From 11e19452173879abb440bb25941453334ffab79f Mon Sep 17 00:00:00 2001
From: "liang.chao" <1360241448@qq.com>
Date: Tue, 30 Sep 2025 11:17:43 +0800
Subject: [PATCH] =?UTF-8?q?=E5=BC=B1=E5=AF=86=E7=A0=81=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/system/SysUserController.java  |  5 ++
 .../web/core/config/WeakPasswordChecker.java  | 79 +++++++++++++++++++
 2 files changed, 84 insertions(+)
 create mode 100644 bonus-admin/src/main/java/com/bonus/web/core/config/WeakPasswordChecker.java

diff --git a/bonus-admin/src/main/java/com/bonus/web/controller/system/SysUserController.java b/bonus-admin/src/main/java/com/bonus/web/controller/system/SysUserController.java
index 2544129..321a5bb 100644
--- a/bonus-admin/src/main/java/com/bonus/web/controller/system/SysUserController.java
+++ b/bonus-admin/src/main/java/com/bonus/web/controller/system/SysUserController.java
@@ -9,6 +9,7 @@ import com.bonus.common.annotation.SysLog;
 import com.bonus.common.enums.OperaType;
 import com.bonus.common.utils.DesensitizedUtil;
 import com.bonus.common.utils.encryption.Sm4Utils;
+import com.bonus.web.core.config.WeakPasswordChecker;
 import org.apache.commons.lang3.ArrayUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
@@ -186,6 +187,10 @@ public class SysUserController extends BaseController {
     public AjaxResult resetPwd(@RequestBody SysUser user) {
         userService.checkUserAllowed(user);
         userService.checkUserDataScope(user.getUserId());
+        String s = WeakPasswordChecker.checkWeakPasswordAndGetMatch(user.getPassword());
+        if (s != null) {
+            return error("含有弱密码：" + s + "，请重新修改密码");
+        }
         user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
         user.setUpdateBy(getUsername());
         return toAjax(userService.resetPwd(user));
diff --git a/bonus-admin/src/main/java/com/bonus/web/core/config/WeakPasswordChecker.java b/bonus-admin/src/main/java/com/bonus/web/core/config/WeakPasswordChecker.java
new file mode 100644
index 0000000..4dcdfe7
--- /dev/null
+++ b/bonus-admin/src/main/java/com/bonus/web/core/config/WeakPasswordChecker.java
@@ -0,0 +1,79 @@
+package com.bonus.web.core.config;
+
+import org.springframework.stereotype.Component;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Set;
+import java.util.HashSet;
+
+/**
+ * 密码弱密码校验工具类（仅校验是否为常见弱密码）
+ */
+@Component
+public class WeakPasswordChecker {
+
+    // 存储原始弱密码列表（保持大小写，用于返回提示）
+    private static final List<String> ORIGINAL_WEAK_PASSWORDS = Arrays.asList(
+            "123456",
+            "123456789",
+            "password",
+            "12345678",
+            "12345",
+            "1234567",
+            "1234567890",
+            "qwerty",
+            "abc123",
+            "111111",
+            "admin",
+            "letmein",
+            "monkey",
+            "welcome",
+            "123123",
+            "login",
+            "princess",
+            "dragon",
+            "sunshine",
+            "iloveyou",
+            "starwars",
+            "football",
+            "123qwe",
+            "password1",
+            "admin123"
+    );
+
+    // 使用 Set 存储小写版本，用于高效查找（O(1) 时间复杂度）
+    private static final Set<String> WEAK_PASSWORDS_SET = new HashSet<>();
+
+    static {
+        for (String pwd : ORIGINAL_WEAK_PASSWORDS) {
+            WEAK_PASSWORDS_SET.add(pwd.toLowerCase());
+        }
+    }
+
+    /**
+     * 校验密码是否为常见弱密码，并返回匹配到的具体弱密码。
+     *
+     * @param password 待校验的密码
+     * @return 如果是弱密码，返回匹配的原始弱密码（如 "password"）；
+     * 如果不是弱密码或输入为空，返回 null。
+     */
+    public static String checkWeakPasswordAndGetMatch(String password) {
+
+        String lowerCaseInput = password.toLowerCase();
+
+        // 快速检查是否存在于弱密码集合中
+        if (WEAK_PASSWORDS_SET.contains(lowerCaseInput)) {
+            // 找到匹配，遍历原始列表返回原始格式的密码
+            for (String original : ORIGINAL_WEAK_PASSWORDS) {
+                if (original.equalsIgnoreCase(password)) {
+                    return original;
+                }
+            }
+        }
+
+        // 未找到匹配
+        return null;
+    }
+
+}