登录块--弱密码整改，强制提示及账号加密请求

b92038c9 · T · 963e445d · b92038c9 · b92038c9 · b92038c9
Commit b92038c9 authored May 31, 2023 by T
--- a/package.json
+++ b/package.json
@@ -26,6 +26,8 @@
    "cnchar": "^3.2.2",
    "codemirror": "^5.38.0",
    "connect": "3.6.6",
+    "crypto": "^1.0.1",
+    "crypto-js": "^4.1.1",
    "echarts": "^4.1.0",
    "element-ui": "^2.15.6",
    "file-saver": "1.3.8",
@@ -100,8 +102,8 @@
    "url-loader": "1.0.1",
    "vue": "^2.6.14",
    "vue-loader": "^15.9.7",
-    "vue-template-compiler": "^2.6.14",
    "vue-style-loader": "4.1.2",
+    "vue-template-compiler": "^2.6.14",
    "webpack": "^4.41.2",
    "webpack-bundle-analyzer": "^3.6.0",
    "webpack-cli": "^3.3.9",

--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/src/api/login.js
+++ b/src/api/login.js
@@ -3,7 +3,8 @@ import md5 from 'js-md5'

 export function login(username, password, code, uuid) {
  return request({
-    url: 'auth/login',
+    // url: 'auth/login',
+    url: 'auth/loginV2',//满足安全审计要求接口
    method: 'post',
    data: {
      username,

--- a/src/utils/cryptoEncrypt.js
+++ b/src/utils/cryptoEncrypt.js
+// 服务端提供密钥与偏移量
+// 'key'       => '0123456789abcdef'
+// 'iv'        => 'abcdef0123456789'
+ 
+import CryptoJS from 'crypto-js'
+ 
+const AES_KEY = '0123456789abcdef' // 密钥, AES-128 需16个字符, AES-256 需要32个字符
+const AES_IV = 'abcdef0123456789' // 密钥偏移量，16个字符
+ 
+const key = CryptoJS.enc.Utf8.parse(AES_KEY)
+const iv = CryptoJS.enc.Utf8.parse(AES_IV)
+ 
+// 加密
+export function encrypt(data) {
+    const srcs = CryptoJS.enc.Utf8.parse(data)
+    const encrypted = CryptoJS.AES.encrypt(srcs, key, {
+        iv,
+        mode: CryptoJS.mode.CBC,
+        padding: CryptoJS.pad.Pkcs7
+    })
+    return encrypted.toString()
+}
+ 
+// 解密
+export function decrypt(data) {
+    const decrypted = CryptoJS.AES.decrypt(data, key, {
+        iv,
+        mode: CryptoJS.mode.CBC,
+        padding: CryptoJS.pad.Pkcs7
+    })
+    return CryptoJS.enc.Utf8.stringify(decrypted).toString()
+}
\ No newline at end of file
--- a/src/utils/index.js
+++ b/src/utils/index.js
@@ -171,17 +171,38 @@
  * @param {*} data 
  * @returns 
  */
+//  export function transform(data) {
+//     let k = {
+//      appKey: 'odykzzWm1GASj15K1AGxwQ==',
+//      orgId: '',
+//      version: '1.0',
+//      timestamp: parseInt(new Date().getTime()/1000),
+//      body: escape(JSON.stringify(data)),
+//      sign: md5('a1dca4cf35a6d460128f5e4ad401b1c1'+parseInt(new Date().getTime()/1000)+'1.0'+escape(JSON.stringify(data)))
+//    }
+//    return k;
+//  }
+ //统一加密处理--开关
 export function transform(data) {
+  //isEncryption为0---加密，1----不加密
+   let isEncryption =0;
+   
+   if(isEncryption == 0){
    let k = {
-     appKey: 'odykzzWm1GASj15K1AGxwQ==',
-     orgId: '',
-     version: '1.0',
-     timestamp: parseInt(new Date().getTime()/1000),
-     body: escape(JSON.stringify(data)),
-     sign: md5('a1dca4cf35a6d460128f5e4ad401b1c1'+parseInt(new Date().getTime()/1000)+'1.0'+escape(JSON.stringify(data)))
+      appKey: 'odykzzWm1GASj15K1AGxwQ==',
+      orgId: '',
+      version: '1.0',
+      timestamp: parseInt(new Date().getTime()/1000),
+      body: escape(JSON.stringify(data)),
+      sign: md5('a1dca4cf35a6d460128f5e4ad401b1c1'+parseInt(new Date().getTime()/1000)+'1.0'+escape(JSON.stringify(data)))
+   
+    }
+    return k;
   }
-   return k;
- }
+   if(isEncryption == 1){
+     return data
+   }
+  }
 
 export function downloadFile(obj, name, suffix) {
   const url = window.URL.createObjectURL(new Blob([obj]))

--- a/src/views/login.vue
+++ b/src/views/login.vue
@@ -35,11 +35,13 @@
      <span> ⋅ </span>
      <a href="http://www.beian.miit.gov.cn" target="_blank">{{ $store.state.settings.caseNumber }}</a>
    </div> -->
+    <!-- <center ref="center"/> -->
  </div>
 </template>

 <script>
-import { encrypt, decrypt } from '@/utils/rsaEncrypt'
+//import { encrypt, decrypt } from '@/utils/rsaEncrypt'
+import { encrypt } from '@/utils/cryptoEncrypt'
 import Config from '@/config'
 import { getCodeImg } from '@/api/login'
 import Cookies from 'js-cookie'
@@ -52,9 +54,12 @@ import { getListOrgWarehouse } from '@/api/warehouse'
 import { getAllListOrg } from '@/api/org'
 import { getToken, setToken, removeToken } from '@/utils/auth'
 import { getMessageReminderLog } from '@/api/messageReminder'
+// import center from '@/views/system/user/center'
 import md5 from 'js-md5'
+//import myTask from '@/views/dashboard/MyTask'
 export default {
  name: 'Login',
+  // components:[ center ],
  data() {
    return {
      LoginHeader: LoginHeader,
@@ -131,6 +136,8 @@ export default {
        // }
        //传MD5加密给登录后台
        user.password=md5(user.password)
+        //账号加密传输---满足安全审计要求
+        user.username=encrypt(user.username)
        if (valid) {
          this.loading = true
          if (user.rememberMe) {
@@ -144,8 +151,15 @@ export default {
          }
          this.$store.dispatch('Login', user).then(() => {
            this.loading = false
-            this.$router.push({ path: this.redirect || '/' })
            setTimeout(this.purchaseAlert , 2000)
+             if(user.password === 'e10adc3949ba59abbe56e057f20f883e'){
+              
+              this.$router.push({path:'/user/center', query: { fromLoginPage: 'true' }});
+              
+
+             }else{
+               this.$router.push({ path: this.redirect || '/' })
+             }
            this.getOrgList()
          }).catch((err) => {
            this.loading = false
@@ -160,6 +174,7 @@ export default {
          return false
        }
      })
+      
    },
    purchaseAlert() {
      getMessageReminderLog({orgId: this.$store.state.user.user.baseJpOrganization.id}).then(res => {

--- a/src/views/system/user/center.vue
+++ b/src/views/system/user/center.vue
@@ -82,7 +82,7 @@
      </el-col>
    </el-row>
    <updateEmail ref="email" :email="user.email"/>
-    <updatePass ref="pass"/>
+    <updatePass ref="pass"  />
    <update-location ref="location" />
  </div>
 </template>
@@ -126,6 +126,34 @@ export default {
      this.init()
    })
    store.dispatch('GetInfo').then(() => {})
+    //用于登录时弱密码：123456强制弹窗修改密码
+    //登录成功后传fromLoginPage== 'true'校验弹窗--修改密码，其它页面跳到该页不用弹窗
+    const fromLoginPage = this.$route.query.fromLoginPage;
+    if (fromLoginPage == 'true') {
+      this.$nextTick(() => {
+        // 在这里确保组件已经渲染完毕
+        if (this.$refs.pass) {
+          //console.log(1111)
+          // 确保 this.$refs.pass 存在
+          this.$watch(
+            () => this.$refs.pass.dialog, // watch the dialog property of this.$refs.pass
+            (value) => {
+              if (value === true) {
+                // when dialog changes to true, the dialog has finished rendering
+                this.$nextTick(() => {
+                  this.$message({
+                    message: '密码过于简单，请修改密码！！',
+                    type: 'warning',
+                    duration: 5000
+                  });
+                });
+              }
+            }
+          );
+          this.$refs.pass.dialog = true; // 设置 dialog 属性
+        }
+      }); 
+    }
  },
  mounted() {
    if (this.$route.query.changePassword) {