gitee
/
roses
mirror of https://gitee.com/stylefeng/roses
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

【8.0.1】【system】更新获取历史密码盐的方法

pull/57/head
fengshuonan 2023-10-05 20:47:55 +08:00
parent c9a8c7c5a5
commit edf07ddd76
3 changed files with 39 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/security/service/SysUserPasswordRecordService.java
View File

@ -1,8 +1,6 @@
package cn.stylefeng.roses.kernel.sys.modular.security.service;
import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult;
import cn.stylefeng.roses.kernel.sys.modular.security.entity.SysUserPasswordRecord;
import cn.stylefeng.roses.kernel.sys.modular.security.pojo.request.SysUserPasswordRecordRequest;
import com.baomidou.mybatisplus.extension.service.IService;
import java.util.List;
@ -16,59 +14,11 @@ import java.util.List;
public interface SysUserPasswordRecordService extends IService<SysUserPasswordRecord> {
/**
*
*
*
* @param sysUserPasswordRecordRequest
* @author fengshuonan
* @date 2023/10/04 23:28
* @since 2023/10/5 20:01
*/
void add(SysUserPasswordRecordRequest sysUserPasswordRecordRequest);
/**
*
*
* @param sysUserPasswordRecordRequest
* @author fengshuonan
* @date 2023/10/04 23:28
*/
void del(SysUserPasswordRecordRequest sysUserPasswordRecordRequest);
/**
*
*
* @param sysUserPasswordRecordRequest
* @author fengshuonan
* @date 2023/10/04 23:28
*/
void edit(SysUserPasswordRecordRequest sysUserPasswordRecordRequest);
/**
*
*
* @param sysUserPasswordRecordRequest
* @author fengshuonan
* @date 2023/10/04 23:28
*/
SysUserPasswordRecord detail(SysUserPasswordRecordRequest sysUserPasswordRecordRequest);
/**
*
*
* @param sysUserPasswordRecordRequest
* @return List<SysUserPasswordRecord>
* @author fengshuonan
* @date 2023/10/04 23:28
*/
List<SysUserPasswordRecord> findList(SysUserPasswordRecordRequest sysUserPasswordRecordRequest);
/**
*
*
* @param sysUserPasswordRecordRequest
* @return PageResult<SysUserPasswordRecord>
* @author fengshuonan
* @date 2023/10/04 23:28
*/
PageResult<SysUserPasswordRecord> findPage(SysUserPasswordRecordRequest sysUserPasswordRecordRequest);
List<SysUserPasswordRecord> getRecentRecords(Long userId, Integer times);
}

23
kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/security/service/impl/SecurityConfigServiceImpl.java
View File

@ -1,6 +1,8 @@
package cn.stylefeng.roses.kernel.sys.modular.security.service.impl;
import cn.stylefeng.roses.kernel.auth.api.context.LoginContext;
import cn.stylefeng.roses.kernel.auth.api.expander.LoginConfigExpander;
import cn.stylefeng.roses.kernel.auth.api.password.PasswordStoredEncryptApi;
import cn.stylefeng.roses.kernel.config.api.ConfigServiceApi;
import cn.stylefeng.roses.kernel.sys.api.SecurityConfigService;
import cn.stylefeng.roses.kernel.sys.api.exception.SysException;
@ -12,6 +14,7 @@ import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.Date;
import java.util.List;
/**
*
@ -28,6 +31,9 @@ public class SecurityConfigServiceImpl implements SecurityConfigService {
@Resource
private SysUserPasswordRecordService sysUserPasswordRecordService;
@Resource
private PasswordStoredEncryptApi passwordStoredEncryptApi;
@Override
public SecurityConfig getSecurityConfig() {
@ -133,9 +139,22 @@ public class SecurityConfigServiceImpl implements SecurityConfigService {
throw new SysException(SecurityStrategyExceptionEnum.NUMBER_SYMBOL, securityConfig.getPasswordMinNumberCount());
}
// 6. 如果是修改密码,则校验密码是否和最近几次的密码相同 todo
// 6. 如果是修改密码,则校验密码是否和最近几次的密码相同
Integer passwordMinCantRepeatTimes = securityConfig.getPasswordMinCantRepeatTimes();
// 如果为0则不用校验
if (passwordMinCantRepeatTimes == null || passwordMinCantRepeatTimes.equals(0)) {
return;
}
List<SysUserPasswordRecord> recentRecords = sysUserPasswordRecordService.getRecentRecords(
LoginContext.me().getLoginUser().getUserId(), passwordMinCantRepeatTimes);
for (SysUserPasswordRecord recentRecord : recentRecords) {
Boolean resultTrue = passwordStoredEncryptApi.checkPasswordWithSalt(password, recentRecord.getHistoryPasswordSalt(),
recentRecord.getHistoryPassword());
if (resultTrue) {
throw new SysException(SecurityStrategyExceptionEnum.PASSWORD_REPEAT, passwordMinCantRepeatTimes);
}
}
}
@Override

91
kernel-s-system/system-business-permission/src/main/java/cn/stylefeng/roses/kernel/sys/modular/security/service/impl/SysUserPasswordRecordServiceImpl.java
View File

@ -1,21 +1,14 @@
package cn.stylefeng.roses.kernel.sys.modular.security.service.impl;
import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.util.ObjectUtil;
import cn.stylefeng.roses.kernel.db.api.factory.PageFactory;
import cn.stylefeng.roses.kernel.db.api.factory.PageResultFactory;
import cn.stylefeng.roses.kernel.db.api.pojo.page.PageResult;
import cn.stylefeng.roses.kernel.rule.exception.base.ServiceException;
import cn.stylefeng.roses.kernel.sys.modular.security.entity.SysUserPasswordRecord;
import cn.stylefeng.roses.kernel.sys.modular.security.enums.SysUserPasswordRecordExceptionEnum;
import cn.stylefeng.roses.kernel.sys.modular.security.mapper.SysUserPasswordRecordMapper;
import cn.stylefeng.roses.kernel.sys.modular.security.pojo.request.SysUserPasswordRecordRequest;
import cn.stylefeng.roses.kernel.sys.modular.security.service.SysUserPasswordRecordService;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.List;
/**
@ -25,82 +18,28 @@ import java.util.List;
* @date 2023/10/04 23:28
*/
@Service
public class SysUserPasswordRecordServiceImpl extends ServiceImpl<SysUserPasswordRecordMapper, SysUserPasswordRecord> implements SysUserPasswordRecordService {
@Override
public void add(SysUserPasswordRecordRequest sysUserPasswordRecordRequest) {
SysUserPasswordRecord sysUserPasswordRecord = new SysUserPasswordRecord();
BeanUtil.copyProperties(sysUserPasswordRecordRequest, sysUserPasswordRecord);
this.save(sysUserPasswordRecord);
}
public class SysUserPasswordRecordServiceImpl extends ServiceImpl<SysUserPasswordRecordMapper, SysUserPasswordRecord> implements
SysUserPasswordRecordService {
@Override
public void del(SysUserPasswordRecordRequest sysUserPasswordRecordRequest) {
SysUserPasswordRecord sysUserPasswordRecord = this.querySysUserPasswordRecord(sysUserPasswordRecordRequest);
this.removeById(sysUserPasswordRecord.getRecordId());
}
public List<SysUserPasswordRecord> getRecentRecords(Long userId, Integer times) {
@Override
public void edit(SysUserPasswordRecordRequest sysUserPasswordRecordRequest) {
SysUserPasswordRecord sysUserPasswordRecord = this.querySysUserPasswordRecord(sysUserPasswordRecordRequest);
BeanUtil.copyProperties(sysUserPasswordRecordRequest, sysUserPasswordRecord);
this.updateById(sysUserPasswordRecord);
}
@Override
public SysUserPasswordRecord detail(SysUserPasswordRecordRequest sysUserPasswordRecordRequest) {
return this.querySysUserPasswordRecord(sysUserPasswordRecordRequest);
}
@Override
public PageResult<SysUserPasswordRecord> findPage(SysUserPasswordRecordRequest sysUserPasswordRecordRequest) {
LambdaQueryWrapper<SysUserPasswordRecord> wrapper = createWrapper(sysUserPasswordRecordRequest);
Page<SysUserPasswordRecord> pageList = this.page(PageFactory.defaultPage(), wrapper);
return PageResultFactory.createPageResult(pageList);
}
@Override
public List<SysUserPasswordRecord> findList(SysUserPasswordRecordRequest sysUserPasswordRecordRequest) {
LambdaQueryWrapper<SysUserPasswordRecord> wrapper = this.createWrapper(sysUserPasswordRecordRequest);
return this.list(wrapper);
}
/**
*
*
* @author fengshuonan
* @date 2023/10/04 23:28
*/
private SysUserPasswordRecord querySysUserPasswordRecord(SysUserPasswordRecordRequest sysUserPasswordRecordRequest) {
SysUserPasswordRecord sysUserPasswordRecord = this.getById(sysUserPasswordRecordRequest.getRecordId());
if (ObjectUtil.isEmpty(sysUserPasswordRecord)) {
throw new ServiceException(SysUserPasswordRecordExceptionEnum.SYS_USER_PASSWORD_RECORD_NOT_EXISTED);
if (times == null || times.equals(0)) {
return new ArrayList<>();
}
return sysUserPasswordRecord;
}
/**
* wrapper
*
* @author fengshuonan
* @date 2023/10/04 23:28
*/
private LambdaQueryWrapper<SysUserPasswordRecord> createWrapper(SysUserPasswordRecordRequest sysUserPasswordRecordRequest) {
LambdaQueryWrapper<SysUserPasswordRecord> queryWrapper = new LambdaQueryWrapper<>();
LambdaQueryWrapper<SysUserPasswordRecord> sysUserPasswordRecordLambdaQueryWrapper = new LambdaQueryWrapper<>();
sysUserPasswordRecordLambdaQueryWrapper.eq(SysUserPasswordRecord::getUserId, userId);
Long recordId = sysUserPasswordRecordRequest.getRecordId();
Long userId = sysUserPasswordRecordRequest.getUserId();
String historyPassword = sysUserPasswordRecordRequest.getHistoryPassword();
String historyPasswordSalt = sysUserPasswordRecordRequest.getHistoryPasswordSalt();
String updatePasswordTime = sysUserPasswordRecordRequest.getUpdatePasswordTime();
Page<SysUserPasswordRecord> recordPage = new Page<>(1, times);
Page<SysUserPasswordRecord> page = this.page(recordPage, sysUserPasswordRecordLambdaQueryWrapper);
queryWrapper.eq(ObjectUtil.isNotNull(recordId), SysUserPasswordRecord::getRecordId, recordId);
queryWrapper.eq(ObjectUtil.isNotNull(userId), SysUserPasswordRecord::getUserId, userId);
queryWrapper.like(ObjectUtil.isNotEmpty(historyPassword), SysUserPasswordRecord::getHistoryPassword, historyPassword);
queryWrapper.like(ObjectUtil.isNotEmpty(historyPasswordSalt), SysUserPasswordRecord::getHistoryPasswordSalt, historyPasswordSalt);
queryWrapper.eq(ObjectUtil.isNotNull(updatePasswordTime), SysUserPasswordRecord::getUpdatePasswordTime, updatePasswordTime);
List<SysUserPasswordRecord> records = page.getRecords();
if (records != null && records.size() > 0) {
return records;
}
return queryWrapper;
return new ArrayList<>();
}
}