feat: 密码强度校验/密码过期时间功能
This commit is contained in:
TsMask
@@ -75,6 +75,13 @@ func (s AccountController) Login(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
// 强制改密码
|
||||
forcePasswdChange, err := s.accountService.PasswordExpireTime(loginUser.User.LoginCount, loginUser.User.PasswordUpdateTime)
|
||||
if err != nil {
|
||||
c.JSON(200, resp.ErrMsg(i18n.TKey(language, err.Error())))
|
||||
return
|
||||
}
|
||||
|
||||
// 生成令牌,创建系统访问记录
|
||||
tokenStr := token.Create(&loginUser, [4]string{ipaddr, location, os, browser})
|
||||
if tokenStr == "" {
|
||||
@@ -89,12 +96,16 @@ func (s AccountController) Login(c *gin.Context) {
|
||||
)
|
||||
}
|
||||
|
||||
c.JSON(200, resp.OkData(map[string]any{
|
||||
data := map[string]any{
|
||||
"accessToken": tokenStr,
|
||||
"tokenType": strings.TrimRight(constants.HEADER_PREFIX, " "),
|
||||
"expiresIn": (loginUser.ExpireTime - loginUser.LoginTime) / 1000,
|
||||
"userId": loginUser.UserId,
|
||||
}))
|
||||
}
|
||||
if forcePasswdChange {
|
||||
data["forcePasswdChange"] = true
|
||||
}
|
||||
c.JSON(200, resp.OkData(data))
|
||||
}
|
||||
|
||||
// Me 登录用户信息
|
||||
@@ -127,11 +138,19 @@ func (s AccountController) Me(c *gin.Context) {
|
||||
for ri := range info.User.Roles {
|
||||
info.User.Roles[ri].RoleName = i18n.TKey(language, info.User.Roles[ri].RoleName)
|
||||
}
|
||||
c.JSON(200, resp.OkData(map[string]any{
|
||||
|
||||
data := map[string]any{
|
||||
"user": info.User,
|
||||
"roles": roles,
|
||||
"permissions": perms,
|
||||
}))
|
||||
}
|
||||
|
||||
// 强制改密码
|
||||
forcePasswdChange, _ := s.accountService.PasswordExpireTime(info.User.LoginCount, info.User.PasswordUpdateTime)
|
||||
if forcePasswdChange {
|
||||
data["forcePasswdChange"] = true
|
||||
}
|
||||
c.JSON(200, resp.OkData(data))
|
||||
}
|
||||
|
||||
// Router 登录用户路由信息
|
||||
|
||||
@@ -9,7 +9,6 @@ import (
|
||||
"be.ems/src/framework/resp"
|
||||
"be.ems/src/framework/token"
|
||||
"be.ems/src/framework/utils/machine"
|
||||
"be.ems/src/framework/utils/regular"
|
||||
"be.ems/src/modules/auth/service"
|
||||
systemService "be.ems/src/modules/system/service"
|
||||
|
||||
@@ -146,11 +145,17 @@ func (s *BootloaderController) Account(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
if !regular.ValidPassword(body.Password) {
|
||||
// 登录密码至少包含大小写字母、数字、特殊符号,且不少于6位
|
||||
c.JSON(200, resp.ErrMsg(i18n.TKey(language, "user.errPasswd")))
|
||||
// 检查用户密码策略强度
|
||||
ok, errMsg := s.sysUserService.ValidatePasswordPolicy(body.Password, language)
|
||||
if !ok {
|
||||
c.JSON(200, resp.ErrMsg(errMsg))
|
||||
return
|
||||
}
|
||||
// if !regular.ValidPassword(body.Password) {
|
||||
// // 登录密码至少包含大小写字母、数字、特殊符号,且不少于6位
|
||||
// c.JSON(200, resp.ErrMsg(i18n.TKey(language, "user.errPasswd")))
|
||||
// return
|
||||
// }
|
||||
|
||||
// 是否完成引导
|
||||
launchInfo := machine.LaunchInfo
|
||||
|
||||
@@ -47,9 +47,15 @@ func (s *RegisterController) Register(c *gin.Context) {
|
||||
c.JSON(200, resp.ErrMsg(i18n.TKey(language, "register.errUsername")))
|
||||
return
|
||||
}
|
||||
if !regular.ValidPassword(body.Password) {
|
||||
// 登录密码至少包含大小写字母、数字、特殊符号,且不少于6位
|
||||
c.JSON(200, resp.ErrMsg(i18n.TKey(language, "register.errPasswd")))
|
||||
// if !regular.ValidPassword(body.Password) {
|
||||
// // 登录密码至少包含大小写字母、数字、特殊符号,且不少于6位
|
||||
// c.JSON(200, resp.ErrMsg(i18n.TKey(language, "register.errPasswd")))
|
||||
// return
|
||||
// }
|
||||
// 检查用户密码策略强度
|
||||
ok, errMsg := s.registerService.ValidatePasswordPolicy(body.Password, language)
|
||||
if !ok {
|
||||
