完善修改密码逻辑，修改重复密码判断

3 years ago · f2ad1e4dd4
parent f006f990c8
commit f2ad1e4dd4
3 changed files with 30 additions and 12 deletions
--- a/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserPasswordService.java
+++ b/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/busi/ISysUserPasswordService.java
@ -37,7 +37,7 @@ public interface ISysUserPasswordService extends ICrudService<SysUserPassword> {
    void updatePasswordWizoutSession(String loginName, String password, String newPwd);

    @ApiOperation(value = "根据密码反查")
-     public List<SysUserPassword> findPasswordByPassword(String password);
+     public List<SysUserPassword> findPasswordByPassword(String password,Long userId);

    /**
     * 修改密码，根据密码id,和新密码
--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserSavePasswordService.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserSavePasswordService.java
@ -57,7 +57,7 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp

        SysUserPassword userPassword = userPasswordRDao.getById(user.getUserLoginPasswordId());
        ValidatorBean.checkNotNull(userPassword, "不存在的用户密码信息");
-        if (StringUtils.equals(userPassword.getUserPassword(), password)) {
+        if (!StringUtils.equals(userPassword.getUserPassword(), SysUserPasswordUtil.encoder(password))) {
            throw ImppExceptionBuilder.newInstance()
                    .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                    .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
@ -172,13 +172,14 @@ public class SysUserSavePasswordService extends CrudService<SysUserPassword> imp
    }

    @Override
-    public List<SysUserPassword> findPasswordByPassword(String password) {
+    public List<SysUserPassword> findPasswordByPassword(String password,Long userId) {
        List<SysUserPassword> passwordList = new ArrayList<>();
        if(StringUtils.isBlank(password)){
            return passwordList;
        }
        DdlPackBean ddlPackBean = DdlPackBean.getDdlPackBean();
        DdlPreparedPack.getStringEqualPack(password,"userPassword",ddlPackBean);
+        DdlPreparedPack.getNumEqualPack(userId,"userId",ddlPackBean);
        return userPasswordRDao.findByHqlWhere(ddlPackBean);
    }

--- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/util/SysUserPasswordUtil.java
+++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/util/SysUserPasswordUtil.java
@ -144,7 +144,7 @@ public class SysUserPasswordUtil {
            throw ImppExceptionBuilder.newInstance()
                    .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                    .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
-                    .setErrorDetail("长度不够" + length + "位")
+                    .setErrorDetail("密码长度不够" + length + "位")
                    .setErrorSolution("请重新输入")
                    .build();
        }
@ -173,7 +173,7 @@ public class SysUserPasswordUtil {
                throw ImppExceptionBuilder.newInstance()
                        .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                        .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
-                        .setErrorDetail("必须包含大写英文")
+                        .setErrorDetail("密码必须包含大写英文")
                        .setErrorSolution("请重新输入")
                        .build();
            }
@ -203,7 +203,7 @@ public class SysUserPasswordUtil {
                throw ImppExceptionBuilder.newInstance()
                        .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                        .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
-                        .setErrorDetail("必须包含小写英文")
+                        .setErrorDetail("密码必须包含小写英文")
                        .setErrorSolution("请重新输入")
                        .build();
            }
@ -233,7 +233,7 @@ public class SysUserPasswordUtil {
                throw ImppExceptionBuilder.newInstance()
                        .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                        .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
-                        .setErrorDetail("必须包含数字")
+                        .setErrorDetail("密码必须包含数字")
                        .setErrorSolution("请重新输入")
                        .build();
            }
@ -264,7 +264,7 @@ public class SysUserPasswordUtil {
                throw ImppExceptionBuilder.newInstance()
                        .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                        .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
-                        .setErrorDetail("必须包含特殊字")
+                        .setErrorDetail("密码必须包含特殊字符")
                        .setErrorSolution("请重新输入")
                        .build();
            }
@ -284,7 +284,7 @@ public class SysUserPasswordUtil {
                throw ImppExceptionBuilder.newInstance()
                        .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                        .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
-                        .setErrorDetail("必须包含中文字符")
+                        .setErrorDetail("密码必须包含中文字符")
                        .setErrorSolution("请重新输入")
                        .build();
            }
@ -306,8 +306,8 @@ public class SysUserPasswordUtil {

 //                List<SysUserPassword> passwords = userPasswordService.findAllByBean(userPassword);

-                //todo: 如果密码数据太多可以考虑建立以Creat eDatetime 相关的索引,ORDER BY create_date_time DESC ,查出最近的一条就行
-                List<SysUserPassword> passwords = userPasswordService.findPasswordByPassword(EncryptTool.hexMD5(user.getUserLoginPassword()));
+                //修改为查询这个账号最近的密码是否重复
+                List<SysUserPassword> passwords = userPasswordService.findPasswordByPassword(EncryptTool.hexMD5(user.getUserLoginPassword()),user.getId());

                int lastDay = Integer.MAX_VALUE;
                if (CollectionUtils.isNotEmpty(passwords)) {
@ -324,7 +324,7 @@ public class SysUserPasswordUtil {
                        throw ImppExceptionBuilder.newInstance()
                                .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode())
                                .setErrorCode(ImppExceptionEnum.NOT_CONFIG_EXCEPTION.getCode())
-                                .setErrorDetail("请勿使用重复密码")
+                                .setErrorDetail(String.format("最近%s天内,请勿使用重复密码",num))
                                .setErrorSolution("请重新输入")
                                .build();
                    }
@ -409,6 +409,23 @@ public class SysUserPasswordUtil {
            if (!result.isSuccess()) {
                return result;
            }
+
+            //登录时是否检查用户密码是否符合安全规则
+            try {
+              int isLoginCheckPassword = RedisCacheTool.getSysConfigIntVal(CommonConstWords.CONFIG_LOGIN_CHECK_PASSWORD,CommonConstWords.CONFIG_LOGIN_CHECK_PASSWORD_DEFAULT);
+                if (CommonEnumUtil.TRUE_OR_FALSE.TRUE.getValue() == isLoginCheckPassword){
+                    checkPasswordSave(user);
+                }
+                result = ResultBean.success();
+            } catch (Exception e) {
+                LOGGER.error("检查用户密码是否符合安全规则发生异常:",e);
+                result = ResultBean.fail()
+                        .setCode(ImppExceptionEnum.LOGIN_EXCEPTION_PWD_RULE_CHANGE.getCode())
+                        .setErrorMsg(ImppExceptionEnum.LOGIN_EXCEPTION_PWD_RULE_CHANGE.getDescription());;
+            }
+            if (!result.isSuccess()) {
+                return result;
+            }
        }
        return ResultBean.success();
    }