fix: 密码修改接口改为@RequestBody

- UserController.updatePassword 改用PasswordRequest对象
- 符合安全规范:敏感数据使用POST body
This commit is contained in:
chiguyong 2026-03-17 23:51:16 +08:00
parent e6eac0fc56
commit 162658daed
1 changed files with 9 additions and 3 deletions

View File

@ -3,6 +3,7 @@ package com.ether.pms.auth.controller;
import com.ether.pms.auth.entity.User;
import com.ether.pms.auth.service.UserService;
import com.ether.pms.common.ApiResponse;
import lombok.Data;
import lombok.RequiredArgsConstructor;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;
@ -46,9 +47,8 @@ public class UserController {
@PutMapping("/{id}/password")
public ResponseEntity<ApiResponse<Void>> updatePassword(
@PathVariable UUID id,
@RequestParam String oldPassword,
@RequestParam String newPassword) {
userService.updatePassword(id, oldPassword, newPassword);
@RequestBody PasswordRequest request) {
userService.updatePassword(id, request.getOldPassword(), request.getNewPassword());
return ResponseEntity.ok(ApiResponse.success());
}
@ -59,4 +59,10 @@ public class UserController {
userService.assignRoles(id, roleIds);
return ResponseEntity.ok(ApiResponse.success());
}
@Data
public static class PasswordRequest {
private String oldPassword;
private String newPassword;
}
}