c.JSON(200, resp.ErrMsg(errMsg))
|
||||
return
|
||||
}
|
||||
if body.Password != body.ConfirmPassword {
|
||||
|
||||
@@ -104,6 +104,7 @@ func (s Account) ByUsername(username, password string) (token.TokenInfo, error)
|
||||
func (s Account) UpdateLoginDateAndIP(tokenInfo token.TokenInfo) bool {
|
||||
user := s.sysUserService.FindById(tokenInfo.UserId)
|
||||
user.Password = "" // 密码不更新
|
||||
user.LoginCount += 1
|
||||
user.LoginIp = tokenInfo.LoginIp
|
||||
user.LoginTime = tokenInfo.LoginTime
|
||||
return s.sysUserService.Update(user) > 0
|
||||
@@ -144,6 +145,22 @@ func (s Account) passwordRetryCount(userName string) (string, int64, time.Durati
|
||||
return retryKey, retryCountInt64, time.Duration(lockTime) * time.Minute, nil
|
||||
}
|
||||
|
||||
// passwordRetryCount 密码过期时间
|
||||
func (s Account) PasswordExpireTime(loginCount, passwordUpdateTime int64) (bool, error) {
|
||||
// 首次登录
|
||||
forcePasswdChange := loginCount < 1
|
||||
// 非首次登录,判断密码是否过期
|
||||
if !forcePasswdChange {
|
||||
alert, err := s.sysUserService.ValidatePasswordExpireTime(passwordUpdateTime)
|
||||
if err != nil {
|
||||
return alert, err
|
||||
}
|
||||
forcePasswdChange = alert
|
||||
}
|
||||
|
||||
return forcePasswdChange, nil
|
||||
}
|
||||
|
||||
// RoleAndMenuPerms 角色和菜单数据权限
|
||||
func (s Account) RoleAndMenuPerms(userId int64, isSystemUser bool) ([]string, []string) {
|
||||
if isSystemUser {
|
||||
|
||||
@@ -1,10 +1,13 @@
|
||||
package service
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"regexp"
|
||||
|
||||
"be.ems/src/framework/constants"
|
||||
"be.ems/src/framework/database/redis"
|
||||
"be.ems/src/framework/i18n"
|
||||
"be.ems/src/framework/utils/parse"
|
||||
systemModel "be.ems/src/modules/system/model"
|
||||
systemService "be.ems/src/modules/system/service"
|
||||
@@ -90,3 +93,45 @@ func (s Register) registerRoleInit() []int64 {
|
||||
func (s Register) registerPostInit() []int64 {
|
||||
return []int64{}
|
||||
}
|
||||
|
||||
// ValidatePasswordPolicy 判断密码策略强度
|
||||
func (s Register) ValidatePasswordPolicy(password string, errLang string) (bool, string) {
|
||||
passwordPolicyStr := s.sysConfigService.FindValueByKey("sys.user.passwordPolicy")
|
||||
if passwordPolicyStr == "" {
|
||||
// 未配置密码策略
|
||||
return false, i18n.TKey(errLang, "config.sys.user.passwordPolicyNot")
|
||||
}
|
||||
var policy struct {
|
||||
MinLength int `json:"minLength"`
|
||||
SpecialChars int `json:"specialChars"`
|
||||
Uppercase int `json:"uppercase"`
|
||||
Lowercase int `json:"lowercase"`
|
||||
}
|
||||
|
||||
err := json.Unmarshal([]byte(passwordPolicyStr), &policy)
|
||||
if err != nil {
|
||||
return false, err.Error()
|
||||
}
|
||||
|
||||
errMsg := i18n.TTemplate(errLang, "sys.user.passwordPolicyError", map[string]any{
|
||||
"minLength": policy.MinLength,
|
||||
"specialChars": policy.SpecialChars,
|
||||
"uppercase": policy.Uppercase,
|
||||
"lowercase": policy.Lowercase,
|
||||
})
|
||||
specialChars := len(regexp.MustCompile(`[!@#$%^&*(),.?":{}|<>]`).FindAllString(password, -1))
|
||||
if specialChars < policy.SpecialChars {
|
||||
return false, errMsg
|
||||
}
|
||||
|
||||
uppercase := len(regexp.MustCompile(`[A-Z]`).FindAllString(password, -1))
|
||||
if uppercase < policy.Uppercase {
|
||||
return false, errMsg
|
||||
}
|
||||
|
||||
lowercase := len(regexp.MustCompile(`[a-z]`).FindAllString(password, -1))
|
||||
if lowercase < policy.Lowercase {
|
||||
return false, errMsg
|
||||
}
|
||||
return true, ""
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user