refactor(core): 支持用户密码过期

commit21.4.7
4 years ago · 480fadb6b5
parent 9f317beec3
commit 480fadb6b5
7 changed files with 158 additions and 42 deletions
--- a/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserPasswordService.java
+++ b/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserPasswordService.java
@ -4,8 +4,6 @@ import cn.estsh.i3plus.pojo.platform.bean.SysUserPassword;
 import cn.estsh.impp.framework.base.service.ICrudService;
 import io.swagger.annotations.ApiOperation;
 import java.util.List;
 /**
 * @Description :
 * @Reference :
@ -24,6 +22,9 @@ public interface ISysUserPasswordService extends ICrudService<SysUserPassword> {
    @ApiOperation(value = "修改用户密码")
    void updatePassword(Long userId,String password,String newPwd);
    @ApiOperation(value = "修改用户密码")
    void updatePassword(String loginName,String password,String newPwd);
    @ApiOperation(value = "重置用户密码")
    void updatePassword(Long userId,String password);
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java
@ -47,6 +47,7 @@ import io.swagger.annotations.ApiOperation;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.CredentialsException;
 import org.apache.shiro.authc.ExpiredCredentialsException;
 import org.apache.shiro.authc.IncorrectCredentialsException;
 import org.apache.shiro.authc.LockedAccountException;
 import org.apache.shiro.authc.UnknownAccountException;
@ -316,8 +317,10 @@ public class WhiteController extends CoreBaseController {
        } catch (IncorrectCredentialsException e) {
            result = ResultBean.fail(ImppExceptionEnum.LOGIN_EXCEPTION_USER_PASSWORD);
            userPasswordUtil.checkLoginErrorNumber(loginModel.getLoginName(), result, e);
            userLoginStatus = CommonEnumUtil.USER_LOGIN_STATUS.WRONG_PASSWORD;
        } catch (ExpiredCredentialsException e) {
            result = ResultBean.fail(ImppExceptionEnum.LOGIN_EXCEPTION_PASSWORD_EXPIRED);
            userLoginStatus = CommonEnumUtil.USER_LOGIN_STATUS.WRONG_USERNAME_OR_PASSWORD;
        } catch (CredentialsException e) {
            // 用户名或密码错误
            result = ResultBean.fail(ImppExceptionEnum.LOGIN_EXCEPTION_USER_NAME);
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/PersonnelController.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/PersonnelController.java
@ -89,6 +89,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 添加用户信息
     *
     * @param model 用户信息
     * @return 处理结果
     */
@ -147,6 +148,7 @@ public class PersonnelController extends CoreBaseController {
            user.setOrganizeNameRdd(userOrganize.getName());
            user.setOrganizeCode(userOrganize.getOrganizeCode());
            user.setUserInfoId(info.getId());
            user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true));
            refreshSysUserPassword(user);
            personnelService.saveSysUser(user);
@ -167,6 +169,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 修改用户信息
     *
     * @param model 用户信息
     * @return 处理结果
     */
@ -256,6 +259,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 修改用户信息
     *
     * @param model 用户信息
     * @return 处理结果
     */
@ -290,6 +294,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 获取用户信息
     *
     * @param id 用户id
     * @return 处理结果
     */
@ -330,6 +335,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 获取账号信息
     *
     * @param id 用户id
     * @return 处理结果
     */
@ -359,6 +365,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 删除用户信息
     *
     * @param id 用户id
     * @return 处理结果
     */
@ -389,6 +396,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 根据id批量删除
     *
     * @param ids id数组
     * @return 处理
     */
@ -434,6 +442,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 删除账号信息
     *
     * @param id 用户账号id
     * @return 处理结果
     */
@ -464,6 +473,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 根据id批量删除
     *
     * @param ids ids数组
     * @return 处理结果
     */
@ -509,6 +519,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 查询角色的所有角色权限关系
     *
     * @param model 查询条件
     * @return 处理结果
     */
@ -538,6 +549,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 查询角色的所有角色权限关系
     *
     * @param model 处理消息
     * @return 处理结果
     */
@ -564,6 +576,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 根据条件分页查询用户角色信息
     *
     * @param model 条件
     * @return 处理结果
     */
@ -582,6 +595,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 根据条件分页查询用户信息
     *
     * @param model 查询条件
     * @return 处理结果
     */
@ -600,6 +614,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 根据条件分页查询用户信息
     *
     * @param model 查询条件
     * @return 处理结果
     */
@ -618,6 +633,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 获取账号的所有组织信息集合
     *
     * @return 组织信息集合
     */
    @GetMapping(value = "/user/get-organize-list")
@ -781,6 +797,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 根据组织code查询对应的组织信息
     *
     * @param code 组织代码
     * @return 处理结果
     */
@ -801,6 +818,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 查询所有组织信息
     *
     * @return 处理结果
     */
    @GetMapping(value = "/organize/list")
@ -820,6 +838,7 @@ public class PersonnelController extends CoreBaseController {
    /**
     * 查询所有组织信息
     *
     * @return 处理结果
     */
    @GetMapping(value = "/license")
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysUserController.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysUserController.java
@ -1,8 +1,13 @@
 package cn.estsh.i3plus.core.apiservice.controller.busi;
-import cn.estsh.i3plus.core.api.iservice.busi.*;
+import cn.estsh.i3plus.core.api.iservice.busi.ICoreMemTreeService;
-import cn.estsh.i3plus.core.apiservice.util.SysUserPasswordUtil;
+import cn.estsh.i3plus.core.api.iservice.busi.IPersonnelService;
 import cn.estsh.i3plus.core.api.iservice.busi.ISysMessageService;
 import cn.estsh.i3plus.core.api.iservice.busi.ISysUserInfoService;
 import cn.estsh.i3plus.core.api.iservice.busi.ISysUserPasswordService;
 import cn.estsh.i3plus.core.api.iservice.busi.ISysUserService;
 import cn.estsh.i3plus.platform.common.convert.ConvertBean;
 import cn.estsh.i3plus.platform.common.exception.ImppExceptionEnum;
 import cn.estsh.i3plus.platform.common.tool.EncryptTool;
 import cn.estsh.i3plus.platform.common.tool.StringTool;
 import cn.estsh.i3plus.platform.common.tool.TimeTool;
@ -13,12 +18,16 @@ import cn.estsh.i3plus.pojo.base.common.Pager;
 import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil;
 import cn.estsh.i3plus.pojo.base.enumutil.ImppEnumUtil;
 import cn.estsh.i3plus.pojo.base.enumutil.ResourceEnumUtil;
-import cn.estsh.i3plus.pojo.platform.bean.*;
+import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
 import cn.estsh.i3plus.pojo.platform.bean.SysMessage;
 import cn.estsh.i3plus.pojo.platform.bean.SysRefUserDepartment;
 import cn.estsh.i3plus.pojo.platform.bean.SysRefUserRole;
 import cn.estsh.i3plus.pojo.platform.bean.SysUser;
 import cn.estsh.i3plus.pojo.platform.bean.SysUserInfo;
 import cn.estsh.impp.framework.base.controller.CoreBaseController;
 import cn.estsh.impp.framework.boot.auth.AuthUtil;
 import cn.estsh.impp.framework.boot.exception.ImppBusiException;
 import cn.estsh.impp.framework.boot.exception.ImppExceptionBuilder;
 import cn.estsh.i3plus.platform.common.exception.ImppExceptionEnum;
 import cn.estsh.impp.framework.boot.util.ResultBean;
 import cn.estsh.impp.framework.boot.util.ValidatorBean;
 import io.swagger.annotations.Api;
@ -27,7 +36,13 @@ import org.apache.commons.lang3.RandomStringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import java.util.ArrayList;
 import java.util.List;
@ -270,6 +285,24 @@ public class SysUserController extends CoreBaseController{
        }
    }
    @PutMapping(value = "/update-expired-password")
    @ApiOperation(value = "修改密码", notes = "修改当前登录用户密码")
    public ResultBean updateSysUserPassword(String loginName,String password,String newPwd) {
        try {
            // 数据校验
            ValidatorBean.checkNotNull(password, "旧密码不能为空");
            ValidatorBean.checkNotNull(newPwd, "新密码不能为空");
            ValidatorBean.checkNotNull(loginName, "用户名不能为空");
            userPasswordService.updatePassword(loginName,password,newPwd.trim());
            return ResultBean.success("操作成功").setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode());
        } catch(ImppBusiException busExcep){
            return ResultBean.fail(busExcep);
        }catch(Exception e){
            return ImppExceptionBuilder.newInstance().buildExceptionResult(e);
        }
    }
    /**
     * 查询所有用户
     * @return 查询所有用户
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/login/strategy/DefaultLoginStrategy.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/login/strategy/DefaultLoginStrategy.java
@ -2,24 +2,32 @@ package cn.estsh.i3plus.core.apiservice.serviceimpl.base.login.strategy;
 import cn.estsh.i3plus.core.api.iservice.base.ISystemLoginService;
 import cn.estsh.i3plus.core.api.iservice.base.ISystemLoginStrategyService;
 import cn.estsh.i3plus.core.api.iservice.busi.ILicenseClickService;
 import cn.estsh.i3plus.core.api.iservice.busi.ISysUserService;
 import cn.estsh.i3plus.platform.common.util.CommonConstWords;
 import cn.estsh.i3plus.pojo.base.bean.BaseThreadLocal;
 import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil;
 import cn.estsh.i3plus.pojo.model.platform.SysLoginModel;
 import cn.estsh.i3plus.pojo.platform.bean.SessionUser;
 import cn.estsh.i3plus.pojo.platform.bean.SysConfig;
 import cn.estsh.i3plus.pojo.platform.bean.SysUser;
 import cn.estsh.impp.framework.boot.auth.AuthUtil;
 import cn.estsh.impp.framework.boot.exception.ImppBusiException;
 import cn.estsh.impp.framework.boot.util.ImppRedis;
 import cn.estsh.impp.framework.boot.util.RedisCacheTool;
 import cn.estsh.impp.framework.boot.util.ResultBean;
 import cn.estsh.impp.framework.boot.util.ValidatorBean;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.shiro.authc.ExpiredCredentialsException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.function.BiFunction;
 import static cn.estsh.i3plus.platform.common.util.CommonConstWords.DEFAULT_LANGUAGE;
@ -37,9 +45,6 @@ public class DefaultLoginStrategy implements ISystemLoginStrategyService {
    protected ImppRedis redisCore;
    @Autowired
    private ILicenseClickService licenseClickService;
    @Autowired
    private ISysUserService userService;
    @Autowired
@ -65,6 +70,9 @@ public class DefaultLoginStrategy implements ISystemLoginStrategyService {
            if (sessionMode != CommonEnumUtil.SESSION_MODE.SEIZE.getValue()) {
                AuthUtil.logout();
            }
            // 已经对用户名和密码做过验证了
            // 获取系统参数【密码过期时间】 进行密码有效时间判断
            validatePasswordIsExpired(loginModel.getLoginName());
            SessionUser user = userService.loginUser(
                    loginModel.getLoginName().trim(),
@ -84,4 +92,30 @@ public class DefaultLoginStrategy implements ISystemLoginStrategyService {
            return result;
        };
    }
    private void validatePasswordIsExpired(String loginName) {
        SysConfig passwordExpireSwitch = RedisCacheTool.getSysConfigByConfigCode(CommonConstWords.CONFIG_PWD_EXPIRE_SWITCH);
        if (passwordExpireSwitch != null
                && CommonEnumUtil.TRUE_OR_FALSE.TRUE.getValue() == Integer.parseInt(passwordExpireSwitch.getConfigValue())) {
            SysConfig passwordExpireDays = RedisCacheTool.getSysConfigByConfigCode(CommonConstWords.CONFIG_PWD_EXPIRE_DAY_TIME);
            if (passwordExpireDays != null && Integer.parseInt(passwordExpireDays.getConfigValue()) > 0) {
                SysUser user = userService.getSysUserByLoginName(loginName);
                if (StringUtils.isEmpty(user.getUserPasswordLastModifyTime())) {
                    throw new ExpiredCredentialsException("用户密码过期 请重新设置新密码");
                } else {
                    DateFormat df = new SimpleDateFormat(CommonConstWords.DATE_TIME_FORMAT_HH_MM_SS_RISK);
                    Date lastModifyDate = null;
                    try {
                        lastModifyDate = df.parse(user.getUserPasswordLastModifyTime());
                    } catch (ParseException e) {
                        throw new ImppBusiException("验证用户密码登录时间，时间解析错误");
                    }
                    long dayGap = System.currentTimeMillis() - lastModifyDate.getTime() / (60 * 60 * 1000 * 24);
                    if ((int) dayGap >= Integer.parseInt(passwordExpireDays.getConfigValue())) {
                        throw new ExpiredCredentialsException("用户密码过期 请重新设置新密码");
                    }
                }
            }
        }
    }
 }
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserSavePasswordService.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserSavePasswordService.java
@ -15,14 +15,11 @@ import cn.estsh.impp.framework.base.service.CrudService;
 import cn.estsh.impp.framework.boot.auth.AuthUtil;
 import cn.estsh.impp.framework.boot.exception.ImppExceptionBuilder;
 import cn.estsh.impp.framework.boot.util.ValidatorBean;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Primary;
 import org.springframework.stereotype.Service;
 import java.util.List;
 /**
 * @Description :
 * @Reference :
@ -68,6 +65,23 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
    }
    @Override
    public void updatePassword(String loginName, String password, String newPwd) {
        SysUser user= userService.getSysUserByLoginName(loginName);
        SysUserPassword userPassword = userPasswordRDao.getById(user.getUserLoginPasswordId());
        ValidatorBean.checkNotNull(userPassword,"不存在的用户密码信息");
        if(StringUtils.equals(userPassword.getUserPassword(),password)){
            throw ImppExceptionBuilder.newInstance()
                    .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                    .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
                    .setErrorDetail("原始密码错误")
                    .setErrorSolution("请重新操作")
                    .build();
        }
        updatePassword(user.getId(), newPwd);
    }
    @Override
    public void updatePassword(Long userId, String password) {
        SysUser user = userService.getSysUserById(userId);
        ValidatorBean.checkNotNull(user,"不存在的用户信息");
@ -88,6 +102,7 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
        SysUserPassword save = userPasswordRDao.save(pwd);
        user.setUserLoginPasswordId(save.getId());
        user.setUserPasswordLastModifyTime(TimeTool.getNowTime(true));
        ConvertBean.serviceModelUpdate(user,AuthUtil.getSessionUser().getUserName());
        userService.updateSysUser(user);
    }
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserService.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserService.java
@ -1,9 +1,9 @@
 package cn.estsh.i3plus.core.apiservice.serviceimpl.busi;
 import cn.estsh.i3plus.core.api.iservice.busi.*;
 import cn.estsh.i3plus.core.apiservice.dao.IUserPermissionDao;
 import cn.estsh.i3plus.core.apiservice.util.SysUserPasswordUtil;
 import cn.estsh.i3plus.platform.common.convert.ConvertBean;
 import cn.estsh.i3plus.platform.common.exception.ImppExceptionEnum;
 import cn.estsh.i3plus.platform.common.tool.EncryptTool;
 import cn.estsh.i3plus.platform.common.tool.StringTool;
 import cn.estsh.i3plus.platform.common.tool.TimeTool;
@ -20,11 +20,15 @@ import cn.estsh.i3plus.pojo.base.shirotoken.UserToken;
 import cn.estsh.i3plus.pojo.base.tool.DdlPreparedPack;
 import cn.estsh.i3plus.pojo.base.tool.HqlPack;
 import cn.estsh.i3plus.pojo.platform.bean.*;
-import cn.estsh.i3plus.pojo.platform.repository.*;
+import cn.estsh.i3plus.pojo.platform.repository.SysLogUserLoginRepository;
 import cn.estsh.i3plus.pojo.platform.repository.SysRefUserDepartmentRepository;
 import cn.estsh.i3plus.pojo.platform.repository.SysRefUserPositionRepository;
 import cn.estsh.i3plus.pojo.platform.repository.SysRefUserRoleRepository;
 import cn.estsh.i3plus.pojo.platform.repository.SysUserInfoRepository;
 import cn.estsh.i3plus.pojo.platform.repository.SysUserRepository;
 import cn.estsh.i3plus.pojo.platform.sqlpack.CoreHqlPack;
 import cn.estsh.impp.framework.boot.auth.AuthUtil;
 import cn.estsh.impp.framework.boot.exception.ImppExceptionBuilder;
 import cn.estsh.i3plus.platform.common.exception.ImppExceptionEnum;
 import cn.estsh.impp.framework.boot.util.ImppRedis;
 import cn.estsh.impp.framework.boot.util.RedisCacheTool;
 import cn.estsh.impp.framework.boot.util.ValidatorBean;
@ -42,7 +46,15 @@ import org.springframework.transaction.annotation.Propagation;
 import org.springframework.transaction.annotation.Transactional;
 import javax.annotation.Resource;
-import java.util.*;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Comparator;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
 import java.util.stream.Collectors;
@ -124,7 +136,6 @@ public class SysUserService implements ISysUserService {
        BaseToken token = getToken(loginName, password, languageCode, loginPlatform);
        SessionUser sessionUser = AuthUtil.login(token);
        SysUser user = this.getSysUserByLoginName(loginName);
        if (user == null) {
            throw new CredentialsException("用户不存在");
        }