Merge remote-tracking branch 'origin/master'

backend/src/main/java/com/jiayue/ssi/controller/SysUserController.java

@@ -528,7 +528,8 @@ public class SysUserController {
             if (newPassword.contains(sysUser.getUsername())) {
                 return ResponseVO.fail("密码不能含有账号！");
             }
-            if (SmUtil.sm3(newPassword).toUpperCase().equals(sysUser.getPassword())) {
+            String oldpwd = SM2CryptUtils.decrypt(sysUser.getPassword(),SecretKeyConstants.SERVER_PRIVATE_KEY);
+            if (SmUtil.sm3(newPassword).toUpperCase().equals(oldpwd)) {
                 return ResponseVO.fail("新密码不能与上次密码相同！");
             }
 
@@ -538,6 +539,11 @@ public class SysUserController {
                 return ResponseVO.fail(ruleInfo);
             }
 
+            // 验证旧密码是否正确
+            if (!oldpwd.equals(SmUtil.sm3(oldPassword).toUpperCase())){
+                return ResponseVO.fail("旧密码不正确！");
+            }
+
             // 新密码加密
             String sm3newpwd = SmUtil.sm3(newPassword).toUpperCase();
             // 再次sm2加密

backend/src/main/java/com/jiayue/ssi/handler/RestAccessDeniedHandler.java

@@ -5,7 +5,15 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.jiayue.ssi.annotation.OperateLog;
 import com.jiayue.ssi.backenum.AuditType;
+import com.jiayue.ssi.backenum.BusinessStatus;
 import com.jiayue.ssi.backenum.BusinessType;
+import com.jiayue.ssi.entity.SysOperLog;
+import com.jiayue.ssi.entity.SysUser;
+import com.jiayue.ssi.factory.OperateLogFactory;
+import com.jiayue.ssi.util.IPUtils;
+import com.jiayue.ssi.util.JwtTokenUtil;
+import com.jiayue.ssi.util.ServletUtils;
+import io.jsonwebtoken.Claims;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.stereotype.Service;
@@ -22,8 +30,38 @@ import java.io.IOException;
 @Service
 public class RestAccessDeniedHandler implements AccessDeniedHandler {
     @Override
-    @OperateLog(title = "权限认证", businessType = BusinessType.BAC, auditType = AuditType.SYS,operdesc = "没有接口访问权限")
     public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException {
+        String token = request.getHeader("Authorization");
+        JwtTokenUtil jwtTokenUtil = new JwtTokenUtil();
+        Claims claims = jwtTokenUtil.getClaimsFromToken(token);
+        String username="";
+        if (claims==null){
+            username = "未知用户";
+        }
+        else{
+            username = claims.getSubject();
+        }
+        SysOperLog operLog = new SysOperLog();
+        operLog.setStatus(BusinessStatus.FAIL.ordinal());
+        // 请求的地址
+        String ip = IPUtils.getIpAddr();
+        operLog.setOperIp(ip);
+        operLog.setOperUrl(org.apache.commons.lang3.StringUtils.substring(ServletUtils.getRequest().getRequestURI(), 0, 255));
+        operLog.setOperName(username);
+        // 设置请求方式
+        operLog.setRequestMethod(ServletUtils.getRequest().getMethod());
+        operLog.setCreateBy(username);
+        // 设置action动作
+        operLog.setBusinessType(BusinessType.BAC.ordinal());
+        // 设置标题
+        operLog.setTitle("越权访问");
+        // 操作描述
+        operLog.setOperdesc("越权访问");
+        // 审计类型
+        operLog.setAuditType(AuditType.SYS.ordinal());
+        // 保存数据库
+        OperateLogFactory.recordOper(operLog);
+
         response.setHeader("Access-Control-Allow-Origin", "*");
         response.setStatus(402);
         response.setContentType("text/html;charset=utf-8");

backend/src/main/java/com/jiayue/ssi/service/impl/SysApproveServiceImpl.java

@@ -57,6 +57,8 @@ public class SysApproveServiceImpl extends ServiceImpl<SysApproveMapper, SysAppr
                     sysUser.setStatus(newsysApprove.getStatus());
                     sysUser.setExpDate(newsysApprove.getExpDate());
                     sysUser.setSignstr("0");
+                    // 离线
+                    sysUser.setOnlineStatus("1");
                     sysUserMapper.insert(sysUser);
                 }
             }

ui/src/views/auditManager/logininfo/index.vue

@@ -161,7 +161,7 @@ export default {
         userName: undefined,
         status: undefined
       },
-      sortOrder: 'loginTime&asc',
+      sortOrder: 'loginTime&desc',
     };
   },
   created() {
@@ -170,7 +170,7 @@ export default {
   methods: {
     sortChangeEvent({column, property, order}) {
       if (order == null) {
-        order = 'asc'
+        order = 'desc'
       }
       this.currentPage = 1
       this.sortOrder = property+'&'+order

ui/src/views/monitor/onLine/index.vue

@@ -41,7 +41,7 @@
             show-overflow
           >
             <vxe-table-column field="username" title="用户账号"/>
-            <vxe-table-column field="nickname" title="用户姓名"/>
+<!--            <vxe-table-column field="nickname" title="用户姓名"/>-->
             <vxe-table-column :formatter="onlineStatusFormat" field="onlineStatus" title="账号在线状态"/>
           </vxe-table>
           <vxe-pager

ui/src/views/sysManager/userManager/index.vue

@@ -422,7 +422,8 @@ export default {
       this.$prompt('请输入登录密码', '鉴别操作', {
         confirmButtonText: '确定',
         cancelButtonText: '取消',
-        inputType: 'password',
+        inputType: 'text',
+        customClass:'no-autofill-pwd',
         inputValidator: (val) => {
           if (val === null || val.length < 1 || val.length > 20) {
             return false;
@@ -612,7 +613,8 @@ export default {
             this.$prompt('请输入登录密码', '鉴别操作', {
               confirmButtonText: '确定',
               cancelButtonText: '取消',
-              inputType: 'password',
+              inputType: 'text',
+              customClass:'no-autofill-pwd',
               inputValidator: (val) => {
                 if (val === null || val.length < 1 || val.length > 20) {
                   return false;
@@ -792,7 +794,8 @@ export default {
       this.$prompt('请输入密码', '鉴别操作', {
         confirmButtonText: '确定',
         cancelButtonText: '取消',
-        inputType: 'password',
+        inputType: 'text',
+        customClass:'no-autofill-pwd',
         inputValidator: (val) => {
           if (val === null || val.length < 1 || val.length > 20) {
             return false;
@@ -1158,3 +1161,14 @@ export default {
   }
 };
 </script>
+
+<style rel="stylesheet/scss" lang="scss">
+  .no-autofill-pwd{
+    .el-message-box__content{
+      .el-input__inner{
+        text-security:disc!important;
+        -webkit-text-security:disc!important;
+      }
+    }
+  }
+</style>

ui/src/views/sysManager/userManager/profile/resetPwd.vue

@@ -1,13 +1,13 @@
 <template>
   <el-form ref="form" :model="pwd" :rules="rules" label-width="80px">
     <el-form-item label="旧密码" prop="oldPassword">
-      <el-input v-model="pwd.oldPassword" placeholder="请输入旧密码" type="password" show-password/>
+      <el-input v-model="pwd.oldPassword" type="text" class="no-autofill-pwd"/>
     </el-form-item>
     <el-form-item label="新密码" prop="newPassword">
-      <el-input v-model="pwd.newPassword" placeholder="请输入新密码" type="password" show-password/>
+      <el-input v-model="pwd.newPassword" type="text" class="no-autofill-pwd"/>
     </el-form-item>
     <el-form-item label="确认密码" prop="confirmPassword">
-      <el-input v-model="pwd.confirmPassword" placeholder="请确认新密码" type="password" show-password/>
+      <el-input v-model="pwd.confirmPassword" type="text" class="no-autofill-pwd"/>
     </el-form-item>
     <el-form-item>
       <el-button type="primary" size="mini" @click="submit">保存</el-button>
@@ -157,3 +157,10 @@ export default {
   }
 };
 </script>
+
+<style rel="stylesheet/scss" lang="scss">
+.no-autofill-pwd{
+  text-security:disc!important;
+  -webkit-text-security:disc!important;
+}
+</style>