Commit a31721b1 authored by 胡文斌's avatar 胡文斌

Merge remote-tracking branch 'origin/SZDAS_V2.0' into SZDAS_V2.0

# Conflicts: # src/main/resources/DBUpdate/DM_UpdateSQL.xml
parents 138684a1 336fa416
......@@ -116,6 +116,8 @@ public class IndexController extends Controller {
username = this.getPara("username");
password = this.getPara("password");
}
//校验密码是否符合强度设置
String verify = password;
password = HashKit.sha256(password);
User user = User.dao.template("getUser", username).findFirst();
if (user == null) {
......@@ -260,7 +262,8 @@ public class IndexController extends Controller {
}catch (Exception e) {
e.printStackTrace();
}
this.renderJson(Ret.ok("token", jws).set("callback", callback));
Boolean aBoolean = userService.verifyPassword(verify);
this.renderJson(Ret.ok("token", jws).set("callback", callback).set("verify",aBoolean));
logService.saveAsLog("login", username, JwtInterceptor.getIpAddr(getRequest()), username + "登录" + app + "成功", app);
/**
* 20200706 lidecai 将用户信息保存到Redis end
......@@ -272,6 +275,35 @@ public class IndexController extends Controller {
}
}
/**
* @Description: 验证密码强度
* @authorAndDate: ChengYaqing create on 2020/10/30 10:38
* @return void
*/
public void verifyPassword() {
String password = getPara("password");
if(password==null||"".equals(password)||"null".equals(password)) {
renderJson(Ret.fail("msg","密码不能为空"));
return;
}
try {
password = decrypt(password);
} catch (Exception e1) {
e1.printStackTrace();
password = this.getPara("password");
}
try {
String verify = userService.verifyPasswordInfo(password);
if("".equals(verify)) {
renderJson(Ret.ok());
} else {
renderJson(Ret.fail("msg",verify));
}
} catch (Exception e) {
renderJson(Ret.fail("error",e.getMessage()));
}
}
// 密码正确时错误次数清零
private void setErrZero(User user) {
Db.update(Db.getSqlPara("updateForOk", Kv.by("id", user.getId())));
......@@ -473,4 +505,6 @@ public class IndexController extends Controller {
Redis.use().del(userName + "_INFO");
renderJson(Ret.ok());
}
}
......@@ -11,6 +11,8 @@ import com.jfinal.kit.Kv;
import com.jfinal.plugin.activerecord.Db;
import com.jfinal.plugin.activerecord.Record;
import com.jfinal.plugin.activerecord.tx.Tx;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class UserService {
......@@ -82,7 +84,7 @@ public class UserService {
* 判断用户是否有指定系统的权限
*
* @param userId
* @param menuName
* @param userId
* @return
*/
public boolean checkUserSystemPermission(int userId, String systemType) {
......@@ -177,5 +179,78 @@ public class UserService {
.findFirst();
}
/**
* @Description: 校验密码强度符合规范
* @authorAndDate: ChengYaqing create on 2020/10/30 10:23
* @return java.lang.Boolean
*/
public Boolean verifyPassword(String password) {
try {
String verify = verifyPasswordInfo(password);
if("".equals(verify)) {
return true;
} else {
return false;
}
} catch (Exception e) {
e.printStackTrace();
return false;
}
}
/**
* @Description: 校验密码强度
* @authorAndDate: ChengYaqing create on 2020/10/30 10:06
* @return java.lang.String
*/
public String verifyPasswordInfo(String password) {
try {
StringBuilder info = new StringBuilder();
//获取规则设置
Record strength = Db.findFirst(Db.getSql("getSetPassword"));
if(strength==null) {
return "";
}
Integer size = strength.getInt("lmin");
int length = password.length();
if(length < size) {
return "密码长度不能小于"+size;
}
if(length > 32) {
return "密码长度没必要大于32位";
}
String contain = strength.getStr("contain");
String number = ".*\\d+.*";
String low = ".*[a-z]+.*";
String up = ".*[A-Z]+.*";
String spe = ".*[ _`~!@#$%^&*()+=|{}':;',\\[\\].<>/?~!@#¥%……&*()——+|{}【】‘;:”“’。,、?]+.*";
if(contain.contains("数字")) {
Pattern p = Pattern.compile(number);
Matcher m = p.matcher(password);
if(!m.matches()) info.append("数字、");
} if (contain.contains("小写字母")) {
Pattern p = Pattern.compile(low);
Matcher m = p.matcher(password);
if(!m.matches()) info.append("小写字母、");
} if (contain.contains("大写字母")) {
Pattern p = Pattern.compile(up);
Matcher m = p.matcher(password);
if(!m.matches()) info.append("大写字母、");
} if (contain.contains("特殊字符")) {
Pattern p = Pattern.compile(spe);
Matcher m = p.matcher(password);
if(!m.matches()) info.append("特殊字符、");
}
if (info.length()==0) {
return "";
} else {
String verify = info.deleteCharAt(info.length() - 1).toString();
return "密码中缺少"+verify;
}
} catch (Exception e) {
e.printStackTrace();
throw e;
}
}
}
......@@ -300,3 +300,7 @@ select * from AS_MENU where ID in (
#include("message.sql")
#sql("getSetPassword")
select * from AS_SET_PASSWORD where id = '1'
#end
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment