generated from youfool-project/youfool-prj-springboot-template
Merge pull request 'xsha/lroyia/task-20251024-074232' (#2) from xsha/lroyia/task-20251024-074232 into master
Reviewed-on: #2
This commit is contained in:
commit
5f42096e55
|
|
@ -51,7 +51,7 @@ public class LoginController {
|
|||
|
||||
// 查询用户信息
|
||||
SysUser sysUser = sysUserService.getUserByUsername(username);
|
||||
if (sysUser == null || !sysUser.getPassword().equals(password)) {
|
||||
if (sysUser == null || !SysUser.verifyPassword(password, sysUser.getPassword())) {
|
||||
return RestResult.error(BaseResultCode.BUSINESS_LOGIC_ERROR, "用户名或密码错误");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -9,6 +9,8 @@ import lombok.Data;
|
|||
|
||||
import java.io.Serial;
|
||||
import java.io.Serializable;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
/**
|
||||
* 系统用户实体类
|
||||
|
|
@ -98,4 +100,64 @@ public class SysUser implements Serializable {
|
|||
@TableField("gitea_open_id")
|
||||
@Schema(description = "Gitea Open ID", example = "1234567890")
|
||||
private String giteaOpenId;
|
||||
|
||||
/**
|
||||
* 密码加密方法
|
||||
*
|
||||
* <p>将原始密码按照MD5(MD5(原密码)+123456)的方式加密</p>
|
||||
*
|
||||
* @param originalPassword 原始密码
|
||||
* @return 加密后的密码
|
||||
*/
|
||||
public static String encryptPassword(String originalPassword) {
|
||||
try {
|
||||
MessageDigest md5 = MessageDigest.getInstance("MD5");
|
||||
|
||||
// 第一次MD5加密
|
||||
byte[] firstHash = md5.digest(originalPassword.getBytes());
|
||||
String firstMd5 = bytesToHex(firstHash);
|
||||
|
||||
// 拼接123456
|
||||
String combined = firstMd5 + "123456";
|
||||
|
||||
// 第二次MD5加密
|
||||
byte[] secondHash = md5.digest(combined.getBytes());
|
||||
return bytesToHex(secondHash);
|
||||
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
throw new RuntimeException("MD5算法不可用", e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 字节数组转十六进制字符串
|
||||
*
|
||||
* @param bytes 字节数组
|
||||
* @return 十六进制字符串
|
||||
*/
|
||||
private static String bytesToHex(byte[] bytes) {
|
||||
StringBuilder hexString = new StringBuilder();
|
||||
for (byte b : bytes) {
|
||||
String hex = Integer.toHexString(0xff & b);
|
||||
if (hex.length() == 1) {
|
||||
hexString.append('0');
|
||||
}
|
||||
hexString.append(hex);
|
||||
}
|
||||
return hexString.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* 验证密码
|
||||
*
|
||||
* <p>验证输入的密码是否与存储的密码匹配</p>
|
||||
*
|
||||
* @param inputPassword 输入的密码
|
||||
* @param storedPassword 存储的密码
|
||||
* @return 是否匹配
|
||||
*/
|
||||
public static boolean verifyPassword(String inputPassword, String storedPassword) {
|
||||
String encryptedInput = encryptPassword(inputPassword);
|
||||
return encryptedInput.equals(storedPassword);
|
||||
}
|
||||
}
|
||||
|
|
@ -145,21 +145,7 @@
|
|||
</div>
|
||||
|
||||
<script src="https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js"></script>
|
||||
<script src="https://cdn.jsdelivr.net/npm/jsencrypt@3.2.1/bin/jsencrypt.min.js"></script>
|
||||
<script>
|
||||
// 获取公钥
|
||||
let publicKey = '';
|
||||
fetch('/course/user/auth/publicKey')
|
||||
.then(response => response.json())
|
||||
.then(data => {
|
||||
if (data.code === 200) {
|
||||
publicKey = data.data;
|
||||
}
|
||||
})
|
||||
.catch(error => {
|
||||
console.error('获取公钥失败:', error);
|
||||
});
|
||||
|
||||
// 登录表单提交
|
||||
document.getElementById('loginForm').addEventListener('submit', async function(e) {
|
||||
e.preventDefault();
|
||||
|
|
@ -169,20 +155,10 @@
|
|||
const errorMessage = document.getElementById('errorMessage');
|
||||
|
||||
try {
|
||||
// 加密密码
|
||||
const encrypt = new JSEncrypt();
|
||||
encrypt.setPublicKey(publicKey);
|
||||
const encryptedPassword = encrypt.encrypt(password);
|
||||
|
||||
if (!encryptedPassword) {
|
||||
throw new Error('密码加密失败');
|
||||
}
|
||||
|
||||
// 发送登录请求
|
||||
const response = await axios.post('/course/user/auth/login', {
|
||||
username: username,
|
||||
password: encryptedPassword,
|
||||
encrypt: true
|
||||
password: password
|
||||
});
|
||||
|
||||
if (response.data.code === 200) {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,57 @@
|
|||
package com.chinaweal.youfool.course.entity;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import static org.junit.jupiter.api.Assertions.*;
|
||||
|
||||
/**
|
||||
* SysUser密码加密测试类
|
||||
*
|
||||
* @author test
|
||||
* @since 1.0.0
|
||||
*/
|
||||
public class SysUserTest {
|
||||
|
||||
@Test
|
||||
public void testEncryptPassword() {
|
||||
// 测试密码加密功能
|
||||
String originalPassword = "test123";
|
||||
String encryptedPassword = SysUser.encryptPassword(originalPassword);
|
||||
|
||||
// 验证加密结果不为空
|
||||
assertNotNull(encryptedPassword);
|
||||
// 验证加密结果是32位MD5哈希值
|
||||
assertEquals(32, encryptedPassword.length());
|
||||
// 验证相同密码加密结果一致
|
||||
String encryptedPassword2 = SysUser.encryptPassword(originalPassword);
|
||||
assertEquals(encryptedPassword, encryptedPassword2);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testVerifyPassword() {
|
||||
// 测试密码验证功能
|
||||
String originalPassword = "test123";
|
||||
String encryptedPassword = SysUser.encryptPassword(originalPassword);
|
||||
|
||||
// 验证正确密码
|
||||
assertTrue(SysUser.verifyPassword(originalPassword, encryptedPassword));
|
||||
|
||||
// 验证错误密码
|
||||
assertFalse(SysUser.verifyPassword("wrongPassword", encryptedPassword));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testPasswordEncryptionWithExample() {
|
||||
// 测试具体示例:密码"admin"的加密结果
|
||||
String password = "admin";
|
||||
String encrypted = SysUser.encryptPassword(password);
|
||||
|
||||
System.out.println("密码 '" + password + "' 的加密结果: " + encrypted);
|
||||
|
||||
// 验证加密结果
|
||||
assertNotNull(encrypted);
|
||||
assertEquals(32, encrypted.length());
|
||||
|
||||
// 验证能够正确验证
|
||||
assertTrue(SysUser.verifyPassword(password, encrypted));
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue