Skip to content

X
xyqb-user2
Commit bfb3b2f0 authored by 技术部-任文超's avatar 技术部-任文超
Browse files
Options

App迭代实名提示和修改密码

parent 44c44e43
Hide whitespace changes
Inline Side-by-side
Showing with 39 additions and 64 deletions
src/main/java/cn/quantgroup/xyqb/Constants.java
View file @ bfb3b2f0
......@@ -8,7 +8,6 @@ public interface Constants {
// zero fill with 4 chars...
String ZERO_FILL_TEMPLATE = "%04d";
String PASSWORD_SALT = "_lkb";
String IMAGE_CAPTCHA_KEY = "img_captcha:";
String REDIS_CAPTCHA_KEY = "auth:";
String REDIS_PREFIX_VERIFICATION_CODE = "verificationCode_";
......
src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
View file @ bfb3b2f0
package cn.quantgroup.xyqb.controller.external;
import cn.quantgroup.tech.util.TechEnvironment;
import cn.quantgroup.xyqb.Constants;
import cn.quantgroup.xyqb.aspect.accessable.IpValidator;
import cn.quantgroup.xyqb.aspect.captcha.CaptchaFiniteValidator;
......@@ -264,9 +263,9 @@ public class UserController implements IBaseController {
log.info("用户注册失败,密码不能为空:register -> registerFrom:{}, phoneNo:{}, password:{}", registerFrom, phoneNo, password);
return JsonResult.buildErrorStateResult("密码不能为空", null);
}
if (PasswordUtil.validPwd(password)) {
log.info("用户注册失败,密码长度须在6位至12位之间:register -> registerFrom:{}, phoneNo:{}, password:{}", registerFrom, phoneNo, password);
return JsonResult.buildErrorStateResult("8~20位,不能仅包含数字,字母,字符", null);
if (ValidationUtil.validatePassword(password)) {
log.info("用户注册失败,{}:register -> registerFrom:{}, phoneNo:{}, password:{}", PasswordUtil.TOAST_MSG, registerFrom, phoneNo, password);
return JsonResult.buildErrorStateResult(PasswordUtil.TOAST_MSG, null);
}
if (null == registerFrom) {
registerFrom = 1L;
......@@ -337,8 +336,8 @@ public class UserController implements IBaseController {
if (StringUtils.isBlank(password)) {
return JsonResult.buildErrorStateResult("密码不能为空", null);
}
if (PasswordUtil.validPwd(password)) {
return JsonResult.buildErrorStateResult("8~20位,不能仅包含数字,字母,字符", null);
if (ValidationUtil.validatePassword(password)) {
return JsonResult.buildErrorStateResult(PasswordUtil.TOAST_MSG, null);
}
verifyPhoneAndCode(phoneNo, verificationCode);
if (!userService.exist(phoneNo)) {
......@@ -366,8 +365,8 @@ public class UserController implements IBaseController {
if (StringUtils.isBlank(passwordNew)) {
return JsonResult.buildErrorStateResult("密码不能为空", null);
}
if (PasswordUtil.validPwd(password)) {
return JsonResult.buildErrorStateResult("8~20位,不能仅包含数字,字母,字符", null);
if (ValidationUtil.validatePassword(password)) {
return JsonResult.buildErrorStateResult(PasswordUtil.TOAST_MSG, null);
}
User user = userService.findByPhoneWithCache(phoneNo);
if (Objects.isNull(user)) {
......@@ -382,7 +381,7 @@ public class UserController implements IBaseController {
if (StringUtils.isBlank(user.getPassword()) ^ StringUtils.isBlank(password)) {
return JsonResult.buildErrorStateResult("修改密码失败", null);
}
if (StringUtils.isNotBlank(user.getPassword()) && !validatePassword(password, user.getPassword())) {
if (StringUtils.isNotBlank(user.getPassword()) && !PasswordUtil.validatePassword(password, user.getPassword())) {
return JsonResult.buildErrorStateResult("修改密码失败", null);
}
if (!userService.resetPassword(phoneNo, passwordNew)) {
......@@ -494,7 +493,7 @@ public class UserController implements IBaseController {
return null;
}
//验证密码
if (!validatePassword(pass, user.getPassword())) {
if (!PasswordUtil.validatePassword(pass, user.getPassword())) {
// 向该ipv4添加错误计数器
lockIpv4Service.countErrorByIpv4(clientIp);
// 向该phoneNo添加错误计数器
......@@ -506,21 +505,6 @@ public class UserController implements IBaseController {
return user;
}
/**
* 账密登陆
*
* @param paramPass 不允许空密码
* @param targetPassword
* @return
*/
private boolean validatePassword(String paramPass, String targetPassword) {
if(StringUtils.isBlank(paramPass)){
return false;
}
String thePassword = PasswordUtil.MD5(paramPass.toLowerCase() + Constants.PASSWORD_SALT);
return Objects.equals(thePassword, targetPassword);
}
private JsonResult loginWithUserId(Long channelId, String appChannel, Long createdFrom, String userId, Merchant merchant, String dimension, HttpServletRequest request) {
//查询用户
User user = userService.findByUuidInDb(userId);
......
src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java
View file @ bfb3b2f0
......@@ -1152,28 +1152,6 @@ public class InnerController implements IBaseController {
return JsonResult.buildSuccessResult(null, userList);
}
private String genRandomPwd() {
int pwdMax = PWD_BASE.length;
// 生成的随机数
int i;
// 生成的密码的长度
int count = 0;
StringBuilder pwd = new StringBuilder();
Random r = new Random();
while (count < 15) {
// 生成的数最大为36-1
i = Math.abs(r.nextInt(pwdMax));
if (i >= 0 && i < PWD_BASE.length) {
pwd.append(PWD_BASE[i]);
count++;
}
}
String password = pwd.toString();
// 加密保存
password = PasswordUtil.MD5(password.toLowerCase() + Constants.PASSWORD_SALT);
