Merge remote-tracking branch 'origin/master'

pqs-common/common-core/src/main/java/com/njcn/common/pojo/constant/PatternRegex.java

@@ -20,7 +20,7 @@ public interface PatternRegex {
     /**
      * APP密码，长度为8-16
      */
-    String APP_PASSWORD_REGEX = "{8,16}$";
+    String APP_PASSWORD_REGEX = "^.{8,16}$";
 
 
     /**

pqs-gateway/src/main/java/com/njcn/gateway/filter/AuthGlobalFilter.java

@@ -42,7 +42,7 @@ import java.util.List;
 @RequiredArgsConstructor
 public class AuthGlobalFilter implements GlobalFilter, Ordered {
 
-    private final static List<String> USER_AGENT_IP = Arrays.asList("/pqs-auth/auth/getImgCode", "/pqs-auth/oauth/token", "/user-boot/user/generateSm2Key", "/user-boot/user/updateFirstPassword");
+    private final static List<String> USER_AGENT_IP = Arrays.asList("/pqs-auth/auth/getImgCode", "/pqs-auth/oauth/token", "/user-boot/user/generateSm2Key", "/user-boot/user/updateFirstPassword", "/user-boot/appUser/resetPsd");
 
     private final RedisUtil redisUtil;
 

pqs-user/user-boot/src/main/java/com/njcn/user/controller/UserController.java

@@ -315,6 +315,7 @@ public class UserController extends BaseController {
     @ApiOperation("根据登录名获取公钥")
     @ApiImplicitParam(name = "loginName", value = "登录名", required = true)
     public HttpResult<String> generateSm2Key(String loginName, @ApiIgnore HttpServletRequest request) {
+        System.out.println("request1==:" + request);
         if (StrUtil.isBlankIfStr(loginName)) {
             RequestUtil.saveLoginName(LogInfo.UNKNOWN_USER);
             throw new BusinessException(UserResponseEnum.LOGIN_USERNAME_INVALID);

pqs-user/user-boot/src/main/java/com/njcn/user/controller/app/AppUserController.java

@@ -2,6 +2,7 @@ package com.njcn.user.controller.app;
 
 import com.njcn.common.pojo.annotation.OperateInfo;
 import com.njcn.common.pojo.constant.OperateType;
+import com.njcn.common.pojo.constant.SecurityConstants;
 import com.njcn.common.pojo.enums.common.LogEnum;
 import com.njcn.common.pojo.enums.response.CommonResponseEnum;
 import com.njcn.common.pojo.response.HttpResult;
@@ -9,6 +10,7 @@ import com.njcn.common.utils.HttpResultUtil;
 import com.njcn.common.utils.LogUtil;
 import com.njcn.user.service.IAppUserService;
 import com.njcn.web.controller.BaseController;
+import com.njcn.web.utils.IpUtils;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
@@ -22,6 +24,9 @@ import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import springfox.documentation.annotations.ApiIgnore;
+
+import javax.servlet.http.HttpServletRequest;
 
 /**
  * 类的介绍：
@@ -106,11 +111,12 @@ public class AppUserController extends BaseController {
             @ApiImplicitParam(name = "phone", value = "手机号", required = true, paramType = "query"),
             @ApiImplicitParam(name = "code", value = "验证码", required = true, paramType = "query"),
             @ApiImplicitParam(name = "password", value = "密码", required = true, paramType = "query"),
-            @ApiImplicitParam(name = "devCode", value = "设备码", required = true, paramType = "query"),
+            @ApiImplicitParam(name = "devCode", value = "设备码", required = true, paramType = "query")
     })
-    public HttpResult<Object> resetPsd(String phone, String code,String password, String devCode) {
+    public HttpResult<Object> resetPsd(String phone, String code,String password, String devCode, @ApiIgnore HttpServletRequest request) {
         String methodDescribe = getMethodDescribe("modifyPsd");
-        appUserService.resetPsd(phone,code,password,devCode);
+        String ip = request.getHeader(SecurityConstants.REQUEST_HEADER_KEY_CLIENT_REAL_IP);
+        appUserService.resetPsd(phone,code,password,devCode,ip);
         return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, null, methodDescribe);
     }
 

pqs-user/user-boot/src/main/java/com/njcn/user/service/IAppUserService.java

@@ -29,7 +29,7 @@ public interface IAppUserService {
     /**
      * app用户忘记密码
      */
-    void resetPsd(String phone, String code, String password, String devCode);
+    void resetPsd(String phone, String code, String password, String devCode, String ip);
 
