spring 使用 BcryptPasswordEncoder 启动,密码不匹配
spring boot using BcryptPasswordEncoder , the passwords are not matching
Spring启动应用程序,用户登录后想更改密码,但我的功能没有更改密码。
@PostMapping("/settings/passwordupdate")
public String PasswordUpdate(@RequestParam("oldPassword") String oldPassword,
@RequestParam("newPassword") String newPassword, Principal principal) {
String userName = principal.getName();
User currentUser = serviceUserDetail.findByUserName(userName);
final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
System.out.println(newPassword + " |||| " + passwordEncoder.encode(currentUser.getPassword()));
if (passwordEncoder.matches(oldPassword, passwordEncoder.encode(currentUser.getPassword()))) {
System.out.print("match");
} else {
System.out.print("not match");
}
return "redirect:/";
}
结果是
pass |||| a$Y3JMpBg/3l4SHJY/X8XRS.O3vLxr64iLLoLY3r933irwsnrvCIr2q
not match---------------
虽然我可以通过密码“pass”登录,这意味着密码是好的
您不能将新密码与旧密码重新编码匹配。 您可以将参数中的旧密码与当前密码匹配。
你可以这样试试:
if (passwordEncoder.matches(oldPassword, currentUser.getPassword())) {
String encodedNewPassword = passwordEncoder.encode(newPassword);
// Store encoded new password..
}
另见 BCryptPasswordEncoder.matches(java.lang.CharSequence rawPassword, java.lang.String encodedPassword)
Spring启动应用程序,用户登录后想更改密码,但我的功能没有更改密码。
@PostMapping("/settings/passwordupdate")
public String PasswordUpdate(@RequestParam("oldPassword") String oldPassword,
@RequestParam("newPassword") String newPassword, Principal principal) {
String userName = principal.getName();
User currentUser = serviceUserDetail.findByUserName(userName);
final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
System.out.println(newPassword + " |||| " + passwordEncoder.encode(currentUser.getPassword()));
if (passwordEncoder.matches(oldPassword, passwordEncoder.encode(currentUser.getPassword()))) {
System.out.print("match");
} else {
System.out.print("not match");
}
return "redirect:/";
}
结果是
pass |||| a$Y3JMpBg/3l4SHJY/X8XRS.O3vLxr64iLLoLY3r933irwsnrvCIr2q
not match---------------
虽然我可以通过密码“pass”登录,这意味着密码是好的
您不能将新密码与旧密码重新编码匹配。 您可以将参数中的旧密码与当前密码匹配。
你可以这样试试:
if (passwordEncoder.matches(oldPassword, currentUser.getPassword())) {
String encodedNewPassword = passwordEncoder.encode(newPassword);
// Store encoded new password..
}
另见 BCryptPasswordEncoder.matches(java.lang.CharSequence rawPassword, java.lang.String encodedPassword)