gitee/mall4j
1
1
Fork 0
mirror of https://gitee.com/gz-yami/mall4j.git synced 2025-12-26 07:56:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

开源线上禁止体验用户修改admin的账号密码

Browse Source
This commit is contained in:
cl 2021-04-20 15:59:47 +08:00
parent d83f2382e6
commit 438a291989
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
yami-shop-sys/src/main/java/com/yami/shop/sys/controller/SysUserController.java
View File

@ -93,6 +93,11 @@ public class SysUserController {
public ResponseEntity<String> password(@RequestBody @Valid UpdatePasswordDto param){
Long userId = SecurityUtils.getSysUser().getUserId();
// 开源版代码禁止用户修改admin 的账号密码密码
// 正式使用时删除此部分代码即可
if (Objects.equals(1L,userId) && StrUtil.isNotBlank(param.getNewPassword())) {
throw new YamiShopBindException("禁止修改admin的账号密码");
}
SysUser dbUser = sysUserService.getSysUserById(userId);
if (!passwordEncoder.matches(param.getPassword(), dbUser.getPassword())) {
return ResponseEntity.badRequest().body("原密码不正确");
@ -164,6 +169,12 @@ public class SysUserController {
}else {
user.setPassword(passwordEncoder.encode(user.getPassword()));
}
// 开源版代码禁止用户修改admin 的账号密码密码
// 正式使用时删除此部分代码即可
boolean is = Objects.equals(1L,dbUser.getUserId()) && (StrUtil.isNotBlank(password) || !StrUtil.equals("admin",user.getUsername()));
if (is) {
throw new YamiShopBindException("禁止修改admin的账号密码");
}
sysUserService.updateUserAndUserRole(user);
return ResponseEntity.ok().build();
}