From 84f4cbd071ba4cf0177dd4e9387e4ecd5a069683 Mon Sep 17 00:00:00 2001 From: satan <11912823@mail.sustech.edu.cn> Date: Tue, 10 May 2022 00:52:06 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D[issue=201298](https://github?= =?UTF-8?q?.com/dataease/dataease/issues/1298)=20:"=E4=B8=AA=E4=BA=BA?= =?UTF-8?q?=E4=BF=A1=E6=81=AF=E5=BB=BA=E8=AE=AE=E5=8F=AF=E4=BB=A5=E4=BF=AE?= =?UTF-8?q?=E6=94=B9=E6=9F=90=E4=BA=9B=E5=AD=97=E6=AE=B5"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/sys/SysUserController.java | 17 +++++++++- .../dataease/service/sys/SysUserService.java | 24 +++++++++++++- frontend/src/api/system/user.js | 4 +-- .../src/views/system/user/privateForm.vue | 32 +++++++++++-------- 4 files changed, 60 insertions(+), 17 deletions(-) diff --git a/backend/src/main/java/io/dataease/controller/sys/SysUserController.java b/backend/src/main/java/io/dataease/controller/sys/SysUserController.java index b8bf7ecfd5..5cd12f259c 100644 --- a/backend/src/main/java/io/dataease/controller/sys/SysUserController.java +++ b/backend/src/main/java/io/dataease/controller/sys/SysUserController.java @@ -119,7 +119,22 @@ public class SysUserController { @ApiOperation("更新个人信息") @PostMapping("/updatePersonInfo") public void updatePersonInfo(@RequestBody SysUserCreateRequest request) { - sysUserService.updatePersonInfo(request); + Long userId = AuthUtils.getUser().getUserId(); + // 防止修改他人信息, 防止必填内容留空 + if (!request.getUserId().equals(userId) || request.getEmail() == null || request.getNickName() == null) { + throw new RuntimeException("内容不合法"); + } + // 再次验证,匹配格式 + if (!request.getPhone().isEmpty() && !request.getPhone().matches("^1[3|4|5|7|8][0-9]{9}$")) { + throw new RuntimeException("电话格式错误"); + } + if (!request.getEmail().matches("^[a-zA-Z0-9_._-]+@[a-zA-Z0-9_-]+(\\.[a-zA-Z0-9_-]+)+$")) { + throw new RuntimeException("邮箱格式错误"); + } + if (!(2 <= request.getNickName().length() && request.getNickName().length() <= 50)) { + throw new RuntimeException("姓名格式错误"); + } + sysUserService.updatePersonBasicInfo(request); } @ApiOperation("设置语言") diff --git a/backend/src/main/java/io/dataease/service/sys/SysUserService.java b/backend/src/main/java/io/dataease/service/sys/SysUserService.java index 259b4a5ffb..b9b2ed382a 100644 --- a/backend/src/main/java/io/dataease/service/sys/SysUserService.java +++ b/backend/src/main/java/io/dataease/service/sys/SysUserService.java @@ -208,6 +208,25 @@ public class SysUserService { } + /** + * 更新用户基本信息 + * 只允许修改 email, nickname, phone + * 防止此接口被恶意利用更改不允许更改的信息,新建SysUser对象并只设置部分值 + * @param request + * @return + */ + @CacheEvict(value = AuthConstants.USER_CACHE_NAME, key = "'user' + #request.userId") + @Transactional + public int updatePersonBasicInfo(SysUserCreateRequest request) { + SysUser user = new SysUser(); + long now = System.currentTimeMillis(); + user.setUserId(request.getUserId()); + user.setUpdateTime(now); + user.setEmail(request.getEmail()); + user.setNickName(request.getNickName()); + user.setPhone(request.getPhone()); + return sysUserMapper.updateByPrimaryKeySelective(user); + } @CacheEvict(value = AuthConstants.USER_CACHE_NAME, key = "'user' + #request.userId") public int updateStatus(SysUserStateRequest request) { @@ -218,7 +237,7 @@ public class SysUserService { } /** - * 修改用户密码清楚缓存 + * 修改用户密码清除缓存 * * @param request * @return @@ -235,6 +254,9 @@ public class SysUserService { } SysUser sysUser = new SysUser(); sysUser.setUserId(user.getUserId()); + if (!request.getNewPassword().matches("^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d).{8,30}$")) { + throw new RuntimeException("密码格式错误"); + } sysUser.setPassword(CodingUtil.md5(request.getNewPassword())); return sysUserMapper.updateByPrimaryKeySelective(sysUser); } diff --git a/frontend/src/api/system/user.js b/frontend/src/api/system/user.js index 63cacd59ad..3e4d895d24 100644 --- a/frontend/src/api/system/user.js +++ b/frontend/src/api/system/user.js @@ -68,7 +68,7 @@ export const editStatus = (data) => { }) } -export const persionInfo = () => { +export const personInfo = () => { return request({ url: pathMap.personInfoPath, method: 'post' @@ -133,4 +133,4 @@ export function existLdapUsers() { }) } -export default { editPassword, delUser, editUser, addUser, userLists, editStatus, persionInfo, updatePerson, updatePersonPwd, allRoles, roleGrid, ldapUsers, saveLdapUser, existLdapUsers } +export default { editPassword, delUser, editUser, addUser, userLists, editStatus, personInfo, updatePerson, updatePersonPwd, allRoles, roleGrid, ldapUsers, saveLdapUser, existLdapUsers } diff --git a/frontend/src/views/system/user/privateForm.vue b/frontend/src/views/system/user/privateForm.vue index fa465df3ce..39e3df7661 100644 --- a/frontend/src/views/system/user/privateForm.vue +++ b/frontend/src/views/system/user/privateForm.vue @@ -5,18 +5,18 @@