diff --git a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/controller/BaseInfoController.java b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/controller/BaseInfoController.java index 97b2a49..22d0375 100644 --- a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/controller/BaseInfoController.java +++ b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/controller/BaseInfoController.java @@ -7,10 +7,7 @@ import com.fanxb.bookmark.business.user.service.BaseInfoService; import com.fanxb.bookmark.common.entity.Result; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.validation.annotation.Validated; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; import javax.validation.Valid; @@ -32,8 +29,7 @@ public class BaseInfoController { /** * Description: 修改密码 * - * @param oldPass 旧密码 - * @param newPass 新密码 + * @param body body * @return com.fanxb.bookmark.common.entity.Result * @author fanxb * @date 2019/9/18 15:49 @@ -72,4 +68,18 @@ public class BaseInfoController { baseInfoService.updateEmail(body); return Result.success(null); } + + /** + * 功能描述: 校验邮箱 + * + * @param secret secret + * @return com.fanxb.bookmark.common.entity.Result + * @author fanxb + * @date 2019/11/11 23:27 + */ + @GetMapping("/verifyEmail") + public Result verifyEmail(String secret) { + baseInfoService.verifyEmail(secret); + return Result.success(null); + } } diff --git a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/controller/UserController.java b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/controller/UserController.java index 81f6a6a..a902f8c 100644 --- a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/controller/UserController.java +++ b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/controller/UserController.java @@ -1,5 +1,6 @@ package com.fanxb.bookmark.business.user.controller; +import com.alibaba.fastjson.JSONObject; import com.fanxb.bookmark.business.user.entity.LoginBody; import com.fanxb.bookmark.business.user.entity.RegisterBody; import com.fanxb.bookmark.business.user.service.UserService; @@ -102,5 +103,18 @@ public class UserController { return Result.success(null); } + /** + * 功能描述: 校验密码,生成一个actionId + * + * @param password password + * @return com.fanxb.bookmark.common.entity.Result + * @author fanxb + * @date 2019/11/11 23:31 + */ + @PostMapping("/checkPassword") + public Result checkPassword(@RequestBody JSONObject obj) { + return Result.success(userService.checkPassword(obj.getString("password"))); + } + } diff --git a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/dao/UserDao.java b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/dao/UserDao.java index b009c52..403404d 100644 --- a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/dao/UserDao.java +++ b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/dao/UserDao.java @@ -90,11 +90,26 @@ public interface UserDao { /** * Description: 根据用户id修改用户名 * + * @param userId userId + * @param username username * @author fanxb * @date 2019/9/20 16:22 - * @param userId userId - * @param username username */ @Update("update user set username=#{username} where userId=#{userId}") void updateUsernameByUserId(@Param("userId") int userId, @Param("username") String username); + + /** + * 更新用户新邮箱 + * @param userId userId + * @param newPassword userId + */ + @Update("update user set newEmail=#{newPassword} where userId= #{userId}") + void updateNewEmailByUserId(@Param("userId") int userId, @Param("newPassword") String newPassword); + + /** + * 新邮箱校验成功,更新邮箱 + * @param userId userId + */ + @Update("update user set email=newEmail,newEmail='' where userId=#{userId}") + void updateEmailByUserId(int userId); } diff --git a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/entity/EmailUpdateBody.java b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/entity/EmailUpdateBody.java index b0e85b3..d80a50f 100644 --- a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/entity/EmailUpdateBody.java +++ b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/entity/EmailUpdateBody.java @@ -4,6 +4,7 @@ import com.fanxb.bookmark.business.user.constant.ValidatedConstant; import lombok.Data; import javax.validation.constraints.Email; +import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; /** @@ -15,8 +16,10 @@ import javax.validation.constraints.Pattern; */ @Data public class EmailUpdateBody { - @Pattern(regexp = ValidatedConstant.PASSWORD_REG, message = ValidatedConstant.PASSWORD_MESSAGE) - private String oldPass; - @Email +// @Pattern(regexp = ValidatedConstant.PASSWORD_REG, message = ValidatedConstant.PASSWORD_MESSAGE) +// private String oldPass; + @NotNull(message = "参数不为空") + private String actionId; + @Email(message = "请输入有效邮箱地址") private String newEmail; } diff --git a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/entity/EmailUpdateRedis.java b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/entity/EmailUpdateRedis.java deleted file mode 100644 index 48fe5bc..0000000 --- a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/entity/EmailUpdateRedis.java +++ /dev/null @@ -1,24 +0,0 @@ -package com.fanxb.bookmark.business.user.entity; - -import lombok.Data; - -/** - * 类功能简述:记录用户id和要修改的邮件地址 - * 类功能详述: - * - * @author fanxb - * @date 2019/9/20 16:47 - */ -@Data -public class EmailUpdateRedis { - private int userId; - private String email; - - public EmailUpdateRedis() { - } - - public EmailUpdateRedis(int userId, String email) { - this.userId = userId; - this.email = email; - } -} diff --git a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/entity/UpdatePasswordBody.java b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/entity/UpdatePasswordBody.java index c40ef40..c6e4687 100644 --- a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/entity/UpdatePasswordBody.java +++ b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/entity/UpdatePasswordBody.java @@ -15,8 +15,8 @@ import javax.validation.constraints.Pattern; @Data public class UpdatePasswordBody { - @Pattern(regexp = ValidatedConstant.PASSWORD_MESSAGE, message = ValidatedConstant.PASSWORD_MESSAGE) + @Pattern(regexp = ValidatedConstant.PASSWORD_REG, message = ValidatedConstant.PASSWORD_MESSAGE) private String oldPass; - @Pattern(regexp = ValidatedConstant.PASSWORD_MESSAGE, message = ValidatedConstant.PASSWORD_MESSAGE) + @Pattern(regexp = ValidatedConstant.PASSWORD_REG, message = ValidatedConstant.PASSWORD_MESSAGE) private String newPass; } diff --git a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/service/BaseInfoService.java b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/service/BaseInfoService.java index 3dec99d..d1a9f8d 100644 --- a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/service/BaseInfoService.java +++ b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/service/BaseInfoService.java @@ -1,21 +1,20 @@ package com.fanxb.bookmark.business.user.service; -import com.alibaba.fastjson.JSON; import com.fanxb.bookmark.business.user.constant.RedisConstant; import com.fanxb.bookmark.business.user.dao.UserDao; import com.fanxb.bookmark.business.user.entity.EmailUpdateBody; -import com.fanxb.bookmark.business.user.entity.EmailUpdateRedis; import com.fanxb.bookmark.business.user.entity.UpdatePasswordBody; import com.fanxb.bookmark.common.constant.Constant; import com.fanxb.bookmark.common.entity.MailInfo; +import com.fanxb.bookmark.common.exception.CustomException; import com.fanxb.bookmark.common.exception.FormDataException; import com.fanxb.bookmark.common.util.*; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import org.springframework.transaction.annotation.Transactional; import java.util.UUID; -import java.util.concurrent.TimeUnit; /** * 类功能简述: @@ -58,28 +57,44 @@ public class BaseInfoService { } /** - * 功能描述: 预备更新email,需要进行校验 + * 功能描述: 预备更新email,需要校验密码 * * @param body body * @author fanxb * @date 2019/9/26 17:27 */ + @Transactional(rollbackFor = Exception.class) public void updateEmail(EmailUpdateBody body) { int userId = UserContextHolder.get().getUserId(); - String realPass = userDao.selectByUserId(userId).getPassword(); - if (!realPass.equals(HashUtil.getPassword(body.getOldPass()))) { - throw new FormDataException("旧密码错误"); + String checkAuthKey = com.fanxb.bookmark.common.constant.RedisConstant.getPasswordCheckKey(userId, body.getActionId()); + String str = RedisUtil.get(checkAuthKey, String.class); + if (str == null) { + throw new CustomException("密码校验失败,无法更新email"); } - String key = UUID.randomUUID().toString().replaceAll("-", ""); - String url = VERIFY_EMAIL.replaceAll("XXXX", Constant.serviceAddress + VERIFY_EMAIL_PATH + key); + RedisUtil.delete(checkAuthKey); + String secret = UUID.randomUUID().toString().replaceAll("-", ""); + String url = VERIFY_EMAIL.replaceAll("XXXX", Constant.serviceAddress + VERIFY_EMAIL_PATH + secret); log.debug(url); MailInfo info = new MailInfo(body.getNewEmail(), "验证邮箱", url); MailUtil.sendMail(info, true); - EmailUpdateRedis redisBody = new EmailUpdateRedis(userId, body.getNewEmail()); - RedisUtil.set(RedisConstant.getUpdateEmailKey(key), JSON.toJSONString(redisBody), TimeUtil.DAY_MS); + RedisUtil.set(RedisConstant.getUpdateEmailKey(secret), String.valueOf(userId), TimeUtil.DAY_MS); + userDao.updateNewEmailByUserId(userId, body.getNewEmail()); } - public void verifyEmail(){ - + /** + * 功能描述: 校验新邮箱,校验成功就更新 + * + * @param secret secret + * @author fanxb + * @date 2019/11/11 23:24 + */ + public void verifyEmail(String secret) { + String key = RedisConstant.getUpdateEmailKey(secret); + Integer userId = RedisUtil.get(key, Integer.class); + RedisUtil.delete(key); + if (userId == null) { + throw new CustomException("校验失败,请重试"); + } + userDao.updateEmailByUserId(userId); } } diff --git a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/service/UserService.java b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/service/UserService.java index 02afc4a..5abefde 100644 --- a/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/service/UserService.java +++ b/bookMarkService/business/user/src/main/java/com/fanxb/bookmark/business/user/service/UserService.java @@ -7,6 +7,7 @@ import com.fanxb.bookmark.business.user.entity.LoginRes; import com.fanxb.bookmark.business.user.entity.RegisterBody; import com.fanxb.bookmark.common.constant.Constant; import com.fanxb.bookmark.common.constant.NumberConstant; +import com.fanxb.bookmark.common.constant.RedisConstant; import com.fanxb.bookmark.common.entity.MailInfo; import com.fanxb.bookmark.common.entity.User; import com.fanxb.bookmark.common.exception.FormDataException; @@ -18,6 +19,7 @@ import org.springframework.web.multipart.MultipartFile; import java.nio.file.Paths; import java.util.HashMap; import java.util.Map; +import java.util.UUID; /** * 类功能简述: @@ -79,6 +81,9 @@ public class UserService { public void register(RegisterBody body) { String codeKey = Constant.authCodeKey(body.getEmail()); String realCode = RedisUtil.get(codeKey, String.class); + if (Constant.isDev) { + realCode = "123456"; + } if (StringUtil.isEmpty(realCode) || (!realCode.equals(body.getAuthCode()))) { throw new FormDataException("验证码错误"); } @@ -182,4 +187,25 @@ public class UserService { userDao.updateUserIcon(userId, path); return path; } + + /** + * 功能描述: 密码校验,校验成功返回一个actionId,以执行敏感操作 + * + * @param password password + * @return java.lang.String + * @author fanxb + * @date 2019/11/11 23:41 + */ + public String checkPassword(String password) { + int userId = UserContextHolder.get().getUserId(); + String pass = HashUtil.getPassword(password); + User user = userDao.selectByUserId(userId); + if (!user.getPassword().equals(pass)) { + throw new FormDataException("密码错误,请重试"); + } + String actionId = UUID.randomUUID().toString().replaceAll("-", ""); + String key = RedisConstant.getPasswordCheckKey(userId, actionId); + RedisUtil.set(key, "1", 10 * 60 * 1000); + return actionId; + } } diff --git a/bookMarkService/common/src/main/java/com/fanxb/bookmark/common/constant/RedisConstant.java b/bookMarkService/common/src/main/java/com/fanxb/bookmark/common/constant/RedisConstant.java new file mode 100644 index 0000000..612fcc4 --- /dev/null +++ b/bookMarkService/common/src/main/java/com/fanxb/bookmark/common/constant/RedisConstant.java @@ -0,0 +1,13 @@ +package com.fanxb.bookmark.common.constant; + +/** + * Created with IntelliJ IDEA + * Created By Fxb + * Date: 2019/11/11 + * Time: 23:01 + */ +public class RedisConstant { + public static String getPasswordCheckKey(int userId, String actionId) { + return "password_check_key_" + userId + "_" + actionId; + } +} diff --git a/bookMarkService/common/src/main/java/com/fanxb/bookmark/common/entity/User.java b/bookMarkService/common/src/main/java/com/fanxb/bookmark/common/entity/User.java index 3d82740..203bbee 100644 --- a/bookMarkService/common/src/main/java/com/fanxb/bookmark/common/entity/User.java +++ b/bookMarkService/common/src/main/java/com/fanxb/bookmark/common/entity/User.java @@ -16,6 +16,7 @@ public class User { private int userId; private String username; private String email; + private String newEmail; private String icon; @JsonIgnore private String password; diff --git a/bookMarkService/common/src/main/java/com/fanxb/bookmark/common/util/RedisUtil.java b/bookMarkService/common/src/main/java/com/fanxb/bookmark/common/util/RedisUtil.java index 6346b49..36ee7bd 100644 --- a/bookMarkService/common/src/main/java/com/fanxb/bookmark/common/util/RedisUtil.java +++ b/bookMarkService/common/src/main/java/com/fanxb/bookmark/common/util/RedisUtil.java @@ -42,7 +42,7 @@ public class RedisUtil { * * @param key key * @param value value - * @param expireTime 过期时间 + * @param expireTime 过期时间,ms */ public static void set(String key, String value, long expireTime) { redisTemplate.opsForValue().set(key, value); @@ -67,6 +67,7 @@ public class RedisUtil { * @author fanxb * @date 2019/4/12 10:45 */ + @SuppressWarnings("unchecked") public static T get(String key, Class tt) { String str = redisTemplate.opsForValue().get(key); if (StringUtil.isEmpty(str)) { diff --git a/bookMarkService/web/src/main/resources/db/migration/V2__user表新增newEmail字段.sql b/bookMarkService/web/src/main/resources/db/migration/V2__user表新增newEmail字段.sql new file mode 100644 index 0000000..fdcb8cd --- /dev/null +++ b/bookMarkService/web/src/main/resources/db/migration/V2__user表新增newEmail字段.sql @@ -0,0 +1,2 @@ +ALTER TABLE `bookmark`.`user` +ADD COLUMN `newEmail` varchar(255) NOT NULL DEFAULT '' COMMENT '新邮件地址,尚未确认' AFTER `email`; \ No newline at end of file