优化

src/main/java/io/renren/modules/sys/controller/SysLoginController.java

@@ -5,11 +5,13 @@ import com.google.code.kaptcha.Producer;
import io.renren.common.utils.R;
import io.renren.common.utils.ShiroUtils;
import io.renren.modules.sys.entity.SysUserEntity;
import io.renren.modules.sys.form.LoginForm;
import io.renren.modules.sys.service.SysUserService;
import io.renren.modules.sys.service.SysUserTokenService;
import org.apache.commons.io.IOUtils;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
@@ -62,19 +64,19 @@ public class SysLoginController extends AbstractController {
	 * 登录
	 */
	@RequestMapping(value = "/sys/login", method = RequestMethod.POST)
	public Map<String, Object> login(String username, String password, String captcha)throws IOException {
	public Map<String, Object> login(@RequestBody LoginForm form)throws IOException {
		//本项目已实现，前后端完全分离，但页面还是跟项目放在一起了，所以还是会依赖session
		//如果想把页面单独放到nginx里，实现前后端完全分离，则需要把验证码注释掉(因为不再依赖session了)
		String kaptcha = ShiroUtils.getKaptcha(Constants.KAPTCHA_SESSION_KEY);
		if(!captcha.equalsIgnoreCase(kaptcha)){
			return R.error("验证码不正确");
		}
//		String kaptcha = ShiroUtils.getKaptcha(Constants.KAPTCHA_SESSION_KEY);
//		if(!captcha.equalsIgnoreCase(kaptcha)){
//			return R.error("验证码不正确");
//		}
		//用户信息
		SysUserEntity user = sysUserService.queryByUserName(username);
		SysUserEntity user = sysUserService.queryByUserName(form.getUsername());
		//账号不存在、密码错误
		if(user == null || !user.getPassword().equals(new Sha256Hash(password, user.getSalt()).toHex())) {
		if(user == null || !user.getPassword().equals(new Sha256Hash(form.getPassword(), user.getSalt()).toHex())) {
			return R.error("账号或密码不正确");
		}

src/main/java/io/renren/modules/sys/controller/SysUserController.java

@@ -10,6 +10,7 @@ import io.renren.common.validator.ValidatorUtils;
import io.renren.common.validator.group.AddGroup;
import io.renren.common.validator.group.UpdateGroup;
import io.renren.modules.sys.entity.SysUserEntity;
import io.renren.modules.sys.form.PasswordForm;
import io.renren.modules.sys.service.SysUserRoleService;
import io.renren.modules.sys.service.SysUserService;
import org.apache.commons.lang.ArrayUtils;
@@ -70,13 +71,13 @@ public class SysUserController extends AbstractController {
	 */
	@SysLog("修改密码")
	@RequestMapping("/password")
	public R password(String password, String newPassword){
		Assert.isBlank(newPassword, "新密码不为能空");
	public R password(@RequestBody PasswordForm form){
		Assert.isBlank(form.getNewPassword(), "新密码不为能空");
		
		//sha256加密
		password = new Sha256Hash(password, getUser().getSalt()).toHex();
		String password = new Sha256Hash(form.getPassword(), getUser().getSalt()).toHex();
		//sha256加密
		newPassword = new Sha256Hash(newPassword, getUser().getSalt()).toHex();
		String newPassword = new Sha256Hash(form.getNewPassword(), getUser().getSalt()).toHex();
				
		//更新密码
		int count = sysUserService.updatePassword(getUserId(), password, newPassword);

src/main/java/io/renren/modules/sys/form/LoginForm.java

@@ -0,0 +1,53 @@
/**
 * Copyright 2018 人人开源 http://www.renren.io
 * <p>
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 * <p>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package io.renren.modules.sys.form;
/**
 * 登录表单
 *
 * @author Mark sunlightcs@gmail.com
 * @since 1.4.0 2018-01-25
 */
public class LoginForm {
    private String username;
    private String password;
    private String captcha;
    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
    public String getCaptcha() {
        return captcha;
    }
    public void setCaptcha(String captcha) {
        this.captcha = captcha;
    }
}

src/main/java/io/renren/modules/sys/form/PasswordForm.java

@@ -0,0 +1,50 @@
/**
 * Copyright 2018 人人开源 http://www.renren.io
 * <p>
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 * <p>
 * http://www.apache.org/licenses/LICENSE-2.0
 * <p>
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package io.renren.modules.sys.form;
/**
 * 密码表单
 *
 * @author Mark sunlightcs@gmail.com
 * @since 1.4.0 2018-01-25
 */
public class PasswordForm {
    /**
     * 原密码
     */
    private String password;
    /**
     * 新密码
     */
    private String newPassword;
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
    public String getNewPassword() {
        return newPassword;
    }
    public void setNewPassword(String newPassword) {
        this.newPassword = newPassword;
    }
}

src/main/java/io/renren/modules/sys/service/impl/SysUserRoleServiceImpl.java

@@ -26,12 +26,12 @@ public class SysUserRoleServiceImpl implements SysUserRoleService {
	@Override
	public void saveOrUpdate(Long userId, List<Long> roleIdList) {
		if(roleIdList.size() == 0){
			return ;
		}
		
		//先删除用户与角色关系
		sysUserRoleDao.delete(userId);
		if(roleIdList == null || roleIdList.size() == 0){
			return ;
		}
		
		//保存用户与角色关系
		Map<String, Object> map = new HashMap<>();

src/main/resources/static/js/index.js

@@ -38,8 +38,10 @@ var vm = new Vue({
		user:{},
		menuList:{},
		main:"main.html",
		password:'',
		newPassword:'',
        form:{
            password:'',
            newPassword:''
		},
        navTitle:"欢迎页"
	},
	methods: {
@@ -64,12 +66,12 @@ var vm = new Vue({
				content: jQuery("#passwordLayer"),
				btn: ['修改','取消'],
				btn1: function (index) {
					var data = "password="+vm.password+"&newPassword="+vm.newPassword;
					$.ajax({
						type: "POST",
					    url: baseURL + "sys/user/password",
					    data: data,
					    dataType: "json",
                        contentType: "application/json",
                        data: JSON.stringify(vm.form),
					    success: function(r){
							if(r.code == 0){
								layer.close(index);

src/main/resources/static/swagger/index.yaml

@@ -33,20 +33,12 @@ paths:
      produces:
        - application/json
      parameters:
        - name: username
          description: 用户名
          in: query
          type: string
          required: true
        - name: password
          description: 密码
          in: query
          type: string
          required: true
        - name: captcha
          description: 验证码
          in: query
        - name: body
          description: 管理员对象
          in: body
          type: string
          schema:
            $ref: '#/definitions/LoginForm'
          required: true
      responses:
        '200':
@@ -140,15 +132,12 @@ paths:
      produces:
        - application/json
      parameters:
        - name: password
          description: 原密码
          in: query
          type: string
          required: true
        - name: newPassword
          description: 新密码
          in: query
        - name: body
          description: 管理员对象
          in: body
          type: string
          schema:
            $ref: '#/definitions/PasswordForm'
          required: true
      responses:
        '200':
@@ -1050,7 +1039,27 @@ definitions:
        msg:
          description: 失败原因
          type: string
  LoginForm:
    type: object
    properties:
      username:
        description: 用户名
        type: string
      password:
        description: 密码
        type: string
      captcha:
        description: 验证码
        type: string
  PasswordForm:
    type: object
    properties:
      password:
        description: 原密码
        type: string
      newPassword:
        description: 新密码
        type: string
  SysUserEntity:
    type: object
    properties:

src/main/resources/views/index.html

@@ -108,13 +108,13 @@
		<div class="form-group">
		   	<div class="col-sm-2 control-label">原密码</div>
		   	<div class="col-sm-10">
		      <input type="password" class="form-control" v-model="password" placeholder="原密码"/>
		      <input type="password" class="form-control" v-model="form.password" placeholder="原密码"/>
		    </div>
		</div>
		<div class="form-group">
		   	<div class="col-sm-2 control-label">新密码</div>
		   	<div class="col-sm-10">
		      <input type="text" class="form-control" v-model="newPassword" placeholder="新密码"/>
		      <input type="text" class="form-control" v-model="form.newPassword" placeholder="新密码"/>
		    </div>
		</div>
	</div>

src/main/resources/views/login.html

@@ -33,15 +33,15 @@
        <h4 style="margin-bottom: 0px;"><i class="fa fa-exclamation-circle"></i> {{errorMsg}}</h4>
      </div>
      <div class="form-group has-feedback">
          <input type="text" class="form-control" v-model="username" placeholder="账号">
          <input type="text" class="form-control" v-model="form.username" placeholder="账号">
          <span class="glyphicon glyphicon-user form-control-feedback"></span>
      </div>
      <div class="form-group has-feedback">
          <input type="password" class="form-control" v-model="password" placeholder="密码">
          <input type="password" class="form-control" v-model="form.password" placeholder="密码">
          <span class="glyphicon glyphicon-lock form-control-feedback"></span>
      </div>
      <div class="form-group has-feedback">
          <input type="text" class="form-control" v-model="captcha" @keyup.enter="login" placeholder="验证码">
          <input type="text" class="form-control" v-model="form.captcha" @keyup.enter="login" placeholder="验证码">
          <span class="glyphicon glyphicon-warning-sign form-control-feedback"></span>
      </div>
      <div class="form-group has-feedback">
@@ -76,9 +76,11 @@
    var vm = new Vue({
        el:'#rrapp',
        data:{
            username: '',
            password: '',
            captcha: '',
            form: {
                username: '',
                password: '',
                captcha: ''
            },
            error: false,
            errorMsg: '',
            src: 'captcha.jpg'
@@ -93,12 +95,12 @@
                this.src = "captcha.jpg?t=" + $.now();
            },
            login: function () {
                var data = "username="+vm.username+"&password="+vm.password+"&captcha="+vm.captcha;
                $.ajax({
                    type: "POST",
                    url: baseURL + "sys/login",
                    data: data,
                    dataType: "json",
                    contentType: "application/json",
                    data: JSON.stringify(vm.form),
                    success: function(r){
                        if(r.code == 0){//登录成功
                            localStorage.setItem("token", r.token);