1、密码生成及校验规则调整；

sckw-auth/src/main/java/com/sckw/auth/service/impl/AuthServiceImpl.java

@@ -142,7 +142,7 @@ public class AuthServiceImpl implements IAuthService {
         KwsUserResDto kwsUser = kwsUsers.get(0);
         //密码校验、验证码
         if (StringUtils.isNotBlank(reqDto.getPassword())) {
-            remoteUserService.checkPassword(reqDto.getPassword(), kwsUser.getPassword());
+            remoteUserService.checkPassword(reqDto.getAccount(), reqDto.getPassword(), kwsUser.getPassword(), kwsUser.getSalt());
         } else {
             String key = Global.USER_LOGIN_CAPTCHA + reqDto.getSystemType() + Global.COLON + kwsUser.getAccount();
 //            String captcha = RedissonUtils.getString(key);
@@ -353,8 +353,8 @@ public class AuthServiceImpl implements IAuthService {
         if (driver == null) {
             return HttpResult.error(HttpStatus.QUERY_FAIL_CODE, "账号不存在，请检查并重新输入！");
         }
-        if (loginBase.getLoginMethod() == LoginMethodEnum.ORDINARY.getValue()
-                && !PasswordUtils.validatePassword(loginBase.getPassword(), driver.getPassword())) {
+        boolean bool = PasswordUtils.validatePassword(loginBase.getAccount() + loginBase.getPassword(), driver.getPassword(), driver.getSalt());
+        if (loginBase.getLoginMethod() == LoginMethodEnum.ORDINARY.getValue() && !bool) {
             return HttpResult.error(HttpStatus.CODE_10301, "密码不正确，请检查并重新输入！");
         }
         if (driver.getStatus() == Global.YES) {
@@ -404,8 +404,8 @@ public class AuthServiceImpl implements IAuthService {
         if (user == null) {
             return HttpResult.error(HttpStatus.QUERY_FAIL_CODE, "账号不存在，请检查并重新输入！");
         }
-        if (loginBase.getLoginMethod() == LoginMethodEnum.ORDINARY.getValue()
-                && !PasswordUtils.validatePassword(loginBase.getPassword(), user.getPassword())) {
+        boolean bool = PasswordUtils.validatePassword(loginBase.getAccount() + loginBase.getPassword(), user.getPassword(), user.getSalt());
+        if (loginBase.getLoginMethod() == LoginMethodEnum.ORDINARY.getValue() && !bool) {
             return HttpResult.error(HttpStatus.CODE_10301, "密码不正确，请检查并重新输入！");
         }
 

sckw-common/sckw-common-core/src/main/java/com/sckw/core/utils/PasswordUtils.java

@@ -1,56 +1,18 @@
 package com.sckw.core.utils;
 
-import com.alibaba.fastjson2.JSON;
-
 import java.security.MessageDigest;
-import java.util.UUID;
 
 /**
  * 密码工具类
- *
  * @author Louis
  * @date Sep 1, 2018
  */
 public class PasswordUtils {
     public static final int HASH_INTERATIONS = 1024;
     public static final int SALT_SIZE = 8;
-    public static final int SUB_LENGTH = 16;
-
-    /**
-     * 匹配密码
-     *
-     * @param salt    盐
-     * @param rawPass 明文
-     * @param encPass 密文
-     * @return
-     */
-    public static boolean matches(String salt, String rawPass, String encPass) {
-        return new EncryptionUtil(salt).matches(encPass, rawPass);
-    }
-
-    /**
-     * 明文密码加密
-     *
-     * @param rawPass 明文
-     * @param salt
-     * @return
-     */
-    public static String encode(String rawPass, String salt) {
-        return new EncryptionUtil(salt).encode(rawPass);
-    }
-
-    /**
-     * 获取加密盐
-     *
-     * @return
-     */
-    public static String getSalt() {
-        return UUID.randomUUID().toString().replaceAll("-", "").substring(0, 20);
-    }
 
     /**
      * MD5加密
-     *
      * @param inStr 明文
      * @return 32位密文
      */
@@ -78,9 +40,8 @@ public class PasswordUtils {
 
     /**
      * md5密码校验
-     *
-     * @param rawPass
-     * @param encPass
+     * @param rawPass 明文密码
+     * @param encPass 密文密码
      * @return
      */
     public static boolean matchesMD5(String rawPass, String encPass) {
@@ -92,49 +53,50 @@ public class PasswordUtils {
     }
 
     /**
-     * 生成安全的密码，生成随机的16位salt并经过1024次 sha-1 hash
+     * 截取密文密码生成盐
      */
-    public static String entryptPassword(String plainPassword) {
+    public static String generateSalt() {
         byte[] salt = Digests.generateSalt(SALT_SIZE);
-        byte[] hashPassword = Digests.sha1(plainPassword.getBytes(), salt, HASH_INTERATIONS);
-        return Encodes.encodeHex(salt) + Encodes.encodeHex(hashPassword);
+        return Encodes.encodeHex(salt);
     }
 
     /**
-     * 截取密文密码生成盐
+     * 生成安全的密码，生成随机的16位salt并经过1024次 sha-1 hash
+     * @param plainPassword 明文密码
+     * @param salt          盐
+     * @return 验证成功返回true
      */
-    public static String getSaltSubPwd(String password) {
-        return password.substring(0, SUB_LENGTH);
+    public static String entryptPassword(String plainPassword, String salt) {
+        byte[] saltByte = salt.getBytes();
+        byte[] hashPassword = Digests.sha1(plainPassword.getBytes(), saltByte, HASH_INTERATIONS);
+        return Encodes.encodeHex(saltByte) + Encodes.encodeHex(hashPassword);
     }
 
     /**
      * 验证密码
-     *
      * @param plainPassword 明文密码
      * @param password      密文密码
+     * @param salt          盐
      * @return 验证成功返回true
      */
-    public static boolean validatePassword(String plainPassword, String password) {
-        byte[] salt = Encodes.decodeHex(password.substring(0, SUB_LENGTH));
-        byte[] hashPassword = Digests.sha1(plainPassword.getBytes(), salt, HASH_INTERATIONS);
-        return password.equals(Encodes.encodeHex(salt) + Encodes.encodeHex(hashPassword));
+    public static boolean validatePassword(String plainPassword, String password, String salt) {
+        byte[] saltByte = salt.getBytes();
+        byte[] hashPassword = Digests.sha1(plainPassword.getBytes(), saltByte, HASH_INTERATIONS);
+        return password.equals(Encodes.encodeHex(saltByte) + Encodes.encodeHex(hashPassword));
     }
 
-    public static void main(String[] args) {
+    public static void main(String[] args) throws Exception {
+        String account = "admin";
+        String password = "123456";
+        String salt = generateSalt();
+        System.out.println(salt);
 
-        String password = PasswordUtils.entryptPassword(PasswordUtils.md5("18581845668"));
-        String md5 = PasswordUtils.md5("123456");
-        System.out.println(password);
-        System.out.println(md5);
-        System.out.println(validatePassword(md5, password));
-//        System.out.println(PasswordUtils.md5("czh"));
-//        System.out.println(PasswordUtils.entryptPassword(PasswordUtils.md5("czh")));
-        System.out.println(validatePassword(md5, "86e07d48c04c8a4bd9fe9dc819c608c43efda576b215995e9f138809"));
+        String md5 = PasswordUtils.md5(password);
+        String password1 = PasswordUtils.entryptPassword(account + md5, salt);
+        System.out.println(password1);
 
+        boolean bool = PasswordUtils.validatePassword(account + md5, password1, salt);
+        System.out.println(bool);
 
-        byte[] salt = Digests.generateSalt(SALT_SIZE);
-        byte[] hashPassword = Digests.sha1(md5.getBytes(), salt, HASH_INTERATIONS);
-        System.out.println(Encodes.encodeHex(salt));
-        System.out.println(Encodes.encodeHex(hashPassword));
     }
 }

sckw-modules-api/sckw-system-api/src/main/java/com/sckw/system/api/RemoteUserService.java

@@ -53,10 +53,12 @@ public interface RemoteUserService {
 
     /**
      * 校验密码
+     * @param account 入参传的账号
      * @param password 入参传的密码
      * @param currentPwd 当前用户的密码
+     * @param salt 当前用户的盐
      */
-    void checkPassword(String password, String currentPwd) throws SystemException;
+    void checkPassword(String account, String password, String currentPwd, String salt) throws SystemException;
 
