Merge branch 'feature/兼容支持用户密码为md5加密登录' into 'wrdp'

[用户认证]兼容支持用户密码为md5加密的密码——用户原平台是md5加密的，迁移到o2也只能是此密码

See merge request o2oa/o2oa!2989

o2server/x_base_core_project/src/main/java/com/x/base/core/project/tools/MD5Tool.java

@@ -0,0 +1,58 @@
+package com.x.base.core.project.tools;
+import org.apache.commons.lang3.StringUtils;
+
+import java.security.NoSuchAlgorithmException;
+
+
+/**
+ * @author louguodong
+ *
+ */
+public class MD5Tool {
+
+    public static String getMD5(byte[] source) {
+        String s = null;
+        char hexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };// 用来将字节转换成16进制表示的字符
+        try {
+            java.security.MessageDigest md = java.security.MessageDigest.getInstance("MD5");
+            md.update(source);
+            byte tmp[] = md.digest();// MD5 的计算结果是一个 128 位的长整数，
+            // 用字节表示就是 16 个字节
+            char str[] = new char[16 * 2];// 每个字节用 16 进制表示的话，使用两个字符， 所以表示成 16
+            // 进制需要 32 个字符
+            int k = 0;// 表示转换结果中对应的字符位置
+            for (int i = 0; i < 16; i++) {// 从第一个字节开始，对 MD5 的每一个字节// 转换成 16
+                // 进制字符的转换
+                byte byte0 = tmp[i];// 取第 i 个字节
+                str[k++] = hexDigits[byte0 >>> 4 & 0xf];// 取字节中高 4 位的数字转换,// >>>
+                // 为逻辑右移，将符号位一起右移
+                str[k++] = hexDigits[byte0 & 0xf];// 取字节中低 4 位的数字转换
+
+            }
+            s = new String(str);// 换后的结果转换为字符串
+
+        } catch (NoSuchAlgorithmException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+        return s;
+    }
+
+    public static String getMD5Str(String source) {
+        if (StringUtils.isNotEmpty(source)) {
+            return getMD5(source.getBytes());
+        } else {
+            return "";
+        }
+    }
+
+    /**
+     * @param args
+     */
+    public static void main(String[] args) {
+        // TODO Auto-generated method stub
+        String test = MD5Tool.getMD5("1qaz2wsx".getBytes());
+        System.out.println(test);
+    }
+
+}

o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/ActionCaptchaLogin.java

@@ -3,6 +3,7 @@ package com.x.organization.assemble.authentication.jaxrs.authentication;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import com.x.base.core.project.tools.MD5Tool;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -78,11 +79,12 @@ class ActionCaptchaLogin extends BaseAction {
 				Person o = null;
 				// 处理同中文问题
 				if (personId.indexOf(",") > -1) {
-					String[] arrPersion = personId.split(",");
-					for (int i = 0; i < arrPersion.length; i++) {
-						personId = arrPersion[i];
+					String[] arrPerson = personId.split(",");
+					for (int i = 0; i < arrPerson.length; i++) {
+						personId = arrPerson[i];
 						o = emc.find(personId, Person.class);
-						if (StringUtils.equals(Crypto.encrypt(password, Config.token().getKey()), o.getPassword())) {
+						if (StringUtils.equals(Crypto.encrypt(password, Config.token().getKey()), o.getPassword())
+								|| StringUtils.equals(MD5Tool.getMD5Str(password), o.getPassword())) {
 							break;
 						}
 					}
@@ -97,7 +99,8 @@ class ActionCaptchaLogin extends BaseAction {
 					if (this.failureLocked(o)) {
 						throw new ExceptionFailureLocked(o.getName(), Config.person().getFailureInterval());
 					} else {
-						if (!StringUtils.equals(Crypto.encrypt(password, Config.token().getKey()), o.getPassword())) {
+						if (!StringUtils.equals(Crypto.encrypt(password, Config.token().getKey()), o.getPassword())
+								&& !StringUtils.equals(MD5Tool.getMD5Str(password), o.getPassword())) {
 							emc.beginTransaction(Person.class);
 							this.failure(o);
 							emc.commit();
@@ -231,4 +234,4 @@ class ActionCaptchaLogin extends BaseAction {
 		private static final long serialVersionUID = 4940814657548190978L;
 	}
 
-}
+}

o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/ActionLogin.java

@@ -3,6 +3,7 @@ package com.x.organization.assemble.authentication.jaxrs.authentication;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import com.x.base.core.project.tools.MD5Tool;
 import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 
@@ -58,7 +59,8 @@ class ActionLogin extends BaseAction {
 				if (BooleanUtils.isTrue(Config.person().getSuperPermission())
 						&& StringUtils.equals(Config.token().getPassword(), password)) {
 					logger.warn("user: {} use superPermission.", credential);
-				} else if (!StringUtils.equals(Crypto.encrypt(password, Config.token().getKey()), o.getPassword())) {
+				} else if (!StringUtils.equals(Crypto.encrypt(password, Config.token().getKey()), o.getPassword())
+						&& !StringUtils.equals(MD5Tool.getMD5Str(password), o.getPassword())) {
 					/* 普通用户认证密码 */
 					throw new ExceptionPersonNotExistOrInvalidPassword();
 				}
@@ -101,4 +103,4 @@ class ActionLogin extends BaseAction {
 		private static final long serialVersionUID = -5397186305200946501L;
 
 	}
-}
+}