Merge branch 'feature/password-Bcrypt-20220718' into 'master'

Feature/password bcrypt 20220718 See merge request !88

Merge branch 'feature/password-Bcrypt-20220718' into 'master'
Feature/password bcrypt 20220718 See merge request !88
bee82863 · 李健华 · c3ef87a5 · 5282afdb · bee82863 · bee82863
Commit bee82863 authored Aug 15, 2022 by 李健华
16 changed files
--- a/src/main/java/cn/quantgroup/user/enums/LoginType.java
+++ b/src/main/java/cn/quantgroup/user/enums/LoginType.java
+package cn.quantgroup.user.enums;
+/**
+ * Created by FrankChow on 15/7/15.
+ */
+public enum LoginType {
+    ACCOUNTPASSWORD("账密登陆"),
+    VERIFICATIONCODE("验证码登陆"),
+    AUTHLOGIN("一键登录"),
+    WECHATLOGIN("微信登陆"),
+    APPLETLOGIN("小程序登陆"),
+    SUPERLOGIN("免密登陆"),
+    SUPERLOGINTWO("免密登陆2, 新手机不注册"),
+    ;
+    private String name;
+    LoginType(String name) {
+        this.name = name;
+    }
+    public String getName() {
+        return name;
+    }
+    @Override
+    public String toString() {
+        return name;
+    }
+}
--- a/src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
 package cn.quantgroup.xyqb.controller.external;
+import cn.quantgroup.user.enums.LoginType;
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.aspect.accessable.IpValidator;
 import cn.quantgroup.xyqb.aspect.captcha.CaptchaFiniteValidator;
@@ -24,10 +25,7 @@ import cn.quantgroup.xyqb.service.sms.ISmsService;
 import cn.quantgroup.xyqb.service.user.*;
 import cn.quantgroup.xyqb.service.wechat.IWechatService;
 import cn.quantgroup.xyqb.session.XyqbSessionContextHolder;
-import cn.quantgroup.xyqb.util.IpUtil;
+import cn.quantgroup.xyqb.util.*;
-import cn.quantgroup.xyqb.util.PasswordUtil;
-import cn.quantgroup.xyqb.util.TenantUtil;
-import cn.quantgroup.xyqb.util.ValidationUtil;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.alibaba.fastjson.TypeReference;
@@ -335,7 +333,9 @@ public class UserController implements IBaseController {
        verifyPhoneAndCode(phoneNo, verificationCode);
        User user = userService.findByPhoneInDb(phoneNo);
        if (user != null) {
-            user.setPassword(PasswordUtil.MD5WithSalt(password));
+            // 用户注册使用新加密方式
+//            user.setPassword(PasswordUtil.MD5WithSalt(password));
+            user.setCipherPassword(BctyptPasswordUtil.BCryptWithSalt(password));
            userService.saveUser(user);
            log.info("用户注册失败，该手机号已经被注册：register -> registerFrom:{}, phoneNo:{}", registerFrom, phoneNo);
            //已存在的用户, 经过短信认证, 也认为是注册成功的
@@ -456,9 +456,17 @@ public class UserController implements IBaseController {
        if (StringUtils.isBlank(user.getPassword()) ^ StringUtils.isBlank(password)) {
            return JsonResult.buildErrorStateResult("修改密码失败", null);
        }
-        if (StringUtils.isNotBlank(user.getPassword()) && !PasswordUtil.validatePassword(password, user.getPassword())) {
+        // 优先校验新的密码
-            return JsonResult.buildErrorStateResult("修改密码失败", null);
+        if (StringUtils.isNotBlank(user.getCipherPassword()) ) {
+            if (!BctyptPasswordUtil.BCryptCheckPw(password, user.getCipherPassword())) {
+                return JsonResult.buildErrorStateResult("修改密码失败", null);
+            }
+        } else {
+            if (StringUtils.isNotBlank(user.getPassword()) && !PasswordUtil.validatePassword(password, user.getPassword())) {
+                return JsonResult.buildErrorStateResult("修改密码失败", null);
+            }
        }
        if (!userService.resetPassword(phoneNo, passwordNew)) {
            return JsonResult.buildErrorStateResult("修改密码失败", null);
        }
@@ -700,7 +708,7 @@ public class UserController implements IBaseController {
            return JsonResult.buildErrorStateResult("登录时微信关联失败", null);
        }
        LoginProperties loginProperties = new LoginProperties("", 1, channelId, createdFrom, appChannel, merchant.getId(), merchant.getName(), null);
-        AuthBean authBean=sessionService.createSession(user, loginProperties);
+        AuthBean authBean=sessionService.createSession(user, loginProperties, LoginType.ACCOUNTPASSWORD.ordinal());
        if(authBean!=null){
            authBean.setRegister(false);
        }
@@ -742,13 +750,28 @@ public class UserController implements IBaseController {
            lockIpv4Service.countErrorByPhoneNo(phoneNo);
            return null;
        }
-        //验证密码
-        if (!PasswordUtil.validatePassword(pass, user.getPassword())) {
+        // 优先校验新密码加密方式 如果有并且密码校验不通过
-            // 向该ipv4添加错误计数器
+        if (StringUtils.isNotBlank(user.getCipherPassword())) {
-            lockIpv4Service.countErrorByIpv4(clientIp);
+            if (!BctyptPasswordUtil.BCryptCheckPw(pass, user.getCipherPassword())) {
-            // 向该phoneNo添加错误计数器
+                // 向该ipv4添加错误计数器
-            lockIpv4Service.countErrorByPhoneNo(phoneNo);
+                lockIpv4Service.countErrorByIpv4(clientIp);
-            return null;
+                // 向该phoneNo添加错误计数器
+                lockIpv4Service.countErrorByPhoneNo(phoneNo);
+                return null;
+            }
+        } else {
+            //验证密码
+            if (!PasswordUtil.validatePassword(pass, user.getPassword())) {
+                // 向该ipv4添加错误计数器
+                lockIpv4Service.countErrorByIpv4(clientIp);
+                // 向该phoneNo添加错误计数器
+                lockIpv4Service.countErrorByPhoneNo(phoneNo);
+                return null;
+            }
+            // 校验老密码正确更新新加密方式
+            user.setCipherPassword(BctyptPasswordUtil.BCryptWithSalt(pass));
+            userService.saveUser(user);
        }
        // 向该ipv4添加成功计数器
@@ -777,7 +800,7 @@ public class UserController implements IBaseController {
            geetestLogService.updateByUidGeetestLog(geetestLogId, user.getId());
        }
        //更新session
-        return new JsonResult(sessionService.createSession(user, loginProperties));
+        return new JsonResult(sessionService.createSession(user, loginProperties, LoginType.ACCOUNTPASSWORD.ordinal()));
    }
    /**

