修改忘记密码的bug

2025-09-01 01:33:36 +08:00 · 2025-09-01 01:33:36 +08:00 · 2333b17388
commit 2333b17388
parent 0acf149eb2
3 changed files with 84 additions and 13 deletions
--- a/mall-account/src/main/java/com/suisung/mall/account/service/AccountUserBaseService.java
+++ b/mall-account/src/main/java/com/suisung/mall/account/service/AccountUserBaseService.java
@ -55,6 +55,15 @@ public interface AccountUserBaseService extends IBaseService<AccountUserBase> {

    boolean doResetPasswd(String user_account, String user_password, String old_password);

+    /**
+     * 修改密码
+     *
+     * @param user_id       用户账号
+     * @param user_password 用户密码
+     * @return
+     */
+    boolean doResetPasswdByUserId(Integer user_id, String user_password, String old_password);
+
    boolean editPassword(Integer user_id, String user_password);

    /**
--- a/mall-account/src/main/java/com/suisung/mall/account/service/impl/AccountUserBaseServiceImpl.java
+++ b/mall-account/src/main/java/com/suisung/mall/account/service/impl/AccountUserBaseServiceImpl.java
@ -2005,7 +2005,6 @@ public class AccountUserBaseServiceImpl extends BaseServiceImpl<AccountUserBaseM
        // 检查输入字符是不是包含 sql 注入特征，如果包含不给以通过
        if (!CommonService.isValidInput(user_account, user_password, old_password)) {
            new ApiException(ResultCode.VALIDATE_INPUTS);
-//            return CommonResult.failed(ResultCode.VALIDATE_INPUTS);
        }

        verifyPwd(user_password); // 密码格式策略验证
@ -2044,6 +2043,64 @@ public class AccountUserBaseServiceImpl extends BaseServiceImpl<AccountUserBaseM
        return true;
    }

+    /**
+     * 修改密码
+     *
+     * @param user_id       用户账号
+     * @param user_password 用户密码
+     * @return
+     */
+    @Override
+    public boolean doResetPasswdByUserId(Integer user_id, String user_password, String old_password) {
+        // logger.info("重置账号密码：{},{},{}", user_account, user_password, old_password);
+        logger.info("根据userId重置账号密码：{},{},{}", user_id, user_password, old_password);
+
+        if (ObjectUtil.isEmpty(user_id)) {
+            throw new ApiException(_("缺少UserID"));
+        }
+
+        if (StrUtil.isBlank(user_password)) {
+            throw new ApiException(_("请输入新密码"));
+        }
+
+        // 检查输入字符是不是包含 sql 注入特征，如果包含不给以通过
+        if (!CommonService.isValidInput(user_password, old_password)) {
+            new ApiException(ResultCode.VALIDATE_INPUTS);
+        }
+
+        verifyPwd(user_password); // 密码格式策略验证
+
+        // 检测登录状态
+        AccountUserBase user_row = get(user_id);
+
+        if (ObjectUtil.isNotEmpty(user_row)) {
+            if (StrUtil.isNotBlank(old_password)) {
+                String user_salt = user_row.getUser_salt();
+
+                String md5_password = SecureUtil.md5(user_salt + SecureUtil.md5(old_password));
+                if (!StrUtil.equals(md5_password, user_row.getUser_password())) {
+                    throw new ApiException(_("原密码错误！"));
+                }
+            }
+
+            // 重置密码
+            String user_key = IdUtil.simpleUUID();
+            String user_salt = IdUtil.simpleUUID();
+            String reset_passwd = SecureUtil.md5(user_salt + SecureUtil.md5(user_password));
+
+            AccountUserBase reset_passwd_row = new AccountUserBase();
+            reset_passwd_row.setUser_id(user_id);
+            reset_passwd_row.setUser_password(reset_passwd);
+            reset_passwd_row.setUser_key(user_key);
+            reset_passwd_row.setUser_salt(user_salt);
+            if (!edit(reset_passwd_row)) {
+                throw new ApiException(ResultCode.FAILED);
+            }
+        }
+
+        return true;
+    }
+
    @Override
    public boolean editPassword(Integer user_id, String user_password) {

