Authored by zhaoyue

MOD admin pass

@@ -18,6 +18,7 @@ import com.xkl.repository.AMPMachineRepository; @@ -18,6 +18,7 @@ import com.xkl.repository.AMPMachineRepository;
18 import com.xkl.repository.AdminRepository; 18 import com.xkl.repository.AdminRepository;
19 import com.xkl.repository.XklCompanyRepository; 19 import com.xkl.repository.XklCompanyRepository;
20 import com.xkl.security.SecurityTool; 20 import com.xkl.security.SecurityTool;
  21 +import com.xkl.service.ILoginService;
21 import org.springframework.beans.factory.annotation.Autowired; 22 import org.springframework.beans.factory.annotation.Autowired;
22 import org.springframework.http.HttpStatus; 23 import org.springframework.http.HttpStatus;
23 import org.springframework.http.ResponseEntity; 24 import org.springframework.http.ResponseEntity;
@@ -35,7 +36,8 @@ import org.springframework.web.bind.annotation.RestController; @@ -35,7 +36,8 @@ import org.springframework.web.bind.annotation.RestController;
35 @Api("AMP报告上传软件客户端登录及退出接口") 36 @Api("AMP报告上传软件客户端登录及退出接口")
36 @RequestMapping("/upsoft/account") 37 @RequestMapping("/upsoft/account")
37 public class UpSoftAccountController { 38 public class UpSoftAccountController {
38 - 39 + @Autowired
  40 + private ILoginService loginService;
39 @Autowired 41 @Autowired
40 private AdminRepository adminRepository; 42 private AdminRepository adminRepository;
41 @Autowired 43 @Autowired
@@ -53,28 +55,9 @@ public class UpSoftAccountController { @@ -53,28 +55,9 @@ public class UpSoftAccountController {
53 // , @RequestParam String ampserial, @RequestParam String ampkey 55 // , @RequestParam String ampserial, @RequestParam String ampkey
54 Assert.notNull(account, "account can not be empty"); 56 Assert.notNull(account, "account can not be empty");
55 Assert.notNull(password, "password can not be empty"); 57 Assert.notNull(password, "password can not be empty");
56 -// Assert.notNull(ampserial, "ampserial can not be empty");  
57 -// Assert.notNull(ampkey, "ampkey can not be empty");  
58 -// XklAMPMachineEntity ampMachine = ampMachineRepository.findBySecretKey(ampkey.trim());  
59 -// if (ampMachine == null ||// 未找到密钥所对应的机器  
60 -// !ampMachine.getAMPSerial().equals(ampserial) ||//amp序号不符合  
61 -// ampMachine.getStatus() != 1) {//用户无效  
62 -// return new ResponseEntity<>(ResultModel.error(ResultStatus.AMP_KEY_ERROR),HttpStatus.OK);  
63 -// }  
64 - XklAdminEntity admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK);  
65 - //未注册  
66 - if (admin == null) {  
67 - //提示用户名或密码错误  
68 - return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);  
69 - }  
70 - String salt = admin.getSalt();  
71 - String adminType = Integer.toString(admin.getType());  
72 - String str = account + password + adminType + salt; // 构建待加密字符串  
73 - String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);  
74 - String pass_in_db = admin.getPwd();  
75 - if (!calcuPass.equals(pass_in_db) ||//密码错误  
76 - admin.getStatus() != 1) {//用户无效  
77 - //提示用户名或密码错误 58 +
  59 + XklAdminEntity admin = loginService.checkAdmin(account, password);
  60 + if (admin == null) {//用户,密码错误
78 return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK); 61 return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
79 } 62 }
80 63
@@ -16,6 +16,7 @@ import com.xkl.repository.AMPMachineRepository; @@ -16,6 +16,7 @@ import com.xkl.repository.AMPMachineRepository;
16 import com.xkl.repository.AdminRepository; 16 import com.xkl.repository.AdminRepository;
17 import com.xkl.security.AntiXSS; 17 import com.xkl.security.AntiXSS;
18 import com.xkl.security.SecurityTool; 18 import com.xkl.security.SecurityTool;
  19 +import com.xkl.service.ILoginService;
19 import org.springframework.beans.factory.annotation.Autowired; 20 import org.springframework.beans.factory.annotation.Autowired;
20 import org.springframework.http.HttpStatus; 21 import org.springframework.http.HttpStatus;
21 import org.springframework.http.ResponseEntity; 22 import org.springframework.http.ResponseEntity;
