Merge branch 'zhaoyue-dev3' into 'master'

MOD admin pass See merge request !38

Merge branch 'zhaoyue-dev3' into 'master'
MOD admin pass See merge request !38
zhaoyue
Commit 7bddd8fbb06f0ee8fa23cba87faf02efe8e5e095 2 parents 4d5dad0d 15083233
Showing 2 changed files with 16 additions and 58 deletions
src/main/java/com/xkl/controller/uploadsoft/UpSoftAccountController.java
src/main/java/com/xkl/controller/uspih/AdminAccountController.java
--- a/src/main/java/com/xkl/controller/uploadsoft/UpSoftAccountController.java
View file @7bddd8f
+++ b/src/main/java/com/xkl/controller/uploadsoft/UpSoftAccountController.java
View file @7bddd8f
@@ -18,6 +18,7 @@ import com.xkl.repository.AMPMachineRepository;
 import com.xkl.repository.AdminRepository;
 import com.xkl.repository.XklCompanyRepository;
 import com.xkl.security.SecurityTool;
+ import com.xkl.service.ILoginService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -35,7 +36,8 @@ import org.springframework.web.bind.annotation.RestController;
 @Api("AMP报告上传软件客户端登录及退出接口")
 @RequestMapping("/upsoft/account")
 public class UpSoftAccountController {
- 
+     @Autowired
+     private ILoginService loginService;
     @Autowired
     private AdminRepository adminRepository;
     @Autowired
@@ -53,28 +55,9 @@ public class UpSoftAccountController {
         //  , @RequestParam String ampserial, @RequestParam String ampkey
         Assert.notNull(account, "account can not be empty");
         Assert.notNull(password, "password can not be empty");
- //        Assert.notNull(ampserial, "ampserial can not be empty");
- //        Assert.notNull(ampkey, "ampkey can not be empty");
- //        XklAMPMachineEntity ampMachine = ampMachineRepository.findBySecretKey(ampkey.trim());
- //        if (ampMachine == null ||// 未找到密钥所对应的机器
- //                !ampMachine.getAMPSerial().equals(ampserial) ||//amp序号不符合
- //                ampMachine.getStatus() != 1) {//用户无效
- //            return new ResponseEntity<>(ResultModel.error(ResultStatus.AMP_KEY_ERROR),HttpStatus.OK);
- //        }
-         XklAdminEntity admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK);
-         //未注册
-         if (admin == null) {
-             //提示用户名或密码错误
-             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
-         }
-         String salt = admin.getSalt();
-         String adminType  = Integer.toString(admin.getType());
-         String str = account + password + adminType + salt; // 构建待加密字符串
-         String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
-         String pass_in_db = admin.getPwd();
-         if (!calcuPass.equals(pass_in_db) ||//密码错误
-                 admin.getStatus() != 1) {//用户无效
-             //提示用户名或密码错误
+ 
+         XklAdminEntity admin = loginService.checkAdmin(account, password);
+         if (admin == null) {//用户，密码错误
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         }
 
--- a/src/main/java/com/xkl/controller/uspih/AdminAccountController.java
View file @7bddd8f
+++ b/src/main/java/com/xkl/controller/uspih/AdminAccountController.java
View file @7bddd8f
@@ -16,6 +16,7 @@ import com.xkl.repository.AMPMachineRepository;
 import com.xkl.repository.AdminRepository;
 import com.xkl.security.AntiXSS;
 import com.xkl.security.SecurityTool;
+ import com.xkl.service.ILoginService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -33,7 +34,8 @@ import org.springframework.web.bind.annotation.RestController;
 @Api("USPIH admin account login and logout")
 @RequestMapping("/uspih/account")
 public class AdminAccountController {
- 
+     @Autowired
+     private ILoginService loginService;
     @Autowired
     private AdminRepository adminRepository;
 
@@ -50,24 +52,8 @@ public class AdminAccountController {
         Assert.notNull(account, "account can not be empty");
         Assert.notNull(password, "password can not be empty");
 
- 
-         XklAdminEntity admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK);
-         //未注册
-         if (admin == null) {
-             //提示用户名或密码错误
-             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
-         }
-         String salt = admin.getSalt();
-         String adminType = Integer.toString(admin.getType());
-         String str = account + password + adminType + salt; // 构建待加密字符串
-         String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
- 
-         String pass_in_db = admin.getPwd();
- 
- //        String calcuPass = SecurityTool.getPassword(account, password, salt);
-         if (!calcuPass.equals(pass_in_db) ||//密码错误
-                 admin.getStatus() != 1) {//用户无效
-             //提示用户名或密码错误
+         XklAdminEntity admin = loginService.checkAdmin(account, password);
+         if (admin == null) {//用户，密码错误
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         }
 
@@ -94,27 +80,16 @@ public class AdminAccountController {
     public ResponseEntity<ResultModel> loginModPwd(@RequestParam String account, @RequestParam String password, @RequestParam String newpwd) {
         Assert.notNull(account, "account can not be empty");
         Assert.notNull(password, "password can not be empty");
+         Assert.notNull(newpwd, "newpwd can not be empty");
 
-         XklAdminEntity admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK);
-         //未注册
-         if (admin == null) {
-             //提示用户名或密码错误
+         XklAdminEntity admin = loginService.checkAdmin(account, password);
+         if (admin == null) {//用户，密码错误
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         }
 
-         String salt = admin.getSalt();
+         String salt = SecurityTool.genSalt();
         String adminType = Integer.toString(admin.getType());
-         String str = account + password + adminType + salt; // 构建待加密字符串
-         String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
- 
-         String pass_in_db = admin.getPwd();
-         if (!calcuPass.equals(pass_in_db) ||//密码错误
-                 admin.getStatus() != 1) {//用户无效
-             //提示用户名或密码错误
-             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
-         }
-         salt = SecurityTool.genSalt();
-         str = account + newpwd + adminType + salt; // 构建待加密字符串
+         String str = account + newpwd + adminType + salt; // 构建待加密字符串
         String pass2Db = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
         admin.setPwd(pass2Db);
         admin.setSalt(salt);