From 0d605d002d433da7ee663e34705b94ab4af2a856 Mon Sep 17 00:00:00 2001 From: lihongjie0209 Date: Fri, 1 Dec 2023 22:13:23 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=AF=86=E7=A0=81=E5=BC=BA?= =?UTF-8?q?=E5=BA=A6=E6=A0=A1=E9=AA=8C=E8=A7=84=E5=88=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pom.xml | 6 ++++ .../cn/lihongjie/coal/common/Constants.java | 1 + .../sysconfig/service/SysConfigService.java | 8 ++++- .../coal/user/service/UserService.java | 29 +++++++++++++++---- 4 files changed, 38 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index c983e28b..58ebe62a 100644 --- a/pom.xml +++ b/pom.xml @@ -65,6 +65,12 @@ spring-boot-starter-websocket + + com.nulab-inc + zxcvbn + 1.8.2 + + com.aliyun.oss aliyun-sdk-oss diff --git a/src/main/java/cn/lihongjie/coal/common/Constants.java b/src/main/java/cn/lihongjie/coal/common/Constants.java index 10c61721..db7406d1 100644 --- a/src/main/java/cn/lihongjie/coal/common/Constants.java +++ b/src/main/java/cn/lihongjie/coal/common/Constants.java @@ -40,6 +40,7 @@ public class Constants { public static String SYSCONFIG_ACCOUNT_MAX_ONLINE = "account_max_online"; public static String SYSCONFIG_RESETPWD_ENABLE = "resetpwd_enable"; public static String SYSCONFIG_PASSWORD_DICT_DETECT = "password_dict_detect"; + public static String SYSCONFIG_PASSWORD_STRENGTH_MIN = "password_strength_min"; public static String SYSCONFIG_RESETPWD_TIMEOUT = "resetpwd_timeout"; public static String SYSCONFIG_RESETPWD_MAX_FAIL_COUNT = "resetpwd_max_fail_count"; public static String SYSCONFIG_SESSION_GLOBAL_RATE_LIMIT_PER_MIN = "session_global_rate_limit_per_min"; diff --git a/src/main/java/cn/lihongjie/coal/sysconfig/service/SysConfigService.java b/src/main/java/cn/lihongjie/coal/sysconfig/service/SysConfigService.java index e0e523d6..451d6f34 100644 --- a/src/main/java/cn/lihongjie/coal/sysconfig/service/SysConfigService.java +++ b/src/main/java/cn/lihongjie/coal/sysconfig/service/SysConfigService.java @@ -174,7 +174,13 @@ public class SysConfigService extends BaseService { stopWatch.start("encode"); String password = request.getPassword(); - checkPassDict(password); + checkPassword(password); request.setPassword(passwordEncoder.encode(password)); stopWatch.stop(); @@ -117,12 +120,28 @@ public class UserService extends BaseService { } } - private void checkPassDict(String password) { + private void checkPassword(String password) { if (sysConfigService.isEnable(Constants.SYSCONFIG_PASSWORD_DICT_DETECT)) { if (passwordDictService.isInDict(password)) { throw new BizException("当前密码为常见密码,请重新设置"); } } + + Integer strength = passwordStrength(password); + int strength_min = + Integer.parseInt( + sysConfigService.getConfigVal(Constants.SYSCONFIG_PASSWORD_STRENGTH_MIN)); + log.info("密码强度校验,当前密码强度为 {},最低要求为 {}", strength, strength_min); + if (strength_min > strength) { + throw new BizException("密码强度过低,请重新设置"); + } + } + + public Integer passwordStrength(String password) { + + Zxcvbn zxcvbn = new Zxcvbn(); + Strength strength = zxcvbn.measure(password); + return strength.getScore(); } private void checkDuplicateUserName(String username) { @@ -136,7 +155,7 @@ public class UserService extends BaseService { StopWatch stopWatch = new StopWatch(); checkDuplicateUserName(request.getUsername()); - checkPassDict(request.getPassword()); + checkPassword(request.getPassword()); try { stopWatch.start("encode"); request.setPassword(passwordEncoder.encode(request.getPassword())); @@ -199,7 +218,7 @@ public class UserService extends BaseService { throw new BizException("两次输入的密码不一致"); } - checkPassDict(request.getNewPassword()); + checkPassword(request.getNewPassword()); user.setPassword(passwordEncoder.encode(request.getNewPassword())); @@ -211,7 +230,7 @@ public class UserService extends BaseService { public void resetPwd(String userId, String password) { UserEntity user = repository.findById(userId).orElseThrow(() -> new BizException("用户不存在")); - checkPassDict(password); + checkPassword(password); user.setPassword(passwordEncoder.encode(password)); repository.save(user);