zayac/zayac-admin
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: 优化代码,修复 sonar 提示:detected in this expression, review this potentially hard-coded password.

Browse Source
This commit is contained in:
Charles7c 2024-02-03 13:31:24 +08:00
parent 3e84384eb6
commit 45307a8054
2 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java
View File

@ -75,7 +75,6 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
private final PasswordEncoder passwordEncoder; private final PasswordEncoder passwordEncoder;
@Value("${avatar.support-suffix}") @Value("${avatar.support-suffix}")
private String[] avatarSupportSuffix; private String[] avatarSupportSuffix;
private static final String CURRENT_PASSWORD_ERROR = "当前密码错误";
@Override @Override
public Long add(UserDO user) { public Long add(UserDO user) {
@ -199,7 +198,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
UserDO user = super.getById(id); UserDO user = super.getById(id);
String password = user.getPassword(); String password = user.getPassword();
if (StrUtil.isNotBlank(password)) { if (StrUtil.isNotBlank(password)) {
CheckUtils.throwIf(!passwordEncoder.matches(oldPassword, password), CURRENT_PASSWORD_ERROR); CheckUtils.throwIf(!passwordEncoder.matches(oldPassword, password), "当前密码错误");
} }
// 更新密码和密码重置时间 // 更新密码和密码重置时间
LocalDateTime now = LocalDateTime.now(); LocalDateTime now = LocalDateTime.now();
@ -213,7 +212,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
@Override @Override
public void updatePhone(String newPhone, String currentPassword, Long id) { public void updatePhone(String newPhone, String currentPassword, Long id) {
UserDO user = super.getById(id); UserDO user = super.getById(id);
CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), CURRENT_PASSWORD_ERROR); CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), "当前密码错误");
Long count = baseMapper.lambdaQuery().eq(UserDO::getPhone, newPhone).count(); Long count = baseMapper.lambdaQuery().eq(UserDO::getPhone, newPhone).count();
CheckUtils.throwIf(count > 0, "手机号已绑定其他账号,请更换其他手机号"); CheckUtils.throwIf(count > 0, "手机号已绑定其他账号,请更换其他手机号");
CheckUtils.throwIfEqual(newPhone, user.getPhone(), "新手机号不能与当前手机号相同"); CheckUtils.throwIfEqual(newPhone, user.getPhone(), "新手机号不能与当前手机号相同");
@ -224,7 +223,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
@Override @Override
public void updateEmail(String newEmail, String currentPassword, Long id) { public void updateEmail(String newEmail, String currentPassword, Long id) {
UserDO user = super.getById(id); UserDO user = super.getById(id);
CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), CURRENT_PASSWORD_ERROR); CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), "当前密码错误");
Long count = baseMapper.lambdaQuery().eq(UserDO::getEmail, newEmail).count(); Long count = baseMapper.lambdaQuery().eq(UserDO::getEmail, newEmail).count();
CheckUtils.throwIf(count > 0, "邮箱已绑定其他账号,请更换其他邮箱"); CheckUtils.throwIf(count > 0, "邮箱已绑定其他账号,请更换其他邮箱");
CheckUtils.throwIfEqual(newEmail, user.getEmail(), "新邮箱不能与当前邮箱相同"); CheckUtils.throwIfEqual(newEmail, user.getEmail(), "新邮箱不能与当前邮箱相同");

8
continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserCenterController.java
View File

@ -68,7 +68,7 @@ public class UserCenterController {
private final UserService userService; private final UserService userService;
private final UserSocialService userSocialService; private final UserSocialService userSocialService;
private final AuthRequestFactory authRequestFactory; private final AuthRequestFactory authRequestFactory;
private static final String PASSWORD_DECRYPT_FAILED = "当前密码解密失败"; private static final String DECRYPT_FAILED = "当前密码解密失败";
private static final String CAPTCHA_EXPIRED = "验证码已失效"; private static final String CAPTCHA_EXPIRED = "验证码已失效";
@Operation(summary = "上传头像", description = "用户上传个人头像") @Operation(summary = "上传头像", description = "用户上传个人头像")
@ -91,7 +91,7 @@ public class UserCenterController {
public R<Void> updatePassword(@Validated @RequestBody UserPasswordUpdateReq updateReq) { public R<Void> updatePassword(@Validated @RequestBody UserPasswordUpdateReq updateReq) {
String rawOldPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq String rawOldPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
.getOldPassword())); .getOldPassword()));
ValidationUtils.throwIfNull(rawOldPassword, PASSWORD_DECRYPT_FAILED); ValidationUtils.throwIfNull(rawOldPassword, DECRYPT_FAILED);
String rawNewPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq String rawNewPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
.getNewPassword())); .getNewPassword()));
ValidationUtils.throwIfNull(rawNewPassword, "新密码解密失败"); ValidationUtils.throwIfNull(rawNewPassword, "新密码解密失败");
@ -106,7 +106,7 @@ public class UserCenterController {
public R<Void> updatePhone(@Validated @RequestBody UserPhoneUpdateReq updateReq) { public R<Void> updatePhone(@Validated @RequestBody UserPhoneUpdateReq updateReq) {
String rawCurrentPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq String rawCurrentPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
.getCurrentPassword())); .getCurrentPassword()));
ValidationUtils.throwIfBlank(rawCurrentPassword, PASSWORD_DECRYPT_FAILED); ValidationUtils.throwIfBlank(rawCurrentPassword, DECRYPT_FAILED);
String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + updateReq.getNewPhone(); String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + updateReq.getNewPhone();
String captcha = RedisUtils.get(captchaKey); String captcha = RedisUtils.get(captchaKey);
ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED); ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED);
@ -121,7 +121,7 @@ public class UserCenterController {
public R<Void> updateEmail(@Validated @RequestBody UserEmailUpdateRequest updateReq) { public R<Void> updateEmail(@Validated @RequestBody UserEmailUpdateRequest updateReq) {
String rawCurrentPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq String rawCurrentPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
.getCurrentPassword())); .getCurrentPassword()));
ValidationUtils.throwIfBlank(rawCurrentPassword, PASSWORD_DECRYPT_FAILED); ValidationUtils.throwIfBlank(rawCurrentPassword, DECRYPT_FAILED);
String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + updateReq.getNewEmail(); String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + updateReq.getNewEmail();
String captcha = RedisUtils.get(captchaKey); String captcha = RedisUtils.get(captchaKey);
ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED); ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED);