dao层
/**
* 查找用户登录问题
* @param username
* @return
*/
String selectQuestionByUsername(String username);
/**
* 校验问题答案是否正确
* @param username
* @param question
* @param answer
* @return
*/
int checkAnswer(@Param("username") String username,@Param("question") String question,@Param("answer") String answer);
/**
* 忘记密码中的重置密码
* @param username
* @param passwordNew
* @return
*/
int updatePasswordByUsername(@Param("username") String username,@Param("passwordNew") String passwordNew);
/**
* 查找密码检测是否旧密码
* @param password
* @return
*/
int checkPassword(@Param("password")String password,@Param("userId") Integer userId);
mybatis
<select id="selectQuestionByUsername" resultType="string" parameterType="string">
select
question
from mmall_user
where username=#{username}
</select>
<!--
多个参数要用map
-->
<select id="checkAnswer" resultType="int" parameterType="map">
SELECT
count(1)
where username=#{username}
and question=#{question}
and answer=#{answer}
</select>
<update id="updatePasswordByUsername" parameterType="map">
update mmall_user
set password=#{passwordNew},update_time=now()
where username=#{username}
</update>
<select id="checkPassword" resultType="int" parameterType="map">
select
count(1)
from mmall_user
where password=#{password}
and id=#{userId}
</select>
业务层接口
/**
* 查找问题
* @param username
* @return
*/
ServerResponse selectQuestion(String username);
/**
* 校验用户问题密码是否正确
* @param username
* @param question
* @param answer
* @return
*/
ServerResponse<String> checkAnswer(String username,String question,String answer);
/**
* 忘记密码中重置密码
* @param username
* @param passwordNew
* @param forgetToken
* @return
*/
ServerResponse<String> forgetRestPassword(String username,String passwordNew,String forgetToken);
/**
* 旧密码中重置密码
* @param passwordOld
* @param passwordNew
* @param user
* @return
*/
ServerResponse<String> resetPassword(String passwordOld,String passwordNew,User user);
业务实现接口
public ServerResponse selectQuestion(String username){
ServerResponse validResponse=this.checkValid(username,Const.USERNAME);
if(validResponse.isSuccess()){
//用户不存在
return ServerResponse.createByErrorMessage("用户不存在");
}
String question=userMapper.selectQuestionByUsername(username);
if(StringUtils.isNotBlank(question)){
return ServerResponse.createBySuccess(question);
}
return ServerResponse.createByErrorMessage("找回密码的问题是空的");
}
// public static void main(String[] args) {
// System.out.println(UUID.randomUUID().toString());
// }
public ServerResponse<String> checkAnswer(String username,String question,String answer){
int resultCount=userMapper.checkAnswer(username,question,answer);
if(resultCount >0 ){
//说明问题及问题答案是这个用户的,并且是正确的
String forgetToken= UUID.randomUUID().toString();
TokenCache.setKey(TokenCache.TOKEN_PREFIX+username,forgetToken);
return ServerResponse.createBySuccess(forgetToken);
}
return ServerResponse.createByErrorMessage("问题的答案错误");
}
public ServerResponse<String> forgetRestPassword(String username,String passwordNew,String forgetToken){
if(StringUtils.isBlank(forgetToken)){
return ServerResponse.createByErrorMessage("参数错误,token需要传递");
}
ServerResponse validResponse=this.checkValid(username,Const.USERNAME);
if(validResponse.isSuccess()){
//用户不存在
return ServerResponse.createByErrorMessage("用户不存在");
}
String token=TokenCache.getKey(TokenCache.TOKEN_PREFIX+username);
if(StringUtils.isBlank(token)){
return ServerResponse.createByErrorMessage("token无效或者过期");
}
if(StringUtils.equals(forgetToken,token)){
String md5Password=MD5Util.MD5EncodeUtf8(passwordNew);
int rowCount=userMapper.updatePasswordByUsername(username,md5Password);
if(rowCount>0){
return ServerResponse.createBySuccessMessage("修改密码成功");
}
}else {
return ServerResponse.createByErrorMessage("token错误,请重新获取重置密码的token");
}
return ServerResponse.createByErrorMessage("修改密码失败");
}
public ServerResponse<String> resetPassword(String passwordOld,String passwordNew,User user){
//防止横向越权,要检验一下这个用户的旧密码,一定要指定是这个用户,因为我们会查询一个count(1),如果不指定id,那么结果就是true啦count>0;
int resultCount=userMapper.checkPassword(MD5Util.MD5EncodeUtf8(passwordOld),user.getId());
if(resultCount ==0){
return ServerResponse.createByErrorMessage("旧密码错误");
}
user.setPassword(MD5Util.MD5EncodeUtf8(passwordNew));
int updateCount=userMapper.updateByPrimaryKeySelective(user);
if(updateCount>0){
return ServerResponse.createBySuccessMessage("密码更新成功");
}
return ServerResponse.createByErrorMessage("密码更新失败");
}
controller层
/**
* 获取用户信息
* @param session
* @return
*/
@RequestMapping(value = "get_user_info.do",method = RequestMethod.GET)
@ResponseBody
public ServerResponse<User> getUserInfo(HttpSession session){
User user=(User) session.getAttribute(Const.CURRENT_USER);
if(user!=null){
return ServerResponse.createBySuccess(user);
}
return ServerResponse.createByErrorMessage("用户未登录");
}
/**
* 问题密码获取
* @param username
* @return
*/
@RequestMapping(value = "forget_get_question.do",method = RequestMethod.GET)
@ResponseBody
public ServerResponse<String> forgetGetQuestion(String username){
return iUserService.selectQuestion(username);
}
/**
* 校验问题答案
* @param username
* @param question
* @param answer
* @return
*/
@RequestMapping(value = "forget_check_answer.do",method = RequestMethod.GET)
@ResponseBody
public ServerResponse<String> forgetCheckAnswer(String username,String question,String answer){
return iUserService.checkAnswer(username,question,answer);
}
/**
* 忘记密码中的重置密码
* @param username
* @param passwordNew
* @param forgetToken
* @return
*/
@RequestMapping(value = "forget_reset_password.do",method = RequestMethod.GET)
@ResponseBody
public ServerResponse<String> forgetRestPassword(String username,String passwordNew,String forgetToken){
return iUserService.forgetRestPassword(username,passwordNew,forgetToken);
}
/**
* 旧密码重置密码
* @param session
* @param passwordOld
* @param passwordNew
* @return
*/
@RequestMapping(value = "reset_password.do",method = RequestMethod.GET)
@ResponseBody
public ServerResponse<String> resetPassword(HttpSession session,String passwordOld,String passwordNew){
User user=(User)session.getAttribute(Const.CURRENT_USER);
if(user == null){
return ServerResponse.createByErrorMessage("用户未登录");
}
return iUserService.resetPassword(passwordOld,passwordNew,user);
}