From 4732b9ef02647362144abcf3684ac8fa47f980a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E7=BF=94?= Date: Sat, 4 Apr 2026 20:39:01 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E7=BB=9F=E4=B8=80H2=E6=95=B0=E6=8D=AE?= =?UTF-8?q?=E5=BA=93=E5=AF=86=E7=A0=81=E9=85=8D=E7=BD=AE=E4=B8=BATest@123?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 统一主应用和测试环境的密码配置 - 使用BCrypt $2a$版本hash - 添加密码验证测试确保一致性 影响范围: - novalon-manage-api/manage-app/src/main/resources/data-h2.sql - novalon-manage-api/manage-sys/src/test/java/cn/novalon/manage/sys/util/PasswordHashGenerator.java --- .../manage-app/src/main/resources/data-h2.sql | 14 +++--- .../sys/util/PasswordHashGenerator.java | 49 +++++++++++++++++++ 2 files changed, 56 insertions(+), 7 deletions(-) diff --git a/novalon-manage-api/manage-app/src/main/resources/data-h2.sql b/novalon-manage-api/manage-app/src/main/resources/data-h2.sql index 94d4312..513b908 100644 --- a/novalon-manage-api/manage-app/src/main/resources/data-h2.sql +++ b/novalon-manage-api/manage-app/src/main/resources/data-h2.sql @@ -10,15 +10,15 @@ VALUES (4, '访客', 'guest', 4, 1, 'system', 'system'); -- 插入测试用户 --- BCrypt哈希值对应明文密码: admin123 +-- BCrypt哈希值对应明文密码: Test@123 INSERT INTO sys_user (id, username, password, email, phone, nickname, status, create_by, update_by) VALUES -(1, 'admin', '$2b$12$iu5PcPjmZPfp30E66v08gu.iaBeB4CgtkE1VeFtldksmdWVzgPrzu', 'admin@novalon.com', '13800138000', '超级管理员', 1, 'system', 'system'), -(2, 'testadmin', '$2b$12$iu5PcPjmZPfp30E66v08gu.iaBeB4CgtkE1VeFtldksmdWVzgPrzu', 'testadmin@novalon.com', '13800138001', '测试管理员', 1, 'system', 'system'), -(3, 'normaluser', '$2b$12$iu5PcPjmZPfp30E66v08gu.iaBeB4CgtkE1VeFtldksmdWVzgPrzu', 'normaluser@novalon.com', '13800138002', '普通用户', 1, 'system', 'system'), -(4, 'guestuser', '$2b$12$iu5PcPjmZPfp30E66v08gu.iaBeB4CgtkE1VeFtldksmdWVzgPrzu', 'guestuser@novalon.com', '13800138003', '访客用户', 1, 'system', 'system'), -(5, 'disableduser', '$2b$12$iu5PcPjmZPfp30E66v08gu.iaBeB4CgtkE1VeFtldksmdWVzgPrzu', 'disableduser@novalon.com', '13800138004', '禁用用户', 0, 'system', 'system'), -(10, 'e2e_test_user', '$2b$12$iu5PcPjmZPfp30E66v08gu.iaBeB4CgtkE1VeFtldksmdWVzgPrzu', 'e2e@test.com', '13900139000', 'E2E测试用户', 1, 'system', 'system'); +(1, 'admin', '$2a$12$nZ1EMUpZQljbnEdIKzH72eHlDJKUmHmHppnTTVth/SlHs5VpSAr8C', 'admin@novalon.com', '13800138000', '超级管理员', 1, 'system', 'system'), +(2, 'testadmin', '$2a$12$nZ1EMUpZQljbnEdIKzH72eHlDJKUmHmHppnTTVth/SlHs5VpSAr8C', 'testadmin@novalon.com', '13800138001', '测试管理员', 1, 'system', 'system'), +(3, 'normaluser', '$2a$12$nZ1EMUpZQljbnEdIKzH72eHlDJKUmHmHppnTTVth/SlHs5VpSAr8C', 'normaluser@novalon.com', '13800138002', '普通用户', 1, 'system', 'system'), +(4, 'guestuser', '$2a$12$nZ1EMUpZQljbnEdIKzH72eHlDJKUmHmHppnTTVth/SlHs5VpSAr8C', 'guestuser@novalon.com', '13800138003', '访客用户', 1, 'system', 'system'), +(5, 'disableduser', '$2a$12$nZ1EMUpZQljbnEdIKzH72eHlDJKUmHmHppnTTVth/SlHs5VpSAr8C', 'disableduser@novalon.com', '13800138004', '禁用用户', 0, 'system', 'system'), +(10, 'e2e_test_user', '$2a$12$nZ1EMUpZQljbnEdIKzH72eHlDJKUmHmHppnTTVth/SlHs5VpSAr8C', 'e2e@test.com', '13900139000', 'E2E测试用户', 1, 'system', 'system'); -- 为用户分配角色 INSERT INTO user_role (user_id, role_id, created_by) diff --git a/novalon-manage-api/manage-sys/src/test/java/cn/novalon/manage/sys/util/PasswordHashGenerator.java b/novalon-manage-api/manage-sys/src/test/java/cn/novalon/manage/sys/util/PasswordHashGenerator.java index ee44331..1d4c0bb 100644 --- a/novalon-manage-api/manage-sys/src/test/java/cn/novalon/manage/sys/util/PasswordHashGenerator.java +++ b/novalon-manage-api/manage-sys/src/test/java/cn/novalon/manage/sys/util/PasswordHashGenerator.java @@ -4,6 +4,8 @@ import org.junit.jupiter.api.Test; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; +import static org.junit.jupiter.api.Assertions.*; + public class PasswordHashGenerator { @Test @@ -25,4 +27,51 @@ public class PasswordHashGenerator { boolean matches2b = passwordEncoder.matches(password, hash2b); System.out.println("验证$2b$哈希结果: " + matches2b); } + + @Test + public void verifyBCryptVersions() { + PasswordEncoder passwordEncoder = new BCryptPasswordEncoder(12); + + String password = "Test@123"; + + // $2a$ hash (测试环境当前使用) + String hash2a = "$2a$12$nZ1EMUpZQljbnEdIKzH72eHlDJKUmHmHppnTTVth/SlHs5VpSAr8C"; + boolean matches2a = passwordEncoder.matches(password, hash2a); + System.out.println("========================================"); + System.out.println("验证 $2a$ hash:"); + System.out.println("密码: " + password); + System.out.println("Hash: " + hash2a); + System.out.println("验证结果: " + matches2a); + System.out.println("========================================"); + assertTrue(matches2a, "$2a$ hash验证失败"); + + // $2b$ hash (主应用当前使用) + String hash2b = "$2b$12$SFefXlGRFMA0fvxIufpWPuIAl0OPLgRDoCZPThCvjpiJGPYS8yNYy"; + boolean matches2b = passwordEncoder.matches("admin123", hash2b); + System.out.println("验证 $2b$ hash:"); + System.out.println("密码: admin123"); + System.out.println("Hash: " + hash2b); + System.out.println("验证结果: " + matches2b); + System.out.println("========================================"); + assertTrue(matches2b, "$2b$ hash验证失败"); + } + + @Test + public void verifyPasswordConsistency() { + PasswordEncoder passwordEncoder = new BCryptPasswordEncoder(12); + + String password = "Test@123"; + String hash = "$2a$12$nZ1EMUpZQljbnEdIKzH72eHlDJKUmHmHppnTTVth/SlHs5VpSAr8C"; + + boolean matches = passwordEncoder.matches(password, hash); + + System.out.println("========================================"); + System.out.println("密码一致性验证:"); + System.out.println("明文密码: " + password); + System.out.println("Hash: " + hash); + System.out.println("验证结果: " + matches); + System.out.println("========================================"); + + assertTrue(matches, "密码配置不一致"); + } }