Merge branch '个人忘记密码安全性修改' into 'develop'

个人忘记密码安全性修改 See merge request o2oa/o2oa!2630

Merge branch '个人忘记密码安全性修改' into 'develop'
个人忘记密码安全性修改 See merge request o2oa/o2oa!2630
ab98e5b4 · NoSubject · 9d6e1b3e · 08c2344f · ab98e5b4 · ab98e5b4
7 changed file
--- a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionCode.java
+++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionCode.java
@@ -5,33 +5,38 @@ import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.project.config.Config;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.WrapOutBoolean;
+import com.x.base.core.project.logger.Logger;
+import com.x.base.core.project.logger.LoggerFactory;
+import com.x.base.core.project.tools.Crypto;
+import com.x.base.core.project.tools.DefaultCharset;
 import com.x.organization.assemble.personal.Business;
 import com.x.organization.core.entity.Person;
 import org.apache.commons.lang3.BooleanUtils;
-class ActionCode extends BaseAction {
+import java.net.URLDecoder;
+class ActionCode extends BaseAction {
+	private static final Logger LOGGER = LoggerFactory.getLogger(ActionCode.class);
 	ActionResult<WrapOutBoolean> execute(String credential) throws Exception {
 		try (EntityManagerContainer emc = EntityManagerContainerFactory.instance().create()) {
-			ActionResult<WrapOutBoolean> result = new ActionResult<>();
-			WrapOutBoolean wrap = new WrapOutBoolean();
 			Business business = new Business(emc);
 			if (BooleanUtils.isNotTrue(Config.collect().getEnable())) {
 				throw new ExceptionDisableCollect();
 			}
+			credential =  BooleanUtils.isTrue(Config.token().getRsaEnable()) ? Crypto.rsaDecrypt(URLDecoder.decode(credential, DefaultCharset.charset),
+					Config.privateKey()) : credential;
+			LOGGER.info("{} 用户进行忘记密码修改操作", credential);
 			Person person = business.person().getWithCredential(credential);
 			if (null == person) {
-				throw new ExceptionSendCodeError();
+				throw new ExceptionSendCodeResult();
 			}
 			person = emc.find(person.getId(), Person.class);
 			if (!Config.person().isMobile(person.getMobile())) {
-				throw new ExceptionSendCodeError();
+				throw new ExceptionSendCodeResult();
 			}
 			business.instrument().code().create(person.getMobile());
-			wrap.setValue(true);
+			throw new ExceptionSendCodeResult();
-			result.setData(wrap);
-			return result;
 		}
 	}

--- a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionReset.java
+++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionReset.java
@@ -44,9 +44,11 @@ class ActionReset extends BaseAction {
 			if (StringUtils.isBlank(password)) {
 				throw new ExceptionPasswordEmpty();
 			}
+			credential =  BooleanUtils.isTrue(Config.token().getRsaEnable()) ? Crypto.rsaDecrypt(credential, Config.privateKey()) : credential;
+			password =  BooleanUtils.isTrue(Config.token().getRsaEnable()) ? Crypto.rsaDecrypt(password, Config.privateKey()) : password;
 			Person person = business.person().getWithCredential(credential);
 			if (null == person) {
-				throw new ExceptionPersonNotExist(credential);
+				throw new ExceptionPersonNotExistOrInvalidAnswer();
 			}
 			person = emc.find(person.getId(), Person.class, ExceptionWhen.not_found);
 			if (BooleanUtils.isTrue(Config.person().getSuperPermission())
@@ -57,7 +59,7 @@ class ActionReset extends BaseAction {
 					throw new ExceptionInvalidPassword(Config.person().getPasswordRegexHint());
 				}
 				if (BooleanUtils.isFalse(business.instrument().code().validate(person.getMobile(), codeAnswer))) {
-					throw new ExceptionInvalidCode();
+					throw new ExceptionPersonNotExistOrInvalidAnswer();
 				}
 			}
 			emc.beginTransaction(Person.class);

--- a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionSetPasswordAnonymous.java
+++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ActionSetPasswordAnonymous.java
 package com.x.organization.assemble.personal.jaxrs.reset;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang3.BooleanUtils;
-import org.apache.commons.lang3.StringUtils;
 import com.google.gson.JsonElement;
 import com.x.base.core.container.EntityManagerContainer;
 import com.x.base.core.container.factory.EntityManagerContainerFactory;
 import com.x.base.core.project.annotation.FieldDescribe;
 import com.x.base.core.project.cache.CacheManager;
 import com.x.base.core.project.config.Config;
-import com.x.base.core.project.exception.ExceptionPersonNotExist;
 import com.x.base.core.project.gson.GsonPropertyObject;
 import com.x.base.core.project.http.ActionResult;
 import com.x.base.core.project.http.EffectivePerson;
@@ -20,6 +15,9 @@ import com.x.base.core.project.logger.LoggerFactory;
 import com.x.base.core.project.tools.Crypto;
 import com.x.organization.assemble.personal.Business;
 import com.x.organization.core.entity.Person;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.lang3.BooleanUtils;
+import org.apache.commons.lang3.StringUtils;
 public class ActionSetPasswordAnonymous extends BaseAction {
 	private static final Logger LOGGER = LoggerFactory.getLogger(ActionSetPasswordAnonymous.class);
@@ -30,7 +28,6 @@ public class ActionSetPasswordAnonymous extends BaseAction {
 			Wi wi = this.convertToWrapIn(jsonElement, Wi.class);
 			Business business = new Business(emc);
-			/** 排除xadmin */
 			if (Config.token().isInitialManager(wi.getUserName())) {
 				throw new ExceptionEditInitialManagerDeny();
 			} else {
@@ -40,13 +37,10 @@ public class ActionSetPasswordAnonymous extends BaseAction {
 				Person o = business.person().getWithCredential(wi.getUserName());
 				if (null == o) {
-					throw new ExceptionPersonNotExist(wi.getUserName());
+					throw new ExceptionPersonNotExistOrInvalidPassword();
 				}
 				Person person = emc.find(o.getId(), Person.class);
-				if (null == person) {
-					throw new ExceptionPersonNotExist(wi.getUserName());
-				}
 				if (StringUtils.isEmpty(wi.getOldPassword())) {
 					throw new ExceptionOldPasswordEmpty();
@@ -54,31 +48,23 @@ public class ActionSetPasswordAnonymous extends BaseAction {
 				if (StringUtils.isEmpty(wi.getNewPassword())) {
 					throw new ExceptionPasswordEmpty();
 				}
 				if (StringUtils.isEmpty(wi.getConfirmPassword())) {
 					throw new ExceptionConfirmPasswordEmpty();
 				}
-				if (!StringUtils.equals(wi.getNewPassword(), wi.getConfirmPassword())) {
+				String oldPassword = BooleanUtils.isTrue(Config.token().getRsaEnable()) ? Crypto.rsaDecrypt(wi.getOldPassword(), Config.privateKey())
-					throw new ExceptionTwicePasswordNotMatch();
+						: wi.getOldPassword();
-				}
+				String newPassword = BooleanUtils.isTrue(Config.token().getRsaEnable()) ? Crypto.rsaDecrypt(wi.getNewPassword(), Config.privateKey())
+						: wi.getNewPassword();
+				String confirmPassword = BooleanUtils.isTrue(Config.token().getRsaEnable()) ? Crypto.rsaDecrypt(wi.getConfirmPassword(), Config.privateKey())
+						: wi.getConfirmPassword();
 				if (StringUtils.equals(wi.getNewPassword(), wi.getOldPassword())) {
 					throw new ExceptionNewPasswordSameAsOldPassword();
 				}
-				String oldPassword = wi.getOldPassword();
+				if(!StringUtils.equals(newPassword, confirmPassword)){
-				String newPassword = wi.getNewPassword();
+					throw new ExceptionTwicePasswordNotMatch();
-				String confirmPassword = wi.getConfirmPassword();
-				String isEncrypted = wi.getIsEncrypted();
-				// RSA解秘
-				if (!StringUtils.isEmpty(isEncrypted)) {
-					if (isEncrypted.trim().equalsIgnoreCase("y")) {
-						oldPassword = this.decryptRSA(oldPassword);
-						newPassword = this.decryptRSA(newPassword);
-						confirmPassword = this.decryptRSA(confirmPassword);
-					}
 				}
 				if (BooleanUtils.isTrue(Config.person().getSuperPermission())
@@ -88,7 +74,7 @@ public class ActionSetPasswordAnonymous extends BaseAction {
 					if (!StringUtils.equals(
 							Crypto.encrypt(oldPassword, Config.token().getKey(), Config.person().getEncryptType()),
 							person.getPassword())) {
-						throw new ExceptionOldPasswordNotMatch();
+						throw new ExceptionPersonNotExistOrInvalidPassword();
 					}
 					if (!newPassword.matches(Config.person().getPasswordRegex())) {
 						throw new ExceptionInvalidPassword(Config.person().getPasswordRegexHint());

