修复个人信息修改漏洞

dd37524b · RuoYi · 0c76d453 · dd37524b · dd37524b · dd37524b
Commit dd37524b authored Jan 08, 2019 by RuoYi
4 changed files
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java
 package com.ruoyi.web.controller.system;

-import org.apache.shiro.crypto.hash.Md5Hash;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -17,6 +15,7 @@ import com.ruoyi.common.annotation.Log;
 import com.ruoyi.common.base.AjaxResult;
 import com.ruoyi.common.config.Global;
 import com.ruoyi.common.enums.BusinessType;
+import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.framework.shiro.service.SysPasswordService;
 import com.ruoyi.framework.util.FileUploadUtils;
 import com.ruoyi.framework.util.ShiroUtils;
@@ -66,54 +65,63 @@ public class SysProfileController extends BaseController
    public boolean checkPassword(String password)
    {
        SysUser user = getSysUser();
-        String encrypt = new Md5Hash(user.getLoginName() + password + user.getSalt()).toHex().toString();
-        if (user.getPassword().equals(encrypt))
+        if (passwordService.matches(user, password))
        {
            return true;
        }
        return false;
    }

-    @GetMapping("/resetPwd/{userId}")
-    public String resetPwd(@PathVariable("userId") Long userId, ModelMap mmap)
+    @GetMapping("/resetPwd")
+    public String resetPwd(ModelMap mmap)
    {
-        mmap.put("user", userService.selectUserById(userId));
+        SysUser user = getSysUser();
+        mmap.put("user", userService.selectUserById(user.getUserId()));
        return prefix + "/resetPwd";
    }

    @Log(title = "重置密码", businessType = BusinessType.UPDATE)
    @PostMapping("/resetPwd")
    @ResponseBody
-    public AjaxResult resetPwd(SysUser user)
+    public AjaxResult resetPwd(String oldPassword, String newPassword)
    {
-        user.setSalt(ShiroUtils.randomSalt());
-        user.setPassword(passwordService.encryptPassword(user.getLoginName(), user.getPassword(), user.getSalt()));
-        int rows = userService.resetUserPwd(user);
-        if (rows > 0)
+        SysUser user = getSysUser();
+        if (StringUtils.isNotEmpty(newPassword) && passwordService.matches(user, oldPassword))
        {
-            setSysUser(userService.selectUserById(user.getUserId()));
-            return success();
+            user.setSalt(ShiroUtils.randomSalt());
+            user.setPassword(passwordService.encryptPassword(user.getLoginName(), newPassword, user.getSalt()));
+            if (userService.resetUserPwd(user) > 0)
+            {
+                setSysUser(userService.selectUserById(user.getUserId()));
+                return success();
+            }
+            return error();
+        }
+        else
+        {
+            return error("修改密码失败，旧密码错误");
        }
-        return error();
    }

    /**
     * 修改用户
     */
-    @GetMapping("/edit/{userId}")
-    public String edit(@PathVariable("userId") Long userId, ModelMap mmap)
+    @GetMapping("/edit")
+    public String edit(ModelMap mmap)
    {
-        mmap.put("user", userService.selectUserById(userId));
+        SysUser user = getSysUser();
+        mmap.put("user", userService.selectUserById(user.getUserId()));
        return prefix + "/edit";
    }

    /**
     * 修改头像
     */
-    @GetMapping("/avatar/{userId}")
-    public String avatar(@PathVariable("userId") Long userId, ModelMap mmap)
+    @GetMapping("/avatar")
+    public String avatar(ModelMap mmap)
    {
-        mmap.put("user", userService.selectUserById(userId));
+        SysUser user = getSysUser();
+        mmap.put("user", userService.selectUserById(user.getUserId()));
        return prefix + "/avatar";
    }

@@ -125,9 +133,14 @@ public class SysProfileController extends BaseController
    @ResponseBody
    public AjaxResult update(SysUser user)
    {
-        if (userService.updateUserInfo(user) > 0)
+        SysUser currentUser = getSysUser();
+        currentUser.setUserName(user.getUserName());
+        currentUser.setEmail(user.getEmail());
+        currentUser.setPhonenumber(user.getPhonenumber());
+        currentUser.setSex(user.getSex());
+        if (userService.updateUserInfo(currentUser) > 0)
        {
-            setSysUser(userService.selectUserById(user.getUserId()));
+            setSysUser(userService.selectUserById(currentUser.getUserId()));
            return success();
        }
        return error();
@@ -139,17 +152,18 @@ public class SysProfileController extends BaseController
    @Log(title = "个人信息", businessType = BusinessType.UPDATE)
    @PostMapping("/updateAvatar")
    @ResponseBody
-    public AjaxResult updateAvatar(SysUser user, @RequestParam("avatarfile") MultipartFile file)
+    public AjaxResult updateAvatar(@RequestParam("avatarfile") MultipartFile file)
    {
+        SysUser currentUser = getSysUser();
        try
        {
            if (!file.isEmpty())
            {
                String avatar = FileUploadUtils.upload(Global.getAvatarPath(), file);
-                user.setAvatar(avatar);
-                if (userService.updateUserInfo(user) > 0)
+                currentUser.setAvatar(avatar);
+                if (userService.updateUserInfo(currentUser) > 0)
                {
-                    setSysUser(userService.selectUserById(user.getUserId()));
+                    setSysUser(userService.selectUserById(currentUser.getUserId()));
                    return success();
                }
            }

--- a/ruoyi-admin/src/main/resources/templates/system/user/profile/avatar.html
+++ b/ruoyi-admin/src/main/resources/templates/system/user/profile/avatar.html
@@ -4,7 +4,6 @@
 <title>用户头像修改</title>
 <link th:href="@{/ajax/libs/cropbox/cropbox.css}" rel="stylesheet"/>
 <body class="white-bg">
-    <input name="userId" id="userId" type="hidden"  th:value="${user.userId}" />
    <div class="container"> 
        <div class="imageBox"> 
 	        <div class="thumbBox"></div> 
@@ -68,7 +67,6 @@ function submitHandler() {
    var img = cropper.getBlob();
    var formdata = new FormData();
    formdata.append("avatarfile", img);
-    formdata.append("userId", $("#userId").val());
    $.ajax({
        url: ctx + "system/user/profile/updateAvatar",
        data: formdata,

--- a/ruoyi-admin/src/main/resources/templates/system/user/profile/profile.html
+++ b/ruoyi-admin/src/main/resources/templates/system/user/profile/profile.html
@@ -58,20 +58,19 @@
    
    <div th:include="include::footer"></div>
    <script>
-        var userId = [[${user.userId}]];
 	    /*用户信息-修改*/
 	    function edit() {
-	        var url = ctx + "system/user/profile/edit/" + userId;
+	        var url = ctx + 'system/user/profile/edit';
 	        $.modal.open("修改用户", url);
 	    }
 	    /*用户管理-重置密码*/
 	    function resetPwd() {
-	        var url = ctx + 'system/user/profile/resetPwd/' + userId;
+	        var url = ctx + 'system/user/profile/resetPwd';
 	        $.modal.open("重置密码", url, '800', '500');
 	    }
 	    /*用户管理-头像*/
 	    function avatar() {
-	        var url = ctx + 'system/user/profile/avatar/' + userId;
+	        var url = ctx + 'system/user/profile/avatar';
 	        $.modal.open("修改头像", url);
 	    }
 	</script>

--- a/ruoyi-admin/src/main/resources/templates/system/user/profile/resetPwd.html
+++ b/ruoyi-admin/src/main/resources/templates/system/user/profile/resetPwd.html
@@ -21,7 +21,7 @@
 			<div class="form-group">
 				<label class="col-sm-3 control-label">新密码：</label>
 				<div class="col-sm-8">
-					<input class="form-control" type="password" name="password" id="password">
+					<input class="form-control" type="password" name="newPassword" id="newPassword">
 				</div>
 			</div>
 			<div class="form-group">
@@ -51,14 +51,14 @@
 	                    }
 	                }
 				},
-				password: {
+				newPassword: {
 	                required: true,
 	                minlength: 5,
 	    			maxlength: 20
 	            },
 	            confirm: {
 	                required: true,
-	                equalTo: "#password"
+	                equalTo: "#newPassword"
 	            }
 			},
 			messages: {
@@ -66,7 +66,7 @@
 	                required: "请输入原密码",
 	                remote: "原密码错误"
 	            },
-	            password: {
+	            newPassword: {
 	                required: "请输入新密码",
 	                minlength: "密码不能小于6个字符",
 	                maxlength: "密码不能大于20个字符"