Skip to content

Commit

Permalink
修正密码中包含HTML4特殊字符的时候,密码验证不正确的问题。
Browse files Browse the repository at this point in the history
  • Loading branch information
@think-gem
think-gem committed Jan 8, 2016
1 parent e3a2c65 commit 60932fe
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions src/main/java/com/thinkgem/jeesite/modules/sys/service/SystemService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,8 +207,9 @@ public void updateUserLoginInfo(User user) {
* 生成安全的密码,生成随机的16位salt并经过1024次 sha-1 hash
*/
public static String entryptPassword(String plainPassword) {
String plain = Encodes.unescapeHtml(plainPassword);
byte[] salt = Digests.generateSalt(SALT_SIZE);
byte[] hashPassword = Digests.sha1(plainPassword.getBytes(), salt, HASH_INTERATIONS);
byte[] hashPassword = Digests.sha1(plain.getBytes(), salt, HASH_INTERATIONS);
return Encodes.encodeHex(salt)+Encodes.encodeHex(hashPassword);
}

Expand All @@ -219,8 +220,9 @@ public static String entryptPassword(String plainPassword) {
* @return 验证成功返回true
*/
public static boolean validatePassword(String plainPassword, String password) {
String plain = Encodes.unescapeHtml(plainPassword);
byte[] salt = Encodes.decodeHex(password.substring(0,16));
byte[] hashPassword = Digests.sha1(plainPassword.getBytes(), salt, HASH_INTERATIONS);
byte[] hashPassword = Digests.sha1(plain.getBytes(), salt, HASH_INTERATIONS);
return password.equals(Encodes.encodeHex(salt)+Encodes.encodeHex(hashPassword));
}

Expand Down

0 comments on commit 60932fe

Please sign in to comment.