fix: 密码修改接口改为@RequestBody
- UserController.updatePassword 改用PasswordRequest对象 - 符合安全规范:敏感数据使用POST body
This commit is contained in:
parent
e6eac0fc56
commit
162658daed
|
|
@ -3,6 +3,7 @@ package com.ether.pms.auth.controller;
|
|||
import com.ether.pms.auth.entity.User;
|
||||
import com.ether.pms.auth.service.UserService;
|
||||
import com.ether.pms.common.ApiResponse;
|
||||
import lombok.Data;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
|
@ -46,9 +47,8 @@ public class UserController {
|
|||
@PutMapping("/{id}/password")
|
||||
public ResponseEntity<ApiResponse<Void>> updatePassword(
|
||||
@PathVariable UUID id,
|
||||
@RequestParam String oldPassword,
|
||||
@RequestParam String newPassword) {
|
||||
userService.updatePassword(id, oldPassword, newPassword);
|
||||
@RequestBody PasswordRequest request) {
|
||||
userService.updatePassword(id, request.getOldPassword(), request.getNewPassword());
|
||||
return ResponseEntity.ok(ApiResponse.success());
|
||||
}
|
||||
|
||||
|
|
@ -59,4 +59,10 @@ public class UserController {
|
|||
userService.assignRoles(id, roleIds);
|
||||
return ResponseEntity.ok(ApiResponse.success());
|
||||
}
|
||||
|
||||
@Data
|
||||
public static class PasswordRequest {
|
||||
private String oldPassword;
|
||||
private String newPassword;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue