wkc/loan-pricing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

接入用户密码接口解密

Browse Source
This commit is contained in:
wkc
2026-03-30 10:43:13 +08:00
parent 92bdd58d27
commit e8959805e5
2 changed files with 119 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java
View File

@@ -27,6 +27,7 @@ import com.ruoyi.common.enums.BusinessType;
import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.poi.ExcelUtil; import com.ruoyi.common.utils.poi.ExcelUtil;
import com.ruoyi.framework.web.service.PasswordTransferCryptoService;
import com.ruoyi.system.service.ISysDeptService; import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysPostService; import com.ruoyi.system.service.ISysPostService;
import com.ruoyi.system.service.ISysRoleService; import com.ruoyi.system.service.ISysRoleService;
@@ -53,6 +54,9 @@ public class SysUserController extends BaseController
@Autowired @Autowired
private ISysPostService postService; private ISysPostService postService;
@Autowired
private PasswordTransferCryptoService passwordTransferCryptoService;
/** /**
* 获取用户列表 * 获取用户列表
*/ */
@@ -139,6 +143,7 @@ public class SysUserController extends BaseController
return error("新增用户'" + user.getUserName() + "'失败,邮箱账号已存在"); return error("新增用户'" + user.getUserName() + "'失败,邮箱账号已存在");
} }
user.setCreateBy(getUsername()); user.setCreateBy(getUsername());
user.setPassword(passwordTransferCryptoService.decrypt(user.getPassword()));
user.setPassword(SecurityUtils.encryptPassword(user.getPassword())); user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
return toAjax(userService.insertUser(user)); return toAjax(userService.insertUser(user));
} }
@@ -196,6 +201,7 @@ public class SysUserController extends BaseController
{ {
userService.checkUserAllowed(user); userService.checkUserAllowed(user);
userService.checkUserDataScope(user.getUserId()); userService.checkUserDataScope(user.getUserId());
user.setPassword(passwordTransferCryptoService.decrypt(user.getPassword()));
user.setPassword(SecurityUtils.encryptPassword(user.getPassword())); user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
user.setUpdateBy(getUsername()); user.setUpdateBy(getUsername());
return toAjax(userService.resetPwd(user)); return toAjax(userService.resetPwd(user));

113
ruoyi-admin/src/test/java/com/ruoyi/web/controller/system/SysUserControllerPasswordTransferTest.java Normal file
View File

@@ -0,0 +1,113 @@
package com.ruoyi.web.controller.system;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import java.util.Collections;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentCaptor;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.framework.web.service.PasswordTransferCryptoService;
import com.ruoyi.system.service.ISysDeptService;
import com.ruoyi.system.service.ISysPostService;
import com.ruoyi.system.service.ISysRoleService;
import com.ruoyi.system.service.ISysUserService;
class SysUserControllerPasswordTransferTest
{
@AfterEach
void tearDown()
{
SecurityContextHolder.clearContext();
}
@Test
void shouldDecryptPasswordBeforeAddingUser() throws Exception
{
ISysUserService userService = mock(ISysUserService.class);
ISysRoleService roleService = mock(ISysRoleService.class);
ISysDeptService deptService = mock(ISysDeptService.class);
ISysPostService postService = mock(ISysPostService.class);
PasswordTransferCryptoService passwordTransferCryptoService = mock(PasswordTransferCryptoService.class);
when(passwordTransferCryptoService.decrypt("cipher")).thenReturn("initPwd");
when(userService.checkUserNameUnique(org.mockito.ArgumentMatchers.any(SysUser.class))).thenReturn(true);
when(userService.insertUser(org.mockito.ArgumentMatchers.any(SysUser.class))).thenReturn(1);
setAuthentication();
SysUserController controller = new SysUserController();
ReflectionTestUtils.setField(controller, "userService", userService);
ReflectionTestUtils.setField(controller, "roleService", roleService);
ReflectionTestUtils.setField(controller, "deptService", deptService);
ReflectionTestUtils.setField(controller, "postService", postService);
ReflectionTestUtils.setField(controller, "passwordTransferCryptoService", passwordTransferCryptoService);
MockMvc mockMvc = MockMvcBuilders.standaloneSetup(controller).build();
mockMvc.perform(post("/system/user")
.contentType("application/json")
.content("{\"userName\":\"u1\",\"nickName\":\"n1\",\"deptId\":1,\"password\":\"cipher\"}"))
.andExpect(status().isOk());
verify(passwordTransferCryptoService).decrypt("cipher");
ArgumentCaptor<SysUser> captor = ArgumentCaptor.forClass(SysUser.class);
verify(userService).insertUser(captor.capture());
assertTrue(SecurityUtils.matchesPassword("initPwd", captor.getValue().getPassword()));
}
@Test
void shouldDecryptPasswordBeforeResettingUserPassword() throws Exception
{
ISysUserService userService = mock(ISysUserService.class);
ISysRoleService roleService = mock(ISysRoleService.class);
ISysDeptService deptService = mock(ISysDeptService.class);
ISysPostService postService = mock(ISysPostService.class);
PasswordTransferCryptoService passwordTransferCryptoService = mock(PasswordTransferCryptoService.class);
when(passwordTransferCryptoService.decrypt("cipher")).thenReturn("resetPwd");
when(userService.resetPwd(org.mockito.ArgumentMatchers.any(SysUser.class))).thenReturn(1);
setAuthentication();
SysUserController controller = new SysUserController();
ReflectionTestUtils.setField(controller, "userService", userService);
ReflectionTestUtils.setField(controller, "roleService", roleService);
ReflectionTestUtils.setField(controller, "deptService", deptService);
ReflectionTestUtils.setField(controller, "postService", postService);
ReflectionTestUtils.setField(controller, "passwordTransferCryptoService", passwordTransferCryptoService);
MockMvc mockMvc = MockMvcBuilders.standaloneSetup(controller).build();
mockMvc.perform(put("/system/user/resetPwd")
.contentType("application/json")
.content("{\"userId\":2,\"password\":\"cipher\"}"))
.andExpect(status().isOk());
verify(passwordTransferCryptoService).decrypt("cipher");
ArgumentCaptor<SysUser> captor = ArgumentCaptor.forClass(SysUser.class);
verify(userService).resetPwd(captor.capture());
assertTrue(SecurityUtils.matchesPassword("resetPwd", captor.getValue().getPassword()));
}
private void setAuthentication()
{
SysUser currentUser = new SysUser();
currentUser.setUserId(1L);
currentUser.setUserName("admin");
LoginUser loginUser = new LoginUser(1L, 1L, currentUser, Collections.emptySet());
SecurityContextHolder.getContext()
.setAuthentication(new UsernamePasswordAuthenticationToken(loginUser, null, Collections.emptyList()));
}
}