忘记密码

src/main/java/com/izouma/nineth/security/WebSecurityConfig.java

@@ -85,6 +85,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                 .antMatchers("/collection/get/**").permitAll()
                 .antMatchers("/user/all").permitAll()
                 .antMatchers("/user/get/*").permitAll()
+                .antMatchers("/user/forgotPassword").permitAll()
                 // all other requests need to be authenticated
                 .anyRequest().authenticated().and()
                 // make sure we use stateless session; session won't be used to

src/main/java/com/izouma/nineth/service/UserService.java

@@ -243,6 +243,12 @@ public class UserService {
         return setPassword(userId, password);
     }
 
+    public String forgotPassword(String phone, String password, String code) {
+        User user = userRepo.findByPhoneAndDelFalse(phone).orElseThrow(new BusinessException("手机号未注册"));
+        smsService.verify(user.getPhone(), code);
+        return setPassword(user.getId(), password);
+    }
+
     public void bindPhone(Long userId, String phone) {
         User user = userRepo.findByIdAndDelFalse(userId).orElseThrow(new BusinessException("用户不存在"));
         if (StringUtils.isNoneEmpty(user.getPhone())) {

src/main/java/com/izouma/nineth/web/UserController.java

@@ -127,6 +127,12 @@ public class UserController extends BaseController {
         return userService.setPassword(SecurityUtils.getAuthenticatedUser().getId(), code, password);
     }
 
+    @PostMapping("/forgotPassword")
+    @ApiOperation("忘记密码")
+    public String forgotPassword(@RequestParam String phone, @RequestParam String password, @RequestParam String code) {
+        return userService.forgotPassword(phone, password, code);
+    }
+
     @PreAuthorize("hasRole('ADMIN')")
     @GetMapping("/getToken/{userId}")
     public String getToken(@PathVariable Long userId) {