@ -3569,14 +3626,8 @@ public class AccountUserBaseServiceImpl extends BaseServiceImpl<AccountUserBaseM
            return CommonResult.failed("缺少必要参数！");
        }

-//        UserDto userDto = getCurrentUser();
-//        if (userDto == null) {
-//            return CommonResult.failed("请先登录再试！");
-//        }
-
        // 检查输入字符是不是包含 sql 注入特征，如果包含不给以通过
        if (!CommonService.isValidInput(userAccountOrMobile, verifyCode, newPassword)) {
-            // new ApiException(ResultCode.VALIDATE_INPUTS);
            return CommonResult.failed(ResultCode.VALIDATE_INPUTS);
        }

@ -3590,6 +3641,8 @@ public class AccountUserBaseServiceImpl extends BaseServiceImpl<AccountUserBaseM
                return CommonResult.failed(_("账号有异常！"));
            }

+//            logger.info("{} 商家修改密码", accountUserBindConnect.getUser_id());
+
            accountUserBase = accountUserBaseService.get(accountUserBindConnect.getUser_id());
            if (accountUserBase == null) {
                return CommonResult.failed(_("账号有异常！"));
@ -3618,8 +3671,14 @@ public class AccountUserBaseServiceImpl extends BaseServiceImpl<AccountUserBaseM
            throw new ApiException(_("验证码错误！"));
        }

+        if (accountUserBase == null) {
+            return CommonResult.failed("用户信息有误！");
+        }
+
+        logger.info("商家修改密码：{}", accountUserBase);
+
        // 直接重置密码
-        Boolean success = doResetPasswd(accountUserBase.getUser_account(), newPassword, null);
+        Boolean success = doResetPasswdByUserId(accountUserBase.getUser_id(), newPassword, null);
        if (success) {
            return CommonResult.success();
        }
--- a/mall-account/src/main/java/com/suisung/mall/account/service/impl/AccountUserBindConnectServiceImpl.java
+++ b/mall-account/src/main/java/com/suisung/mall/account/service/impl/AccountUserBindConnectServiceImpl.java
@ -79,15 +79,17 @@ public class AccountUserBindConnectServiceImpl extends BaseServiceImpl<AccountUs
                .eq("bind_active", CommonConstant.Enable)
                .orderByAsc("bind_time");

-        return findOne(queryWrapper);
+        return getOne(queryWrapper);
    }

    @Override
    public AccountUserBindConnect getBindByBindId(String bind_id, Integer bind_type, Integer user_type) {
-        if (StrUtil.isBlank(bind_id)) {
+        if (StrUtil.isBlank(bind_id) || ObjectUtil.isEmpty(bind_type)) {
            return null;
        }

+        log.info("getBindByBindId: bind_id={}, bind_type={}, user_type={}", bind_id, bind_type, user_type);
+
        // 如果是手机号码，则进行转换带 +86 的手机号码
        bind_id = bind_type == BindCode.MOBILE ? PhoneNumberUtils.convZhPhoneNumber(bind_id) : bind_id;
        user_type = ObjectUtil.isNotEmpty(user_type) ? user_type : CommonConstant.USER_TYPE_NORMAL;
@ -98,13 +100,14 @@ public class AccountUserBindConnectServiceImpl extends BaseServiceImpl<AccountUs
                .eq("user_type", user_type)
                .eq("bind_active", CommonConstant.Enable)
                .orderByAsc("bind_time");
-        return findOne(queryWrapper);
+
+        return getOne(queryWrapper);
    }


    @Override
    public AccountUserBindConnect getBindByBindId(String bind_id, Integer bind_type, Integer user_id, Integer user_type) {
-        if (StrUtil.isBlank(bind_id) || ObjectUtil.isEmpty(user_id)) {
+        if (StrUtil.isBlank(bind_id) || ObjectUtil.isEmpty(user_id) || ObjectUtil.isEmpty(bind_type)) {
            return null;
        }

@ -119,7 +122,7 @@ public class AccountUserBindConnectServiceImpl extends BaseServiceImpl<AccountUs
                .eq("user_id", user_id)
                .eq("bind_active", CommonConstant.Enable)
                .orderByAsc("bind_time");
-        return findOne(queryWrapper);
+        return getOne(queryWrapper);
    }

    @Override