From a290320e826c0059709522d47753ada32b82d07d Mon Sep 17 00:00:00 2001
From: 16639036659 <577530412@qq.com>
Date: 星期四, 04 一月 2024 15:59:46 +0800
Subject: [PATCH] 登录检验，弱口令，初始密码，修改，重置

---
 src/main/java/com/gkhy/labRiskManage/domain/account/service/impl/UserDomainServiceImpl.java |   65 +++++++++++++++++++++++++++-----
 1 files changed, 54 insertions(+), 11 deletions(-)

diff --git a/src/main/java/com/gkhy/labRiskManage/domain/account/service/impl/UserDomainServiceImpl.java b/src/main/java/com/gkhy/labRiskManage/domain/account/service/impl/UserDomainServiceImpl.java
index 8c019d6..ecd1126 100644
--- a/src/main/java/com/gkhy/labRiskManage/domain/account/service/impl/UserDomainServiceImpl.java
+++ b/src/main/java/com/gkhy/labRiskManage/domain/account/service/impl/UserDomainServiceImpl.java
@@ -287,28 +287,70 @@
         }
         return doList;
     }
-
+    //2024 修改密码弱口令问题
     @Override
     @Transactional
     public boolean updateUserPwd(Long uid, String oldPwd, String newPwd) {
         if(uid == null || oldPwd == null || newPwd == null || oldPwd.isEmpty() || newPwd.isEmpty())
             throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(), "参数缺失");
+
+        if (newPwd.length() < 8){
+            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码长度不够");
+        }
+        if (!newPwd.matches(".*[A-Z].*")){
+            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符");
+        }
+        if (!newPwd.matches(".*[a-z].*")){
+            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符");
+        }
+        if (!newPwd.matches(".*\\d.*")){
+            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符");
+        }
+        if (!newPwd.matches(".*[!@#$%^&*.()?+`~<>,-].*")){
+            throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_ILLEGAL.getCode(),"密码至少包含大小写字母、数字、特殊字符");
+        }
+
         Optional<User> userOptional = userRepository.findById(uid);
         if(!userOptional.isPresent()){
             throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_ACCOUNT_NOT_EXIST.getCode(), "用户不存在");
         }
         User user = userOptional.get();
         //验证旧密码
-        String hash = String.valueOf(Hashing.hmacMd5(user.getSalt().getBytes(StandardCharsets.UTF_8)).hashString(oldPwd,
-                StandardCharsets.UTF_8));
+        String hash = genPasswordHash(oldPwd, user.getSalt());
         if(!hash.equals(user.getHash()))
             throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_NOT_ALLOWED.getCode(), "旧密码错误");
-        String newSalt = String.valueOf(Hashing.hmacMd5("".getBytes()).hashString(""+uid+Range.atLeast(1)+System.nanoTime(),
-                StandardCharsets.UTF_8));
-        String newHash = String.valueOf(Hashing.hmacMd5(newSalt.getBytes(StandardCharsets.UTF_8)).hashString(newPwd,
-                StandardCharsets.UTF_8));
-        if(userRepository.updatePassword(uid,newHash,newSalt, LocalDateTime.now()) == 1){
+
+        String newHash = genPasswordHash(newPwd, user.getSalt());
+        if(userRepository.updatePassword(uid,newHash, user.getSalt(), LocalDateTime.now()) == 1){
 //            deleteUserCache(uid);
+            return true;
+        }else {
+            throw new BusinessException(this.getClass(), ResultCode.SYSTEM_ERROR_DATABASE_FAIL.getCode(), "数据库错误");
+        }
+    }
+
+    // todo 2024 密码重置问题
+    @Override
+    public boolean resetUserPassword(Long uid, Long currentUserId) {
+
+        if(uid == null){
+            throw new BusinessException(this.getClass(), ResultCode.PARAM_ERROR_NULL.getCode(), "参数缺失");
+        }
+
+        Optional<User> userOptional = userRepository.findById(uid);
+        //验证用户是否存在
+        if(!userOptional.isPresent()){
+            throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_ACCOUNT_NOT_EXIST.getCode(), "用户不存在");
+        }
+        User user = userOptional.get();
+
+        //设置初始密码
+        String newPwd = "Gs@123456";
+        String newHash = genPasswordHash(newPwd, user.getSalt());
+
+//        Integer integer = userRepository.resetPassword(uid, newHash, LocalDateTime.now());
+
+        if(userRepository.resetPassword(uid, newHash, LocalDateTime.now()) == 1){
             return true;
         }else {
             throw new BusinessException(this.getClass(), ResultCode.SYSTEM_ERROR_DATABASE_FAIL.getCode(), "数据库错误");
@@ -346,14 +388,14 @@
         User user = userOptional.get();
         /*if(user.getRoleId() != null && user.getRoleId().equals(roleId))
             throw new BusinessException(this.getClass(), ResultCode.BUSINESS_ERROR_NOT_ALLOWED.getCode(), "用户角色未发生改变");*/
-        //todo:校验角色信息
+        //校验角色信息
         /*if(userRepository.updateUserRole(uid,roleId,LocalDateTime.now()) != null){
 //            deleteUserCache(uid);
             return true;
         }*/
         return false;
     }
-
+    //2024 登录校验问题
     @Override
     public boolean checkPassword(String pwd, String hash, String salt) {
         if(pwd == null || pwd.isEmpty() || salt == null || salt.isEmpty() || hash == null || hash.isEmpty())
@@ -361,7 +403,7 @@
         if(Hashing.hmacMd5(salt.getBytes(StandardCharsets.UTF_8)).hashString(pwd, StandardCharsets.UTF_8).toString().equals(hash)){
             return true;
         }else {
-            return true;
+            return false;
         }
     }
 
@@ -561,6 +603,7 @@
     }
 
 
+
     /**
      * 用户查询
      */

--
Gitblit v1.9.2