Merge pull request #318 from zhangbin1010/dev

[Upgrade] 增加用户密码加解密工具类
zhangbinhub · Oct 12, 2021 · 843d2d8 · 843d2d8
2 parents 5a5ba0a + 368ee80
commit 843d2d8
Show file tree

Hide file tree

Showing 5 changed files with 83 additions and 38 deletions.
diff --git a/cloud/oauth-server/src/main/kotlin/pers/acp/admin/oauth/component/UserPasswordEncrypt.kt b/cloud/oauth-server/src/main/kotlin/pers/acp/admin/oauth/component/UserPasswordEncrypt.kt
@@ -0,0 +1,60 @@
+package pers.acp.admin.oauth.component
+
+import org.springframework.stereotype.Component
+import pers.acp.core.CommonTools
+import pers.acp.core.security.Sha256Encrypt
+
+/**
+ * 密码加解密工具类
+ */
+@Component
+class UserPasswordEncrypt {
+    /**
+     * 密码加密（用于存储）
+     * @param loginNo 登录账号
+     * @param password 密码明文
+     * @return 加密后的存储密文
+     */
+    fun encrypt(loginNo: String, password: String) = Sha256Encrypt.encrypt(Sha256Encrypt.encrypt(password) + loginNo)
+
+    /**
+     * 密码加密（用于登录）
+     * @param encryptedPassword 加密后的密码存储密文
+     * @return 加密后的验证密文
+     */
+    fun encryptForLogin(encryptedPassword: String) =
+        encryptForLogin(encryptedPassword, CommonTools.getDateTimeString(dateTimeFormat = "yyyyMMddHH"))
+
+    /**
+     * 密码登录验证
+     * @param rawPassword 用户输入的密码
+     * @param encryptedPassword 加密后的密码存储密文
+     * @return true|false
+     */
+    fun matches(rawPassword: String, encryptedPassword: String): Boolean =
+        CommonTools.getNowDateTime().let { now ->
+            for (o in -offset..offset) {
+                val password = encryptForLogin(
+                    encryptedPassword,
+                    CommonTools.getDateTimeString(now.plusHours(o), "yyyyMMddHH")
+                )
+                if (rawPassword.equals(password, ignoreCase = true)) {
+                    return true
+                }
+            }
+            false
+        }
+
+    /**
+     * 密码加密（用于登录）
+     * @param encryptedPassword 加密后的密码存储密文
+     * @param factor 加密因子
+     * @return 加密后的验证密文
+     */
+    private fun encryptForLogin(encryptedPassword: String, factor: String) =
+        Sha256Encrypt.encrypt(encryptedPassword + factor)
+
+    companion object {
+        private const val offset = 1
+    }
+}
diff --git a/cloud/oauth-server/src/main/kotlin/pers/acp/admin/oauth/domain/UserDomain.kt b/cloud/oauth-server/src/main/kotlin/pers/acp/admin/oauth/domain/UserDomain.kt
@@ -20,9 +20,9 @@ import pers.acp.admin.oauth.repo.RoleRepository
 import pers.acp.admin.oauth.repo.UserRepository
 import pers.acp.admin.oauth.token.SecurityTokenService
 import pers.acp.admin.common.vo.UserVo
+import pers.acp.admin.oauth.component.UserPasswordEncrypt
 import pers.acp.admin.oauth.constant.OauthConstant
 import pers.acp.core.CommonTools
-import pers.acp.core.security.Sha256Encrypt
 import pers.acp.spring.boot.exceptions.ServerException
 
 import javax.persistence.criteria.JoinType
@@ -38,6 +38,7 @@ import java.util.*
 class UserDomain @Autowired
 constructor(
     userRepository: UserRepository,
+    private val userPasswordEncrypt: UserPasswordEncrypt,
     private val stringRedisTemplate: StringRedisTemplate,
     private val applicationRepository: ApplicationRepository,
     private val organizationRepository: OrganizationRepository,
@@ -142,7 +143,7 @@ constructor(
         return doSave(
             User(
                 loginNo = userPo.loginNo!!,
-                password = Sha256Encrypt.encrypt(Sha256Encrypt.encrypt(DEFAULT_PASSWORD) + userPo.loginNo!!),
+                password = userPasswordEncrypt.encrypt(userPo.loginNo!!, DEFAULT_PASSWORD),
                 roleSet = roleSet
             ), userPo
         )
@@ -164,7 +165,7 @@ constructor(
             }
             if (this.loginNo != userPo.loginNo) {
                 this.loginNo = userPo.loginNo!!
-                this.password = Sha256Encrypt.encrypt(Sha256Encrypt.encrypt(DEFAULT_PASSWORD) + userPo.loginNo!!)
+                this.password = userPasswordEncrypt.encrypt(userPo.loginNo!!, DEFAULT_PASSWORD)
                 this.lastUpdatePasswordTime = null
                 removeToken(userPo.loginNo!!)
             }
@@ -182,7 +183,7 @@ constructor(
                         throw ServerException("不能修改级别比自身大或相等的用户信息")
                     }
                 }
-                this.password = Sha256Encrypt.encrypt(Sha256Encrypt.encrypt(DEFAULT_PASSWORD) + this.loginNo)
+                this.password = userPasswordEncrypt.encrypt(this.loginNo, DEFAULT_PASSWORD)
                 this.lastUpdatePasswordTime = null
                 userRepository.save(this)
                 removeToken(this.loginNo)

diff --git a/.../src/main/kotlin/pers/acp/admin/oauth/token/granter/UserPasswordAuthenticationProvider.kt b/.../src/main/kotlin/pers/acp/admin/oauth/token/granter/UserPasswordAuthenticationProvider.kt
@@ -7,20 +7,16 @@ import org.springframework.security.authentication.AuthenticationProvider
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.SpringSecurityMessageSource
 import org.springframework.stereotype.Component
+import pers.acp.admin.oauth.component.UserPasswordEncrypt
 import pers.acp.admin.oauth.security.SecurityUserDetailsService
 import pers.acp.admin.oauth.token.UserPasswordAuthenticationToken
 import pers.acp.admin.oauth.token.error.CustomerOAuth2Exception
-import pers.acp.core.CommonTools
-import pers.acp.core.security.Sha256Encrypt
 
 @Component
 class UserPasswordAuthenticationProvider(
-    private val userDetailsService: SecurityUserDetailsService
+    private val userDetailsService: SecurityUserDetailsService,
+    private val userPasswordEncrypt: UserPasswordEncrypt
 ) : AuthenticationProvider, MessageSourceAware {
-    companion object {
-        private const val offset = 1
-    }
-
     private var messages: MessageSourceAccessor = SpringSecurityMessageSource.getAccessor()
     override fun authenticate(authentication: Authentication?): Authentication? {
         if (!supports(authentication?.javaClass)) {
@@ -32,7 +28,7 @@ class UserPasswordAuthenticationProvider(
                     throw CustomerOAuth2Exception("用户已被锁定或禁用！")
                 }
                 authentication.credentials?.toString()?.let { password ->
-                    if (!matches(password, user.password)) {
+                    if (!userPasswordEncrypt.matches(password, user.password)) {
                         userDetailsService.storePasswordErrorTime(username)
                         throw CustomerOAuth2Exception("用户名或密码不正确！")
                     } else {
@@ -54,21 +50,4 @@ class UserPasswordAuthenticationProvider(
     override fun setMessageSource(messageSource: MessageSource) {
         messages = MessageSourceAccessor(messageSource)
     }
-
-    /**
-     * 密码验证
-     * @param rawPassword 用户输入的密码
-     * @param userPassword 系统存储的密码
-     */
-    private fun matches(rawPassword: String, userPassword: String): Boolean =
-        CommonTools.getNowDateTime().let { now ->
-            for (o in -offset..offset) {
-                val password =
-                    Sha256Encrypt.encrypt(userPassword + CommonTools.getDateTimeString(now.plusHours(o), "yyyyMMddHH"))
-                if (rawPassword.equals(password, ignoreCase = true)) {
-                    return true
-                }
-            }
-            false
-        }
 }
diff --git a/cloud/oauth-server/src/test/java/pers/acp/admin/oauth/nobuild/InitData.java b/cloud/oauth-server/src/test/java/pers/acp/admin/oauth/nobuild/InitData.java
diff --git a/doc/version_history.md b/doc/version_history.md
@@ -1,12 +1,14 @@
 ## 版本更新记录
 ##### v5.1.1
-> - Global
->   - [Upgrade] hikari连接池配置中增加connection-timeout
->   - [Upgrade] 升级依赖
->     - Acp 6.7.1
->     - kotlin 1.5.31
->     - Spring Boot 2.5.5
->     - kotlin coroutines 1.5.2
+- Global
+  - [Upgrade] hikari连接池配置中增加connection-timeout
+  - [Upgrade] 升级依赖
+    - Acp 6.7.1
+    - kotlin 1.5.31
+    - Spring Boot 2.5.5
+    - kotlin coroutines 1.5.2
+- oauth-server
+  - [Upgrade] 增加用户密码加解密工具类
 ##### v5.1.0
 > - Global
 >   - [Upgrade] 升级 Gradle 至 7.2