| | |
| | | } |
| | | return doList; |
| | | } |
| | | |
| | | //2024 修改密码弱口令问题 |
| | | @Override |
| | | @Transactional |
| | | public boolean updateUserPwd(Long uid, String oldPwd, String newPwd) { |
| | | if(uid == null || oldPwd == null || newPwd == null || oldPwd.isEmpty() || newPwd.isEmpty()) |
| | | throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(), "参数缺失"); |
| | | |
| | | if (newPwd.length() < 8){ |
| | | throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码长度不够"); |
| | | } |
| | | if (!newPwd.matches(".*[A-Z].*")){ |
| | | throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符"); |
| | | } |
| | | if (!newPwd.matches(".*[a-z].*")){ |
| | | throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符"); |
| | | } |
| | | if (!newPwd.matches(".*\\d.*")){ |
| | | throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符"); |
| | | } |
| | | if (!newPwd.matches(".*[!@#$%^&*.()?+`~<>,-].*")){ |
| | | throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符"); |
| | | } |
| | | |
| | | Optional<User> userOptional = userRepository.findById(uid); |
| | | if(!userOptional.isPresent()){ |
| | | throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_ACCOUNT_NOT_EXIST.getCode(), "用户不存在"); |
| | | } |
| | | User user = userOptional.get(); |
| | | //验证旧密码 |
| | | String hash = String.valueOf(Hashing.hmacMd5(user.getSalt().getBytes(StandardCharsets.UTF_8)).hashString(oldPwd, |
| | | StandardCharsets.UTF_8)); |
| | | String hash = genPasswordHash(oldPwd, user.getSalt()); |
| | | if(!hash.equals(user.getHash())) |
| | | throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_NOT_ALLOWED.getCode(), "旧密码错误"); |
| | | String newSalt = String.valueOf(Hashing.hmacMd5("".getBytes()).hashString(""+uid+Range.atLeast(1)+System.nanoTime(), |
| | | StandardCharsets.UTF_8)); |
| | | String newHash = String.valueOf(Hashing.hmacMd5(newSalt.getBytes(StandardCharsets.UTF_8)).hashString(newPwd, |
| | | StandardCharsets.UTF_8)); |
| | | if(userRepository.updatePassword(uid,newHash,newSalt, LocalDateTime.now()) == 1){ |
| | | |
| | | String newHash = genPasswordHash(newPwd, user.getSalt()); |
| | | if(userRepository.updatePassword(uid,newHash, user.getSalt(), LocalDateTime.now()) == 1){ |
| | | // deleteUserCache(uid); |
| | | return true; |
| | | }else { |
| | | throw new BusinessException(this.getClass(), ResultCode.SYSTEM_ERROR_DATABASE_FAIL.getCode(), "数据库错误"); |
| | | } |
| | | } |
| | | |
| | | // todo 2024 密码重置问题 |
| | | @Override |
| | | public boolean resetUserPassword(Long uid, Long currentUserId) { |
| | | |
| | | if(uid == null){ |
| | | throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(), "参数缺失"); |
| | | } |
| | | |
| | | Optional<User> userOptional = userRepository.findById(uid); |
| | | //验证用户是否存在 |
| | | if(!userOptional.isPresent()){ |
| | | throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_ACCOUNT_NOT_EXIST.getCode(), "用户不存在"); |
| | | } |
| | | User user = userOptional.get(); |
| | | |
| | | //设置初始密码 |
| | | String newPwd = "Gs@123456"; |
| | | String newHash = genPasswordHash(newPwd, user.getSalt()); |
| | | |
| | | // Integer integer = userRepository.resetPassword(uid, newHash, LocalDateTime.now()); |
| | | |
| | | if(userRepository.resetPassword(uid, newHash, LocalDateTime.now()) == 1){ |
| | | return true; |
| | | }else { |
| | | throw new BusinessException(this.getClass(), ResultCode.SYSTEM_ERROR_DATABASE_FAIL.getCode(), "数据库错误"); |
| | |
| | | User user = userOptional.get(); |
| | | /*if(user.getRoleId() != null && user.getRoleId().equals(roleId)) |
| | | throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_NOT_ALLOWED.getCode(), "用户角色未发生改变");*/ |
| | | //todo:校验角色信息 |
| | | //校验角色信息 |
| | | /*if(userRepository.updateUserRole(uid,roleId,LocalDateTime.now()) != null){ |
| | | // deleteUserCache(uid); |
| | | return true; |
| | | }*/ |
| | | return false; |
| | | } |
| | | |
| | | //2024 登录校验问题 |
| | | @Override |
| | | public boolean checkPassword(String pwd, String hash, String salt) { |
| | | if(pwd == null || pwd.isEmpty() || salt == null || salt.isEmpty() || hash == null || hash.isEmpty()) |
| | |
| | | if(Hashing.hmacMd5(salt.getBytes(StandardCharsets.UTF_8)).hashString(pwd, StandardCharsets.UTF_8).toString().equals(hash)){ |
| | | return true; |
| | | }else { |
| | | return true; |
| | | return false; |
| | | } |
| | | } |
| | | |
| | |
| | | } |
| | | |
| | | |
| | | |
| | | /** |
| | | * 用户查询 |
| | | */ |