Method implementation based on SpringBoot password retrieval (picture and text)

The content of this article is about the implementation of the SpringBoot password retrieval method (pictures and texts). It has certain reference value. Friends in need can refer to it. I hope it will be helpful to you.

I am working on my own project recently, and one of the functions that everyone knows is to retrieve passwords. I’ll share my approach here, because there are so many pitfalls in the process. So record it.

Used technologies: SpringBoot1.5.6, JPA, SpringSecurity4, MySQL, BootStrap, etc. . .

Password retrieval flow chart:

First of all, let me introduce to you the basic principles of password retrieval:

Next, let’s implement it according to the flow chart. The first step is to click to jump to the password retrieval interface: I use this method. You can feel free to

The password retrieval interface is:

Step 2: Determine whether the entered account is valid

The following is the generated URL link if it exists:

backPassword:

Step 3: Judgment Whether the account exists in the reset table. The reset table is a table that saves URLs (expiration time, sid, account information, etc.)

The purpose of this is: if the data exists and is not deleted, the next time you retrieve the password, 2 data with the same account but different sid will be generated, like this The disadvantage is: I don’t know which URL to return when sending an email, because there are 2 URLs

Step 4: Send the email

Let’s look at it first The following effect:

#The next step is the important part: how to handle the verification link. First we can see that /user/reset_password is a request followed by its parameters, so remember !

We need to write a request, the route is /user/reset_password, and at the same time, we need to allow the request in SpringSecurity. The verification process is as follows: first, compare the sid and userName (that is, the email address) passed from the request with the sid and account in the database, and also compare whether the time is within the validity period of 30 minutes. If these are satisfied It returns true, otherwise false. It should be noted that there is a replacement here where spaces are replaced with numbers. This is because the numbers are automatically converted to spaces when the HTML is passed to the backend. If it is not replaced with numbers, it will always prompt verification failure! ! ! Once true is returned, it means that the verification URL has passed, and it will jump to the password reset interface:

Note: I have no verification here For optimization, there should not be so many if else nests

Release the request route: if not, click the link and it will jump to the login interface

Jump to the reset page. If the passwords we enter twice are inconsistent, the following prompt will appear. I used JS to do the verification:

Of course, for the sake of rigor, we also perform two password verifications in the background. If the inputs are consistent, the information will be updated. If they are inconsistent, an error will be returned.

There is nothing here, just pay attention to using MD5 salt to encrypt the password before saving it to the database, and then save it. Let’s take a look at the effect of entering the correct password twice: the page prompts that the modification is successful and no error is reported in the background. At this time Use the new password to log in

The above is the detailed content of Method implementation based on SpringBoot password retrieval (picture and text). For more information, please follow other related articles on the PHP Chinese website!