bonus
/
Bonus-Cloud-Houqin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

密码复杂度

This commit is contained in:
sxu 2025-04-25 16:08:52 +08:00
parent 80f37489d3
commit bf95ef962f
1 changed files with 77 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/customer/service/impl/CustInfoServiceImpl.java
View File

@ -206,9 +206,30 @@ public class CustInfoServiceImpl extends ServiceImpl<CustInfoMapper, CustInfo> i
content.setNewPassword(AesEncryptUtil.aesDecode(content.getNewPassword())); content.setNewPassword(AesEncryptUtil.aesDecode(content.getNewPassword()));
String oldPassword = content.getOldPassword(); String oldPassword = content.getOldPassword();
String newPassword = content.getNewPassword(); String newPassword = content.getNewPassword();
AjaxResult pwdCheckResult = validatePassword(oldPassword, newPassword); // 1. 检查密码长度
if (ajaxResult.isError()) { log.error("开始验证密码长度");
return pwdCheckResult; if (!isPasswordLengthValid(newPassword)) {
return AjaxResult.error(500, "密码长度应为6至16位");
}
// 2. 检查密码字符类型
log.error("开始验证密码字符");
if (!isPasswordCharacterValid(newPassword)) {
return AjaxResult.error(500, "密码必须包含大、小字母、数字、特殊字符!");
}
// 3. 检查常见弱密码
log.error("开始验证弱密码片段");
if (containsWeakPassword(newPassword.toLowerCase())) {
return AjaxResult.error(500, "密码包含常见的弱密码片段!");
}
// 4. 检查连续字符
log.error("开始验证密码连续字符");
if (containsConsecutiveCharacters(newPassword.toLowerCase(), 3)) {
return AjaxResult.error(500, "密码不能包含超过3位连续字符");
}
// 5. 检查新旧密码是否相同
log.error("开始验证新旧密码");
if (StringUtils.isNotEmpty(oldPassword) && SecurityUtils.matchesPassword(newPassword, oldPassword)) {
return AjaxResult.error(500, "新密码不能与原密码相同!");
} }
if (Objects.equals(oldPassword, newPassword)) { if (Objects.equals(oldPassword, newPassword)) {
log.error("小程序修改密码错误:两次密码不能一致"); log.error("小程序修改密码错误:两次密码不能一致");
@ -235,40 +256,40 @@ public class CustInfoServiceImpl extends ServiceImpl<CustInfoMapper, CustInfo> i
return ajaxResult; return ajaxResult;
} }
public AjaxResult validatePassword(String oldPassword, String newPassword) { // public AjaxResult validatePassword(String oldPassword, String newPassword) {
// 1. 检查密码长度 // // 1. 检查密码长度
log.error("开始验证密码长度"); // log.error("开始验证密码长度");
if (!isPasswordLengthValid(newPassword)) { // if (!isPasswordLengthValid(newPassword)) {
return AjaxResult.error("密码长度应为6至16位"); // return AjaxResult.error(500, "密码长度应为6至16位");
} // }
//
// 2. 检查密码字符类型 // // 2. 检查密码字符类型
log.error("开始验证密码字符"); // log.error("开始验证密码字符");
if (!isPasswordCharacterValid(newPassword)) { // if (!isPasswordCharacterValid(newPassword)) {
return AjaxResult.error("密码必须包含大、小字母、数字、特殊字符!"); // return AjaxResult.error(500, "密码必须包含大、小字母、数字、特殊字符!");
} // }
//
// 3. 检查常见弱密码 // // 3. 检查常见弱密码
log.error("开始验证弱密码片段"); // log.error("开始验证弱密码片段");
if (containsWeakPassword(newPassword.toLowerCase())) { // if (containsWeakPassword(newPassword.toLowerCase())) {
return AjaxResult.error("密码包含常见的弱密码片段!"); // return AjaxResult.error(500, "密码包含常见的弱密码片段!");
} // }
//
// 4. 检查连续字符 // // 4. 检查连续字符
log.error("开始验证密码连续字符"); // log.error("开始验证密码连续字符");
if (containsConsecutiveCharacters(newPassword.toLowerCase(), 3)) { // if (containsConsecutiveCharacters(newPassword.toLowerCase(), 3)) {
return AjaxResult.error("密码不能包含超过3位连续字符"); // return AjaxResult.error(500, "密码不能包含超过3位连续字符");
} // }
//
// 5. 检查新旧密码是否相同 // // 5. 检查新旧密码是否相同
log.error("开始验证新旧密码"); // log.error("开始验证新旧密码");
if (StringUtils.isNotEmpty(oldPassword) && SecurityUtils.matchesPassword(newPassword, oldPassword)) { // if (StringUtils.isNotEmpty(oldPassword) && SecurityUtils.matchesPassword(newPassword, oldPassword)) {
return AjaxResult.error("新密码不能与原密码相同!"); // return AjaxResult.error(500, "新密码不能与原密码相同!");
} // }
//
log.error("完成密码复杂度验证"); // log.error("完成密码复杂度验证");
return AjaxResult.success(); // return AjaxResult.success();
} // }
private boolean isPasswordLengthValid(String password) { private boolean isPasswordLengthValid(String password) {
return password.length() >= 6 && password.length() <= 16; return password.length() >= 6 && password.length() <= 16;
@ -450,9 +471,25 @@ public class CustInfoServiceImpl extends ServiceImpl<CustInfoMapper, CustInfo> i
ajaxResult.put("code", "500"); ajaxResult.put("code", "500");
} else { } else {
String newPassword = content.getNewPassword(); String newPassword = content.getNewPassword();
AjaxResult pwdCheckResult = validatePassword(null, newPassword); // 1. 检查密码长度
if (ajaxResult.isError()) { log.error("开始验证密码长度");
return pwdCheckResult; if (!isPasswordLengthValid(newPassword)) {
return AjaxResult.error(500, "密码长度应为6至16位");
}
// 2. 检查密码字符类型
log.error("开始验证密码字符");
if (!isPasswordCharacterValid(newPassword)) {
return AjaxResult.error(500, "密码必须包含大、小字母、数字、特殊字符!");
}
// 3. 检查常见弱密码
log.error("开始验证弱密码片段");
if (containsWeakPassword(newPassword.toLowerCase())) {
return AjaxResult.error(500, "密码包含常见的弱密码片段!");
}
// 4. 检查连续字符
log.error("开始验证密码连续字符");
if (containsConsecutiveCharacters(newPassword.toLowerCase(), 3)) {
return AjaxResult.error(500, "密码不能包含超过3位连续字符");
} }
BCryptPasswordEncoder bCrypt = new BCryptPasswordEncoder(); BCryptPasswordEncoder bCrypt = new BCryptPasswordEncoder();
String password = bCrypt.encode(newPassword); String password = bCrypt.encode(newPassword);