fix: 密码强度
This commit is contained in:
parent
d52b5ad477
commit
66ed5cbc83
@ -5,15 +5,19 @@ import com.flyfish.framework.configuration.annotations.CurrentUser;
|
||||
import com.flyfish.framework.domain.UserPasswordDto;
|
||||
import com.flyfish.framework.domain.UserQo;
|
||||
import com.flyfish.framework.domain.base.IUser;
|
||||
import com.flyfish.framework.domain.po.Role;
|
||||
import com.flyfish.framework.domain.po.User;
|
||||
import com.flyfish.framework.enums.UserStatus;
|
||||
import com.flyfish.framework.service.UserService;
|
||||
import com.flyfish.framework.utils.Assert;
|
||||
import com.flyfish.framework.utils.StrengthUtils;
|
||||
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.util.Optional;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/users")
|
||||
@ -22,6 +26,28 @@ public class UserController extends BaseController<User, UserQo> {
|
||||
@Resource
|
||||
private PasswordEncoder passwordEncoder;
|
||||
|
||||
/**
|
||||
* 重置密码逻辑
|
||||
*
|
||||
* @param body 请求体
|
||||
* @param user 用户
|
||||
* @return 结果
|
||||
*/
|
||||
@PutMapping("{id}/passwords")
|
||||
public Result<Void> resetPassword(@PathVariable String id, @RequestBody User body, @CurrentUser User user) {
|
||||
Assert.hasText(body.getPassword(), "重置密码必需携带密码!");
|
||||
Assert.isTrue(Optional.ofNullable(user.getRoles()).map(roles -> roles.stream().anyMatch(Role::getAdmin))
|
||||
.orElse(false), "您没有管理员权限,无法重置密码!");
|
||||
Assert.isTrue(StrengthUtils.isValid(body.getPassword()));
|
||||
User updating = new User();
|
||||
updating.setId(id);
|
||||
updating.setStatus(UserStatus.NORMAL);
|
||||
updating.setErrorCount(0);
|
||||
updating.setPassword(passwordEncoder.encode(body.getPassword()));
|
||||
service.updateSelectiveById(updating);
|
||||
return Result.ok();
|
||||
}
|
||||
|
||||
/**
|
||||
* 修改密码逻辑
|
||||
*
|
||||
|
||||
@ -1,9 +1,11 @@
|
||||
package com.flyfish.framework.domain;
|
||||
|
||||
import com.flyfish.framework.utils.StrengthUtils;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
|
||||
import javax.validation.constraints.NotBlank;
|
||||
import javax.validation.constraints.Pattern;
|
||||
|
||||
/**
|
||||
* 修改密码dto
|
||||
@ -17,5 +19,6 @@ public class UserPasswordDto {
|
||||
private String oldPassword;
|
||||
|
||||
@NotBlank(message = "新密码不可为空!")
|
||||
@Pattern(regexp = StrengthUtils.PATTERN, message = "密码强度不够,至少应该包含数字、大小写字母、符号组合!")
|
||||
private String password;
|
||||
}
|
||||
|
||||
@ -5,6 +5,8 @@ import com.flyfish.framework.domain.po.User;
|
||||
import com.flyfish.framework.enums.UserType;
|
||||
import com.flyfish.framework.repository.UserRepository;
|
||||
import com.flyfish.framework.service.impl.BaseServiceImpl;
|
||||
import com.flyfish.framework.utils.Assert;
|
||||
import com.flyfish.framework.utils.StrengthUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.stereotype.Service;
|
||||
@ -32,6 +34,7 @@ public class UserService extends BaseServiceImpl<User> {
|
||||
@Override
|
||||
public User create(User entity) {
|
||||
if (null == entity.getId() && StringUtils.isNotBlank(entity.getPassword())) {
|
||||
Assert.isTrue(StrengthUtils.isValid(entity.getPassword()), "密码强度不够,至少应该包含数字、大小写字母、符号组合");
|
||||
entity.setPassword(passwordEncoder.encode(entity.getPassword()));
|
||||
}
|
||||
if (null == entity.getType()) {
|
||||
|
||||
@ -0,0 +1,27 @@
|
||||
package com.flyfish.framework.utils;
|
||||
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
/**
|
||||
* 密码强度工具
|
||||
*
|
||||
* @author wangyu
|
||||
*/
|
||||
public abstract class StrengthUtils {
|
||||
|
||||
public static final String PATTERN = "^(?![a-zA-z]+$)(?!\\d+$)(?![,.!?~`_+=@#$%^&*;<>':]+$)(?![a-zA-z\\d]+$)(?![a-zA-z,.!?~`_+=@#$%^&*;<>':]+$)(?![\\d,.!?~`_+=@#$%^&*;<>':]+$)[a-zA-Z\\d,.!?~`_+=@#$%^&*;<>':]{8,16}$";
|
||||
|
||||
/**
|
||||
* 此处传入密码明文判定密码可用性
|
||||
*
|
||||
* @param password 密码
|
||||
* @return 结果
|
||||
*/
|
||||
public static boolean isValid(String password) {
|
||||
return LazyHolder.validRegex.matcher(password).matches();
|
||||
}
|
||||
|
||||
private static class LazyHolder {
|
||||
private static final Pattern validRegex = Pattern.compile(PATTERN);
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user