修复个人信息修改漏洞

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java

@@ -1,13 +1,11 @@
 package com.ruoyi.web.controller.system;
 
-import org.apache.shiro.crypto.hash.Md5Hash;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -17,6 +15,7 @@ import com.ruoyi.common.annotation.Log;
 import com.ruoyi.common.base.AjaxResult;
 import com.ruoyi.common.config.Global;
 import com.ruoyi.common.enums.BusinessType;
+import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.framework.shiro.service.SysPasswordService;
 import com.ruoyi.framework.util.FileUploadUtils;
 import com.ruoyi.framework.util.ShiroUtils;
@@ -66,54 +65,63 @@ public class SysProfileController extends BaseController
     public boolean checkPassword(String password)
     {
         SysUser user = getSysUser();
-        String encrypt = new Md5Hash(user.getLoginName() + password + user.getSalt()).toHex().toString();
-        if (user.getPassword().equals(encrypt))
+        if (passwordService.matches(user, password))
         {
             return true;
         }
         return false;
     }
 
-    @GetMapping("/resetPwd/{userId}")
-    public String resetPwd(@PathVariable("userId") Long userId, ModelMap mmap)
+    @GetMapping("/resetPwd")
+    public String resetPwd(ModelMap mmap)
     {
-        mmap.put("user", userService.selectUserById(userId));
+        SysUser user = getSysUser();
+        mmap.put("user", userService.selectUserById(user.getUserId()));
         return prefix + "/resetPwd";
     }
 
     @Log(title = "重置密码", businessType = BusinessType.UPDATE)
     @PostMapping("/resetPwd")
     @ResponseBody
-    public AjaxResult resetPwd(SysUser user)
+    public AjaxResult resetPwd(String oldPassword, String newPassword)
     {
-        user.setSalt(ShiroUtils.randomSalt());
-        user.setPassword(passwordService.encryptPassword(user.getLoginName(), user.getPassword(), user.getSalt()));
-        int rows = userService.resetUserPwd(user);
-        if (rows > 0)
+        SysUser user = getSysUser();
+        if (StringUtils.isNotEmpty(newPassword) && passwordService.matches(user, oldPassword))
         {
-            setSysUser(userService.selectUserById(user.getUserId()));
-            return success();
+            user.setSalt(ShiroUtils.randomSalt());
+            user.setPassword(passwordService.encryptPassword(user.getLoginName(), newPassword, user.getSalt()));
+            if (userService.resetUserPwd(user) > 0)
+            {
+                setSysUser(userService.selectUserById(user.getUserId()));
+                return success();
+            }
+            return error();
+        }
+        else
+        {
+            return error("修改密码失败，旧密码错误");
         }
-        return error();
     }
 
     /**
      * 修改用户
      */
-    @GetMapping("/edit/{userId}")
-    public String edit(@PathVariable("userId") Long userId, ModelMap mmap)
+    @GetMapping("/edit")
+    public String edit(ModelMap mmap)
     {
-        mmap.put("user", userService.selectUserById(userId));
+        SysUser user = getSysUser();
+        mmap.put("user", userService.selectUserById(user.getUserId()));
         return prefix + "/edit";
     }
 
     /**
      * 修改头像
      */
-    @GetMapping("/avatar/{userId}")
-    public String avatar(@PathVariable("userId") Long userId, ModelMap mmap)
+    @GetMapping("/avatar")
+    public String avatar(ModelMap mmap)
     {
-        mmap.put("user", userService.selectUserById(userId));
+        SysUser user = getSysUser();
+        mmap.put("user", userService.selectUserById(user.getUserId()));
         return prefix + "/avatar";
     }
 
@@ -125,9 +133,14 @@ public class SysProfileController extends BaseController
     @ResponseBody
     public AjaxResult update(SysUser user)
     {
-        if (userService.updateUserInfo(user) > 0)
+        SysUser currentUser = getSysUser();
+        currentUser.setUserName(user.getUserName());
+        currentUser.setEmail(user.getEmail());
+        currentUser.setPhonenumber(user.getPhonenumber());
+        currentUser.setSex(user.getSex());
+        if (userService.updateUserInfo(currentUser) > 0)
         {
-            setSysUser(userService.selectUserById(user.getUserId()));
+            setSysUser(userService.selectUserById(currentUser.getUserId()));
             return success();
         }
         return error();
@@ -139,17 +152,18 @@ public class SysProfileController extends BaseController
     @Log(title = "个人信息", businessType = BusinessType.UPDATE)
     @PostMapping("/updateAvatar")
     @ResponseBody
-    public AjaxResult updateAvatar(SysUser user, @RequestParam("avatarfile") MultipartFile file)
+    public AjaxResult updateAvatar(@RequestParam("avatarfile") MultipartFile file)
     {
+        SysUser currentUser = getSysUser();
         try
         {
             if (!file.isEmpty())
             {
                 String avatar = FileUploadUtils.upload(Global.getAvatarPath(), file);
-                user.setAvatar(avatar);
-                if (userService.updateUserInfo(user) > 0)
+                currentUser.setAvatar(avatar);
+                if (userService.updateUserInfo(currentUser) > 0)
                 {
-                    setSysUser(userService.selectUserById(user.getUserId()));
+                    setSysUser(userService.selectUserById(currentUser.getUserId()));
                     return success();
                 }
             }