From a290320e826c0059709522d47753ada32b82d07d Mon Sep 17 00:00:00 2001
From: 16639036659 <577530412@qq.com>
Date: 星期四, 04 一月 2024 15:59:46 +0800
Subject: [PATCH] 登录检验,弱口令,初始密码,修改,重置
---
src/main/java/com/gkhy/labRiskManage/application/account/service/AccountAppService.java | 4 +
src/main/java/com/gkhy/labRiskManage/commons/enums/UserRoleEnum.java | 2
src/main/java/com/gkhy/labRiskManage/application/account/service/impl/AccountAppServiceImpl.java | 70 ++++++++++++++++++++++-
src/main/java/com/gkhy/labRiskManage/domain/riskReport/utils/GetRoleTagUtils.java | 3 +
src/main/java/com/gkhy/labRiskManage/domain/account/service/UserDomainService.java | 3 +
src/main/java/com/gkhy/labRiskManage/api/controller/account/UserController.java | 16 ++++-
src/main/java/com/gkhy/labRiskManage/domain/account/repository/jpa/UserRepository.java | 9 ++
src/main/java/com/gkhy/labRiskManage/domain/account/service/impl/UserDomainServiceImpl.java | 65 ++++++++++++++++++---
8 files changed, 152 insertions(+), 20 deletions(-)
diff --git a/src/main/java/com/gkhy/labRiskManage/api/controller/account/UserController.java b/src/main/java/com/gkhy/labRiskManage/api/controller/account/UserController.java
index e1e473f..119ef16 100644
--- a/src/main/java/com/gkhy/labRiskManage/api/controller/account/UserController.java
+++ b/src/main/java/com/gkhy/labRiskManage/api/controller/account/UserController.java
@@ -5,6 +5,7 @@
import com.gkhy.labRiskManage.api.controller.account.dto.req.UserSearchReqDTO;
import com.gkhy.labRiskManage.api.controller.account.dto.resp.UserInfoApiDTO;
import com.gkhy.labRiskManage.api.controller.account.query.UserQuery;
+import com.gkhy.labRiskManage.api.controller.common.BaseController;
import com.gkhy.labRiskManage.application.account.dto.repDto.ChangePasswdReqDto;
import com.gkhy.labRiskManage.application.account.dto.repDto.CreateNewUserAppReqDTO;
import com.gkhy.labRiskManage.application.account.dto.repDto.LoginReqAppDTO;
@@ -24,7 +25,7 @@
@RestController
@RequestMapping("/account/user")
-public class UserController {
+public class UserController extends BaseController {
@Autowired
private AccountAppService accountAppService;
@@ -105,11 +106,20 @@
return result;
}
/**
- * 修改用户密码
+ * 修改用户密码 - 只修改
*/
@PostMapping("/update/password")
public Result updatePassword(@RequestBody ChangePasswdReqDto changePasswdReqDto){
- Result result = accountAppService.updateUserPassword(changePasswdReqDto);
+ Result result = accountAppService.updateUserPassword(changePasswdReqDto, getCurrentUserId());
+ return result;
+ }
+
+ /**
+ * 重置用户密码 - 管理员
+ */
+ @PostMapping("/update/resetPassword")
+ public Result resetPassword(@RequestBody ChangePasswdReqDto changePasswdReqDto){
+ Result result = accountAppService.resetUserPassword(changePasswdReqDto, getCurrentUserId());
return result;
}
diff --git a/src/main/java/com/gkhy/labRiskManage/application/account/service/AccountAppService.java b/src/main/java/com/gkhy/labRiskManage/application/account/service/AccountAppService.java
index f5c8e23..1ca84ab 100644
--- a/src/main/java/com/gkhy/labRiskManage/application/account/service/AccountAppService.java
+++ b/src/main/java/com/gkhy/labRiskManage/application/account/service/AccountAppService.java
@@ -24,7 +24,7 @@
SearchResult<List<UserInfoAppRespDTO>> findUserListByUserIdList(List<Long> userIdList);
