From 00896cb34476ad0eba533788280711b77bb497f1 Mon Sep 17 00:00:00 2001 From: "liang.chao" <1360241448@qq.com> Date: Tue, 30 Sep 2025 16:34:11 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BB=A3=E7=A0=81=E6=8F=90=E4=BA=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/system/SysUserController.java | 2 +- .../web/core/config/WeakPasswordChecker.java | 57 ++++++++----------- 2 files changed, 24 insertions(+), 35 deletions(-) diff --git a/bonus-admin/src/main/java/com/bonus/web/controller/system/SysUserController.java b/bonus-admin/src/main/java/com/bonus/web/controller/system/SysUserController.java index b39472c..dca4c40 100644 --- a/bonus-admin/src/main/java/com/bonus/web/controller/system/SysUserController.java +++ b/bonus-admin/src/main/java/com/bonus/web/controller/system/SysUserController.java @@ -189,7 +189,7 @@ public class SysUserController extends BaseController { userService.checkUserDataScope(user.getUserId()); String s = WeakPasswordChecker.checkWeakPasswordAndGetMatch(user.getPassword()); if (s != null) { - return error("含有弱密码:" + s + ",请重新修改密码"); + return error(s); } user.setPassword(SecurityUtils.encryptPassword(user.getPassword())); user.setUpdateBy(getUsername()); diff --git a/bonus-admin/src/main/java/com/bonus/web/core/config/WeakPasswordChecker.java b/bonus-admin/src/main/java/com/bonus/web/core/config/WeakPasswordChecker.java index 4dcdfe7..6e40fe6 100644 --- a/bonus-admin/src/main/java/com/bonus/web/core/config/WeakPasswordChecker.java +++ b/bonus-admin/src/main/java/com/bonus/web/core/config/WeakPasswordChecker.java @@ -2,10 +2,8 @@ package com.bonus.web.core.config; import org.springframework.stereotype.Component; -import java.util.Arrays; -import java.util.List; -import java.util.Set; -import java.util.HashSet; +import java.util.*; +import java.util.stream.Collectors; /** * 密码弱密码校验工具类(仅校验是否为常见弱密码) @@ -13,8 +11,7 @@ import java.util.HashSet; @Component public class WeakPasswordChecker { - // 存储原始弱密码列表(保持大小写,用于返回提示) - private static final List ORIGINAL_WEAK_PASSWORDS = Arrays.asList( + private static final List WEAK_PASSWORDS = Arrays.asList( "123456", "123456789", "password", @@ -42,38 +39,30 @@ public class WeakPasswordChecker { "admin123" ); - // 使用 Set 存储小写版本,用于高效查找(O(1) 时间复杂度) - private static final Set WEAK_PASSWORDS_SET = new HashSet<>(); + // 使用 Map 存储:小写密码 -> 原始密码(用于快速查找 + 返回原始格式) + private static final Map WEAK_PASSWORD_MAP = WEAK_PASSWORDS.stream() + .collect(Collectors.toMap( + String::toLowerCase, + pwd -> pwd, + (existing, replacement) -> existing + )); - static { - for (String pwd : ORIGINAL_WEAK_PASSWORDS) { - WEAK_PASSWORDS_SET.add(pwd.toLowerCase()); - } - } - - /** - * 校验密码是否为常见弱密码,并返回匹配到的具体弱密码。 - * - * @param password 待校验的密码 - * @return 如果是弱密码,返回匹配的原始弱密码(如 "password"); - * 如果不是弱密码或输入为空,返回 null。 - */ public static String checkWeakPasswordAndGetMatch(String password) { - - String lowerCaseInput = password.toLowerCase(); - - // 快速检查是否存在于弱密码集合中 - if (WEAK_PASSWORDS_SET.contains(lowerCaseInput)) { - // 找到匹配,遍历原始列表返回原始格式的密码 - for (String original : ORIGINAL_WEAK_PASSWORDS) { - if (original.equalsIgnoreCase(password)) { - return original; - } - } + if (password == null || password.length() < 8 || password.length() > 20) { + return "密码长度必须为 8-20 位"; } - // 未找到匹配 + String lowerPwd = password.toLowerCase(); + + if (WEAK_PASSWORD_MAP.containsKey(lowerPwd)) { + String originalWeak = WEAK_PASSWORD_MAP.get(lowerPwd); + return "密码过于简单,避免使用如 '" + originalWeak + "' 类密码"; + } + + // 正则:必须包含 小写、大写、数字、特殊字符 + if (!password.matches("^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[^\\w\\s]).+$")) { + return "密码必须包含:小写字母、大写字母、数字、特殊字符"; + } return null; } - }