Merge branch 'zhaoyue-dev3' into 'master'

MOD admin pass See merge request !38

Merge branch 'zhaoyue-dev3' into 'master'
MOD admin pass See merge request !38
zhaoyue
Commit 7bddd8fbb06f0ee8fa23cba87faf02efe8e5e095 2 parents 4d5dad0d 15083233
Showing 2 changed files with 16 additions and 58 deletions
src/main/java/com/xkl/controller/uploadsoft/UpSoftAccountController.java
src/main/java/com/xkl/controller/uspih/AdminAccountController.java
--- a/src/main/java/com/xkl/controller/uploadsoft/UpSoftAccountController.java
View file @7bddd8f
+++ b/src/main/java/com/xkl/controller/uploadsoft/UpSoftAccountController.java
View file @7bddd8f
@@ -18,6 +18,7 @@ import com.xkl.repository.AMPMachineRepository;
 import com.xkl.repository.AdminRepository;
 import com.xkl.repository.XklCompanyRepository;
 import com.xkl.security.SecurityTool;
+import com.xkl.service.ILoginService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -35,7 +36,8 @@ import org.springframework.web.bind.annotation.RestController;
 @Api("AMP报告上传软件客户端登录及退出接口")
 @RequestMapping("/upsoft/account")
 public class UpSoftAccountController {
-
+    @Autowired
+    private ILoginService loginService;
     @Autowired
     private AdminRepository adminRepository;
     @Autowired
@@ -53,28 +55,9 @@ public class UpSoftAccountController {
         //  , @RequestParam String ampserial, @RequestParam String ampkey
         Assert.notNull(account, "account can not be empty");
         Assert.notNull(password, "password can not be empty");
-//        Assert.notNull(ampserial, "ampserial can not be empty");
-//        Assert.notNull(ampkey, "ampkey can not be empty");
-//        XklAMPMachineEntity ampMachine = ampMachineRepository.findBySecretKey(ampkey.trim());
-//        if (ampMachine == null ||// 未找到密钥所对应的机器
-//                !ampMachine.getAMPSerial().equals(ampserial) ||//amp序号不符合
-//                ampMachine.getStatus() != 1) {//用户无效
-//            return new ResponseEntity<>(ResultModel.error(ResultStatus.AMP_KEY_ERROR),HttpStatus.OK);
-//        }
-        XklAdminEntity admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK);
-        //未注册
-        if (admin == null) {
-            //提示用户名或密码错误
-            return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
-        }
-        String salt = admin.getSalt();
-        String adminType  = Integer.toString(admin.getType());
-        String str = account + password + adminType + salt; // 构建待加密字符串
-        String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
-        String pass_in_db = admin.getPwd();
-        if (!calcuPass.equals(pass_in_db) ||//密码错误
-                admin.getStatus() != 1) {//用户无效
-            //提示用户名或密码错误
+
+        XklAdminEntity admin = loginService.checkAdmin(account, password);
+        if (admin == null) {//用户，密码错误
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         }
--- a/src/main/java/com/xkl/controller/uspih/AdminAccountController.java
View file @7bddd8f
+++ b/src/main/java/com/xkl/controller/uspih/AdminAccountController.java
View file @7bddd8f
@@ -16,6 +16,7 @@ import com.xkl.repository.AMPMachineRepository;
 import com.xkl.repository.AdminRepository;
 import com.xkl.security.AntiXSS;
 import com.xkl.security.SecurityTool;
+import com.xkl.service.ILoginService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -33,7 +34,8 @@ import org.springframework.web.bind.annotation.RestController;
 @Api("USPIH admin account login and logout")
 @RequestMapping("/uspih/account")
 public class AdminAccountController {
-
+    @Autowired
+    private ILoginService loginService;
     @Autowired
     private AdminRepository adminRepository;
@@ -50,24 +52,8 @@ public class AdminAccountController {
         Assert.notNull(account, "account can not be empty");
         Assert.notNull(password, "password can not be empty");
-
-        XklAdminEntity admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK);
-        //未注册
-        if (admin == null) {
-            //提示用户名或密码错误
-            return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
-        }
-        String salt = admin.getSalt();
-        String adminType = Integer.toString(admin.getType());
-        String str = account + password + adminType + salt; // 构建待加密字符串
-        String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
-
-        String pass_in_db = admin.getPwd();
-
-//        String calcuPass = SecurityTool.getPassword(account, password, salt);
-        if (!calcuPass.equals(pass_in_db) ||//密码错误
-                admin.getStatus() != 1) {//用户无效
-            //提示用户名或密码错误
+        XklAdminEntity admin = loginService.checkAdmin(account, password);
+        if (admin == null) {//用户，密码错误
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         }
@@ -94,27 +80,16 @@ public class AdminAccountController {
     public ResponseEntity<ResultModel> loginModPwd(@RequestParam String account, @RequestParam String password, @RequestParam String newpwd) {
         Assert.notNull(account, "account can not be empty");
         Assert.notNull(password, "password can not be empty");
+        Assert.notNull(newpwd, "newpwd can not be empty");
-        XklAdminEntity admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK);
-        //未注册
-        if (admin == null) {
-            //提示用户名或密码错误
+        XklAdminEntity admin = loginService.checkAdmin(account, password);
+        if (admin == null) {//用户，密码错误
             return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
         }
-        String salt = admin.getSalt();
+        String salt = SecurityTool.genSalt();
         String adminType = Integer.toString(admin.getType());
-        String str = account + password + adminType + salt; // 构建待加密字符串
-        String calcuPass = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
-
-        String pass_in_db = admin.getPwd();
-        if (!calcuPass.equals(pass_in_db) ||//密码错误
-                admin.getStatus() != 1) {//用户无效
-            //提示用户名或密码错误
-            return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
-        }
-        salt = SecurityTool.genSalt();
-        str = account + newpwd + adminType + salt; // 构建待加密字符串
+        String str = account + newpwd + adminType + salt; // 构建待加密字符串
         String pass2Db = SecurityTool.encode(SecurityTool.ALGORITHM_MD5, str);
         admin.setPwd(pass2Db);
         admin.setSalt(salt);