diff --git a/pom.xml b/pom.xml
index c983e28b..58ebe62a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -65,6 +65,12 @@
spring-boot-starter-websocket
+
+ com.nulab-inc
+ zxcvbn
+ 1.8.2
+
+
com.aliyun.oss
aliyun-sdk-oss
diff --git a/src/main/java/cn/lihongjie/coal/common/Constants.java b/src/main/java/cn/lihongjie/coal/common/Constants.java
index 10c61721..db7406d1 100644
--- a/src/main/java/cn/lihongjie/coal/common/Constants.java
+++ b/src/main/java/cn/lihongjie/coal/common/Constants.java
@@ -40,6 +40,7 @@ public class Constants {
public static String SYSCONFIG_ACCOUNT_MAX_ONLINE = "account_max_online";
public static String SYSCONFIG_RESETPWD_ENABLE = "resetpwd_enable";
public static String SYSCONFIG_PASSWORD_DICT_DETECT = "password_dict_detect";
+ public static String SYSCONFIG_PASSWORD_STRENGTH_MIN = "password_strength_min";
public static String SYSCONFIG_RESETPWD_TIMEOUT = "resetpwd_timeout";
public static String SYSCONFIG_RESETPWD_MAX_FAIL_COUNT = "resetpwd_max_fail_count";
public static String SYSCONFIG_SESSION_GLOBAL_RATE_LIMIT_PER_MIN = "session_global_rate_limit_per_min";
diff --git a/src/main/java/cn/lihongjie/coal/sysconfig/service/SysConfigService.java b/src/main/java/cn/lihongjie/coal/sysconfig/service/SysConfigService.java
index e0e523d6..451d6f34 100644
--- a/src/main/java/cn/lihongjie/coal/sysconfig/service/SysConfigService.java
+++ b/src/main/java/cn/lihongjie/coal/sysconfig/service/SysConfigService.java
@@ -174,7 +174,13 @@ public class SysConfigService extends BaseService {
stopWatch.start("encode");
String password = request.getPassword();
- checkPassDict(password);
+ checkPassword(password);
request.setPassword(passwordEncoder.encode(password));
stopWatch.stop();
@@ -117,12 +120,28 @@ public class UserService extends BaseService {
}
}
- private void checkPassDict(String password) {
+ private void checkPassword(String password) {
if (sysConfigService.isEnable(Constants.SYSCONFIG_PASSWORD_DICT_DETECT)) {
if (passwordDictService.isInDict(password)) {
throw new BizException("当前密码为常见密码,请重新设置");
}
}
+
+ Integer strength = passwordStrength(password);
+ int strength_min =
+ Integer.parseInt(
+ sysConfigService.getConfigVal(Constants.SYSCONFIG_PASSWORD_STRENGTH_MIN));
+ log.info("密码强度校验,当前密码强度为 {},最低要求为 {}", strength, strength_min);
+ if (strength_min > strength) {
+ throw new BizException("密码强度过低,请重新设置");
+ }
+ }
+
+ public Integer passwordStrength(String password) {
+
+ Zxcvbn zxcvbn = new Zxcvbn();
+ Strength strength = zxcvbn.measure(password);
+ return strength.getScore();
}
private void checkDuplicateUserName(String username) {
@@ -136,7 +155,7 @@ public class UserService extends BaseService {
StopWatch stopWatch = new StopWatch();
checkDuplicateUserName(request.getUsername());
- checkPassDict(request.getPassword());
+ checkPassword(request.getPassword());
try {
stopWatch.start("encode");
request.setPassword(passwordEncoder.encode(request.getPassword()));
@@ -199,7 +218,7 @@ public class UserService extends BaseService {
throw new BizException("两次输入的密码不一致");
}
- checkPassDict(request.getNewPassword());
+ checkPassword(request.getNewPassword());
user.setPassword(passwordEncoder.encode(request.getNewPassword()));
@@ -211,7 +230,7 @@ public class UserService extends BaseService {
public void resetPwd(String userId, String password) {
UserEntity user = repository.findById(userId).orElseThrow(() -> new BizException("用户不存在"));
- checkPassDict(password);
+ checkPassword(password);
user.setPassword(passwordEncoder.encode(password));
repository.save(user);