You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shenyu.apache.org by xi...@apache.org on 2023/05/08 03:08:16 UTC
[shenyu] branch master updated: [type:feature] Change password strictness (#4618)
This is an automated email from the ASF dual-hosted git repository.
xiaoyu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shenyu.git
The following commit(s) were added to refs/heads/master by this push:
new 43fba6dd7 [type:feature] Change password strictness (#4618)
43fba6dd7 is described below
commit 43fba6dd7a4e87b7058da0e6ec6ae18958eb82ae
Author: likeguo <33...@users.noreply.github.com>
AuthorDate: Mon May 8 11:08:10 2023 +0800
[type:feature] Change password strictness (#4618)
* feature/change-password
* feature/change-password
* feature/change-password
---
.../http-debug-dashboard-user-controller-api.http | 7 ++
.../controller/SuperAdminPasswordSafeAdvice.java | 21 ++----
.../admin/controller/DashboardUserController.java | 13 ++++
.../shenyu/admin/model/constant/RegConstant.java | 55 ++++++++++++++
.../shenyu/admin/model/dto/DashboardUserDTO.java | 83 ++++++++++++----------
.../model/dto/DashboardUserModifyPasswordDTO.java | 53 ++++++++++----
.../shenyu/admin/service/DashboardUserService.java | 26 ++++---
.../service/impl/DashboardUserServiceImpl.java | 48 ++++++++++---
.../shenyu/admin/utils/ShenyuResultMessage.java | 69 ++++++++++--------
.../src/main/resources/static/index.3a360bb9.js | 1 +
.../src/main/resources/static/index.66672504.js | 1 -
.../{index.e9ecba88.css => index.98c5ed36.css} | 4 +-
shenyu-admin/src/main/resources/static/index.html | 4 +-
.../controller/DashboardUserControllerTest.java | 2 +-
14 files changed, 266 insertions(+), 121 deletions(-)
diff --git a/shenyu-admin/src/http/http-debug-dashboard-user-controller-api.http b/shenyu-admin/src/http/http-debug-dashboard-user-controller-api.http
index 96d9a85c9..6a57f4380 100644
--- a/shenyu-admin/src/http/http-debug-dashboard-user-controller-api.http
+++ b/shenyu-admin/src/http/http-debug-dashboard-user-controller-api.http
@@ -77,3 +77,10 @@ X-Access-Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6ImFkbWluIiw
"password": "password-test-changed",
"role": 0
}
+
+### dashboard user check password
+GET http://localhost:9095/dashboardUser/check/password
+Accept: application/json
+Content-Type: application/json
+X-Access-Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyTmFtZSI6ImFkbWluIiwiZXhwIjoxNjQ2NzQ1ODM0fQ.zf3EHlERZr4o-KcmhSfKa3hk5DV4vbS-naVUI074ii0
+
diff --git a/shenyu-admin/src/main/java/org/apache/shenyu/admin/aspect/controller/SuperAdminPasswordSafeAdvice.java b/shenyu-admin/src/main/java/org/apache/shenyu/admin/aspect/controller/SuperAdminPasswordSafeAdvice.java
index a646c429a..b63ea5e62 100644
--- a/shenyu-admin/src/main/java/org/apache/shenyu/admin/aspect/controller/SuperAdminPasswordSafeAdvice.java
+++ b/shenyu-admin/src/main/java/org/apache/shenyu/admin/aspect/controller/SuperAdminPasswordSafeAdvice.java
@@ -19,10 +19,8 @@ package org.apache.shenyu.admin.aspect.controller;
import com.google.common.base.Stopwatch;
import org.apache.shenyu.admin.config.properties.DashboardProperties;
-import org.apache.shenyu.admin.mapper.DashboardUserMapper;
-import org.apache.shenyu.admin.model.entity.DashboardUserDO;
+import org.apache.shenyu.admin.service.DashboardUserService;
import org.apache.shenyu.admin.utils.SessionUtil;
-import org.apache.shenyu.common.exception.ShenyuException;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.core.annotation.AnnotatedElementUtils;
import org.springframework.stereotype.Component;
@@ -43,12 +41,12 @@ public class SuperAdminPasswordSafeAdvice implements ControllerMethodAdvice {
private final DashboardProperties properties;
- private final DashboardUserMapper userMapper;
+ private final DashboardUserService userService;
public SuperAdminPasswordSafeAdvice(final DashboardProperties properties,
- final DashboardUserMapper userMapper) {
+ final DashboardUserService userService) {
this.properties = properties;
- this.userMapper = userMapper;
+ this.userService = userService;
}
@Override
@@ -76,16 +74,7 @@ public class SuperAdminPasswordSafeAdvice implements ControllerMethodAdvice {
.stream()
.anyMatch(p -> Arrays.asList(permissions.value()).contains(p))) {
- final String userId = SessionUtil.visitor().getUserId();
- final DashboardUserDO userDO = userMapper.selectById(userId);
- if (Objects.equals(userDO.getDateCreated(), userDO.getDateUpdated())) {
- throw new ShenyuException("The password is the default password and you must complete the change once");
- }
- // The password has not been changed for a long time
- if (userDO.getDateUpdated().getTime() <= System.currentTimeMillis() - properties.getSuperAdminPasswordValidDuration()) {
- throw new ShenyuException("If the password has not been changed for a long time, please use it after changing it to ensure the security of the super administrator account");
- }
- // Weak password blacklist
+ userService.checkUserPassword(SessionUtil.visitor().getUserId());
}
}
diff --git a/shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java b/shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java
index a969ee39e..e9f7d9bdb 100644
--- a/shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java
+++ b/shenyu-admin/src/main/java/org/apache/shenyu/admin/controller/DashboardUserController.java
@@ -26,11 +26,13 @@ import org.apache.shenyu.admin.model.dto.DashboardUserModifyPasswordDTO;
import org.apache.shenyu.admin.model.page.CommonPager;
import org.apache.shenyu.admin.model.page.PageParameter;
import org.apache.shenyu.admin.model.query.DashboardUserQuery;
+import org.apache.shenyu.admin.model.result.AdminResult;
import org.apache.shenyu.admin.model.result.ShenyuAdminResult;
import org.apache.shenyu.admin.model.vo.DashboardUserEditVO;
import org.apache.shenyu.admin.model.vo.DashboardUserVO;
import org.apache.shenyu.admin.service.DashboardUserService;
import org.apache.shenyu.admin.utils.Assert;
+import org.apache.shenyu.admin.utils.ResultUtil;
import org.apache.shenyu.admin.utils.SessionUtil;
import org.apache.shenyu.admin.utils.ShenyuResultMessage;
import org.apache.shenyu.admin.validation.annotation.Existed;
@@ -171,9 +173,20 @@ public class DashboardUserController {
return ShenyuAdminResult.error(ShenyuResultMessage.DASHBOARD_MODIFY_PASSWORD_ERROR);
}
dashboardUserModifyPasswordDTO.setPassword(DigestUtils.sha512Hex(dashboardUserModifyPasswordDTO.getPassword()));
+ dashboardUserModifyPasswordDTO.setOldPassword(DigestUtils.sha512Hex(dashboardUserModifyPasswordDTO.getOldPassword()));
return ShenyuAdminResult.success(ShenyuResultMessage.UPDATE_SUCCESS, dashboardUserService.modifyPassword(dashboardUserModifyPasswordDTO));
}
+ /**
+ * check current user password.
+ *
+ * @return success
+ */
+ @GetMapping("check/password")
+ public AdminResult<Boolean> checkUserPassword() {
+ return ResultUtil.ok(dashboardUserService.checkUserPassword(SessionUtil.visitor().getUserId()));
+ }
+
/**
* delete dashboard users.
*
diff --git a/shenyu-admin/src/main/java/org/apache/shenyu/admin/model/constant/RegConstant.java b/shenyu-admin/src/main/java/org/apache/shenyu/admin/model/constant/RegConstant.java
new file mode 100644
index 000000000..eaa3c408b
--- /dev/null
+++ b/shenyu-admin/src/main/java/org/apache/shenyu/admin/model/constant/RegConstant.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shenyu.admin.model.constant;
+
+/**
+ * RegConstant.
+ */
+public final class RegConstant {
+
+ /**
+ * Minimum length of 8, including upper and lower case letters, numbers and special characters.
+ */
+ public static final String PASSWORD_RULE = "^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)(?=.*[@$!%*?&])[A-Za-z\\d@$!%*?&]{8,}$";
+
+
+ /**
+ * At least 8 in length, containing at least one letter and one number.
