diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/dto/request/user/PersonalUpdatePasswordRequest.java b/backend/services/system-setting/src/main/java/io/metersphere/system/dto/request/user/PersonalUpdatePasswordRequest.java index dddf59bddd..5d98262246 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/dto/request/user/PersonalUpdatePasswordRequest.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/dto/request/user/PersonalUpdatePasswordRequest.java @@ -1,5 +1,7 @@ package io.metersphere.system.dto.request.user; +import io.metersphere.sdk.util.RsaKey; +import io.metersphere.sdk.util.RsaUtils; import io.swagger.v3.oas.annotations.media.Schema; import jakarta.validation.constraints.NotBlank; import lombok.Data; @@ -19,4 +21,21 @@ public class PersonalUpdatePasswordRequest { @NotBlank(message = "{user.password.not.blank}") private String newPassword; + public String getOldPassword() { + try { + RsaKey rsaKey = RsaUtils.getRsaKey(); + return RsaUtils.privateDecrypt(oldPassword, rsaKey.getPrivateKey()); + } catch (Exception e) { + return oldPassword; + } + } + + public String getNewPassword() { + try { + RsaKey rsaKey = RsaUtils.getRsaKey(); + return RsaUtils.privateDecrypt(newPassword, rsaKey.getPrivateKey()); + } catch (Exception e) { + return newPassword; + } + } } diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/dto/user/PersonalDTO.java b/backend/services/system-setting/src/main/java/io/metersphere/system/dto/user/PersonalDTO.java index da14d11b3b..0346b599d9 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/dto/user/PersonalDTO.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/dto/user/PersonalDTO.java @@ -6,8 +6,9 @@ import io.metersphere.system.domain.User; import io.swagger.v3.oas.annotations.media.Schema; import lombok.Data; import lombok.EqualsAndHashCode; +import lombok.NoArgsConstructor; -import java.util.LinkedHashMap; +import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -19,5 +20,40 @@ public class PersonalDTO extends User { private String avatar; @Schema(description = "用户所属组织和项目") - private Map> organizationProjectMap = new LinkedHashMap<>(); + private List orgProjectList = new ArrayList<>(); + + public void setOrgProjectList(Map> organizationProjectMap) { + for (Map.Entry> entry : organizationProjectMap.entrySet()) { + Organization org = entry.getKey(); + List projectList = entry.getValue(); + OrgInfo orgInfo = new OrgInfo(org, projectList); + this.orgProjectList.add(orgInfo); + } + } +} + +@Data +@NoArgsConstructor +class OrgInfo { + private String orgId; + private String orgName; + List projectList = new ArrayList<>(); + + public OrgInfo(Organization org, List projectList) { + this.orgId = org.getId(); + this.orgName = org.getName(); + for (Project project : projectList) { + ProjectInfo projectInfo = new ProjectInfo(); + projectInfo.setProjectId(project.getId()); + projectInfo.setProjectName(project.getName()); + this.projectList.add(projectInfo); + } + + } +} + +@Data +class ProjectInfo { + private String projectId; + private String projectName; } diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtUserMapper.java b/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtUserMapper.java index 21f113836a..546b9d243e 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtUserMapper.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtUserMapper.java @@ -1,7 +1,7 @@ package io.metersphere.system.mapper; -import io.metersphere.system.dto.user.UserExtendDTO; import io.metersphere.system.domain.User; +import io.metersphere.system.dto.user.UserExtendDTO; import org.apache.ibatis.annotations.Param; import java.util.List; @@ -31,4 +31,8 @@ public interface ExtUserMapper { * @return 用户列表 */ ListgetUserByPermission(@Param("projectId") String projectId, @Param("keyword") String keyword, @Param("permission") String permission); + + long countByIdAndPassword(@Param("userId") String id, @Param("password") String password); + + long updatePasswordByUserId(@Param("userId") String id, @Param("password") String password); } diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtUserMapper.xml b/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtUserMapper.xml index 975e6efd1c..9c19d13794 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtUserMapper.xml +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/mapper/ExtUserMapper.xml @@ -70,5 +70,15 @@ GROUP BY urr.user_id limit 100 - + + + UPDATE user + SET password = MD5(#{password}) + WHERE id = #{userId} + \ No newline at end of file diff --git a/backend/services/system-setting/src/main/java/io/metersphere/system/service/UserService.java b/backend/services/system-setting/src/main/java/io/metersphere/system/service/UserService.java index fca2d70da2..e696b546f9 100644 --- a/backend/services/system-setting/src/main/java/io/metersphere/system/service/UserService.java +++ b/backend/services/system-setting/src/main/java/io/metersphere/system/service/UserService.java @@ -158,7 +158,7 @@ public class UserService { PersonalDTO personalDTO = new PersonalDTO(); if (userDTO != null) { BeanUtils.copyBean(personalDTO, userDTO); - personalDTO.setOrganizationProjectMap(userRoleRelationService.selectOrganizationProjectByUserId(userDTO.getId())); + personalDTO.setOrgProjectList(userRoleRelationService.selectOrganizationProjectByUserId(userDTO.getId())); } return personalDTO; } @@ -183,7 +183,7 @@ public class UserService { return returnList; } - private void checkUserEmail(String id, String email) { + public void checkUserEmail(String id, String email) { UserExample userExample = new UserExample(); userExample.createCriteria().andEmailEqualTo(email).andIdNotEqualTo(id); if (userMapper.countByExample(userExample) > 0) { @@ -192,9 +192,7 @@ public class UserService { } private void checkOldPassword(String id, String password) { - UserExample userExample = new UserExample(); - userExample.createCriteria().andPasswordEqualTo(password).andIdEqualTo(id); - if (userMapper.countByExample(userExample) != 1) { + if (extUserMapper.countByIdAndPassword(id, password) != 1) { throw new MSException(Translator.get("password_modification_failed")); } } @@ -552,9 +550,6 @@ public class UserService { public boolean updatePassword(PersonalUpdatePasswordRequest request) { this.checkOldPassword(request.getId(), request.getOldPassword()); - User editUser = new User(); - editUser.setId(request.getId()); - editUser.setPassword(request.getNewPassword()); - return userMapper.updateByPrimaryKeySelective(editUser) > 0; + return extUserMapper.updatePasswordByUserId(request.getId(), request.getNewPassword()) > 0; } } diff --git a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/user/PersonalControllerTests.java b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/user/PersonalControllerTests.java index 9c42deec34..f3b65a4c8b 100644 --- a/backend/services/system-setting/src/test/java/io/metersphere/system/controller/user/PersonalControllerTests.java +++ b/backend/services/system-setting/src/test/java/io/metersphere/system/controller/user/PersonalControllerTests.java @@ -3,6 +3,8 @@ package io.metersphere.system.controller.user; import io.metersphere.sdk.constants.PermissionConstants; import io.metersphere.sdk.util.CodingUtils; import io.metersphere.sdk.util.JSON; +import io.metersphere.sdk.util.RsaKey; +import io.metersphere.sdk.util.RsaUtils; import io.metersphere.system.base.BaseTest; import io.metersphere.system.controller.handler.ResultHolder; import io.metersphere.system.domain.UserExample; @@ -10,8 +12,10 @@ import io.metersphere.system.domain.UserExtendExample; import io.metersphere.system.dto.request.user.PersonalUpdatePasswordRequest; import io.metersphere.system.dto.request.user.PersonalUpdateRequest; import io.metersphere.system.dto.user.UserDTO; +import io.metersphere.system.log.constants.OperationLogType; import io.metersphere.system.mapper.UserExtendMapper; import io.metersphere.system.mapper.UserMapper; +import io.metersphere.system.service.UserService; import io.metersphere.system.uid.IDGenerator; import io.metersphere.system.utils.user.PersonalRequestUtils; import jakarta.annotation.Resource; @@ -32,6 +36,8 @@ public class PersonalControllerTests extends BaseTest { @Resource private UserMapper userMapper; + @Resource + private UserService userService; @Test @Order(0) @@ -56,6 +62,9 @@ public class PersonalControllerTests extends BaseTest { @Test @Order(1) void testPersonalUpdateInfo() throws Exception { + //方法测试 + userService.checkUserEmail(IDGenerator.nextStr(), "admin_update@metersphere.io"); + PersonalUpdateRequest request = new PersonalUpdateRequest(); request.setId(loginUser); request.setEmail("admin_update@metersphere.io"); @@ -65,6 +74,14 @@ public class PersonalControllerTests extends BaseTest { UserDTO userDTO = this.selectUserDTO(loginUser); this.checkUserInformation(userDTO, request); + boolean methodCheck = false; + try { + userService.checkUserEmail(IDGenerator.nextStr(), "admin_update@metersphere.io"); + } catch (Exception e) { + methodCheck = true; + } + Assertions.assertTrue(methodCheck); + //修改头像 UserExtendExample example = new UserExtendExample(); example.createCriteria().andIdEqualTo(loginUser); @@ -136,6 +153,7 @@ public class PersonalControllerTests extends BaseTest { request.setUsername("'Administrator'"); request.setPhone("12345678901"); this.requestPostPermissionTest(PermissionConstants.SYSTEM_PERSONAL_READ_UPDATE, PersonalRequestUtils.URL_PERSONAL_UPDATE_INFO, request); + this.checkLog(loginUser, OperationLogType.UPDATE, PersonalRequestUtils.URL_PERSONAL_UPDATE_INFO); } private void checkUserInformation(UserDTO userDTO, PersonalUpdateRequest request) { @@ -156,10 +174,12 @@ public class PersonalControllerTests extends BaseTest { @Test @Order(2) void testPersonalUpdatePassword() throws Exception { + RsaKey rsaKey = RsaUtils.getRsaKey(); + PersonalUpdatePasswordRequest request = new PersonalUpdatePasswordRequest(); request.setId(loginUser); - request.setOldPassword(CodingUtils.md5("metersphere")); - request.setNewPassword(CodingUtils.md5("metersphere222")); + request.setOldPassword(RsaUtils.publicEncrypt("metersphere", rsaKey.getPublicKey())); + request.setNewPassword(RsaUtils.publicEncrypt("metersphere222", rsaKey.getPublicKey())); this.requestPostWithOk(PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD, request); UserExample example = new UserExample(); @@ -169,8 +189,8 @@ public class PersonalControllerTests extends BaseTest { //修改回去 request = new PersonalUpdatePasswordRequest(); request.setId(loginUser); - request.setOldPassword(CodingUtils.md5("metersphere222")); - request.setNewPassword(CodingUtils.md5("metersphere")); + request.setOldPassword(RsaUtils.publicEncrypt("metersphere222", rsaKey.getPublicKey())); + request.setNewPassword(RsaUtils.publicEncrypt("metersphere", rsaKey.getPublicKey())); this.requestPostWithOk(PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD, request); example.clear(); example.createCriteria().andIdEqualTo(loginUser).andPasswordEqualTo(CodingUtils.md5("metersphere")); @@ -179,44 +199,46 @@ public class PersonalControllerTests extends BaseTest { //密码错误 request = new PersonalUpdatePasswordRequest(); request.setId(loginUser); - request.setOldPassword(CodingUtils.md5("metersphere222")); - request.setNewPassword(CodingUtils.md5("metersphere")); + request.setOldPassword(RsaUtils.publicEncrypt("metersphere222", rsaKey.getPublicKey())); + request.setNewPassword(RsaUtils.publicEncrypt("metersphere", rsaKey.getPublicKey())); this.requestPost(PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD, request).andExpect(status().is5xxServerError()); //参数校验 request = new PersonalUpdatePasswordRequest(); - request.setOldPassword(CodingUtils.md5("metersphere222")); - request.setNewPassword(CodingUtils.md5("metersphere")); + request.setOldPassword(RsaUtils.publicEncrypt("metersphere222", rsaKey.getPublicKey())); + request.setNewPassword(RsaUtils.publicEncrypt("metersphere", rsaKey.getPublicKey())); this.requestPost(PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD, request).andExpect(status().isBadRequest()); request = new PersonalUpdatePasswordRequest(); request.setId(loginUser); - request.setNewPassword(CodingUtils.md5("metersphere")); + request.setNewPassword(RsaUtils.publicEncrypt("metersphere", rsaKey.getPublicKey())); this.requestPost(PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD, request).andExpect(status().isBadRequest()); request = new PersonalUpdatePasswordRequest(); request.setId(loginUser); - request.setOldPassword(CodingUtils.md5("metersphere222")); + request.setOldPassword(RsaUtils.publicEncrypt("metersphere222", rsaKey.getPublicKey())); this.requestPost(PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD, request).andExpect(status().isBadRequest()); //修改非当前人 request = new PersonalUpdatePasswordRequest(); request.setId(IDGenerator.nextStr()); - request.setOldPassword(CodingUtils.md5("metersphere")); + request.setOldPassword(RsaUtils.publicEncrypt("metersphere", rsaKey.getPublicKey())); request.setNewPassword(CodingUtils.md5("metersphere333")); this.requestPost(PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD, request).andExpect(status().is5xxServerError()); //权限校验 request = new PersonalUpdatePasswordRequest(); request.setId(loginUser); - request.setOldPassword(CodingUtils.md5("metersphere222")); - request.setNewPassword(CodingUtils.md5("metersphere")); + request.setOldPassword(RsaUtils.publicEncrypt("metersphere222", rsaKey.getPublicKey())); + request.setNewPassword(RsaUtils.publicEncrypt("metersphere", rsaKey.getPublicKey())); this.requestPostPermissionTest(PermissionConstants.SYSTEM_PERSONAL_READ_UPDATE, PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD, request); //最后检查密码是否回归原密码 example.clear(); example.createCriteria().andIdEqualTo(loginUser).andPasswordEqualTo(CodingUtils.md5("metersphere")); Assertions.assertEquals(userMapper.countByExample(example), 1); + + this.checkLog(loginUser, OperationLogType.UPDATE, PersonalRequestUtils.URL_PERSONAL_UPDATE_PASSWORD); } }