update ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java.

修改密码无法对当前账户同时在其他位置的登录信息进行更新（只更新的当前登录端缓存），采用当前用户的缓存进行验证导致另一位置登录的还可以使用旧密码更新密码。
2022-03-29 01:53:51 +00:00 · 2022-03-29 01:53:51 +00:00 · 2069ccf15e
commit 2069ccf15e
parent 2043d1f439
1 changed files with 3 additions and 2 deletions
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java
@ -96,8 +96,9 @@ public class SysProfileController extends BaseController
    public AjaxResult updatePwd(String oldPassword, String newPassword)
    {
        LoginUser loginUser = getLoginUser();
-        String userName = loginUser.getUsername();
-        String password = loginUser.getPassword();
+        SysUser user = userService.selectUserById(loginUser.getUserId());
+        String userName = user.getUserName();
+        String password = user.getPassword();
        if (!SecurityUtils.matchesPassword(oldPassword, password))
        {
            return AjaxResult.error("修改密码失败，旧密码错误");