diff --git a/backend/src/main/java/io/dataease/controller/sys/SysUserController.java b/backend/src/main/java/io/dataease/controller/sys/SysUserController.java index b8bf7ecfd5..5cd12f259c 100644 --- a/backend/src/main/java/io/dataease/controller/sys/SysUserController.java +++ b/backend/src/main/java/io/dataease/controller/sys/SysUserController.java @@ -119,7 +119,22 @@ public class SysUserController { @ApiOperation("更新个人信息") @PostMapping("/updatePersonInfo") public void updatePersonInfo(@RequestBody SysUserCreateRequest request) { - sysUserService.updatePersonInfo(request); + Long userId = AuthUtils.getUser().getUserId(); + // 防止修改他人信息, 防止必填内容留空 + if (!request.getUserId().equals(userId) || request.getEmail() == null || request.getNickName() == null) { + throw new RuntimeException("内容不合法"); + } + // 再次验证,匹配格式 + if (!request.getPhone().isEmpty() && !request.getPhone().matches("^1[3|4|5|7|8][0-9]{9}$")) { + throw new RuntimeException("电话格式错误"); + } + if (!request.getEmail().matches("^[a-zA-Z0-9_._-]+@[a-zA-Z0-9_-]+(\\.[a-zA-Z0-9_-]+)+$")) { + throw new RuntimeException("邮箱格式错误"); + } + if (!(2 <= request.getNickName().length() && request.getNickName().length() <= 50)) { + throw new RuntimeException("姓名格式错误"); + } + sysUserService.updatePersonBasicInfo(request); } @ApiOperation("设置语言") diff --git a/backend/src/main/java/io/dataease/service/sys/SysUserService.java b/backend/src/main/java/io/dataease/service/sys/SysUserService.java index 259b4a5ffb..b9b2ed382a 100644 --- a/backend/src/main/java/io/dataease/service/sys/SysUserService.java +++ b/backend/src/main/java/io/dataease/service/sys/SysUserService.java @@ -208,6 +208,25 @@ public class SysUserService { } + /** + * 更新用户基本信息 + * 只允许修改 email, nickname, phone + * 防止此接口被恶意利用更改不允许更改的信息,新建SysUser对象并只设置部分值 + * @param request + * @return + */ + @CacheEvict(value = AuthConstants.USER_CACHE_NAME, key = "'user' + #request.userId") + @Transactional + public int updatePersonBasicInfo(SysUserCreateRequest request) { + SysUser user = new SysUser(); + long now = System.currentTimeMillis(); + user.setUserId(request.getUserId()); + user.setUpdateTime(now); + user.setEmail(request.getEmail()); + user.setNickName(request.getNickName()); + user.setPhone(request.getPhone()); + return sysUserMapper.updateByPrimaryKeySelective(user); + } @CacheEvict(value = AuthConstants.USER_CACHE_NAME, key = "'user' + #request.userId") public int updateStatus(SysUserStateRequest request) { @@ -218,7 +237,7 @@ public class SysUserService { } /** - * 修改用户密码清楚缓存 + * 修改用户密码清除缓存 * * @param request * @return @@ -235,6 +254,9 @@ public class SysUserService { } SysUser sysUser = new SysUser(); sysUser.setUserId(user.getUserId()); + if (!request.getNewPassword().matches("^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d).{8,30}$")) { + throw new RuntimeException("密码格式错误"); + } sysUser.setPassword(CodingUtil.md5(request.getNewPassword())); return sysUserMapper.updateByPrimaryKeySelective(sysUser); } diff --git a/frontend/src/api/system/user.js b/frontend/src/api/system/user.js index 63cacd59ad..3e4d895d24 100644 --- a/frontend/src/api/system/user.js +++ b/frontend/src/api/system/user.js @@ -68,7 +68,7 @@ export const editStatus = (data) => { }) } -export const persionInfo = () => { +export const personInfo = () => { return request({ url: pathMap.personInfoPath, method: 'post' @@ -133,4 +133,4 @@ export function existLdapUsers() { }) } -export default { editPassword, delUser, editUser, addUser, userLists, editStatus, persionInfo, updatePerson, updatePersonPwd, allRoles, roleGrid, ldapUsers, saveLdapUser, existLdapUsers } +export default { editPassword, delUser, editUser, addUser, userLists, editStatus, personInfo, updatePerson, updatePersonPwd, allRoles, roleGrid, ldapUsers, saveLdapUser, existLdapUsers } diff --git a/frontend/src/views/system/user/privateForm.vue b/frontend/src/views/system/user/privateForm.vue index fa465df3ce..39e3df7661 100644 --- a/frontend/src/views/system/user/privateForm.vue +++ b/frontend/src/views/system/user/privateForm.vue @@ -5,18 +5,18 @@
{{ $t('commons.personal_info') }}
- + - + - + - + @@ -33,9 +33,9 @@ :load-options="loadDepts" :auto-load-root-options="false" :placeholder="$t('user.choose_org')" - :noChildrenText="$t('commons.treeselect.no_children_text')" - :noOptionsText="$t('commons.treeselect.no_options_text')" - :noResultsText="$t('commons.treeselect.no_results_text')" + :no-children-text="$t('commons.treeselect.no_children_text')" + :no-options-text="$t('commons.treeselect.no_options_text')" + :no-results-text="$t('commons.treeselect.no_results_text')" /> @@ -56,10 +56,14 @@ /> - + + + 修改个人信息 + + + 保存 + 取消 +
@@ -81,7 +85,7 @@ import { PHONE_REGEX } from '@/utils/validate' import { LOAD_CHILDREN_OPTIONS, LOAD_ROOT_OPTIONS } from '@riophae/vue-treeselect' import { getDeptTree, treeByDeptId } from '@/api/system/dept' import { allRoles } from '@/api/system/user' -import { updatePerson, persionInfo } from '@/api/system/user' +import { updatePerson, personInfo } from '@/api/system/user' export default { components: { LayoutContent, Treeselect }, @@ -170,7 +174,7 @@ export default { methods: { queryPerson() { - persionInfo().then(res => { + personInfo().then(res => { const info = res.data this.form = info const roles = info.roles @@ -255,6 +259,8 @@ export default { reset() { this.formType = 'add' this.queryPerson() + // 清空表单提示 + this.$refs.createUserForm.clearValidate() }, save() { this.$refs.createUserForm.validate(valid => {