代码提交
This commit is contained in:
parent
0791df7b71
commit
00896cb344
|
|
@ -189,7 +189,7 @@ public class SysUserController extends BaseController {
|
|||
userService.checkUserDataScope(user.getUserId());
|
||||
String s = WeakPasswordChecker.checkWeakPasswordAndGetMatch(user.getPassword());
|
||||
if (s != null) {
|
||||
return error("含有弱密码:" + s + ",请重新修改密码");
|
||||
return error(s);
|
||||
}
|
||||
user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
|
||||
user.setUpdateBy(getUsername());
|
||||
|
|
|
|||
|
|
@ -2,10 +2,8 @@ package com.bonus.web.core.config;
|
|||
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.HashSet;
|
||||
import java.util.*;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* 密码弱密码校验工具类(仅校验是否为常见弱密码)
|
||||
|
|
@ -13,8 +11,7 @@ import java.util.HashSet;
|
|||
@Component
|
||||
public class WeakPasswordChecker {
|
||||
|
||||
// 存储原始弱密码列表(保持大小写,用于返回提示)
|
||||
private static final List<String> ORIGINAL_WEAK_PASSWORDS = Arrays.asList(
|
||||
private static final List<String> WEAK_PASSWORDS = Arrays.asList(
|
||||
"123456",
|
||||
"123456789",
|
||||
"password",
|
||||
|
|
@ -42,38 +39,30 @@ public class WeakPasswordChecker {
|
|||
"admin123"
|
||||
);
|
||||
|
||||
// 使用 Set 存储小写版本,用于高效查找(O(1) 时间复杂度)
|
||||
private static final Set<String> WEAK_PASSWORDS_SET = new HashSet<>();
|
||||
// 使用 Map 存储:小写密码 -> 原始密码(用于快速查找 + 返回原始格式)
|
||||
private static final Map<String, String> WEAK_PASSWORD_MAP = WEAK_PASSWORDS.stream()
|
||||
.collect(Collectors.toMap(
|
||||
String::toLowerCase,
|
||||
pwd -> pwd,
|
||||
(existing, replacement) -> existing
|
||||
));
|
||||
|
||||
static {
|
||||
for (String pwd : ORIGINAL_WEAK_PASSWORDS) {
|
||||
WEAK_PASSWORDS_SET.add(pwd.toLowerCase());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 校验密码是否为常见弱密码,并返回匹配到的具体弱密码。
|
||||
*
|
||||
* @param password 待校验的密码
|
||||
* @return 如果是弱密码,返回匹配的原始弱密码(如 "password");
|
||||
* 如果不是弱密码或输入为空,返回 null。
|
||||
*/
|
||||
public static String checkWeakPasswordAndGetMatch(String password) {
|
||||
|
||||
String lowerCaseInput = password.toLowerCase();
|
||||
|
||||
// 快速检查是否存在于弱密码集合中
|
||||
if (WEAK_PASSWORDS_SET.contains(lowerCaseInput)) {
|
||||
// 找到匹配,遍历原始列表返回原始格式的密码
|
||||
for (String original : ORIGINAL_WEAK_PASSWORDS) {
|
||||
if (original.equalsIgnoreCase(password)) {
|
||||
return original;
|
||||
}
|
||||
}
|
||||
if (password == null || password.length() < 8 || password.length() > 20) {
|
||||
return "密码长度必须为 8-20 位";
|
||||
}
|
||||
|
||||
// 未找到匹配
|
||||
String lowerPwd = password.toLowerCase();
|
||||
|
||||
if (WEAK_PASSWORD_MAP.containsKey(lowerPwd)) {
|
||||
String originalWeak = WEAK_PASSWORD_MAP.get(lowerPwd);
|
||||
return "密码过于简单,避免使用如 '" + originalWeak + "' 类密码";
|
||||
}
|
||||
|
||||
// 正则:必须包含 小写、大写、数字、特殊字符
|
||||
if (!password.matches("^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[^\\w\\s]).+$")) {
|
||||
return "密码必须包含:小写字母、大写字母、数字、特殊字符";
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue