【8.0】【system】更新校验密码策略的方法

kernel-s-system/system-api/src/main/java/cn/stylefeng/roses/kernel/sys/api/exception/enums/SecurityStrategyExceptionEnum.java

@@ -0,0 +1,61 @@
+package cn.stylefeng.roses.kernel.sys.api.exception.enums;
+
+import cn.stylefeng.roses.kernel.rule.constants.RuleConstants;
+import cn.stylefeng.roses.kernel.rule.exception.AbstractExceptionEnum;
+import lombok.Getter;
+
+/**
+ * 安全规则相关的异常
+ *
+ * @author fengshuonan
+ * @since 2023/10/4 22:43
+ */
+@Getter
+public enum SecurityStrategyExceptionEnum implements AbstractExceptionEnum {
+
+    /**
+     * 密码最小长度不符合规定
+     */
+    PASSWORD_LENGTH(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + "10001", "密码最小长度不符合规定，最小长度为：{}"),
+
+    /**
+     * 密码特殊符号数量不能低于{}位
+     */
+    SPECIAL_SYMBOL(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + "10002", "密码特殊符号数量不能低于{}位"),
+
+    /**
+     * 密码大写字母数量不能低于{}位
+     */
+    UPPER_CASE(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + "10003", "密码大写字母数量不能低于{}位"),
+
+    /**
+     * 密码小写字母数量不能低于{}位
+     */
+    LOWER_CASE(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + "10004", "密码小写字母数量不能低于{}位"),
+
+    /**
+     * 密码数字字符数量不能低于{}位
+     */
+    NUMBER_SYMBOL(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + "10005", "密码数字字符数量不能低于{}位"),
+
+    /**
+     * 密码历史不可重复次数为{}次，请重新更换密码
+     */
+    PASSWORD_REPEAT(RuleConstants.USER_OPERATION_ERROR_TYPE_CODE + "10006", "密码历史不可重复次数为{}次，请重新更换密码");
+
+    /**
+     * 错误编码
+     */
+    private final String errorCode;
+
+    /**
+     * 提示用户信息
+     */
+    private final String userTip;
+
+    SecurityStrategyExceptionEnum(String errorCode, String userTip) {
+        this.errorCode = errorCode;
+        this.userTip = userTip;
+    }
+
+}

kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/security/service/SecurityConfigService.java

@@ -26,4 +26,14 @@ public interface SecurityConfigService {
      */
     void updateSecurityConfig(SecurityConfig securityConfig);
 
+    /**
+     * 校验密码是否符合当前配置的安全规则，如果不符合规则，直接抛出异常
+     *
+     * @param updatePasswordFlag 是否是修改密码的标识
+     * @param password           新密码
+     * @author fengshuonan
+     * @since 2023/10/4 22:40
+     */
+    void validatePasswordSecurityRule(boolean updatePasswordFlag, String password);
+
 }

kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/security/service/impl/SecurityConfigServiceImpl.java

@@ -2,6 +2,8 @@ package cn.stylefeng.roses.kernel.sys.modular.security.service.impl;
 
 import cn.stylefeng.roses.kernel.auth.api.expander.LoginConfigExpander;
 import cn.stylefeng.roses.kernel.config.api.ConfigServiceApi;
+import cn.stylefeng.roses.kernel.sys.api.exception.SysException;
+import cn.stylefeng.roses.kernel.sys.api.exception.enums.SecurityStrategyExceptionEnum;
 import cn.stylefeng.roses.kernel.sys.modular.security.pojo.SecurityConfig;
 import cn.stylefeng.roses.kernel.sys.modular.security.service.SecurityConfigService;
 import org.springframework.stereotype.Service;
@@ -66,5 +68,69 @@ public class SecurityConfigServiceImpl implements SecurityConfigService {
                 String.valueOf(securityConfig.getPasswordMinCantRepeatTimes()));
     }
 
+    @Override
+    public void validatePasswordSecurityRule(boolean updatePasswordFlag, String password) {
+
+        // 获取现在密码规则
+        SecurityConfig securityConfig = this.getSecurityConfig();
+
+        // 1. 校验密码长度是否符合规则
+        if (password.length() < securityConfig.getMinPasswordLength()) {
+            throw new SysException(SecurityStrategyExceptionEnum.PASSWORD_LENGTH, securityConfig.getMinPasswordLength());
+        }
+
+        // 2. 校验密码中特殊字符的数量
+        int specialSymbolCount = 0;
+        for (int i = 0; i < password.length(); i++) {
+            char c = password.charAt(i);
+            if (!Character.isLetterOrDigit(c)) {
+                specialSymbolCount++;
+            }
+        }
+        if (specialSymbolCount < securityConfig.getPasswordMinSpecialSymbolCount()) {
+            throw new SysException(SecurityStrategyExceptionEnum.SPECIAL_SYMBOL, securityConfig.getPasswordMinSpecialSymbolCount());
+        }
+
+        // 3. 校验密码中大写字母的数量
+        int upperCaseCount = 0;
+        for (int i = 0; i < password.length(); i++) {
+            char c = password.charAt(i);
+            if (Character.isUpperCase(c)) {
+                upperCaseCount++;
+            }
+        }
+        if (upperCaseCount < securityConfig.getGetPasswordMinUpperCaseCount()) {
+            throw new SysException(SecurityStrategyExceptionEnum.UPPER_CASE, securityConfig.getGetPasswordMinUpperCaseCount());
+        }
+
+        // 4. 校验密码中小写字母的数量
+        int lowerCaseCount = 0;
+        for (int i = 0; i < password.length(); i++) {
+            char c = password.charAt(i);
+            if (Character.isLowerCase(c)) {
+                lowerCaseCount++;
+            }
+        }
+        if (lowerCaseCount < securityConfig.getPasswordMinLowerCaseCount()) {
+            throw new SysException(SecurityStrategyExceptionEnum.LOWER_CASE, securityConfig.getPasswordMinLowerCaseCount());
+        }
+
+        // 5. 校验密码中数字的数量
+        int numberCount = 0;
+        for (int i = 0; i < password.length(); i++) {
+            char c = password.charAt(i);
+            if (Character.isDigit(c)) {
+                numberCount++;
+            }
+        }
+        if (numberCount < securityConfig.getPasswordMinNumberCount()) {
+            throw new SysException(SecurityStrategyExceptionEnum.NUMBER_SYMBOL, securityConfig.getPasswordMinNumberCount());
+        }
+
+        // 6. 如果是修改密码，则校验密码是否和最近几次的密码相同 todo
+
+
+    }
+
 }