用户密码策略bug 修复

5 years ago · 04abb712f4
parent d2bc1f287e
commit 04abb712f4
6 changed files with 17 additions and 11 deletions
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/auth/realm/AdminAuthRealm.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/auth/realm/AdminAuthRealm.java
@ -3,6 +3,7 @@ package cn.estsh.i3plus.core.apiservice.auth.realm;
 import cn.estsh.i3plus.core.api.iservice.base.ISystemLoginService;
 import cn.estsh.i3plus.pojo.base.shirotoken.AdminToken;
 import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
+import cn.estsh.impp.framework.boot.exception.ImppBusiException;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
@ -47,12 +48,9 @@ public class AdminAuthRealm extends AuthorizingRealm {
            SessionUser sessionUser = systemLoginService.queryCheckAdminLogin(( AdminToken ) authenticationToken);
            LOGGER.info("管理员令牌验证：{}", sessionUser);
            return new SimpleAuthenticationInfo(sessionUser, (( AdminToken ) authenticationToken).getLoginPwd(), this.getName());
-//        }catch (ImppBusiException e){
-//            e.printStackTrace();
-//            throw new AuthenticationException();
        }catch (Exception e){
            e.printStackTrace();
-            throw new AuthenticationException();
+            throw new AuthenticationException(e.getMessage());
        }
    }
 }
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java
@ -197,7 +197,7 @@ public class WhiteController extends CoreBaseController {
            userLoginStatus = CommonEnumUtil.USER_LOGIN_STATUS.USER_INFO_NULL;
        } catch (AuthenticationException e) {
            // 系统异常
-            result = ResultBean.fail(e.getMessage()).setCode(ImppExceptionEnum.SYSTEM_EXCEPTION.getCode());
+            result = ResultBean.fail(ImppExceptionEnum.LOGIN_EXCEPTION_USER_PASSWORD.getDescription()).setCode(ImppExceptionEnum.LOGIN_EXCEPTION_USER_PASSWORD.getCode());
            result.setErrorMsg(e.getMessage());

            // 记录登录记录
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysConfigController.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysConfigController.java
@ -159,8 +159,7 @@ public class SysConfigController extends CoreBaseController {
        try {
            // 条件验证
            ValidatorBean.beginValid(bean)
-                    .notNull("configCode",bean.getConfigCode())
-                    .notNull("configValue",bean.getConfigValue());
+                    .notNull("configCode",bean.getConfigCode());

            SysConfig config = sysConfigService.getSysConfigByCode(bean.getConfigCode());
            ValidatorBean.checkNotNull(config,"不存在的配置信息");
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/SystemLoginService.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/SystemLoginService.java
@ -15,6 +15,7 @@ import cn.estsh.i3plus.pojo.platform.bean.SysUser;
 import cn.estsh.i3plus.pojo.platform.bean.SysUserPassword;
 import cn.estsh.i3plus.pojo.platform.repository.SysUserRepository;
 import cn.estsh.impp.framework.boot.auth.AuthUtil;
+import cn.estsh.impp.framework.boot.exception.ImppBusiException;
 import cn.estsh.impp.framework.boot.util.ImppLdapUtils;
 import cn.estsh.impp.framework.boot.util.ImppRedis;
 import cn.estsh.impp.framework.boot.util.ImppSwitchUtil;
@ -178,16 +179,17 @@ public class SystemLoginService implements ISystemLoginService {
            }

            if (StringUtils.equals(passwordStr,SysUserPasswordUtil.encoder(pwd))){
+                userPasswordUtil.checkSysUserLogin(user);
                return user;
            }
            LOGGER.error("密码验证错误。");
+        } catch (ImppBusiException e) {
+            throw e;
        } catch (Exception e) {
            LOGGER.error("登录密码加密出错[Exception]");
        }

        throw new IncorrectCredentialsException("登陆密码错误");
-
-
    }

    /**
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserSavePasswordService.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserSavePasswordService.java
@ -40,6 +40,9 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
    @Autowired
    private ISysUserService userService;

+    @Autowired
+    private SysUserPasswordUtil userPasswordUtil;
+
    @Override
    public BaseRepository<SysUserPassword, Long> getRepository() {
        return userPasswordRDao;
@ -68,6 +71,8 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
    public void updatePassword(Long userId, String password) {
        SysUser user = userService.getSysUserById(userId);
        ValidatorBean.checkNotNull(user,"不存在的用户信息");
+        user.setUserLoginPassword(password);
+        userPasswordUtil.checkPasswordSave(user);

        userPasswordRDao.updateByProperties(
                new String[]{"userId","isDeleted"},
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/util/SysUserPasswordUtil.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/util/SysUserPasswordUtil.java
@ -223,7 +223,7 @@ public class SysUserPasswordUtil {
                throw ImppExceptionBuilder.newInstance()
                        .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                        .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
-                        .setErrorDetail("必须包含数字")
+                        .setErrorDetail("必须包含特殊字")
                        .setErrorSolution("请重新输入")
                        .build();
            }
@ -275,7 +275,7 @@ public class SysUserPasswordUtil {
                    }
                }

-                if (lastDay <= num) {
+                if (lastDay > num) {
                    throw ImppExceptionBuilder.newInstance()
                            .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                            .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
@ -283,6 +283,8 @@ public class SysUserPasswordUtil {
                            .setErrorSolution("请重新输入")
                            .build();
                }
+            } catch (ImppBusiException e) {
+                throw e;
            } catch (Exception e) {
                e.printStackTrace();
                LOGGER.error("密码加密错误，异常信息：{}", e.getMessage());