package com.engine.salary.cmd.password; import com.api.hrm.service.impl.HrmSecondaryPwdSetServiceImpl; import com.engine.common.biz.AbstractCommonCommand; import com.engine.common.entity.BizLogContext; import com.engine.common.util.ServiceUtil; import com.engine.core.interceptor.CommandContext; import com.engine.integration.util.StringUtils; import com.weaver.integration.ldap.util.AuthenticUtil; import weaver.conn.RecordSet; import weaver.file.Prop; import weaver.general.PasswordUtil; import weaver.general.Util; import weaver.hrm.User; import weaver.hrm.passwordprotection.manager.HrmResourceManager; import weaver.hrm.passwordprotection.manager.HrmResourceManagerManager; import weaver.interfaces.sso.cas.CASRestAPI; import weaver.interfaces.sso.cas.CasUtil; import weaver.rsa.security.RSA; import weaver.systeminfo.SystemEnv; import javax.servlet.http.HttpServletRequest; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import static com.api.hrm.service.HrmPasswordService.ifEqlTarget; /** * 保存二次验证密码 */ public class SaveSecondaryPwdCmd extends AbstractCommonCommand> { private HttpServletRequest request; public SaveSecondaryPwdCmd(Map params, User user, HttpServletRequest request) { this.user = user; this.params = params; this.request = request; } @Override public BizLogContext getLogContext() { return null; } @Override public Map execute(CommandContext commandContext) { Map resultMap = new HashMap(); /*设置二次验证密码时的参数*/ String secondaryPwd1 = Util.null2String(params.get("secondaryPwd1"));//密码 String secondaryPwd2 = Util.null2String(params.get("secondaryPwd2"));//确认密码 /*设置二次验证密码时的参数*/ /*修改二次验证密码时的参数*/ String newSecondaryPwd1 = Util.null2String(params.get("newSecondaryPwd1"));//新密码 String newSecondaryPwd2 = Util.null2String(params.get("newSecondaryPwd2"));//确认新密码 /*修改二次验证密码时的参数*/ String loginPwd = Util.null2String(params.get("loginPwd")); //是否开启了RSA加密 String openRSA = Util.null2String(Prop.getPropValue("openRSA", "isrsaopen")); List passwordList = new ArrayList(); if ("1".equals(openRSA)) { passwordList.add(secondaryPwd1); passwordList.add(secondaryPwd2); passwordList.add(newSecondaryPwd1); passwordList.add(newSecondaryPwd2); passwordList.add(loginPwd); RSA rsa = new RSA(); List resultList = rsa.decryptList(request, passwordList); secondaryPwd1 = resultList.get(0); secondaryPwd2 = resultList.get(1); newSecondaryPwd1 = resultList.get(2); newSecondaryPwd2 = resultList.get(3); loginPwd = resultList.get(4); } /*验证码是否正确 start*/ String validatecode = Util.null2String(params.get("validatecode")); String validateRand = Util.null2String((String) request.getSession(true).getAttribute("validateRand")); // request.getSession(true).removeAttribute("validateRand"); // if (!validateRand.toLowerCase().equals(validatecode.trim().toLowerCase()) || "".equals(validatecode.trim().toLowerCase())) { // resultMap.put("message", SystemEnv.getHtmlLabelName(10000304, Util.getIntValue(user.getLanguage()))); // resultMap.put("sign", "-1"); // return resultMap; // } /*验证码是否正确 end*/ if (!"".equals(loginPwd)){ HashMap map = new HashMap<>(); map.put("password",loginPwd); HrmSecondaryPwdSetServiceImpl hrmSecondaryPwdSetService = (HrmSecondaryPwdSetServiceImpl) ServiceUtil.getService(HrmSecondaryPwdSetServiceImpl.class, user); Map execute = hrmSecondaryPwdSetService.checkPassword(map, user, request); String checkPwd = String.valueOf(execute.get("result")); if (checkPwd.equals("false")){ resultMap.put("message", SystemEnv.getHtmlLabelName(504343, Util.getIntValue(user.getLanguage()))); resultMap.put("sign", "-1"); return resultMap; } } String password = "";//数据库存储的登陆密码 String secondaryPwd = "";//数据库存储的原二次验证密码 boolean flag = false;//是设置二次验证密码还是修改二次验证密码;true:修改 RecordSet recordSet = new RecordSet(); String sql = ""; if (user.isAdmin()) { sql = "select password,secondaryPwd,useSecondaryPwd from HrmResourceManager where id=" + user.getUID(); recordSet.executeQuery(sql); if (recordSet.next()) { password = recordSet.getString("password"); secondaryPwd = recordSet.getString("secondaryPwd"); String useSecondaryPwd = recordSet.getString("useSecondaryPwd"); if (useSecondaryPwd.equals("1") && !secondaryPwd.equals("")) { flag = true; } } } else { sql = "select password,secondaryPwd,useSecondaryPwd from HrmResource where id=" + user.getUID(); recordSet.executeQuery(sql); if (recordSet.next()) { password = recordSet.getString("password"); secondaryPwd = recordSet.getString("secondaryPwd"); String useSecondaryPwd = recordSet.getString("useSecondaryPwd"); if (useSecondaryPwd.equals("1") && !secondaryPwd.equals("")) { flag = true; } } } if (flag) {//修改二次验证密码 String formatsalt = PasswordUtil.getResourceSalt("" + user.getUID()); // 先确认旧密码 String oldSecondaryPwd = Util.null2String(request.getParameter("oldSecondaryPwd")); RSA rsa = new