password fix

5bb59b7a · MaxKey单点登录官方 · f01a82c1 · 5bb59b7a · 5bb59b7a · 5bb59b7a
3 changed file
--- a/maxkey-dao/src/main/java/org/maxkey/dao/service/UserInfoService.java
+++ b/maxkey-dao/src/main/java/org/maxkey/dao/service/UserInfoService.java
@@ -3,6 +3,7 @@ package org.maxkey.dao.service;

 import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.maxkey.constants.STATUS;
+import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.dao.persistence.UserInfoMapper;
 import org.maxkey.domain.ChangePassword;
@@ -109,7 +110,7 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
 				
 			}
 			String password = passwordEncoder.encode(PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), userInfo.getPassword()));
-			userInfo.setDecipherable(PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), userInfo.getPassword()));
+			userInfo.setDecipherable(ReciprocalUtils.encode(PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), userInfo.getPassword())));
 			_logger.debug("decipherable : "+userInfo.getDecipherable());
 			userInfo.setPassword(password);
 			userInfo.setPasswordLastSetTime(DateUtils.getCurrentDateTimeAsString());

--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java
@@ -93,7 +93,7 @@ public class SafeController {
 									String confirmPassword){
 		UserInfo userInfo =WebContext.getUserInfo();
 		_logger.debug("decipherable old : "+userInfo.getDecipherable());
-		_logger.debug("decipherable new : "+PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), userInfo.getPassword()));
+		_logger.debug("decipherable new : "+ReciprocalUtils.encode(PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), newPassword)));
 		if(newPassword.equals(confirmPassword)){
 			if(oldPassword==null || 
 					passwordEncoder.matches(PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(),oldPassword), userInfo.getPassword())){
@@ -123,7 +123,8 @@ public class SafeController {
 			@RequestParam("confirmPassword") String confirmPassword) {
 		
 		UserInfo userInfo =WebContext.getUserInfo();
-		_logger.debug("App Login Password : "+ReciprocalUtils.decoder(userInfo.getAppLoginPassword()));
+		_logger.debug("App Login Password : "+userInfo.getAppLoginPassword());
+		_logger.debug("App Login new Password : "+ReciprocalUtils.encode(newPassword));
 		if(newPassword.equals(confirmPassword)){
 			if(StringUtils.isNullOrBlank(userInfo.getAppLoginPassword())||userInfo.getAppLoginPassword().equals(ReciprocalUtils.encode(oldPassword))){
 				userInfo.setAppLoginPassword(ReciprocalUtils.encode(newPassword));

--- a/maxkey-web-maxkey/src/main/resources/templates/views/safe/timeBased.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/safe/timeBased.ftl
@@ -14,7 +14,8 @@
 				<td colspan="2"><@locale code="login.totp.title" /></td>
 			</tr>
 			<tr>
-				<td> <img id="captchaimg" src="<@base/>/image/${id}" /></td>
+				<td> <img id="captchaimg" src="<@base/>/image/${id}" /><br>
+				支持<b>Google Authenticator等</b></td>
 				<td   style="width:75%;">
 					<table  class="table"   style="width:100%;">
 						<tr>