登录检验，弱口令，初始密码，修改，重置

16639036659

2024-01-04 a290320e826c0059709522d47753ada32b82d07d

登录检验，弱口令，初始密码，修改，重置

 src/main/java/com/gkhy/labRiskManage/api/controller/account/UserController.java

@@ -5,6 +5,7 @@
import com.gkhy.labRiskManage.api.controller.account.dto.req.UserSearchReqDTO;
import com.gkhy.labRiskManage.api.controller.account.dto.resp.UserInfoApiDTO;
import com.gkhy.labRiskManage.api.controller.account.query.UserQuery;
import com.gkhy.labRiskManage.api.controller.common.BaseController;
import com.gkhy.labRiskManage.application.account.dto.repDto.ChangePasswdReqDto;
import com.gkhy.labRiskManage.application.account.dto.repDto.CreateNewUserAppReqDTO;
import com.gkhy.labRiskManage.application.account.dto.repDto.LoginReqAppDTO;
@@ -24,7 +25,7 @@

@RestController
@RequestMapping("/account/user")
public class UserController {
public class UserController  extends BaseController {

    @Autowired
    private AccountAppService accountAppService;
@@ -105,11 +106,20 @@
        return result;
    }
    /**
     * 修改用户密码
     * 修改用户密码 - 只修改
     */
    @PostMapping("/update/password")
    public Result updatePassword(@RequestBody ChangePasswdReqDto changePasswdReqDto){
        Result result = accountAppService.updateUserPassword(changePasswdReqDto);
        Result result = accountAppService.updateUserPassword(changePasswdReqDto, getCurrentUserId());
        return result;
    }

    /**
     * 重置用户密码 - 管理员
     */
    @PostMapping("/update/resetPassword")
    public Result resetPassword(@RequestBody ChangePasswdReqDto changePasswdReqDto){
        Result result = accountAppService.resetUserPassword(changePasswdReqDto, getCurrentUserId());
        return result;
    }


 src/main/java/com/gkhy/labRiskManage/application/account/service/AccountAppService.java

@@ -24,7 +24,7 @@

    SearchResult<List<UserInfoAppRespDTO>> findUserListByUserIdList(List<Long> userIdList);

    Result updateUserPassword(ChangePasswdReqDto changePasswdReqDto);
    Result updateUserPassword(ChangePasswdReqDto changePasswdReqDto, Long currentUserId);

    Result updateUserStatus(Long userId, Byte status);

@@ -43,4 +43,6 @@
    SearchResult<List<UserInfoAppRespDTO>> findUser(PageQuery<UserQuery> pageQuery);

    SearchResult<List<UserInfoAppRespDTO>> findExpert(PageQuery<UserQuery> pageQuery);

    Result resetUserPassword(ChangePasswdReqDto changePasswdReqDto, Long currentUserId);
}

 src/main/java/com/gkhy/labRiskManage/application/account/service/impl/AccountAppServiceImpl.java

@@ -16,6 +16,7 @@
import com.gkhy.labRiskManage.application.account.dto.respDto.LoginRespDto;
import com.gkhy.labRiskManage.application.account.dto.respDto.TokenInfoDto;
import com.gkhy.labRiskManage.domain.account.converter.UserRoleBindConverter;
import com.gkhy.labRiskManage.domain.account.entity.User;
import com.gkhy.labRiskManage.domain.account.enums.IdentityStatusEnum;
import com.gkhy.labRiskManage.domain.account.enums.UserStatusEnum;
import com.gkhy.labRiskManage.application.account.service.AccountAppService;
@@ -28,19 +29,23 @@
import com.gkhy.labRiskManage.domain.account.model.bo.UpdateUserBO;

import com.gkhy.labRiskManage.domain.account.model.dto.SysUserRoleBindDomainDTO;
import com.gkhy.labRiskManage.domain.account.repository.jpa.UserRepository;
import com.gkhy.labRiskManage.domain.account.service.SysUserIdentityBindDomainService;
import com.gkhy.labRiskManage.domain.account.service.UserDomainService;
import com.gkhy.labRiskManage.domain.account.model.dto.UserInfoDomainDTO;
import com.gkhy.labRiskManage.domain.account.service.UserRoleDomainService;
import com.gkhy.labRiskManage.domain.riskReport.utils.GetRoleTagUtils;
import org.redisson.api.RedissonClient;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ObjectUtils;

import java.util.ArrayList;
import java.util.List;
import java.util.Optional;

@Service
public class AccountAppServiceImpl implements AccountAppService {
@@ -68,6 +73,7 @@

    @Autowired
    private UserRoleBindConverter converter;


    @Override
    public SearchResult<UserInfoAppRespDTO> findUserByLoginName(String loginName){
@@ -152,7 +158,11 @@

    @Override
    @Transactional
    public Result updateUserPassword(ChangePasswdReqDto dto) {
    public Result updateUserPassword(ChangePasswdReqDto dto, Long currentUserId) {
        //人员校验
        if (!currentUserId.equals(dto.getUid())){
            throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(), "修改密码遇到错误");
        }
        Result result = new Result<>();
        if(userDomainService.updateUserPwd(dto.getUid(),dto.getOldPwd(),dto.getNewPwd()) == true){
            result.setSuccess();
@@ -160,6 +170,36 @@
            result.setCode(ResultCode.SYSTEM_ERROR.getCode());
            result.setMsg("修改密码失败");
        }
        return result;
    }

    @Override
    public Result resetUserPassword(ChangePasswdReqDto dto, Long currentUserId) {
        //todo 身份校验

        if (currentUserId.equals(53)){
            throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR.getCode() ,"管理员用户不可重置");
        }
        UserInfoDomainDTO userInfo = userDomainService.getUserById(currentUserId);

        if (ObjectUtils.isEmpty(userInfo)){
            throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR.getCode() ,"用户不存在");
        }

        int roleTag = GetRoleTagUtils.GetRoleTagUtils(userInfo);
        if (roleTag < 2){
            throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR.getCode() ,"无权限重置");
        }

        Result result = new Result<>();

        if(userDomainService.resetUserPassword(dto.getUid(), currentUserId) == true){
            result.setSuccess();
        }else {
            result.setCode(ResultCode.SYSTEM_ERROR.getCode());
            result.setMsg("重置密码失败");
        }

        return result;
    }

@@ -216,7 +256,6 @@
            result.setMsg("用户不存在");
            return result;
        }

        if(!userDomainService.checkPassword(loginReqAppDTO.getPwd(), userInfoDomainDTO.getHash(), userInfoDomainDTO.getSalt())){
            result.setCode(ResultCode.BUSINESS_ERROR_NOT_ALLOWED.getCode());
            result.setMsg("密码错误");
@@ -252,13 +291,14 @@
        loginRespDto.setRealName(userInfoDomainDTO.getRealName());
        loginRespDto.setTk(tokenInfoDto.getTk());
        loginRespDto.setRoles(converter.userRoleBindConverter(userInfoDomainDTO.getRoles()));
        //todo:获取其他需返回的信息
        //获取其他需返回的信息

        result.setSuccess();
        result.setData(loginRespDto);

        return result;
    }


    @Override
    public Result logout(Long userId) {
@@ -293,8 +333,26 @@
        createUserBO.setRealName(createNewUserAppReqDTO.getRealName());
        //如果没有提供密码，初始密码为“123456”
        if(createNewUserAppReqDTO.getPwd() == null || createNewUserAppReqDTO.getPwd().isEmpty()){
            createNewUserAppReqDTO.setPwd("123456");
            createNewUserAppReqDTO.setPwd("Gs@123456");
        }

        //todo 2024 弱口令问题处理
        if (createNewUserAppReqDTO.getPwd().length() < 8){
            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码长度不够");
        }
        if (!createNewUserAppReqDTO.getPwd().matches(".*[A-Z].*")){
            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码需要包含大小写字母、数字、特殊符号");
        }
        if (!createNewUserAppReqDTO.getPwd().matches(".*[a-z].*")){
            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码需要包含大小写字母、数字、特殊符号");
        }
        if (!createNewUserAppReqDTO.getPwd().matches(".*\\d.*")){
            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码需要包含大小写字母、数字、特殊符号");
        }
        if (!createNewUserAppReqDTO.getPwd().matches(".*[!@#$%^&*.()?+`~<>,-].*")){
            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码需要包含大小写字母、数字、特殊符号");
        }

        createUserBO.setPwd(createNewUserAppReqDTO.getPwd());
        createUserBO.setPhone(createNewUserAppReqDTO.getPhone());
        createUserBO.setIdType(createNewUserAppReqDTO.getIdType());
@@ -366,6 +424,8 @@
        return result;
    }



    @Transactional
    @Override
    public Result deleteUser(Long userId) {
@@ -406,4 +466,6 @@
    }




}

 src/main/java/com/gkhy/labRiskManage/commons/enums/UserRoleEnum.java

@@ -14,6 +14,8 @@

    USER_ROLE_6(6,"综合办"),

    USER_ROLE_7(7,"超级管理员"),

    ;



 src/main/java/com/gkhy/labRiskManage/domain/account/repository/jpa/UserRepository.java

@@ -6,6 +6,7 @@
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Transactional;

import java.time.LocalDateTime;
import java.util.List;
@@ -19,8 +20,13 @@
    List<User> findAllByIdIn(List<Long> userIdList);

    @Modifying
    @Query(value = "update User u set u.hash = :hash ,u.salt = :salt ,u.gmtModified = :time where u.id = :uid")
    @Query(value = "update User u set u.hash = :hash ,u.salt = :salt ,u.gmtModified = :time   where u.id = :uid")
    Integer updatePassword(Long uid, String hash, String salt, LocalDateTime time);

    @Transactional
    @Modifying
    @Query(value = "update User u set u.hash = :hash ,u.gmtModified = :time   where u.id = :uid")
    Integer resetPassword(Long uid, String hash, LocalDateTime time);

    @Modifying
    @Query(value = "update User u set u.status = :status ,u.gmtModified = :time where u.id = :uid")
@@ -55,4 +61,5 @@
    User getUserInfoByIdAndSellInfo(Long evaluateUserId);
    @Query(value = "select u from User u where u.id = :uid and u.status in (1,2)")
    User getById(Long uid);

}

 src/main/java/com/gkhy/labRiskManage/domain/account/service/UserDomainService.java

@@ -133,4 +133,7 @@
     * @return
     */
    SearchResult<List<UserInfoDomainDTO>> findExpertList(PageQuery<UserQuery> pageQuery);


    boolean resetUserPassword(Long uid, Long currentUserId);
}

 src/main/java/com/gkhy/labRiskManage/domain/account/service/impl/UserDomainServiceImpl.java

@@ -287,28 +287,70 @@
        }
        return doList;
    }

    //2024 修改密码弱口令问题
    @Override
    @Transactional
    public boolean updateUserPwd(Long uid, String oldPwd, String newPwd) {
        if(uid == null || oldPwd == null || newPwd == null || oldPwd.isEmpty() || newPwd.isEmpty())
            throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(), "参数缺失");

        if (newPwd.length() < 8){
            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码长度不够");
        }
        if (!newPwd.matches(".*[A-Z].*")){
            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符");
        }
        if (!newPwd.matches(".*[a-z].*")){
            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符");
        }
        if (!newPwd.matches(".*\\d.*")){
            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符");
        }
        if (!newPwd.matches(".*[!@#$%^&*.()?+`~<>,-].*")){
            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符");
        }

