public Response UpdatePwd(PwdVo vo)
{
ESSChannelStaff staff = StaffService.QueryStaffById(Convert.ToInt32(vo.UserId));
if (staff == null)
{
throw new Exception("用户不存在!");
}
//反转字符串
var array = vo.Noncestr.ToCharArray();
Array.Reverse(array);
var key = new string(array);
// md5加密
var md5 = new MD5CryptoServiceProvider();
byte[] output1 = md5.ComputeHash(Encoding.Default.GetBytes(key));
var keyStr = BitConverter.ToString(output1).Replace("-", "").ToLower();
var ivChar = keyStr.ToCharArray();
Array.Reverse(ivChar);
var iv = new string(ivChar);
byte[] output2 = md5.ComputeHash(Encoding.Default.GetBytes(iv));
var ivStr = BitConverter.ToString(output2).Replace("-", "").ToLower().Substring(0, 16);
//密码解密
var password = AES256Helper.Decrypt(vo.Pwd, Encoding.Default.GetBytes(keyStr), Encoding.Default.GetBytes(ivStr));
var isSuccess = BouncyCastleHashing.ValidatePassword(password, staff.SALT, staff.PASSWORD);
if (isSuccess)
{
//生成新密码
byte[] saltBytes = BouncyCastleHashing.CreateSalt();
var newPwd = AES256Helper.Decrypt(vo.NewPwd, Encoding.Default.GetBytes(keyStr), Encoding.Default.GetBytes(ivStr));
var encrypt = BouncyCastleHashing.EncryptionPassword(newPwd, saltBytes);
staff.SALT = Convert.ToBase64String(saltBytes);
staff.PASSWORD = encrypt;
return(new Response
{
Result = 1
});
}
else
{
return(new Response
{
Errcode = ExceptionHelper.UNKNOWN,
Errmsg = "登录密码错误!"
});
}
}
public Response ResetPwd([FromBody] PwdVo vo)
{
return(Service.UpdatePwd(vo));
}