package com.yc.sdk.password.action; import com.alibaba.fastjson.JSON; import com.google.gson.JsonArray; import com.google.gson.JsonObject; import com.yc.action.BaseAction; import com.yc.action.execProc.ExecuteProcAction; import com.yc.action.login.LoginAction; import com.yc.api.bean.PwdBean; import com.yc.api.controller.ApiController; import com.yc.entity.DataSourceEntity; import com.yc.entity.UserAccountEntity; import com.yc.exception.CallBackMessage; import com.yc.factory.FactoryBean; import com.yc.multiData.MultiDataSource; import com.yc.multiData.SpObserver; import com.yc.sdk.shopping.util.SettingKey; import com.yc.service.BaseService; import com.yc.service.build.type.T_22_Ifc; import com.yc.service.demo.DemoIfc; import com.yc.service.user.UserAccountServiceIfc; import com.yc.utils.SessionKey; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.dao.DataAccessException; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.util.HashMap; import java.util.List; import java.util.Map; @Controller @RequestMapping("/changepwd.do") public class ChangePasswordAction extends BaseAction { @Autowired UserAccountServiceIfc userAccountService; @Autowired T_22_Ifc t22ifc ; @Autowired DemoIfc demoIfc; @Autowired ApiController apiController; Map demoList = MultiDataSource.getDataSourceMaps(); Map demoMap = new HashMap() ; /** * 限于用户自己修改密码 * @param request * @param response */ @RequestMapping(params = "m=owner") public void ChangeOwnerPwd(HttpServletRequest request,HttpServletResponse response) { HttpSession session = request.getSession(); String hostUrl = SettingKey.getHostUrl(request) ; String wxQueryString = SettingKey.getQueryStringByWx(request); boolean isSuccess = false ; String userCode = request.getParameter("usercode") ; if (userCode == null && session.getAttribute(SessionKey.USERCODE) != null) { userCode = (String)session.getAttribute(SessionKey.USERCODE) ; } if (userCode == null && session.getAttribute(SessionKey.HRCODE)!=null ) { userCode = (String)session.getAttribute(SessionKey.HRCODE) ; } JsonObject json = new JsonObject(); JsonObject errJson = new JsonObject(); JsonArray array=new JsonArray(); CallBackMessage callBackMessage=new CallBackMessage(); String enterCode = request.getParameter("entercode") ; String oldPasswordPlainText = request.getParameter("oldpwd") ; if (oldPasswordPlainText == null || "".equals(oldPasswordPlainText)) { //errJson.addProperty("oldpwd", "旧密码 必须输入!"); //json.add("error", errJson); callBackMessage.sendErrorMessage("旧密码 必须输入!"); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return; } String passwordPlainText = request.getParameter("pwd") ; if (passwordPlainText == null || "".equals(passwordPlainText)) { //errJson.addProperty("pwd","新密码 必须输入!" ) ; //json.add("error", errJson); //this.printJson(response, json.toString()); callBackMessage.sendErrorMessage("新密码 必须输入!"); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return; } if (passwordPlainText.indexOf("@") > 0 ) { // errJson.addProperty("pwd"," 新密码不能含有 @ 特殊字符,请重新录入!") ; // json.add("error", errJson); // this.printJson(response, json.toString()); callBackMessage.sendErrorMessage("新密码不能含有 @ 特殊字符,请重新录入!"); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return; } String pwdconfirm = request.getParameter("pwdconfirm") ; if (pwdconfirm == null || "".equals(pwdconfirm)) { // errJson.addProperty("pwdconfirm", "确认新密码 必须输入!"); // json.add("error", errJson); // this.printJson(response, json.toString()); callBackMessage.sendErrorMessage("确认新密码 必须输入!"); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return; } if (userCode.equals(passwordPlainText)) { // errJson.addProperty("pwd"," 新密码 不能与用户名相同!") ; // json.add("error", errJson); // this.printJson(response, json.toString()); callBackMessage.sendErrorMessage("新密码 不能与用户名相同!"); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return; } if ( ! passwordPlainText.equals(pwdconfirm)) { // errJson.addProperty("pwdconfirm", "【新密码】与【确认新密码】必须相同"); // json.add("error", errJson); // this.printJson(response, json.toString()); callBackMessage.sendErrorMessage("【新密码】与【确认新密码】必须相同"); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return; } String success = "修改密码成功" ; //String dbId = Maintaince.getDatabaseId(request); try { DataSourceEntity dataSourceEntity = MultiDataSource.getDataSourceMap( request) ; SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId());//切换数据源 UserAccountEntity userAccount = userAccountService.getUserInfoByUserCode(userCode); if (userAccount == null) { // errJson.addProperty("pwd", " 用户[" + userCode + "]不存在或已被停用,不允许修改密码[dbid:" +dataSourceEntity.getDbId() +"]!"); // json.add("error", errJson); // this.printJson(response, json.toString()); callBackMessage.sendErrorMessage( " 用户[" + userCode + "]不存在或已被停用,不允许修改密码[dbid:" +dataSourceEntity.getDbId() +"]!"); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return; } Integer pwdLength = userAccount.getPwdLength() ; if (pwdLength != null && !pwdLength.equals(0) && passwordPlainText.length() < pwdLength.intValue()) { // errJson.addProperty("pwd", "新密码太短,必须至少录入 " + pwdLength + " 字符!"); // json.add("error", errJson); // this.printJson(response, json.toString()); callBackMessage.sendErrorMessage("新密码太短,必须至少录入 " + pwdLength + " 字符!"); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return; } String oldPassword = ChangePassword.getDecryptPassword((String) userAccount.getPassword()) ; if (!oldPasswordPlainText.equals(oldPassword)) { // errJson.addProperty("oldpwd", "旧密码不正确!"); // json.add("error", errJson); // this.printJson(response, json.toString()); callBackMessage.sendErrorMessage("旧密码不正确!"); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return; } if ( userAccountService.checkPasswordComplexity(passwordPlainText)) { // errJson.addProperty("pwd", "新密码过于简单,建议:数字+字母,请重新录入!"); // json.add("error", errJson); // this.printJson(response, json.toString()); callBackMessage.sendErrorMessage("新密码过于简单,建议:数字+字母,请重新录入!"); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return; } // if ( userAccountService.checkPasswordHistory(userCode, passwordPlainText)) { // errJson.addProperty("pwd", "不能使用一年内使用过的密码!" ); // json.add("error", errJson); // this.printJson(response, json.toString()); // return; // } // Set> it = errJson.entrySet(); // if (!it.isEmpty() && it.size() != 0) { // json.add("error", errJson); // this.printJson(response, json.toString()); // // return; // } // String password = ChangePassword.getEncryptPassword(passwordPlainText) ; //保存新密码 PwdBean pwdBean=new PwdBean(); pwdBean.setTel(userAccount.getTel()); pwdBean.setNewPwd(password); JsonObject jsonObject = apiController.allInModifyUserPwd(pwdBean); success=jsonObject.get("status").getAsString(); }catch (DataAccessException e ) { e.printStackTrace(); // success = "修改密码失败,原因:" + e.getCause().getMessage() ; // JsonObject item = new JsonObject(); // item.addProperty("messagetxt",e.getCause().getMessage()); // array.add(item); // json.add("warning", array); // json.addProperty("success","修改密码失败" ); // // this.printJson(response, json.toString()); callBackMessage.sendErrorMessage("修改密码失败,原因:" + e.getCause().getMessage()); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return ; }catch (Exception e) { e.printStackTrace(); // success = "修改密码失败,原因:" + e.getMessage() ; // JsonObject item = new JsonObject(); // item.addProperty("messagetxt",e.getMessage()); // array.add(item); // json.add("warning", array); // json.addProperty("success","修改密码失败" ); // this.printJson(response, json.toString()); callBackMessage.sendErrorMessage("修改密码失败,原因:" + e.getCause().getMessage()); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return ; }finally { SpObserver.setDBtoInstance(); } String redirect = hostUrl + "/password/changepwdsuccess.jsp"+(wxQueryString == null||"".equals(wxQueryString)?"":"?" + wxQueryString); // json.add("warning", array); // json.addProperty("success",success ); // json.addProperty("redirect",redirect); callBackMessage.setMemo(success).setRedirect(redirect); callBackMessage.sendSuccessMessageByDefault(); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return ; } /** * 管理员为用户修改随机密码 * @param request * @param response */ @RequestMapping(params = "m=other") public void ChangeOtherPwd(HttpServletRequest request,HttpServletResponse response) { HttpSession session = request.getSession(); String formid = request.getParameter("formid"); CallBackMessage callBackMessage=new CallBackMessage(); if (formid == null) return; try { if (! ExecuteProcAction.hasPermisson( formid, request)) { this.printJson(response, callBackMessage.sendErrorMessage("抱歉!您没有执行" + formid + "功能号的权限.")); return; } } catch (Exception e) { this.printJson(response, callBackMessage.sendErrorMessage("抱歉!您没有执行" + formid + "功能号的权限.")); return; } String success = "" ; //String dbId = Maintaince.getDatabaseId(request); String userCode = null; Map map = null ; try { DataSourceEntity dataSourceEntity = MultiDataSource.getDataSourceMap( request) ; SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId());//切换数据源 //获取 参数集 map map = t22ifc.getParamMap(request); }catch (Exception e) { e.printStackTrace(); this.printJson(response,callBackMessage.sendErrorMessage(e.getCause()!=null? e.getCause().getMessage():e.getMessage())); return ; }finally { SpObserver.setDBtoInstance(); } try { if (map != null) { userCode = map.get("usercode") ; } }catch (Exception e) { e.printStackTrace(); success = "修改密码失败,原因:" +(e.getCause()!=null?e.getCause().getMessage(): e.getMessage()) ; this.printJson(response, callBackMessage.sendErrorMessage(success)); return ; } String enterCode = (session.getAttribute(SessionKey.HRCODE) == null ? "" : (String)session.getAttribute(SessionKey.HRCODE)); try { DataSourceEntity dataSourceEntity = MultiDataSource.getDataSourceMap( request) ; SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId());//切换数据源 UserAccountEntity userAccount = userAccountService.getUserInfoByUserCode(userCode); if (userAccount == null) { this.printJson(response, callBackMessage.sendErrorMessage(" 用户[" + userCode + "]不存在或已被停用,不允许修改密码[dbid:" +dataSourceEntity.getDbId() +"] !")); return; } String randomPassword = ChangePassword.getRandomPlainText() ; boolean hasUsed = userAccountService.checkPasswordHistory(userCode, randomPassword) ; //用循环的目的是防止生成 1 年内使用过的重复密码 while (true) { if (hasUsed) { randomPassword = ChangePassword.getRandomPlainText() ; hasUsed = userAccountService.checkPasswordHistory(userCode, randomPassword) ; continue ; }else { String result=null; String password = ChangePassword.getEncryptPassword( randomPassword) ; //保存新密码 PwdBean pwdBean=new PwdBean(); pwdBean.setTel(userAccount.getTel()); pwdBean.setNewPwd(password); JsonObject jsonObject = apiController.allInModifyUserPwd(pwdBean); result=jsonObject.get("status").getAsString(); if (result!=null) { success = "用户【"+userAccount.getUserName()+"】密码修改成功,请记住新密码【"+randomPassword + "】"; } else { success = "用户【"+userAccount.getUserName()+"】密码修改失败!" ; } break ; } } callBackMessage.setMemo(success); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return ; }catch (DataAccessException e ) { e.printStackTrace(); success = callBackMessage.sendErrorMessage("修改密码失败,原因:" + e.getCause()!=null? e.getCause().getMessage():e.getMessage() ); this.printJson(response, success); return ; }catch (Exception e) { e.printStackTrace(); success = callBackMessage.sendErrorMessage("修改密码失败,原因:" +e.getCause()!=null? e.getCause().getMessage():e.getMessage() ); this.printJson(response, success); return ; }finally { SpObserver.setDBtoInstance(); } } /** * 将密码明文改为密文 * @param request * @param response */ @RequestMapping(params = "m=encryptpwd") public void ChangePlainTextToPwd(HttpServletRequest request,HttpServletResponse response) { HttpSession session = request.getSession(); String enterCode = request.getParameter("usercode") ; demoMap.clear(); if (enterCode == null && session.getAttribute(SessionKey.USERCODE) != null) { enterCode = (String)session.getAttribute(SessionKey.USERCODE) ; } if (enterCode == null && session.getAttribute(SessionKey.HRCODE)!=null ) { enterCode = (String)session.getAttribute(SessionKey.HRCODE) ; } CallBackMessage callBackMessage=new CallBackMessage(); String success = "" ; try { boolean isContinue = true ; while (isContinue ) { DataSourceEntity dataSourceEntity = getDbSource() ; if (dataSourceEntity == null) { isContinue = false ; break ; } try { SpObserver.setDBtoInstance("_"+ dataSourceEntity.getDbId());//切换数据源 int changeSuccess = 0 ; List userList = userAccountService.getUserInfos() ; for (int i = 0 ;userList != null && i < userList.size();i++) { UserAccountEntity userAccount = userList.get(i) ; //密码长度小于 30 位的则认为是没有加密的密码 if (userAccount != null && userAccount.getPassword()!= null && userAccount.getPassword().length()<30 && ChangePassword.isEncryptPassword) { String password = ChangePassword.getEncryptPassword(userAccount.getPassword()) ; //保存新密码 PwdBean pwdBean=new PwdBean(); pwdBean.setTel(userAccount.getTel()); pwdBean.setNewPwd(password); JsonObject jsonObject = apiController.allInModifyUserPwd(pwdBean); String result=jsonObject.get("status").getAsString(); if (result!=null) { changeSuccess ++ ; }else{ success += "
数据源id为" +dataSourceEntity.getDbId()+"【" + dataSourceEntity.getSystemID() +"】,用户【"+userAccount.getUserName()+"】密码加密失败"; } } } success += "
数据源id为" +dataSourceEntity.getDbId()+"【" + dataSourceEntity.getSystemID() +"】,共有 " + (userList != null?userList.size():0) + "个用户,已成功加密"+ changeSuccess + " 个用户" ; }catch(Exception e){ e.printStackTrace(); success += "
正在更新数据源id为" +dataSourceEntity.getDbId()+"【" + dataSourceEntity.getSystemID() + "】账号密码加密时出错( ChangePassword )," + this.getClass()+",错误消息为:"+ (e.getCause() !=null?e.getCause().getMessage(): e.getMessage()); this.printJson(response, callBackMessage.sendErrorMessage(success)); return ; }finally { SpObserver.setDBtoInstance(); } } }catch(Exception e) { e.printStackTrace(); success += "
修改密码失败,原因:" + e.getMessage() ; this.printJson(response, callBackMessage.sendErrorMessage(success)); return ; } try { demoMap.clear(); SpObserver.setDBtoDemo();//切换数据源 boolean isContinue = true ; while (isContinue ) { DataSourceEntity dataSourceEntity = getDbSource() ; if (dataSourceEntity == null) { isContinue = false ; break ; } if (dataSourceEntity.getPassword()!=null && dataSourceEntity.getPassword().length() < 30) { String password = ChangePassword.getEncryptPassword(dataSourceEntity.getPassword()) ; //加密密码 dataSourceEntity.setPassword(password); demoIfc.updateDemo( dataSourceEntity) ; } } String sql = " set nocount on ; select UserId,Password from gProfile " ; BaseService baseService = (BaseService) FactoryBean.getBean("BaseService"); List> list = baseService.getSimpleJdbcTemplate().queryForList(sql) ; for (int i = 0 ;list != null && i < list.size();i++) { Integer userId = (Integer) list.get(i).get("UserId") ; String pwd = (String) list.get(i).get("Password") ; if (pwd != null && pwd.length() < 30) { String password = ChangePassword.getEncryptPassword(pwd) ; //加密密码 String sql2 = "set nocount on ; update gProfile set password=? where UserId=?;select @@rowcount;"; int result = baseService.getSimpleJdbcTemplate().queryForObject(sql2, Integer.class, password,userId); } } }catch(Exception e) { e.printStackTrace(); success += "
加密密码失败,原因:" + e.getMessage() ; this.printJson(response, callBackMessage.sendErrorMessage(success)); return ; }finally { SpObserver.setDBtoInstance(); } callBackMessage.setMemo(success).sendSuccessMessageByDefault(); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return ; } /** * 将密码密文改为明文 * @param request * @param response */ @RequestMapping(params = "m=decryptpwd") public void ChangePwdToPlainText(HttpServletRequest request,HttpServletResponse response) { HttpSession session = request.getSession(); String enterCode = request.getParameter("usercode") ; demoMap.clear(); if (enterCode == null && session.getAttribute(SessionKey.USERCODE) != null) { enterCode = (String)session.getAttribute(SessionKey.USERCODE) ; } if (enterCode == null && session.getAttribute(SessionKey.HRCODE)!=null ) { enterCode = (String)session.getAttribute(SessionKey.HRCODE) ; } String success = "" ; CallBackMessage callBackMessage=new CallBackMessage(); try { boolean isContinue = true ; while (isContinue ) { DataSourceEntity dataSourceEntity = getDbSource() ; if (dataSourceEntity == null) { isContinue = false ; break ; } try { SpObserver.setDBtoInstance("_"+ dataSourceEntity.getDbId());//切换数据源 int changeSuccess = 0 ; List userList = userAccountService.getUserInfos() ; for (int i = 0 ;userList != null && i < userList.size();i++) { UserAccountEntity userAccount = userList.get(i) ; //密码长度大于 30 位的则认为是加密的密码 if (userAccount != null && userAccount.getPassword()!= null && userAccount.getPassword().length()>30 && ChangePassword.isEncryptPassword) { try { String password = ChangePassword.getDecryptPassword(userAccount.getPassword()) ; //还原密码为明文 //保存新密码 PwdBean pwdBean=new PwdBean(); pwdBean.setTel(userAccount.getTel()); pwdBean.setNewPwd(password); JsonObject jsonObject = apiController.allInModifyUserPwd(pwdBean); String result=jsonObject.get("status").getAsString(); if (result!=null) { changeSuccess ++ ; }else{ success += "
数据源id为" +dataSourceEntity.getDbId()+"【" + dataSourceEntity.getSystemID() +"】,用户【"+userAccount.getUserName()+"】密码加密失败"; } }catch(Exception e) { System.out.println("解密用户密码出错了,用户名:"+ userAccount.getUserCode()); throw e ; } } } success += "
数据源id为" +dataSourceEntity.getDbId()+"【" + dataSourceEntity.getSystemID() +"】,共有 " + (userList != null?userList.size():0) + "个用户,已成功解密"+ changeSuccess + " 个用户" ; }catch(Exception e){ e.printStackTrace(); success += "
正在更新数据源id为" +dataSourceEntity.getDbId()+"【" + dataSourceEntity.getSystemID() + "】账号密码解密时出错( ChangePassword )," + this.getClass()+",错误消息为:"+e.getMessage(); this.printJson(response, callBackMessage.sendErrorMessage(success)); return ; }finally { SpObserver.setDBtoInstance(); } } }catch(Exception e) { e.printStackTrace(); success += "
修改密码失败,原因:" + e.getMessage() ; this.printJson(response, callBackMessage.sendErrorMessage(success)); return ; } try { demoMap.clear(); SpObserver.setDBtoDemo();//切换数据源 boolean isContinue = true ; while (isContinue ) { DataSourceEntity dataSourceEntity = getDbSource() ; if (dataSourceEntity == null) { isContinue = false ; break ; } if (dataSourceEntity.getPassword()!=null && dataSourceEntity.getPassword().length() > 30) { String password = ChangePassword.getDecryptPassword(dataSourceEntity.getPassword()) ; //还原密码为明文 dataSourceEntity.setPassword(password); demoIfc.updateDemo( dataSourceEntity) ; } } String sql = " set nocount on ; select UserId,Password from gProfile " ; BaseService baseService = (BaseService) FactoryBean.getBean("BaseService"); List> list = baseService.getSimpleJdbcTemplate().queryForList(sql) ; for (int i = 0 ;list != null && i < list.size();i++) { Integer userId = (Integer) list.get(i).get("UserId") ; String pwd = (String) list.get(i).get("Password") ; if (pwd != null && pwd.length() > 30) { String password = ChangePassword.getDecryptPassword(pwd) ; //还原密码为明文 String sql2 = "set nocount on ; update gProfile set password=? where UserId=?;select @@rowcount;"; int result = baseService.getSimpleJdbcTemplate().queryForObject(sql2, Integer.class, password,userId); } } }catch(Exception e) { e.printStackTrace(); success += "
修改密码失败,原因:" + e.getMessage() ; this.printJson(response, callBackMessage.sendErrorMessage(success)); return ; }finally { SpObserver.setDBtoInstance(); } callBackMessage.setMemo(success).sendSuccessMessageByDefault(); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); return ; } /** * 同步取数据源 * @return */ synchronized public DataSourceEntity getDbSource() { if (demoList == null || demoList.size() == 0) { return null ; } for (Map.Entry entry : demoList.entrySet()) { DataSourceEntity dataSourceEntity = entry.getValue(); if (demoMap.get(dataSourceEntity.getDbId()+"") != null ) { continue ; }else { demoMap.put(dataSourceEntity.getDbId()+"",dataSourceEntity.getDbId()) ; return dataSourceEntity; } } return null ; } /** * 切换成userid指定的用户,作自动登录,用作查看用户权限设置是否正确之用 * @param request * @param response */ @RequestMapping(params = "m=changeID") public void Change2OtherUserID(HttpServletRequest request,HttpServletResponse response) { HttpSession session = request.getSession(); JsonObject json = new JsonObject(); JsonObject errJson = new JsonObject(); String usercode=request.getParameter("param"); CallBackMessage callBackMessage=new CallBackMessage(); try { String dbid=(String) session.getAttribute(SessionKey.DATA_BASE_ID); SpObserver.setDBtoInstance("_"+dbid); if ("".equals(usercode) ){ // errJson.addProperty("userid"," 用户id不能为空!") ; // json.add("error", errJson); // this.printJson(response, json.toString()); this.printJson(response, callBackMessage.sendErrorMessage(" 用户id不能为空!")); return; } //调用登录接口 request.setAttribute("isch_userid", true); request.setAttribute("account", usercode); request.setAttribute("dataName", dbid); request.setAttribute("isone", dbid); LoginAction login=(LoginAction) FactoryBean.getBean("loginAction"); String info=login.login(request, response); callBackMessage.setMemo(info); this.printJson(response, JSON.toJSONString(callBackMessage.toJSONObject())); }finally { SpObserver.setDBtoInstance(); } } }