fix: 密码强度

This commit is contained in:
wangyu 2021-01-13 23:41:53 +08:00
parent d52b5ad477
commit 66ed5cbc83
4 changed files with 59 additions and 0 deletions

View File

@ -5,15 +5,19 @@ import com.flyfish.framework.configuration.annotations.CurrentUser;
import com.flyfish.framework.domain.UserPasswordDto;
import com.flyfish.framework.domain.UserQo;
import com.flyfish.framework.domain.base.IUser;
import com.flyfish.framework.domain.po.Role;
import com.flyfish.framework.domain.po.User;
import com.flyfish.framework.enums.UserStatus;
import com.flyfish.framework.service.UserService;
import com.flyfish.framework.utils.Assert;
import com.flyfish.framework.utils.StrengthUtils;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.bind.annotation.*;
import reactor.core.publisher.Mono;
import javax.annotation.Resource;
import java.util.Optional;
@RestController
@RequestMapping("/users")
@ -22,6 +26,28 @@ public class UserController extends BaseController<User, UserQo> {
@Resource
private PasswordEncoder passwordEncoder;
/**
* 重置密码逻辑
*
* @param body 请求体
* @param user 用户
* @return 结果
*/
@PutMapping("{id}/passwords")
public Result<Void> resetPassword(@PathVariable String id, @RequestBody User body, @CurrentUser User user) {
Assert.hasText(body.getPassword(), "重置密码必需携带密码!");
Assert.isTrue(Optional.ofNullable(user.getRoles()).map(roles -> roles.stream().anyMatch(Role::getAdmin))
.orElse(false), "您没有管理员权限,无法重置密码!");
Assert.isTrue(StrengthUtils.isValid(body.getPassword()));
User updating = new User();
updating.setId(id);
updating.setStatus(UserStatus.NORMAL);
updating.setErrorCount(0);
updating.setPassword(passwordEncoder.encode(body.getPassword()));
service.updateSelectiveById(updating);
return Result.ok();
}
/**
* 修改密码逻辑
*

View File

@ -1,9 +1,11 @@
package com.flyfish.framework.domain;
import com.flyfish.framework.utils.StrengthUtils;
import lombok.Getter;
import lombok.Setter;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.Pattern;
/**
* 修改密码dto
@ -17,5 +19,6 @@ public class UserPasswordDto {
private String oldPassword;
@NotBlank(message = "新密码不可为空!")
@Pattern(regexp = StrengthUtils.PATTERN, message = "密码强度不够,至少应该包含数字、大小写字母、符号组合!")
private String password;
}

View File

@ -5,6 +5,8 @@ import com.flyfish.framework.domain.po.User;
import com.flyfish.framework.enums.UserType;
import com.flyfish.framework.repository.UserRepository;
import com.flyfish.framework.service.impl.BaseServiceImpl;
import com.flyfish.framework.utils.Assert;
import com.flyfish.framework.utils.StrengthUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
@ -32,6 +34,7 @@ public class UserService extends BaseServiceImpl<User> {
@Override
public User create(User entity) {
if (null == entity.getId() && StringUtils.isNotBlank(entity.getPassword())) {
Assert.isTrue(StrengthUtils.isValid(entity.getPassword()), "密码强度不够,至少应该包含数字、大小写字母、符号组合");
entity.setPassword(passwordEncoder.encode(entity.getPassword()));
}
if (null == entity.getType()) {

View File

@ -0,0 +1,27 @@
package com.flyfish.framework.utils;
import java.util.regex.Pattern;
/**
* 密码强度工具
*
* @author wangyu
*/
public abstract class StrengthUtils {
public static final String PATTERN = "^(?![a-zA-z]+$)(?!\\d+$)(?![,.!?~`_+=@#$%^&*;<>':]+$)(?![a-zA-z\\d]+$)(?![a-zA-z,.!?~`_+=@#$%^&*;<>':]+$)(?![\\d,.!?~`_+=@#$%^&*;<>':]+$)[a-zA-Z\\d,.!?~`_+=@#$%^&*;<>':]{8,16}$";
/**
* 此处传入密码明文判定密码可用性
*
* @param password 密码
* @return 结果
*/
public static boolean isValid(String password) {
return LazyHolder.validRegex.matcher(password).matches();
}
private static class LazyHolder {
private static final Pattern validRegex = Pattern.compile(PATTERN);
}
}