高危漏洞：默认密码。

使用证件号后六位，不满六位，使用完整证件号，没有证件号，使用登录账号

src/main/java/com/xjrsoft/config/CommonPropertiesConfig.java

@@ -19,7 +19,7 @@ public class CommonPropertiesConfig {
 
     private String druidPassword;
 
-    private String defaultPassword;
+//    private String defaultPassword;
 
     /**
      * api域名地址

src/main/java/com/xjrsoft/module/banding/service/impl/BandingTaskServiceImpl.java

@@ -672,7 +672,12 @@ public class BandingTaskServiceImpl extends MPJBaseServiceImpl<BandingTaskMapper
                 LocalDate birthDate = getBirthDate(student.getCredentialNumber());
                 User xjrUser = new User() {{
                     setCreateDate(now);
-                    setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+//                    setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+                    String credentialNumber = student.getCredentialNumber();
+                    String lastSixDigits = credentialNumber.length() <= 6
+                            ? credentialNumber
+                            : credentialNumber.substring(credentialNumber.length() - 6);
+                    setPassword(BCrypt.hashpw(lastSixDigits, BCrypt.gensalt()));
                     setName(student.getName());
                     setUserName(student.getCredentialNumber());
                     setCredentialNumber(student.getCredentialNumber());

src/main/java/com/xjrsoft/module/liteflow/node/StudentTransferNode.java

@@ -89,10 +89,16 @@ public class StudentTransferNode extends NodeComponent {
             LocalDate birthDate = LocalDateUtil.getBirthDate(newStudent.getCredentialNumber());
             BaseClass baseClass = baseClassMapper.selectById(studentTransfer.getClassId());
             LocalDateTime now = LocalDateTime.now();
-            if(user == null){
+            if (user == null) {
                 User xjrUser = new User() {{
                     setCreateDate(now);
-                    setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+//                    setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+                    String credentialNumber = newStudent.getCredentialNumber();
+                    String lastSixDigits = credentialNumber.length() <= 6
+                            ? credentialNumber
+                            : credentialNumber.substring(credentialNumber.length() - 6);
+                    setPassword(BCrypt.hashpw(lastSixDigits, BCrypt.gensalt()));
+
                     setName(newStudent.getName());
                     setUserName(newStudent.getCredentialNumber());
                     setCredentialNumber(newStudent.getCredentialNumber());
@@ -115,10 +121,10 @@ public class StudentTransferNode extends NodeComponent {
                     setUserId(xjrUser.getId());
                     setCreateDate(now);
                     setStudentId(newStudent.getCredentialNumber());
-                    if(newStudent.getHeight() != null){
+                    if (newStudent.getHeight() != null) {
                         setHeight(newStudent.getHeight().doubleValue());
                     }
-                    if(newStudent.getWeight() != null){
+                    if (newStudent.getWeight() != null) {
                         setWeight(newStudent.getWeight().doubleValue());
                     }
                 }};
@@ -153,7 +159,7 @@ public class StudentTransferNode extends NodeComponent {
                 }};
                 familyService.save(studentFamily);
 
-            }else{
+            } else {
                 studentSchoolRollService.updateStudentClass(studentTransfer.getClassId(), user.getId());
             }
 

src/main/java/com/xjrsoft/module/liteflow/node/WfStudentRepeatStudyNode.java

@@ -56,7 +56,6 @@ public class WfStudentRepeatStudyNode extends NodeComponent {
     @Autowired
     private IBaseStudentSchoolRollService schoolRollService;
 
-
     @Override
     public void process() throws Exception {
         // 获取表单中数据编号

src/main/java/com/xjrsoft/module/organization/controller/UserController.java

@@ -600,9 +600,16 @@ public class UserController {
         if (!BCrypt.checkpw(dto.getOldPassword(), user.getPassword())) {
             return RT.error("当前密码填写错误！");
         }
+
+        // 新密码与原密码应该不一致
+        if (BCrypt.checkpw(dto.getNewPassword(), user.getPassword())) {
+            return RT.error("新密码和旧密码不能相同！");
+        }
+
         if (!StrUtil.equals(dto.getNewPassword(), dto.getConfirmPassword())) {
             return RT.error("2次密码输入不一致！");
         }
+
         return RT.ok(userService.updatePassword(dto));
     }
 
@@ -613,9 +620,18 @@ public class UserController {
         if (!OrganizationUtil.validatePassword(dto.getNewPassword())) {
             return RT.error("密码必须包含大写字母、小写字母、数字和特殊字符，长度8~16位");
         }
+
+        User user = userService.getById(StpUtil.getLoginIdAsLong());
+
+        // 新密码与原密码应该不一致
+        if (BCrypt.checkpw(dto.getNewPassword(), user.getPassword())) {
+            return RT.error("新密码和旧密码不能相同！");
+        }
+
         if (!StrUtil.equals(dto.getNewPassword(), dto.getConfirmPassword())) {
             return RT.error("2次密码输入不一致！");
         }
+
         UpdatePasswordDto pd = BeanUtil.toBean(dto, UpdatePasswordDto.class);
         return RT.ok(userService.updatePassword(pd));
     }

src/main/java/com/xjrsoft/module/organization/service/impl/UserServiceImpl.java

@@ -43,13 +43,12 @@ import com.xjrsoft.module.organization.service.IUserDeptRelationService;
 import com.xjrsoft.module.organization.service.IUserService;
 import com.xjrsoft.module.organization.vo.*;
 import lombok.AllArgsConstructor;
+import org.apache.commons.lang3.ObjectUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Objects;
+import java.util.*;
 import java.util.concurrent.CompletableFuture;
 import java.util.stream.Collectors;
 
@@ -251,9 +250,26 @@ public class UserServiceImpl extends MPJBaseServiceImpl<UserMapper, User> implem
 
     @Override
     public boolean resetPassword(ResetPasswordDto dto) {
+        User oldUser = this.getById(StpUtil.getLoginIdAsLong());
+        if (ObjectUtils.isEmpty(oldUser)) {
+            throw new MyException("用户信息发生改变，刷新重试");
+        }
+
+        if (StringUtils.isEmpty(oldUser.getCredentialNumber())) {
+            throw new MyException("重置密码错误，" + oldUser.getName() + "证件号不存在，请联系管理员在用户信息维护");
+        }
+
         User user = new User();
         user.setId(dto.getId());
-        user.setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+
+//        user.setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+        // 将密码重置为用户身份证后六位
+        String credentialNumber = oldUser.getCredentialNumber();
+        String lastSixDigits = credentialNumber.length() <= 6
+                ? credentialNumber
+                : credentialNumber.substring(credentialNumber.length() - 6);
+        user.setPassword(BCrypt.hashpw(lastSixDigits, BCrypt.gensalt()));
+
         user.setIsChangePassword(1);
 
         CompletableFuture.runAsync(() -> {
@@ -266,10 +282,31 @@ public class UserServiceImpl extends MPJBaseServiceImpl<UserMapper, User> implem
 
     @Override
     public boolean batchResetPassword(List<Long> ids) {
+        List<User> oldUsers = this.listByIds(ids);
+
+        Map<Long, User> userMap = oldUsers.stream()
+                .collect(Collectors.toMap(User::getId, u -> u, (u1, u2) -> u1));
+
         for (Long id : ids) {
+            User oldUser = userMap.get(id);
+
+            if (ObjectUtils.isEmpty(oldUser)) {
+                throw new MyException("其中有用户信息发生改变，刷新重试");
+            }
+
+            if (StringUtils.isEmpty(oldUser.getCredentialNumber())) {
+                throw new MyException("重置密码错误，" + oldUser.getName() + "证件号不存在，请联系管理员在用户信息维护");
+            }
+
             User user = new User();
             user.setId(id);
-            user.setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+//            user.setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+            // 将密码重置为用户身份证后六位
+            String credentialNumber = oldUser.getCredentialNumber();
+            String lastSixDigits = credentialNumber.length() <= 6
+                    ? credentialNumber
+                    : credentialNumber.substring(credentialNumber.length() - 6);
+            user.setPassword(BCrypt.hashpw(lastSixDigits, BCrypt.gensalt()));
             user.setIsChangePassword(1);
 
             CompletableFuture.runAsync(() -> {
@@ -359,10 +396,10 @@ public class UserServiceImpl extends MPJBaseServiceImpl<UserMapper, User> implem
 //    public boolean unbindOpenid(Long id) {
     public boolean unbindOpenid(UnbindOpenidDto dto) {
         // 验证手机验证码
-        if(StrUtil.isNotEmpty(dto.getMobile())){
+        if (StrUtil.isNotEmpty(dto.getMobile())) {
             boolean verifyResult = smsCtcc.captchaVerify(dto.getMobile(), dto.getCode());
 
-            if(!verifyResult){
+            if (!verifyResult) {
                 throw new MyException("验证码错误");
             }
         }

src/main/java/com/xjrsoft/module/student/controller/BaseNewStudentController.java

@@ -309,7 +309,8 @@ public class BaseNewStudentController {
                     setIsChangePassword(1);
                     setDeleteMark(0);
                     setEnabledMark(1);
-                    setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+//                    setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+                    setPassword(BCrypt.hashpw(dto.getParentMobile(), BCrypt.gensalt()));
                     setMobile(dto.getParentMobile());
                 }};
                 userService.save(parentUser);

src/main/java/com/xjrsoft/module/student/service/impl/BaseStudentServiceImpl.java

@@ -134,7 +134,11 @@ public class BaseStudentServiceImpl extends MPJBaseServiceImpl<BaseStudentMapper
                 setMobile(mobile);
                 setCredentialNumber(credentialNumber);
                 setCredentialType("ZZLS10007");
-                setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+//                setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+                String lastSixDigits = credentialNumber.length() <= 6
+                        ? credentialNumber
+                        : credentialNumber.substring(credentialNumber.length() - 6);
+                setPassword(BCrypt.hashpw(lastSixDigits, BCrypt.gensalt()));
                 setGender(GenderDictionaryEnum.getCode(gender));
                 setIsChangePassword(1);
             }};

src/main/java/com/xjrsoft/module/student/service/impl/StudentManagerServiceImpl.java

@@ -122,7 +122,17 @@ public class StudentManagerServiceImpl extends MPJBaseServiceImpl<BaseStudentUse
         baseStudentUser.setCode(dto.getUserName());
 
         // 用户身份证后6位作为默认密码
-        baseStudentUser.setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+//        baseStudentUser.setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+        String credentialNumber = baseStudentUser.getCredentialNumber();
+        if (StringUtils.isEmpty(credentialNumber)) {
+            throw new MyException(baseStudentUser.getName() + "证件号为空,请填写后提交");
+        }
+
+        String lastSixDigits = credentialNumber.length() <= 6
+                ? credentialNumber
+                : credentialNumber.substring(credentialNumber.length() - 6);
+        baseStudentUser.setPassword(BCrypt.hashpw(lastSixDigits, BCrypt.gensalt()));
+
         baseStudentUserMapper.insert(baseStudentUser);
         for (BaseStudent baseStudent : baseStudentUser.getBaseStudentList()) {
 

src/main/java/com/xjrsoft/module/student/service/impl/StudentReportRecordServiceImpl.java

@@ -64,6 +64,7 @@ import com.xjrsoft.module.student.vo.StudentReportRecordPlanPageVo;
 import com.xjrsoft.module.student.vo.StudentReportRecordStatisticsListVo;
 import com.xjrsoft.module.student.vo.StudentReportRecordStatisticsVo;
 import lombok.AllArgsConstructor;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -403,7 +404,17 @@ public class StudentReportRecordServiceImpl extends MPJBaseServiceImpl<StudentRe
                 LocalDate birthDate = getBirthDate(student.getCredentialNumber());
                 User xjrUser = new User() {{
                     setCreateDate(now);
-                    setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+//                    setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+
+                    if (StringUtils.isEmpty(student.getCredentialNumber())) {
+                        throw new MyException(student.getName() + "证件号为空,请填写后提交");
+                    }
+                    String credentialNumber = student.getCredentialNumber();
+                    String lastSixDigits = credentialNumber.length() <= 6 
+    ? credentialNumber 
+    : credentialNumber.substring(credentialNumber.length() - 6);
+                    setPassword(BCrypt.hashpw(lastSixDigits, BCrypt.gensalt()));
+
                     setName(student.getName());
                     setUserName(student.getCredentialNumber());
                     setCredentialNumber(student.getCredentialNumber());

src/main/java/com/xjrsoft/module/system/service/impl/LoginServiceImpl.java

@@ -251,8 +251,12 @@ public class LoginServiceImpl implements ILoginService {
             user.setName("游客");
             user.setUserName(getUserName());
             user.setCode(getUserName());
+
             //密码加密加盐存储到数据库
-            user.setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+//            user.setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+            // 游客密码和账号相同
+            user.setPassword(BCrypt.hashpw(user.getUserName(), BCrypt.gensalt()));
+
             userService.save(user);
             //给用户增加游客角色
             UserRoleRelation userRoleRelation = new UserRoleRelation();

src/main/java/com/xjrsoft/module/teacher/service/impl/TeacherbaseManagerServiceImpl.java

@@ -178,12 +178,21 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
     @Override
     @Transactional(rollbackFor = Exception.class)
     public Boolean add(AddXjrUserDto dto) {
-
         XjrUser xjrUser = BeanUtil.toBean(dto, XjrUser.class);
         xjrUser.setCode(dto.getUserName());
 
+        if (StringUtils.isEmpty(xjrUser.getCredentialNumber())) {
+            throw new MyException(xjrUser.getName() + "证件号为空,请填写后提交");
+        }
+
         // 使用系统配置的默认密码
-        xjrUser.setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+//        xjrUser.setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+        String credentialNumber = xjrUser.getCredentialNumber();
+        String lastSixDigits = credentialNumber.length() <= 6
+                ? credentialNumber
+                : credentialNumber.substring(credentialNumber.length() - 6);
+        xjrUser.setPassword(BCrypt.hashpw(lastSixDigits, BCrypt.gensalt()));
+
         teacherbaseManagerXjrUserMapper.insert(xjrUser);
         for (BaseTeacher baseTeacher : xjrUser.getBaseTeacherList()) {
 
@@ -726,12 +735,12 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
         for (Map<Integer, Object> rowData : excelDataList) {
             boolean isEmpty = false;
             for (Integer i : rowData.keySet()) {
-                if(rowData.get(i) == null){
+                if (rowData.get(i) == null) {
                     errorList.add(rowData);
                     isEmpty = true;
                 }
             }
-            if(isEmpty){
+            if (isEmpty) {
                 continue;
             }
 
@@ -748,16 +757,16 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
 
                 BaseTeacher teacher = teacherMap.get(user.getId());
                 teacher.setEmployType(dictionaryMap.get(2023000000000000016L).get(rowData.get(6).toString()));
-                if(rowData.get(9) != null && StrUtil.isNotEmpty(rowData.get(9).toString())){
+                if (rowData.get(9) != null && StrUtil.isNotEmpty(rowData.get(9).toString())) {
                     teacher.setJobState(dictionaryMap.get(2023000000000000005L).get(rowData.get(9).toString()));
                 }
-                if(rowData.get(10) != null && StrUtil.isNotEmpty(rowData.get(10).toString())){
+                if (rowData.get(10) != null && StrUtil.isNotEmpty(rowData.get(10).toString())) {
                     teacher.setJoinTime(sdf.parse(rowData.get(10).toString()));
                 }
 
                 updateTeacherList.add(teacher);
 
-                if(rowData.get(11) != null && StrUtil.isNotEmpty(rowData.get(11).toString())){
+                if (rowData.get(11) != null && StrUtil.isNotEmpty(rowData.get(11).toString())) {
                     BaseTeacherRegular teacherRegular = regularMap.get(user.getId());
                     JSONArray teachingStatus = teacherRegular.getTeachingStatus();
                     teachingStatus.add(dictionaryMap.get(2023000000000000020L).get(rowData.get(11).toString()));
@@ -786,7 +795,12 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
             }
             User user = new User();
             user.setUserName(rowData.get(0).toString());
-            user.setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+//            user.setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+            String lastSixDigits = credentialNumber.length() <= 6
+                    ? credentialNumber
+                    : credentialNumber.substring(credentialNumber.length() - 6);
+            user.setPassword(BCrypt.hashpw(lastSixDigits, BCrypt.gensalt()));
+
             user.setIsChangePassword(1);
             user.setName(rowData.get(1).toString());
             user.setGender(GenderDictionaryEnum.getCode(rowData.get(2).toString()));
@@ -800,17 +814,17 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
             teacher.setEmployType(dictionaryMap.get(2023000000000000016L).get(rowData.get(6).toString()));
             teacher.setUserId(user.getId());
             teacher.setCreateDate(LocalDateTime.now());
-            if(rowData.get(9) != null && StrUtil.isNotEmpty(rowData.get(9).toString())){
+            if (rowData.get(9) != null && StrUtil.isNotEmpty(rowData.get(9).toString())) {
                 teacher.setJobState(dictionaryMap.get(2023000000000000005L).get(rowData.get(9).toString()));
             }
 
-            if(rowData.get(10) != null && StrUtil.isNotEmpty(rowData.get(10).toString())){
+            if (rowData.get(10) != null && StrUtil.isNotEmpty(rowData.get(10).toString())) {
                 teacher.setJoinTime(sdf.parse(rowData.get(10).toString()));
             }
 
             teacherMapper.insert(teacher);
 
-            if(rowData.get(11) != null && StrUtil.isNotEmpty(rowData.get(11).toString())){
+            if (rowData.get(11) != null && StrUtil.isNotEmpty(rowData.get(11).toString())) {
                 BaseTeacherRegular teacherRegular = new BaseTeacherRegular();
                 JSONArray teachingStatus = new JSONArray();
                 teachingStatus.add(dictionaryMap.get(2023000000000000020L).get(rowData.get(11).toString()));
@@ -1066,37 +1080,37 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
             ProfessionalTitle insertOrUpdate = new ProfessionalTitle();
             BeanUtils.copyProperties(vo, insertOrUpdate);
             // 处理时间字符串
-            if(ObjectUtils.isNotEmpty(vo.getGetDate())){
+            if (ObjectUtils.isNotEmpty(vo.getGetDate())) {
                 Instant instant = vo.getGetDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
                 insertOrUpdate.setGetDate(instant.atZone(ZoneId.systemDefault()).toLocalDate());
             }
-            if(ObjectUtils.isNotEmpty(vo.getBeHonoredDate())){
+            if (ObjectUtils.isNotEmpty(vo.getBeHonoredDate())) {
                 Instant instant = vo.getBeHonoredDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
                 insertOrUpdate.setBeHonoredDate(instant.atZone(ZoneId.systemDefault()).toLocalDate());
             }
-            if(ObjectUtils.isNotEmpty(vo.getIssuanceDate())){
+            if (ObjectUtils.isNotEmpty(vo.getIssuanceDate())) {
                 Instant instant = vo.getIssuanceDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
                 insertOrUpdate.setIssuanceDate(instant.atZone(ZoneId.systemDefault()).toLocalDate());
             }
-            if(ObjectUtils.isNotEmpty(vo.getQualificationStartDate())){
+            if (ObjectUtils.isNotEmpty(vo.getQualificationStartDate())) {
                 Instant instant = vo.getQualificationStartDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
                 insertOrUpdate.setQualificationStartDate(instant.atZone(ZoneId.systemDefault()).toLocalDate());
             }
-            if(ObjectUtils.isNotEmpty(vo.getQualificationEndDate())){
+            if (ObjectUtils.isNotEmpty(vo.getQualificationEndDate())) {
                 Instant instant = vo.getQualificationEndDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
                 insertOrUpdate.setQualificationEndDate(instant.atZone(ZoneId.systemDefault()).toLocalDate());
             }
-            if(ObjectUtils.isNotEmpty(vo.getNoticeDate())){
+            if (ObjectUtils.isNotEmpty(vo.getNoticeDate())) {
                 Instant instant = vo.getNoticeDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
@@ -1188,7 +1202,7 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
             TeacherCertification insertOrUpdate = new TeacherCertification();
             BeanUtils.copyProperties(vo, insertOrUpdate);
             // 处理时间字符串
-            if(ObjectUtils.isNotEmpty(vo.getIssuanceDate())){
+            if (ObjectUtils.isNotEmpty(vo.getIssuanceDate())) {
                 Instant instant = vo.getIssuanceDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
@@ -1278,14 +1292,14 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
             EvaluatorInformation insertOrUpdate = new EvaluatorInformation();
             BeanUtils.copyProperties(vo, insertOrUpdate);
             // 处理时间字符串
-            if(ObjectUtils.isNotEmpty(vo.getIssuanceDate())){
+            if (ObjectUtils.isNotEmpty(vo.getIssuanceDate())) {
                 Instant instant = vo.getIssuanceDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
                 insertOrUpdate.setIssuanceDate(instant.atZone(ZoneId.systemDefault()).toLocalDate());
             }
             // 处理时间字符串
-            if(ObjectUtils.isNotEmpty(vo.getValidity())){
+            if (ObjectUtils.isNotEmpty(vo.getValidity())) {
                 Instant instant = vo.getValidity().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
@@ -1375,7 +1389,7 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
             LanguageCompetence insertOrUpdate = new LanguageCompetence();
             BeanUtils.copyProperties(vo, insertOrUpdate);
             // 处理时间字符串
-            if(ObjectUtils.isNotEmpty(vo.getIssuanceDate())){
+            if (ObjectUtils.isNotEmpty(vo.getIssuanceDate())) {
                 Instant instant = vo.getIssuanceDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
@@ -1472,7 +1486,7 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
             BeanUtils.copyProperties(vo, insertOrUpdate);
             insertOrUpdate.setStartDate(startDate);
             // 处理时间字符串
-            if(ObjectUtils.isNotEmpty(vo.getEndDate())){
+            if (ObjectUtils.isNotEmpty(vo.getEndDate())) {
                 Instant endDateInstant = vo.getEndDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
@@ -1562,14 +1576,14 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
             OutsideAssociations insertOrUpdate = new OutsideAssociations();
             BeanUtils.copyProperties(vo, insertOrUpdate);
             // 处理时间字符串
-            if(ObjectUtils.isNotEmpty(vo.getJoinDate())){
+            if (ObjectUtils.isNotEmpty(vo.getJoinDate())) {
                 Instant instant = vo.getJoinDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
                 insertOrUpdate.setJoinDate(instant.atZone(ZoneId.systemDefault()).toLocalDate());
             }
 
-            if(ObjectUtils.isNotEmpty(vo.getExitDate())){
+            if (ObjectUtils.isNotEmpty(vo.getExitDate())) {
                 Instant instant = vo.getExitDate().toInstant();
                 insertOrUpdate.setExitDate(instant.atZone(ZoneId.systemDefault()).toLocalDate());
             }
@@ -1657,7 +1671,7 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
             CoreTeacher insertOrUpdate = new CoreTeacher();
             BeanUtils.copyProperties(vo, insertOrUpdate);
             // 处理时间字符串
-            if(ObjectUtils.isNotEmpty(vo.getIssuanceDate())){
+            if (ObjectUtils.isNotEmpty(vo.getIssuanceDate())) {
                 Instant instant = vo.getIssuanceDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
@@ -1746,7 +1760,7 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
             ScientificResearch insertOrUpdate = new ScientificResearch();
             BeanUtils.copyProperties(vo, insertOrUpdate);
             // 处理时间字符串
-            if(ObjectUtils.isNotEmpty(vo.getIssuanceDate())){
+            if (ObjectUtils.isNotEmpty(vo.getIssuanceDate())) {
                 Instant instant = vo.getIssuanceDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate
@@ -1837,7 +1851,7 @@ public class TeacherbaseManagerServiceImpl extends MPJBaseServiceImpl<XjrUserMap
             JobInformation insertOrUpdate = new JobInformation();
             BeanUtils.copyProperties(vo, insertOrUpdate);
             // 处理时间字符串
-            if(ObjectUtils.isNotEmpty(vo.getEmployDate())){
+            if (ObjectUtils.isNotEmpty(vo.getEmployDate())) {
                 Instant instant = vo.getEmployDate().toInstant();
 
                 // 使用系统默认时区将 Instant 转换为 LocalDate

src/main/resources/application-prod.yml

@@ -55,7 +55,7 @@ xjrsoft:
   common:
     druid-account: admin # druid 监控账户
     druid-password: admin # druid 监控密码
-    default-password: "Aa123456." #默认密码（用户重置密码后为该密码）
+#    default-password: "Aa123456." #默认密码（用户重置密码后为该密码）
     domain-api: https://zhxy.cqtlzjzx.com/api #api域名地址
     domain-app: https://zhxy.cqtlzjzx.com/app/# #app域名地址
     domain-web: https://zhxy.cqtlzjzx.com #web域名地址

src/test/java/com/xjrsoft/module/liteflow/node/StudentTransferNodeTest.java

@@ -80,7 +80,12 @@ class StudentTransferNodeTest {
             if(user == null){
                 User xjrUser = new User() {{
                     setCreateDate(LocalDateTime.now());
-                    setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+//                    setPassword(BCrypt.hashpw(propertiesConfig.getDefaultPassword(), BCrypt.gensalt()));
+                    String credentialNumber = newStudent.getCredentialNumber();
+                    String lastSixDigits = credentialNumber.length() <= 6
+                            ? credentialNumber
+                            : credentialNumber.substring(credentialNumber.length() - 6);
+                    setPassword(BCrypt.hashpw(lastSixDigits, BCrypt.gensalt()));
                     setName(newStudent.getName());
                     setUserName(newStudent.getCredentialNumber());
                     setCredentialNumber(newStudent.getCredentialNumber());