From 162658daed2d37c0d434e8031dc7863f28396a88 Mon Sep 17 00:00:00 2001 From: chiguyong Date: Tue, 17 Mar 2026 23:51:16 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E5=AF=86=E7=A0=81=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E6=94=B9=E4=B8=BA@RequestBody?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - UserController.updatePassword 改用PasswordRequest对象 - 符合安全规范:敏感数据使用POST body --- .../ether/pms/auth/controller/UserController.java | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/module-auth/src/main/java/com/ether/pms/auth/controller/UserController.java b/module-auth/src/main/java/com/ether/pms/auth/controller/UserController.java index a93eaa3..4a6f869 100644 --- a/module-auth/src/main/java/com/ether/pms/auth/controller/UserController.java +++ b/module-auth/src/main/java/com/ether/pms/auth/controller/UserController.java @@ -3,6 +3,7 @@ package com.ether.pms.auth.controller; import com.ether.pms.auth.entity.User; import com.ether.pms.auth.service.UserService; import com.ether.pms.common.ApiResponse; +import lombok.Data; import lombok.RequiredArgsConstructor; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.*; @@ -46,9 +47,8 @@ public class UserController { @PutMapping("/{id}/password") public ResponseEntity> updatePassword( @PathVariable UUID id, - @RequestParam String oldPassword, - @RequestParam String newPassword) { - userService.updatePassword(id, oldPassword, newPassword); + @RequestBody PasswordRequest request) { + userService.updatePassword(id, request.getOldPassword(), request.getNewPassword()); return ResponseEntity.ok(ApiResponse.success()); } @@ -59,4 +59,10 @@ public class UserController { userService.assignRoles(id, roleIds); return ResponseEntity.ok(ApiResponse.success()); } + + @Data + public static class PasswordRequest { + private String oldPassword; + private String newPassword; + } }