BctyptPasswordUtil.BCryptWithSalt(password));
        user = userRepository.save(user);
        stringRedisTemplate.expire("usercache:xyqbuser" + phoneNo, 1L, TimeUnit.MILLISECONDS);
        return PasswordUtil.validatePassword(password, user.getPassword());

--- a/src/main/java/cn/quantgroup/xyqb/util/BctyptPasswordUtil.java
+++ b/src/main/java/cn/quantgroup/xyqb/util/BctyptPasswordUtil.java
+package cn.quantgroup.xyqb.util;
+
+import org.springframework.security.crypto.bcrypt.BCrypt;
+
+import java.util.Objects;
+
+/**
+ * Created by Miraculous on 15/7/5.
+ */
+public class BctyptPasswordUtil {
+    public static void main(String[] args) {
+        System.out.println(BCryptWithSalt("123456"));
+        System.out.println(BCryptCheckPw("123456", BCryptWithSalt("123456")));
+    }
+
+    public final static String BCryptWithSalt(String password) {
+        if(Objects.isNull(password)){
+            return null;
+        }
+        return BCrypt.hashpw(password, BCrypt.gensalt());
+    }
+
+    public final static Boolean BCryptCheckPw(String password, String hashe) {
+        return BCrypt.checkpw(password, hashe);
+    }
+
+}