--- a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidAnswer.java
+++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidAnswer.java
+package com.x.organization.assemble.personal.jaxrs.reset;
+import com.x.base.core.project.exception.PromptException;
+class ExceptionPersonNotExistOrInvalidAnswer extends PromptException {
+	private static final long serialVersionUID = -8334021007462970656L;
+	public static String defaultMessage = "用户不存在或者验证码错误.";
+	ExceptionPersonNotExistOrInvalidAnswer( ) {
+		super(defaultMessage);
+	}
+}
--- a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidPassword.java
+++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionPersonNotExistOrInvalidPassword.java
+package com.x.organization.assemble.personal.jaxrs.reset;
+import com.x.base.core.project.exception.PromptException;
+class ExceptionPersonNotExistOrInvalidPassword extends PromptException {
+	private static final long serialVersionUID = 2537120821114609351L;
+	public static String defaultMessage = "用户不存在或者密码错误.";
+	ExceptionPersonNotExistOrInvalidPassword( ) {
+		super(defaultMessage);
+	}
+}
--- a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionSendCodeError.java
+++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ExceptionSendCodeError.java
@@ -2,17 +2,17 @@ package com.x.organization.assemble.personal.jaxrs.reset;
 import com.x.base.core.project.exception.PromptException;
-class ExceptionSendCodeError extends PromptException {
+class ExceptionSendCodeResult extends PromptException {
 	private static final long serialVersionUID = 1859164370743532895L;
 	public static String defaultMessage = "验证码已下发，如未收到，请确认是否已绑定该号码.";
-	ExceptionSendCodeError() {
+	ExceptionSendCodeResult() {
 		super(defaultMessage);
 	}
-	ExceptionSendCodeError(Throwable cause) {
+	ExceptionSendCodeResult(Throwable cause) {
 		super(cause, defaultMessage);
 	}
 }
--- a/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ResetAction.java
+++ b/o2server/x_organization_assemble_personal/src/main/java/com/x/organization/assemble/personal/jaxrs/reset/ResetAction.java
 package com.x.organization.assemble.personal.jaxrs.reset;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.container.AsyncResponse;
-import javax.ws.rs.container.Suspended;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
 import com.google.gson.JsonElement;
 import com.x.base.core.project.annotation.JaxrsDescribe;
 import com.x.base.core.project.annotation.JaxrsMethodDescribe;
@@ -26,6 +13,13 @@ import com.x.base.core.project.jaxrs.StandardJaxrsAction;
 import com.x.base.core.project.logger.Logger;
 import com.x.base.core.project.logger.LoggerFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.*;
+import javax.ws.rs.container.AsyncResponse;
+import javax.ws.rs.container.Suspended;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
 @Path("reset")
 @JaxrsDescribe("重置操作")
 public class ResetAction extends StandardJaxrsAction {