     /**
      * 检验用户信息

sckw-modules-api/sckw-system-api/src/main/java/com/sckw/system/api/model/dto/res/KwsUserResDto.java

@@ -16,8 +16,6 @@ import java.util.Date;
 @Data
 public class KwsUserResDto implements Serializable {
 
-
-
     /**
      * 系统类型(1运营端、2企业开户)
      */
@@ -33,6 +31,11 @@ public class KwsUserResDto implements Serializable {
      */
     private String password;
 
+    /**
+     * 密码
+     */
+    private String salt;
+
     /**
      * 用户名
      */

sckw-modules/sckw-fleet/src/main/java/com/sckw/fleet/service/KwfDriverService.java

@@ -460,9 +460,10 @@ public class KwfDriverService {
             List<KwfDriver> drivers = driverDao.findDriver(new HashMap(){{ put("phone", params.getPhone()); }});
             if (CollectionUtils.isEmpty(drivers)) {
                 /**新增**/
+                String salt = PasswordUtils.generateSalt();
                 String md5 = PasswordUtils.md5(params.getPhone());
-                String password = PasswordUtils.entryptPassword(md5);
-                params.setSalt(PasswordUtils.getSaltSubPwd(password));
+                String password = PasswordUtils.entryptPassword(params.getPhone() + md5, salt);
+                params.setSalt(salt);
                 params.setPassword(password);
                 params.setEntId(LoginUserHolder.getEntId());
                 params.setBusinessStatus(Global.NO);
@@ -758,8 +759,10 @@ public class KwfDriverService {
         }
 
         /**更新数据**/
-        driver.setPassword(PasswordUtils.entryptPassword(params.getPassword()));
-        driver.setSalt(PasswordUtils.getSaltSubPwd(driver.getPassword()));
+        String salt = PasswordUtils.generateSalt();
+        String password = PasswordUtils.entryptPassword(driver.getPhone() + params.getPassword(), salt);
+        driver.setPassword(password);
+        driver.setSalt(salt);
         int count = driverDao.updateById(driver);
         return count > 0 ? HttpResult.ok("密码修改成功！") : HttpResult.error("密码修改失败！");
     }
@@ -796,6 +799,10 @@ public class KwfDriverService {
         }
 
         /**更新数据**/
+        String salt = PasswordUtils.generateSalt();
+        String password = PasswordUtils.entryptPassword(params.getPhone() + PasswordUtils.md5(params.getPhone()), salt);
+        driver.setPassword(password);
+        driver.setSalt(salt);
         driver.setPhone(params.getPhone());
         int count = driverDao.updateById(driver);
         return count > 0 ? HttpResult.ok("手机号更换成功！") : HttpResult.error("手机号更换失败！");
@@ -830,8 +837,10 @@ public class KwfDriverService {
         KwfDriver driver = drivers.get(Global.NUMERICAL_ZERO);
 
         /**更新数据**/
-        driver.setPassword(PasswordUtils.entryptPassword(params.getPassword()));
-        driver.setSalt(PasswordUtils.getSaltSubPwd(driver.getPassword()));
+        String salt = PasswordUtils.generateSalt();
+        String password = PasswordUtils.entryptPassword(driver.getPhone() + params.getPassword(), salt);
+        driver.setPassword(password);
+        driver.setSalt(salt);
         int count = driverDao.updateById(driver);
         return count > 0 ? HttpResult.ok("密码修改成功！") : HttpResult.error("密码修改失败！");
     }

sckw-modules/sckw-system/src/main/java/com/sckw/system/dubbo/RemoteUserServiceImpl.java

@@ -8,9 +8,7 @@ import com.sckw.core.model.page.PageHelperUtil;
 import com.sckw.core.model.page.PageResult;
 import com.sckw.core.utils.BeanUtils;
 import com.sckw.core.utils.CollectionUtils;
-import com.sckw.core.utils.PasswordUtils;
 import com.sckw.core.web.constant.HttpStatus;
-import com.sckw.core.web.context.LoginUserHolder;
 import com.sckw.system.api.RemoteUserService;
 import com.sckw.system.api.model.dto.req.*;
 import com.sckw.system.api.model.dto.res.*;
@@ -333,8 +331,8 @@ public class RemoteUserServiceImpl implements RemoteUserService {
     }
 
     @Override
-    public void checkPassword(String password, String currentPwd) throws SystemException {
-        kwsUserService.checkPassword(password, currentPwd);
+    public void checkPassword(String account, String password, String currentPwd, String salt) throws SystemException {
+        kwsUserService.checkPassword(account, password, currentPwd, salt);
     }
 
     @Override

sckw-modules/sckw-system/src/main/java/com/sckw/system/model/vo/res/KwsUserResVo.java

@@ -45,6 +45,11 @@ public class KwsUserResVo implements Serializable {
      */
     private String password;
 
+    /**
+     * 盐
+     */
+    private String salt;
+
     /**
      * 用户名
      */

sckw-modules/sckw-system/src/main/java/com/sckw/system/service/KwsUserService.java

@@ -251,15 +251,16 @@ public class KwsUserService {
      */
     private void fillPassword(KwsUser kwsUser) {
         //密码为空时，以登录名作为密码
+        String salt = PasswordUtils.generateSalt();
         String password;
         if (StringUtils.isBlank(kwsUser.getPassword())) {
-            password = PasswordUtils.entryptPassword(PasswordUtils.md5(kwsUser.getAccount()));
+            password = PasswordUtils.entryptPassword(kwsUser.getAccount() + PasswordUtils.md5(kwsUser.getAccount()), salt);
             kwsUser.setPassword(password);
         } else {
-            password = PasswordUtils.entryptPassword(kwsUser.getPassword());
+            password = PasswordUtils.entryptPassword(kwsUser.getAccount() + kwsUser.getPassword(), salt);
             kwsUser.setPassword(password);
         }
-        kwsUser.setSalt(PasswordUtils.getSaltSubPwd(password));
+        kwsUser.setSalt(salt);
     }
 
     /**
@@ -413,13 +414,15 @@ public class KwsUserService {
         KwsUser kwsUser = checkUserBase(reqVo.getId());
 
         //密码校验
+        String account = kwsUser.getAccount();
         String password = reqVo.getPassword();
         String currentPwd = kwsUser.getPassword();
-        checkPassword(password, currentPwd);
+        String salt = kwsUser.getSalt();
+        checkPassword(account, password, currentPwd, salt);
 
         //校验新密码是否可用
         String newPassword = reqVo.getNewPassword();
-        if (PasswordUtils.validatePassword(newPassword, currentPwd)) {
+        if (PasswordUtils.validatePassword(kwsUser.getAccount() + newPassword, currentPwd, kwsUser.getSalt())) {
             throw new SystemException(HttpStatus.CODE_10301, HttpStatus.PASSWD_REPEAT);
         }
 
@@ -428,8 +431,10 @@ public class KwsUserService {
     }
 
     private void updatePwd(String newPassword, KwsUser kwsUser) {
-        kwsUser.setPassword(PasswordUtils.entryptPassword(newPassword));
-        kwsUser.setSalt(PasswordUtils.getSaltSubPwd(kwsUser.getPassword()));
+        String salt = PasswordUtils.generateSalt();
+        String password = PasswordUtils.entryptPassword(kwsUser.getAccount() + newPassword, salt);
+        kwsUser.setPassword(password);
+        kwsUser.setSalt(salt);
         if (kwsUserDao.update(kwsUser) <= 0) {
             throw new SystemException(HttpStatus.CRUD_FAIL_CODE, HttpStatus.UPDATE_FAIL);
         }
@@ -485,8 +490,8 @@ public class KwsUserService {
      * @param password   入参传的密码
      * @param currentPwd 当前用户的密码
      */
-    public void checkPassword(String password, String currentPwd) {
-        if (!PasswordUtils.validatePassword(password, currentPwd)) {
+    public void checkPassword(String account, String password, String currentPwd, String salt) {
+        if (!PasswordUtils.validatePassword(account + password, currentPwd, salt)) {
             throw new SystemException(HttpStatus.CODE_10301, HttpStatus.PASSWD_ERROR);
         }
     }

sckw-modules/sckw-system/src/main/resources/bootstrap.yml

@@ -5,7 +5,7 @@ spring:
   application:
     name: sckw-system
   profiles:
-     active: ${DEPLOY_MODE:dev}
+    active: @profiles.active@
 #    active: dev
 #    active: test
   main: