qt
/
weaver-hrm-salary
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
weaver-hrm-salary/src/com/engine/salary/cmd/password/SaveSecondaryPwdCmd.java

279 lines
12 KiB
Java
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package com.engine.salary.cmd.password;
import com.api.hrm.service.impl.HrmSecondaryPwdSetServiceImpl;
import com.engine.common.biz.AbstractCommonCommand;
import com.engine.common.entity.BizLogContext;
import com.engine.common.util.ServiceUtil;
import com.engine.core.interceptor.CommandContext;
import com.engine.integration.util.StringUtils;
import com.weaver.integration.ldap.util.AuthenticUtil;
import weaver.conn.RecordSet;
import weaver.file.Prop;
import weaver.general.PasswordUtil;
import weaver.general.Util;
import weaver.hrm.User;
import weaver.hrm.passwordprotection.manager.HrmResourceManager;
import weaver.hrm.passwordprotection.manager.HrmResourceManagerManager;
import weaver.interfaces.sso.cas.CASRestAPI;
import weaver.interfaces.sso.cas.CasUtil;
import weaver.rsa.security.RSA;
import weaver.systeminfo.SystemEnv;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static com.api.hrm.service.HrmPasswordService.ifEqlTarget;
/**
* 保存二次验证密码
*/
public class SaveSecondaryPwdCmd extends AbstractCommonCommand<Map<String, Object>> {
private HttpServletRequest request;
public SaveSecondaryPwdCmd(Map<String, Object> params, User user, HttpServletRequest request) {
this.user = user;
this.params = params;
this.request = request;
}
@Override
public BizLogContext getLogContext() {
return null;
}
@Override
public Map<String, Object> execute(CommandContext commandContext) {
Map<String, Object> resultMap = new HashMap<String, Object>();
/*设置二次验证密码时的参数*/
String secondaryPwd1 = Util.null2String(params.get("secondaryPwd1"));//密码
String secondaryPwd2 = Util.null2String(params.get("secondaryPwd2"));//确认密码
/*设置二次验证密码时的参数*/
/*修改二次验证密码时的参数*/
String newSecondaryPwd1 = Util.null2String(params.get("newSecondaryPwd1"));//新密码
String newSecondaryPwd2 = Util.null2String(params.get("newSecondaryPwd2"));//确认新密码
/*修改二次验证密码时的参数*/
String loginPwd = Util.null2String(params.get("loginPwd"));
//是否开启了RSA加密
String openRSA = Util.null2String(Prop.getPropValue("openRSA", "isrsaopen"));
List<String> passwordList = new ArrayList<String>();
if ("1".equals(openRSA)) {
passwordList.add(secondaryPwd1);
passwordList.add(secondaryPwd2);
passwordList.add(newSecondaryPwd1);
passwordList.add(newSecondaryPwd2);
passwordList.add(loginPwd);
RSA rsa = new RSA();
List<String> resultList = rsa.decryptList(request, passwordList);
secondaryPwd1 = resultList.get(0);
secondaryPwd2 = resultList.get(1);
newSecondaryPwd1 = resultList.get(2);
newSecondaryPwd2 = resultList.get(3);
loginPwd = resultList.get(4);
}
/*验证码是否正确 start*/
String validatecode = Util.null2String(params.get("validatecode"));
String validateRand = Util.null2String((String) request.getSession(true).getAttribute("validateRand"));
// request.getSession(true).removeAttribute("validateRand");
// if (!validateRand.toLowerCase().equals(validatecode.trim().toLowerCase()) || "".equals(validatecode.trim().toLowerCase())) {
// resultMap.put("message", SystemEnv.getHtmlLabelName(10000304, Util.getIntValue(user.getLanguage())));
// resultMap.put("sign", "-1");
// return resultMap;
// }
/*验证码是否正确 end*/
if (!"".equals(loginPwd)){
HashMap<String, Object> map = new HashMap<>();
map.put("password",loginPwd);
HrmSecondaryPwdSetServiceImpl hrmSecondaryPwdSetService = (HrmSecondaryPwdSetServiceImpl) ServiceUtil.getService(HrmSecondaryPwdSetServiceImpl.class, user);
Map<String, Object> execute = hrmSecondaryPwdSetService.checkPassword(map, user, request);
String checkPwd = String.valueOf(execute.get("result"));
if (checkPwd.equals("false")){
resultMap.put("message", SystemEnv.getHtmlLabelName(504343, Util.getIntValue(user.getLanguage())));
resultMap.put("sign", "-1");
return resultMap;
}
}
String password = "";//数据库存储的登陆密码
String secondaryPwd = "";//数据库存储的原二次验证密码
boolean flag = false;//是设置二次验证密码还是修改二次验证密码true:修改
RecordSet recordSet = new RecordSet();
String sql = "";
if (user.isAdmin()) {
sql = "select password,secondaryPwd,useSecondaryPwd from HrmResourceManager where id=" + user.getUID();
recordSet.executeQuery(sql);
if (recordSet.next()) {
password = recordSet.getString("password");
secondaryPwd = recordSet.getString("secondaryPwd");
String useSecondaryPwd = recordSet.getString("useSecondaryPwd");
if (useSecondaryPwd.equals("1") && !secondaryPwd.equals("")) {
flag = true;
}
}
} else {
sql = "select password,secondaryPwd,useSecondaryPwd from HrmResource where id=" + user.getUID();
recordSet.executeQuery(sql);
if (recordSet.next()) {
password = recordSet.getString("password");
secondaryPwd = recordSet.getString("secondaryPwd");
String useSecondaryPwd = recordSet.getString("useSecondaryPwd");
if (useSecondaryPwd.equals("1") && !secondaryPwd.equals("")) {
flag = true;
}
}
}
if (flag) {//修改二次验证密码
String formatsalt = PasswordUtil.getResourceSalt("" + user.getUID());
// 先确认旧密码
String oldSecondaryPwd = Util.null2String(request.getParameter("oldSecondaryPwd"));
RSA rsa = new RSA();
String isrsaopen = Util.null2String(recordSet.getPropValue("openRSA","isrsaopen"));
if("1".equals(isrsaopen)){
oldSecondaryPwd = rsa.decrypt(request,oldSecondaryPwd);
}
String[] encryptsOld = PasswordUtil.encrypt(oldSecondaryPwd, formatsalt);
if (user.isAdmin()) {
sql = "select id from HrmResourceManager where secondaryPwd = ? and id = ?";
} else {
sql = "select id from HrmResource where secondaryPwd = ? and id = ?";
}
// recordSet.executeQuery(sql,encryptsOld[0],user.getUID());
// if(!recordSet.next()){
// resultMap.put("status", "-1");
// resultMap.put("message", SystemEnv.getHtmlLabelName(382266, user.getLanguage()));//旧密码不正确
// return resultMap;
// }
if (!newSecondaryPwd1.equals(newSecondaryPwd2)) {
resultMap.put("status", "-1");
resultMap.put("message", SystemEnv.getHtmlLabelName(388448, user.getLanguage()));//两次密码不一致
}
String[] encrypts = PasswordUtil.encrypt(newSecondaryPwd1, formatsalt);
if (user.isAdmin()) {
sql = "update HrmResourceManager set secondaryPwd='" + encrypts[0] + "',useSecondaryPwd=1 where id=" + user.getUID();
} else {
sql = "update HrmResource set secondaryPwd='" + encrypts[0] + "',useSecondaryPwd=1 where id=" + user.getUID();
}
if (recordSet.executeUpdate(sql)) {
resultMap.put("sign", "1");
resultMap.put("message", SystemEnv.getHtmlLabelName(125983, user.getLanguage()));//修改密码成功
} else {
resultMap.put("sign", "-1");
resultMap.put("message", SystemEnv.getHtmlLabelName(126200, user.getLanguage()));//修改密码失败
}
} else {
String token = Util.null2String(request.getSession().getAttribute("init_second_token")) ;
request.getSession().removeAttribute("init_second_token");
if(StringUtils.isBlank(token) || !token.equalsIgnoreCase(user.getUID()+"")){
resultMap.put("status", "-1");
resultMap.put("message", SystemEnv.getHtmlLabelName(83912, user.getLanguage())+"(-100)");//参数有误
return resultMap;
}
/*为防止篡改CheckPassword的接口数据越权修改二次验证密码读取session中存储的登录密码再次校验一次登录密码*/
String loginPassword = Util.null2String(request.getSession(true).getAttribute("loginPassword"));
boolean isPass = checkLoginPassword(loginPassword);
request.getSession(true).removeAttribute("loginPassword");
if(!isPass){
resultMap.put("status", "-1");
resultMap.put("message", SystemEnv.getHtmlLabelName(388858, user.getLanguage()));//参数有误
return resultMap;
}
String formatsalt = PasswordUtil.getResourceSalt("" + user.getUID());
String[] encrypts = PasswordUtil.encrypt(secondaryPwd1, formatsalt);
if (password.equals(encrypts[0])) {
resultMap.put("status", "-1");
resultMap.put("message", SystemEnv.getHtmlLabelName(388448, user.getLanguage()));//为保安全性,请设置为和登录密码不同的密码
return resultMap;
}
if (!secondaryPwd1.equals(secondaryPwd2)) {
resultMap.put("status", "-1");
resultMap.put("message", SystemEnv.getHtmlLabelName(388448, user.getLanguage()));//两次密码不一致
}
encrypts = PasswordUtil.encrypt(secondaryPwd1, formatsalt);
if (user.isAdmin()) {
sql = "update HrmResourceManager set secondaryPwd='" + encrypts[0] + "',useSecondaryPwd=1 where id=" + user.getUID();
} else {
sql = "update HrmResource set secondaryPwd='" + encrypts[0] + "',useSecondaryPwd=1 where id=" + user.getUID();
}
if (recordSet.executeUpdate(sql)) {
resultMap.put("sign", "1");
resultMap.put("message", SystemEnv.getHtmlLabelName(10000305, Util.getIntValue(user.getLanguage())));//设置密码成功
} else {
resultMap.put("sign", "-1");
resultMap.put("message", SystemEnv.getHtmlLabelName(10000306, Util.getIntValue(user.getLanguage())));//设置密码失败
}
}
return resultMap;
}
/**
* 检查登录密码是否正确
*
* @param password 登录密码
* @return
*/
private boolean checkLoginPassword(String password) {
boolean isExsit = false;
RecordSet rs = new RecordSet();
String loginId = "";
String isADAccount = "";
String isADAccountSql = "select isADAccount,loginId from HrmResource where id = " + user.getUID();
rs.executeSql(isADAccountSql);
if (rs.next()) {
isADAccount = rs.getString("isADAccount");
loginId = rs.getString("loginId");
}
AuthenticUtil authenticUtil = new AuthenticUtil();
boolean isUseLdap =authenticUtil.checkType(loginId);
if (isUseLdap && ifEqlTarget(isADAccount, "1") && !"1".equals(user.getUID())) {
if (!authenticUtil.checkLogin(loginId, password).equals("100")) {
isExsit = false;
} else {
isExsit = true;
}
}else {
String dbSalt = PasswordUtil.getResourceSalt("" + user.getUID());
String[] encrypts = PasswordUtil.encrypt(password, dbSalt);
String pswd = encrypts[0];//加密后的密码
Map<String, Comparable> map = new HashMap<String, Comparable>();
map.put("id", "" + user.getUID());
map.put("password", pswd);
isExsit = new HrmResourceManager().get(map) != null;
if (!isExsit) {
isExsit = new HrmResourceManagerManager().get(map) != null;
}
}
//cas二次密码校验
if (new CasUtil().isUseCAS()&&!isExsit) {
String ticket = Util.null2String(new CASRestAPI().getInstance().getTicket(loginId, password));
if (ticket != "") {
isExsit = true;
}
}
return isExsit;
}
}
Reference in New Issue View Git Blame Copy Permalink