        Optional<User> userOptional = userRepository.findById(uid);
        if(!userOptional.isPresent()){
            throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_ACCOUNT_NOT_EXIST.getCode(), "用户不存在");
        }
        User user = userOptional.get();
        //验证旧密码
        String hash = String.valueOf(Hashing.hmacMd5(user.getSalt().getBytes(StandardCharsets.UTF_8)).hashString(oldPwd,
                StandardCharsets.UTF_8));
        String hash = genPasswordHash(oldPwd, user.getSalt());
        if(!hash.equals(user.getHash()))
            throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_NOT_ALLOWED.getCode(), "旧密码错误");
        String newSalt = String.valueOf(Hashing.hmacMd5("".getBytes()).hashString(""+uid+Range.atLeast(1)+System.nanoTime(),
                StandardCharsets.UTF_8));
        String newHash = String.valueOf(Hashing.hmacMd5(newSalt.getBytes(StandardCharsets.UTF_8)).hashString(newPwd,
                StandardCharsets.UTF_8));
        if(userRepository.updatePassword(uid,newHash,newSalt, LocalDateTime.now()) == 1){

        String newHash = genPasswordHash(newPwd, user.getSalt());
        if(userRepository.updatePassword(uid,newHash, user.getSalt(), LocalDateTime.now()) == 1){
//            deleteUserCache(uid);
            return true;
        }else {
            throw new BusinessException(this.getClass(), ResultCode.SYSTEM_ERROR_DATABASE_FAIL.getCode(), "数据库错误");
        }
    }

    // todo 2024 密码重置问题
    @Override
    public boolean resetUserPassword(Long uid, Long currentUserId) {

        if(uid == null){
            throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(), "参数缺失");
        }

        Optional<User> userOptional = userRepository.findById(uid);
        //验证用户是否存在
        if(!userOptional.isPresent()){
            throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_ACCOUNT_NOT_EXIST.getCode(), "用户不存在");
        }
        User user = userOptional.get();

        //设置初始密码
        String newPwd = "Gs@123456";
        String newHash = genPasswordHash(newPwd, user.getSalt());

//        Integer integer = userRepository.resetPassword(uid, newHash, LocalDateTime.now());

        if(userRepository.resetPassword(uid, newHash, LocalDateTime.now()) == 1){
            return true;
        }else {
            throw new BusinessException(this.getClass(), ResultCode.SYSTEM_ERROR_DATABASE_FAIL.getCode(), "数据库错误");
@@ -346,14 +388,14 @@
        User user = userOptional.get();
        /*if(user.getRoleId() != null && user.getRoleId().equals(roleId))
            throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_NOT_ALLOWED.getCode(), "用户角色未发生改变");*/
        //todo:校验角色信息
        //校验角色信息
        /*if(userRepository.updateUserRole(uid,roleId,LocalDateTime.now()) != null){
//            deleteUserCache(uid);
            return true;
        }*/
        return false;
    }

    //2024 登录校验问题
    @Override
    public boolean checkPassword(String pwd, String hash, String salt) {
        if(pwd == null || pwd.isEmpty() || salt == null || salt.isEmpty() || hash == null || hash.isEmpty())
@@ -361,7 +403,7 @@
        if(Hashing.hmacMd5(salt.getBytes(StandardCharsets.UTF_8)).hashString(pwd, StandardCharsets.UTF_8).toString().equals(hash)){
            return true;
        }else {
            return true;
            return false;
        }
    }

@@ -561,6 +603,7 @@
    }



    /**
     * 用户查询
     */

 src/main/java/com/gkhy/labRiskManage/domain/riskReport/utils/GetRoleTagUtils.java

@@ -20,6 +20,9 @@
            if (role.getRoleId() == UserRoleEnum.USER_ROLE_6.getCode().byteValue()){
                roleTag = 2;
            }
            if (role.getRoleId() == UserRoleEnum.USER_ROLE_7.getCode().byteValue()){
                roleTag = 2;
            }
        }

        return  roleTag;