return password;
}
/**
* 技术网关 - 验证手机号和验证码是否匹配
* 仅供可信任的内部服务调用,不执行限次记数、销毁等安全策略
......@@ -1268,7 +1246,7 @@ public class InnerController implements IBaseController {
return null;
}
//验证密码
if (!Objects.equals(PasswordUtil.MD5(bufPassword.toLowerCase() + Constants.PASSWORD_SALT), user.getPassword())) {
if (!PasswordUtil.validatePassword(bufPassword, user.getPassword())) {
return null;
}
return user;
......@@ -1363,12 +1341,14 @@ public class InnerController implements IBaseController {
@RequestMapping(path = "/user/password/reset", method = RequestMethod.POST)
public JsonResult resetPassword(@RequestParam("phone") String phone, @RequestParam(required = false) String password) {
if (ValidationUtil.validatePhoneNo(phone)) {
if (PasswordUtil.validPwd(password)) {
return JsonResult.buildErrorStateResult("8~20位,不能仅包含数字,字母,字符", null);
if (StringUtils.isNotBlank(password) && !ValidationUtil.validatePassword(password)) {
return JsonResult.buildErrorStateResult(PasswordUtil.TOAST_MSG, null);
}
// 默认重置的密码是123456
if(StringUtils.isBlank(password)){
password = PasswordUtil.PASSWORD_DEFAULT;
}
try {
// 默认重置的密码是123456
password = StringUtils.isBlank(password) ? "123456" : password;
boolean result = userService.resetPassword(phone, password);
log.info("重置用户密码,phoneNo:[{}],password:[{}],result:[{}]", phone, password, result);
if (result) {
......
src/main/java/cn/quantgroup/xyqb/service/user/impl/UserServiceImpl.java
View file @ bfb3b2f0
......@@ -130,16 +130,15 @@ public class UserServiceImpl implements IUserService {
@Override
@CacheEvict(value = "usercache", key = "'xyqbuser' + #phoneNo", cacheManager = "cacheManager")
public boolean resetPassword(String phoneNo, String password) {
User user = userRepository.findByPhoneNo(phoneNo);
if (user == null) {
throw new RuntimeException("用户[" + phoneNo + "]不存在");
}
user.setUpdatedAt(new Timestamp(System.currentTimeMillis()));
user.setPassword(PasswordUtil.MD5(password.toLowerCase() + Constants.PASSWORD_SALT));
user.setPassword(PasswordUtil.MD5WithSalt(password));
user = userRepository.save(user);
stringRedisTemplate.expire("usercache:xyqbuser" + phoneNo, 1L, TimeUnit.MILLISECONDS);
return StringUtils.equals(PasswordUtil.MD5(password.toLowerCase() + Constants.PASSWORD_SALT), user.getPassword());
return PasswordUtil.validatePassword(password, user.getPassword());
}
......
src/main/java/cn/quantgroup/xyqb/util/PasswordUtil.java
View file @ bfb3b2f0
package cn.quantgroup.xyqb.util;
import cn.quantgroup.xyqb.Constants;
import com.google.common.base.Preconditions;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang.StringUtils;
import java.security.MessageDigest;
import java.util.Objects;
......@@ -12,6 +11,9 @@ import java.util.concurrent.ThreadLocalRandom;
* Created by Miraculous on 15/7/5.
*/
public class PasswordUtil {
private static final String PASSWORD_SALT = "_lkb";
public static final String PASSWORD_DEFAULT = "123456";
public static final String TOAST_MSG = "8~20位,不能仅包含数字,字母,字符";
private static final char[] HEX_DIGITS = {
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
......@@ -27,7 +29,7 @@ public class PasswordUtil {
if(Objects.isNull(s)){
return null;
}
return MD5(s.toLowerCase() + Constants.PASSWORD_SALT);
return MD5(s.toLowerCase() + PASSWORD_SALT);
}
public final static String MD5(String s) {
......@@ -76,13 +78,18 @@ public class PasswordUtil {
}
/**
* 校验密码是否合法
* 校验密码是否合法 - 不允许空密码
*
* @param password
* @param password 请求密码
* @param targetPassword 参照密码
* @return
*/
public static boolean validPwd(String password) {
return ValidationUtil.validatePassword(password);
public static boolean validatePassword(String password, String targetPassword) {
if(StringUtils.isBlank(password)){
return false;
}
String thePassword = MD5WithSalt(password);
return Objects.equals(thePassword, targetPassword);
}
}
src/main/java/cn/quantgroup/xyqb/util/ValidationUtil.java
View file @ bfb3b2f0
......@@ -24,7 +24,7 @@ public class ValidationUtil {
private static final String localIpv4RegExp = "^((172\\.(1[0-6]|2[0-9]|3[01]))|(192\\.168|169\\.254)|((127|10)\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)))(\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)){2}$";
private static final String tokenRegExp = "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$";
public static final String numberRegExp = "^([0-9]+)((,|;)+[0-9]+)*$";
private static final String pwdRegExp = "^(?![A-Za-z]+$)(?!\\d+$)(?![\\W_]+$)\\S{8,20}$";
private static final String pwdRegExp = "^(?![A-Za-z]+$)(?!\\d+$)(?![\\W_]+$)[\\x21-\\x7f]{8,20}$";
public static final String numberFilterRegExp = "(\\s*(,|;))+";
......@@ -131,6 +131,12 @@ public class ValidationUtil {
return matcher.find();
}
/**
* 是否是合法的密码字符串
*
* @param password
* @return
*/
public static boolean validatePassword(String password){
if (StringUtils.isBlank(password)){
return false;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment