Prechádzať zdrojové kódy

修复个人信息修改漏洞

RuoYi 6 rokov pred
rodič
commit
dd37524b04

+ 41 - 27
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java

@@ -1,13 +1,11 @@
 package com.ruoyi.web.controller.system;
 
-import org.apache.shiro.crypto.hash.Md5Hash;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -17,6 +15,7 @@ import com.ruoyi.common.annotation.Log;
 import com.ruoyi.common.base.AjaxResult;
 import com.ruoyi.common.config.Global;
 import com.ruoyi.common.enums.BusinessType;
+import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.framework.shiro.service.SysPasswordService;
 import com.ruoyi.framework.util.FileUploadUtils;
 import com.ruoyi.framework.util.ShiroUtils;
@@ -66,54 +65,63 @@ public class SysProfileController extends BaseController
     public boolean checkPassword(String password)
     {
         SysUser user = getSysUser();
-        String encrypt = new Md5Hash(user.getLoginName() + password + user.getSalt()).toHex().toString();
-        if (user.getPassword().equals(encrypt))
+        if (passwordService.matches(user, password))
         {
             return true;
         }
         return false;
     }
 
-    @GetMapping("/resetPwd/{userId}")
-    public String resetPwd(@PathVariable("userId") Long userId, ModelMap mmap)
+    @GetMapping("/resetPwd")
+    public String resetPwd(ModelMap mmap)
     {
-        mmap.put("user", userService.selectUserById(userId));
+        SysUser user = getSysUser();
+        mmap.put("user", userService.selectUserById(user.getUserId()));
         return prefix + "/resetPwd";
     }
 
     @Log(title = "重置密码", businessType = BusinessType.UPDATE)
     @PostMapping("/resetPwd")
     @ResponseBody
-    public AjaxResult resetPwd(SysUser user)
+    public AjaxResult resetPwd(String oldPassword, String newPassword)
     {
-        user.setSalt(ShiroUtils.randomSalt());
-        user.setPassword(passwordService.encryptPassword(user.getLoginName(), user.getPassword(), user.getSalt()));
-        int rows = userService.resetUserPwd(user);
-        if (rows > 0)
+        SysUser user = getSysUser();
+        if (StringUtils.isNotEmpty(newPassword) && passwordService.matches(user, oldPassword))
         {
-            setSysUser(userService.selectUserById(user.getUserId()));
-            return success();
+            user.setSalt(ShiroUtils.randomSalt());
+            user.setPassword(passwordService.encryptPassword(user.getLoginName(), newPassword, user.getSalt()));
+            if (userService.resetUserPwd(user) > 0)
+            {
+                setSysUser(userService.selectUserById(user.getUserId()));
+                return success();
+            }
+            return error();
+        }
+        else
+        {
+            return error("修改密码失败,旧密码错误");
         }
-        return error();
     }
 
     /**
      * 修改用户
      */
-    @GetMapping("/edit/{userId}")
-    public String edit(@PathVariable("userId") Long userId, ModelMap mmap)
+    @GetMapping("/edit")
+    public String edit(ModelMap mmap)
     {
-        mmap.put("user", userService.selectUserById(userId));
+        SysUser user = getSysUser();
+        mmap.put("user", userService.selectUserById(user.getUserId()));
         return prefix + "/edit";
     }
 
     /**
      * 修改头像
      */
-    @GetMapping("/avatar/{userId}")
-    public String avatar(@PathVariable("userId") Long userId, ModelMap mmap)
+    @GetMapping("/avatar")
+    public String avatar(ModelMap mmap)
     {
-        mmap.put("user", userService.selectUserById(userId));
+        SysUser user = getSysUser();
+        mmap.put("user", userService.selectUserById(user.getUserId()));
         return prefix + "/avatar";
     }
 
