Skip to content

X
xyqb-user2
Commit bfb3b2f0 authored by 技术部-任文超's avatar 技术部-任文超
Browse files
Options

App迭代实名提示和修改密码

parent 44c44e43
Hide whitespace changes
Inline Side-by-side
Showing with 39 additions and 64 deletions
src/main/java/cn/quantgroup/xyqb/Constants.java
View file @ bfb3b2f0
...@@ -8,7 +8,6 @@ public interface Constants { ...@@ -8,7 +8,6 @@ public interface Constants {
// zero fill with 4 chars... // zero fill with 4 chars...
String ZERO_FILL_TEMPLATE = "%04d"; String ZERO_FILL_TEMPLATE = "%04d";
String PASSWORD_SALT = "_lkb";
String IMAGE_CAPTCHA_KEY = "img_captcha:"; String IMAGE_CAPTCHA_KEY = "img_captcha:";
String REDIS_CAPTCHA_KEY = "auth:"; String REDIS_CAPTCHA_KEY = "auth:";
String REDIS_PREFIX_VERIFICATION_CODE = "verificationCode_"; String REDIS_PREFIX_VERIFICATION_CODE = "verificationCode_";
......
src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
View file @ bfb3b2f0
package cn.quantgroup.xyqb.controller.external; package cn.quantgroup.xyqb.controller.external;
import cn.quantgroup.tech.util.TechEnvironment;
import cn.quantgroup.xyqb.Constants; import cn.quantgroup.xyqb.Constants;
import cn.quantgroup.xyqb.aspect.accessable.IpValidator; import cn.quantgroup.xyqb.aspect.accessable.IpValidator;
import cn.quantgroup.xyqb.aspect.captcha.CaptchaFiniteValidator; import cn.quantgroup.xyqb.aspect.captcha.CaptchaFiniteValidator;
...@@ -264,9 +263,9 @@ public class UserController implements IBaseController { ...@@ -264,9 +263,9 @@ public class UserController implements IBaseController {
log.info("用户注册失败,密码不能为空:register -> registerFrom:{}, phoneNo:{}, password:{}", registerFrom, phoneNo, password); log.info("用户注册失败,密码不能为空:register -> registerFrom:{}, phoneNo:{}, password:{}", registerFrom, phoneNo, password);
return JsonResult.buildErrorStateResult("密码不能为空", null); return JsonResult.buildErrorStateResult("密码不能为空", null);
} }
if (PasswordUtil.validPwd(password)) { if (ValidationUtil.validatePassword(password)) {
log.info("用户注册失败,密码长度须在6位至12位之间:register -> registerFrom:{}, phoneNo:{}, password:{}", registerFrom, phoneNo, password); log.info("用户注册失败,{}:register -> registerFrom:{}, phoneNo:{}, password:{}", PasswordUtil.TOAST_MSG, registerFrom, phoneNo, password);
return JsonResult.buildErrorStateResult("8~20位,不能仅包含数字,字母,字符", null); return JsonResult.buildErrorStateResult(PasswordUtil.TOAST_MSG, null);
} }
if (null == registerFrom) { if (null == registerFrom) {
registerFrom = 1L; registerFrom = 1L;
...@@ -337,8 +336,8 @@ public class UserController implements IBaseController { ...@@ -337,8 +336,8 @@ public class UserController implements IBaseController {
if (StringUtils.isBlank(password)) { if (StringUtils.isBlank(password)) {
return JsonResult.buildErrorStateResult("密码不能为空", null); return JsonResult.buildErrorStateResult("密码不能为空", null);
} }
if (PasswordUtil.validPwd(password)) { if (ValidationUtil.validatePassword(password)) {
return JsonResult.buildErrorStateResult("8~20位,不能仅包含数字,字母,字符", null); return JsonResult.buildErrorStateResult(PasswordUtil.TOAST_MSG, null);
} }
verifyPhoneAndCode(phoneNo, verificationCode); verifyPhoneAndCode(phoneNo, verificationCode);
if (!userService.exist(phoneNo)) { if (!userService.exist(phoneNo)) {
...@@ -366,8 +365,8 @@ public class UserController implements IBaseController { ...@@ -366,8 +365,8 @@ public class UserController implements IBaseController {
if (StringUtils.isBlank(passwordNew)) { if (StringUtils.isBlank(passwordNew)) {
return JsonResult.buildErrorStateResult("密码不能为空", null); return JsonResult.buildErrorStateResult("密码不能为空", null);
} }
if (PasswordUtil.validPwd(password)) { if (ValidationUtil.validatePassword(password)) {
return JsonResult.buildErrorStateResult("8~20位,不能仅包含数字,字母,字符", null); return JsonResult.buildErrorStateResult(PasswordUtil.TOAST_MSG, null);
} }
User user = userService.findByPhoneWithCache(phoneNo); User user = userService.findByPhoneWithCache(phoneNo);
if (Objects.isNull(user)) { if (Objects.isNull(user)) {
...@@ -382,7 +381,7 @@ public class UserController implements IBaseController { ...@@ -382,7 +381,7 @@ public class UserController implements IBaseController {
if (StringUtils.isBlank(user.getPassword()) ^ StringUtils.isBlank(password)) { if (StringUtils.isBlank(user.getPassword()) ^ StringUtils.isBlank(password)) {
return JsonResult.buildErrorStateResult("修改密码失败", null); return JsonResult.buildErrorStateResult("修改密码失败", null);
} }
if (StringUtils.isNotBlank(user.getPassword()) && !validatePassword(password, user.getPassword())) { if (StringUtils.isNotBlank(user.getPassword()) && !PasswordUtil.validatePassword(password, user.getPassword())) {
return JsonResult.buildErrorStateResult("修改密码失败", null); return JsonResult.buildErrorStateResult("修改密码失败", null);
} }
if (!userService.resetPassword(phoneNo, passwordNew)) { if (!userService.resetPassword(phoneNo, passwordNew)) {
...@@ -494,7 +493,7 @@ public class UserController implements IBaseController { ...@@ -494,7 +493,7 @@ public class UserController implements IBaseController {
return null; return null;
} }
//验证密码 //验证密码
if (!validatePassword(pass, user.getPassword())) { if (!PasswordUtil.validatePassword(pass, user.getPassword())) {
// 向该ipv4添加错误计数器 // 向该ipv4添加错误计数器
lockIpv4Service.countErrorByIpv4(clientIp); lockIpv4Service.countErrorByIpv4(clientIp);
// 向该phoneNo添加错误计数器 // 向该phoneNo添加错误计数器
...@@ -506,21 +505,6 @@ public class UserController implements IBaseController { ...@@ -506,21 +505,6 @@ public class UserController implements IBaseController {
return user; return user;
} }
/**
* 账密登陆
*
* @param paramPass 不允许空密码
* @param targetPassword
* @return
*/
private boolean validatePassword(String paramPass, String targetPassword) {
if(StringUtils.isBlank(paramPass)){
return false;
}
String thePassword = PasswordUtil.MD5(paramPass.toLowerCase() + Constants.PASSWORD_SALT);
return Objects.equals(thePassword, targetPassword);
}
private JsonResult loginWithUserId(Long channelId, String appChannel, Long createdFrom, String userId, Merchant merchant, String dimension, HttpServletRequest request) { private JsonResult loginWithUserId(Long channelId, String appChannel, Long createdFrom, String userId, Merchant merchant, String dimension, HttpServletRequest request) {
//查询用户 //查询用户
User user = userService.findByUuidInDb(userId); User user = userService.findByUuidInDb(userId);
......
