From 2c89af80195f6c8aa61bfc1eb973657d86685f71 Mon Sep 17 00:00:00 2001 From: 18980591175 <470162950@qq.com> Date: Fri, 15 May 2026 10:05:01 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E5=AF=86=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../system/SysProfileController.java | 92 +++++++++++-------- 1 file changed, 52 insertions(+), 40 deletions(-) diff --git a/src/main/java/org/dromara/system/controller/system/SysProfileController.java b/src/main/java/org/dromara/system/controller/system/SysProfileController.java index 3494be8..ddaa409 100644 --- a/src/main/java/org/dromara/system/controller/system/SysProfileController.java +++ b/src/main/java/org/dromara/system/controller/system/SysProfileController.java @@ -69,7 +69,7 @@ public class SysProfileController extends BaseController { profileUser.setPortAvatar(port.getAvatar()); } } - + ProfileVo profileVo = new ProfileVo(profileUser, roleGroup, postGroup); return R.ok(profileVo); } @@ -148,10 +148,35 @@ public class SysProfileController extends BaseController { @PutMapping("/updatePwd") public R updatePwd(@Validated @RequestBody SysUserPasswordBo bo) { Long userId = LoginHelper.getUserId(); + // 如果是超级管理员,走原来的密码修改逻辑 if (LoginHelper.isSuperAdmin(userId)) { - return updateAdminPwd(bo, userId); + SysUserVo user = userService.selectUserById(userId); + String password = user.getPassword(); + if (!BCrypt.checkpw(bo.getOldPassword(), password)) { + return R.fail("修改密码失败,旧密码错误"); + } + if (BCrypt.checkpw(bo.getNewPassword(), password)) { + return R.fail("新密码不能与旧密码相同"); + } + int rows = DataPermissionHelper.ignore(() -> userService.resetUserPwd(user.getUserId(), BCrypt.hashpw(bo.getNewPassword()), null)); + if (rows > 0) { + return R.ok(); + } + return R.fail("修改密码异常,请联系管理员"); } - return updateCurrentLoginPortPwd(bo, bo.getPortId()); + + // 普通用户,修改当前登录端口的子密码 + // 优先使用前端传来的 portId + Long targetPortId = bo.getPortId(); + if (targetPortId == null) { + targetPortId = LoginHelper.getLoginUser().getCompanyRoleId(); + } + + if (targetPortId == null) { + return R.fail("无法确定修改的目标企业,请指定portId"); + } + + return updateSubPwd(bo, targetPortId); } /** @@ -165,43 +190,29 @@ public class SysProfileController extends BaseController { @Log(title = "个人信息", businessType = BusinessType.UPDATE) @PutMapping("/updateSubPwd") public R updateSubPwd(@Validated @RequestBody SysUserPasswordBo bo, @RequestParam(required = false) Long portId) { - Long requestedPortId = portId != null ? portId : bo.getPortId(); - return updateCurrentLoginPortPwd(bo, requestedPortId); - } - - private R updateAdminPwd(SysUserPasswordBo bo, Long userId) { - SysUserVo user = userService.selectUserById(userId); - String password = user.getPassword(); - if (!BCrypt.checkpw(bo.getOldPassword(), password)) { - return R.fail("修改密码失败,旧密码错误"); - } - if (BCrypt.checkpw(bo.getNewPassword(), password)) { - return R.fail("新密码不能与旧密码相同"); - } - int rows = DataPermissionHelper.ignore(() -> userService.resetUserPwd(user.getUserId(), BCrypt.hashpw(bo.getNewPassword()), null)); - if (rows > 0) { - return R.ok(); - } - return R.fail("修改密码异常,请联系管理员"); - } - - private R updateCurrentLoginPortPwd(SysUserPasswordBo bo, Long requestedPortId) { Long userId = LoginHelper.getUserId(); - if (LoginHelper.getLoginUser() == null || LoginHelper.getLoginUser().getCompanyRoleId() == null) { - return R.fail("当前登录账号未绑定端口,无法修改密码"); + Long targetPortId = portId; + if (targetPortId == null) { + targetPortId = LoginHelper.getLoginUser().getCompanyRoleId(); } - Long currentPortId = LoginHelper.getLoginUser().getCompanyRoleId(); - if (requestedPortId != null && !requestedPortId.equals(currentPortId)) { - return R.fail("只能修改当前登录账号密码"); + if (targetPortId == null) { + return R.fail("无法确定修改的目标企业,请指定portId"); } - SysUserLoginPort currentPort = sysUserLoginPortService.getById(currentPortId); - if (currentPort == null || !userId.equals(currentPort.getUserId())) { - return R.fail("当前登录账号不存在或无权修改"); + // Fetch port + SysUserLoginPort port = sysUserLoginPortService.getById(targetPortId); + if (port == null || !port.getUserId().equals(userId)) { + return R.fail("未找到对应企业端口或无权修改"); } - String currentSubPwd = currentPort.getSubPassword(); + // Check old password + String currentSubPwd = port.getSubPassword(); if (StringUtils.isBlank(currentSubPwd)) { + // 如果没有设置子密码,视为未设置密码或无法修改(需根据业务决定,这里假设必须先有子密码) + // 或者,如果为空,允许直接设置? + // 考虑到用户迁移,如果为空,可能允许使用空密码验证?或者要求联系管理员重置。 + // 这里遵循用户指令:完全依赖子密码。如果为空,可能无法通过旧密码验证。 + // 但为了首次设置,如果为空,允许旧密码为空? if (StringUtils.isNotBlank(bo.getOldPassword())) { return R.fail("修改密码失败,旧密码错误"); } @@ -209,16 +220,17 @@ public class SysProfileController extends BaseController { if (!BCrypt.checkpw(bo.getOldPassword(), currentSubPwd)) { return R.fail("修改密码失败,旧密码错误"); } - if (BCrypt.checkpw(bo.getNewPassword(), currentSubPwd)) { - return R.fail("新密码不能与旧密码相同"); - } } - currentPort.setSubPassword(BCrypt.hashpw(bo.getNewPassword())); - if (sysUserLoginPortService.updateById(currentPort)) { - return R.ok(); + if (BCrypt.checkpw(bo.getNewPassword(), currentSubPwd)) { + return R.fail("新密码不能与旧密码相同"); } - return R.fail("修改密码异常,请联系管理员"); + + // Update + port.setSubPassword(BCrypt.hashpw(bo.getNewPassword())); + sysUserLoginPortService.updateById(port); + + return R.ok(); } /**