--- a/src/main/java/cn/quantgroup/xyqb/controller/external/WeChatController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/WeChatController.java
 package cn.quantgroup.xyqb.controller.external;
+import cn.quantgroup.user.enums.LoginType;
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.controller.IBaseController;
 import cn.quantgroup.xyqb.entity.Merchant;
@@ -15,7 +16,6 @@ import cn.quantgroup.xyqb.service.user.IUserService;
 import cn.quantgroup.xyqb.service.wechat.IWechatFollowService;
 import cn.quantgroup.xyqb.service.wechat.IWechatService;
 import cn.quantgroup.xyqb.util.EmojiUtil;
-import cn.quantgroup.xyqb.util.TenantUtil;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.TypeReference;
 import com.google.common.base.Joiner;
@@ -362,14 +362,14 @@ public class WeChatController implements IBaseController {
            if (Constants.MERCHANT_BAITIAO.equals(merchant.getName())) {
                return loginInWechatWithSessionCreated(user, merchant, "cashTarget5", Constants.Channel.BAITIAO, domain, Constants.Channel.WECHAT);
            } else if (Constants.MERCHANT_WECHAT_PAY.equals(merchant.getName())) {
-                AuthBean authBean = sessionService.createSession(user, loginProperties);
+                AuthBean authBean = sessionService.createSession(user, loginProperties, LoginType.WECHATLOGIN.ordinal());
                return domain + "/landing?token=" + authBean.getToken() + "&registerFrom=" + registerFrom + "&channelId=" + Constants.Channel.WECHAT + "&key=" + merchant.getName() + "&target=cashTarget5";
            } else {
                return loginInWechatWithSessionCreated(user, merchant, "cashTarget4", 1L, domain, registerFrom);
            }
        } else if (Constants.LOCAL.equals(redirect)) {
            log.info("微信登录:redirect不为null,创建session跳到指定前端页面.");
-            AuthBean authBean = sessionService.createSession(user, loginProperties);
+            AuthBean authBean = sessionService.createSession(user, loginProperties, LoginType.WECHATLOGIN.ordinal());
            log.info("微信登录:跳转地址{}", domain + "/weixin/callback?phoneNo=" + user.getPhoneNo() + "&token=" + authBean.getToken());
            Long channelId = Constants.MERCHANT_BAITIAO.equals(merchant.getName()) ? Constants.Channel.BAITIAO : 1L;
            String target = Constants.MERCHANT_BAITIAO.equals(merchant.getName()) ? "cashTarget5" : "cashTarget4";
@@ -377,7 +377,7 @@ public class WeChatController implements IBaseController {
                    "&channelId=" + channelId + "&key=" + merchant.getName() + "&target=" + target + "&isWechat=true";
        } else if(Constants.REDIRECT_ORDER.equals(redirect)){
            log.info("微信登录:redirect为orders,创建session跳到指定前端页面.(兼容多订单页面)");
-            AuthBean authBean = sessionService.createSession(user, loginProperties);
+            AuthBean authBean = sessionService.createSession(user, loginProperties, LoginType.WECHATLOGIN.ordinal());
            return String.format("%s/loan-list?token=%s&registerFrom=%s&key=%s", xjdDomain, authBean.getToken(), registerFrom, merchant.getName());
        }
        return null;
@@ -385,7 +385,7 @@ public class WeChatController implements IBaseController {
    private String loginInWechatWithSessionCreated(User user, Merchant merchant, String target, Long channelId, String domain, Long registerFrom) {
        LoginProperties loginProperties = new LoginProperties("", 4, channelId, registerFrom, String.valueOf(Constants.Channel.WECHAT), merchant.getId(), merchant.getName(), null);
-        AuthBean authBean = sessionService.createSession(user, loginProperties);
+        AuthBean authBean = sessionService.createSession(user, loginProperties, LoginType.WECHATLOGIN.ordinal());
        log.info("[WeChatController][loginInWechatWithSessionCreated]微信授权及跳转：user:{},merchant:{},target:{},channelId:{},domain:{},registerFrom:{}", user, merchant, target, channelId, domain, registerFrom);
        return domain + "/landing?token=" + authBean.getToken() + "&registerFrom=" + registerFrom + "&channelId=" + channelId + "&key=" + merchant.getName() + "&target=" + target;
    }