src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java
View file @ bfb3b2f0
...@@ -1152,28 +1152,6 @@ public class InnerController implements IBaseController { ...@@ -1152,28 +1152,6 @@ public class InnerController implements IBaseController {
return JsonResult.buildSuccessResult(null, userList); return JsonResult.buildSuccessResult(null, userList);
} }
private String genRandomPwd() {
int pwdMax = PWD_BASE.length;
// 生成的随机数
int i;
// 生成的密码的长度
int count = 0;
StringBuilder pwd = new StringBuilder();
Random r = new Random();
while (count < 15) {
// 生成的数最大为36-1
i = Math.abs(r.nextInt(pwdMax));
if (i >= 0 && i < PWD_BASE.length) {
pwd.append(PWD_BASE[i]);
count++;
}
}
String password = pwd.toString();
// 加密保存
password = PasswordUtil.MD5(password.toLowerCase() + Constants.PASSWORD_SALT);
return password;
}
/** /**
* 技术网关 - 验证手机号和验证码是否匹配 * 技术网关 - 验证手机号和验证码是否匹配
* 仅供可信任的内部服务调用,不执行限次记数、销毁等安全策略 * 仅供可信任的内部服务调用,不执行限次记数、销毁等安全策略
...@@ -1268,7 +1246,7 @@ public class InnerController implements IBaseController { ...@@ -1268,7 +1246,7 @@ public class InnerController implements IBaseController {
return null; return null;
} }
//验证密码 //验证密码
if (!Objects.equals(PasswordUtil.MD5(bufPassword.toLowerCase() + Constants.PASSWORD_SALT), user.getPassword())) { if (!PasswordUtil.validatePassword(bufPassword, user.getPassword())) {
return null; return null;
} }
return user; return user;
...@@ -1363,12 +1341,14 @@ public class InnerController implements IBaseController { ...@@ -1363,12 +1341,14 @@ public class InnerController implements IBaseController {
@RequestMapping(path = "/user/password/reset", method = RequestMethod.POST) @RequestMapping(path = "/user/password/reset", method = RequestMethod.POST)
public JsonResult resetPassword(@RequestParam("phone") String phone, @RequestParam(required = false) String password) { public JsonResult resetPassword(@RequestParam("phone") String phone, @RequestParam(required = false) String password) {
if (ValidationUtil.validatePhoneNo(phone)) { if (ValidationUtil.validatePhoneNo(phone)) {
if (PasswordUtil.validPwd(password)) { if (StringUtils.isNotBlank(password) && !ValidationUtil.validatePassword(password)) {
return JsonResult.buildErrorStateResult("8~20位,不能仅包含数字,字母,字符", null); return JsonResult.buildErrorStateResult(PasswordUtil.TOAST_MSG, null);
}
// 默认重置的密码是123456
if(StringUtils.isBlank(password)){
password = PasswordUtil.PASSWORD_DEFAULT;
} }
try { try {
// 默认重置的密码是123456
password = StringUtils.isBlank(password) ? "123456" : password;
boolean result = userService.resetPassword(phone, password); boolean result = userService.resetPassword(phone, password);
log.info("重置用户密码,phoneNo:[{}],password:[{}],result:[{}]", phone, password, result); log.info("重置用户密码,phoneNo:[{}],password:[{}],result:[{}]", phone, password, result);
if (result) { if (result) {
......
src/main/java/cn/quantgroup/xyqb/service/user/impl/UserServiceImpl.java
View file @ bfb3b2f0
...@@ -130,16 +130,15 @@ public class UserServiceImpl implements IUserService { ...@@ -130,16 +130,15 @@ public class UserServiceImpl implements IUserService {
@Override @Override
@CacheEvict(value = "usercache", key = "'xyqbuser' + #phoneNo", cacheManager = "cacheManager") @CacheEvict(value = "usercache", key = "'xyqbuser' + #phoneNo", cacheManager = "cacheManager")
public boolean resetPassword(String phoneNo, String password) { public boolean resetPassword(String phoneNo, String password) {
User user = userRepository.findByPhoneNo(phoneNo); User user = userRepository.findByPhoneNo(phoneNo);
if (user == null) { if (user == null) {
throw new RuntimeException("用户[" + phoneNo + "]不存在"); throw new RuntimeException("用户[" + phoneNo + "]不存在");
} }
user.setUpdatedAt(new Timestamp(System.currentTimeMillis())); user.setUpdatedAt(new Timestamp(System.currentTimeMillis()));
user.setPassword(PasswordUtil.MD5(password.toLowerCase() + Constants.PASSWORD_SALT)); user.setPassword(PasswordUtil.MD5WithSalt(password));
user = userRepository.save(user); user = userRepository.save(user);
stringRedisTemplate.expire("usercache:xyqbuser" + phoneNo, 1L, TimeUnit.MILLISECONDS); stringRedisTemplate.expire("usercache:xyqbuser" + phoneNo, 1L, TimeUnit.MILLISECONDS);
return StringUtils.equals(PasswordUtil.MD5(password.toLowerCase() + Constants.PASSWORD_SALT), user.getPassword()); return PasswordUtil.validatePassword(password, user.getPassword());
} }
......
src/main/java/cn/quantgroup/xyqb/util/PasswordUtil.java
View file @ bfb3b2f0
package cn.quantgroup.xyqb.util; package cn.quantgroup.xyqb.util;
import cn.quantgroup.xyqb.Constants;
import com.google.common.base.Preconditions; import com.google.common.base.Preconditions;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang.StringUtils;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.util.Objects; import java.util.Objects;
...@@ -12,6 +11,9 @@ import java.util.concurrent.ThreadLocalRandom; ...@@ -12,6 +11,9 @@ import java.util.concurrent.ThreadLocalRandom;
* Created by Miraculous on 15/7/5. * Created by Miraculous on 15/7/5.
*/ */
public class PasswordUtil { public class PasswordUtil {
private static final String PASSWORD_SALT = "_lkb";
public static final String PASSWORD_DEFAULT = "123456";
public static final String TOAST_MSG = "8~20位,不能仅包含数字,字母,字符";
private static final char[] HEX_DIGITS = { private static final char[] HEX_DIGITS = {
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
...@@ -27,7 +29,7 @@ public class PasswordUtil { ...@@ -27,7 +29,7 @@ public class PasswordUtil {
if(Objects.isNull(s)){ if(Objects.isNull(s)){
return null; return null;
} }
return MD5(s.toLowerCase() + Constants.PASSWORD_SALT); return MD5(s.toLowerCase() + PASSWORD_SALT);
} }
public final static String MD5(String s) { public final static String MD5(String s) {
...@@ -76,13 +78,18 @@ public class PasswordUtil { ...@@ -76,13 +78,18 @@ public class PasswordUtil {
} }
/** /**
* 校验密码是否合法 * 校验密码是否合法 - 不允许空密码
* *
* @param password * @param password 请求密码
* @param targetPassword 参照密码
* @return * @return
*/ */
public static boolean validPwd(String password) { public static boolean validatePassword(String password, String targetPassword) {
return ValidationUtil.validatePassword(password); if(StringUtils.isBlank(password)){
return false;
}
String thePassword = MD5WithSalt(password);
return Objects.equals(thePassword, targetPassword);
} }
} }
src/main/java/cn/quantgroup/xyqb/util/ValidationUtil.java
View file @ bfb3b2f0
...@@ -24,7 +24,7 @@ public class ValidationUtil { ...@@ -24,7 +24,7 @@ public class ValidationUtil {
private static final String localIpv4RegExp = "^((172\\.(1[0-6]|2[0-9]|3[01]))|(192\\.168|169\\.254)|((127|10)\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)))(\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)){2}$"; private static final String localIpv4RegExp = "^((172\\.(1[0-6]|2[0-9]|3[01]))|(192\\.168|169\\.254)|((127|10)\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)))(\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)){2}$";
private static final String tokenRegExp = "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"; private static final String tokenRegExp = "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$";
public static final String numberRegExp = "^([0-9]+)((,|;)+[0-9]+)*$"; public static final String numberRegExp = "^([0-9]+)((,|;)+[0-9]+)*$";
private static final String pwdRegExp = "^(?![A-Za-z]+$)(?!\\d+$)(?![\\W_]+$)\\S{8,20}$"; private static final String pwdRegExp = "^(?![A-Za-z]+$)(?!\\d+$)(?![\\W_]+$)[\\x21-\\x7f]{8,20}$";
public static final String numberFilterRegExp = "(\\s*(,|;))+"; public static final String numberFilterRegExp = "(\\s*(,|;))+";
...@@ -131,6 +131,12 @@ public class ValidationUtil { ...@@ -131,6 +131,12 @@ public class ValidationUtil {
return matcher.find(); return matcher.find();
} }
/**
* 是否是合法的密码字符串
*
* @param password
* @return
*/
public static boolean validatePassword(String password){ public static boolean validatePassword(String password){
if (StringUtils.isBlank(password)){ if (StringUtils.isBlank(password)){
return false; return false;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment