Authored by zhaoyue

Merge branch 'zhaoyue-dev3' into 'master'

MOD admin pass



See merge request !35
@@ -55,10 +55,10 @@ public class AdminAccountController { @@ -55,10 +55,10 @@ public class AdminAccountController {
55 //未注册 55 //未注册
56 if (admin == null) { 56 if (admin == null) {
57 //提示用户名或密码错误 57 //提示用户名或密码错误
58 - return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR),HttpStatus.OK); 58 + return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
59 } 59 }
60 String salt = admin.getSalt(); 60 String salt = admin.getSalt();
61 - String adminType = Integer.toString(admin.getType()); 61 + String adminType = Integer.toString(admin.getType());
62 String str = account + password + adminType + salt; // 构建待加密字符串 62 String str = account + password + adminType + salt; // 构建待加密字符串
63 String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str); 63 String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
64 64
@@ -68,7 +68,7 @@ public class AdminAccountController { @@ -68,7 +68,7 @@ public class AdminAccountController {
68 if (!calcuPass.equals(pass_in_db) ||//密码错误 68 if (!calcuPass.equals(pass_in_db) ||//密码错误
69 admin.getStatus() != 1) {//用户无效 69 admin.getStatus() != 1) {//用户无效
70 //提示用户名或密码错误 70 //提示用户名或密码错误
71 - return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR),HttpStatus.OK); 71 + return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
72 } 72 }
73 73
74 //生成一个token,保存用户登录状态 74 //生成一个token,保存用户登录状态
@@ -101,16 +101,21 @@ public class AdminAccountController { @@ -101,16 +101,21 @@ public class AdminAccountController {
101 //提示用户名或密码错误 101 //提示用户名或密码错误
102 return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK); 102 return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
103 } 103 }
  104 +
104 String salt = admin.getSalt(); 105 String salt = admin.getSalt();
  106 + String adminType = Integer.toString(admin.getType());
  107 + String str = account + password + adminType + salt; // 构建待加密字符串
  108 + String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
  109 +
105 String pass_in_db = admin.getPwd(); 110 String pass_in_db = admin.getPwd();
106 - String calcuPass = SecurityTool.getPassword(account, password, salt);  
107 if (!calcuPass.equals(pass_in_db) ||//密码错误 111 if (!calcuPass.equals(pass_in_db) ||//密码错误
108 admin.getStatus() != 1) {//用户无效 112 admin.getStatus() != 1) {//用户无效
109 //提示用户名或密码错误 113 //提示用户名或密码错误
110 return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK); 114 return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
111 } 115 }
112 salt = SecurityTool.genSalt(); 116 salt = SecurityTool.genSalt();
113 - String pass2Db = SecurityTool.getPassword(admin.getAccount(), newpwd, salt); 117 + str = account + newpwd + adminType + salt; // 构建待加密字符串
  118 + String pass2Db = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
114 admin.setPwd(pass2Db); 119 admin.setPwd(pass2Db);
115 admin.setSalt(salt); 120 admin.setSalt(salt);
116 adminRepository.save(admin); 121 adminRepository.save(admin);