feat(security): 修改默认密码并增加密码强度验证

- 将系统默认密码从 "Aa@123456" 修改为 "Jtys@123456"
- 新增 PassWordUtil 工具类,用于验证密码强度
- 在用户注册和密码重置时使用新密码
- 优化用户信息更新 SQL,提高数据安全性
dev
10396 2025-06-25 10:09:12 +08:00
parent 278f4d53fd
commit 1beb025c2a
9 changed files with 93 additions and 26 deletions

View File

@ -126,7 +126,7 @@ public class CorpInfoController extends BaseController {
user.put("IP", ""); //IP
user.put("STATUS", "0"); //状态
user.put("SKIN", "pcoded-navbar navbar-image-3,navbar pcoded-header navbar-expand-lg navbar-light header-dark,"); //用户默认皮肤
user.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("CORP_NAME"), "Aa@123456").toString()); //密码加密
user.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("CORP_NAME"), "Jtys@123456").toString()); //密码加密
if(null == usersService.findByUsername(user)){ //判断用户名是否存在
usersService.saveUser(user); //执行保存
// System.out.println(user.getString("PASSWORD"));
@ -401,7 +401,7 @@ public class CorpInfoController extends BaseController {
pd = this.getPageData();
PageData pageData = usersService.findById(pd);
//corpInfo
String pwd = new SimpleHash("SHA-1", pageData.getString("USERNAME"), "Aa@123456").toString();
String pwd = new SimpleHash("SHA-1", pageData.getString("USERNAME"), "Jtys@123456").toString();
PageData updateUser = new PageData();
updateUser.put("PASSWORD", pwd);
updateUser.put("USER_ID", pageData.getString("USER_ID"));

View File

@ -139,6 +139,8 @@ public class LoginController extends BaseController {
map.put("PROVINCE", cpd.getString("PROVINCE"));
map.put("PLS_ID", pd.getOrDefault("PLS_ID",""));
map.put("POST_URL", cpd.getOrDefault("POST_URL",""));
map.put("passwordType", PassWordUtil.isStringPwd(PASSWORD)); //返回判断的登录密码是否弱密码结果8位以上的字母、数字、符号混合为强密码
// PageData dpd = new PageData();
// dpd.put("DEPARTMENT_ID", pd.getString("DEPARTMENT_ID"));
// dpd=departmentService.findById(dpd);

View File

@ -1484,7 +1484,7 @@ public class UsersController extends BaseController {
PageData user = new PageData();
user.put("USER_ID", this.get32UUID());
user.put("USERNAME", userName);
user.put("PASSWORD", new SimpleHash("SHA-1", userName, "Aa@123456").toString());
user.put("PASSWORD", new SimpleHash("SHA-1", userName, "Jtys@123456").toString());
user.put("NAME", name);
user.put("CARDNO", CardNo);
user.put("ROLE_ID", role.getString("ROLE_ID"));
@ -2020,7 +2020,7 @@ public class UsersController extends BaseController {
errorStr.append("未找到该学员信息或人员信息不一致,请重新检查数据\n");
continue;
}
user.put("PASSWORD", new SimpleHash("SHA-1", userName, "Aa@123456").toString());
user.put("PASSWORD", new SimpleHash("SHA-1", userName, "Jtys@123456").toString());
user.put("ROLE_ID", role.getString("ROLE_ID"));
user.put("LAST_LOGIN", "");
user.put("IP", "");
@ -3290,7 +3290,7 @@ public class UsersController extends BaseController {
user.put("USERNAME", userName);
user.put("USER_ID_CARD", IDNumber);
user.put("PERSONNEL_TYPE", renyuanleixing.get("DICTIONARIES_ID"));
user.put("PASSWORD", new SimpleHash("SHA-1", userName, "Aa@123456").toString());
user.put("PASSWORD", new SimpleHash("SHA-1", userName, "Jtys@123456").toString());
user.put("NAME", name);
user.put("CARDNO", "");
user.put("ROLE_ID", role.getString("ROLE_ID"));

