third_codes/PowerJob
1
0
Fork 1
mirror of https://github.com/PowerJob/PowerJob.git synced 2025-07-17 00:00:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: [auth] improve powerjob self login security

Browse Source
This commit is contained in:
tjq 2023-04-16 16:53:50 +08:00
parent 9bf9746397
commit a1edf3dbd5
3 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
powerjob-common/src/main/java/tech/powerjob/common/utils/DigestUtils.java
View File

@ -33,4 +33,9 @@ public class DigestUtils {
} }
return result.toString(); return result.toString();
} }
public static String rePassword(String password, String salt) {
String f1 = String.format("%s_%s_z", salt, password);
return String.format("%s_%s_b", salt, md5(f1));
}
} }

7
powerjob-server/powerjob-server-auth/src/main/java/tech/powerjob/server/auth/login/impl/PowerJobSelfLoginService.java
View File

@ -68,7 +68,7 @@ public class PowerJobSelfLoginService implements BizLoginService {
final UserInfoDO dbUser = userInfoOpt.get(); final UserInfoDO dbUser = userInfoOpt.get();
if (s(username, password).equals(dbUser.getPassword())) { if (DigestUtils.rePassword(password, username).equals(dbUser.getPassword())) {
BizUser bizUser = new BizUser(); BizUser bizUser = new BizUser();
bizUser.setUsername(username); bizUser.setUsername(username);
return bizUser; return bizUser;
@ -77,9 +77,4 @@ public class PowerJobSelfLoginService implements BizLoginService {
Loggers.WEB.debug("[DefaultBizLoginService] user[{}]'s password is incorrect, login failed!", username); Loggers.WEB.debug("[DefaultBizLoginService] user[{}]'s password is incorrect, login failed!", username);
throw new PowerJobException("password is incorrect"); throw new PowerJobException("password is incorrect");
} }
private static String s(String username, String password) {
String f1 = String.format("%s_%s_z", username, password);
return String.format("%s_%s_b", username, DigestUtils.md5(f1));
}
} }

8
powerjob-server/powerjob-server-core/src/main/java/tech/powerjob/server/core/service/UserService.java
View File

@ -1,5 +1,6 @@
package tech.powerjob.server.core.service; package tech.powerjob.server.core.service;
import tech.powerjob.common.utils.DigestUtils;
import tech.powerjob.server.persistence.remote.model.UserInfoDO; import tech.powerjob.server.persistence.remote.model.UserInfoDO;
import tech.powerjob.server.persistence.remote.repository.UserInfoRepository; import tech.powerjob.server.persistence.remote.repository.UserInfoRepository;
import com.google.common.base.Splitter; import com.google.common.base.Splitter;
@ -32,6 +33,13 @@ public class UserService {
public void save(UserInfoDO userInfoDO) { public void save(UserInfoDO userInfoDO) {
userInfoDO.setGmtCreate(new Date()); userInfoDO.setGmtCreate(new Date());
userInfoDO.setGmtModified(userInfoDO.getGmtCreate()); userInfoDO.setGmtModified(userInfoDO.getGmtCreate());
// 二次加密密码
final String password = userInfoDO.getPassword();
if (StringUtils.isNotEmpty(password)) {
userInfoDO.setPassword(DigestUtils.rePassword(password, userInfoDO.getUsername()));
}
userInfoRepository.saveAndFlush(userInfoDO); userInfoRepository.saveAndFlush(userInfoDO);
} }