diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/service/impl/CustInfoServiceImpl.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/service/impl/CustInfoServiceImpl.java index a26a6cad..75d2732a 100644 --- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/service/impl/CustInfoServiceImpl.java +++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/service/impl/CustInfoServiceImpl.java @@ -206,9 +206,30 @@ public class CustInfoServiceImpl extends ServiceImpl i content.setNewPassword(AesEncryptUtil.aesDecode(content.getNewPassword())); String oldPassword = content.getOldPassword(); String newPassword = content.getNewPassword(); - AjaxResult pwdCheckResult = validatePassword(oldPassword, newPassword); - if (ajaxResult.isError()) { - return pwdCheckResult; + // 1. 检查密码长度 + log.error("开始验证密码长度"); + if (!isPasswordLengthValid(newPassword)) { + return AjaxResult.error(500, "密码长度应为6至16位!"); + } + // 2. 检查密码字符类型 + log.error("开始验证密码字符"); + if (!isPasswordCharacterValid(newPassword)) { + return AjaxResult.error(500, "密码必须包含大、小字母、数字、特殊字符!"); + } + // 3. 检查常见弱密码 + log.error("开始验证弱密码片段"); + if (containsWeakPassword(newPassword.toLowerCase())) { + return AjaxResult.error(500, "密码包含常见的弱密码片段!"); + } + // 4. 检查连续字符 + log.error("开始验证密码连续字符"); + if (containsConsecutiveCharacters(newPassword.toLowerCase(), 3)) { + return AjaxResult.error(500, "密码不能包含超过3位连续字符!"); + } + // 5. 检查新旧密码是否相同 + log.error("开始验证新旧密码"); + if (StringUtils.isNotEmpty(oldPassword) && SecurityUtils.matchesPassword(newPassword, oldPassword)) { + return AjaxResult.error(500, "新密码不能与原密码相同!"); } if (Objects.equals(oldPassword, newPassword)) { log.error("小程序修改密码错误:两次密码不能一致"); @@ -235,40 +256,40 @@ public class CustInfoServiceImpl extends ServiceImpl i return ajaxResult; } - public AjaxResult validatePassword(String oldPassword, String newPassword) { - // 1. 检查密码长度 - log.error("开始验证密码长度"); - if (!isPasswordLengthValid(newPassword)) { - return AjaxResult.error("密码长度应为6至16位!"); - } - - // 2. 检查密码字符类型 - log.error("开始验证密码字符"); - if (!isPasswordCharacterValid(newPassword)) { - return AjaxResult.error("密码必须包含大、小字母、数字、特殊字符!"); - } - - // 3. 检查常见弱密码 - log.error("开始验证弱密码片段"); - if (containsWeakPassword(newPassword.toLowerCase())) { - return AjaxResult.error("密码包含常见的弱密码片段!"); - } - - // 4. 检查连续字符 - log.error("开始验证密码连续字符"); - if (containsConsecutiveCharacters(newPassword.toLowerCase(), 3)) { - return AjaxResult.error("密码不能包含超过3位连续字符!"); - } - - // 5. 检查新旧密码是否相同 - log.error("开始验证新旧密码"); - if (StringUtils.isNotEmpty(oldPassword) && SecurityUtils.matchesPassword(newPassword, oldPassword)) { - return AjaxResult.error("新密码不能与原密码相同!"); - } - - log.error("完成密码复杂度验证"); - return AjaxResult.success(); - } +// public AjaxResult validatePassword(String oldPassword, String newPassword) { +// // 1. 检查密码长度 +// log.error("开始验证密码长度"); +// if (!isPasswordLengthValid(newPassword)) { +// return AjaxResult.error(500, "密码长度应为6至16位!"); +// } +// +// // 2. 检查密码字符类型 +// log.error("开始验证密码字符"); +// if (!isPasswordCharacterValid(newPassword)) { +// return AjaxResult.error(500, "密码必须包含大、小字母、数字、特殊字符!"); +// } +// +// // 3. 检查常见弱密码 +// log.error("开始验证弱密码片段"); +// if (containsWeakPassword(newPassword.toLowerCase())) { +// return AjaxResult.error(500, "密码包含常见的弱密码片段!"); +// } +// +// // 4. 检查连续字符 +// log.error("开始验证密码连续字符"); +// if (containsConsecutiveCharacters(newPassword.toLowerCase(), 3)) { +// return AjaxResult.error(500, "密码不能包含超过3位连续字符!"); +// } +// +// // 5. 检查新旧密码是否相同 +// log.error("开始验证新旧密码"); +// if (StringUtils.isNotEmpty(oldPassword) && SecurityUtils.matchesPassword(newPassword, oldPassword)) { +// return AjaxResult.error(500, "新密码不能与原密码相同!"); +// } +// +// log.error("完成密码复杂度验证"); +// return AjaxResult.success(); +// } private boolean isPasswordLengthValid(String password) { return password.length() >= 6 && password.length() <= 16; @@ -450,9 +471,25 @@ public class CustInfoServiceImpl extends ServiceImpl i ajaxResult.put("code", "500"); } else { String newPassword = content.getNewPassword(); - AjaxResult pwdCheckResult = validatePassword(null, newPassword); - if (ajaxResult.isError()) { - return pwdCheckResult; + // 1. 检查密码长度 + log.error("开始验证密码长度"); + if (!isPasswordLengthValid(newPassword)) { + return AjaxResult.error(500, "密码长度应为6至16位!"); + } + // 2. 检查密码字符类型 + log.error("开始验证密码字符"); + if (!isPasswordCharacterValid(newPassword)) { + return AjaxResult.error(500, "密码必须包含大、小字母、数字、特殊字符!"); + } + // 3. 检查常见弱密码 + log.error("开始验证弱密码片段"); + if (containsWeakPassword(newPassword.toLowerCase())) { + return AjaxResult.error(500, "密码包含常见的弱密码片段!"); + } + // 4. 检查连续字符 + log.error("开始验证密码连续字符"); + if (containsConsecutiveCharacters(newPassword.toLowerCase(), 3)) { + return AjaxResult.error(500, "密码不能包含超过3位连续字符!"); } BCryptPasswordEncoder bCrypt = new BCryptPasswordEncoder(); String password = bCrypt.encode(newPassword);