RSA(); String isrsaopen = Util.null2String(recordSet.getPropValue("openRSA","isrsaopen")); if("1".equals(isrsaopen)){ oldSecondaryPwd = rsa.decrypt(request,oldSecondaryPwd); } String[] encryptsOld = PasswordUtil.encrypt(oldSecondaryPwd, formatsalt); if (user.isAdmin()) { sql = "select id from HrmResourceManager where secondaryPwd = ? and id = ?"; } else { sql = "select id from HrmResource where secondaryPwd = ? and id = ?"; } // recordSet.executeQuery(sql,encryptsOld[0],user.getUID()); // if(!recordSet.next()){ // resultMap.put("status", "-1"); // resultMap.put("message", SystemEnv.getHtmlLabelName(382266, user.getLanguage()));//旧密码不正确 // return resultMap; // } if (!newSecondaryPwd1.equals(newSecondaryPwd2)) { resultMap.put("status", "-1"); resultMap.put("message", SystemEnv.getHtmlLabelName(388448, user.getLanguage()));//两次密码不一致 } String[] encrypts = PasswordUtil.encrypt(newSecondaryPwd1, formatsalt); if (user.isAdmin()) { sql = "update HrmResourceManager set secondaryPwd='" + encrypts[0] + "',useSecondaryPwd=1 where id=" + user.getUID(); } else { sql = "update HrmResource set secondaryPwd='" + encrypts[0] + "',useSecondaryPwd=1 where id=" + user.getUID(); } if (recordSet.executeUpdate(sql)) { resultMap.put("sign", "1"); resultMap.put("message", SystemEnv.getHtmlLabelName(125983, user.getLanguage()));//修改密码成功 } else { resultMap.put("sign", "-1"); resultMap.put("message", SystemEnv.getHtmlLabelName(126200, user.getLanguage()));//修改密码失败 } } else { String token = Util.null2String(request.getSession().getAttribute("init_second_token")) ; request.getSession().removeAttribute("init_second_token"); if(StringUtils.isBlank(token) || !token.equalsIgnoreCase(user.getUID()+"")){ resultMap.put("status", "-1"); resultMap.put("message", SystemEnv.getHtmlLabelName(83912, user.getLanguage())+"(-100)");//参数有误 return resultMap; } /*为防止篡改CheckPassword的接口数据越权修改二次验证密码,读取session中存储的登录密码再次校验一次登录密码*/ String loginPassword = Util.null2String(request.getSession(true).getAttribute("loginPassword")); boolean isPass = checkLoginPassword(loginPassword); request.getSession(true).removeAttribute("loginPassword"); if(!isPass){ resultMap.put("status", "-1"); resultMap.put("message", SystemEnv.getHtmlLabelName(388858, user.getLanguage()));//参数有误 return resultMap; } String formatsalt = PasswordUtil.getResourceSalt("" + user.getUID()); String[] encrypts = PasswordUtil.encrypt(secondaryPwd1, formatsalt); if (password.equals(encrypts[0])) { resultMap.put("status", "-1"); resultMap.put("message", SystemEnv.getHtmlLabelName(388448, user.getLanguage()));//为保安全性,请设置为和登录密码不同的密码 return resultMap; } if (!secondaryPwd1.equals(secondaryPwd2)) { resultMap.put("status", "-1"); resultMap.put("message", SystemEnv.getHtmlLabelName(388448, user.getLanguage()));//两次密码不一致 } encrypts = PasswordUtil.encrypt(secondaryPwd1, formatsalt); if (user.isAdmin()) { sql = "update HrmResourceManager set secondaryPwd='" + encrypts[0] + "',useSecondaryPwd=1 where id=" + user.getUID(); } else { sql = "update HrmResource set secondaryPwd='" + encrypts[0] + "',useSecondaryPwd=1 where id=" + user.getUID(); } if (recordSet.executeUpdate(sql)) { resultMap.put("sign", "1"); resultMap.put("message", SystemEnv.getHtmlLabelName(10000305, Util.getIntValue(user.getLanguage())));//设置密码成功 } else { resultMap.put("sign", "-1"); resultMap.put("message", SystemEnv.getHtmlLabelName(10000306, Util.getIntValue(user.getLanguage())));//设置密码失败 } } return resultMap; } /** * 检查登录密码是否正确 * * @param password 登录密码 * @return */ private boolean checkLoginPassword(String password) { boolean isExsit = false; RecordSet rs = new RecordSet(); String loginId = ""; String isADAccount = ""; String isADAccountSql = "select isADAccount,loginId from HrmResource where id = " + user.getUID(); rs.executeSql(isADAccountSql); if (rs.next()) { isADAccount = rs.getString("isADAccount"); loginId = rs.getString("loginId"); } AuthenticUtil authenticUtil = new AuthenticUtil(); boolean isUseLdap =authenticUtil.checkType(loginId); if (isUseLdap && ifEqlTarget(isADAccount, "1") && !"1".equals(user.getUID())) { if (!authenticUtil.checkLogin(loginId, password).equals("100")) { isExsit = false; } else { isExsit = true; } }else { String dbSalt = PasswordUtil.getResourceSalt("" + user.getUID()); String[] encrypts = PasswordUtil.encrypt(password, dbSalt); String pswd = encrypts[0];//加密后的密码 Map map = new HashMap(); map.put("id", "" + user.getUID()); map.put("password", pswd); isExsit = new HrmResourceManager().get(map) != null; if (!isExsit) { isExsit = new HrmResourceManagerManager().get(map) != null; } } //cas二次密码校验 if (new CasUtil().isUseCAS()&&!isExsit) { String ticket = Util.null2String(new CASRestAPI().getInstance().getTicket(loginId, password)); if (ticket != "") { isExsit = true; } } return isExsit; } }