update ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java.

修改密码无法对当前账户同时在其他位置的登录信息进行更新(只更新的当前登录端缓存),采用当前用户的缓存进行验证导致另一位置登录的还可以使用旧密码更新密码。
This commit is contained in:
abbfun 2022-03-29 01:53:51 +00:00 committed by Gitee
parent 2043d1f439
commit 2069ccf15e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F

View File

@ -96,8 +96,9 @@ public class SysProfileController extends BaseController
public AjaxResult updatePwd(String oldPassword, String newPassword)
{
LoginUser loginUser = getLoginUser();
String userName = loginUser.getUsername();
String password = loginUser.getPassword();
SysUser user = userService.selectUserById(loginUser.getUserId());
String userName = user.getUserName();
String password = user.getPassword();
if (!SecurityUtils.matchesPassword(oldPassword, password))
{
return AjaxResult.error("修改密码失败,旧密码错误");