From 45307a8054b6ff42d9c11b3b5c2390b7516ea141 Mon Sep 17 00:00:00 2001
From: Charles7c <charles7c@126.com>
Date: Sat, 3 Feb 2024 13:31:24 +0800
Subject: [PATCH] =?UTF-8?q?refactor:=20=E4=BC=98=E5=8C=96=E4=BB=A3?=
 =?UTF-8?q?=E7=A0=81=EF=BC=8C=E4=BF=AE=E5=A4=8D=20sonar=20=E6=8F=90?=
 =?UTF-8?q?=E7=A4=BA=EF=BC=9Adetected=20in=20this=20expression,=20review?=
 =?UTF-8?q?=20this=20potentially=20hard-coded=20password.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../admin/system/service/impl/UserServiceImpl.java        | 7 +++----
 .../admin/webapi/system/UserCenterController.java         | 8 ++++----
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java b/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java
index 28b01acb..a486e65c 100644
--- a/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java
+++ b/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java
@@ -75,7 +75,6 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
     private final PasswordEncoder passwordEncoder;
     @Value("${avatar.support-suffix}")
     private String[] avatarSupportSuffix;
-    private static final String CURRENT_PASSWORD_ERROR = "当前密码错误";
 
     @Override
     public Long add(UserDO user) {
@@ -199,7 +198,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
         UserDO user = super.getById(id);
         String password = user.getPassword();
         if (StrUtil.isNotBlank(password)) {
-            CheckUtils.throwIf(!passwordEncoder.matches(oldPassword, password), CURRENT_PASSWORD_ERROR);
+            CheckUtils.throwIf(!passwordEncoder.matches(oldPassword, password), "当前密码错误");
         }
         // 更新密码和密码重置时间
         LocalDateTime now = LocalDateTime.now();
@@ -213,7 +212,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
     @Override
     public void updatePhone(String newPhone, String currentPassword, Long id) {
         UserDO user = super.getById(id);
-        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), CURRENT_PASSWORD_ERROR);
+        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), "当前密码错误");
         Long count = baseMapper.lambdaQuery().eq(UserDO::getPhone, newPhone).count();
         CheckUtils.throwIf(count > 0, "手机号已绑定其他账号，请更换其他手机号");
         CheckUtils.throwIfEqual(newPhone, user.getPhone(), "新手机号不能与当前手机号相同");
@@ -224,7 +223,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
     @Override
     public void updateEmail(String newEmail, String currentPassword, Long id) {
         UserDO user = super.getById(id);
-        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), CURRENT_PASSWORD_ERROR);
+        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), "当前密码错误");
         Long count = baseMapper.lambdaQuery().eq(UserDO::getEmail, newEmail).count();
         CheckUtils.throwIf(count > 0, "邮箱已绑定其他账号，请更换其他邮箱");
         CheckUtils.throwIfEqual(newEmail, user.getEmail(), "新邮箱不能与当前邮箱相同");
diff --git a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserCenterController.java b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserCenterController.java
index 7dff0eee..3952a0dc 100644
--- a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserCenterController.java
+++ b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserCenterController.java
@@ -68,7 +68,7 @@ public class UserCenterController {
     private final UserService userService;
     private final UserSocialService userSocialService;
     private final AuthRequestFactory authRequestFactory;
-    private static final String PASSWORD_DECRYPT_FAILED = "当前密码解密失败";
+    private static final String DECRYPT_FAILED = "当前密码解密失败";
     private static final String CAPTCHA_EXPIRED = "验证码已失效";
 
     @Operation(summary = "上传头像", description = "用户上传个人头像")
@@ -91,7 +91,7 @@ public class UserCenterController {
     public R<Void> updatePassword(@Validated @RequestBody UserPasswordUpdateReq updateReq) {
         String rawOldPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
             .getOldPassword()));
-        ValidationUtils.throwIfNull(rawOldPassword, PASSWORD_DECRYPT_FAILED);
+        ValidationUtils.throwIfNull(rawOldPassword, DECRYPT_FAILED);
         String rawNewPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
             .getNewPassword()));
         ValidationUtils.throwIfNull(rawNewPassword, "新密码解密失败");
@@ -106,7 +106,7 @@ public class UserCenterController {
     public R<Void> updatePhone(@Validated @RequestBody UserPhoneUpdateReq updateReq) {
         String rawCurrentPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
             .getCurrentPassword()));
-        ValidationUtils.throwIfBlank(rawCurrentPassword, PASSWORD_DECRYPT_FAILED);
+        ValidationUtils.throwIfBlank(rawCurrentPassword, DECRYPT_FAILED);
         String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + updateReq.getNewPhone();
         String captcha = RedisUtils.get(captchaKey);
         ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED);
@@ -121,7 +121,7 @@ public class UserCenterController {
     public R<Void> updateEmail(@Validated @RequestBody UserEmailUpdateRequest updateReq) {
         String rawCurrentPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
             .getCurrentPassword()));
-        ValidationUtils.throwIfBlank(rawCurrentPassword, PASSWORD_DECRYPT_FAILED);
+        ValidationUtils.throwIfBlank(rawCurrentPassword, DECRYPT_FAILED);
         String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + updateReq.getNewEmail();
         String captcha = RedisUtils.get(captchaKey);
         ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED);