diff --git a/src/com/engine/salary/cmd/password/SaveSecondaryPwdCmd.java b/src/com/engine/salary/cmd/password/SaveSecondaryPwdCmd.java new file mode 100644 index 000000000..c885578ed --- /dev/null +++ b/src/com/engine/salary/cmd/password/SaveSecondaryPwdCmd.java @@ -0,0 +1,278 @@ +package com.engine.salary.cmd.password; + +import com.api.hrm.service.impl.HrmSecondaryPwdSetServiceImpl; +import com.engine.common.biz.AbstractCommonCommand; +import com.engine.common.entity.BizLogContext; +import com.engine.common.util.ServiceUtil; +import com.engine.core.interceptor.CommandContext; +import com.engine.integration.util.StringUtils; +import com.weaver.integration.ldap.util.AuthenticUtil; +import weaver.conn.RecordSet; +import weaver.file.Prop; +import weaver.general.PasswordUtil; +import weaver.general.Util; +import weaver.hrm.User; +import weaver.hrm.passwordprotection.manager.HrmResourceManager; +import weaver.hrm.passwordprotection.manager.HrmResourceManagerManager; +import weaver.interfaces.sso.cas.CASRestAPI; +import weaver.interfaces.sso.cas.CasUtil; +import weaver.rsa.security.RSA; +import weaver.systeminfo.SystemEnv; + +import javax.servlet.http.HttpServletRequest; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import static com.api.hrm.service.HrmPasswordService.ifEqlTarget; + +/** + * 保存二次验证密码 + */ +public class SaveSecondaryPwdCmd extends AbstractCommonCommand> { + + private HttpServletRequest request; + + public SaveSecondaryPwdCmd(Map params, User user, HttpServletRequest request) { + this.user = user; + this.params = params; + this.request = request; + } + + @Override + public BizLogContext getLogContext() { + return null; + } + + @Override + public Map execute(CommandContext commandContext) { + Map resultMap = new HashMap(); + + /*设置二次验证密码时的参数*/ + String secondaryPwd1 = Util.null2String(params.get("secondaryPwd1"));//密码 + String secondaryPwd2 = Util.null2String(params.get("secondaryPwd2"));//确认密码 + /*设置二次验证密码时的参数*/ + /*修改二次验证密码时的参数*/ + String newSecondaryPwd1 = Util.null2String(params.get("newSecondaryPwd1"));//新密码 + String newSecondaryPwd2 = Util.null2String(params.get("newSecondaryPwd2"));//确认新密码 + /*修改二次验证密码时的参数*/ + + String loginPwd = Util.null2String(params.get("loginPwd")); + + //是否开启了RSA加密 + String openRSA = Util.null2String(Prop.getPropValue("openRSA", "isrsaopen")); + List passwordList = new ArrayList(); + if ("1".equals(openRSA)) { + passwordList.add(secondaryPwd1); + passwordList.add(secondaryPwd2); + + passwordList.add(newSecondaryPwd1); + passwordList.add(newSecondaryPwd2); + + passwordList.add(loginPwd); + + RSA rsa = new RSA(); + List resultList = rsa.decryptList(request, passwordList); + secondaryPwd1 = resultList.get(0); + secondaryPwd2 = resultList.get(1); + + newSecondaryPwd1 = resultList.get(2); + newSecondaryPwd2 = resultList.get(3); + + loginPwd = resultList.get(4); + } + + /*验证码是否正确 start*/ + String validatecode = Util.null2String(params.get("validatecode")); + String validateRand = Util.null2String((String) request.getSession(true).getAttribute("validateRand")); + request.getSession(true).removeAttribute("validateRand"); + if (!validateRand.toLowerCase().equals(validatecode.trim().toLowerCase()) || "".equals(validatecode.trim().toLowerCase())) { + resultMap.put("message", SystemEnv.getHtmlLabelName(10000304, Util.getIntValue(user.getLanguage()))); + resultMap.put("sign", "-1"); + return resultMap; + } + /*验证码是否正确 end*/ + + if (!"".equals(loginPwd)){ + HashMap map = new HashMap<>(); + map.put("password",loginPwd); + HrmSecondaryPwdSetServiceImpl hrmSecondaryPwdSetService = (HrmSecondaryPwdSetServiceImpl) ServiceUtil.getService(HrmSecondaryPwdSetServiceImpl.class, user); + Map execute = hrmSecondaryPwdSetService.checkPassword(map, user, request); + String checkPwd = String.valueOf(execute.get("result")); + if (checkPwd.equals("false")){ + resultMap.put("message", SystemEnv.getHtmlLabelName(504343, Util.getIntValue(user.getLanguage()))); + resultMap.put("sign", "-1"); + return resultMap; + } + } + + String password = "";//数据库存储的登陆密码 + String secondaryPwd = "";//数据库存储的原二次验证密码 + + boolean flag = false;//是设置二次验证密码还是修改二次验证密码;true:修改 + RecordSet recordSet = new RecordSet(); + String sql = ""; + if (user.isAdmin()) { + sql = "select password,secondaryPwd,useSecondaryPwd from HrmResourceManager where id=" + user.getUID(); + recordSet.executeQuery(sql); + if (recordSet.next()) { + password = recordSet.getString("password"); + secondaryPwd = recordSet.getString("secondaryPwd"); + String useSecondaryPwd = recordSet.getString("useSecondaryPwd"); + if (useSecondaryPwd.equals("1") && !secondaryPwd.equals("")) { + flag = true; + } + } + } else { + sql = "select password,secondaryPwd,useSecondaryPwd from HrmResource where id=" + user.getUID(); + recordSet.executeQuery(sql); + if (recordSet.next()) { + password = recordSet.getString("password"); + secondaryPwd = recordSet.getString("secondaryPwd"); + String useSecondaryPwd = recordSet.getString("useSecondaryPwd"); + if (useSecondaryPwd.equals("1") && !secondaryPwd.equals("")) { + flag = true; + } + } + } + + if (flag) {//修改二次验证密码 + String formatsalt = PasswordUtil.getResourceSalt("" + user.getUID()); + + // 先确认旧密码 + String oldSecondaryPwd = Util.null2String(request.getParameter("oldSecondaryPwd")); + RSA rsa = new RSA(); + String isrsaopen = Util.null2String(recordSet.getPropValue("openRSA","isrsaopen")); + if("1".equals(isrsaopen)){ + oldSecondaryPwd = rsa.decrypt(request,oldSecondaryPwd); + } + String[] encryptsOld = PasswordUtil.encrypt(oldSecondaryPwd, formatsalt); + if (user.isAdmin()) { + sql = "select id from HrmResourceManager where secondaryPwd = ? and id = ?"; + } else { + sql = "select id from HrmResource where secondaryPwd = ? and id = ?"; + } +// recordSet.executeQuery(sql,encryptsOld[0],user.getUID()); +// if(!recordSet.next()){ +// resultMap.put("status", "-1"); +// resultMap.put("message", SystemEnv.getHtmlLabelName(382266, user.getLanguage()));//旧密码不正确 +// return resultMap; +// } + + if (!newSecondaryPwd1.equals(newSecondaryPwd2)) { + resultMap.put("status", "-1"); + resultMap.put("message", SystemEnv.getHtmlLabelName(388448, user.getLanguage()));//两次密码不一致 + } + + String[] encrypts = PasswordUtil.encrypt(newSecondaryPwd1, formatsalt); + if (user.isAdmin()) { + sql = "update HrmResourceManager set secondaryPwd='" + encrypts[0] + "',useSecondaryPwd=1 where id=" + user.getUID(); + } else { + sql = "update HrmResource set secondaryPwd='" + encrypts[0] + "',useSecondaryPwd=1 where id=" + user.getUID(); + } + if (recordSet.executeUpdate(sql)) { + resultMap.put("sign", "1"); + resultMap.put("message", SystemEnv.getHtmlLabelName(125983, user.getLanguage()));//修改密码成功 + } else { + resultMap.put("sign", "-1"); + resultMap.put("message", SystemEnv.getHtmlLabelName(126200, user.getLanguage()));//修改密码失败 + } + } else { + + String token = Util.null2String(request.getSession().getAttribute("init_second_token")) ; + request.getSession().removeAttribute("init_second_token"); + if(StringUtils.isBlank(token) || !token.equalsIgnoreCase(user.getUID()+"")){ + resultMap.put("status", "-1"); + resultMap.put("message", SystemEnv.getHtmlLabelName(83912, user.getLanguage())+"(-100)");//参数有误 + return resultMap; + } + + /*为防止篡改CheckPassword的接口数据越权修改二次验证密码,读取session中存储的登录密码再次校验一次登录密码*/ + String loginPassword = Util.null2String(request.getSession(true).getAttribute("loginPassword")); + boolean isPass = checkLoginPassword(loginPassword); + request.getSession(true).removeAttribute("loginPassword"); + if(!isPass){ + resultMap.put("status", "-1"); + resultMap.put("message", SystemEnv.getHtmlLabelName(388858, user.getLanguage()));//参数有误 + return resultMap; + } + + String formatsalt = PasswordUtil.getResourceSalt("" + user.getUID()); + String[] encrypts = PasswordUtil.encrypt(secondaryPwd1, formatsalt); + + if (password.equals(encrypts[0])) { + resultMap.put("status", "-1"); + resultMap.put("message", SystemEnv.getHtmlLabelName(388448, user.getLanguage()));//为保安全性,请设置为和登录密码不同的密码 + return resultMap; + } + if (!secondaryPwd1.equals(secondaryPwd2)) { + resultMap.put("status", "-1"); + resultMap.put("message", SystemEnv.getHtmlLabelName(388448, user.getLanguage()));//两次密码不一致 + } + + encrypts = PasswordUtil.encrypt(secondaryPwd1, formatsalt); + if (user.isAdmin()) { + sql = "update HrmResourceManager set secondaryPwd='" + encrypts[0] + "',useSecondaryPwd=1 where id=" + user.getUID(); + } else { + sql = "update HrmResource set secondaryPwd='" + encrypts[0] + "',useSecondaryPwd=1 where id=" + user.getUID(); + } + if (recordSet.executeUpdate(sql)) { + resultMap.put("sign", "1"); + resultMap.put("message", SystemEnv.getHtmlLabelName(10000305, Util.getIntValue(user.getLanguage())));//设置密码成功 + } else { + resultMap.put("sign", "-1"); + resultMap.put("message", SystemEnv.getHtmlLabelName(10000306, Util.getIntValue(user.getLanguage())));//设置密码失败 + } + } + return resultMap; + } + + /** + * 检查登录密码是否正确 + * + * @param password 登录密码 + * @return + */ + private boolean checkLoginPassword(String password) { + boolean isExsit = false; + RecordSet rs = new RecordSet(); + String loginId = ""; + String isADAccount = ""; + String isADAccountSql = "select isADAccount,loginId from HrmResource where id = " + user.getUID(); + rs.executeSql(isADAccountSql); + if (rs.next()) { + isADAccount = rs.getString("isADAccount"); + loginId = rs.getString("loginId"); + } + AuthenticUtil authenticUtil = new AuthenticUtil(); + boolean isUseLdap =authenticUtil.checkType(loginId); + if (isUseLdap && ifEqlTarget(isADAccount, "1") && !"1".equals(user.getUID())) { + if (!authenticUtil.checkLogin(loginId, password).equals("100")) { + isExsit = false; + } else { + isExsit = true; + } + }else { + String dbSalt = PasswordUtil.getResourceSalt("" + user.getUID()); + String[] encrypts = PasswordUtil.encrypt(password, dbSalt); + String pswd = encrypts[0];//加密后的密码 + + Map map = new HashMap(); + map.put("id", "" + user.getUID()); + map.put("password", pswd); + isExsit = new HrmResourceManager().get(map) != null; + if (!isExsit) { + isExsit = new HrmResourceManagerManager().get(map) != null; + } + } + //cas二次密码校验 + if (new CasUtil().isUseCAS()&&!isExsit) { + String ticket = Util.null2String(new CASRestAPI().getInstance().getTicket(loginId, password)); + if (ticket != "") { + isExsit = true; + } + } + return isExsit; + } +} diff --git a/src/com/engine/salary/service/HrmSecondaryPwdSetService.java b/src/com/engine/salary/service/HrmSecondaryPwdSetService.java new file mode 100644 index 000000000..c64fe2788 --- /dev/null +++ b/src/com/engine/salary/service/HrmSecondaryPwdSetService.java @@ -0,0 +1,20 @@ +package com.engine.salary.service; + +import weaver.hrm.User; + +import javax.servlet.http.HttpServletRequest; +import java.util.Map; + +public interface HrmSecondaryPwdSetService { + + + /** + * 保存二次验证登陆密码 + * + * @param params + * @param user + * @return + */ + public Map saveSecondaryPwd(Map params, User user, HttpServletRequest request); + +} diff --git a/src/com/engine/salary/service/impl/HrmSecondaryPwdSetServiceImpl.java b/src/com/engine/salary/service/impl/HrmSecondaryPwdSetServiceImpl.java new file mode 100644 index 000000000..96cabfbc0 --- /dev/null +++ b/src/com/engine/salary/service/impl/HrmSecondaryPwdSetServiceImpl.java @@ -0,0 +1,20 @@ +package com.engine.salary.service.impl; + +import com.engine.core.impl.Service; +import com.engine.salary.cmd.password.SaveSecondaryPwdCmd; +import com.engine.salary.service.HrmSecondaryPwdSetService; +import weaver.hrm.User; + +import javax.servlet.http.HttpServletRequest; +import java.util.Map; + +public class HrmSecondaryPwdSetServiceImpl extends Service implements HrmSecondaryPwdSetService { + + + @Override + public Map saveSecondaryPwd(Map params, User user, HttpServletRequest request) { + return commandExecutor.execute(new SaveSecondaryPwdCmd(params, user, request)); + } + + +} diff --git a/src/com/engine/salary/web/SalaryBillController.java b/src/com/engine/salary/web/SalaryBillController.java index 64437a579..6aa71f393 100644 --- a/src/com/engine/salary/web/SalaryBillController.java +++ b/src/com/engine/salary/web/SalaryBillController.java @@ -1,10 +1,14 @@ package com.engine.salary.web; +import com.alibaba.fastjson.JSONObject; +import com.engine.common.util.ParamUtil; import com.engine.common.util.ServiceUtil; import com.engine.salary.entity.salaryBill.dto.*; import com.engine.salary.entity.salaryBill.param.*; import com.engine.salary.enums.salarybill.SalarySendStatusEnum; import com.engine.salary.exception.SalaryRunTimeException; +import com.engine.salary.service.HrmSecondaryPwdSetService; +import com.engine.salary.service.impl.HrmSecondaryPwdSetServiceImpl; import com.engine.salary.sys.enums.PayrollCheckTypeEnum; import com.engine.salary.util.ResponseResult; import com.engine.salary.util.SalaryEntityUtil; @@ -57,6 +61,10 @@ public class SalaryBillController { return ServiceUtil.getService(SalaryBillBaseSetWrapper.class, user); } + private HrmSecondaryPwdSetService getService(User user) { + return (HrmSecondaryPwdSetService) ServiceUtil.getService(HrmSecondaryPwdSetServiceImpl.class, user); + } + /******** 工资单模板 start ***********************************************************************************************/ /** @@ -817,4 +825,29 @@ public class SalaryBillController { /******** 工资单基础设置 end ***********************************************************************************************/ + + /** + * 保存二次登陆密码 + * + * @param request + * @param response + * @return + */ + @POST + @Path("/saveSecondaryPwd") + @Produces(MediaType.TEXT_PLAIN) + public String saveSecondaryPwd(@Context HttpServletRequest request, @Context HttpServletResponse response) { + Map apiDatas = new HashMap();//传递给前台的数据集合 + try { + User user = HrmUserVarify.getUser(request, response); + apiDatas = getService(user).saveSecondaryPwd(ParamUtil.request2Map(request), user, request); + apiDatas.put("api_status", true); + } catch (Exception e) { + e.printStackTrace(); + apiDatas.put("api_status", false); + apiDatas.put("api_errormsg", e.getMessage()); + } + return JSONObject.toJSONString(apiDatas); + } + }