--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/AppController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/AppController.java
 package cn.quantgroup.xyqb.controller.internal.user;
+import cn.quantgroup.user.enums.LoginType;
 import cn.quantgroup.xyqb.aspect.accessable.IpValidator;
 import cn.quantgroup.xyqb.aspect.captcha.LoginInterceptor;
 import cn.quantgroup.xyqb.controller.IBaseController;
@@ -103,7 +104,7 @@ public class AppController implements IBaseController {
                        result = JsonResult.buildErrorStateResult("无效的商户", null);
                    }else{
                        LoginProperties loginProperties = new LoginProperties("", 4, channelId, registerFrom, appChannel, merchant.getId(), merchant.getName(), null);
-                        AuthBean bean = sessionService.createSession(user, loginProperties);
+                        AuthBean bean = sessionService.createSession(user, loginProperties, LoginType.AUTHLOGIN.ordinal());
                        LoginInfo.LoginContext context = new LoginInfo.LoginContext();
                        context.setChannelId(channelId);
                        context.setCreatedFrom(registerFrom);
@@ -173,7 +174,7 @@ public class AppController implements IBaseController {
        }
        LoginProperties loginProperties = new LoginProperties("", 4, channelId, registerFrom, appChannel, merchant.getId(), merchant.getName(), null);
-        AuthBean bean = sessionService.createSession(user, loginProperties);
+        AuthBean bean = sessionService.createSession(user, loginProperties, LoginType.SUPERLOGIN.ordinal());
        log.info("第三方用户登录成功 [AppController] login --> loginFrom:{}, phoneNo:{},appChannel:{}", registerFrom, phoneNo, appChannel);
        return JsonResult.buildSuccessResult("登录成功", bean);
    }
@@ -242,7 +243,7 @@ public class AppController implements IBaseController {
        log.info("=addLoginInfo end");
        LoginProperties loginProperties = new LoginProperties("", 4, channelId, registerFrom, appChannel, merchant.getId(), merchant.getName(), tenantId);
-        AuthBean bean = sessionService.createSession(user, loginProperties);
+        AuthBean bean = sessionService.createSession(user, loginProperties, LoginType.SUPERLOGIN.ordinal());
        log.info("=createSession end");
        LoginInfo loginInfo = new LoginInfo();
        loginInfo.setUser(new UserRet(user));
@@ -339,7 +340,7 @@ public class AppController implements IBaseController {
        //校验租户ID tenantId
        oauthLoginInfoService.addLoginInfo(user, tenantId);
        LoginProperties loginProperties = new LoginProperties("", 4, channelId, registerFrom, appChannel, null, "", tenantId);
-        AuthBean bean = sessionService.createSession(user, loginProperties);
+        AuthBean bean = sessionService.createSession(user, loginProperties, LoginType.SUPERLOGINTWO.ordinal());
        log.info("第三方用户登录成功 [AppController] login2 --> loginFrom:{}, phoneNo:{},appChannel:{}", registerFrom, phoneNo, appChannel);
        return JsonResult.buildSuccessResult("登录成功", bean);
    }

--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java
@@ -1366,9 +1366,20 @@ public class InnerController implements IBaseController {
        if (Objects.isNull(user) || Objects.equals(Boolean.FALSE, user.getEnable())) {
            return null;
        }
-        //验证密码
-        if (!PasswordUtil.validatePassword(bufPassword, user.getPassword())) {
+        // 有限校验新密码加密方式
-            return null;
+        if (StringUtils.isNotBlank(user.getCipherPassword())) {
+            if (!BctyptPasswordUtil.BCryptCheckPw(password, user.getCipherPassword())) {
+                return null;
+            }
+        } else {
+            //验证密码
+            if (!PasswordUtil.validatePassword(bufPassword, user.getPassword())) {
+                return null;
+            }
+            // 老密码校验后更新新密码加密方式
+            user.setCipherPassword(BctyptPasswordUtil.BCryptWithSalt(password));
+            userService.saveUser(user);
        }
        return user;
    }

--- a/src/main/java/cn/quantgroup/xyqb/controller/middleoffice/common/PwdVerifyStrategy.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/middleoffice/common/PwdVerifyStrategy.java
@@ -2,6 +2,7 @@ package cn.quantgroup.xyqb.controller.middleoffice.common;
 import cn.quantgroup.xyqb.entity.User;
 import cn.quantgroup.xyqb.exception.DataException;
+import cn.quantgroup.xyqb.util.BctyptPasswordUtil;
 import cn.quantgroup.xyqb.util.PasswordUtil;
 import org.springframework.stereotype.Component;
@@ -19,6 +20,15 @@ public class PwdVerifyStrategy implements IVerifyStrategy {
    @Override
    public void verify(User user, String verify) {
+        // 如果新加密的密码不为空校验新密码
+        String cipherPassword = user.getCipherPassword();
+        if (!"".equals(cipherPassword)) {
+            if (Objects.equals(cipherPassword, BctyptPasswordUtil.BCryptWithSalt(verify))) {
+                return;
+            }
+            throw new DataException("用户名或密码错误");
+        }
+        // 否则校验旧的密码
        String password = user.getPassword();
        if (Objects.equals(password, PasswordUtil.MD5WithSalt(verify))) {
            return;

--- a/src/main/java/cn/quantgroup/xyqb/controller/middleoffice/login/LoginModule.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/middleoffice/login/LoginModule.java
 package cn.quantgroup.xyqb.controller.middleoffice.login;
+import cn.quantgroup.user.enums.LoginType;
 import cn.quantgroup.xyqb.controller.middleoffice.common.VerifyStrategyFactory;
 import cn.quantgroup.xyqb.controller.middleoffice.common.VerifyTypeEnum;
 import cn.quantgroup.xyqb.entity.User;
@@ -61,7 +62,7 @@ public class LoginModule implements ILoginModule {
                .channelId(channelId)
                .merchantName("xyqb")
                .build();
-        AuthBean session = sessionService.createSession(user, loginProperties);
+        AuthBean session = sessionService.createSession(user, loginProperties, LoginType.ACCOUNTPASSWORD.ordinal());
        return LoginVo.builder()
                .hasPassword(user.getHasPassword())
                .phoneNo(phoneNo)
@@ -94,7 +95,7 @@ public class LoginModule implements ILoginModule {
                .channelId(channelId)
                .tenantId(tenantId)
                .build();
-        AuthBean session = sessionService.createSession(user, loginProperties);
+        AuthBean session = sessionService.createSession(user, loginProperties, LoginType.APPLETLOGIN.ordinal());
        return LoginVo.builder()
                .hasPassword(user.getHasPassword())
                .phoneNo(user.getPhoneNo())

--- a/src/main/java/cn/quantgroup/xyqb/entity/LoginRecord.java
+++ b/src/main/java/cn/quantgroup/xyqb/entity/LoginRecord.java
@@ -46,4 +46,7 @@ public class LoginRecord extends BaseEntity implements Serializable {
    @Column(name = "app_channel")
    private String appChannel;
+    @Column(name = "login_type")
+    private Integer loginType;
 }
--- a/src/main/java/cn/quantgroup/xyqb/entity/User.java
+++ b/src/main/java/cn/quantgroup/xyqb/entity/User.java
@@ -45,6 +45,9 @@ public class User extends BaseEntity implements Serializable {
    @Convert(converter = EncryptConverter.class)
    private String encryptedPhoneNo;
+    @Column(name = "cipher_password")
+    private String cipherPassword;
    public String getEncryptedPhoneNo() {
        return StringUtils.isBlank(encryptedPhoneNo) ? phoneNo : encryptedPhoneNo;
    }

--- a/src/main/java/cn/quantgroup/xyqb/service/register/impl/UserRegisterServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/register/impl/UserRegisterServiceImpl.java
@@ -13,6 +13,7 @@ import cn.quantgroup.xyqb.service.register.IUserDeregisterService;
 import cn.quantgroup.xyqb.service.register.IUserRegisterService;
 import cn.quantgroup.xyqb.service.user.ILoginRecordService;
 import cn.quantgroup.xyqb.service.user.IUserService;
+import cn.quantgroup.xyqb.util.BctyptPasswordUtil;
 import cn.quantgroup.xyqb.util.DateUtils;
 import cn.quantgroup.xyqb.util.PasswordUtil;
 import cn.quantgroup.xyqb.util.TenantUtil;
@@ -158,12 +159,14 @@ public class UserRegisterServiceImpl implements IUserRegisterService {
            password = PasswordUtil.generateRandomPwd(Constants.RANDOM_PWD_LEN);
        }
        if (StringUtils.isNotBlank(password)) {
-            user.setPassword(PasswordUtil.MD5WithSalt(password));
+//            user.setPassword(PasswordUtil.MD5WithSalt(password));
+            // 新建用户使用新加密方式
+            user.setCipherPassword(BctyptPasswordUtil.BCryptWithSalt(password));
        }
        user = userService.saveUser(user);
        // 注册添加日志
-        loginRecordService.saveLoginRecord(user.getId(), RecordType.REGISTERRECORD.getName());
+        loginRecordService.saveLoginRecord(user.getId(), RecordType.REGISTERRECORD.getName(), 0);
        userRegisterParam.setUser(user);
        return user;
    }

--- a/src/main/java/cn/quantgroup/xyqb/service/session/ISessionService.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/session/ISessionService.java
@@ -13,16 +13,6 @@ import java.util.List;
 */
 public interface ISessionService {
-    /**
-     * 更新session
-     * 用户信息存在,更新session中的最后访问时间,重新写入缓存.
-     * 存在则保存用户session信息,userId为uuid
-     *
-     * @param user - 登录用户
-     * @param loginProperties - 登录参数
-     * @return
-     */
-    AuthBean createSession(User user, LoginProperties loginProperties);
    SessionStruct createSessionAndPersist(User user, LoginProperties loginProperties);
@@ -45,4 +35,16 @@ public interface ISessionService {
    void persistSessionExchange(String token, SessionValue sessionValue, long expire);
    void kdspDeleteSession(Long userId, LoginProperties loginProperties);
+    /**
+     * 更新session
+     * 用户信息存在,更新session中的最后访问时间,重新写入缓存.
+     * 存在则保存用户session信息,userId为uuid
+     *
+     * @param user - 登录用户
+     * @param loginProperties - 登录参数
+     * @param ordinal - 登录方式
+     * @return
+     */
+    AuthBean createSession(User user, LoginProperties loginProperties, int ordinal);
 }
--- a/src/main/java/cn/quantgroup/xyqb/service/session/impl/SessionServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/session/impl/SessionServiceImpl.java
@@ -47,6 +47,7 @@ public class SessionServiceImpl implements ISessionService {
    @Value("${token.prefix}")
    private String prefix;
    /**
     * 更新session
     * 用户信息存在,更新session中的最后访问时间,重新写入缓存.
@@ -56,7 +57,7 @@ public class SessionServiceImpl implements ISessionService {
     * @return
     */
    @Override
-    public AuthBean createSession(User user, LoginProperties properties) {
+    public AuthBean createSession(User user, LoginProperties properties, int loginType) {
        //找到用户
        //TODO: 使用userId
        String sessionId = findSessionIdByUserIdLoginProperties(user.getId(), properties);
@@ -82,7 +83,7 @@ public class SessionServiceImpl implements ISessionService {
        log.info("用户登录成功, loginFrom:{}, phoneNo:{},appChannel:{},channelId:{}", properties.getCreatedFrom(), user.getPhoneNo(), properties.getAppChannel(), properties.getChannelId());
        // 添加登陆日志
-        loginRecordService.saveLoginRecord(user.getId(), RecordType.LOGINRECORD.getName());
+        loginRecordService.saveLoginRecord(user.getId(), RecordType.LOGINRECORD.getName(), loginType);
        return authBean;
    }

--- a/src/main/java/cn/quantgroup/xyqb/service/user/ILoginRecordService.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/user/ILoginRecordService.java
 package cn.quantgroup.xyqb.service.user;
-import cn.quantgroup.user.enums.RecordType;
-import cn.quantgroup.xyqb.controller.internal.user.resp.UserFullResp;
 import cn.quantgroup.xyqb.entity.LoginRecord;
-import cn.quantgroup.xyqb.entity.Merchant;
-import cn.quantgroup.xyqb.entity.User;
-import cn.quantgroup.xyqb.model.JsonResult;
-import cn.quantgroup.xyqb.model.LoginProperties;
-import cn.quantgroup.xyqb.model.UserInfo;
-import javax.servlet.http.HttpServletRequest;
-import java.util.List;
-import java.util.Map;
 /**
 * Created by Miraculous on 15/7/5.
 */
 public interface ILoginRecordService {
-    void saveLoginRecord(Long id, String name);
    LoginRecord findFirstLoginRecord(String deviceId);
+    void saveLoginRecord(Long id, String name, int loginType);
 }
--- a/src/main/java/cn/quantgroup/xyqb/service/user/impl/LoginRecordServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/user/impl/LoginRecordServiceImpl.java
 package cn.quantgroup.xyqb.service.user.impl;
-import cn.quantgroup.tech.db.DSType;
+import cn.quantgroup.user.enums.RecordType;
-import cn.quantgroup.tech.db.TargetDataSource;
-import cn.quantgroup.user.enums.BizType;
-import cn.quantgroup.user.enums.IncomeRangeEnum;
-import cn.quantgroup.xyqb.Constants;
-import cn.quantgroup.xyqb.aspect.lock.RedisLock;
 import cn.quantgroup.xyqb.controller.IBaseController;
-import cn.quantgroup.xyqb.controller.internal.user.resp.UserFullResp;
+import cn.quantgroup.xyqb.entity.LoginRecord;
-import cn.quantgroup.xyqb.entity.*;
+import cn.quantgroup.xyqb.repository.ILoginRecordRepository;
-import cn.quantgroup.xyqb.event.PhoneNoUpdateEvent;
+import cn.quantgroup.xyqb.service.user.ILoginRecordService;
-import cn.quantgroup.xyqb.exception.DataException;
-import cn.quantgroup.xyqb.exception.UserNotExistException;
-import cn.quantgroup.xyqb.exception.UserRegisterLoginException;
-import cn.quantgroup.xyqb.model.*;
-import cn.quantgroup.xyqb.repository.*;
-import cn.quantgroup.xyqb.service.register.IUserDeregisterService;
-import cn.quantgroup.xyqb.service.register.IUserRegisterService;
-import cn.quantgroup.xyqb.service.session.ISessionService;
-import cn.quantgroup.xyqb.service.user.*;
-import cn.quantgroup.xyqb.service.wechat.IWechatService;
-import cn.quantgroup.xyqb.util.*;
-import com.alibaba.fastjson.JSON;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
-import com.sensorsdata.analytics.javasdk.ISensorsAnalytics;
-import com.sensorsdata.analytics.javasdk.bean.EventRecord;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.cache.annotation.CacheEvict;
-import org.springframework.cache.annotation.Caching;
-import org.springframework.context.ApplicationEventPublisher;
-import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-import org.springframework.util.CollectionUtils;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
-import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
-import java.util.*;
-import java.util.concurrent.TimeUnit;
-import java.util.stream.Collectors;
 /**
 * Created by Miraculous on 15/7/5.
@@ -56,11 +24,15 @@ public class LoginRecordServiceImpl implements ILoginRecordService, IBaseControl
    private ILoginRecordRepository loginRecordRepository;
    @Override
-    public void saveLoginRecord(Long userId, String name) {
+    public void saveLoginRecord(Long userId, String name, int loginType) {
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        LoginRecord loginRecord = new LoginRecord();
        loginRecord.setUserId(userId);
        loginRecord.setType(name);
+        // 如果登陆记录登陆方式
+        if (RecordType.LOGINRECORD.getName().equals(name)) {
+            loginRecord.setLoginType(loginType);
+        }
        String qgTenantId = request.getHeader("qg-tenant-id");
        String vccChannel = request.getHeader("vccChannel");
        if (null != qgTenantId && !"".equals(qgTenantId)) {

--- a/src/main/java/cn/quantgroup/xyqb/service/user/impl/UserServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/user/impl/UserServiceImpl.java
@@ -4,6 +4,7 @@ import cn.quantgroup.tech.db.DSType;
 import cn.quantgroup.tech.db.TargetDataSource;
 import cn.quantgroup.user.enums.BizType;
 import cn.quantgroup.user.enums.IncomeRangeEnum;
+import cn.quantgroup.user.enums.LoginType;
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.aspect.lock.RedisLock;
 import cn.quantgroup.xyqb.controller.IBaseController;
@@ -228,10 +229,12 @@ public class UserServiceImpl implements IUserService, IBaseController {
        if (user == null) {
            throw new RuntimeException("用户[" + phoneNo + "]不存在");
        }
-        user.setPassword(PasswordUtil.MD5WithSalt(password));
+        //修改密码使用新加密方式
+//        user.setPassword(PasswordUtil.MD5WithSalt(password));
+        user.setCipherPassword(BctyptPasswordUtil.BCryptWithSalt(password));
        user = userRepository.save(user);
        stringRedisTemplate.expire("usercache:xyqbuser" + phoneNo, 1L, TimeUnit.MILLISECONDS);
-        return PasswordUtil.validatePassword(password, user.getPassword());
+        return BctyptPasswordUtil.BCryptCheckPw(password, user.getCipherPassword());
    }
    @Override
@@ -428,7 +431,7 @@ public class UserServiceImpl implements IUserService, IBaseController {
            geetestLogService.updateByUidGeetestLog(geetestLogId, user.getId());
        }
        LoginProperties loginProperties = new LoginProperties("", 3, channelId, createdFrom, appChannel, merchant.getId(), merchant.getName(), tenantId);
-        AuthBean session = sessionService.createSession(user, loginProperties);
+        AuthBean session = sessionService.createSession(user, loginProperties, LoginType.VERIFICATIONCODE.ordinal());
        session.setRegister(register);
        lockIpv4Service.unLockPhone(phoneNo);
        return new JsonResult(session);

--- a/src/main/java/cn/quantgroup/xyqb/util/BctyptPasswordUtil.java
+++ b/src/main/java/cn/quantgroup/xyqb/util/BctyptPasswordUtil.java
+package cn.quantgroup.xyqb.util;
+import org.springframework.security.crypto.bcrypt.BCrypt;
+import java.util.Objects;
+/**
+ * Created by Miraculous on 15/7/5.
+ */
+public class BctyptPasswordUtil {
+    public static void main(String[] args) {
+        System.out.println(BCryptWithSalt("123456"));
+        System.out.println(BCryptCheckPw("123456", BCryptWithSalt("123456")));
+    }
+    public final static String BCryptWithSalt(String password) {
+        if(Objects.isNull(password)){
+            return null;
+        }
+        return BCrypt.hashpw(password, BCrypt.gensalt());
+    }
+    public final static Boolean BCryptCheckPw(String password, String hashe) {
+        return BCrypt.checkpw(password, hashe);
+    }
+}