找回密码和注册用户敏感信息加密处理

2020-09-29 16:07:38 +08:00
parent ac4c092a1c
commit 5e346c6d72
9 changed files with 81 additions and 32 deletions
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/AccountController.java
@@ -19,6 +19,7 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;

+import com.jeesite.common.codec.DesUtils;
 import com.jeesite.common.collect.MapUtils;
 import com.jeesite.common.config.Global;
 import com.jeesite.common.lang.StringUtils;
@@ -145,13 +146,17 @@ public class AccountController extends BaseController{
 		if (s != null) {
 			return s;
 		}
+		String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
+		if (StringUtils.isNotBlank(secretKey)){
+			user.setPassword(DesUtils.decode(user.getPassword(), secretKey));
+		}
 		// 更新为新密码
 		try{
 			userService.updatePassword(userCode, user.getPassword());
 		}catch(ServiceException se){
 			return renderResult(Global.FALSE, se.getMessage());
 		}
-		return renderResult(Global.TRUE, text("恭喜你，您的账号 {0} 密码修改成功！", user.getUserCode()));
+		return renderResult(Global.TRUE, text("恭喜你，您的账号 {0} 密码找回成功！", user.getLoginCode()));
 	}

 	/**
@@ -299,6 +304,14 @@ public class AccountController extends BaseController{
 			return renderResult(Global.FALSE, text("请重新获取保密问题！"));
 		}
 		
+		String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
+		if (StringUtils.isNotBlank(secretKey)){
+			user.setPwdQuestionAnswer(DesUtils.decode(user.getPwdQuestionAnswer(), secretKey));
+			user.setPwdQuestionAnswer2(DesUtils.decode(user.getPwdQuestionAnswer2(), secretKey));
+			user.setPwdQuestionAnswer3(DesUtils.decode(user.getPwdQuestionAnswer3(), secretKey));
+			user.setPassword(DesUtils.decode(user.getPassword(), secretKey));
+		}
+		
 		// 验证三个密保问题是否正确。
 		User u = UserUtils.getByLoginCode(user.getLoginCode());
 		if (!(u != null && loginCode.equals(user.getLoginCode())
@@ -318,8 +331,8 @@ public class AccountController extends BaseController{
 		// 更新密码后，清理缓存
 		UserUtils.removeCache("fpUserCode");
 		UserUtils.removeCache("fpLoginCode");
-		
-		return renderResult(Global.TRUE, text("验证通过"));
+
+		return renderResult(Global.TRUE, text("恭喜你，您的账号 {0} 密码找回成功！", user.getLoginCode()));
 	}
 	
 	/**
@@ -466,6 +479,10 @@ public class AccountController extends BaseController{
 		}
 		u.setLoginCode(loginCode);
 		u.setUserName(userName);
+		String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
+		if (StringUtils.isNotBlank(secretKey)){
+			user.setPassword(DesUtils.decode(user.getPassword(), secretKey));
+		}
 		u.setPassword(user.getPassword());
 		u.setEmail(email);
 		u.setMobile(mobile);
@@ -483,7 +500,7 @@ public class AccountController extends BaseController{
 		UserUtils.removeCache("regValidCode");
 		UserUtils.removeCache("regLastDate");
 	
-		return renderResult(Global.TRUE, text("恭喜你，您的账号 "+u.getLoginCode()+" 注册成功！"));
+		return renderResult(Global.TRUE, text("恭喜你，您的账号 {0} 注册成功！", u.getLoginCode()));
 	}
 	
 	/**
--- a/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
+++ b/modules/core/src/main/java/com/jeesite/modules/sys/web/LoginController.java
@@ -18,7 +18,6 @@ import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;

 import com.fasterxml.jackson.annotation.JsonView;
@@ -46,7 +45,7 @@ public class LoginController extends BaseController{
 	/**
 	 * 登录页面
 	 */
-	@RequestMapping(value = "login", method = RequestMethod.GET)
+	@RequestMapping(value = "login")
 	public String login(HttpServletRequest request, HttpServletResponse response, Model model) {
 		// 地址中如果包含JSESSIONID，则跳转一次，去掉JSESSIONID信息。
 		if (StringUtils.containsIgnoreCase(request.getRequestURI(), ";JSESSIONID=")){
--- a/modules/core/src/main/resources/config/jeesite-core.yml
+++ b/modules/core/src/main/resources/config/jeesite-core.yml
@@ -371,7 +371,7 @@ shiro:
 #  accessControlAllowOrigin: http://demo.jeesite.com
 #  accessControlAllowOrigin: '*'

-  # 允许跨域访问时 CORS，可以使用的方法和响应头
+  # 允许跨域访问时 CORS，可以使用的方法和标头
 #  accessControlAllowMethods: GET, POST, OPTIONS
 #  accessControlAllowHeaders: Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With

--- a/modules/core/src/main/resources/static/modules/sys/forgetPwd.js
+++ b/modules/core/src/main/resources/static/modules/sys/forgetPwd.js
@@ -75,7 +75,24 @@ $(function(){
 	$('#forgetForm').validate({
 		ignore: ":hidden",
 	    submitHandler: function(form) {
-			js.ajaxSubmitForm($(form), function(data){
+	    	var $form = $(form),
+				action = $form.attr('action'),
+				data = $form.serializeArray(),
+				key = window.secretKey||$('#loginKey').data('key');
+			if (key != ''){
+				for (var i=0, l=data.length; i<l; i++){
+					if (data[i].name == 'pwdQuestionAnswer'){
+						data[i].value = DesUtils.encode($('#fp_pwdQuestionAnswer').val(), key);
+					}else if (data[i].name == 'pwdQuestionAnswer2'){
+						data[i].value = DesUtils.encode($('#fp_pwdQuestionAnswer2').val(), key);
+					}else if (data[i].name == 'pwdQuestionAnswer3'){
+						data[i].value = DesUtils.encode($('#fp_pwdQuestionAnswer3').val(), key);
+					}else if (data[i].name == 'password'){
+						data[i].value = DesUtils.encode($('#fp_password').val(), key);
+					}
+				}
+			}
+			js.ajaxSubmit(action, data, function(data, status, xhr){
 				if (data.result == "true"){
 					alert(data.message);
 					location = ctx + '/login';
--- a/modules/core/src/main/resources/static/modules/sys/registerUser.js
+++ b/modules/core/src/main/resources/static/modules/sys/registerUser.js
@@ -67,7 +67,18 @@ $(function(){
 	$('#registerForm').validate({
 		ignore: ":hidden",
 	    submitHandler: function(form) {
-			js.ajaxSubmitForm($(form), function(data){
+	    	var $form = $(form),
+				action = $form.attr('action'),
+				data = $form.serializeArray(),
+				key = window.secretKey||$('#loginKey').data('key');
+			if (key != ''){
+				for (var i=0, l=data.length; i<l; i++){
+					if (data[i].name == 'password'){
+						data[i].value = DesUtils.encode($('#reg_password').val(), key);
+					}
+				}
+			}
+			js.ajaxSubmit(action, data, function(data, status, xhr){
 				if (data.result == "true"){
 					alert(data.message);
 					location = ctx + '/login';
--- a/modules/core/src/main/resources/views/modules/sys/forgetPwd.html
+++ b/modules/core/src/main/resources/views/modules/sys/forgetPwd.html
@@ -41,24 +41,24 @@
 			</div>
 			<div class="form-group has-feedback fp-element fp-question">
 				<span class="fa fa-question-circle form-control-feedback"></span>
-				<input type="text" name="pwdQuestionAnswer" class="form-control required"
-					data-msg-required="请填写答案1." placeholder="答案1 " />
+				<input type="text" id="fp_pwdQuestionAnswer" name="pwdQuestionAnswer"
+					class="form-control required" data-msg-required="请填写答案1." placeholder="答案1 " />
 			</div>
 			<div class="form-group has-feedback fp-element fp-question">
 				问题2：<span id="fp_q2"></span>
 			</div>
 			<div class="form-group has-feedback fp-element fp-question">
 				<span class="fa fa-question-circle form-control-feedback"></span>
-				<input type="text" name="pwdQuestionAnswer2" class="form-control required"
-					data-msg-required="请填写答案2." placeholder="答案2" />
+				<input type="text" id="fp_pwdQuestionAnswer2" name="pwdQuestionAnswer2"
+					class="form-control required" data-msg-required="请填写答案2." placeholder="答案2" />
 			</div>
 			<div class="form-group has-feedback fp-element fp-question">
 				问题3：<span id="fp_q3"></span>
 			</div>
 			<div class="form-group has-feedback fp-element fp-question">
 				<span class="fa fa-question-circle form-control-feedback"></span>
-				<input type="text" name="pwdQuestionAnswer3" class="form-control required"
-					data-msg-required="请填写答案3." placeholder="答案3" />
+				<input type="text" id="fp_pwdQuestionAnswer3" name="pwdQuestionAnswer3"
+					class="form-control required" data-msg-required="请填写答案3." placeholder="答案3" />
 			</div>
 			<div class="form-group has-feedback clearfix">
 				<strong>设置新密码：</strong>
@@ -93,11 +93,11 @@
 	</div>
 	<div class="login-copyright">
 		&copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a
-			href="http://jeesite.com">JeeSite ${@Global.getProperty('jeesiteVersion')}</a>
+			id="loginKey" data-key="${@Global.getConfig('shiro.loginSubmit.secretKey')}"
+			href="http://jeesite.com" >JeeSite ${@Global.getProperty('jeesiteVersion')}</a>
 	</div>
 </div>
 <% } %>
-<script>var secretKey = '${@Global.getConfig("shiro.loginSubmit.secretKey")}';</script>
-<script src="${ctxStatic}/jquery-toastr/2.1/toastr.min.js?${_version}"></script>
 <script src="${ctxStatic}/common/des.js?${_version}"></script>
+<script src="${ctxStatic}/jquery-toastr/2.1/toastr.min.js?${_version}"></script>
 <script src="${ctxStatic}/modules/sys/forgetPwd.js?${_version}"></script>
--- a/modules/core/src/main/resources/views/modules/sys/registerUser.html
+++ b/modules/core/src/main/resources/views/modules/sys/registerUser.html
@@ -89,9 +89,11 @@
 	</div>
 	<div class="login-copyright">
 		&copy; ${@DateUtils.getYear()} ${@Global.getConfig('productName')} - Powered By <a
-			href="http://jeesite.com">JeeSite ${@Global.getProperty('jeesiteVersion')}</a>
+			id="loginKey" data-key="${@Global.getConfig('shiro.loginSubmit.secretKey')}"
+			href="http://jeesite.com" >JeeSite ${@Global.getProperty('jeesiteVersion')}</a>
 	</div>
 </div>
 <% } %>
+<script src="${ctxStatic}/common/des.js?${_version}"></script>
 <script src="${ctxStatic}/jquery-toastr/2.1/toastr.min.js?${_version}"></script>
 <script src="${ctxStatic}/modules/sys/registerUser.js?${_version}"></script>
--- a/modules/core/src/main/resources/views/modules/sys/user/userInfo.html
+++ b/modules/core/src/main/resources/views/modules/sys/user/userInfo.html
@@ -311,16 +311,22 @@ $('#sex input').on('ifCreated ifChecked', function(){
 $("#newPassword").strength();
 $("#inputFormPwd").validate({
 	submitHandler: function(form){
-		var oldPassword = $('#oldPassword').val(),
-			newPassword = $('#newPassword').val(),
-			confirmNewPassword = $('#confirmNewPassword').val(),
-			secretKey = '${@Global.getConfig("shiro.loginSubmit.secretKey")}';
-		if (secretKey != ''){
-			$('#oldPassword').val(DesUtils.encode(oldPassword, secretKey));
-			$('#newPassword').val(DesUtils.encode(newPassword, secretKey));
-			$('#confirmNewPassword').val(DesUtils.encode(confirmNewPassword, secretKey));
+		var $form = $(form),
+			action = $form.attr('action'),
+			data = $form.serializeArray(),
+			key = '${@Global.getConfig("shiro.loginSubmit.secretKey")}';
+		if (key != ''){
+			for (var i=0, l=data.length; i<l; i++){
+				if (data[i].name == 'oldPassword'){
+					data[i].value = DesUtils.encode($('#oldPassword').val(), key);
+				}else if (data[i].name == 'newPassword'){
+					data[i].value = DesUtils.encode($('#newPassword').val(), key);
+				}else if (data[i].name == 'confirmNewPassword'){
+					data[i].value = DesUtils.encode($('#confirmNewPassword').val(), key);
+				}
+			}
 		}
-		js.ajaxSubmitForm($(form), function(data){
+		js.ajaxSubmit(action, data, function(data, status, xhr){
 			js.showMessage(data.message);
 			if(data.result == Global.TRUE){
 				if ('${parameter.url}'!=''){
@@ -330,9 +336,6 @@ $("#inputFormPwd").validate({
 				}
 			}
 		}, "json");
-		$('#oldPassword').val(oldPassword);
-		$('#newPassword').val(newPassword);
-		$('#confirmNewPassword').val(confirmNewPassword);
    }
 });
 // 密保问题