forked from integrated_whb/integrated_whb
feat(security): 修改默认密码并增加密码强度验证
- 将系统默认密码从 "Aa@123456" 修改为 "Jtys@123456" - 新增 PassWordUtil 工具类,用于验证密码强度 - 在用户注册和密码重置时使用新密码 - 优化用户信息更新 SQL,提高数据安全性dev
parent
278f4d53fd
commit
1beb025c2a
|
@ -126,7 +126,7 @@ public class CorpInfoController extends BaseController {
|
|||
user.put("IP", ""); //IP
|
||||
user.put("STATUS", "0"); //状态
|
||||
user.put("SKIN", "pcoded-navbar navbar-image-3,navbar pcoded-header navbar-expand-lg navbar-light header-dark,"); //用户默认皮肤
|
||||
user.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("CORP_NAME"), "Aa@123456").toString()); //密码加密
|
||||
user.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("CORP_NAME"), "Jtys@123456").toString()); //密码加密
|
||||
if(null == usersService.findByUsername(user)){ //判断用户名是否存在
|
||||
usersService.saveUser(user); //执行保存
|
||||
// System.out.println(user.getString("PASSWORD"));
|
||||
|
@ -401,7 +401,7 @@ public class CorpInfoController extends BaseController {
|
|||
pd = this.getPageData();
|
||||
PageData pageData = usersService.findById(pd);
|
||||
//corpInfo
|
||||
String pwd = new SimpleHash("SHA-1", pageData.getString("USERNAME"), "Aa@123456").toString();
|
||||
String pwd = new SimpleHash("SHA-1", pageData.getString("USERNAME"), "Jtys@123456").toString();
|
||||
PageData updateUser = new PageData();
|
||||
updateUser.put("PASSWORD", pwd);
|
||||
updateUser.put("USER_ID", pageData.getString("USER_ID"));
|
||||
|
|
|
@ -139,6 +139,8 @@ public class LoginController extends BaseController {
|
|||
map.put("PROVINCE", cpd.getString("PROVINCE"));
|
||||
map.put("PLS_ID", pd.getOrDefault("PLS_ID",""));
|
||||
map.put("POST_URL", cpd.getOrDefault("POST_URL",""));
|
||||
map.put("passwordType", PassWordUtil.isStringPwd(PASSWORD)); //返回判断的登录密码是否弱密码结果(8位以上的字母、数字、符号混合为强密码)
|
||||
|
||||
// PageData dpd = new PageData();
|
||||
// dpd.put("DEPARTMENT_ID", pd.getString("DEPARTMENT_ID"));
|
||||
// dpd=departmentService.findById(dpd);
|
||||
|
|
|
@ -1484,7 +1484,7 @@ public class UsersController extends BaseController {
|
|||
PageData user = new PageData();
|
||||
user.put("USER_ID", this.get32UUID());
|
||||
user.put("USERNAME", userName);
|
||||
user.put("PASSWORD", new SimpleHash("SHA-1", userName, "Aa@123456").toString());
|
||||
user.put("PASSWORD", new SimpleHash("SHA-1", userName, "Jtys@123456").toString());
|
||||
user.put("NAME", name);
|
||||
user.put("CARDNO", CardNo);
|
||||
user.put("ROLE_ID", role.getString("ROLE_ID"));
|
||||
|
@ -2020,7 +2020,7 @@ public class UsersController extends BaseController {
|
|||
errorStr.append("未找到该学员信息或人员信息不一致,请重新检查数据\n");
|
||||
continue;
|
||||
}
|
||||
user.put("PASSWORD", new SimpleHash("SHA-1", userName, "Aa@123456").toString());
|
||||
user.put("PASSWORD", new SimpleHash("SHA-1", userName, "Jtys@123456").toString());
|
||||
user.put("ROLE_ID", role.getString("ROLE_ID"));
|
||||
user.put("LAST_LOGIN", "");
|
||||
user.put("IP", "");
|
||||
|
@ -3290,7 +3290,7 @@ public class UsersController extends BaseController {
|
|||
user.put("USERNAME", userName);
|
||||
user.put("USER_ID_CARD", IDNumber);
|
||||
user.put("PERSONNEL_TYPE", renyuanleixing.get("DICTIONARIES_ID"));
|
||||
user.put("PASSWORD", new SimpleHash("SHA-1", userName, "Aa@123456").toString());
|
||||
user.put("PASSWORD", new SimpleHash("SHA-1", userName, "Jtys@123456").toString());
|
||||
user.put("NAME", name);
|
||||
user.put("CARDNO", "");
|
||||
user.put("ROLE_ID", role.getString("ROLE_ID"));
|
||||
|
|
|
@ -519,7 +519,7 @@ public class UsersCacheServiceImpl implements UsersCacheService {
|
|||
public void initPass(PageData request) throws Exception {
|
||||
PageData entity = usersCacheMapper.findById(request);
|
||||
if (entity == null) throw new RuntimeException("数据异常,请联系管理员");
|
||||
entity.put("PASSWORD", new SimpleHash("SHA-1", entity.getString("USERNAME"), "Aa@123456").toString());
|
||||
entity.put("PASSWORD", new SimpleHash("SHA-1", entity.getString("USERNAME"), "Jtys@123456").toString());
|
||||
usersCacheMapper.editUser(entity);
|
||||
}
|
||||
|
||||
|
@ -574,7 +574,7 @@ public class UsersCacheServiceImpl implements UsersCacheService {
|
|||
entity.put("AUTHENTICATION", "0");
|
||||
entity.put("PERSONNELTYPE", "6");
|
||||
entity.put("USERNAME", entity.getString("USER_ID_CARD"));
|
||||
entity.put("PASSWORD", new SimpleHash("SHA-1", entity.getString("USERNAME"), "Aa@123456").toString());
|
||||
entity.put("PASSWORD", new SimpleHash("SHA-1", entity.getString("USERNAME"), "Jtys@123456").toString());
|
||||
Warden.initDate(entity);
|
||||
usersCacheMapper.saveUser(entity);
|
||||
PageData base = new PageData();
|
||||
|
|
|
@ -349,7 +349,7 @@ public class UsersServiceImpl implements UsersService {
|
|||
pd.put("STATUS", "0");
|
||||
pd.put("ISMAIN", "0");
|
||||
pd.put("SKIN", "pcoded-navbar navbar-image-3, navbar pcoded-header navbar-expand-lg navbar-light header-dark");
|
||||
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Aa@123456").toString());
|
||||
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Jtys@123456").toString());
|
||||
|
||||
if (usersMapper.findByUsername(pd) == null) {
|
||||
if ("true".equals(pd.getString("ISSTUDENT"))) {
|
||||
|
@ -708,7 +708,7 @@ public class UsersServiceImpl implements UsersService {
|
|||
pd.put("STATUS", "0");
|
||||
pd.put("ISMAIN", "0");
|
||||
pd.put("SKIN", "pcoded-navbar navbar-image-3, navbar pcoded-header navbar-expand-lg navbar-light header-dark");
|
||||
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Aa@123456").toString());
|
||||
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Jtys@123456").toString());
|
||||
|
||||
pd.put("CERTIFICATETYPE", "4bed7fac8fe24ad4b5c0c69321fd5916"); // sys_userinfo 证件类型:身份证
|
||||
pd.put("AUTHENTICATION", "0"); // sys_userinfo 学员是否认证 0否 1是
|
||||
|
@ -1199,7 +1199,7 @@ public class UsersServiceImpl implements UsersService {
|
|||
pd.put("STATUS", "0");
|
||||
pd.put("ISMAIN", "0");
|
||||
pd.put("SKIN", "pcoded-navbar navbar-image-3, navbar pcoded-header navbar-expand-lg navbar-light header-dark");
|
||||
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Aa@123456").toString());
|
||||
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Jtys@123456").toString());
|
||||
|
||||
if (usersMapper.findByUsername(pd) == null) {
|
||||
|
||||
|
@ -1411,7 +1411,7 @@ public class UsersServiceImpl implements UsersService {
|
|||
pd.put("STATUS", "0");
|
||||
pd.put("ISMAIN", "0");
|
||||
pd.put("SKIN", "pcoded-navbar navbar-image-3, navbar pcoded-header navbar-expand-lg navbar-light header-dark");
|
||||
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Aa@123456").toString());
|
||||
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Jtys@123456").toString());
|
||||
|
||||
if (usersMapper.findByUsername(pd) == null) {
|
||||
|
||||
|
|
|
@ -51,7 +51,7 @@ public class Const {
|
|||
public static final String IS_MAIN = "IS_MAIN"; //是否主账号
|
||||
public static final String ISSUPERVISE = "ISSUPERVISE"; //是否监管部门
|
||||
public static final String VIPLEVEL = "VIPLEVEL"; //企业会员等级
|
||||
public static final String DEFAULT_PASSWORD = "Aa@123456"; //系统默认密码
|
||||
public static final String DEFAULT_PASSWORD = "Jtys@123456"; //系统默认密码
|
||||
|
||||
public static final String FILEURL = "/mnt/qyag/file/"; //文件服务器地址
