From a1edf3dbd51f6dd2f5c9e909212bd1ea3369ad69 Mon Sep 17 00:00:00 2001 From: tjq Date: Sun, 16 Apr 2023 16:53:50 +0800 Subject: [PATCH] feat: [auth] improve powerjob self login security --- .../main/java/tech/powerjob/common/utils/DigestUtils.java | 5 +++++ .../server/auth/login/impl/PowerJobSelfLoginService.java | 7 +------ .../tech/powerjob/server/core/service/UserService.java | 8 ++++++++ 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/powerjob-common/src/main/java/tech/powerjob/common/utils/DigestUtils.java b/powerjob-common/src/main/java/tech/powerjob/common/utils/DigestUtils.java index a787d35a..7a62a8f3 100644 --- a/powerjob-common/src/main/java/tech/powerjob/common/utils/DigestUtils.java +++ b/powerjob-common/src/main/java/tech/powerjob/common/utils/DigestUtils.java @@ -33,4 +33,9 @@ public class DigestUtils { } return result.toString(); } + + public static String rePassword(String password, String salt) { + String f1 = String.format("%s_%s_z", salt, password); + return String.format("%s_%s_b", salt, md5(f1)); + } } diff --git a/powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/login/impl/PowerJobSelfLoginService.java b/powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/login/impl/PowerJobSelfLoginService.java index c04c8bc5..950ab921 100644 --- a/powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/login/impl/PowerJobSelfLoginService.java +++ b/powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/login/impl/PowerJobSelfLoginService.java @@ -68,7 +68,7 @@ public class PowerJobSelfLoginService implements BizLoginService { final UserInfoDO dbUser = userInfoOpt.get(); - if (s(username, password).equals(dbUser.getPassword())) { + if (DigestUtils.rePassword(password, username).equals(dbUser.getPassword())) { BizUser bizUser = new BizUser(); bizUser.setUsername(username); return bizUser; @@ -77,9 +77,4 @@ public class PowerJobSelfLoginService implements BizLoginService { Loggers.WEB.debug("[DefaultBizLoginService] user[{}]'s password is incorrect, login failed!", username); throw new PowerJobException("password is incorrect"); } - - private static String s(String username, String password) { - String f1 = String.format("%s_%s_z", username, password); - return String.format("%s_%s_b", username, DigestUtils.md5(f1)); - } } diff --git a/powerjob-server/powerjob-server-core/src/main/java/tech/powerjob/server/core/service/UserService.java b/powerjob-server/powerjob-server-core/src/main/java/tech/powerjob/server/core/service/UserService.java index 6acea5bd..f976d016 100644 --- a/powerjob-server/powerjob-server-core/src/main/java/tech/powerjob/server/core/service/UserService.java +++ b/powerjob-server/powerjob-server-core/src/main/java/tech/powerjob/server/core/service/UserService.java @@ -1,5 +1,6 @@ package tech.powerjob.server.core.service; +import tech.powerjob.common.utils.DigestUtils; import tech.powerjob.server.persistence.remote.model.UserInfoDO; import tech.powerjob.server.persistence.remote.repository.UserInfoRepository; import com.google.common.base.Splitter; @@ -32,6 +33,13 @@ public class UserService { public void save(UserInfoDO userInfoDO) { userInfoDO.setGmtCreate(new Date()); userInfoDO.setGmtModified(userInfoDO.getGmtCreate()); + + // 二次加密密码 + final String password = userInfoDO.getPassword(); + if (StringUtils.isNotEmpty(password)) { + userInfoDO.setPassword(DigestUtils.rePassword(password, userInfoDO.getUsername())); + } + userInfoRepository.saveAndFlush(userInfoDO); }