diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java index 300f29be..74273107 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/IndexController.java @@ -1,7 +1,5 @@ package com.xxl.job.admin.controller; -import com.xxl.job.admin.annotation.PermissionLimit; -import com.xxl.job.admin.service.impl.LoginService; import com.xxl.job.admin.service.XxlJobService; import com.xxl.job.core.biz.model.ReturnT; import com.xxl.sso.core.annotation.XxlSso; @@ -12,9 +10,11 @@ import org.springframework.beans.propertyeditors.CustomDateEditor; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.WebDataBinder; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.InitBinder; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.servlet.ModelAndView; -import org.springframework.web.servlet.view.RedirectView; import java.text.SimpleDateFormat; import java.util.Date; @@ -29,8 +29,6 @@ public class IndexController { @Resource private XxlJobService xxlJobService; - @Resource - private LoginService loginService; @RequestMapping("/") @@ -48,44 +46,10 @@ public class IndexController { ReturnT> chartInfo = xxlJobService.chartInfo(startDate, endDate); return chartInfo; } - - @RequestMapping("/toLogin") - @PermissionLimit(limit=false) - public ModelAndView toLogin(HttpServletRequest request, HttpServletResponse response, ModelAndView modelAndView) { - if (loginService.ifLogin(request, response) != null) { - modelAndView.setView(new RedirectView("/",true,false)); - return modelAndView; - } - return new ModelAndView("login"); - } - - @RequestMapping(value="login", method=RequestMethod.POST) - @ResponseBody - @PermissionLimit(limit=false) - public ReturnT loginDo(HttpServletRequest request, - HttpServletResponse response, - @RequestParam("userName") String userName, - @RequestParam("password") String password, - @RequestParam(value = "ifRemember", required = false) String ifRemember){ - boolean ifRem = (ifRemember!=null && ifRemember.trim().length()>0 && "on".equals(ifRemember))?true:false; - return loginService.login(request, response, userName, password, ifRem); - } - - @RequestMapping(value="logout", method=RequestMethod.POST) - @ResponseBody - @PermissionLimit(limit=false) - public ReturnT logout(HttpServletRequest request, HttpServletResponse response){ - return loginService.logout(request, response); - } @RequestMapping("/help") public String help() { - - /*if (!PermissionInterceptor.ifLogin(request)) { - return "redirect:/toLogin"; - }*/ - return "help"; } diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobUserController.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobUserController.java index 1c719e24..3c41b2bb 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobUserController.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobUserController.java @@ -1,18 +1,18 @@ package com.xxl.job.admin.controller.biz; import com.xxl.job.admin.annotation.PermissionLimit; -import com.xxl.job.admin.web.interceptor.PermissionInterceptor; +import com.xxl.job.admin.mapper.XxlJobGroupDao; +import com.xxl.job.admin.mapper.XxlJobUserDao; import com.xxl.job.admin.model.XxlJobGroup; import com.xxl.job.admin.model.XxlJobUser; import com.xxl.job.admin.util.I18nUtil; -import com.xxl.job.admin.mapper.XxlJobGroupDao; -import com.xxl.job.admin.mapper.XxlJobUserDao; +import com.xxl.job.admin.web.interceptor.PermissionInterceptor; import com.xxl.job.core.biz.model.ReturnT; +import com.xxl.tool.encrypt.SHA256Tool; import jakarta.annotation.Resource; import jakarta.servlet.http.HttpServletRequest; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; -import org.springframework.util.DigestUtils; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; @@ -94,7 +94,8 @@ public class JobUserController { return new ReturnT(ReturnT.FAIL_CODE, I18nUtil.getString("system_lengh_limit")+"[4-20]" ); } // md5 password - xxlJobUser.setPassword(DigestUtils.md5DigestAsHex(xxlJobUser.getPassword().getBytes())); + String passwordHash = SHA256Tool.sha256(xxlJobUser.getPassword()); + xxlJobUser.setPassword(passwordHash); // check repeat XxlJobUser existUser = xxlJobUserDao.loadByUserName(xxlJobUser.getUsername()); @@ -125,7 +126,8 @@ public class JobUserController { return new ReturnT(ReturnT.FAIL_CODE, I18nUtil.getString("system_lengh_limit")+"[4-20]" ); } // md5 password - xxlJobUser.setPassword(DigestUtils.md5DigestAsHex(xxlJobUser.getPassword().getBytes())); + String passwordHash = SHA256Tool.sha256(xxlJobUser.getPassword()); + xxlJobUser.setPassword(passwordHash); } else { xxlJobUser.setPassword(null); } @@ -169,18 +171,18 @@ public class JobUserController { } // md5 password - String md5OldPassword = DigestUtils.md5DigestAsHex(oldPassword.getBytes()); - String md5Password = DigestUtils.md5DigestAsHex(password.getBytes()); + String oldPasswordHash = SHA256Tool.sha256(oldPassword); + String passwordHash = SHA256Tool.sha256(password); // valid old pwd XxlJobUser loginUser = PermissionInterceptor.getLoginUser(request); XxlJobUser existUser = xxlJobUserDao.loadByUserName(loginUser.getUsername()); - if (!md5OldPassword.equals(existUser.getPassword())) { + if (!oldPasswordHash.equals(existUser.getPassword())) { return ReturnT.ofFail(I18nUtil.getString("change_pwd_field_oldpwd") + I18nUtil.getString("system_unvalid")); } // write new - existUser.setPassword(md5Password); + existUser.setPassword(passwordHash); xxlJobUserDao.update(existUser); return ReturnT.ofSuccess(); diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/login/LoginController.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/login/LoginController.java new file mode 100644 index 00000000..e4304440 --- /dev/null +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/controller/login/LoginController.java @@ -0,0 +1,60 @@ +package com.xxl.job.admin.controller.login; + +import com.xxl.job.admin.annotation.PermissionLimit; +import com.xxl.job.admin.service.impl.LoginService; +import com.xxl.job.core.biz.model.ReturnT; +import jakarta.annotation.Resource; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.servlet.ModelAndView; +import org.springframework.web.servlet.view.RedirectView; + +/** + * index controller + * @author xuxueli 2015-12-19 16:13:16 + */ +@Controller +@RequestMapping("/auth") +public class LoginController { + + + @Resource + private LoginService loginService; + + + @RequestMapping("/toLogin") + @PermissionLimit(limit=false) + public ModelAndView toLogin(HttpServletRequest request, HttpServletResponse response, ModelAndView modelAndView) { + if (loginService.ifLogin(request, response) != null) { + modelAndView.setView(new RedirectView("/",true,false)); + return modelAndView; + } + return new ModelAndView("login"); + } + + @RequestMapping(value="/login", method=RequestMethod.POST) + @ResponseBody + @PermissionLimit(limit=false) + public ReturnT loginDo(HttpServletRequest request, + HttpServletResponse response, + @RequestParam("userName") String userName, + @RequestParam("password") String password, + @RequestParam(value = "ifRemember", required = false) String ifRemember){ + + boolean ifRem = (ifRemember!=null && ifRemember.trim().length()>0 && "on".equals(ifRemember))?true:false; + return loginService.login(request, response, userName, password, ifRem); + } + + @RequestMapping(value="/logout", method=RequestMethod.POST) + @ResponseBody + @PermissionLimit(limit=false) + public ReturnT logout(HttpServletRequest request, HttpServletResponse response){ + return loginService.logout(request, response); + } + +} diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/LoginService.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/LoginService.java index a12d6353..dd47d44e 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/LoginService.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/LoginService.java @@ -1,16 +1,16 @@ package com.xxl.job.admin.service.impl; +import com.xxl.job.admin.mapper.XxlJobUserDao; import com.xxl.job.admin.model.XxlJobUser; import com.xxl.job.admin.util.CookieUtil; import com.xxl.job.admin.util.I18nUtil; import com.xxl.job.admin.util.JacksonUtil; -import com.xxl.job.admin.mapper.XxlJobUserDao; import com.xxl.job.core.biz.model.ReturnT; +import com.xxl.tool.encrypt.SHA256Tool; import jakarta.annotation.Resource; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import org.springframework.stereotype.Service; -import org.springframework.util.DigestUtils; import java.math.BigInteger; @@ -57,8 +57,8 @@ public class LoginService { if (xxlJobUser == null) { return new ReturnT(500, I18nUtil.getString("login_param_unvalid")); } - String passwordMd5 = DigestUtils.md5DigestAsHex(password.getBytes()); - if (!passwordMd5.equals(xxlJobUser.getPassword())) { + String passwordHash = SHA256Tool.sha256(password); + if (!passwordHash.equals(xxlJobUser.getPassword())) { return new ReturnT(500, I18nUtil.getString("login_param_unvalid")); } diff --git a/xxl-job-admin/src/main/java/com/xxl/job/admin/web/interceptor/PermissionInterceptor.java b/xxl-job-admin/src/main/java/com/xxl/job/admin/web/interceptor/PermissionInterceptor.java index 8a6b0a9f..e27f1773 100644 --- a/xxl-job-admin/src/main/java/com/xxl/job/admin/web/interceptor/PermissionInterceptor.java +++ b/xxl-job-admin/src/main/java/com/xxl/job/admin/web/interceptor/PermissionInterceptor.java @@ -48,7 +48,7 @@ public class PermissionInterceptor implements AsyncHandlerInterceptor { XxlJobUser loginUser = loginService.ifLogin(request, response); if (loginUser == null) { response.setStatus(302); - response.setHeader("location", request.getContextPath()+"/toLogin"); + response.setHeader("location", request.getContextPath()+"/auth/toLogin"); return false; } if (needAdminuser && loginUser.getRole()!=1) { diff --git a/xxl-job-admin/src/main/resources/static/js/common.1.js b/xxl-job-admin/src/main/resources/static/js/common.1.js index 7b736fbc..55778c39 100644 --- a/xxl-job-admin/src/main/resources/static/js/common.1.js +++ b/xxl-job-admin/src/main/resources/static/js/common.1.js @@ -9,7 +9,7 @@ $(function(){ }, function(index){ layer.close(index); - $.post(base_url + "/logout", function(data, status) { + $.post(base_url + "/auth/logout", function(data, status) { if (data.code == "200") { layer.msg( I18n.logout_success ); setTimeout(function(){ @@ -135,7 +135,7 @@ $(function(){ layer.msg( I18n.change_pwd_suc_to_logout ); setTimeout(function(){ - $.post(base_url + "/logout", function(data, status) { + $.post(base_url + "/auth/logout", function(data, status) { if (data.code == 200) { window.location.href = base_url + "/"; } else { diff --git a/xxl-job-admin/src/main/resources/static/js/login.1.js b/xxl-job-admin/src/main/resources/static/js/login.1.js index ef409615..92fb57ef 100644 --- a/xxl-job-admin/src/main/resources/static/js/login.1.js +++ b/xxl-job-admin/src/main/resources/static/js/login.1.js @@ -46,7 +46,7 @@ $(function(){ element.parent('div').append(error); }, submitHandler : function(form) { - $.post(base_url + "/login", $("#loginForm").serialize(), function(data, status) { + $.post(base_url + "/auth/login", $("#loginForm").serialize(), function(data, status) { if (data.code == "200") { layer.msg( I18n.login_success ); setTimeout(function(){ diff --git a/xxl-job-admin/src/test/java/com/xxl/job/admin/controller/JobInfoControllerTest.java b/xxl-job-admin/src/test/java/com/xxl/job/admin/controller/JobInfoControllerTest.java index 01c1b3eb..638131de 100644 --- a/xxl-job-admin/src/test/java/com/xxl/job/admin/controller/JobInfoControllerTest.java +++ b/xxl-job-admin/src/test/java/com/xxl/job/admin/controller/JobInfoControllerTest.java @@ -21,7 +21,7 @@ public class JobInfoControllerTest extends AbstractSpringMvcTest { @BeforeEach public void login() throws Exception { MvcResult ret = mockMvc.perform( - post("/login") + post("/auth/login") .contentType(MediaType.APPLICATION_FORM_URLENCODED) .param("userName", "admin") .param("password", "123456")