fix: 密码强度
This commit is contained in:
parent
d52b5ad477
commit
66ed5cbc83
|
@ -5,15 +5,19 @@ import com.flyfish.framework.configuration.annotations.CurrentUser;
|
||||||
import com.flyfish.framework.domain.UserPasswordDto;
|
import com.flyfish.framework.domain.UserPasswordDto;
|
||||||
import com.flyfish.framework.domain.UserQo;
|
import com.flyfish.framework.domain.UserQo;
|
||||||
import com.flyfish.framework.domain.base.IUser;
|
import com.flyfish.framework.domain.base.IUser;
|
||||||
|
import com.flyfish.framework.domain.po.Role;
|
||||||
import com.flyfish.framework.domain.po.User;
|
import com.flyfish.framework.domain.po.User;
|
||||||
|
import com.flyfish.framework.enums.UserStatus;
|
||||||
import com.flyfish.framework.service.UserService;
|
import com.flyfish.framework.service.UserService;
|
||||||
import com.flyfish.framework.utils.Assert;
|
import com.flyfish.framework.utils.Assert;
|
||||||
|
import com.flyfish.framework.utils.StrengthUtils;
|
||||||
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
|
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import reactor.core.publisher.Mono;
|
import reactor.core.publisher.Mono;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
import java.util.Optional;
|
||||||
|
|
||||||
@RestController
|
@RestController
|
||||||
@RequestMapping("/users")
|
@RequestMapping("/users")
|
||||||
|
@ -22,6 +26,28 @@ public class UserController extends BaseController<User, UserQo> {
|
||||||
@Resource
|
@Resource
|
||||||
private PasswordEncoder passwordEncoder;
|
private PasswordEncoder passwordEncoder;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 重置密码逻辑
|
||||||
|
*
|
||||||
|
* @param body 请求体
|
||||||
|
* @param user 用户
|
||||||
|
* @return 结果
|
||||||
|
*/
|
||||||
|
@PutMapping("{id}/passwords")
|
||||||
|
public Result<Void> resetPassword(@PathVariable String id, @RequestBody User body, @CurrentUser User user) {
|
||||||
|
Assert.hasText(body.getPassword(), "重置密码必需携带密码!");
|
||||||
|
Assert.isTrue(Optional.ofNullable(user.getRoles()).map(roles -> roles.stream().anyMatch(Role::getAdmin))
|
||||||
|
.orElse(false), "您没有管理员权限,无法重置密码!");
|
||||||
|
Assert.isTrue(StrengthUtils.isValid(body.getPassword()));
|
||||||
|
User updating = new User();
|
||||||
|
updating.setId(id);
|
||||||
|
updating.setStatus(UserStatus.NORMAL);
|
||||||
|
updating.setErrorCount(0);
|
||||||
|
updating.setPassword(passwordEncoder.encode(body.getPassword()));
|
||||||
|
service.updateSelectiveById(updating);
|
||||||
|
return Result.ok();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 修改密码逻辑
|
* 修改密码逻辑
|
||||||
*
|
*
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
package com.flyfish.framework.domain;
|
package com.flyfish.framework.domain;
|
||||||
|
|
||||||
|
import com.flyfish.framework.utils.StrengthUtils;
|
||||||
import lombok.Getter;
|
import lombok.Getter;
|
||||||
import lombok.Setter;
|
import lombok.Setter;
|
||||||
|
|
||||||
import javax.validation.constraints.NotBlank;
|
import javax.validation.constraints.NotBlank;
|
||||||
|
import javax.validation.constraints.Pattern;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 修改密码dto
|
* 修改密码dto
|
||||||
|
@ -17,5 +19,6 @@ public class UserPasswordDto {
|
||||||
private String oldPassword;
|
private String oldPassword;
|
||||||
|
|
||||||
@NotBlank(message = "新密码不可为空!")
|
@NotBlank(message = "新密码不可为空!")
|
||||||
|
@Pattern(regexp = StrengthUtils.PATTERN, message = "密码强度不够,至少应该包含数字、大小写字母、符号组合!")
|
||||||
private String password;
|
private String password;
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,8 @@ import com.flyfish.framework.domain.po.User;
|
||||||
import com.flyfish.framework.enums.UserType;
|
import com.flyfish.framework.enums.UserType;
|
||||||
import com.flyfish.framework.repository.UserRepository;
|
import com.flyfish.framework.repository.UserRepository;
|
||||||
import com.flyfish.framework.service.impl.BaseServiceImpl;
|
import com.flyfish.framework.service.impl.BaseServiceImpl;
|
||||||
|
import com.flyfish.framework.utils.Assert;
|
||||||
|
import com.flyfish.framework.utils.StrengthUtils;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
@ -32,6 +34,7 @@ public class UserService extends BaseServiceImpl<User> {
|
||||||
@Override
|
@Override
|
||||||
public User create(User entity) {
|
public User create(User entity) {
|
||||||
if (null == entity.getId() && StringUtils.isNotBlank(entity.getPassword())) {
|
if (null == entity.getId() && StringUtils.isNotBlank(entity.getPassword())) {
|
||||||
|
Assert.isTrue(StrengthUtils.isValid(entity.getPassword()), "密码强度不够,至少应该包含数字、大小写字母、符号组合");
|
||||||
entity.setPassword(passwordEncoder.encode(entity.getPassword()));
|
entity.setPassword(passwordEncoder.encode(entity.getPassword()));
|
||||||
}
|
}
|
||||||
if (null == entity.getType()) {
|
if (null == entity.getType()) {
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
package com.flyfish.framework.utils;
|
||||||
|
|
||||||
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 密码强度工具
|
||||||
|
*
|
||||||
|
* @author wangyu
|
||||||
|
*/
|
||||||
|
public abstract class StrengthUtils {
|
||||||
|
|
||||||
|
public static final String PATTERN = "^(?![a-zA-z]+$)(?!\\d+$)(?![,.!?~`_+=@#$%^&*;<>':]+$)(?![a-zA-z\\d]+$)(?![a-zA-z,.!?~`_+=@#$%^&*;<>':]+$)(?![\\d,.!?~`_+=@#$%^&*;<>':]+$)[a-zA-Z\\d,.!?~`_+=@#$%^&*;<>':]{8,16}$";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 此处传入密码明文判定密码可用性
|
||||||
|
*
|
||||||
|
* @param password 密码
|
||||||
|
* @return 结果
|
||||||
|
*/
|
||||||
|
public static boolean isValid(String password) {
|
||||||
|
return LazyHolder.validRegex.matcher(password).matches();
|
||||||
|
}
|
||||||
|
|
||||||
|
private static class LazyHolder {
|
||||||
|
private static final Pattern validRegex = Pattern.compile(PATTERN);
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue