密码策略8-20位, 字母/数字/字符支持

src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java

@@ -266,7 +266,7 @@ public class UserController implements IBaseController {
         }
         if (PasswordUtil.validPwd(password)) {
             log.info("用户注册失败，密码长度须在6位至12位之间：register -> registerFrom:{}, phoneNo:{}, password:{}", registerFrom, phoneNo, password);
-            return JsonResult.buildErrorStateResult("密码应为6-12位", null);
+            return JsonResult.buildErrorStateResult("8~20位，不能仅包含数字，字母，字符", null);
         }
         if (null == registerFrom) {
             registerFrom = 1L;
@@ -338,7 +338,7 @@ public class UserController implements IBaseController {
             return JsonResult.buildErrorStateResult("密码不能为空", null);
         }
         if (PasswordUtil.validPwd(password)) {
-            return JsonResult.buildErrorStateResult("密码应为6-12位", null);
+            return JsonResult.buildErrorStateResult("8~20位，不能仅包含数字，字母，字符", null);
         }
         verifyPhoneAndCode(phoneNo, verificationCode);
         if (!userService.exist(phoneNo)) {
@@ -367,7 +367,7 @@ public class UserController implements IBaseController {
             return JsonResult.buildErrorStateResult("密码不能为空", null);
         }
         if (PasswordUtil.validPwd(password)) {
-            return JsonResult.buildErrorStateResult("密码应为6-12位", null);
+            return JsonResult.buildErrorStateResult("8~20位，不能仅包含数字，字母，字符", null);
         }
         User user = userService.findByPhoneWithCache(phoneNo);
         if (Objects.isNull(user)) {

src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java

@@ -1364,7 +1364,7 @@ public class InnerController implements IBaseController {
     public JsonResult resetPassword(@RequestParam("phone") String phone, @RequestParam(required = false) String password) {
         if (ValidationUtil.validatePhoneNo(phone)) {
             if (PasswordUtil.validPwd(password)) {
-                return JsonResult.buildErrorStateResult("密码应为6-12位", null);
+                return JsonResult.buildErrorStateResult("8~20位，不能仅包含数字，字母，字符", null);
             }
             try {
                 // 默认重置的密码是123456

src/main/java/cn/quantgroup/xyqb/util/PasswordUtil.java

@@ -82,7 +82,7 @@ public class PasswordUtil {
      * @return
      */
     public static boolean validPwd(String password) {
-        return Objects.nonNull(password) && (password.length() < 6 || password.length() > 12);
+        return ValidationUtil.validatePassword(password);
     }
 
 }

src/main/java/cn/quantgroup/xyqb/util/ValidationUtil.java

@@ -24,10 +24,12 @@ public class ValidationUtil {
     private static final String localIpv4RegExp = "^((172\\.(1[0-6]|2[0-9]|3[01]))|(192\\.168|169\\.254)|((127|10)\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)))(\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)){2}$";
     private static final String tokenRegExp = "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$";
     public static final String numberRegExp = "^([0-9]+)((,|;)+[0-9]+)*$";
+    private static final String pwdRegExp = "^(?![A-Za-z]+$)(?!\\d+$)(?![\\W_]+$)\\S{8,20}$";
 
     public static final String numberFilterRegExp = "(\\s*(,|;))+";
 
     private static final Pattern phonePattern = Pattern.compile(phoneRegExp);
+    private static final Pattern passwordPattern = Pattern.compile(pwdRegExp);
     private static final Pattern chinesePattern = Pattern.compile(chineseNameRegExp);
     private static final Pattern chineseExtendPattern = Pattern.compile(chineseNameExtendRegExp);
     private static final Pattern ipv4Pattern = Pattern.compile(ipv4RegExp);
@@ -129,6 +131,14 @@ public class ValidationUtil {
         return matcher.find();
     }
 
+    public static boolean validatePassword(String password){
+        if (StringUtils.isBlank(password)){
+            return false;
+        }
+        Matcher matcher = passwordPattern.matcher(password);
+        return matcher.find();
+    }
+
     /**
      * 过滤掉合法的多个数值串间的空白值
      *