     /**
      * 旧手机验证码确认

pqs-user/user-boot/src/main/java/com/njcn/user/service/IUserSetService.java

@@ -49,6 +49,16 @@ public interface IUserSetService extends IService<UserSet> {
      */
     String updateFirstPassword(String id, String newPassword, String name, String ip);
 
+    /**
+     * App用户忘记密码
+     * @param id
+     * @param newPassword
+     * @param name
+     * @param ip
+     * @return
+     */
+    String forgetPassword(String id, String newPassword, String name, String ip);
+
 
     /**
      * 功能描述:

pqs-user/user-boot/src/main/java/com/njcn/user/service/impl/AppUserServiceImpl.java

@@ -1,6 +1,5 @@
 package com.njcn.user.service.impl;
 
-import cn.hutool.core.util.IdUtil;
 import com.aliyuncs.DefaultAcsClient;
 import com.aliyuncs.IAcsClient;
 import com.aliyuncs.dysmsapi.model.v20170525.SendSmsRequest;
@@ -239,7 +238,7 @@ public class AppUserServiceImpl extends ServiceImpl<AppUserMapper, User> impleme
     }
 
     @Override
-    public void resetPsd(String phone, String code, String password, String devCode) {
+    public void resetPsd(String phone, String code, String password, String devCode,String ip) {
         if (!PubUtils.match(PatternRegex.PHONE_REGEX, phone)){
             throw new BusinessException(UserResponseEnum.REGISTER_PHONE_WRONG);
         }
@@ -252,7 +251,7 @@ public class AppUserServiceImpl extends ServiceImpl<AppUserMapper, User> impleme
         if (Objects.isNull(user)){
             throw new BusinessException(UserResponseEnum.LOGIN_USERNAME_NOT_FOUND);
         }
-        String secretPassword = userSetService.updatePassword(user.getId(), password,false);
+        String secretPassword = userSetService.forgetPassword(user.getId(), password,user.getLoginName(),ip);
         user.setPassword(secretPassword);
         user.setPwdValidity(LocalDateTime.now());
         user.setLoginTime(LocalDateTime.now());

pqs-user/user-boot/src/main/java/com/njcn/user/service/impl/UserSetServiceImpl.java

@@ -76,6 +76,12 @@ public class UserSetServiceImpl extends ServiceImpl<UserSetMapper, UserSet> impl
         return updatePsd(id,password,true);
     }
 
+    @Override
+    public String forgetPassword(String id, String newPassword, String name, String ip) {
+        String password = getSecretPasswordNotLogin(newPassword, name, ip);
+        return updatePsd(id,password,false);
+    }
+
     @Override
     public String getDecryptPassword(String password) {
         return getSecretPassword(password);
@@ -155,40 +161,6 @@ public class UserSetServiceImpl extends ServiceImpl<UserSetMapper, UserSet> impl
         return psd;
     }
 
-    private String updateAppPsd(String id, String password) {
-        Sm4Utils sm4;
-        String psd,strSm4;
-        String standard = PatternRegex.PASSWORD_REGEX;
-        Pattern pattern = Pattern.compile(standard);
-        Matcher m=pattern.matcher(password);
-        if (!m.find()){
-            throw new BusinessException(UserResponseEnum.SPECIAL_PASSWORD);
-        }
-        UserSet userSet = this.lambdaQuery().eq(UserSet::getUserId, id).one();
-        QueryWrapper<User> userQueryWrapper = new QueryWrapper<>();
-        userQueryWrapper.eq("sys_user.id",id);
-        User user = userMapper.selectOne(userQueryWrapper);
-        String secretPassword = user.getPassword();
-        if (Objects.isNull(userSet)){
-            UserSet newUserSet = new UserSet();
-            String secretKey = PubUtils.randomCode(16);
-            newUserSet.setSecretKey(secretKey);
-            sm4 = new Sm4Utils(secretKey);
-            strSm4 = sm4.encryptData_ECB(password);
-            newUserSet.setStandBy(strSm4);
-            newUserSet.setUserId(id);
-            this.save(newUserSet);
-            psd = sm4.encryptData_ECB(strSm4 + secretKey);
-        } else {
-            sm4 = new Sm4Utils(userSet.getSecretKey());
-            strSm4 = sm4.encryptData_ECB(password);
-            psd = sm4.encryptData_ECB(strSm4 + userSet.getSecretKey());
-        }
-        if (Objects.equals(secretPassword,psd)){
-            throw new BusinessException(UserResponseEnum.REPEAT_PASSWORD);
-        }
-        return psd;
-    }
 
     /**
      * 未登录