- Result updateUserPassword(ChangePasswdReqDto changePasswdReqDto);
+ Result updateUserPassword(ChangePasswdReqDto changePasswdReqDto, Long currentUserId);
Result updateUserStatus(Long userId, Byte status);
@@ -43,4 +43,6 @@
SearchResult<List<UserInfoAppRespDTO>> findUser(PageQuery<UserQuery> pageQuery);
SearchResult<List<UserInfoAppRespDTO>> findExpert(PageQuery<UserQuery> pageQuery);
+
+ Result resetUserPassword(ChangePasswdReqDto changePasswdReqDto, Long currentUserId);
}
diff --git a/src/main/java/com/gkhy/labRiskManage/application/account/service/impl/AccountAppServiceImpl.java b/src/main/java/com/gkhy/labRiskManage/application/account/service/impl/AccountAppServiceImpl.java
index a1a49b1..af217c3 100644
--- a/src/main/java/com/gkhy/labRiskManage/application/account/service/impl/AccountAppServiceImpl.java
+++ b/src/main/java/com/gkhy/labRiskManage/application/account/service/impl/AccountAppServiceImpl.java
@@ -16,6 +16,7 @@
import com.gkhy.labRiskManage.application.account.dto.respDto.LoginRespDto;
import com.gkhy.labRiskManage.application.account.dto.respDto.TokenInfoDto;
import com.gkhy.labRiskManage.domain.account.converter.UserRoleBindConverter;
+import com.gkhy.labRiskManage.domain.account.entity.User;
import com.gkhy.labRiskManage.domain.account.enums.IdentityStatusEnum;
import com.gkhy.labRiskManage.domain.account.enums.UserStatusEnum;
import com.gkhy.labRiskManage.application.account.service.AccountAppService;
@@ -28,19 +29,23 @@
import com.gkhy.labRiskManage.domain.account.model.bo.UpdateUserBO;
import com.gkhy.labRiskManage.domain.account.model.dto.SysUserRoleBindDomainDTO;
+import com.gkhy.labRiskManage.domain.account.repository.jpa.UserRepository;
import com.gkhy.labRiskManage.domain.account.service.SysUserIdentityBindDomainService;
import com.gkhy.labRiskManage.domain.account.service.UserDomainService;
import com.gkhy.labRiskManage.domain.account.model.dto.UserInfoDomainDTO;
import com.gkhy.labRiskManage.domain.account.service.UserRoleDomainService;
+import com.gkhy.labRiskManage.domain.riskReport.utils.GetRoleTagUtils;
import org.redisson.api.RedissonClient;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
+import org.springframework.util.ObjectUtils;
import java.util.ArrayList;
import java.util.List;
+import java.util.Optional;
@Service
public class AccountAppServiceImpl implements AccountAppService {
@@ -68,6 +73,7 @@
@Autowired
private UserRoleBindConverter converter;
+
@Override
public SearchResult<UserInfoAppRespDTO> findUserByLoginName(String loginName){
@@ -152,7 +158,11 @@
@Override
@Transactional
- public Result updateUserPassword(ChangePasswdReqDto dto) {
+ public Result updateUserPassword(ChangePasswdReqDto dto, Long currentUserId) {
+ //人员校验
+ if (!currentUserId.equals(dto.getUid())){
+ throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(), "修改密码遇到错误");
+ }
Result result = new Result<>();
if(userDomainService.updateUserPwd(dto.getUid(),dto.getOldPwd(),dto.getNewPwd()) == true){
result.setSuccess();
@@ -160,6 +170,36 @@
result.setCode(ResultCode.SYSTEM_ERROR.getCode());
result.setMsg("修改密码失败");
}
+ return result;
+ }
+
+ @Override
+ public Result resetUserPassword(ChangePasswdReqDto dto, Long currentUserId) {
+ //todo 身份校验
+
+ if (currentUserId.equals(53)){
+ throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR.getCode() ,"管理员用户不可重置");
