bugfix

starlying · starlying · commit d4f3d1422483 · 2025-07-10T09:34:18.000+08:00
diff --git a/src/SSCMS.Core/Repositories/UserRepository.cs b/src/SSCMS.Core/Repositories/UserRepository.cs
@@ -136,8 +136,7 @@ IDepartmentRepository departmentRepository
                 return (null, errorMessage);
             }
 
-            var passwordSalt = GenerateSalt();
-            password = EncodePassword(password, PasswordFormat.SM4, passwordSalt);
+            password = EncodePassword(password, PasswordFormat.SM4, out var passwordSalt);
             user.LastActivityDate = DateTime.Now;
             user.LastResetPasswordDate = DateTime.Now;
 
@@ -155,8 +154,7 @@ public async Task<int> InsertWithoutValidationAsync(User user, string password)
                 user.Mobile = user.UserName;
             }
 
-            var passwordSalt = GenerateSalt();
-            password = EncodePassword(password, PasswordFormat.SM4, passwordSalt);
+            password = EncodePassword(password, PasswordFormat.SM4, out var passwordSalt);
             user.LastActivityDate = DateTime.Now;
             user.LastResetPasswordDate = DateTime.Now;
 
@@ -263,16 +261,19 @@ await _repository.UpdateAsync(Q
             );
         }
 
-        private static string EncodePassword(string password, PasswordFormat passwordFormat, string passwordSalt)
+        private static string EncodePassword(string password, PasswordFormat passwordFormat, out string passwordSalt)
         {
             var retVal = string.Empty;
+            passwordSalt = string.Empty;
 
             if (passwordFormat == PasswordFormat.Clear)
             {
                 retVal = password;
             }
             else if (passwordFormat == PasswordFormat.Hashed)
             {
+                passwordSalt = GenerateSalt();
+
                 var src = Encoding.Unicode.GetBytes(password);
                 var buffer2 = Convert.FromBase64String(passwordSalt);
                 var dst = new byte[buffer2.Length + src.Length];
@@ -341,8 +342,7 @@ private static string GenerateSalt()
                 return (false, $"密码不符合规则，请包含{config.UserPasswordRestriction.GetDisplayName()}");
             }
 
-            var passwordSalt = GenerateSalt();
-            password = EncodePassword(password, PasswordFormat.SM4, passwordSalt);
+            password = EncodePassword(password, PasswordFormat.SM4, out var passwordSalt);
             await ChangePasswordAsync(userId, PasswordFormat.SM4, passwordSalt, password);
             return (true, string.Empty);
         }

Original file line number	Diff line number	Diff line change
`@@ -136,8 +136,7 @@ IDepartmentRepository departmentRepository`
`136`	`136`	`return (null, errorMessage);`
`137`	`137`	`}`
`138`	`138`
`139`		`- var passwordSalt = GenerateSalt();`
`140`		`- password = EncodePassword(password, PasswordFormat.SM4, passwordSalt);`
	`139`	`+ password = EncodePassword(password, PasswordFormat.SM4, out var passwordSalt);`
`141`	`140`	`user.LastActivityDate = DateTime.Now;`
`142`	`141`	`user.LastResetPasswordDate = DateTime.Now;`
`143`	`142`
`@@ -155,8 +154,7 @@ public async Task<int> InsertWithoutValidationAsync(User user, string password)`
`155`	`154`	`user.Mobile = user.UserName;`
`156`	`155`	`}`
`157`	`156`
`158`		`- var passwordSalt = GenerateSalt();`
`159`		`- password = EncodePassword(password, PasswordFormat.SM4, passwordSalt);`
	`157`	`+ password = EncodePassword(password, PasswordFormat.SM4, out var passwordSalt);`
`160`	`158`	`user.LastActivityDate = DateTime.Now;`
`161`	`159`	`user.LastResetPasswordDate = DateTime.Now;`
`162`	`160`
`@@ -263,16 +261,19 @@ await _repository.UpdateAsync(Q`
`263`	`261`	`);`
`264`	`262`	`}`
`265`	`263`
`266`		`- private static string EncodePassword(string password, PasswordFormat passwordFormat, string passwordSalt)`
	`264`	`+ private static string EncodePassword(string password, PasswordFormat passwordFormat, out string passwordSalt)`
`267`	`265`	`{`
`268`	`266`	`var retVal = string.Empty;`
	`267`	`+ passwordSalt = string.Empty;`
`269`	`268`
`270`	`269`	`if (passwordFormat == PasswordFormat.Clear)`
`271`	`270`	`{`
`272`	`271`	`retVal = password;`
`273`	`272`	`}`
`274`	`273`	`else if (passwordFormat == PasswordFormat.Hashed)`
`275`	`274`	`{`
	`275`	`+ passwordSalt = GenerateSalt();`
	`276`	`+`
`276`	`277`	`var src = Encoding.Unicode.GetBytes(password);`
`277`	`278`	`var buffer2 = Convert.FromBase64String(passwordSalt);`
`278`	`279`	`var dst = new byte[buffer2.Length + src.Length];`
`@@ -341,8 +342,7 @@ private static string GenerateSalt()`
`341`	`342`	`return (false, $"密码不符合规则，请包含{config.UserPasswordRestriction.GetDisplayName()}");`
`342`	`343`	`}`
`343`	`344`
`344`		`- var passwordSalt = GenerateSalt();`
`345`		`- password = EncodePassword(password, PasswordFormat.SM4, passwordSalt);`
	`345`	`+ password = EncodePassword(password, PasswordFormat.SM4, out var passwordSalt);`
`346`	`346`	`await ChangePasswordAsync(userId, PasswordFormat.SM4, passwordSalt, password);`
`347`	`347`	`return (true, string.Empty);`
`348`	`348`	`}`