@@ -33,7 +34,8 @@ import org.springframework.web.bind.annotation.RestController; @@ -33,7 +34,8 @@ import org.springframework.web.bind.annotation.RestController;
33 @Api("USPIH admin account login and logout") 34 @Api("USPIH admin account login and logout")
34 @RequestMapping("/uspih/account") 35 @RequestMapping("/uspih/account")
35 public class AdminAccountController { 36 public class AdminAccountController {
36 - 37 + @Autowired
  38 + private ILoginService loginService;
37 @Autowired 39 @Autowired
38 private AdminRepository adminRepository; 40 private AdminRepository adminRepository;
39 41
@@ -50,24 +52,8 @@ public class AdminAccountController { @@ -50,24 +52,8 @@ public class AdminAccountController {
50 Assert.notNull(account, "account can not be empty"); 52 Assert.notNull(account, "account can not be empty");
51 Assert.notNull(password, "password can not be empty"); 53 Assert.notNull(password, "password can not be empty");
52 54
53 -  
54 - XklAdminEntity admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK);  
55 - //未注册  
56 - if (admin == null) {  
57 - //提示用户名或密码错误  
58 - return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);  
59 - }  
60 - String salt = admin.getSalt();  
61 - String adminType = Integer.toString(admin.getType());  
62 - String str = account + password + adminType + salt; // 构建待加密字符串  
63 - String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);  
64 -  
65 - String pass_in_db = admin.getPwd();  
66 -  
67 -// String calcuPass = SecurityTool.getPassword(account, password, salt);  
68 - if (!calcuPass.equals(pass_in_db) ||//密码错误  
69 - admin.getStatus() != 1) {//用户无效  
70 - //提示用户名或密码错误 55 + XklAdminEntity admin = loginService.checkAdmin(account, password);
  56 + if (admin == null) {//用户,密码错误
71 return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK); 57 return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
72 } 58 }
73 59
@@ -94,27 +80,16 @@ public class AdminAccountController { @@ -94,27 +80,16 @@ public class AdminAccountController {
94 public ResponseEntity<ResultModel> loginModPwd(@RequestParam String account, @RequestParam String password, @RequestParam String newpwd) { 80 public ResponseEntity<ResultModel> loginModPwd(@RequestParam String account, @RequestParam String password, @RequestParam String newpwd) {
95 Assert.notNull(account, "account can not be empty"); 81 Assert.notNull(account, "account can not be empty");
96 Assert.notNull(password, "password can not be empty"); 82 Assert.notNull(password, "password can not be empty");
  83 + Assert.notNull(newpwd, "newpwd can not be empty");
97 84
98 - XklAdminEntity admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK);  
99 - //未注册  
100 - if (admin == null) {  
101 - //提示用户名或密码错误 85 + XklAdminEntity admin = loginService.checkAdmin(account, password);
  86 + if (admin == null) {//用户,密码错误
102 return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK); 87 return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
103 } 88 }
104 89
105 - String salt = admin.getSalt(); 90 + String salt = SecurityTool.genSalt();
106 String adminType = Integer.toString(admin.getType()); 91 String adminType = Integer.toString(admin.getType());
107 - String str = account + password + adminType + salt; // 构建待加密字符串  
108 - String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);  
109 -  
110 - String pass_in_db = admin.getPwd();  
111 - if (!calcuPass.equals(pass_in_db) ||//密码错误  
112 - admin.getStatus() != 1) {//用户无效  
113 - //提示用户名或密码错误  
114 - return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);  
115 - }  
116 - salt = SecurityTool.genSalt();  
117 - str = account + newpwd + adminType + salt; // 构建待加密字符串 92 + String str = account + newpwd + adminType + salt; // 构建待加密字符串
118 String pass2Db = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str); 93 String pass2Db = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
119 admin.setPwd(pass2Db); 94 admin.setPwd(pass2Db);
120 admin.setSalt(salt); 95 admin.setSalt(salt);