修改密码加密规则

2cc4c23b · Quxl · 5ef770df · 2cc4c23b · 2cc4c23b · 2cc4c23b
Commit 2cc4c23b authored Oct 10, 2018 by Quxl
5 changed files
--- a/src/main/java/com/egolm/film/api/MemberOpenApiController.java
+++ b/src/main/java/com/egolm/film/api/MemberOpenApiController.java
@@ -18,6 +18,7 @@ import com.egolm.film.api.member.service.MemberService;
 import com.egolm.film.bean.Fc_member;
 import com.egolm.film.common.EmailService;
 import com.egolm.film.common.Messages;
+import com.egolm.film.config.Common;
 import com.egolm.film.config.interceptor.LocaleSessionInterceptor;

 import io.swagger.annotations.Api;
@@ -49,9 +50,12 @@ public class MemberOpenApiController {
 	})
 	public Object register(HttpServletRequest request, String username, String password, String email) {
 		Locale locale = LocaleContextHolder.getLocale();
+		String salt = Common.getGenerateString(6);
+		String encodePwd = memberService.encodePassword(salt, password);
 		Fc_member member = new Fc_member();
+		member.setSalt(salt);
 		member.setUsername(username);
-		member.setPassword(memberService.encodePassword(password));
+		member.setPassword(encodePwd);
 		member.setEmail(email);
 		member.setCreate_ip(ServletUtil.remoteIp(request));
 		member.setCreate_time(System.currentTimeMillis());

--- a/src/main/java/com/egolm/film/api/member/service/MemberService.java
+++ b/src/main/java/com/egolm/film/api/member/service/MemberService.java
@@ -7,7 +7,7 @@ import com.egolm.film.bean.Fc_member;

 public interface MemberService {
 	
-	String encodePassword(String password);
+	String encodePassword(String salt, String password);
 	
 	Fc_member getMemberByEmail(String email);
 	

--- a/src/main/java/com/egolm/film/api/member/service/impl/MemberServiceImpl.java
+++ b/src/main/java/com/egolm/film/api/member/service/impl/MemberServiceImpl.java
@@ -21,7 +21,7 @@ public class MemberServiceImpl implements MemberService {
 	@Override
 	public void changePassword(String id, String newPassword) {
 		String sql = "update fc_member set password = ? where id = ?";
-		jdbcTemplate.executeUpdate(sql, this.encodePassword(newPassword), id);
+		jdbcTemplate.executeUpdate(sql, newPassword, id);
 	}

 	@Override
@@ -31,8 +31,8 @@ public class MemberServiceImpl implements MemberService {
 	}

 	@Override
-	public String encodePassword(String password) {
-		return StringUtil.toMD5HexString(password);
+	public String encodePassword(String salt, String password) {
+		return StringUtil.toMD5HexString(StringUtil.toMD5HexString(password + salt).toLowerCase().substring(4, 20)).toLowerCase();
 	}

 	@Override

--- a/src/main/java/com/egolm/film/config/Common.java
+++ b/src/main/java/com/egolm/film/config/Common.java
+package com.egolm.film.config;
+
+import java.util.Random;
+
+public class Common {
+	
+	public static final String SOURCES="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890";
+
+	public static String getGenerateString(int length) {
+		Random random = new Random();
+        char[] text = new char[length];
+        for (int i = 0; i < length; i++) {
+            text[i] = SOURCES.charAt(random.nextInt(SOURCES.length()));
+        }
+        return new String(text);
+    }
+	
+	public static void main(String[] args) {
+		System.out.println(getGenerateString(8));
+	}
+	
+}
--- a/src/main/java/com/egolm/film/login/service/impl/MemberTokenServiceImpl.java
+++ b/src/main/java/com/egolm/film/login/service/impl/MemberTokenServiceImpl.java
@@ -10,6 +10,7 @@ import org.springframework.stereotype.Service;

 import com.egolm.common.StringUtil;
 import com.egolm.common.jdbc.JdbcTemplate;
+import com.egolm.film.api.member.service.MemberService;
 import com.egolm.film.common.Messages;
 import com.egolm.film.config.WebMvcConfig;
 import com.egolm.film.config.XException;
@@ -25,21 +26,30 @@ public class MemberTokenServiceImpl implements MemberTokenService {
 	@Autowired
 	private JdbcTemplate jdbcTemplate;
 	
+	@Autowired
+	private MemberService memberService;
+	
 	@Override
 	public LoginToken doLogin(String username, String password) {
 		HttpSession session = WebMvcConfig.getSession();
-		String md5String = StringUtil.toMD5HexString(password).toLowerCase();
-		String loginSql = "select * from fc_member where email = ? and password = ?";
-		List<Map<String, Object>> list = this.jdbcTemplate.queryForList(loginSql, username, md5String);
+		String loginSql = "select * from fc_member where email = ?";
+		List<Map<String, Object>> list = this.jdbcTemplate.queryForList(loginSql, username);
 		if(list != null) {
 			if(list.size() == 1) {
 				Map<String,Object> map = list.get(0);
 				Integer state = (Integer)map.get("state");
 				if(state == 1) {
-					Integer id = (Integer)map.get("id");
-					LoginToken token = new LoginToken(id);
-					session.setAttribute(TOKEN_NAME, token);
-					return token;
+					String salt = (String)map.get("salt");
+					String dbPwd = (String)map.get("password");
+					String encodePassword = memberService.encodePassword(salt, password);
+					if(encodePassword.equals(dbPwd)) {
+						Integer id = (Integer)map.get("id");
+						LoginToken token = new LoginToken(id);
+						session.setAttribute(TOKEN_NAME, token);
+						return token;
+					} else {
+						throw new XException(messages.get("sys.err.user_pwd_err"));
+					}
 				} else if(state == 2) {
 					throw new XException(messages.get("sys.err.user_disabled"));
 				} else {