Skip to content

Commit d0b2ec5

Browse files
houkohouko
committed
给密码加点盐
1 parent 42ab45e commit d0b2ec5

File tree

9 files changed

+60
-35
lines changed

9 files changed

+60
-35
lines changed

admin/src/main/java/info/xiaomo/admin/controller/AdminUserController.java

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
import info.xiaomo.core.model.AdminModel;
66
import info.xiaomo.core.service.AdminUserService;
77
import info.xiaomo.core.untils.MD5Util;
8+
import info.xiaomo.core.untils.RandomUtil;
89
import org.springframework.beans.factory.annotation.Autowired;
910
import org.springframework.data.domain.Page;
1011
import org.springframework.web.bind.annotation.RequestMapping;
@@ -58,7 +59,7 @@ public Map<String, Object> login(@RequestParam String userName, @RequestParam St
5859
result.put(code, notFound);
5960
return result;
6061
}
61-
if (MD5Util.encode(password).equals(adminModel.getPassword())) {
62+
if (MD5Util.encode(password, adminModel.getSalt()).equals(adminModel.getPassword())) {
6263
result.put(code, success);
6364
result.put(adminUser, adminModel);
6465
} else {
@@ -98,9 +99,11 @@ public HashMap<String, Object> add(
9899
result.put(code, error);
99100
return result;
100101
}
102+
String salt = RandomUtil.createSalt();
101103
adminModel = new AdminModel();
102104
adminModel.setUserName(userName);
103-
adminModel.setPassword(MD5Util.encode(password));
105+
adminModel.setSalt(salt);
106+
adminModel.setPassword(MD5Util.encode(password, salt));
104107
adminModel.setStatus(authLevel);
105108
adminModel.setOperator(operator);
106109
AdminModel res = service.addAdminUser(adminModel);

admin/src/test/java/info/xiaomo/admin/test/adminTest/AdminControllerTest.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,7 @@ public class AdminControllerTest extends BaseTest {
4040
public void testAddAdminUser() {
4141
AdminModel model = new AdminModel();
4242
model.setUserName("test");
43-
model.setPassword(MD5Util.encode("test"));
43+
model.setPassword(MD5Util.encode("test","123"));
4444
model.setAuthLevel(1);
4545
model.setCreateTime(new Date());
4646
model.setUpdateTime(new Date());

core/src/main/java/info/xiaomo/core/model/AdminModel.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,8 @@ public class AdminModel extends BaseModel implements Serializable {
4141
*/
4242
private int status;
4343

44+
private String salt;
45+
4446
/**
4547
* 0(游客用户:默认admin) 1超级管理员
4648
*/
@@ -63,6 +65,14 @@ public String getPassword() {
6365
return password;
6466
}
6567

68+
public String getSalt() {
69+
return salt;
70+
}
71+
72+
public void setSalt(String salt) {
73+
this.salt = salt;
74+
}
75+
6676
public void setPassword(String password) {
6777
this.password = password;
6878
}

core/src/main/java/info/xiaomo/core/model/UserModel.java

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -34,9 +34,9 @@ public class UserModel extends BaseModel implements Serializable{
3434
private String password;
3535

3636
/**
37-
* 1己激活 0 未激活
37+
* 盐值
3838
*/
39-
private int validateStatus=0;//激活状态
39+
private String salt;
4040

4141
private String validateCode;//激活码
4242

@@ -104,12 +104,12 @@ public void setAddress(String address) {
104104
this.address = address;
105105
}
106106

107-
public int getValidateStatus() {
108-
return validateStatus;
107+
public String getSalt() {
108+
return salt;
109109
}
110110

111-
public void setValidateStatus(int validateStatus) {
112-
this.validateStatus = validateStatus;
111+
public void setSalt(String salt) {
112+
this.salt = salt;
113113
}
114114

115115
public String getValidateCode() {

core/src/main/java/info/xiaomo/core/untils/MD5Util.java

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -65,10 +65,10 @@ private static String byteToHexString(byte b) {
6565
return hexDigits[d1] + hexDigits[d2];
6666
}
6767

68-
public static String encode(String origin) {
68+
public static String encode(String origin, String salt) {
6969
String resultString = null;
7070
try {
71-
resultString = origin;
71+
resultString = origin + salt;
7272
MessageDigest md = MessageDigest.getInstance("md5");
7373
resultString = byteArrayToString(md.digest(resultString.getBytes()));
7474
} catch (Exception ex) {
@@ -80,7 +80,8 @@ public static String encode(String origin) {
8080
public static void main(String[] args) {
8181
String s = "xiaomo";
8282
System.out.println("原数据:" + s);
83-
System.out.println("MD5后:" + encode(s));
83+
System.out.println("MD5后:" + encode(s, "123"));
84+
System.out.println("MD5后:" + encode(s, ""));
8485
}
8586

8687
}

core/src/main/java/info/xiaomo/core/untils/MailUtil.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,14 +78,14 @@ public static String redirectValidateUrl(String email) {
7878
sb.append("<a href=\"http://xiaomo.info/路由地址?email=");
7979
sb.append(email);
8080
sb.append("&validateCode=");
81-
sb.append(MD5Util.encode(email + now));//邮箱加上当前时间戳,以保证每个验证码都是不一样的
81+
sb.append(MD5Util.encode(email, String.valueOf(now)));//邮箱加上当前时间戳,以保证每个验证码都是不一样的
8282
sb.append("&time=");
8383
sb.append(now);
8484
sb.append("\">");
8585
sb.append("http://xiaomo.info/路由地址?email=");
8686
sb.append(email);
8787
sb.append("&validateCode=");
88-
sb.append(MD5Util.encode(email + now));//邮箱加上当前时间戳,以保证每个验证码都是不一样的
88+
sb.append(MD5Util.encode(email, String.valueOf(now)));//邮箱加上当前时间戳,以保证每个验证码都是不一样的
8989
sb.append("&time=");
9090
sb.append(now);
9191
sb.append("</a><br/>");

core/src/main/java/info/xiaomo/core/untils/RandomUtil.java

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -120,4 +120,23 @@ public static int randomIndexByProb(int[] array) {
120120
}
121121
return randomIndexByProb(list);
122122
}
123+
124+
public static String createSalt() {
125+
String[] str = {"0", "1", "2", "3", "4", "5", "6", "7", "8", "9",
126+
"a", "b", "c", "d", "e", "f", "g", "h", "i", "j",
127+
"k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z"};
128+
int number = str.length;
129+
//接收随机字符
130+
String text = "";
131+
Random random = new Random();
132+
//随机产生4个字符的字符串
133+
for (int i = 0; i < 4; i++) {
134+
text += str[random.nextInt(number)];
135+
}
136+
return text;
137+
}
138+
139+
public static void main(String[] args) {
140+
System.out.println(createSalt());
141+
}
123142
}

web/src/main/java/info/xiaomo/web/controller/UserController.java

Lines changed: 8 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,7 @@
99
import info.xiaomo.core.model.UserModel;
1010
import info.xiaomo.core.service.QQUserService;
1111
import info.xiaomo.core.service.UserService;
12-
import info.xiaomo.core.untils.DateUtil;
13-
import info.xiaomo.core.untils.FileUtil;
14-
import info.xiaomo.core.untils.MD5Util;
15-
import info.xiaomo.core.untils.MailUtil;
12+
import info.xiaomo.core.untils.*;
1613
import org.hibernate.service.spi.ServiceException;
1714
import org.springframework.beans.factory.annotation.Autowired;
1815
import org.springframework.web.bind.annotation.RequestMapping;
@@ -65,14 +62,8 @@ public HashMap<String, Object> login(@RequestParam String email, @RequestParam S
6562
result.put(code, notFound);
6663
return result;
6764
}
68-
//邮箱未验证
69-
if (userModel.getValidateStatus() == 0) {
70-
result.put(code, notActivated);
71-
result.put(user, userModel);
72-
return result;
73-
}
7465
//密码不正确
75-
if (!MD5Util.encode(password).equals(userModel.getPassword())) {
66+
if (!MD5Util.encode(password, userModel.getSalt()).equals(userModel.getPassword())) {
7667
result.put(code, error);
7768
return result;
7869
}
@@ -224,16 +215,16 @@ public HashMap<String, Object> validateEmail(
224215
return result;
225216
}
226217
//激活
218+
String salt = RandomUtil.createSalt();
227219
userModel = new UserModel();
228220
userModel.setNickName(email);
229221
userModel.setEmail(email);
230222
userModel.setGender(GenderType.secret);
231223
userModel.setImgUrl(WebDefaultValueConst.defaultImage);//默认是个百度的LOGO,作测试用
232-
userModel.setValidateStatus(1);//状态:己激活
233-
userModel.setValidateCode(MD5Util.encode(email));
224+
userModel.setValidateCode(MD5Util.encode(email, ""));
234225
userModel.setPhone(0L);
235226
userModel.setAddress("");
236-
userModel.setPassword(MD5Util.encode(password));
227+
userModel.setPassword(MD5Util.encode(password, salt));
237228
userModel = service.addUser(userModel);
238229
LOGGER.info("用户{}使用激活码{}激活邮箱成功!", userModel.getEmail(), userModel.getValidateCode());
239230
result.put(user, userModel);
@@ -243,6 +234,7 @@ public HashMap<String, Object> validateEmail(
243234

244235
/**
245236
* 修改密码
237+
*
246238
* @param email
247239
* @param password
248240
* @return
@@ -258,7 +250,8 @@ public HashMap<String, Object> changePassword(
258250
result.put(code, notFound);
259251
return result;
260252
}
261-
userByEmail.setPassword(MD5Util.encode(password));
253+
String salt = RandomUtil.createSalt();
254+
userByEmail.setPassword(MD5Util.encode(password, salt));
262255
UserModel userModel = service.updateUser(userByEmail);
263256
result.put(code, success);
264257
result.put(user, userModel);

web/src/test/java/info/xiaomo/admin/test/UserTest/UserControllerTest.java

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ public void testRegister() {
4848
UserModel userModel = new UserModel();
4949
userModel.setEmail("hupengbest@163.com");
5050
userModel.setImgUrl(WebDefaultValueConst.defaultImage);
51-
userModel.setValidateCode(MD5Util.encode(userModel.getEmail()));
51+
userModel.setValidateCode(MD5Util.encode(userModel.getEmail(), ""));
5252
userModel.setAddress("万轮科技园");
5353
userModel.setPhone(15172299114L);
5454
userModel.setGender(1);
@@ -82,9 +82,9 @@ public void testUpdate() throws UserNotFoundException {
8282
UserModel userModel = new UserModel();
8383
userModel.setEmail("hupengbest@163.com");
8484
userModel.setNickName("hp");
85-
userModel.setPassword(MD5Util.encode("hp"));
85+
userModel.setPassword(MD5Util.encode("hp", ""));
8686
userModel.setImgUrl(WebDefaultValueConst.defaultImage);
87-
userModel.setValidateCode(MD5Util.encode(userModel.getEmail()));
87+
userModel.setValidateCode(MD5Util.encode(userModel.getEmail(), ""));
8888
userModel.setAddress("万轮科技园7号楼");
8989
userModel.setPhone(15172299114L);
9090
userModel.setGender(0);
@@ -120,11 +120,10 @@ public void testValidateEmail() {
120120
userModel.setEmail(email);
121121
userModel.setGender(GenderType.secret);
122122
userModel.setImgUrl(WebDefaultValueConst.defaultImage);//默认是个百度的LOGO,作测试用
123-
userModel.setValidateStatus(1);//状态:己激活
124-
userModel.setValidateCode(MD5Util.encode(email));
123+
userModel.setValidateCode(MD5Util.encode(email, ""));
125124
userModel.setPhone(0L);
126125
userModel.setAddress("");
127-
userModel.setPassword(MD5Util.encode(password));
126+
userModel.setPassword(MD5Util.encode(password, ""));
128127
userModel.setCreateTime(new Date());
129128
userModel.setUpdateTime(new Date());
130129
userModel = service.addUser(userModel);

0 commit comments

Comments
 (0)