登录增加密码策略校验
This commit is contained in:
@@ -65,6 +65,9 @@ func (s *sSysUser) GetAdminUserByUsernamePassword(ctx context.Context, req *syst
|
||||
user, err = s.GetUserByUsername(ctx, req.Username)
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
liberr.ValueIsNil(user, "账号密码错误")
|
||||
//验证密码复杂度
|
||||
err = s.validatePasswordComplexity(ctx, req.Password)
|
||||
liberr.ErrIsNil(ctx, err)
|
||||
//验证密码
|
||||
if libUtils.EncryptPassword(req.Password, user.UserSalt) != user.UserPassword {
|
||||
liberr.ErrIsNil(ctx, gerror.New("账号密码错误"))
|
||||
@@ -77,6 +80,101 @@ func (s *sSysUser) GetAdminUserByUsernamePassword(ctx context.Context, req *syst
|
||||
return
|
||||
}
|
||||
|
||||
// validatePasswordComplexity 验证密码复杂度
|
||||
func (s *sSysUser) validatePasswordComplexity(ctx context.Context, password string) (err error) {
|
||||
dict, err := commonService.SysDictData().GetDictWithDataByType(ctx, &system.GetDictReq{
|
||||
DictType: "pass_config",
|
||||
})
|
||||
if err != nil || dict == nil || len(dict.Values) == 0 {
|
||||
// 如果没有配置密码复杂度,则默认放行
|
||||
return nil
|
||||
}
|
||||
|
||||
config := make(map[string]string)
|
||||
for _, v := range dict.Values {
|
||||
config[v.DictValue] = v.Remark
|
||||
}
|
||||
|
||||
// 检查是否启用密码策略
|
||||
if enabled, ok := config["enabled"]; ok && enabled != "true" {
|
||||
// 未启用密码策略,直接放行
|
||||
return nil
|
||||
}
|
||||
|
||||
// 验证最小长度
|
||||
if minLen, ok := config["min_length"]; ok {
|
||||
if len(password) < gconv.Int(minLen) {
|
||||
return gerror.Newf("密码长度不能少于%s位", minLen)
|
||||
}
|
||||
}
|
||||
|
||||
// 验证最大长度
|
||||
if maxLen, ok := config["max_length"]; ok {
|
||||
if len(password) > gconv.Int(maxLen) {
|
||||
return gerror.Newf("密码长度不能超过%s位", maxLen)
|
||||
}
|
||||
}
|
||||
|
||||
// 验证是否需要包含数字
|
||||
if needNumber, ok := config["need_number"]; ok && needNumber == "true" {
|
||||
hasNumber := false
|
||||
for _, c := range password {
|
||||
if c >= '0' && c <= '9' {
|
||||
hasNumber = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !hasNumber {
|
||||
return gerror.New("密码必须包含数字")
|
||||
}
|
||||
}
|
||||
|
||||
// 验证是否需要包含小写字母
|
||||
if needLower, ok := config["need_lower"]; ok && needLower == "true" {
|
||||
hasLower := false
|
||||
for _, c := range password {
|
||||
if c >= 'a' && c <= 'z' {
|
||||
hasLower = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !hasLower {
|
||||
return gerror.New("密码必须包含小写字母")
|
||||
}
|
||||
}
|
||||
|
||||
// 验证是否需要包含大写字母
|
||||
if needUpper, ok := config["need_upper"]; ok && needUpper == "true" {
|
||||
hasUpper := false
|
||||
for _, c := range password {
|
||||
if c >= 'A' && c <= 'Z' {
|
||||
hasUpper = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !hasUpper {
|
||||
return gerror.New("密码必须包含大写字母")
|
||||
}
|
||||
}
|
||||
|
||||
// 验证是否需要包含特殊字符
|
||||
if needSpecial, ok := config["need_special"]; ok && needSpecial == "true" {
|
||||
hasSpecial := false
|
||||
specialChars := "!@#$%^&*()_+-=[]{}|;':\",./<>?`~"
|
||||
for _, c := range password {
|
||||
if gstr.Contains(specialChars, string(c)) {
|
||||
hasSpecial = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !hasSpecial {
|
||||
return gerror.New("密码必须包含特殊字符")
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetUserByUsername 通过用户名获取用户信息
|
||||
func (s *sSysUser) GetUserByUsername(ctx context.Context, userName string) (user *model.LoginUserRes, err error) {
|
||||
err = g.Try(ctx, func(ctx context.Context) {
|
||||
|
||||
Reference in New Issue
Block a user