+ }
+ UserInfoDomainDTO userInfo = userDomainService.getUserById(currentUserId);
+
+ if (ObjectUtils.isEmpty(userInfo)){
+ throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR.getCode() ,"用户不存在");
+ }
+
+ int roleTag = GetRoleTagUtils.GetRoleTagUtils(userInfo);
+ if (roleTag < 2){
+ throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR.getCode() ,"无权限重置");
+ }
+
+ Result result = new Result<>();
+
+ if(userDomainService.resetUserPassword(dto.getUid(), currentUserId) == true){
+ result.setSuccess();
+ }else {
+ result.setCode(ResultCode.SYSTEM_ERROR.getCode());
+ result.setMsg("重置密码失败");
+ }
+
return result;
}
@@ -216,7 +256,6 @@
result.setMsg("用户不存在");
return result;
}
-
if(!userDomainService.checkPassword(loginReqAppDTO.getPwd(), userInfoDomainDTO.getHash(), userInfoDomainDTO.getSalt())){
result.setCode(ResultCode.BUSINESS_ERROR_NOT_ALLOWED.getCode());
result.setMsg("密码错误");
@@ -252,13 +291,14 @@
loginRespDto.setRealName(userInfoDomainDTO.getRealName());
loginRespDto.setTk(tokenInfoDto.getTk());
loginRespDto.setRoles(converter.userRoleBindConverter(userInfoDomainDTO.getRoles()));
- //todo:获取其他需返回的信息
+ //获取其他需返回的信息
result.setSuccess();
result.setData(loginRespDto);
return result;
}
+
@Override
public Result logout(Long userId) {
@@ -293,8 +333,26 @@
createUserBO.setRealName(createNewUserAppReqDTO.getRealName());
//如果没有提供密码,初始密码为“123456”
if(createNewUserAppReqDTO.getPwd() == null || createNewUserAppReqDTO.getPwd().isEmpty()){
- createNewUserAppReqDTO.setPwd("123456");
+ createNewUserAppReqDTO.setPwd("Gs@123456");
}
+
+ //todo 2024 弱口令问题处理
+ if (createNewUserAppReqDTO.getPwd().length() < 8){
+ throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码长度不够");
+ }
+ if (!createNewUserAppReqDTO.getPwd().matches(".*[A-Z].*")){
+ throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码需要包含大小写字母、数字、特殊符号");
+ }
+ if (!createNewUserAppReqDTO.getPwd().matches(".*[a-z].*")){
+ throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码需要包含大小写字母、数字、特殊符号");
+ }
+ if (!createNewUserAppReqDTO.getPwd().matches(".*\\d.*")){
+ throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码需要包含大小写字母、数字、特殊符号");
+ }
+ if (!createNewUserAppReqDTO.getPwd().matches(".*[!@#$%^&*.()?+`~<>,-].*")){
+ throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码需要包含大小写字母、数字、特殊符号");
+ }
+
createUserBO.setPwd(createNewUserAppReqDTO.getPwd());
createUserBO.setPhone(createNewUserAppReqDTO.getPhone());
createUserBO.setIdType(createNewUserAppReqDTO.getIdType());
@@ -366,6 +424,8 @@
return result;
}
+
+
@Transactional
@Override
public Result deleteUser(Long userId) {
@@ -406,4 +466,6 @@
}
+
+
}
diff --git a/src/main/java/com/gkhy/labRiskManage/commons/enums/UserRoleEnum.java b/src/main/java/com/gkhy/labRiskManage/commons/enums/UserRoleEnum.java
index f06f7b7..b27ec24 100644
--- a/src/main/java/com/gkhy/labRiskManage/commons/enums/UserRoleEnum.java
+++ b/src/main/java/com/gkhy/labRiskManage/commons/enums/UserRoleEnum.java
@@ -14,6 +14,8 @@
USER_ROLE_6(6,"综合办"),
+ USER_ROLE_7(7,"超级管理员"),
+
;
diff --git a/src/main/java/com/gkhy/labRiskManage/domain/account/repository/jpa/UserRepository.java b/src/main/java/com/gkhy/labRiskManage/domain/account/repository/jpa/UserRepository.java
index e79f02c..49d7daf 100644
--- a/src/main/java/com/gkhy/labRiskManage/domain/account/repository/jpa/UserRepository.java
+++ b/src/main/java/com/gkhy/labRiskManage/domain/account/repository/jpa/UserRepository.java
@@ -6,6 +6,7 @@
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
import org.springframework.stereotype.Repository;
+import org.springframework.transaction.annotation.Transactional;
import java.time.LocalDateTime;
import java.util.List;
@@ -19,8 +20,13 @@
List<User> findAllByIdIn(List<Long> userIdList);
@Modifying
- @Query(value = "update User u set u.hash = :hash ,u.salt = :salt ,u.gmtModified = :time where u.id = :uid")
+ @Query(value = "update User u set u.hash = :hash ,u.salt = :salt ,u.gmtModified = :time where u.id = :uid")
Integer updatePassword(Long uid, String hash, String salt, LocalDateTime time);
+
+ @Transactional
+ @Modifying
+ @Query(value = "update User u set u.hash = :hash ,u.gmtModified = :time where u.id = :uid")
+ Integer resetPassword(Long uid, String hash, LocalDateTime time);
@Modifying
@Query(value = "update User u set u.status = :status ,u.gmtModified = :time where u.id = :uid")
@@ -55,4 +61,5 @@
User getUserInfoByIdAndSellInfo(Long evaluateUserId);
@Query(value = "select u from User u where u.id = :uid and u.status in (1,2)")
User getById(Long uid);
+
}
diff --git a/src/main/java/com/gkhy/labRiskManage/domain/account/service/UserDomainService.java b/src/main/java/com/gkhy/labRiskManage/domain/account/service/UserDomainService.java
index f1c9c9e..5c56419 100644
--- a/src/main/java/com/gkhy/labRiskManage/domain/account/service/UserDomainService.java
+++ b/src/main/java/com/gkhy/labRiskManage/domain/account/service/UserDomainService.java
@@ -133,4 +133,7 @@
* @return
*/
SearchResult<List<UserInfoDomainDTO>> findExpertList(PageQuery<UserQuery> pageQuery);
+
+
+ boolean resetUserPassword(Long uid, Long currentUserId);
}
diff --git a/src/main/java/com/gkhy/labRiskManage/domain/account/service/impl/UserDomainServiceImpl.java b/src/main/java/com/gkhy/labRiskManage/domain/account/service/impl/UserDomainServiceImpl.java
index 8c019d6..ecd1126 100644
--- a/src/main/java/com/gkhy/labRiskManage/domain/account/service/impl/UserDomainServiceImpl.java
+++ b/src/main/java/com/gkhy/labRiskManage/domain/account/service/impl/UserDomainServiceImpl.java
@@ -287,28 +287,70 @@
}
return doList;
}
-
+ //2024 修改密码弱口令问题
@Override
@Transactional
public boolean updateUserPwd(Long uid, String oldPwd, String newPwd) {
if(uid == null || oldPwd == null || newPwd == null || oldPwd.isEmpty() || newPwd.isEmpty())
throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(), "参数缺失");
+
+ if (newPwd.length() < 8){
+ throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码长度不够");
+ }
+ if (!newPwd.matches(".*[A-Z].*")){
+ throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符");
+ }
+ if (!newPwd.matches(".*[a-z].*")){
+ throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符");
+ }
+ if (!newPwd.matches(".*\\d.*")){
+ throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符");
+ }
+ if (!newPwd.matches(".*[!@#$%^&*.()?+`~<>,-].*")){
+ throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符");
+ }
+
Optional<User> userOptional = userRepository.findById(uid);
if(!userOptional.isPresent()){
throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_ACCOUNT_NOT_EXIST.getCode(), "用户不存在");
}
User user = userOptional.get();
