Начало Каталог Помощ
Вход
dromara
/
MaxKey
огледало от https://gitee.com/dromara/MaxKey.git
2
0
Разклонения 0
Файлове Задачи 0 Уики
Преглед на файлове

新增密码强度

shibanglin преди 2 години
родител
9abc0f43bd
ревизия
2f2ecf363f
променени са 2 файла, в които са добавени 80 реда и са изтрити 28 реда
Разделен изглед Покажи статистика за разликите
  1. 41 23
      maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ChangePasswodController.java
  2. 39 5
      maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java

+ 41 - 23
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ChangePasswodController.java
Целия файл 

@@ -1,19 +1,19 @@
 
 /*
 
  * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
 
- * 
+ *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
  * You may obtain a copy of the License at
 
- * 
+ *
 
  *     http://www.apache.org/licenses/LICENSE-2.0
 
- * 
+ *
 
  * Unless required by applicable law or agreed to in writing, software
 
  * distributed under the License is distributed on an "AS IS" BASIS,
 
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
  * See the License for the specific language governing permissions and
 
  * limitations under the License.
 
  */
 
- 
+
 
 
 package org.maxkey.web.contorller;
 
 
@@ -24,9 +24,13 @@ import org.maxkey.constants.ConstsOperateResult;
 
 import org.maxkey.constants.ConstsPasswordSetType;
 
 import org.maxkey.entity.ChangePassword;
 
 import org.maxkey.entity.Message;
 
+import org.maxkey.entity.PasswordPolicy;
 
 import org.maxkey.entity.UserInfo;
 
+import org.maxkey.persistence.repository.PasswordPolicyValidator;
 
 import org.maxkey.persistence.service.HistorySystemLogsService;
 
+import org.maxkey.persistence.service.PasswordPolicyService;
 
 import org.maxkey.persistence.service.UserInfoService;
 
+import org.maxkey.web.WebContext;
 
 import org.slf4j.Logger;
 
 import org.slf4j.LoggerFactory;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
@@ -41,34 +45,48 @@ import org.springframework.web.bind.annotation.ResponseBody;
 
 @RequestMapping(value={"/config"})
 
 public class ChangePasswodController {
 
 	final static Logger _logger = LoggerFactory.getLogger(ChangePasswodController.class);
 
-	
+
 
 	@Autowired
 
 	private UserInfoService userInfoService;
 
-	
+
 
 	@Autowired
 
 	HistorySystemLogsService systemLog;
 
-	
+
 
+	@Autowired
 
+	private PasswordPolicyService passwordPolicyService;
 
+
 
+	@RequestMapping(value={"/passwordpolicy"}, produces = {MediaType.APPLICATION_JSON_VALUE})
 
+	public ResponseEntity<?> passwordpolicy(@CurrentUser UserInfo currentUser){
 
+		PasswordPolicy passwordPolicy = passwordPolicyService.get(currentUser.getInstId());
 
+		//构建密码强度说明
 
+		passwordPolicy.buildMessage();
 
+		return new Message<PasswordPolicy>(passwordPolicy).buildResponse();
 
+	}
 
+
 
+
 
 	@ResponseBody
 
 	@RequestMapping(value = { "/changePassword" }, produces = {MediaType.APPLICATION_JSON_VALUE})
 
 	public ResponseEntity<?> changePasswod(
 
 			@RequestBody ChangePassword changePassword,
 
 			@CurrentUser UserInfo currentUser) {
 
-		
-			changePassword.setUserId(currentUser.getId());
 
-			changePassword.setUsername(currentUser.getUsername());
 
-			changePassword.setInstId(currentUser.getInstId());
 
-			changePassword.setPasswordSetType(ConstsPasswordSetType.PASSWORD_NORMAL);
 
-			if(userInfoService.changePassword(changePassword)) {
 
-				systemLog.insert(
 
-						ConstsEntryType.USERINFO, 
-						changePassword, 
-						ConstsOperateAction.CHANGE_PASSWORD, 
-						ConstsOperateResult.SUCCESS, 
-						currentUser);
 
-				return new Message<ChangePassword>().buildResponse();
 
-			}else {
 
-				return new Message<ChangePassword>(Message.ERROR).buildResponse();
 
-			}	
+
 
+		changePassword.setUserId(currentUser.getId());
 
+		changePassword.setUsername(currentUser.getUsername());
 
+		changePassword.setInstId(currentUser.getInstId());
 
+		changePassword.setPasswordSetType(ConstsPasswordSetType.PASSWORD_NORMAL);
 
+		if(userInfoService.changePassword(changePassword)) {
 
+			systemLog.insert(
 
+					ConstsEntryType.USERINFO,
 
+					changePassword,
 
+					ConstsOperateAction.CHANGE_PASSWORD,
 
+					ConstsOperateResult.SUCCESS,
 
+					currentUser);
 
+			return new Message<ChangePassword>().buildResponse();
 
+		}else {
 
+			String message = (String) WebContext.getAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT);
 
+			_logger.info("-message:",message);
 
+			return new Message<ChangePassword>(Message.ERROR,message).buildResponse();
 
+		}
 
 	}
 
 
 }

+ 39 - 5
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java
Целия файл 

@@ -24,11 +24,14 @@ import org.maxkey.authn.jwt.AuthTokenService;
 
 import org.maxkey.configuration.EmailConfig;
 
 import org.maxkey.entity.ChangePassword;
 
 import org.maxkey.entity.Message;
 
+import org.maxkey.entity.PasswordPolicy;
 
 import org.maxkey.entity.UserInfo;
 
 import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
 
 import org.maxkey.password.onetimepwd.MailOtpAuthnService;
 
 import org.maxkey.password.sms.SmsOtpAuthnService;
 
+import org.maxkey.persistence.service.PasswordPolicyService;
 
 import org.maxkey.persistence.service.UserInfoService;
 
+import org.maxkey.web.WebContext;
 
 import org.slf4j.Logger;
 
 import org.slf4j.LoggerFactory;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
@@ -78,11 +81,42 @@ public class ForgotPasswordContorller {
 
     
     @Autowired
 
     SmsOtpAuthnService smsOtpAuthnService;
 
-    
- 
-    
-    
-    @ResponseBody
 
+
 
+
 
+	@Autowired
 
+	private PasswordPolicyService passwordPolicyService;
 
+
 
+	@RequestMapping(value={"/passwordpolicy"}, produces = {MediaType.APPLICATION_JSON_VALUE})
 
+	public ResponseEntity<?> passwordpolicy(){
 
+		PasswordPolicy passwordPolicy = passwordPolicyService.get(WebContext.getInst().getId());
 
+		//构建密码强度说明
 
+		passwordPolicy.buildMessage();
 
+		return new Message<PasswordPolicy>(passwordPolicy).buildResponse();
 
+	}
 
+
 
+
 
+	@ResponseBody
 
+	@RequestMapping(value = { "/validateCaptcha" }, produces = {MediaType.APPLICATION_JSON_VALUE})
 
+	public ResponseEntity<?> validateCaptcha(
 
+			@RequestParam String userId,
 
+			@RequestParam String state,
 
+			@RequestParam String captcha,
 
+			@RequestParam String otpCaptcha) {
 
+		_logger.debug("forgotpassword  /forgotpassword/validateCaptcha.");
 
+		_logger.debug(" userId {}: " ,userId);
 
+		UserInfo userInfo = userInfoService.get(userId);
 
+		if(userInfo != null) {
 
+			AbstractOtpAuthn smsOtpAuthn = smsOtpAuthnService.getByInstId(userInfo.getInstId());
 
+			if (otpCaptcha == null || !smsOtpAuthn.validate(userInfo, otpCaptcha)) {
 
+				return new Message<ChangePassword>(Message.FAIL).buildResponse();
 
+			}
 
+			return new Message<ChangePassword>(Message.SUCCESS).buildResponse();
 
+		}
 
+		return new Message<ChangePassword>(Message.FAIL).buildResponse();
 
+	}
 
+
 
+
 
+	@ResponseBody
 
 	@RequestMapping(value = { "/produceOtp" }, produces = {MediaType.APPLICATION_JSON_VALUE})
 
     public ResponseEntity<?> produceOtp(
 
     			@RequestParam String mobile,