View File

@ -519,7 +519,7 @@ public class UsersCacheServiceImpl implements UsersCacheService {
public void initPass(PageData request) throws Exception {
PageData entity = usersCacheMapper.findById(request);
if (entity == null) throw new RuntimeException("数据异常,请联系管理员");
entity.put("PASSWORD", new SimpleHash("SHA-1", entity.getString("USERNAME"), "Aa@123456").toString());
entity.put("PASSWORD", new SimpleHash("SHA-1", entity.getString("USERNAME"), "Jtys@123456").toString());
usersCacheMapper.editUser(entity);
}
@ -574,7 +574,7 @@ public class UsersCacheServiceImpl implements UsersCacheService {
entity.put("AUTHENTICATION", "0");
entity.put("PERSONNELTYPE", "6");
entity.put("USERNAME", entity.getString("USER_ID_CARD"));
entity.put("PASSWORD", new SimpleHash("SHA-1", entity.getString("USERNAME"), "Aa@123456").toString());
entity.put("PASSWORD", new SimpleHash("SHA-1", entity.getString("USERNAME"), "Jtys@123456").toString());
Warden.initDate(entity);
usersCacheMapper.saveUser(entity);
PageData base = new PageData();

View File

@ -349,7 +349,7 @@ public class UsersServiceImpl implements UsersService {
pd.put("STATUS", "0");
pd.put("ISMAIN", "0");
pd.put("SKIN", "pcoded-navbar navbar-image-3, navbar pcoded-header navbar-expand-lg navbar-light header-dark");
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Aa@123456").toString());
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Jtys@123456").toString());
if (usersMapper.findByUsername(pd) == null) {
if ("true".equals(pd.getString("ISSTUDENT"))) {
@ -708,7 +708,7 @@ public class UsersServiceImpl implements UsersService {
pd.put("STATUS", "0");
pd.put("ISMAIN", "0");
pd.put("SKIN", "pcoded-navbar navbar-image-3, navbar pcoded-header navbar-expand-lg navbar-light header-dark");
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Aa@123456").toString());
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Jtys@123456").toString());
pd.put("CERTIFICATETYPE", "4bed7fac8fe24ad4b5c0c69321fd5916"); // sys_userinfo 证件类型:身份证
pd.put("AUTHENTICATION", "0"); // sys_userinfo 学员是否认证 0否 1是
@ -1199,7 +1199,7 @@ public class UsersServiceImpl implements UsersService {
pd.put("STATUS", "0");
pd.put("ISMAIN", "0");
pd.put("SKIN", "pcoded-navbar navbar-image-3, navbar pcoded-header navbar-expand-lg navbar-light header-dark");
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Aa@123456").toString());
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Jtys@123456").toString());
if (usersMapper.findByUsername(pd) == null) {
@ -1411,7 +1411,7 @@ public class UsersServiceImpl implements UsersService {
pd.put("STATUS", "0");
pd.put("ISMAIN", "0");
pd.put("SKIN", "pcoded-navbar navbar-image-3, navbar pcoded-header navbar-expand-lg navbar-light header-dark");
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Aa@123456").toString());
pd.put("PASSWORD", new SimpleHash("SHA-1", pd.getString("USERNAME"), "Jtys@123456").toString());
if (usersMapper.findByUsername(pd) == null) {

View File

@ -51,7 +51,7 @@ public class Const {
public static final String IS_MAIN = "IS_MAIN"; //是否主账号
public static final String ISSUPERVISE = "ISSUPERVISE"; //是否监管部门
public static final String VIPLEVEL = "VIPLEVEL"; //企业会员等级
public static final String DEFAULT_PASSWORD = "Aa@123456"; //系统默认密码
public static final String DEFAULT_PASSWORD = "Jtys@123456"; //系统默认密码
public static final String FILEURL = "/mnt/qyag/file/"; //文件服务器地址
public static final String HTTPFILEURL = "https://file.zcloudchina.com/YTHFile"; //文件服务器地址

View File

@ -235,7 +235,7 @@ public class HttpClientService {
// /**
// * 参数名
// */
// Object [] values =new Object[]{"qdkjchina白氏集团,qd,Aa@123456","1"};
// Object [] values =new Object[]{"qdkjchina白氏集团,qd,Jtys@123456","1"};
// /**
// * 获取参数对象
// */
@ -261,7 +261,7 @@ public class HttpClientService {
String url = "http://192.168.0.5:8085/admin/check";
String js = "{\"KEYDATA\":\"qdkjchina卓云企业,qd,Aa@123456\"}";
String js = "{\"KEYDATA\":\"qdkjchina卓云企业,qd,Jtys@123456\"}";
HttpPost httpPost = new HttpPost(url);
httpPost.setHeader("Content-Type", "application/json;charset=UTF-8");

View File

@ -0,0 +1,40 @@
package com.zcloud.util;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
/**
*
* @author Administrator
*
*/
public class PassWordUtil {
public static String isStringPwd(String password) {
if (password.length() < 8) {
return "0";
}
Map<String, String> map = new HashMap<String, String>();
for (int i = 0; i < password.length(); i++) {
int A = password.charAt(i);
if (A >= 48 && A <= 57) {// 数字
map.put("数字", "数字");
} else if (A >= 65 && A <= 90) {// 大写
map.put("大写", "大写");
} else if (A >= 97 && A <= 122) {// 小写
map.put("小写", "小写");
} else {
map.put("特殊", "特殊");
}
}
Set<String> sets = map.keySet();
int pwdSize = sets.size();// 密码字符种类数
int pwdLength = password.length();// 密码长度
if (pwdSize >= 4 && pwdLength >= 8) {
return "1";// 强密码
} else {
return "0";// 弱密码
}
}
}

View File

@ -279,18 +279,43 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<!-- 修改 -->
<update id="editUser" parameterType="pd" >
update <include refid="tableName"></include>
set NAME = #{NAME},
DEPARTMENT_ID = #{DEPARTMENT_ID},
POST_ID =#{POST_ID},
ROLE_ID = #{ROLE_ID},
ROLE_IDS = #{ROLE_IDS},
BZ = #{BZ},
SEX = #{SEX},
EMAIL = #{EMAIL},
NUMBER = #{NUMBER},
SORT = #{SORT},
CARDNO = #{CARDNO},
PHONE = #{PHONE}
set
ROLE_ID = #{ROLE_ID}
<if test="NAME != null and NAME != ''">
,NAME = #{NAME}
</if>
<if test="DEPARTMENT_ID != null and DEPARTMENT_ID != ''">
,DEPARTMENT_ID = #{DEPARTMENT_ID}
</if>
<if test="POST_ID != null and POST_ID != ''">
,POST_ID = #{POST_ID}
</if>
<if test="ROLE_IDS != null and ROLE_IDS != ''">
,ROLE_IDS = #{ROLE_IDS}
</if>
<if test="BZ != null and BZ != ''">
,BZ = #{BZ}
</if>
<if test="SEX != null and SEX != ''">
,SEX = #{SEX}
</if>
<if test="EMAIL != null and EMAIL != ''">
,EMAIL = #{EMAIL}
</if>
<if test="NUMBER != null and NUMBER != ''">
,NUMBER = #{NUMBER}
</if>
<if test="SORT != null and SORT != ''">
,SORT = #{SORT}
</if>
<if test="CARDNO != null and CARDNO != ''">
,CARDNO = #{CARDNO}
</if>
<if test="PHONE != null and PHONE != ''">
,PHONE = #{PHONE}
</if>
<if test="LEARNERCATEGORY != null and LEARNERCATEGORY != ''">
,LEARNERCATEGORY = #{LEARNERCATEGORY}
</if>