|
||||
public static final String HTTPFILEURL = "https://file.zcloudchina.com/YTHFile"; //文件服务器地址
|
||||
|
|
|
@ -235,7 +235,7 @@ public class HttpClientService {
|
|||
// /**
|
||||
// * 参数名
|
||||
// */
|
||||
// Object [] values =new Object[]{"qdkjchina白氏集团,qd,Aa@123456","1"};
|
||||
// Object [] values =new Object[]{"qdkjchina白氏集团,qd,Jtys@123456","1"};
|
||||
// /**
|
||||
// * 获取参数对象
|
||||
// */
|
||||
|
@ -261,7 +261,7 @@ public class HttpClientService {
|
|||
|
||||
|
||||
String url = "http://192.168.0.5:8085/admin/check";
|
||||
String js = "{\"KEYDATA\":\"qdkjchina卓云企业,qd,Aa@123456\"}";
|
||||
String js = "{\"KEYDATA\":\"qdkjchina卓云企业,qd,Jtys@123456\"}";
|
||||
|
||||
HttpPost httpPost = new HttpPost(url);
|
||||
httpPost.setHeader("Content-Type", "application/json;charset=UTF-8");
|
||||
|
|
|
@ -0,0 +1,40 @@
|
|||
package com.zcloud.util;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* 密码强弱验证
|
||||
* @author Administrator
|
||||
*
|
||||
*/
|
||||
public class PassWordUtil {
|
||||
|
||||
public static String isStringPwd(String password) {
|
||||
if (password.length() < 8) {
|
||||
return "0";
|
||||
}
|
||||
Map<String, String> map = new HashMap<String, String>();
|
||||
for (int i = 0; i < password.length(); i++) {
|
||||
int A = password.charAt(i);
|
||||
if (A >= 48 && A <= 57) {// 数字
|
||||
map.put("数字", "数字");
|
||||
} else if (A >= 65 && A <= 90) {// 大写
|
||||
map.put("大写", "大写");
|
||||
} else if (A >= 97 && A <= 122) {// 小写
|
||||
map.put("小写", "小写");
|
||||
} else {
|
||||
map.put("特殊", "特殊");
|
||||
}
|
||||
}
|
||||
Set<String> sets = map.keySet();
|
||||
int pwdSize = sets.size();// 密码字符种类数
|
||||
int pwdLength = password.length();// 密码长度
|
||||
if (pwdSize >= 4 && pwdLength >= 8) {
|
||||
return "1";// 强密码
|
||||
} else {
|
||||
return "0";// 弱密码
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -279,18 +279,43 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
|||
<!-- 修改 -->
|
||||
<update id="editUser" parameterType="pd" >
|
||||
update <include refid="tableName"></include>
|
||||
set NAME = #{NAME},
|
||||
DEPARTMENT_ID = #{DEPARTMENT_ID},
|
||||
POST_ID =#{POST_ID},
|
||||
ROLE_ID = #{ROLE_ID},
|
||||
ROLE_IDS = #{ROLE_IDS},
|
||||
BZ = #{BZ},
|
||||
SEX = #{SEX},
|
||||
EMAIL = #{EMAIL},
|
||||
NUMBER = #{NUMBER},
|
||||
SORT = #{SORT},
|
||||
CARDNO = #{CARDNO},
|
||||
PHONE = #{PHONE}
|
||||
set
|
||||
ROLE_ID = #{ROLE_ID}
|
||||
|
||||
<if test="NAME != null and NAME != ''">
|
||||
,NAME = #{NAME}
|
||||
</if>
|
||||
<if test="DEPARTMENT_ID != null and DEPARTMENT_ID != ''">
|
||||
,DEPARTMENT_ID = #{DEPARTMENT_ID}
|
||||
</if>
|
||||
<if test="POST_ID != null and POST_ID != ''">
|
||||
,POST_ID = #{POST_ID}
|
||||
</if>
|
||||
|
||||
<if test="ROLE_IDS != null and ROLE_IDS != ''">
|
||||
,ROLE_IDS = #{ROLE_IDS}
|
||||
</if>
|
||||
<if test="BZ != null and BZ != ''">
|
||||
,BZ = #{BZ}
|
||||
</if>
|
||||
<if test="SEX != null and SEX != ''">
|
||||
,SEX = #{SEX}
|
||||
</if>
|
||||
<if test="EMAIL != null and EMAIL != ''">
|
||||
,EMAIL = #{EMAIL}
|
||||
</if>
|
||||
<if test="NUMBER != null and NUMBER != ''">
|
||||
,NUMBER = #{NUMBER}
|
||||
</if>
|
||||
<if test="SORT != null and SORT != ''">
|
||||
,SORT = #{SORT}
|
||||
</if>
|
||||
<if test="CARDNO != null and CARDNO != ''">
|
||||
,CARDNO = #{CARDNO}
|
||||
</if>
|
||||
<if test="PHONE != null and PHONE != ''">
|
||||
,PHONE = #{PHONE}
|
||||
</if>
|
||||
<if test="LEARNERCATEGORY != null and LEARNERCATEGORY != ''">
|
||||
,LEARNERCATEGORY = #{LEARNERCATEGORY}
|
||||
</if>
|
||||
|
|
Loading…
Reference in New Issue