package com.ld.igds.sys.service; import com.bstek.bdf2.core.model.DefaultUser; import com.bstek.bdf2.core.orm.hibernate.HibernateDao; import com.bstek.dorado.data.provider.Page; import com.ld.igds.data.BaseParam; import com.ld.igds.sys.data.SysUserData; import com.ld.igds.sys.mapper.SysUserMapper; import com.ld.igds.util.ContextUtil; import org.apache.commons.lang.math.RandomUtils; import org.apache.commons.lang3.StringUtils; import org.hibernate.Query; import org.hibernate.Session; import org.springframework.security.authentication.encoding.PasswordEncoder; import org.springframework.stereotype.Repository; import javax.annotation.Resource; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @SuppressWarnings("deprecation") @Repository public class SysUserService extends HibernateDao { @Resource private SysUserMapper sysUserMapper; @Resource(name = "bdf2.passwordEncoder") private PasswordEncoder passwordEncoder; public void pageUser(Page page, Map param) throws Exception { String hql = " from " + DefaultUser.class.getName() + " where companyId=:companyId "; String countHql = " select count(*) " + hql; hql += " order by enabled desc,username"; Map args = new HashMap(); args.put("companyId", ContextUtil.getCompanyId()); this.pagingQuery(page, hql, countHql, args); } public String addUser(DefaultUser user) { // 判断是否重复 boolean b = this.userIsExists(user.getUsername()); if (b) { return "当前用户已经存在,不支持相同帐号录入!!"; } Session session = this.getSessionFactory().openSession(); try { if (null == user.getCreateDate()) { user.setCreateDate(new Date()); } String salt = String.valueOf(RandomUtils.nextInt(100)); String password = passwordEncoder.encodePassword( user.getPassword(), salt); user.setPassword(password); user.setSalt(salt); session.save(user); } catch (Exception e) { return "系统异常:" + e.getMessage(); } finally { session.flush(); session.close(); } return null; } public String updateUser(DefaultUser user) { Session session = this.getSessionFactory().openSession(); try { if (null == user.getCreateDate()) { user.setCreateDate(new Date()); } session.update(user); } catch (Exception e) { return "系统异常:" + e.getMessage(); } finally { session.flush(); session.close(); } return null; } public String resetPwd(String companyId, String username, String newPassword) { if (username.equals(companyId) && null == newPassword) return "系统管理员用户密码不允许被重置!"; if (null == newPassword) newPassword = "abc123"; String salt = String.valueOf(RandomUtils.nextInt(100)); String newPwd = passwordEncoder.encodePassword(newPassword, salt); String hql = " update " + DefaultUser.class.getName() + " set password=:newPwd,salt=:salt " + "where companyId=:companyId and username=:username"; Session session = this.getSessionFactory().openSession(); try { Query query = session.createQuery(hql); query.setString("newPwd", newPwd); query.setString("salt", salt); query.setString("companyId", companyId); query.setString("username", username); query.executeUpdate(); } catch (Exception e) { return "系统异常:" + e.getMessage(); } finally { session.flush(); session.close(); } return "新密码为:" + newPassword; } public boolean userIsExists(String username) { String hql = " from " + DefaultUser.class.getName() + " where username=:username "; Map args = new HashMap(); args.put("username", username); List list = this.query(hql, args); if (null == list || list.isEmpty()) { return false; } return true; } /** * 获取的用户必须是在职的 * * @param username * @return */ public DefaultUser loadUser(String username) { String hql = " from " + DefaultUser.class.getName() + " where username=:username"; Map args = new HashMap<>(); args.put("username", username); List list = this.query(hql, args); if (null == list || list.isEmpty()) return null; return list.get(0); } /** * @param username 登陆帐号 * @param inputPwd 输入的密码 * @param user 登陆的用户 * @return */ public boolean checkPassword(String username, String inputPwd, DefaultUser user) { return passwordEncoder.isPasswordValid(user.getPassword(), inputPwd, user.getSalt()); } public String updatePwd(Map param) { String username = (String) param.get("username"); String password = (String) param.get("password"); String newPassword = (String) param.get("newPassword"); String confirmPassword = (String) param.get("confirmPassword"); if (!newPassword.equals(confirmPassword)) { return "两次输入的新密码不一致,请确认!"; } if (password.equals(newPassword)) { return "新密码与旧密码一致,请修改!"; } DefaultUser user = loadUser(username); if (null == user) { return "系统检测到当前用户已不存在,无法执行修改!"; } boolean check = checkPassword(username, password, user); if (!check) { return "你输入的旧密码不正确,无法执行修改!"; } return resetPwd(user.getCompanyId(), username, newPassword); } public List loadUsers(Map param) { String hql = " from " + DefaultUser.class.getName() + " where companyId=:companyId "; Map args = new HashMap(); args.put("companyId", ContextUtil.getCompanyId()); String key = (String) param.get("key"); if (StringUtils.isNotEmpty(key)) { hql += "and (username like :key1 or cname like :key2)"; args.put("key1", "%" + key + "%"); args.put("key2", "%" + key + "%"); } List list = this.query(hql, args); if (null == list || list.isEmpty()) return null; return list; } public List queryUserList(BaseParam param) { return sysUserMapper.queryUserList(param); } }