!1038 防止修改密码时明文传输

Merge pull request !1038 from FunCoder/next

Admin.NET/Admin.NET.Core/Enum/ErrorCodeEnum.cs

@@ -27,6 +27,12 @@ public enum ErrorCodeEnum
     [ErrorCodeItemMetadata("账号不存在")]
     D0009,
 
+    /// <summary>
+    /// 账号或密码不存在
+    /// </summary>
+    [ErrorCodeItemMetadata("账号或密码错误")]
+    D0010,
+
     /// <summary>
     /// 密码不正确
     /// </summary>

Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs

@@ -80,7 +80,7 @@ public class SysAuthService : IDynamicApiController, ITransient
 
         // 账号是否存在
         var user = await _sysUserRep.AsQueryable().Includes(t => t.SysOrg).ClearFilter().FirstAsync(u => u.Account.Equals(input.Account));
-        _ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009);
+        _ = user ?? throw Oops.Oh(ErrorCodeEnum.D0010);
 
         // 账号是否被冻结
         if (user.Status == StatusEnum.Disable)
@@ -131,7 +131,7 @@ public class SysAuthService : IDynamicApiController, ITransient
             if (!user.Password.Equals(MD5Encryption.Encrypt(input.Password)))
             {
                 _sysCacheService.Set(keyErrorPasswordCount, ++errorPasswordCount, TimeSpan.FromMinutes(30));
-                throw Oops.Oh(ErrorCodeEnum.D1000);
+                throw Oops.Oh(ErrorCodeEnum.D0010);
             }
         }
         else
@@ -139,7 +139,7 @@ public class SysAuthService : IDynamicApiController, ITransient
             if (!CryptogramUtil.Decrypt(user.Password).Equals(input.Password))
             {
                 _sysCacheService.Set(keyErrorPasswordCount, ++errorPasswordCount, TimeSpan.FromMinutes(30));
-                throw Oops.Oh(ErrorCodeEnum.D1000);
+                throw Oops.Oh(ErrorCodeEnum.D0010);
             }
         }
     }
@@ -154,7 +154,7 @@ public class SysAuthService : IDynamicApiController, ITransient
     {
         // 账号是否存在
         var user = await _sysUserRep.GetFirstAsync(u => u.Id == _userManager.UserId);
-        _ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009);
+        _ = user ?? throw Oops.Oh(ErrorCodeEnum.D0010);
 
         // 国密SM2解密（前端密码传输SM2加密后的）
         password = CryptogramUtil.SM2Decrypt(password);
@@ -163,12 +163,12 @@ public class SysAuthService : IDynamicApiController, ITransient
         if (CryptogramUtil.CryptoType == CryptogramEnum.MD5.ToString())
         {
             if (!user.Password.Equals(MD5Encryption.Encrypt(password)))
-                throw Oops.Oh(ErrorCodeEnum.D1000);
+                throw Oops.Oh(ErrorCodeEnum.D0010);
         }
         else
         {
             if (!CryptogramUtil.Decrypt(user.Password).Equals(password))
-                throw Oops.Oh(ErrorCodeEnum.D1000);
+                throw Oops.Oh(ErrorCodeEnum.D0010);
         }
 
         return true;

Admin.NET/Admin.NET.Core/Service/User/Dto/UserInput.cs

@@ -117,8 +117,8 @@ public class ChangePwdInput
     /// <summary>
     /// 新密码
     /// </summary>
-    [Required(ErrorMessage = "新密码不能为空")]
-    [StringLength(20, MinimumLength = 5, ErrorMessage = "密码需要大于5个字符")]
+    [Required(ErrorMessage = "新密码不能为空"), MinLength(5, ErrorMessage = "密码需要大于5个字符")]
+    //[StringLength(20, MinimumLength = 5, ErrorMessage = "密码需要大于5个字符")]
     public string PasswordNew { get; set; }
 }
 

Admin.NET/Admin.NET.Core/Service/User/SysUserService.cs

@@ -269,6 +269,10 @@ public class SysUserService : IDynamicApiController, ITransient
     [DisplayName("修改用户密码")]
     public virtual async Task<int> ChangePwd(ChangePwdInput input)
     {
+        // 国密SM2解密（前端密码传输SM2加密后的）
+        input.PasswordOld = CryptogramUtil.SM2Decrypt(input.PasswordOld);
+        input.PasswordNew = CryptogramUtil.SM2Decrypt(input.PasswordNew);
+        //
         var user = await _sysUserRep.GetFirstAsync(u => u.Id == _userManager.UserId) ?? throw Oops.Oh(ErrorCodeEnum.D0009);
         if (CryptogramUtil.CryptoType == CryptogramEnum.MD5.ToString())
         {

Web/src/views/system/user/component/userCenter.vue

@@ -169,7 +169,7 @@ import { base64ToFile } from '/@/utils/base64Conver';
 import OrgTree from '/@/views/system/user/component/orgTree.vue';
 import CropperDialog from '/@/components/cropper/index.vue';
 import VueGridLayout from 'vue-grid-layout';
-
+import { sm2 } from 'sm-crypto-v2';
 import { clearAccessTokens, getAPI } from '/@/utils/axios-utils';
 import { SysFileApi, SysUserApi } from '/@/api-services/api';
 import { ChangePwdInput, SysUser, SysFile } from '/@/api-services/models';
@@ -290,7 +290,13 @@ const resetPassword = () => {
 const submitPassword = () => {
 	ruleFormPasswordRef.value?.validate(async (valid: boolean) => {
 		if (!valid) return;
-		await getAPI(SysUserApi).apiSysUserChangePwdPost(state.ruleFormPassword);
+		// SM2加密密码
+		const cpwd:ChangePwdInput={passwordOld:'',passwordNew:''};
+		const publicKey = `0484C7466D950E120E5ECE5DD85D0C90EAA85081A3A2BD7C57AE6DC822EFCCBD66620C67B0103FC8DD280E36C3B282977B722AAEC3C56518EDCEBAFB72C5A05312`;
+		cpwd.passwordOld = sm2.doEncrypt(state.ruleFormPassword.passwordOld, publicKey, 1);
+		cpwd.passwordNew = sm2.doEncrypt(state.ruleFormPassword.passwordNew, publicKey, 1);
+		//
+		await getAPI(SysUserApi).apiSysUserChangePwdPost(cpwd);
 		// 退出系统
 		ElMessageBox.confirm('密码已修改，是否重新登录系统？', '提示', {
 			confirmButtonText: '确定',