public Response UpdatePwd(PwdVo vo) { ESSChannelStaff staff = StaffService.QueryStaffById(Convert.ToInt32(vo.UserId)); if (staff == null) { throw new Exception("用户不存在!"); } //反转字符串 var array = vo.Noncestr.ToCharArray(); Array.Reverse(array); var key = new string(array); // md5加密 var md5 = new MD5CryptoServiceProvider(); byte[] output1 = md5.ComputeHash(Encoding.Default.GetBytes(key)); var keyStr = BitConverter.ToString(output1).Replace("-", "").ToLower(); var ivChar = keyStr.ToCharArray(); Array.Reverse(ivChar); var iv = new string(ivChar); byte[] output2 = md5.ComputeHash(Encoding.Default.GetBytes(iv)); var ivStr = BitConverter.ToString(output2).Replace("-", "").ToLower().Substring(0, 16); //密码解密 var password = AES256Helper.Decrypt(vo.Pwd, Encoding.Default.GetBytes(keyStr), Encoding.Default.GetBytes(ivStr)); var isSuccess = BouncyCastleHashing.ValidatePassword(password, staff.SALT, staff.PASSWORD); if (isSuccess) { //生成新密码 byte[] saltBytes = BouncyCastleHashing.CreateSalt(); var newPwd = AES256Helper.Decrypt(vo.NewPwd, Encoding.Default.GetBytes(keyStr), Encoding.Default.GetBytes(ivStr)); var encrypt = BouncyCastleHashing.EncryptionPassword(newPwd, saltBytes); staff.SALT = Convert.ToBase64String(saltBytes); staff.PASSWORD = encrypt; return(new Response { Result = 1 }); } else { return(new Response { Errcode = ExceptionHelper.UNKNOWN, Errmsg = "登录密码错误!" }); } }
public Response ResetPwd([FromBody] PwdVo vo) { return(Service.UpdatePwd(vo)); }