//验证旧密码
- String hash = String.valueOf(Hashing.hmacMd5(user.getSalt().getBytes(StandardCharsets.UTF_8)).hashString(oldPwd,
- StandardCharsets.UTF_8));
+ String hash = genPasswordHash(oldPwd, user.getSalt());
if(!hash.equals(user.getHash()))
throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_NOT_ALLOWED.getCode(), "旧密码错误");
- String newSalt = String.valueOf(Hashing.hmacMd5("".getBytes()).hashString(""+uid+Range.atLeast(1)+System.nanoTime(),
- StandardCharsets.UTF_8));
- String newHash = String.valueOf(Hashing.hmacMd5(newSalt.getBytes(StandardCharsets.UTF_8)).hashString(newPwd,
- StandardCharsets.UTF_8));
- if(userRepository.updatePassword(uid,newHash,newSalt, LocalDateTime.now()) == 1){
+
+ String newHash = genPasswordHash(newPwd, user.getSalt());
+ if(userRepository.updatePassword(uid,newHash, user.getSalt(), LocalDateTime.now()) == 1){
// deleteUserCache(uid);
+ return true;
+ }else {
+ throw new BusinessException(this.getClass(), ResultCode.SYSTEM_ERROR_DATABASE_FAIL.getCode(), "数据库错误");
+ }
+ }
+
+ // todo 2024 密码重置问题
+ @Override
+ public boolean resetUserPassword(Long uid, Long currentUserId) {
+
+ if(uid == null){
+ throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(), "参数缺失");
+ }
+
+ Optional<User> userOptional = userRepository.findById(uid);
+ //验证用户是否存在
+ if(!userOptional.isPresent()){
+ throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_ACCOUNT_NOT_EXIST.getCode(), "用户不存在");
+ }
+ User user = userOptional.get();
+
+ //设置初始密码
+ String newPwd = "Gs@123456";
+ String newHash = genPasswordHash(newPwd, user.getSalt());
+
+// Integer integer = userRepository.resetPassword(uid, newHash, LocalDateTime.now());
+
+ if(userRepository.resetPassword(uid, newHash, LocalDateTime.now()) == 1){
return true;
}else {
throw new BusinessException(this.getClass(), ResultCode.SYSTEM_ERROR_DATABASE_FAIL.getCode(), "数据库错误");
@@ -346,14 +388,14 @@
User user = userOptional.get();
/*if(user.getRoleId() != null && user.getRoleId().equals(roleId))
throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_NOT_ALLOWED.getCode(), "用户角色未发生改变");*/
- //todo:校验角色信息
+ //校验角色信息
/*if(userRepository.updateUserRole(uid,roleId,LocalDateTime.now()) != null){
// deleteUserCache(uid);
return true;
}*/
return false;
}
-
+ //2024 登录校验问题
@Override
public boolean checkPassword(String pwd, String hash, String salt) {
if(pwd == null || pwd.isEmpty() || salt == null || salt.isEmpty() || hash == null || hash.isEmpty())
@@ -361,7 +403,7 @@
if(Hashing.hmacMd5(salt.getBytes(StandardCharsets.UTF_8)).hashString(pwd, StandardCharsets.UTF_8).toString().equals(hash)){
return true;
}else {
- return true;
+ return false;
}
}
@@ -561,6 +603,7 @@
}
+
/**
* 用户查询
*/
diff --git a/src/main/java/com/gkhy/labRiskManage/domain/riskReport/utils/GetRoleTagUtils.java b/src/main/java/com/gkhy/labRiskManage/domain/riskReport/utils/GetRoleTagUtils.java
index 16ebb9c..a8fdb19 100644
--- a/src/main/java/com/gkhy/labRiskManage/domain/riskReport/utils/GetRoleTagUtils.java
+++ b/src/main/java/com/gkhy/labRiskManage/domain/riskReport/utils/GetRoleTagUtils.java
@@ -20,6 +20,9 @@
if (role.getRoleId() == UserRoleEnum.USER_ROLE_6.getCode().byteValue()){
roleTag = 2;
}
+ if (role.getRoleId() == UserRoleEnum.USER_ROLE_7.getCode().byteValue()){
+ roleTag = 2;
+ }
}
return roleTag;
--
Gitblit v1.9.2