密码强度

src/main/java/com/izouma/nineth/service/UserService.java

@@ -184,6 +184,7 @@ public class UserService {
         user.setShareRatio(sysConfigService.getBigDecimal("share_ratio"));
         user.setAuthStatus(AuthStatus.NOT_AUTH);
         if (StringUtils.isNotBlank(userRegister.getPassword())) {
+            checkPasswordStrength(userRegister.getPassword());
             user.setPassword(passwordEncoder.encode(userRegister.getPassword()));
         }
         return save(user);
@@ -249,16 +250,6 @@ public class UserService {
         return redisTemplate.opsForValue().get("register::" + phone);
     }
 
-    public User testPhoneRegister(String phone) {
-        return create(UserRegister.builder()
-                .avatar(Constants.DEFAULT_AVATAR)
-                .username(RandomStringUtils.randomAlphabetic(32))
-                .nickname(RandomStringUtils.randomAlphabetic(32))
-                .phone(RandomStringUtils.randomNumeric(16))
-                .password("123456")
-                .build());
-    }
-
     public void del(Long id) {
         User user = userRepo.findById(id).orElseThrow(new BusinessException("用户不存在"));
         user.setDel(true);
@@ -427,6 +418,7 @@ public class UserService {
     }
 
     public String setPassword(Long userId, String password) {
+        checkPasswordStrength(password);
         User user = userRepo.findById(userId).orElseThrow(new BusinessException("用户不存在"));
         user.setPassword(passwordEncoder.encode(password));
         user = save(user);
@@ -434,17 +426,49 @@ public class UserService {
     }
 
     public String setPassword(Long userId, String code, String password) {
+        checkPasswordStrength(password);
         User user = userRepo.findById(userId).orElseThrow(new BusinessException("用户不存在"));
         smsService.verify(user.getPhone(), code);
         return setPassword(userId, password);
     }
 
     public String forgotPassword(String phone, String password, String code) {
+        checkPasswordStrength(password);
         User user = userRepo.findByPhoneAndDelFalse(phone).orElseThrow(new BusinessException("手机号未注册"));
         smsService.verify(user.getPhone(), code);
         return setPassword(user.getId(), password);
     }
 
+    public static void checkPasswordStrength(String password) {
+        if (StringUtils.isBlank(password)) throw new BusinessException("密码不能为空");
+        if (!Pattern.matches("^[a-zA-Z0-9!@#$%^&*]+$", password)) throw new BusinessException("密码含非法字符");
+        int upper = 0;
+        int lower = 0;
+        int digit = 0;
+        int special = 0;
+        char ch;
+
+        for (int i = 0; i < password.length(); i++) {
+            ch = password.charAt(i);
+            if (Character.isUpperCase(ch))
+                upper++;
+            else if (Character.isLowerCase(ch))
+                lower++;
+            else if (Character.isDigit(ch))
+                digit++;
+            else {
+                if (ch == '<' || ch == '>') {
+                    throw new BusinessException("密码包含非法字符");
+                } else
+                    special++;
+            }
+        }
+        if (upper > 0 && lower > 0 && digit > 0 && password.length() >= 8) {
+            return;
+        }
+        throw new BusinessException("密码长度至少为8位，且必须包含大小写字母和数字");
+    }
+
     public void bindPhone(Long userId, String phone) {
         User user = userRepo.findByIdAndDelFalse(userId).orElseThrow(new BusinessException("用户不存在"));
         if (StringUtils.isNoneEmpty(user.getPhone())) {

src/test/java/com/izouma/nineth/CommonTest.java

@@ -13,6 +13,7 @@ import com.izouma.nineth.domain.User;
 import com.izouma.nineth.dto.PageQuery;
 import com.izouma.nineth.dto.SandPaySettle;
 import com.izouma.nineth.dto.UserWithdraw;
+import com.izouma.nineth.service.UserService;
 import com.izouma.nineth.utils.AESEncryptUtil;
 import com.izouma.nineth.utils.TokenUtils;
 import com.izouma.nineth.web.BaseController;
@@ -625,7 +626,8 @@ public class CommonTest {
     }
 
     @Test
-    public void match(){
-        System.out.println(new BCryptPasswordEncoder().matches("123456","$2a$04$Y8.xGGVzfvIagulntOa/6uBfHH//WKAT1LBNyyoTiD.08Ev318tgS"));
+    public void match() {
+        UserService.checkPasswordStrength("12345678aF[");
+        System.out.println(Pattern.matches("^[a-zA-Z0-9!@#$%^&*]+$", "[121213a123"));
     }
 }