refactor: 优化代码，修复 sonar 提示：detected in this expression, review this potentially hard-coded password.

2025-10-31 00:57:13 +08:00 · 2024-02-03 13:31:24 +08:00
parent 3e84384eb6
commit 45307a8054
2 changed files with 7 additions and 8 deletions
--- a/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java
+++ b/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/impl/UserServiceImpl.java
@@ -75,7 +75,6 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
    private final PasswordEncoder passwordEncoder;
    @Value("${avatar.support-suffix}")
    private String[] avatarSupportSuffix;
-    private static final String CURRENT_PASSWORD_ERROR = "当前密码错误";

    @Override
    public Long add(UserDO user) {
@@ -199,7 +198,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
        UserDO user = super.getById(id);
        String password = user.getPassword();
        if (StrUtil.isNotBlank(password)) {
-            CheckUtils.throwIf(!passwordEncoder.matches(oldPassword, password), CURRENT_PASSWORD_ERROR);
+            CheckUtils.throwIf(!passwordEncoder.matches(oldPassword, password), "当前密码错误");
        }
        // 更新密码和密码重置时间
        LocalDateTime now = LocalDateTime.now();
@@ -213,7 +212,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
    @Override
    public void updatePhone(String newPhone, String currentPassword, Long id) {
        UserDO user = super.getById(id);
-        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), CURRENT_PASSWORD_ERROR);
+        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), "当前密码错误");
        Long count = baseMapper.lambdaQuery().eq(UserDO::getPhone, newPhone).count();
        CheckUtils.throwIf(count > 0, "手机号已绑定其他账号，请更换其他手机号");
        CheckUtils.throwIfEqual(newPhone, user.getPhone(), "新手机号不能与当前手机号相同");
@@ -224,7 +223,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
    @Override
    public void updateEmail(String newEmail, String currentPassword, Long id) {
        UserDO user = super.getById(id);
-        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), CURRENT_PASSWORD_ERROR);
+        CheckUtils.throwIf(!passwordEncoder.matches(currentPassword, user.getPassword()), "当前密码错误");
        Long count = baseMapper.lambdaQuery().eq(UserDO::getEmail, newEmail).count();
        CheckUtils.throwIf(count > 0, "邮箱已绑定其他账号，请更换其他邮箱");
        CheckUtils.throwIfEqual(newEmail, user.getEmail(), "新邮箱不能与当前邮箱相同");
--- a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserCenterController.java
+++ b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserCenterController.java
@@ -68,7 +68,7 @@ public class UserCenterController {
    private final UserService userService;
    private final UserSocialService userSocialService;
    private final AuthRequestFactory authRequestFactory;
-    private static final String PASSWORD_DECRYPT_FAILED = "当前密码解密失败";
+    private static final String DECRYPT_FAILED = "当前密码解密失败";
    private static final String CAPTCHA_EXPIRED = "验证码已失效";

    @Operation(summary = "上传头像", description = "用户上传个人头像")
@@ -91,7 +91,7 @@ public class UserCenterController {
    public R<Void> updatePassword(@Validated @RequestBody UserPasswordUpdateReq updateReq) {
        String rawOldPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
            .getOldPassword()));
-        ValidationUtils.throwIfNull(rawOldPassword, PASSWORD_DECRYPT_FAILED);
+        ValidationUtils.throwIfNull(rawOldPassword, DECRYPT_FAILED);
        String rawNewPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
            .getNewPassword()));
        ValidationUtils.throwIfNull(rawNewPassword, "新密码解密失败");
@@ -106,7 +106,7 @@ public class UserCenterController {
    public R<Void> updatePhone(@Validated @RequestBody UserPhoneUpdateReq updateReq) {
        String rawCurrentPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
            .getCurrentPassword()));
-        ValidationUtils.throwIfBlank(rawCurrentPassword, PASSWORD_DECRYPT_FAILED);
+        ValidationUtils.throwIfBlank(rawCurrentPassword, DECRYPT_FAILED);
        String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + updateReq.getNewPhone();
        String captcha = RedisUtils.get(captchaKey);
        ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED);
@@ -121,7 +121,7 @@ public class UserCenterController {
    public R<Void> updateEmail(@Validated @RequestBody UserEmailUpdateRequest updateReq) {
        String rawCurrentPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
            .getCurrentPassword()));
-        ValidationUtils.throwIfBlank(rawCurrentPassword, PASSWORD_DECRYPT_FAILED);
+        ValidationUtils.throwIfBlank(rawCurrentPassword, DECRYPT_FAILED);
        String captchaKey = CacheConstants.CAPTCHA_KEY_PREFIX + updateReq.getNewEmail();
        String captcha = RedisUtils.get(captchaKey);
        ValidationUtils.throwIfBlank(captcha, CAPTCHA_EXPIRED);