弱密码检测

src/main/java/com/izouma/nineth/domain/WeakPass.java

@@ -0,0 +1,19 @@
+package com.izouma.nineth.domain;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import javax.persistence.Entity;
+import javax.persistence.Id;
+
+@Data
+@Entity
+@AllArgsConstructor
+@NoArgsConstructor
+public class WeakPass {
+    @Id
+    Long userId;
+
+    String pass;
+}

src/main/java/com/izouma/nineth/repo/WeakPassRepo.java

@@ -0,0 +1,7 @@
+package com.izouma.nineth.repo;
+
+import com.izouma.nineth.domain.WeakPass;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface WeakPassRepo extends JpaRepository<WeakPass, Long> {
+}

src/main/java/com/izouma/nineth/service/UserService.java

@@ -7,6 +7,7 @@ import com.huifu.adapay.core.exception.BaseAdaPayException;
 import com.izouma.nineth.TokenHistory;
 import com.izouma.nineth.config.Constants;
 import com.izouma.nineth.config.GeneralProperties;
+import com.izouma.nineth.config.RedisKeys;
 import com.izouma.nineth.domain.Collection;
 import com.izouma.nineth.domain.*;
 import com.izouma.nineth.dto.*;
@@ -42,9 +43,11 @@ import org.springframework.context.event.EventListener;
 import org.springframework.core.env.Environment;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageImpl;
+import org.springframework.data.domain.PageRequest;
 import org.springframework.data.jpa.domain.Specification;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.scheduling.annotation.Async;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 
@@ -80,6 +83,7 @@ public class UserService {
     private GeneralProperties             generalProperties;
     private RedisTemplate<String, Object> redisTemplate;
     private PasswordEncoder               passwordEncoder;
+    private WeakPassRepo                  weakPassRepo;
 
     public User update(User user) {
         if (!SecurityUtils.hasRole(AuthorityName.ROLE_ADMIN)) {
@@ -725,4 +729,41 @@ public class UserService {
         });
         return new PageImpl<>(minters, users.getPageable(), users.getTotalElements());
     }
+
+    @Async
+    public List<User> scanWeakPassword() {
+        String[] weakPass = new String[]{
+                "000000", "111111", "11111111", "112233", "123123", "123321", "123456", "12345678", "654321", "666666",
+                "888888", "abcdef", "abcabc", "abc123", "a1b2c3", "aaa111", "123qwe", "qwerty", "qweasd", "admin",
+                "password", "p@ssword", "passwd", "iloveyou", "5201314", "asdfghjkl", "66666666", "88888888"};
+        boolean hasNext = true;
+
+        int pageNum = 0;
+        List<User> list = new ArrayList<>();
+        while (hasNext) {
+            Page<User> page = userRepo.findAll(PageRequest.of(pageNum++, 200));
+            page.getContent().parallelStream().forEach(user -> {
+                BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
+                boolean match = false;
+                for (String pass : weakPass) {
+                    if (encoder.matches(pass, user.getPassword())) {
+                        match = true;
+                        log.info("检测到弱密码userId={}, pass={}", user.getId(), pass);
+                        weakPassRepo.save(new WeakPass(user.getId(), pass));
+
+                        user.setPassword(null);
+                        save(user);
+                        redisTemplate.opsForValue().set(RedisKeys.JWT_TOKEN + user.getId(), "1");
+
+                        break;
+                    }
+                }
+                if (match) {
+                    list.add(user);
+                }
+            });
+            hasNext = page.hasNext();
+        }
+        return list;
+    }
 }

src/main/java/com/izouma/nineth/web/UserController.java

@@ -291,6 +291,13 @@ public class UserController extends BaseController {
         userService.checkSettleAccountAsync();
         return "ok";
     }
+
+    @PreAuthorize("hasAnyRole('ADMIN')")
+    @GetMapping("/scanWeakPass")
+    public String scanWeakPass() {
+        userService.scanWeakPassword();
+        return "ok";
+    }
 }
 
 

src/test/java/com/izouma/nineth/CommonTest.java

@@ -623,4 +623,9 @@ public class CommonTest {
         System.out.println(failSettleList.size());
         System.out.println(failWithdraw.size());
     }
+
+    @Test
+    public void match(){
+        System.out.println(new BCryptPasswordEncoder().matches("123456","$2a$04$Y8.xGGVzfvIagulntOa/6uBfHH//WKAT1LBNyyoTiD.08Ev318tgS"));
+    }
 }

src/test/java/com/izouma/nineth/service/UserServiceTest.java

@@ -187,4 +187,9 @@ public class UserServiceTest extends ApplicationTests {
             userService.removeBankCard(aLong);
         }
     }
+
+    @Test
+    public void scanWeakPassword() {
+        userService.scanWeakPassword();
+    }
 }