dao層
/**
* 查找用戶登錄問題
* @param username
* @return
*/
String selectQuestionByUsername(String username);
/**
* 校驗問題答案是否正確
* @param username
* @param question
* @param answer
* @return
*/
int checkAnswer(@Param("username") String username,@Param("question") String question,@Param("answer") String answer);
/**
* 忘記密碼中的重置密碼
* @param username
* @param passwordNew
* @return
*/
int updatePasswordByUsername(@Param("username") String username,@Param("passwordNew") String passwordNew);
/**
* 查找密碼檢測是否舊密碼
* @param password
* @return
*/
int checkPassword(@Param("password")String password,@Param("userId") Integer userId);
mybatis
<select id="selectQuestionByUsername" resultType="string" parameterType="string">
select
question
from mmall_user
where username=#{username}
</select>
<!--
多個參數要用map
-->
<select id="checkAnswer" resultType="int" parameterType="map">
SELECT
count(1)
where username=#{username}
and question=#{question}
and answer=#{answer}
</select>
<update id="updatePasswordByUsername" parameterType="map">
update mmall_user
set password=#{passwordNew},update_time=now()
where username=#{username}
</update>
<select id="checkPassword" resultType="int" parameterType="map">
select
count(1)
from mmall_user
where password=#{password}
and id=#{userId}
</select>
業務層接口
/**
* 查找問題
* @param username
* @return
*/
ServerResponse selectQuestion(String username);
/**
* 校驗用戶問題密碼是否正確
* @param username
* @param question
* @param answer
* @return
*/
ServerResponse<String> checkAnswer(String username,String question,String answer);
/**
* 忘記密碼中重置密碼
* @param username
* @param passwordNew
* @param forgetToken
* @return
*/
ServerResponse<String> forgetRestPassword(String username,String passwordNew,String forgetToken);
/**
* 舊密碼中重置密碼
* @param passwordOld
* @param passwordNew
* @param user
* @return
*/
ServerResponse<String> resetPassword(String passwordOld,String passwordNew,User user);
業務實現接口
public ServerResponse selectQuestion(String username){
ServerResponse validResponse=this.checkValid(username,Const.USERNAME);
if(validResponse.isSuccess()){
//用戶不存在
return ServerResponse.createByErrorMessage("用戶不存在");
}
String question=userMapper.selectQuestionByUsername(username);
if(StringUtils.isNotBlank(question)){
return ServerResponse.createBySuccess(question);
}
return ServerResponse.createByErrorMessage("找回密碼的問題是空的");
}
// public static void main(String[] args) {
// System.out.println(UUID.randomUUID().toString());
// }
public ServerResponse<String> checkAnswer(String username,String question,String answer){
int resultCount=userMapper.checkAnswer(username,question,answer);
if(resultCount >0 ){
//說明問題及問題答案是這個用戶的,並且是正確的
String forgetToken= UUID.randomUUID().toString();
TokenCache.setKey(TokenCache.TOKEN_PREFIX+username,forgetToken);
return ServerResponse.createBySuccess(forgetToken);
}
return ServerResponse.createByErrorMessage("問題的答案錯誤");
}
public ServerResponse<String> forgetRestPassword(String username,String passwordNew,String forgetToken){
if(StringUtils.isBlank(forgetToken)){
return ServerResponse.createByErrorMessage("參數錯誤,token需要傳遞");
}
ServerResponse validResponse=this.checkValid(username,Const.USERNAME);
if(validResponse.isSuccess()){
//用戶不存在
return ServerResponse.createByErrorMessage("用戶不存在");
}
String token=TokenCache.getKey(TokenCache.TOKEN_PREFIX+username);
if(StringUtils.isBlank(token)){
return ServerResponse.createByErrorMessage("token無效或者過期");
}
if(StringUtils.equals(forgetToken,token)){
String md5Password=MD5Util.MD5EncodeUtf8(passwordNew);
int rowCount=userMapper.updatePasswordByUsername(username,md5Password);
if(rowCount>0){
return ServerResponse.createBySuccessMessage("修改密碼成功");
}
}else {
return ServerResponse.createByErrorMessage("token錯誤,請重新獲取重置密碼的token");
}
return ServerResponse.createByErrorMessage("修改密碼失敗");
}
public ServerResponse<String> resetPassword(String passwordOld,String passwordNew,User user){
//防止橫向越權,要檢驗一下這個用戶的舊密碼,一定要指定是這個用戶,因爲我們會查詢一個count(1),如果不指定id,那麼結果就是true啦count>0;
int resultCount=userMapper.checkPassword(MD5Util.MD5EncodeUtf8(passwordOld),user.getId());
if(resultCount ==0){
return ServerResponse.createByErrorMessage("舊密碼錯誤");
}
user.setPassword(MD5Util.MD5EncodeUtf8(passwordNew));
int updateCount=userMapper.updateByPrimaryKeySelective(user);
if(updateCount>0){
return ServerResponse.createBySuccessMessage("密碼更新成功");
}
return ServerResponse.createByErrorMessage("密碼更新失敗");
}
controller層
/**
* 獲取用戶信息
* @param session
* @return
*/
@RequestMapping(value = "get_user_info.do",method = RequestMethod.GET)
@ResponseBody
public ServerResponse<User> getUserInfo(HttpSession session){
User user=(User) session.getAttribute(Const.CURRENT_USER);
if(user!=null){
return ServerResponse.createBySuccess(user);
}
return ServerResponse.createByErrorMessage("用戶未登錄");
}
/**
* 問題密碼獲取
* @param username
* @return
*/
@RequestMapping(value = "forget_get_question.do",method = RequestMethod.GET)
@ResponseBody
public ServerResponse<String> forgetGetQuestion(String username){
return iUserService.selectQuestion(username);
}
/**
* 校驗問題答案
* @param username
* @param question
* @param answer
* @return
*/
@RequestMapping(value = "forget_check_answer.do",method = RequestMethod.GET)
@ResponseBody
public ServerResponse<String> forgetCheckAnswer(String username,String question,String answer){
return iUserService.checkAnswer(username,question,answer);
}
/**
* 忘記密碼中的重置密碼
* @param username
* @param passwordNew
* @param forgetToken
* @return
*/
@RequestMapping(value = "forget_reset_password.do",method = RequestMethod.GET)
@ResponseBody
public ServerResponse<String> forgetRestPassword(String username,String passwordNew,String forgetToken){
return iUserService.forgetRestPassword(username,passwordNew,forgetToken);
}
/**
* 舊密碼重置密碼
* @param session
* @param passwordOld
* @param passwordNew
* @return
*/
@RequestMapping(value = "reset_password.do",method = RequestMethod.GET)
@ResponseBody
public ServerResponse<String> resetPassword(HttpSession session,String passwordOld,String passwordNew){
User user=(User)session.getAttribute(Const.CURRENT_USER);
if(user == null){
return ServerResponse.createByErrorMessage("用戶未登錄");
}
return iUserService.resetPassword(passwordOld,passwordNew,user);
}