I3_YF_SEAT
/
impp-core
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

安全审计和登录数据导出

Browse Source
yun-zuoyi
yanyujia 2 years ago
parent f1ce146e04
commit 349c615167
14 changed files with 556 additions and 79 deletions
Show Stats Download Patch File Download Diff File

3
modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserPasswordService.java
Unescape Escape View File

@ -39,6 +39,9 @@ public interface ISysUserPasswordService extends ICrudService<SysUserPassword> {
@ApiOperation(value = "根据密码反查") @ApiOperation(value = "根据密码反查")
public List<SysUserPassword> findPasswordByPassword(String password,Long userId); public List<SysUserPassword> findPasswordByPassword(String password,Long userId);
@ApiOperation(value = "根据密码反查重置时间后的")
public List<SysUserPassword> findPasswordByPasswordAndResetPwdTime(String password,Long userId);
/** /**
* id, * id,
* @param pwdId * @param pwdId

26
modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserService.java
Unescape Escape View File

@ -49,6 +49,9 @@ public interface ISysUserService {
@ApiOperation(value = "锁定用户", notes = "锁定用户") @ApiOperation(value = "锁定用户", notes = "锁定用户")
void doLockSysUserById(Long id); void doLockSysUserById(Long id);
@ApiOperation(value = "锁定用户指定状态", notes = "锁定用户指定状态")
void doLockAndStatusSysUserById(Long id, Integer status);
/** /**
* *
* *
@ -110,6 +113,22 @@ public interface ISysUserService {
@ApiOperation(value = "首次登录重置账号登录次数", notes = "首次登录重置账号登录次数") @ApiOperation(value = "首次登录重置账号登录次数", notes = "首次登录重置账号登录次数")
void updateUserLoginNum(Long userId,Integer userLoginNum); void updateUserLoginNum(Long userId,Integer userLoginNum);
/**
*
*
* @param userId
*/
@ApiOperation(value = "手动重置密码后是否强制修改密码", notes = "手动重置密码后是否强制修改密码")
void updateUserLoginNumByHeadResetPwd(Long userId,Integer userLoginNum);
/**
*
*
* @param userId
*/
@ApiOperation(value = "重置账号修改密码频次", notes = "重置账号修改密码频次")
void updateUserModifyPwdNum(Long userId,Integer modifyPwdNum);
/** /**
* *
@ -443,4 +462,11 @@ public interface ISysUserService {
*/ */
@ApiOperation(value = "获取批量账号信息", notes = "查询用户信息-批量根据登录名称查询") @ApiOperation(value = "获取批量账号信息", notes = "查询用户信息-批量根据登录名称查询")
ListPager<SysUser> findSysUserByName(String userLoginName,String userName ,Pager pager); ListPager<SysUser> findSysUserByName(String userLoginName,String userName ,Pager pager);
/**
*
* @return
*/
@ApiOperation(value = "获取批量账号信息", notes = "查询用户信息-批量根据登录名称查询")
List<SysUser> findUserNotLoginLongTime(String startDate, String endDate);
} }

5
modules/i3plus-core-apiservice/pom.xml
Unescape Escape View File

@ -14,6 +14,11 @@
<packaging>jar</packaging> <packaging>jar</packaging>
<dependencies> <dependencies>
<!-- 暂时测试xxl-job -->
<dependency>
<groupId>com.xuxueli</groupId>
<artifactId>xxl-job-core</artifactId>
</dependency>
<dependency> <dependency>
<groupId>com.alibaba</groupId> <groupId>com.alibaba</groupId>
<artifactId>druid</artifactId> <artifactId>druid</artifactId>

13
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java
Unescape Escape View File

@ -25,6 +25,7 @@ import cn.estsh.i3plus.pojo.base.common.Pager;
import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil; import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil;
import cn.estsh.i3plus.pojo.base.enumutil.ImppEnumUtil; import cn.estsh.i3plus.pojo.base.enumutil.ImppEnumUtil;
import cn.estsh.i3plus.pojo.base.enumutil.ResourceEnumUtil; import cn.estsh.i3plus.pojo.base.enumutil.ResourceEnumUtil;
import cn.estsh.i3plus.pojo.base.util.StringUtil;
import cn.estsh.i3plus.pojo.model.common.CloudPagerModel; import cn.estsh.i3plus.pojo.model.common.CloudPagerModel;
import cn.estsh.i3plus.pojo.model.common.ImppEmail; import cn.estsh.i3plus.pojo.model.common.ImppEmail;
import cn.estsh.i3plus.pojo.model.common.ImppSmsContent; import cn.estsh.i3plus.pojo.model.common.ImppSmsContent;
@ -489,8 +490,13 @@ public class WhiteController extends CoreBaseController {
} }
} }
// 记录登录记录 // 记录登录记录
SessionUser sessionUser = (SessionUser)result.getResultObject();
if(StringUtil.isEmpty(sessionUser) && StringUtil.isEmpty(sessionUser.getUserId())){
recordSysUserLog(sessionUser.getUserId(), loginModel.getLoginName(), userLoginStatus.getValue());
} else {
recordSysUserLog(null, loginModel.getLoginName(), userLoginStatus.getValue()); recordSysUserLog(null, loginModel.getLoginName(), userLoginStatus.getValue());
} }
}
LOGGER.info("会员{}登陆登录完成,登录{},语言:{} , 登录耗时:{}", loginModel.getLoginName(), result.isSuccess() ? "成功" : "失败", BaseThreadLocal.getThreadLanguageCode(), (System.currentTimeMillis() - startTime)); LOGGER.info("会员{}登陆登录完成,登录{},语言:{} , 登录耗时:{}", loginModel.getLoginName(), result.isSuccess() ? "成功" : "失败", BaseThreadLocal.getThreadLanguageCode(), (System.currentTimeMillis() - startTime));
return result; return result;
@ -946,6 +952,13 @@ public class WhiteController extends CoreBaseController {
} }
} }
@GetMapping(value = "/user-update-password-hint")
@ApiOperation(value = "获取修改密码提示信息", notes = "获取修改密码提示信息")
public ResultBean getUserUpdatePasswordHint() {
List<SysConfig> sysConfigs = configService.ListSysConfig();
return ResultBean.success().setResultList(sysConfigs);
}
@PostMapping(value = "/license") @PostMapping(value = "/license")
@ApiOperation(value = "更新授权", notes = "更新授权") @ApiOperation(value = "更新授权", notes = "更新授权")
public ResultBean updateLicense(String content) { public ResultBean updateLicense(String content) {

2
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/PersonnelController.java
Unescape Escape View File

@ -171,6 +171,7 @@ public class PersonnelController extends CoreBaseController {
//松下需要创建的新用户 第一次登陆系统就要重置密码 //松下需要创建的新用户 第一次登陆系统就要重置密码
// user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true)); // user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true));
refreshSysUserPassword(user); refreshSysUserPassword(user);
user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true));
SysUser userSaved = personnelService.saveSysUser(user); SysUser userSaved = personnelService.saveSysUser(user);
// 添加保存passwordId进SysUser表 // 添加保存passwordId进SysUser表
@ -805,6 +806,7 @@ public class PersonnelController extends CoreBaseController {
user.setUserPhone(model.getUserPhone()); user.setUserPhone(model.getUserPhone());
user.setLanguageCode(model.getUserLanguageCode()); user.setLanguageCode(model.getUserLanguageCode());
user.setUserAccountType(model.getUserAccountType()); user.setUserAccountType(model.getUserAccountType());
user.setUserPasswordOverdue(model.getUserPasswordOverdue());
if (!StringUtils.isAnyBlank(model.getUserLoginPassword())) { // 使用新密码 if (!StringUtils.isAnyBlank(model.getUserLoginPassword())) { // 使用新密码
user.setUserLoginPassword(EncryptTool.hexMD5(model.getUserLoginPassword())); user.setUserLoginPassword(EncryptTool.hexMD5(model.getUserLoginPassword()));

42
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysLogUserLoginController.java
Unescape Escape View File

@ -174,4 +174,46 @@ public class SysLogUserLoginController extends CoreBaseController {
} }
} }
@GetMapping(value = "/export/month/user-login")
@ApiOperation(value = "导出用户登录日志")
public ResultBean exportMonthlyUserLoginReport(HttpServletResponse response, String startTime, String endTime) {
File file = null;
try {
List<SysLogUserLogin> sysLogUserLogins = userService.queryUserMonthlyLoginLog(startTime, endTime);
ExcelTool excelTool = new ExcelTool(entityManager, redisRes);
String fileName = "user-login-log-" + System.currentTimeMillis() + ".xls";
file = new File(fileName);
file.createNewFile();
excelTool.exportData(file, sysLogUserLogins, SysLogUserLogin.class
, (LinkedHashMap<String, String>) ExcelTool.getColName(SysLogUserLogin.class));
response.setContentType("application/force-download"); // 设置强制下载不打开
response.addHeader("Content-Disposition", "attachment;fileName=" + fileName); // 设置文件名
response.addHeader("Content-type", FileContentTypeTool.getContentType(StringTool.getStringFileSuffix(fileName, true)));
// 设置文件名
try (BufferedInputStream bis = new BufferedInputStream(new DataInputStream(new FileInputStream(file)))) {
OutputStream os = response.getOutputStream();
byte[] buffer = new byte[1024];
int i = bis.read(buffer);
while (i != -1) {
os.write(buffer, 0, i);
i = bis.read(buffer);
}
} catch (Exception e) {
LOGGER.error("用户日志导出异常", e);
}
return ResultBean.success().setResultList(sysLogUserLogins);
} catch (ImppBusiException busExcep) {
return ResultBean.fail(busExcep);
} catch (Exception e) {
return ImppExceptionBuilder.newInstance().buildExceptionResult(e);
}finally {
if(file!=null){
FileUtils.deleteQuietly(file);
}
}
}
} }

74
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysUserController.java
Unescape Escape View File

@ -24,6 +24,7 @@ import cn.estsh.i3plus.pojo.base.common.Pager;
import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil; import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil;
import cn.estsh.i3plus.pojo.base.enumutil.ImppEnumUtil; import cn.estsh.i3plus.pojo.base.enumutil.ImppEnumUtil;
import cn.estsh.i3plus.pojo.base.enumutil.ResourceEnumUtil; import cn.estsh.i3plus.pojo.base.enumutil.ResourceEnumUtil;
import cn.estsh.i3plus.pojo.model.common.ExportDataModel;
import cn.estsh.i3plus.pojo.model.platform.AccountExportModel; import cn.estsh.i3plus.pojo.model.platform.AccountExportModel;
import cn.estsh.i3plus.pojo.model.platform.AndonQueryUserModel; import cn.estsh.i3plus.pojo.model.platform.AndonQueryUserModel;
import cn.estsh.i3plus.pojo.model.platform.AndonQueryUserResultModel; import cn.estsh.i3plus.pojo.model.platform.AndonQueryUserResultModel;
@ -36,6 +37,7 @@ import cn.estsh.impp.framework.boot.util.ImppRedis;
import cn.estsh.impp.framework.boot.util.RedisCacheTool; import cn.estsh.impp.framework.boot.util.RedisCacheTool;
import cn.estsh.impp.framework.boot.util.ResultBean; import cn.estsh.impp.framework.boot.util.ResultBean;
import cn.estsh.impp.framework.boot.util.ValidatorBean; import cn.estsh.impp.framework.boot.util.ValidatorBean;
import com.alibaba.fastjson.JSON;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import org.apache.commons.io.FileUtils; import org.apache.commons.io.FileUtils;
@ -283,9 +285,10 @@ public class SysUserController extends CoreBaseController {
ValidatorBean.checkNotZero(status, "功能状态不能为空"); ValidatorBean.checkNotZero(status, "功能状态不能为空");
sysUserService.updateBatchSysUserStatus(StringTool.getArrayLong(ids), status, AuthUtil.getSessionUser()); sysUserService.updateBatchSysUserStatus(StringTool.getArrayLong(ids), status, AuthUtil.getSessionUser());
//当解除锁定状态 重置当天登录错误次数上限 //当解除锁定状态 重置当天登录错误次数上限和自动解锁次数
if (CommonEnumUtil.USER_STATUS.ENABLE.getValue() == status) { if (CommonEnumUtil.USER_STATUS.ENABLE.getValue() == status) {
deleteRedisLoginErrorKeys(ids); deleteRedisLoginErrorKeys(ids);
deleteRedisAutoUnlockNumKeys(ids);
} }
return ResultBean.success("操作成功").setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()); return ResultBean.success("操作成功").setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode());
} catch (ImppBusiException busExcep) { } catch (ImppBusiException busExcep) {
@ -312,6 +315,22 @@ public class SysUserController extends CoreBaseController {
} }
/** /**
*
*
* @param ids
*/
private void deleteRedisAutoUnlockNumKeys(String[] ids) {
String[] keys = new String[ids.length];
StringBuilder redisKey = new StringBuilder();
for (int i = 0; i < ids.length; i++) {
redisKey.append(CommonConstWords.USER_LOGIN_ERROR).append(":").append("authUnlockKey").append(":").append(TimeTool.getToday()).append(":").append(ids[i]);
keys[i] = redisKey.toString();
redisKey.setLength(0);
}
redisCore.deleteKey(keys);
}
/**
* *
* *
* @param userLoginNames * @param userLoginNames
@ -428,6 +447,53 @@ public class SysUserController extends CoreBaseController {
} }
} }
@PostMapping(value = "/export/user-not-login-long-time")
@ApiOperation(value = "导出长时间未登录账号", notes = "导出长时间未登录账号")
public ResultBean exportUserNotLoginLongTime(@RequestBody ExportDataModel model, HttpServletResponse response) {
File file = null;
try {
ValidatorBean.checkNotNull("ColName", model.getExportCol());
ValidatorBean.checkNotNull("startDate", model.getStartDate());
ValidatorBean.checkNotNull("endDate", model.getEndDate());
LinkedHashMap<String, String> exportColMap = JSON.parseObject(model.getExportCol(), LinkedHashMap.class);
List<SysUser> list = sysUserService.findUserNotLoginLongTime(model.getStartDate(), model.getEndDate());
ExcelTool excelTool = new ExcelTool(entityManager, redisRes);
String fileName = "user-not-login-long-time" + System.currentTimeMillis() + ".xls";
file = new File(fileName);
file.createNewFile();
excelTool.exportData(file, list, SysUser.class
, exportColMap);
response.setContentType("application/force-download"); // 设置强制下载不打开
response.addHeader("Content-Disposition", "attachment;fileName=" + fileName); // 设置文件名
response.addHeader("Content-type", FileContentTypeTool.getContentType(StringTool.getStringFileSuffix(fileName, true)));
// 设置文件名
try (BufferedInputStream bis = new BufferedInputStream(new DataInputStream(new FileInputStream(file)))) {
OutputStream os = response.getOutputStream();
byte[] buffer = new byte[1024];
int i = bis.read(buffer);
while (i != -1) {
os.write(buffer, 0, i);
i = bis.read(buffer);
}
} catch (Exception e) {
LOGGER.error("用户长时间未登录日志导出异常", e);
}
return ResultBean.success("操作成功")
.setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode())
.setResultList(list);
} catch (ImppBusiException busExcep) {
return ResultBean.fail(busExcep);
} catch (Exception e) {
return ImppExceptionBuilder.newInstance().buildExceptionResult(e);
} finally {
if (file != null) {
FileUtils.deleteQuietly(file);
}
}
}
/** /**
* *
* *
@ -600,6 +666,8 @@ public class SysUserController extends CoreBaseController {
userPasswordService.updatePasswordResetLastModifyTime(user.getId(), password, false); userPasswordService.updatePasswordResetLastModifyTime(user.getId(), password, false);
//重置成随机密码会让用户首次登录修改密码 //重置成随机密码会让用户首次登录修改密码
sysUserService.updateUserLoginNum(user.getId(), 0); sysUserService.updateUserLoginNum(user.getId(), 0);
//重置成随机密码之后清空修改次数,重新计算
sysUserService.updateUserModifyPwdNum(user.getId(), 0);
String content = "系统提示:\n" + String content = "系统提示:\n" +
"\t" + getSessionUser().getUserName() + "使用密码重置功能帮您重置了【" + user.getUserLoginName() + "】账号的密码," + "\t" + getSessionUser().getUserName() + "使用密码重置功能帮您重置了【" + user.getUserLoginName() + "】账号的密码," +
"新密码是:" + password + ""; "新密码是:" + password + "";
@ -653,6 +721,10 @@ public class SysUserController extends CoreBaseController {
num = numMax - num; num = numMax - num;
userPasswordService.updatePasswordResetLastModifyTime(user.getId(), password, true); userPasswordService.updatePasswordResetLastModifyTime(user.getId(), password, true);
//手动重置密码是否需要用户首次登录修改密码
sysUserService.updateUserLoginNumByHeadResetPwd(user.getId(), 0);
//密码管理员手动重置密码之后清空修改次数,重新计算
sysUserService.updateUserModifyPwdNum(user.getId(), 0);
LOGGER.info("系统提示:{} 使用密码重置功能帮{}重置了{}账号的密码,新密码是:{}", LOGGER.info("系统提示:{} 使用密码重置功能帮{}重置了{}账号的密码,新密码是:{}",
getSessionUser().getUserName(), user.getUserName(), user.getUserLoginName(), password); getSessionUser().getUserName(), user.getUserName(), user.getUserLoginName(), password);

85
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/schedulejob/CheckLoginTimeDayJob.java
Unescape Escape View File

@ -0,0 +1,85 @@
package cn.estsh.i3plus.core.apiservice.schedulejob;
import cn.estsh.i3plus.core.api.iservice.busi.ISysUserService;
import cn.estsh.i3plus.platform.common.tool.TimeTool;
import cn.estsh.i3plus.platform.common.util.CommonConstWords;
import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil;
import cn.estsh.i3plus.pojo.platform.bean.SysUser;
import cn.estsh.i3plus.pojo.platform.repository.SysUserRepository;
import cn.estsh.impp.framework.base.schedule.BaseImppScheduleJob;
import cn.estsh.impp.framework.boot.auth.AuthUtil;
import cn.estsh.impp.framework.boot.init.ApplicationProperties;
import cn.estsh.impp.framework.boot.util.ImppRedis;
import cn.estsh.impp.framework.boot.util.RedisCacheTool;
import com.xxl.job.core.handler.annotation.XxlJob;
import io.swagger.annotations.ApiOperation;
import org.quartz.DisallowConcurrentExecution;
import org.quartz.JobExecutionContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
import javax.persistence.EntityManager;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.List;
/**
* @Description :
* @Reference :
* @Author :
* @CreateDate : 2022-11-15 17:23
* @Modify:
**/
@DisallowConcurrentExecution
@ApiOperation("锁定长时间未登录用户job")
@Component
public class CheckLoginTimeDayJob extends BaseImppScheduleJob {
@Autowired
private SysUserRepository userRDao;
@Autowired
private EntityManager entityManager;
@Resource(name = CommonConstWords.IMPP_REDIS_CORE)
protected ImppRedis redisCore;
public CheckLoginTimeDayJob() {
super(CheckLoginTimeDayJob.class, "锁定长时间未登录用户");
}
@XxlJob("cn.estsh.i3plus.core.apiservice.schedulejob.CheckLoginTimeDayJob")
@Override
public void executeImppJob(JobExecutionContext context, ApplicationProperties applicationProperties) {
boolean unLoginLongTimeOnOff = RedisCacheTool.getSysConfigBooleanVal(CommonConstWords.CONFIG_USER_UNLOGIN_LONG_TIME_LOCK, CommonEnumUtil.TRUE_OR_FALSE.FALSE);
int unLoginDay = RedisCacheTool.getSysConfigIntVal(CommonConstWords.CONFIG_USER_LOGIN_DAY_OUT, CommonConstWords.CONFIG_USER_LOGIN_DAY_OUT_DEFAULT);
if (unLoginLongTimeOnOff && unLoginDay != 0) {
//获取unLoginDay之前的时间
// long time = (long)unLoginDay * 86400000;
// TimeTool.pareDateToString
Date dateBefore = TimeTool.getDateBefore(new Date("yyyy-MM-dd HH:mm:ss"), unLoginDay);
String unLoginDayAgo = TimeTool.pareDateToString(dateBefore);
// SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
// String unLoginDayAgo = simpleDateFormat.format(new Date(System.currentTimeMillis() - time));
String hql = " select su from SysUser as su " +
"where su.userLoginLastDateTime <=:userLoginLastDateTime " +
"and su.userPasswordOverdue = :userPasswordOverdue";
List<SysUser> sysUserList = entityManager.createQuery(hql)
.setParameter("userLoginLastDateTime", unLoginDayAgo)
.setParameter("userPasswordOverdue", CommonEnumUtil.TRUE_OR_FALSE.TRUE.getValue())
.getResultList();
for (SysUser user : sysUserList) {
user.setUserStatus(CommonEnumUtil.USER_STATUS.DISABLE.getValue());
user.setLockType(CommonEnumUtil.LOCK_TYPE.NOT_LOGIN_A_LONG_TIME.getValue());
userRDao.save(user);
}
}
}
}

6
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/login/strategy/DefaultLoginStrategy.java
Unescape Escape View File

@ -56,7 +56,7 @@ public class DefaultLoginStrategy implements ISystemLoginStrategyService {
public BiFunction<HttpServletRequest, SysLoginModel, ResultBean> login() { public BiFunction<HttpServletRequest, SysLoginModel, ResultBean> login() {
return (request, loginModel) -> { return (request, loginModel) -> {
ResultBean result; ResultBean result;
ValidatorBean.checkNotNull(loginModel.getLanguageCode(), "语言不能为空"); // ValidatorBean.checkNotNull(loginModel.getLanguageCode(), "语言不能为空");
// TODO 后期移除,暂时用于避免自动登录后前台没有正确的传输组织代码信息 // TODO 后期移除,暂时用于避免自动登录后前台没有正确的传输组织代码信息
if ("null".equals(loginModel.getLanguageCode())) { if ("null".equals(loginModel.getLanguageCode())) {
loginModel.setLanguageCode(DEFAULT_LANGUAGE); loginModel.setLanguageCode(DEFAULT_LANGUAGE);
@ -124,7 +124,7 @@ public class DefaultLoginStrategy implements ISystemLoginStrategyService {
SysConfig passwordExpireDays = RedisCacheTool.getSysConfigByConfigCode(CommonConstWords.CONFIG_PWD_EXPIRE_DAY_TIME); SysConfig passwordExpireDays = RedisCacheTool.getSysConfigByConfigCode(CommonConstWords.CONFIG_PWD_EXPIRE_DAY_TIME);
if (passwordExpireDays != null && Integer.parseInt(passwordExpireDays.getConfigValue()) > 0) { if (passwordExpireDays != null && Integer.parseInt(passwordExpireDays.getConfigValue()) > 0) {
SysUser user = userService.getSysUserByLoginName(loginName); SysUser user = userService.getSysUserByLoginName(loginName);
if (StringUtils.isEmpty(user.getUserPasswordLastModifyTime())) { if (StringUtils.isEmpty(user.getUserPasswordLastModifyTime()) && user.getUserPasswordOverdue() == CommonEnumUtil.TRUE_OR_FALSE.TRUE.getValue()) {
throw new ExpiredCredentialsException("用户密码过期 请重新设置新密码"); throw new ExpiredCredentialsException("用户密码过期 请重新设置新密码");
} else { } else {
DateFormat df = new SimpleDateFormat(CommonConstWords.DATE_TIME_FORMAT_HH_MM_SS_RISK); DateFormat df = new SimpleDateFormat(CommonConstWords.DATE_TIME_FORMAT_HH_MM_SS_RISK);
@ -135,7 +135,7 @@ public class DefaultLoginStrategy implements ISystemLoginStrategyService {
throw new ImppBusiException("验证用户密码登录时间,时间解析错误"); throw new ImppBusiException("验证用户密码登录时间,时间解析错误");
} }
long dayGap = (System.currentTimeMillis() - lastModifyDate.getTime()) / (60 * 60 * 1000 * 24); long dayGap = (System.currentTimeMillis() - lastModifyDate.getTime()) / (60 * 60 * 1000 * 24);
if ((int) dayGap >= Integer.parseInt(passwordExpireDays.getConfigValue())) { if ((int) dayGap >= Integer.parseInt(passwordExpireDays.getConfigValue()) && user.getUserPasswordOverdue() == CommonEnumUtil.TRUE_OR_FALSE.TRUE.getValue()) {
throw new ExpiredCredentialsException("用户密码过期 请重新设置新密码"); throw new ExpiredCredentialsException("用户密码过期 请重新设置新密码");
} }
} }

2
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/PersonnelServiceService.java
Unescape Escape View File

@ -1041,6 +1041,8 @@ public class PersonnelServiceService implements IPersonnelService {
logRoleChange.setUserId(userId); logRoleChange.setUserId(userId);
logRoleChange.setPreviousRoles(previousRole); logRoleChange.setPreviousRoles(previousRole);
logRoleChange.setCurrentRoles(currentRole); logRoleChange.setCurrentRoles(currentRole);
logRoleChange.setUserLoginName(user.getUserLoginName());
logRoleChange.setDepartmentNameRdd(user.getDepartmentNameRdd());
ConvertBean.serviceModelInitialize(logRoleChange, AuthUtil.getSessionUser().getUserName()); ConvertBean.serviceModelInitialize(logRoleChange, AuthUtil.getSessionUser().getUserName());
logRoleChangeRepository.save(logRoleChange); logRoleChangeRepository.save(logRoleChange);

73
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserSavePasswordService.java
Unescape Escape View File

@ -6,6 +6,7 @@ import cn.estsh.i3plus.core.apiservice.util.SysUserPasswordUtil;
import cn.estsh.i3plus.platform.common.convert.ConvertBean; import cn.estsh.i3plus.platform.common.convert.ConvertBean;
import cn.estsh.i3plus.platform.common.exception.ImppExceptionEnum; import cn.estsh.i3plus.platform.common.exception.ImppExceptionEnum;
import cn.estsh.i3plus.platform.common.tool.TimeTool; import cn.estsh.i3plus.platform.common.tool.TimeTool;
import cn.estsh.i3plus.platform.common.util.CommonConstWords;
import cn.estsh.i3plus.pojo.base.bean.DdlPackBean; import cn.estsh.i3plus.pojo.base.bean.DdlPackBean;
import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil; import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil;
import cn.estsh.i3plus.pojo.base.jpa.dao.BaseRepository; import cn.estsh.i3plus.pojo.base.jpa.dao.BaseRepository;
@ -16,11 +17,14 @@ import cn.estsh.i3plus.pojo.platform.repository.SysUserPasswordRepository;
import cn.estsh.impp.framework.base.service.CrudService; import cn.estsh.impp.framework.base.service.CrudService;
import cn.estsh.impp.framework.boot.auth.AuthUtil; import cn.estsh.impp.framework.boot.auth.AuthUtil;
import cn.estsh.impp.framework.boot.exception.ImppExceptionBuilder; import cn.estsh.impp.framework.boot.exception.ImppExceptionBuilder;
import cn.estsh.impp.framework.boot.util.ImppRedis;
import cn.estsh.impp.framework.boot.util.RedisCacheTool;
import cn.estsh.impp.framework.boot.util.ValidatorBean; import cn.estsh.impp.framework.boot.util.ValidatorBean;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Primary; import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -45,6 +49,9 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
@Autowired @Autowired
private SysUserPasswordUtil userPasswordUtil; private SysUserPasswordUtil userPasswordUtil;
@Resource(name = CommonConstWords.IMPP_REDIS_CORE)
protected ImppRedis redisCore;
@Override @Override
public BaseRepository<SysUserPassword, Long> getRepository() { public BaseRepository<SysUserPassword, Long> getRepository() {
return userPasswordRDao; return userPasswordRDao;
@ -93,12 +100,22 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
user.setUserLoginPassword(password); user.setUserLoginPassword(password);
userPasswordUtil.checkPasswordSave(user); userPasswordUtil.checkPasswordSave(user);
userPasswordRDao.updateByProperties( String frequencyDay = RedisCacheTool.getSysConfigStrVal(CommonConstWords.CONFIG_USER_MODIFY_PWD_FREQUENCY_DAY);
new String[]{"userId", "isDeleted"}, String redisKey = CommonConstWords.CONFIG_USER_MODIFY_PWD_FREQUENCY_DAY+"_"+user.getId()+"_"+user.getUserLoginName();
new Object[]{user.getId(), CommonEnumUtil.IS_DEAL.NO.getValue()}, //校验密码修改次数
new String[]{"isDeleted", "modifyDatetime", "modifyUser"}, Object redisfrequencyDay = redisCore.getObject(redisKey);
new Object[]{
CommonEnumUtil.IS_DEAL.YES.getValue(), TimeTool.getNowTime(true), AuthUtil.getSessionUser().getUserName()}); if (redisfrequencyDay == null) {
redisCore.putObject(redisKey, frequencyDay, Integer.parseInt(frequencyDay)*CommonConstWords.REDIS_TIME_DAY_ONE);
user.setModifyPwdNum(1);
} else {
int modifyNum = 0;
Integer modifyUnlockNum = user.getModifyPwdNum();
if (null != modifyUnlockNum) {
modifyNum = modifyUnlockNum;
}
user.setModifyPwdNum(modifyNum++);
}
SysUserPassword pwd = new SysUserPassword(); SysUserPassword pwd = new SysUserPassword();
pwd.setUserId(userId); pwd.setUserId(userId);
@ -108,6 +125,7 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
user.setUserLoginPasswordId(save.getId()); user.setUserLoginPasswordId(save.getId());
user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true)); user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true));
user.setUserLoginPassword(SysUserPasswordUtil.encoder(password));
ConvertBean.serviceModelUpdate(user, AuthUtil.getSessionUser().getUserName()); ConvertBean.serviceModelUpdate(user, AuthUtil.getSessionUser().getUserName());
userService.updateSysUser(user); userService.updateSysUser(user);
} }
@ -136,7 +154,10 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
user.setUserLoginPasswordId(save.getId()); user.setUserLoginPasswordId(save.getId());
// 松下需要 重置密码之后 重新登录重新设置密码 // 松下需要 重置密码之后 重新登录重新设置密码
user.setUserPasswordLastModifyTime(""); user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true));
// 重置密码设置重置密码的时间,方便充值后重新技术校验密码重复次数
user.setResetPasswordTime(TimeTool.getNowTime(true));
user.setUserLoginPassword(SysUserPasswordUtil.encoder(password));
ConvertBean.serviceModelUpdate(user, AuthUtil.getSessionUser().getUserName()); ConvertBean.serviceModelUpdate(user, AuthUtil.getSessionUser().getUserName());
userService.updateSysUser(user); userService.updateSysUser(user);
} }
@ -147,6 +168,24 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
user.setUserLoginPassword(newPwd); user.setUserLoginPassword(newPwd);
userPasswordUtil.checkPasswordSave(user); userPasswordUtil.checkPasswordSave(user);
//供应商,修改密码校验修改次数
String frequencyDay = RedisCacheTool.getSysConfigStrVal(CommonConstWords.CONFIG_USER_MODIFY_PWD_FREQUENCY_DAY);
String redisKey = CommonConstWords.CONFIG_USER_MODIFY_PWD_FREQUENCY_DAY+"_"+user.getId()+"_"+user.getUserLoginName();
//校验密码修改次数
Object redisfrequencyDay = redisCore.getObject(redisKey);
if (redisfrequencyDay == null) {
redisCore.putObject(redisKey, frequencyDay, Integer.parseInt(frequencyDay)*CommonConstWords.REDIS_TIME_DAY_ONE);
user.setModifyPwdNum(1);
} else {
Integer modifyUnlockNum = user.getModifyPwdNum();
int modifyNum = 0;
if(null != modifyUnlockNum){
modifyNum = modifyUnlockNum;
}
user.setModifyPwdNum(++modifyNum);
}
userService.updateSysUser(user);
//当前方法是不需要session,是在登陆前弹窗修改密码 //当前方法是不需要session,是在登陆前弹窗修改密码
//如果是首次登录修改密码则设置登录次数为1 //如果是首次登录修改密码则设置登录次数为1
if(null == user.getUserLoginNum() || user.getUserLoginNum() == 0){ if(null == user.getUserLoginNum() || user.getUserLoginNum() == 0){
@ -165,9 +204,9 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
pwd.setUserPassword(SysUserPasswordUtil.encoder(newPwd)); pwd.setUserPassword(SysUserPasswordUtil.encoder(newPwd));
ConvertBean.serviceModelInitialize(pwd, loginName); ConvertBean.serviceModelInitialize(pwd, loginName);
SysUserPassword save = userPasswordRDao.save(pwd); SysUserPassword save = userPasswordRDao.save(pwd);
user.setUserLoginPasswordId(save.getId()); user.setUserLoginPasswordId(save.getId());
user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true)); user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true));
user.setUserLoginPassword(SysUserPasswordUtil.encoder(newPwd));
ConvertBean.serviceModelUpdate(user, loginName); ConvertBean.serviceModelUpdate(user, loginName);
userService.updateSysUser(user); userService.updateSysUser(user);
} }
@ -185,6 +224,24 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
} }
@Override @Override
public List<SysUserPassword> findPasswordByPasswordAndResetPwdTime(String password,Long userId) {
List<SysUserPassword> passwordList = new ArrayList<>();
if(StringUtils.isBlank(password) || userId == null){
return passwordList;
}
SysUser user = userService.getSysUserById(userId);
DdlPackBean ddlPackBean = DdlPackBean.getDdlPackBean();
DdlPreparedPack.getStringEqualPack(password,"userPassword",ddlPackBean);
DdlPreparedPack.getNumEqualPack(userId,"userId",ddlPackBean);
//当重置密码时间不为空时,查出在重置密码之后所修改的密码
if(null != user && user.getResetPasswordTime() != null){
DdlPreparedPack.getStringBiggerPack(user.getResetPasswordTime(), "createDatetime",ddlPackBean);
}
List<SysUserPassword> byHqlWhere = userPasswordRDao.findByHqlWhere(ddlPackBean);
return byHqlWhere;
}
@Override
public void updatePasswordByPwdIdAndNewPwd(Long pwdId, String newPwd) { public void updatePasswordByPwdIdAndNewPwd(Long pwdId, String newPwd) {
try { try {
SysUserPassword sup = userPasswordRDao.getById(pwdId); SysUserPassword sup = userPasswordRDao.getById(pwdId);

52
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserService.java
Unescape Escape View File

@ -123,6 +123,9 @@ public class SysUserService implements ISysUserService {
@Resource(name = CommonConstWords.IMPP_REDIS_SESSION) @Resource(name = CommonConstWords.IMPP_REDIS_SESSION)
private ImppRedis redisSession; private ImppRedis redisSession;
@Resource(name = CommonConstWords.IMPP_REDIS_CORE)
protected ImppRedis redisCore;
@Override @Override
@ApiOperation(value = "用户登录", notes = "用户登录功能实现") @ApiOperation(value = "用户登录", notes = "用户登录功能实现")
@Transactional(propagation = Propagation.REQUIRED) @Transactional(propagation = Propagation.REQUIRED)
@ -140,6 +143,7 @@ public class SysUserService implements ISysUserService {
if (user.getUserStatus() != CommonEnumUtil.USER_STATUS.ENABLE.getValue()) { if (user.getUserStatus() != CommonEnumUtil.USER_STATUS.ENABLE.getValue()) {
throw new LockedAccountException("账号已被锁定"); throw new LockedAccountException("账号已被锁定");
} }
user.setUserLoginPassword(password);
//校验 用户 //校验 用户
ResultBean result = passwordUtil.checkSysUserLogin(user); ResultBean result = passwordUtil.checkSysUserLogin(user);
if (!result.isSuccess()) { if (!result.isSuccess()) {
@ -300,6 +304,16 @@ public class SysUserService implements ISysUserService {
} }
@Override @Override
public void doLockAndStatusSysUserById(Long id,Integer status) {
SysUser user = userRDao.getById(id);
if (Objects.nonNull(user)) {
user.setUserStatus(CommonEnumUtil.USER_STATUS.LOCKING.getValue());
user.setLockType(status);
userRDao.save(user);
}
}
@Override
@ApiOperation(value = "修改账号", notes = "批量修改账号状态") @ApiOperation(value = "修改账号", notes = "批量修改账号状态")
public void updateBatchSysUserStatus(Long[] ids, int status, SessionUser user) { public void updateBatchSysUserStatus(Long[] ids, int status, SessionUser user) {
LOGGER.debug("平台用户 SYS_USER DELETE By ids :{} status:{}, SessionUser :{}", ids, status, user); LOGGER.debug("平台用户 SYS_USER DELETE By ids :{} status:{}, SessionUser :{}", ids, status, user);
@ -404,11 +418,16 @@ public class SysUserService implements ISysUserService {
@Override @Override
@ApiOperation(value = "刷新账号", notes = "刷新账号登录信息") @ApiOperation(value = "刷新账号", notes = "刷新账号登录信息")
public void refreshUserLoginInformation(Long userId) { public void refreshUserLoginInformation(Long userId) {
String today = TimeTool.getToday();
String redisKey = CommonConstWords.USER_LOGIN_ERROR + ":" + today + ":" + userId;
String redisAuthUnlockKey = CommonConstWords.USER_LOGIN_ERROR + ":" + "authUnlockKey" + ":" + today + ":" + userId;
String unlockRedisKey = CommonConstWords.CONFIG_USER_LOGIN_ERROR_NUM_UNLOCK_TIME + "_" + userId;
SysUser user = userRDao.getById(userId); SysUser user = userRDao.getById(userId);
user.setUserLoginLastDateTime(TimeTool.getNowTime(true)); user.setUserLoginLastDateTime(TimeTool.getNowTime(true));
user.setUserLoginNum(user.getUserLoginNum() + 1); user.setUserLoginNum(user.getUserLoginNum() + 1);
userRDao.save(user); userRDao.save(user);
redisCore.deleteKey(new String[]{redisKey, redisAuthUnlockKey, unlockRedisKey});
SysUserInfo userInfo = sysUserInfoRDao.getById(user.getUserInfoId()); SysUserInfo userInfo = sysUserInfoRDao.getById(user.getUserInfoId());
userInfo.setUserLoginLastDateTime(TimeTool.getNowTime(true)); userInfo.setUserLoginLastDateTime(TimeTool.getNowTime(true));
userInfo.setUserLoginNum(userInfo.getUserLoginNum() + 1); userInfo.setUserLoginNum(userInfo.getUserLoginNum() + 1);
@ -425,6 +444,29 @@ public class SysUserService implements ISysUserService {
sysUserInfoRDao.updateByProperties(new String[]{"userLoginNum"}, new Object[]{loginNum}, userInfoDdlPackBean); sysUserInfoRDao.updateByProperties(new String[]{"userLoginNum"}, new Object[]{loginNum}, userInfoDdlPackBean);
} }
@Override
public void updateUserLoginNumByHeadResetPwd(Long userId, Integer loginNum) {
int resetUpdatePwd = RedisCacheTool.getSysConfigIntVal(CommonConstWords.CONFIG_PWD_RESET_PASSWORD_HEAD_ONOFF, CommonConstWords.CONFIG_PWD_RESET_PASSWORD_HEAD_ONOFF_DEFAULT);
if (resetUpdatePwd == CommonEnumUtil.TRUE_OR_FALSE.TRUE.getValue()) {
SysUser user = userRDao.getById(userId);
user.setUserLoginNum(loginNum);
userRDao.save(user);
DdlPackBean userInfoDdlPackBean = DdlPackBean.getDdlPackBean();
DdlPreparedPack.getNumEqualPack(user.getUserInfoId(), "id", userInfoDdlPackBean);
sysUserInfoRDao.updateByProperties(new String[]{"userLoginNum"}, new Object[]{loginNum}, userInfoDdlPackBean);
}
}
@Override
public void updateUserModifyPwdNum(Long userId, Integer modifyPwdNum) {
SysUser user = userRDao.getById(userId);
String redisKey = CommonConstWords.CONFIG_USER_MODIFY_PWD_FREQUENCY_DAY+"_"+user.getId()+"_"+user.getUserLoginName();
user.setModifyPwdNum(modifyPwdNum);
userRDao.save(user);
redisCore.deleteKey(redisKey);
}
@Override @Override
public void refreshUserLoginDateTime(Long userId, Long userInfoId) { public void refreshUserLoginDateTime(Long userId, Long userInfoId) {
@ -1074,6 +1116,16 @@ public class SysUserService implements ISysUserService {
return new ListPager(userRDao.findByHqlWherePage(ddlPackBean, pager), pager); return new ListPager(userRDao.findByHqlWherePage(ddlPackBean, pager), pager);
} }
@Override
public List<SysUser> findUserNotLoginLongTime(String startDate, String endDate) {
DdlPackBean ddlPackBean = DdlPackBean.getDdlPackBean();
DdlPreparedPack.getNumEqualPack(CommonEnumUtil.USER_STATUS.DISABLE.getValue(),"userStatus",ddlPackBean);
DdlPreparedPack.getNumEqualPack(CommonEnumUtil.LOCK_TYPE.NOT_LOGIN_A_LONG_TIME.getValue(),"lockType",ddlPackBean);
DdlPreparedPack.timeBuilder(startDate, endDate, "modifyDatetime", true, true, ddlPackBean);
List<SysUser> userNotLoginLongTimeList = userRDao.findByHqlWhere(ddlPackBean);
return userNotLoginLongTimeList;
}
/** /**
* *

191
modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/util/SysUserPasswordUtil.java
Unescape Escape View File

@ -7,6 +7,7 @@ import cn.estsh.i3plus.platform.common.tool.EncryptTool;
import cn.estsh.i3plus.platform.common.tool.TimeTool; import cn.estsh.i3plus.platform.common.tool.TimeTool;
import cn.estsh.i3plus.platform.common.util.CommonConstWords; import cn.estsh.i3plus.platform.common.util.CommonConstWords;
import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil; import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil;
import cn.estsh.i3plus.pojo.platform.bean.SysConfig;
import cn.estsh.i3plus.pojo.platform.bean.SysUser; import cn.estsh.i3plus.pojo.platform.bean.SysUser;
import cn.estsh.i3plus.pojo.platform.bean.SysUserPassword; import cn.estsh.i3plus.pojo.platform.bean.SysUserPassword;
import cn.estsh.impp.framework.boot.exception.ImppBusiException; import cn.estsh.impp.framework.boot.exception.ImppBusiException;
@ -28,8 +29,10 @@ import org.springframework.util.ObjectUtils;
import javax.annotation.Resource; import javax.annotation.Resource;
import javax.naming.NamingException; import javax.naming.NamingException;
import javax.naming.ldap.LdapContext; import javax.naming.ldap.LdapContext;
import javax.persistence.EntityManager;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.text.ParseException;
import java.util.*; import java.util.*;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -119,6 +122,9 @@ public class SysUserPasswordUtil {
* @param user * @param user
*/ */
public void checkPasswordLogin(SysUser user) { public void checkPasswordLogin(SysUser user) {
//
SysConfig sysConfig = RedisCacheTool.getSysConfigByConfigCode(CommonConstWords.CONFIG_PWD_LENGTH);
if(StringUtils.isEmpty(user.getUserPasswordLastModifyTime()) || user.getUserPasswordLastModifyTime().compareTo(sysConfig.getModifyDatetime()) >= 0) {
/* 密码 长度校验 */ /* 密码 长度校验 */
checkPasswordLength(user.getUserLoginPassword()); checkPasswordLength(user.getUserLoginPassword());
/* 密码 大写字母校验 */ /* 密码 大写字母校验 */
@ -132,6 +138,7 @@ public class SysUserPasswordUtil {
/* 密码 密码正则校验 */ /* 密码 密码正则校验 */
checkPasswordRepeat(user.getUserLoginPassword()); checkPasswordRepeat(user.getUserLoginPassword());
} }
}
/******************************************** 用户保存密码检查 ********************************************/ /******************************************** 用户保存密码检查 ********************************************/
@ -150,6 +157,8 @@ public class SysUserPasswordUtil {
checkPasswordRepeatDay(user); checkPasswordRepeatDay(user);
/* 密码 密码正则校验 */ /* 密码 密码正则校验 */
checkPasswordRepeat(user.getUserLoginPassword()); checkPasswordRepeat(user.getUserLoginPassword());
/* 密码 用户修改密码频次校验 */
checkPasswordFrequency(user);
} }
/** /**
@ -327,7 +336,7 @@ public class SysUserPasswordUtil {
// List<SysUserPassword> passwords = userPasswordService.findAllByBean(userPassword); // List<SysUserPassword> passwords = userPasswordService.findAllByBean(userPassword);
//修改为查询这个账号最近的密码是否重复 //修改为查询这个账号最近的密码是否重复
List<SysUserPassword> passwords = userPasswordService.findPasswordByPassword(EncryptTool.hexMD5(user.getUserLoginPassword()),user.getId()); List<SysUserPassword> passwords = userPasswordService.findPasswordByPasswordAndResetPwdTime(EncryptTool.hexMD5(user.getUserLoginPassword()),user.getId());
int lastDay = Integer.MAX_VALUE; int lastDay = Integer.MAX_VALUE;
if (CollectionUtils.isNotEmpty(passwords)) { if (CollectionUtils.isNotEmpty(passwords)) {
@ -344,7 +353,7 @@ public class SysUserPasswordUtil {
throw ImppExceptionBuilder.newInstance() throw ImppExceptionBuilder.newInstance()
.setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode()) .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
.setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode()) .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
.setErrorDetail(String.format("最近%s内,请勿使用重复密码",num)) .setErrorDetail(String.format("最近%s内,请勿使用重复密码",num))
.setErrorSolution("请重新输入") .setErrorSolution("请重新输入")
.build(); .build();
} }
@ -400,6 +409,62 @@ public class SysUserPasswordUtil {
} }
} }
/**
*
*
* @param user
*/
private void checkPasswordFrequency(SysUser user) {
String frequencyDay = RedisCacheTool.getSysConfigStrVal(CommonConstWords.CONFIG_USER_MODIFY_PWD_FREQUENCY_DAY);
String frequencyNum = RedisCacheTool.getSysConfigStrVal(CommonConstWords.CONFIG_USER_MODIFY_PWD_FREQUENCY_NUM);
if (StringUtils.isNotBlank(frequencyDay) && StringUtils.isNotBlank(frequencyNum)) {
//获取到修改的次数count
Integer modifyUnlockNum = user.getModifyPwdNum();
if(null!= modifyUnlockNum && modifyUnlockNum >= Integer.parseInt(frequencyNum)){
throw ImppExceptionBuilder.newInstance()
.setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
.setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
.setErrorDetail("密码【%s】天只能修改【%s】次",frequencyDay,frequencyNum)
.setErrorSolution("修改次数过多")
.build();
}
}
}
/**
*
*
* @param user
*/
private ResultBean checkAuthUnlockTime(SysUser user) {
//校验自动解锁次数是否达到三次
if (null != user.getAutoUnlockNum() && user.getAutoUnlockNum() >= 3){
//锁定账号并设定锁定类型
userService.doLockAndStatusSysUserById(user.getId(),CommonEnumUtil.LOCK_TYPE.LOGGER_TOO_MANY_FAILURES.getValue());
return ResultBean.fail()
.setCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
.setErrorMsg(LocaleUtils.getLocaleRes("用户名或密码多次输入错误。用户已被锁定请联系管理员!"));
}
String unlockRedisKey = CommonConstWords.CONFIG_USER_LOGIN_ERROR_NUM_UNLOCK_TIME + "_" + user.getId();
String unlockTime = RedisCacheTool.getSysConfigStrVal(CommonConstWords.CONFIG_USER_LOGIN_ERROR_NUM_UNLOCK_TIME);
Object redisUnlockTime = redisCore.getObject(unlockRedisKey);
if(null != redisUnlockTime){
try {
int secoundsBetweenTime = TimeTool.getSecoundsBetweenTime(1, redisUnlockTime.toString(), TimeTool.getNowTime(null));
secoundsBetweenTime = Integer.parseInt(unlockTime) * 60 - secoundsBetweenTime;
return ResultBean.fail()
.setCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
.setErrorMsg(LocaleUtils.getLocaleRes("登录失败次数过多。请【" + secoundsBetweenTime/60 + "】分【" + secoundsBetweenTime%60 + "】秒后再试"));
} catch (ParseException parseException) {
parseException.printStackTrace();
LOGGER.error("时间计算异常", parseException);
}
}
return ResultBean.success();
}
/******************************************** 用户登录密码检查 ********************************************/ /******************************************** 用户登录密码检查 ********************************************/
public ResultBean checkSysUserLogin(SysUser user) { public ResultBean checkSysUserLogin(SysUser user) {
@ -429,7 +494,11 @@ public class SysUserPasswordUtil {
if (!result.isSuccess()) { if (!result.isSuccess()) {
return result; return result;
} }
/* 判断自动锁定时间 */
result = checkAuthUnlockTime(user);
if (!result.isSuccess()) {
return result;
}
//登录时是否检查用户密码是否符合安全规则 //登录时是否检查用户密码是否符合安全规则
try { try {
int isLoginCheckPassword = RedisCacheTool.getSysConfigIntVal(CommonConstWords.CONFIG_LOGIN_CHECK_PASSWORD,CommonConstWords.CONFIG_LOGIN_CHECK_PASSWORD_DEFAULT); int isLoginCheckPassword = RedisCacheTool.getSysConfigIntVal(CommonConstWords.CONFIG_LOGIN_CHECK_PASSWORD,CommonConstWords.CONFIG_LOGIN_CHECK_PASSWORD_DEFAULT);
@ -520,6 +589,8 @@ public class SysUserPasswordUtil {
int loginErrorNumber = 0; int loginErrorNumber = 0;
String redisKey = CommonConstWords.USER_LOGIN_ERROR + ":" + today + ":" + userId; String redisKey = CommonConstWords.USER_LOGIN_ERROR + ":" + today + ":" + userId;
String redisAuthUnlockKey = CommonConstWords.USER_LOGIN_ERROR + ":" + "authUnlockKey" + ":" + today + ":" + userId;
try { try {
Object redisValue = redisCore.getObject(redisKey); Object redisValue = redisCore.getObject(redisKey);
if (Objects.nonNull(redisValue)) { if (Objects.nonNull(redisValue)) {
@ -529,7 +600,9 @@ public class SysUserPasswordUtil {
LOGGER.error("获取登录异常次数错误,错误信息:{}", exception.getMessage()); LOGGER.error("获取登录异常次数错误,错误信息:{}", exception.getMessage());
} }
if (Objects.equals(loginErrorNumberMax, loginErrorNumber)) { Object authUnlockNum = redisCore.getObject(redisAuthUnlockKey);
if (Objects.equals(loginErrorNumberMax, loginErrorNumber) && authUnlockNum != null && Integer.parseInt(authUnlockNum.toString())>=3) {
// 锁定账号信息 // 锁定账号信息
userService.doLockSysUserById(userId); userService.doLockSysUserById(userId);
@ -539,7 +612,9 @@ public class SysUserPasswordUtil {
.setErrorDetail("账号已被锁定") .setErrorDetail("账号已被锁定")
.setErrorSolution("请联系系统管理员") .setErrorSolution("请联系系统管理员")
.build(); .build();
} else if (loginErrorNumber > loginErrorNumberMax) { } else if (loginErrorNumber > loginErrorNumberMax && authUnlockNum != null && Integer.parseInt(authUnlockNum.toString())>=3) {
// 锁定账号信息
userService.doLockSysUserById(userId);
throw ImppExceptionBuilder.newInstance() throw ImppExceptionBuilder.newInstance()
.setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode()) .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
.setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode()) .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
@ -554,98 +629,134 @@ public class SysUserPasswordUtil {
if (Objects.nonNull(resultBean)) { if (Objects.nonNull(resultBean)) {
int num = loginErrorNumberMax - loginErrorNumber; int num = loginErrorNumberMax - loginErrorNumber;
if (num == 0) { if (num <= 0) {
resultBean.setErrorMsg(LocaleUtils.getLocaleRes("密码输入错误。用户已被锁定请联系管理员!")); int autoUnlockNum = 0;
String unlockTime = RedisCacheTool.getSysConfigStrVal(CommonConstWords.CONFIG_USER_LOGIN_ERROR_NUM_UNLOCK_TIME);
String unlockRedisKey = CommonConstWords.CONFIG_USER_LOGIN_ERROR_NUM_UNLOCK_TIME + "_" + userId;
if (null != authUnlockNum) {
autoUnlockNum = Integer.parseInt(authUnlockNum.toString());
}
Object redisUnlockTime = redisCore.getObject(unlockRedisKey);
if (null == redisUnlockTime) {
redisCore.putObject(unlockRedisKey, TimeTool.getNowTime(null), Long.parseLong(unlockTime) * 60L);
redisCore.putObject(redisAuthUnlockKey, autoUnlockNum++, CommonConstWords.REDIS_TIME_DAY_ONE);
if(autoUnlockNum >= 3 ){
userService.doLockAndStatusSysUserById(userId,CommonEnumUtil.LOCK_TYPE.LOGGER_TOO_MANY_FAILURES.getValue());
redisCore.deleteKey(unlockRedisKey);
throw ImppExceptionBuilder.newInstance()
.setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
.setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
.setErrorDetail("登录失败次数过多")
.setErrorSolution("请联系系统管理员")
.build();
}
resultBean.setErrorMsg(LocaleUtils.getLocaleRes("用户名或密码输入错误。请【" + unlockTime + "】分钟后再试"));
} else { } else {
resultBean.setErrorMsg(String.format(LocaleUtils.getLocaleRes("密码输入错误。再输入错误 %s 次,用户将被锁定"), num)); try {
int secoundsBetweenTime = TimeTool.getSecoundsBetweenTime(1, redisUnlockTime.toString(), TimeTool.getNowTime(null));
secoundsBetweenTime = Integer.parseInt(unlockTime) * 60 - secoundsBetweenTime;
resultBean.setErrorMsg(LocaleUtils.getLocaleRes("登录失败次数过多。请【" + secoundsBetweenTime/60 + "】分【" + secoundsBetweenTime%60 + "】秒后再试"));
} catch (ParseException parseException) {
parseException.printStackTrace();
LOGGER.error("时间计算异常", parseException);
}
}
} else {
resultBean.setErrorMsg(String.format(LocaleUtils.getLocaleRes("用户名或密码输入错误。还有 %s 次机会"), num));
} }
} }
redisCore.putObject(redisKey, loginErrorNumber, CommonConstWords.REDIS_TIME_DAY_ONE); redisCore.putObject(redisKey, loginErrorNumber, CommonConstWords.REDIS_TIME_DAY_ONE);
} }
} }
/** /**
* *
*/ */
private ResultBean checkLoginPasswordTimeOut(SysUser user) { private ResultBean checkLoginTimeOut(SysUser user) {
try { try {
int passwordDayMax = RedisCacheTool.getSysConfigIntVal(CommonConstWords.CONFIG_PWD_VALID_DAY, CommonConstWords.CONFIG_PWD_VALID_DAY_DEFAULT); if (StringUtils.isBlank(user.getUserLoginLastDateTime())) {
if (passwordDayMax > 0) { return ResultBean.fail("上次登录时间为空");
}
boolean longTimenNotLogin = RedisCacheTool.getSysConfigBooleanVal(CommonConstWords.CONFIG_USER_UNLOGIN_LONG_TIME_LOCK, CommonEnumUtil.TRUE_OR_FALSE.FALSE);
int loginDayMax = RedisCacheTool.getSysConfigIntVal(CommonConstWords.CONFIG_USER_LOGIN_DAY_OUT, CommonConstWords.CONFIG_USER_LOGIN_DAY_OUT_DEFAULT);
if (longTimenNotLogin && loginDayMax > 0) {
SysUserPassword password = userPasswordService.get(user.getUserLoginPasswordId()); int day = TimeTool.getSecoundsBetweenTime(4, user.getUserLoginLastDateTime(), TimeTool.getNowTime(true));
if (Objects.nonNull(password) && StringUtils.isNotBlank(password.getCreateDatetime())) { if (day > loginDayMax) {
int day = TimeTool.getSecoundsBetweenTime(4, password.getCreateDatetime(), TimeTool.getNowTime(true));
if (day > passwordDayMax) {
// 锁定账号信息 // 锁定账号信息
//todo: 账户没有被锁定,由于异常事务回滚,导致账户没有被锁定,这个更新操作就是多余的
userService.doLockSysUserById(user.getId()); userService.doLockSysUserById(user.getId());
// throw ImppExceptionBuilder.newInstance() // throw ImppExceptionBuilder.newInstance()
// .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode()) // .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
// .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode()) // .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
// .setErrorDetail("账号密码已过期") // .setErrorDetail("长时间未登录账号已被锁定")
// .setErrorSolution("请联系系统管理员") // .setErrorSolution("请联系系统管理员")
// .build(); // .build();
ImppBusiException exception = ImppExceptionBuilder.newInstance() ImppBusiException exception = ImppExceptionBuilder.newInstance()
.setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode()) .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
.setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode()) .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
.setErrorDetail("账号密码已过期") .setErrorDetail("长时间未登录账号已被锁定")
.setErrorSolution("请联系系统管理员") .setErrorSolution("请联系系统管理员")
.build(); .build();
return ResultBean.fail(exception); return ResultBean.fail(exception);
}
} }
} }
} catch (ImppBusiException e) { } catch (ImppBusiException e) {
// throw e; // throw e;
e.printStackTrace();
return ResultBean.fail(e); return ResultBean.fail(e);
} catch (Exception e) { } catch (Exception e) {
LOGGER.error("密码有效期处理异常,异常信息:{}", e.getMessage()); LOGGER.error("长时间未登录处理异常,异常信息:{}", e.getMessage());
e.printStackTrace();
return ResultBean.fail(e); return ResultBean.fail(e);
} }
return ResultBean.success(); return ResultBean.success();
} }
/** /**
* *
*/ */
private ResultBean checkLoginTimeOut(SysUser user) { private ResultBean checkLoginPasswordTimeOut(SysUser user) {
try { try {
if (StringUtils.isBlank(user.getUserLoginLastDateTime())) { boolean pwdExpireSwitch = RedisCacheTool.getSysConfigBooleanVal(CommonConstWords.CONFIG_PWD_EXPIRE_SWITCH, CommonEnumUtil.TRUE_OR_FALSE.FALSE);
return ResultBean.success("上次登录时间为空"); // int passwordDayMax = RedisCacheTool.getSysConfigIntVal(CommonConstWords.CONFIG_PWD_VALID_DAY, CommonConstWords.CONFIG_PWD_VALID_DAY_DEFAULT);
} Integer userPasswordOverdueValue = user.getUserPasswordOverdue();
int loginDayMax = RedisCacheTool.getSysConfigIntVal(CommonConstWords.CONFIG_USER_LOGIN_DAY_OUT, CommonConstWords.CONFIG_USER_LOGIN_DAY_OUT_DEFAULT);
if (loginDayMax > 0) {
int day = TimeTool.getSecoundsBetweenTime(4, user.getUserLoginLastDateTime(), TimeTool.getNowTime(true)); if (pwdExpireSwitch && userPasswordOverdueValue == CommonEnumUtil.TRUE_OR_FALSE.TRUE.getValue()) {
if (day > loginDayMax) { SysConfig sysConfigByConfigCode = RedisCacheTool.getSysConfigByConfigCode(CommonConstWords.CONFIG_PWD_EXPIRE_DAY_TIME);
String configValue = sysConfigByConfigCode.getConfigValue();
SysUserPassword password = userPasswordService.get(user.getUserLoginPasswordId());
if (Objects.nonNull(password) && StringUtils.isNotBlank(password.getCreateDatetime())) {
int day = TimeTool.getSecoundsBetweenTime(4, password.getCreateDatetime(), TimeTool.getNowTime(true));
if (day > Integer.parseInt(configValue)) {
// 锁定账号信息 // 锁定账号信息
//todo: 账户没有被锁定,由于异常事务回滚,导致账户没有被锁定,这个更新操作就是多余的 // userService.doLockSysUserById(user.getId());
userService.doLockSysUserById(user.getId());
// throw ImppExceptionBuilder.newInstance() // throw ImppExceptionBuilder.newInstance()
// .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode()) // .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
// .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode()) // .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
// .setErrorDetail("长时间未登录账号已被锁定") // .setErrorDetail("账号密码已过期")
// .setErrorSolution("请联系系统管理员") // .setErrorSolution("请联系系统管理员")
// .build(); // .build();
ImppBusiException exception = ImppExceptionBuilder.newInstance() ImppBusiException exception = ImppExceptionBuilder.newInstance()
.setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode()) .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
.setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode()) .setErrorCode(ImppExceptionEnum.LOGIN_EXCEPTION_PASSWORD_EXPIRED.getCode())
.setErrorDetail("长时间未登录账号已被锁定") .setErrorDetail("账号密码已过期")
.setErrorSolution("请联系系统管理员") .setErrorSolution("请重新修改密码")
.build(); .build();
return ResultBean.fail(exception); return ResultBean.fail(exception);
}
} }
} }
} catch (ImppBusiException e) { } catch (ImppBusiException e) {
// throw e; // throw e;
e.printStackTrace();
return ResultBean.fail(e); return ResultBean.fail(e);
} catch (Exception e) { } catch (Exception e) {
LOGGER.error("长时间未登录处理异常,异常信息:{}", e.getMessage()); LOGGER.error("密码有效期处理异常,异常信息:{}", e.getMessage());
e.printStackTrace();
return ResultBean.fail(e); return ResultBean.fail(e);
} }
return ResultBean.success(); return ResultBean.success();

7
pom.xml
Unescape Escape View File

@ -65,6 +65,13 @@
<version>${project.dependency.version}</version> <version>${project.dependency.version}</version>
</dependency> </dependency>
<!--xxlJob 最新稳定版本-->
<dependency>
<groupId>com.xuxueli</groupId>
<artifactId>xxl-job-core</artifactId>
<version>2.3.0</version>
</dependency>
<dependency> <dependency>
<groupId>org.springframework</groupId> <groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId> <artifactId>spring-web</artifactId>

Write Preview
Loading…
Cancel
Save