@@ -125,9 +133,14 @@ public class SysProfileController extends BaseController
     @ResponseBody
     public AjaxResult update(SysUser user)
     {
-        if (userService.updateUserInfo(user) > 0)
+        SysUser currentUser = getSysUser();
+        currentUser.setUserName(user.getUserName());
+        currentUser.setEmail(user.getEmail());
+        currentUser.setPhonenumber(user.getPhonenumber());
+        currentUser.setSex(user.getSex());
+        if (userService.updateUserInfo(currentUser) > 0)
         {
-            setSysUser(userService.selectUserById(user.getUserId()));
+            setSysUser(userService.selectUserById(currentUser.getUserId()));
             return success();
         }
         return error();
@@ -139,17 +152,18 @@ public class SysProfileController extends BaseController
     @Log(title = "个人信息", businessType = BusinessType.UPDATE)
     @PostMapping("/updateAvatar")
     @ResponseBody
-    public AjaxResult updateAvatar(SysUser user, @RequestParam("avatarfile") MultipartFile file)
+    public AjaxResult updateAvatar(@RequestParam("avatarfile") MultipartFile file)
     {
+        SysUser currentUser = getSysUser();
         try
         {
             if (!file.isEmpty())
             {
                 String avatar = FileUploadUtils.upload(Global.getAvatarPath(), file);
-                user.setAvatar(avatar);
-                if (userService.updateUserInfo(user) > 0)
+                currentUser.setAvatar(avatar);
+                if (userService.updateUserInfo(currentUser) > 0)
                 {
-                    setSysUser(userService.selectUserById(user.getUserId()));
+                    setSysUser(userService.selectUserById(currentUser.getUserId()));
                     return success();
                 }
             }

+ 0 - 2
ruoyi-admin/src/main/resources/templates/system/user/profile/avatar.html

@@ -4,7 +4,6 @@
 <title>用户头像修改</title>
 <link th:href="@{/ajax/libs/cropbox/cropbox.css}" rel="stylesheet"/>
 <body class="white-bg">
-    <input name="userId" id="userId" type="hidden"  th:value="${user.userId}" />
     <div class="container"> 
         <div class="imageBox"> 
 	        <div class="thumbBox"></div> 
@@ -68,7 +67,6 @@ function submitHandler() {
     var img = cropper.getBlob();
     var formdata = new FormData();
     formdata.append("avatarfile", img);
-    formdata.append("userId", $("#userId").val());
     $.ajax({
         url: ctx + "system/user/profile/updateAvatar",
         data: formdata,

+ 3 - 4
ruoyi-admin/src/main/resources/templates/system/user/profile/profile.html

@@ -58,20 +58,19 @@
     
     <div th:include="include::footer"></div>
     <script>
-        var userId = [[${user.userId}]];
 	    /*用户信息-修改*/
 	    function edit() {
-	        var url = ctx + "system/user/profile/edit/" + userId;
+	        var url = ctx + 'system/user/profile/edit';
 	        $.modal.open("修改用户", url);
 	    }
 	    /*用户管理-重置密码*/
 	    function resetPwd() {
-	        var url = ctx + 'system/user/profile/resetPwd/' + userId;
+	        var url = ctx + 'system/user/profile/resetPwd';
 	        $.modal.open("重置密码", url, '800', '500');
 	    }
 	    /*用户管理-头像*/
 	    function avatar() {
-	        var url = ctx + 'system/user/profile/avatar/' + userId;
+	        var url = ctx + 'system/user/profile/avatar';
 	        $.modal.open("修改头像", url);
 	    }
 	</script>

+ 4 - 4
ruoyi-admin/src/main/resources/templates/system/user/profile/resetPwd.html

@@ -21,7 +21,7 @@
 			<div class="form-group">
 				<label class="col-sm-3 control-label">新密码:</label>
 				<div class="col-sm-8">
-					<input class="form-control" type="password" name="password" id="password">
+					<input class="form-control" type="password" name="newPassword" id="newPassword">
 				</div>
 			</div>
 			<div class="form-group">
@@ -51,14 +51,14 @@
 	                    }
 	                }
 				},
-				password: {
+				newPassword: {
 	                required: true,
 	                minlength: 5,
 	    			maxlength: 20
 	            },
 	            confirm: {
 	                required: true,
-	                equalTo: "#password"
+	                equalTo: "#newPassword"
 	            }
 			},
 			messages: {
@@ -66,7 +66,7 @@
 	                required: "请输入原密码",
 	                remote: "原密码错误"
 	            },
-	            password: {
+	            newPassword: {
 	                required: "请输入新密码",
 	                minlength: "密码不能小于6个字符",
 	                maxlength: "密码不能大于20个字符"