From 767825c89d220941f730c61065285518408ca965 Mon Sep 17 00:00:00 2001
From: futian.liu <liufutianyoo@163.com>
Date: 星期三, 06 十二月 2023 14:20:07 +0800
Subject: [PATCH] 漏洞修复
---
consum-base/src/main/java/com/consum/base/controller/FinSysTenantUserController.java | 125 +++++++++++++++++++++--------------------
1 files changed, 65 insertions(+), 60 deletions(-)
diff --git a/consum-base/src/main/java/com/consum/base/controller/FinSysTenantUserController.java b/consum-base/src/main/java/com/consum/base/controller/FinSysTenantUserController.java
index 868cd29..8c26bf4 100644
--- a/consum-base/src/main/java/com/consum/base/controller/FinSysTenantUserController.java
+++ b/consum-base/src/main/java/com/consum/base/controller/FinSysTenantUserController.java
@@ -18,7 +18,6 @@
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
@@ -34,6 +33,7 @@
import com.consum.base.pojo.FinSysTenantUserSearchParam;
import com.consum.base.pojo.FinSysTenantUserUpdParam;
import com.consum.base.pojo.ImportUserParam;
+import com.consum.base.pojo.request.FinSysTenantUserParam;
import com.consum.base.pojo.response.DepartmentVO;
import com.consum.base.pojo.response.FinSysTenantUserVO;
import com.consum.base.pojo.response.FinSysTenantVO;
@@ -205,43 +205,45 @@
@PostMapping("/add")
@Transactional(rollbackFor = Exception.class)
public ResponseValue add() {
- FinSysTenantUser user = CommonUtil.getObjFromReqBody(FinSysTenantUser.class);
- FinSysTenantUser formInventoryParam = new FinSysTenantUser();
- CommonUtil.copyProperties(user, formInventoryParam);
- user = formInventoryParam;
- if (user == null) {
+ FinSysTenantUserParam user = CommonUtil.getObjFromReqBody(FinSysTenantUserParam.class);
+ FinSysTenantUser tenantUser = new FinSysTenantUser();
+ CommonUtil.copyProperties(user, tenantUser);
+
+ if (tenantUser == null) {
return ResponseValue.error("鍙傛暟涓虹┖");
}
// 鏍规嵁鍛樺伐缂栧彿鏌ヨ锛屽鏋滃瓨鍦ㄥ垯鎻愮ず
- if (finSysTenantUserService.getByUserCode(user.getUserCode()) != null
- && finSysTenantUserService.getByUserCode(user.getUserCode()) > 0) {
+ if (finSysTenantUserService.getByUserCode(tenantUser.getUserCode()) != null
+ && finSysTenantUserService.getByUserCode(tenantUser.getUserCode()) > 0) {
return ResponseValue.error("鍛樺伐缂栧彿閲嶅");
}
- if (user.getTenantId() == null || "".equals(user.getTenantId()) || new Integer(user.getTenantId()) == 0) {
+
+ if (StringUtils.isEmpty(tenantUser.getTenantId()) || "0".equals(tenantUser.getTenantId())) {
return ResponseValue.error("娣诲姞鏃惰閫夋嫨鍖哄幙");
}
- if (user.getTenantCode() == null || "".equals(user.getTenantCode()) || new Integer(user.getTenantCode()) == 0) {
+
+ if (StringUtils.isEmpty(tenantUser.getTenantCode()) || "0".equals(tenantUser.getTenantCode())) {
return ResponseValue.error("娣诲姞鏃惰閫夋嫨鍖哄幙");
}
// 鎻掑叆绯荤粺鐢ㄦ埛
- user.setId(NumberGenerator.getLongSequenceNumber());
- user.setCreateTime(DateUtils.getDateTimeNumber(System.currentTimeMillis()));
- user.setCreateBy(this.getCurrentUser().getUser_name());
- user.setUpdateTime(DateUtils.getDateTimeNumber(System.currentTimeMillis()));
- user.setUpdateBy(this.getCurrentUser().getUser_name());
+ tenantUser.setId(NumberGenerator.getLongSequenceNumber());
+ tenantUser.setCreateTime(DateUtils.getDateTimeNumber(System.currentTimeMillis()));
+ tenantUser.setCreateBy(this.getCurrentUser().getUser_name());
+ tenantUser.setUpdateTime(DateUtils.getDateTimeNumber(System.currentTimeMillis()));
+ tenantUser.setUpdateBy(this.getCurrentUser().getUser_name());
// user.setStatus(1);// 0绂佺敤 1鍚敤
- user.setIsDelete(0);
- user.setSysUserId(NumberGenerator.getLongSequenceNumber());
+ tenantUser.setIsDelete(0);
+ tenantUser.setSysUserId(NumberGenerator.getLongSequenceNumber());
// 鍔犲瘑鎵嬫満鍙�
String key = PlatformRSAUtils.AES_KEY;
String encPhone = "";
- if (user.getUserPhone() != null) {
- encPhone = AESUtils.encryptStrAES(user.getUserPhone(), key);
+ if (tenantUser.getUserPhone() != null) {
+ encPhone = AESUtils.encryptStrAES(tenantUser.getUserPhone(), key);
}
- user.setUserPhone(encPhone);
+ tenantUser.setUserPhone(encPhone);
// 鎬庝箞鑾峰彇宸︿晶鏈烘瀯鏍戞暟鎹�
- user.setSysDeptId(3L); // 瀵瑰簲骞冲彴鏈烘瀯id 榛樿涓哄钩鍙扮鐞�
- this.finSysTenantUserService.insert(user);
+ tenantUser.setSysDeptId(3L); // 瀵瑰簲骞冲彴鏈烘瀯id 榛樿涓哄钩鍙扮鐞�
+ this.finSysTenantUserService.insert(tenantUser);
// 鎻掑叆骞冲彴鐢ㄦ埛
S_user_core userCore = new S_user_core();
userCore.setId(user.getSysUserId());
@@ -484,22 +486,21 @@
@PostMapping("/update")
@Transactional(rollbackFor = Exception.class)
public ResponseValue update() {
- FinSysTenantUser user = CommonUtil.getObjFromReqBody(FinSysTenantUser.class);
- FinSysTenantUser formInventoryParam = new FinSysTenantUser();
- CommonUtil.copyProperties(user, formInventoryParam);
- user = formInventoryParam;
+ FinSysTenantUserParam user = CommonUtil.getObjFromReqBody(FinSysTenantUserParam.class);
+ FinSysTenantUser tenantUser = new FinSysTenantUser();
+ CommonUtil.copyProperties(user, tenantUser);
- if (user == null) {
+ if (tenantUser == null) {
return ResponseValue.error("鍙傛暟涓虹┖");
}
String key = PlatformRSAUtils.AES_KEY;
String encPhone = "";
- if (user.getUserPhone() != null) {
- encPhone = AESUtils.encryptStrAES(user.getUserPhone(), key);
+ if (tenantUser.getUserPhone() != null) {
+ encPhone = AESUtils.encryptStrAES(tenantUser.getUserPhone(), key);
}
- user.setUserPhone(encPhone);
+ tenantUser.setUserPhone(encPhone);
// 1.鏇存柊绯荤粺鐢ㄦ埛 FIN_SYS_TENANT_USER
- finSysTenantUserService.update(user);
+ finSysTenantUserService.update(tenantUser);
// 2.鏇存柊骞冲彴鐢ㄦ埛 S_USER_CORE
S_user_core userCore = new S_user_core();
userCore.setId(user.getSysUserId());
@@ -543,15 +544,14 @@
@PostMapping("/updateStatus")
@Transactional(rollbackFor = Exception.class)
public ResponseValue updateStatus() {
- FinSysTenantUser user = CommonUtil.getObjFromReqBody(FinSysTenantUser.class);
- FinSysTenantUser formInventoryParam = new FinSysTenantUser();
- CommonUtil.copyProperties(user, formInventoryParam);
- user = formInventoryParam;
- if (user == null) {
+ FinSysTenantUserParam user = CommonUtil.getObjFromReqBody(FinSysTenantUserParam.class);
+ FinSysTenantUser tenantUser = new FinSysTenantUser();
+ CommonUtil.copyProperties(user, tenantUser);
+ if (tenantUser == null) {
return ResponseValue.error("鍙傛暟涓虹┖");
}
// 1.鏇存柊绯荤粺鐢ㄦ埛 FIN_SYS_TENANT_USER 搴旇鏄煡璇� 鐒跺悗鍙敼鐘舵��
- List<FinSysTenantUser> select = finSysTenantUserService.select(new FinSysTenantUser(user.getId()));
+ List<FinSysTenantUser> select = finSysTenantUserService.select(new FinSysTenantUser(tenantUser.getId()));
if (select == null || select.size() == 0) {
return ResponseValue.error("鐢ㄦ埛涓嶅瓨鍦�");
}
@@ -580,15 +580,20 @@
* @Date 2023/7/17 14:36
*/
@PostMapping("/defaultPassword")
- public ResponseValue defaultPassword(@RequestBody FinSysTenantUser finSysTenantUser) {
- if (finSysTenantUser == null) {
+ public ResponseValue defaultPassword() {
+ FinSysTenantUserParam user = CommonUtil.getObjFromReqBody(FinSysTenantUserParam.class);
+ FinSysTenantUserParam tenantUser = new FinSysTenantUserParam();
+ CommonUtil.copyProperties(user, tenantUser);
+ user = tenantUser;
+
+ if (Objects.isNull(user)) {
return ResponseValue.error("鐢ㄦ埛淇℃伅涓嶅瓨鍦�");
}
// 鍒濆鍖栧瘑鐮� 123456
String stringValue = this.getArgumentVariable(ArgumentsConstants.KEY_SECURITY_PASSWORD_INIT).getStringValue();// 瀵嗘枃
// 1. 淇敼鐢ㄦ埛琛�
// 鐢ㄦ埛琛╥d
- Long sysUserId = finSysTenantUser.getSysUserId();
+ Long sysUserId = user.getSysUserId();
S_user_core userCore = new S_user_core();
userCore.setId(sysUserId);
userCore.setPassword(stringValue);
@@ -678,10 +683,10 @@
*/
@PostMapping("/updRole")
public ResponseValue updRole() {
- FinSysTenantUser user = CommonUtil.getObjFromReqBody(FinSysTenantUser.class);
- FinSysTenantUser finSysTenantParam = new FinSysTenantUser();
- CommonUtil.copyProperties(user, finSysTenantParam);
- user = finSysTenantParam;
+ FinSysTenantUserParam user = CommonUtil.getObjFromReqBody(FinSysTenantUserParam.class);
+ FinSysTenantUserParam tenantUser = new FinSysTenantUserParam();
+ CommonUtil.copyProperties(user, tenantUser);
+ user = tenantUser;
if (user == null) {
return ResponseValue.error("鍙傛暟涓虹┖");
@@ -707,10 +712,10 @@
@PostMapping("/addSupplier")
@Transactional(rollbackFor = Exception.class)
public ResponseValue addSupplier() {
- FinSysTenantUser user = CommonUtil.getObjFromReqBody(FinSysTenantUser.class);
- FinSysTenantUser finSysTenantParam = new FinSysTenantUser();
- CommonUtil.copyProperties(user, finSysTenantParam);
- user = finSysTenantParam;
+ FinSysTenantUserParam userParam = CommonUtil.getObjFromReqBody(FinSysTenantUserParam.class);
+ FinSysTenantUser user = new FinSysTenantUser();
+ CommonUtil.copyProperties(userParam, user);
+
if (user == null) {
return ResponseValue.error("鍙傛暟涓虹┖");
}
@@ -823,31 +828,31 @@
@PostMapping("/updatePerson")
@Transactional(rollbackFor = Exception.class)
public ResponseValue updatePerson() {
- FinSysTenantUser user = CommonUtil.getObjFromReqBody(FinSysTenantUser.class);
- FinSysTenantUser finSysTenantParam = new FinSysTenantUser();
- CommonUtil.copyProperties(user, finSysTenantParam);
- user = finSysTenantParam;
- if (user == null) {
+ FinSysTenantUserParam userParam = CommonUtil.getObjFromReqBody(FinSysTenantUserParam.class);
+ FinSysTenantUserParam tenantUser = new FinSysTenantUserParam();
+ CommonUtil.copyProperties(userParam, tenantUser);
+ userParam = tenantUser;
+ if (userParam == null) {
return ResponseValue.error("鍙傛暟涓虹┖");
}
FinSysTenantUser sysInfo = getSysInfo();
if (sysInfo == null) {
return ResponseValue.error("鐢ㄦ埛淇℃伅涓嶅瓨鍦�");
}
- String avatar = user.getAvatar();
+ String avatar = userParam.getAvatar();
if (!picFormatArr.contains(avatar.substring(avatar.lastIndexOf(".")))) {
return ResponseValue.error("澶村儚鏍煎紡涓嶅厑璁�");
}
FinSysTenantUser updUser = new FinSysTenantUser();
updUser.setId(sysInfo.getId());
- updUser.setAvatar(user.getAvatar());
- updUser.setEmail(user.getEmail());
- updUser.setUserName(user.getUserName());
- updUser.setSex(user.getSex());
+ updUser.setAvatar(userParam.getAvatar());
+ updUser.setEmail(userParam.getEmail());
+ updUser.setUserName(userParam.getUserName());
+ updUser.setSex(userParam.getSex());
String encPhone = "";
- if (user.getUserPhone() != null) {
+ if (userParam.getUserPhone() != null) {
String key = PlatformRSAUtils.AES_KEY;
- encPhone = AESUtils.encryptStrAES(user.getUserPhone(), key);
+ encPhone = AESUtils.encryptStrAES(userParam.getUserPhone(), key);
}
updUser.setUserPhone(encPhone);
// 1.鏇存柊绯荤粺鐢ㄦ埛 FIN_SYS_TENANT_USER
--
Gitblit v1.9.1