+ */
+ public static final String PASSWORD_RULE_L0 = "^(?=.*[A-Za-z])(?=.*\\d)[A-Za-z\\d]{8,}$";
+
+ /**
+ * Minimum length of 8, containing at least one letter and one number and one special character.
+ */
+ public static final String PASSWORD_RULE_L1 = "^(?=.*[A-Za-z])(?=.*\\d)(?=.*[@$!%*#?&])[A-Za-z\\d@$!%*#?&]{8,}$";
+
+ /**
+ * At least 8 in length, with at least one number and both upper and lower case letters.
+ */
+ public static final String PASSWORD_RULE_L2 = "^(?=.*[a-z])(?=.*[A-Z])(?=.*\\d)[a-zA-Z\\d]{8,}$";
+
+ /**
+ * Minimum length of 8 - 16, including upper and lower case letters, numbers and special characters.
+ */
+ public static final String PASSWORD_RULE_L3 = "^(?=.*[a-z])(?=.*[A-Z])(?=.*\\)(?=.*[@$!%*?&])[A-Za-z\\d@$!%*?&]{8,16}$";
+
+ private RegConstant() {
+
+ }
+
+}
diff --git a/shenyu-admin/src/main/java/org/apache/shenyu/admin/model/dto/DashboardUserDTO.java b/shenyu-admin/src/main/java/org/apache/shenyu/admin/model/dto/DashboardUserDTO.java
index 8339cc11c..7ec49b46c 100644
--- a/shenyu-admin/src/main/java/org/apache/shenyu/admin/model/dto/DashboardUserDTO.java
+++ b/shenyu-admin/src/main/java/org/apache/shenyu/admin/model/dto/DashboardUserDTO.java
@@ -17,8 +17,12 @@
package org.apache.shenyu.admin.model.dto;
+import org.apache.shenyu.admin.model.constant.RegConstant;
+import org.apache.shenyu.admin.utils.ShenyuResultMessage;
+
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Pattern;
import java.io.Serializable;
import java.util.List;
import java.util.Objects;
@@ -27,44 +31,45 @@ import java.util.Objects;
* this is dashboard user from by web front.
*/
public class DashboardUserDTO implements Serializable {
-
+
private static final long serialVersionUID = -7005615329360835626L;
-
+
/**
* primary key.
*/
private String id;
-
+
/**
* user name.
*/
@NotBlank
private String userName;
-
+
/**
* user password.
*/
+ @Pattern(regexp = RegConstant.PASSWORD_RULE, message = ShenyuResultMessage.PASSWORD_MUST)
private String password;
-
+
/**
* dashboard role.
*/
private Integer role;
-
+
/**
* current role list.
*/
private List<@NotBlank String> roles;
-
+
/**
* whether enabled.
*/
@NotNull
private Boolean enabled;
-
+
public DashboardUserDTO() {
}
-
+
public DashboardUserDTO(final String id, @NotNull final String userName, final String password, final Integer role, final List<String> roles, final Boolean enabled) {
this.id = id;
this.userName = userName;
@@ -73,7 +78,7 @@ public class DashboardUserDTO implements Serializable {
this.roles = roles;
this.enabled = enabled;
}
-
+
/**
* Gets the value of id.
*
@@ -82,7 +87,7 @@ public class DashboardUserDTO implements Serializable {
public String getId() {
return id;
}
-
+
/**
* Sets the id.
*
@@ -91,7 +96,7 @@ public class DashboardUserDTO implements Serializable {
public void setId(final String id) {
this.id = id;
}
-
+
/**
* Gets the value of userName.
*
@@ -100,7 +105,7 @@ public class DashboardUserDTO implements Serializable {
public String getUserName() {
return userName;
}
-
+
/**
* Sets the userName.
*
@@ -109,7 +114,7 @@ public class DashboardUserDTO implements Serializable {
public void setUserName(final String userName) {
this.userName = userName;
}
-
+
/**
* Gets the value of password.
*
@@ -118,7 +123,7 @@ public class DashboardUserDTO implements Serializable {
public String getPassword() {
return password;
}
-
+
/**
* Sets the password.
*
@@ -127,7 +132,7 @@ public class DashboardUserDTO implements Serializable {
public void setPassword(final String password) {
this.password = password;
}
-
+
/**
* Gets the value of role.
*
@@ -136,7 +141,7 @@ public class DashboardUserDTO implements Serializable {
public Integer getRole() {
return role;
}
-
+
/**
* Sets the role.
*
@@ -145,7 +150,7 @@ public class DashboardUserDTO implements Serializable {
public void setRole(final Integer role) {
this.role = role;
}
-
+
/**
* Gets the value of roles.
*
@@ -154,7 +159,7 @@ public class DashboardUserDTO implements Serializable {
public List<String> getRoles() {
return roles;
}
-
+
/**
* Sets the roles.
*
@@ -163,7 +168,7 @@ public class DashboardUserDTO implements Serializable {
public void setRoles(final List<String> roles) {
this.roles = roles;
}
-
+
/**
* Gets the value of enabled.
*
@@ -172,7 +177,7 @@ public class DashboardUserDTO implements Serializable {
public Boolean getEnabled() {
return enabled;
}
-
+
/**
* Sets the enabled.
*
@@ -181,7 +186,7 @@ public class DashboardUserDTO implements Serializable {
public void setEnabled(final Boolean enabled) {
this.enabled = enabled;
}
-
+
/**
* builder method.
*
@@ -190,7 +195,7 @@ public class DashboardUserDTO implements Serializable {
public static DashboardUserDTO.DashboardUserDTOBuilder builder() {
return new DashboardUserDTO.DashboardUserDTOBuilder();
}
-
+
@Override
public boolean equals(final Object o) {
if (this == o) {
@@ -207,29 +212,29 @@ public class DashboardUserDTO implements Serializable {
&& Objects.equals(roles, that.roles)
&& Objects.equals(enabled, that.enabled);
}
-
+
@Override
public int hashCode() {
return Objects.hash(id, userName, password, role, roles, enabled);
}
-
+
public static final class DashboardUserDTOBuilder {
-
+
private String id;
-
+
private String userName;
-
+
private String password;
-
+
private Integer role;
-
+
private List<String> roles;
-
+
private Boolean enabled;
-
+
private DashboardUserDTOBuilder() {
}
-
+
/**
* id.
*
@@ -240,7 +245,7 @@ public class DashboardUserDTO implements Serializable {
this.id = id;
return this;
}
-
+
/**
* userName.
*
@@ -251,7 +256,7 @@ public class DashboardUserDTO implements Serializable {
this.userName = userName;
return this;
}
-
+
/**
* password.
*
@@ -262,7 +267,7 @@ public class DashboardUserDTO implements Serializable {
this.password = password;
return this;
}
-
+
/**
* role.
*
@@ -273,7 +278,7 @@ public class DashboardUserDTO implements Serializable {
this.role = role;
return this;
}
-
+
/**
* roles.
*
@@ -284,7 +289,7 @@ public class DashboardUserDTO implements Serializable {
this.roles = roles;
return this;
}
-
+
/**
* enabled.
*
@@ -295,7 +300,7 @@ public class DashboardUserDTO implements Serializable {
this.enabled = enabled;
return this;
}
-
+
/**
* build method.
*
diff --git a/shenyu-admin/src/main/java/org/apache/shenyu/admin/model/dto/DashboardUserModifyPasswordDTO.java b/shenyu-admin/src/main/java/org/apache/shenyu/admin/model/dto/DashboardUserModifyPasswordDTO.java
index e8a240fe6..4cba4dca8 100644
--- a/shenyu-admin/src/main/java/org/apache/shenyu/admin/model/dto/DashboardUserModifyPasswordDTO.java
+++ b/shenyu-admin/src/main/java/org/apache/shenyu/admin/model/dto/DashboardUserModifyPasswordDTO.java
@@ -17,41 +17,50 @@
package org.apache.shenyu.admin.model.dto;
-import java.io.Serializable;
+import org.apache.shenyu.admin.model.constant.RegConstant;
+import org.apache.shenyu.admin.utils.ShenyuResultMessage;
import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Pattern;
+import java.io.Serializable;
/**
* this is dashboard user from by web front.
*/
public class DashboardUserModifyPasswordDTO implements Serializable {
-
+
/**
* primary key.
*/
private String id;
-
+
/**
* user name.
*/
- @NotBlank
private String userName;
-
+
/**
* user password.
*/
@NotBlank
+ @Pattern(regexp = RegConstant.PASSWORD_RULE, message = ShenyuResultMessage.PASSWORD_MUST)
private String password;
-
+
+ /**
+ * user password.
+ */
+ @NotBlank
+ private String oldPassword;
+
public DashboardUserModifyPasswordDTO() {
}
-
+
public DashboardUserModifyPasswordDTO(final String id, final String userName, final String password) {
this.id = id;
this.userName = userName;
this.password = password;
}
-
+
/**
* Gets the value of id.
*
@@ -60,7 +69,7 @@ public class DashboardUserModifyPasswordDTO implements Serializable {
public String getId() {
return id;
}
-
+
/**
* Sets the id.
*
@@ -69,7 +78,7 @@ public class DashboardUserModifyPasswordDTO implements Serializable {
public void setId(final String id) {
this.id = id;
}
-
+
/**
* Gets the value of userName.
*
@@ -78,7 +87,7 @@ public class DashboardUserModifyPasswordDTO implements Serializable {
public String getUserName() {
return userName;
}
-
+
/**
* Sets the userName.
*
@@ -87,7 +96,7 @@ public class DashboardUserModifyPasswordDTO implements Serializable {
public void setUserName(final String userName) {
this.userName = userName;
}
-
+
/**
* Gets the value of password.
*
@@ -96,7 +105,7 @@ public class DashboardUserModifyPasswordDTO implements Serializable {
public String getPassword() {
return password;
}
-
+
/**
* Sets the password.
*
@@ -105,4 +114,22 @@ public class DashboardUserModifyPasswordDTO implements Serializable {
public void setPassword(final String password) {
this.password = password;
}
+
+ /**
+ * get oldPassword.
+ *
+ * @return old password
+ */
+ public String getOldPassword() {
+ return oldPassword;
+ }
+
+ /**
+ * set oldPassword.
+ *
+ * @param oldPassword old password
+ */
+ public void setOldPassword(final String oldPassword) {
+ this.oldPassword = oldPassword;
+ }
}
diff --git a/shenyu-admin/src/main/java/org/apache/shenyu/admin/service/DashboardUserService.java b/shenyu-admin/src/main/java/org/apache/shenyu/admin/service/DashboardUserService.java
index 67023b2cc..a30257cd3 100644
--- a/shenyu-admin/src/main/java/org/apache/shenyu/admin/service/DashboardUserService.java
+++ b/shenyu-admin/src/main/java/org/apache/shenyu/admin/service/DashboardUserService.java
@@ -31,7 +31,7 @@ import java.util.Set;
* this is dashboard user service.
*/
public interface DashboardUserService {
-
+
/**
* create or update dashboard user.
*
@@ -49,13 +49,13 @@ public interface DashboardUserService {
int create(DashboardUserDTO dashboardUserDTO);
/**
- * update dashboard user.
+ * update dashboard user.
*
* @param dashboardUserDTO {@linkplain DashboardUserDTO}
* @return rows
*/
int update(DashboardUserDTO dashboardUserDTO);
-
+
/**
* delete dashboard users.
*
@@ -63,7 +63,7 @@ public interface DashboardUserService {
* @return rows
*/
int delete(Set<String> ids);
-
+
/**
* find dashboard user by id.
*
@@ -71,7 +71,7 @@ public interface DashboardUserService {
* @return {@linkplain DashboardUserVO}
*/
DashboardUserEditVO findById(String id);
-
+
/**
* find dashboard user by username.
*
@@ -79,7 +79,7 @@ public interface DashboardUserService {
* @return {@linkplain DashboardUserVO}
*/
DashboardUserVO findByUserName(String username);
-
+
/**
* find dashboard user by query.
*
@@ -88,7 +88,7 @@ public interface DashboardUserService {
* @return {@linkplain DashboardUserVO}
*/
DashboardUserVO findByQuery(String userName, String password);
-
+
/**
* find page of dashboard user by query.
*
@@ -96,7 +96,7 @@ public interface DashboardUserService {
* @return {@linkplain CommonPager}
*/
CommonPager<DashboardUserVO> listByPage(DashboardUserQuery dashboardUserQuery);
-
+
/**
* To deal with the admin login.
*
@@ -105,7 +105,7 @@ public interface DashboardUserService {
* @return {@linkplain LoginDashboardUserVO}
*/
LoginDashboardUserVO login(String userName, String password);
-
+
/**
* modify password.
*
@@ -113,4 +113,12 @@ public interface DashboardUserService {
* @return rows
*/
int modifyPassword(DashboardUserModifyPasswordDTO dashboardUserModifyPasswordDTO);
+
+ /**
+ * check password.
+ *
+ * @param userId userId
+ * @return Passed or not
+ */
+ boolean checkUserPassword(String userId);
}
diff --git a/shenyu-admin/src/main/java/org/apache/shenyu/admin/service/impl/DashboardUserServiceImpl.java b/shenyu-admin/src/main/java/org/apache/shenyu/admin/service/impl/DashboardUserServiceImpl.java
index c6c475420..3c79b1612 100644
--- a/shenyu-admin/src/main/java/org/apache/shenyu/admin/service/impl/DashboardUserServiceImpl.java
+++ b/shenyu-admin/src/main/java/org/apache/shenyu/admin/service/impl/DashboardUserServiceImpl.java
@@ -20,6 +20,7 @@ package org.apache.shenyu.admin.service.impl;
import com.google.common.collect.Lists;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
+import org.apache.shenyu.admin.config.properties.DashboardProperties;
import org.apache.shenyu.admin.config.properties.JwtProperties;
import org.apache.shenyu.admin.config.properties.LdapProperties;
import org.apache.shenyu.admin.mapper.DashboardUserMapper;
@@ -45,6 +46,7 @@ import org.apache.shenyu.admin.utils.Assert;
import org.apache.shenyu.admin.utils.JwtUtils;
import org.apache.shenyu.admin.utils.ListUtil;
import org.apache.shenyu.admin.utils.SessionUtil;
+import org.apache.shenyu.admin.utils.ShenyuResultMessage;
import org.apache.shenyu.common.constant.AdminConstants;
import org.apache.shenyu.common.utils.DigestUtils;
import org.slf4j.Logger;
@@ -86,13 +88,16 @@ public class DashboardUserServiceImpl implements DashboardUserService {
private final UserEventPublisher publisher;
+ private final DashboardProperties properties;
+
public DashboardUserServiceImpl(final DashboardUserMapper dashboardUserMapper,
final UserRoleMapper userRoleMapper,
final RoleMapper roleMapper,
@Nullable final LdapProperties ldapProperties,
@Nullable final LdapTemplate ldapTemplate,
final JwtProperties jwtProperties,
- final UserEventPublisher publisher) {
+ final UserEventPublisher publisher,
+ final DashboardProperties properties) {
this.dashboardUserMapper = dashboardUserMapper;
this.userRoleMapper = userRoleMapper;
this.roleMapper = roleMapper;
@@ -100,6 +105,7 @@ public class DashboardUserServiceImpl implements DashboardUserService {
this.ldapTemplate = ldapTemplate;
this.jwtProperties = jwtProperties;
this.publisher = publisher;
+ this.properties = properties;
}
/**
@@ -267,13 +273,15 @@ public class DashboardUserServiceImpl implements DashboardUserService {
final LoginDashboardUserVO loginDashboardUserVO = LoginDashboardUserVO.buildLoginDashboardUserVO(dashboardUserVO);
final DashboardUserVO finalDashboardUserVO = dashboardUserVO;
- return Optional.ofNullable(loginDashboardUserVO).map(loginUser -> {
- if (Boolean.FALSE.equals(loginUser.getEnabled())) {
- return loginUser;
- }
- return loginUser.setToken(JwtUtils.generateToken(finalDashboardUserVO.getUserName(), finalDashboardUserVO.getPassword(),
- jwtProperties.getExpiredSeconds())).setExpiredTime(jwtProperties.getExpiredSeconds());
- }).orElse(null);
+ return Optional.ofNullable(loginDashboardUserVO)
+ .map(loginUser -> {
+ if (Boolean.FALSE.equals(loginUser.getEnabled())) {
+ return loginUser;
+ }
+ return loginUser.setToken(JwtUtils.generateToken(finalDashboardUserVO.getUserName(), finalDashboardUserVO.getPassword(),
+ jwtProperties.getExpiredSeconds())).setExpiredTime(jwtProperties.getExpiredSeconds());
+ })
+ .orElse(null);
}
/**
@@ -284,8 +292,12 @@ public class DashboardUserServiceImpl implements DashboardUserService {
*/
@Override
public int modifyPassword(final DashboardUserModifyPasswordDTO dashboardUserModifyPasswordDTO) {
+ DashboardUserDO before = dashboardUserMapper.selectById(dashboardUserModifyPasswordDTO.getId());
+ Assert.notNull(before, "current user is not found");
+ Assert.isTrue(Boolean.TRUE.equals(before.getEnabled()), "current user is locked");
+ Assert.isTrue(Objects.equals(before.getPassword(), dashboardUserModifyPasswordDTO.getOldPassword()), "old password is error");
+
DashboardUserDO dashboardUserDO = DashboardUserDO.buildDashboardUserDO(dashboardUserModifyPasswordDTO);
- DashboardUserDO before = dashboardUserMapper.selectById(dashboardUserDO.getId());
int updateCount = dashboardUserMapper.updateSelective(dashboardUserDO);
if (updateCount > 0) {
publisher.onUpdated(dashboardUserDO, before);
@@ -293,6 +305,20 @@ public class DashboardUserServiceImpl implements DashboardUserService {
return updateCount;
}
+ @Override
+ public boolean checkUserPassword(final String userId) {
+ final DashboardUserDO userDO = dashboardUserMapper.selectById(userId);
+
+ Assert.isTrue(!Objects.equals(userDO.getDateCreated(), userDO.getDateUpdated()), ShenyuResultMessage.PASSWORD_IS_DEFAULT);
+
+ // The password has not been changed for a long time
+ Assert.isTrue(passwordUsedLongTime(userDO), ShenyuResultMessage.PASSWORD_USED_FOR_LONG_TIME);
+
+ // Weak password blacklist
+
+ return true;
+ }
+
private DashboardUserVO loginByLdap(final String userName, final String password) {
Assert.notNull(ldapProperties, "ldap config is not enable");
String searchBase = String.format("%s=%s,%s", ldapProperties.getLoginField(), LdapEncoder.nameEncode(userName), ldapProperties.getBaseDn());
@@ -344,4 +370,8 @@ public class DashboardUserServiceImpl implements DashboardUserService {
.build()))
.collect(Collectors.toList()));
}
+
+ private boolean passwordUsedLongTime(final DashboardUserDO userDO) {
+ return userDO.getDateUpdated().getTime() >= System.currentTimeMillis() - properties.getSuperAdminPasswordValidDuration();
+ }
}
diff --git a/shenyu-admin/src/main/java/org/apache/shenyu/admin/utils/ShenyuResultMessage.java b/shenyu-admin/src/main/java/org/apache/shenyu/admin/utils/ShenyuResultMessage.java
index 6fa38871c..d48b198e4 100644
--- a/shenyu-admin/src/main/java/org/apache/shenyu/admin/utils/ShenyuResultMessage.java
+++ b/shenyu-admin/src/main/java/org/apache/shenyu/admin/utils/ShenyuResultMessage.java
@@ -18,63 +18,74 @@
package org.apache.shenyu.admin.utils;
/**
- * result message.
+ * result message.
*/
public final class ShenyuResultMessage {
-
+
public static final String SUCCESS = "success";
-
+
public static final String CREATE_SUCCESS = "create success";
-
+
public static final String DELETE_SUCCESS = "delete success";
-
+
public static final String UPDATE_SUCCESS = "update success";
-
+
public static final String QUERY_SUCCESS = "query success";
-
+
public static final String QUERY_FAILED = "query failed";
-
+
public static final String DETAIL_SUCCESS = "detail success";
-
+
public static final String DETAIL_FAILED = "detail failed";
-
+
public static final String ENABLE_SUCCESS = "enable success";
-
+
public static final String SYNC_SUCCESS = "sync success";
-
+
public static final String SYNC_FAIL = "sync fail";
-
+
public static final String ROLE_CREATE_ERROR = "can not create super role";
-
+
public static final String DASHBOARD_USER_LOGIN_ERROR = "user not login please login first";
-
+
public static final String DASHBOARD_QUERY_ERROR = "user info is empty";
-
+
public static final String DASHBOARD_MODIFY_PASSWORD_ERROR = "can not modify other user password";
-
+
public static final String DASHBOARD_CREATE_USER_ERROR = "empty user info, please confirm";
-
+
public static final String PLATFORM_LOGIN_SUCCESS = "login dashboard user success";
-
+
public static final String PLATFORM_LOGIN_ERROR = "username or password error";
-
+
public static final String LOGIN_USER_DISABLE_ERROR = "the user is disabled";
-
+
public static final String PARAMETER_ERROR = "parameter error";
-
+
public static final String UNIQUE_INDEX_CONFLICT_ERROR = "unique index conflict, please enter again";
-
+
public static final String APPKEY_NOT_EXIST_ERROR = "the appKey passed in does not exist";
-
+
public static final String TOKEN_IS_ERROR = "token is error";
-
+
public static final String TOKEN_HAS_NO_PERMISSION = "token has no permission";
-
+
public static final String MENU_SUCCESS = "get menu and permission success";
-
+
public static final String MENU_FAILED = "get menu and permission failed";
-
+
public static final String SAVE_SUCCESS = "save success";
-
+
public static final String NOT_FOUND_EXCEPTION = "not found exception";
+
+ public static final String PASSWORD_MUST = "Minimum length of 8, including upper and lower case letters, numbers and special characters";
+
+ public static final String PASSWORD_IS_DEFAULT = "The password is the default password and you must complete the change once";
+
+ public static final String PASSWORD_USED_FOR_LONG_TIME = "If the password has not been changed for a long time, "
+ + "please use it after changing it to ensure the security of the super administrator account";
+
+ private ShenyuResultMessage() {
+
+ }
}
diff --git a/shenyu-admin/src/main/resources/static/index.3a360bb9.js b/shenyu-admin/src/main/resources/static/index.3a360bb9.js
new file mode 100644
index 000000000..3f24a5a41
--- /dev/null
+++ b/shenyu-admin/src/main/resources/static/index.3a360bb9.js
@@ -0,0 +1 @@
+!function(e){function t(r){if(n[r])return n[r].exports;var o=n[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,t),o.l=!0,o.exports}var n={};t.m=e,t.c=n,t.d=function(e,n,r){t.o(e,n)||Object.defineProperty(e,n,{configurable:!1,enumerable:!0,get:r})},t.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(n,"a",n),n},t.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},t.p="/",t(t.s="lVK7")}({"+0it":function(e,t,n){"u [...]
\ No newline at end of file
diff --git a/shenyu-admin/src/main/resources/static/index.66672504.js b/shenyu-admin/src/main/resources/static/index.66672504.js
deleted file mode 100644
index 8e9b83e23..000000000
--- a/shenyu-admin/src/main/resources/static/index.66672504.js
+++ /dev/null
@@ -1 +0,0 @@
-!function(e){function t(r){if(n[r])return n[r].exports;var o=n[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,t),o.l=!0,o.exports}var n={};t.m=e,t.c=n,t.d=function(e,n,r){t.o(e,n)||Object.defineProperty(e,n,{configurable:!1,enumerable:!0,get:r})},t.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(n,"a",n),n},t.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},t.p="/",t(t.s="lVK7")}({"+0it":function(e,t,n){"u [...]
\ No newline at end of file
diff --git a/shenyu-admin/src/main/resources/static/index.e9ecba88.css b/shenyu-admin/src/main/resources/static/index.98c5ed36.css
similarity index 88%
rename from shenyu-admin/src/main/resources/static/index.e9ecba88.css
rename to shenyu-admin/src/main/resources/static/index.98c5ed36.css
index 64bf21c26..8a7ebd914 100644
--- a/shenyu-admin/src/main/resources/static/index.e9ecba88.css
+++ b/shenyu-admin/src/main/resources/static/index.98c5ed36.css
@@ -1,5 +1,5 @@
-#root,body,html{height:100%}.plug-content-wrap{padding:24px}.open{color:#14c974}.close{color:#ff586d}.ant-layout{min-height:100%}ol,ul{list-style:none}.ant-table{background:#fff}.table-selected{background:#98cdff}.edit{cursor:pointer}.edit,.edit:hover{color:#1890ff}.searchblock{display:-ms-flexbox!important;display:flex!important}.searchblock button{margin-left:30px}.ant-table table{padding:0!important}.ant-table-small>.ant-table-content>.ant-table-body{margin:0!important}.table-header{d [...]
- /*! autoprefixer: ignore next */-webkit-box-orient:vertical;overflow:hidden}.layout___1o3Ic{display:-ms-flexbox;display:flex;padding-left:5px}.headerSearch___2Y3tE{display:-ms-flexbox;display:flex;-ms-flex-pack:justify;justify-content:space-between;margin-left:10px}.headerSearch___2Y3tE .search___3wHRQ{margin-right:10px}.headerSearch___2Y3tE .search___3wHRQ .ant-input{margin-top:4px}.condition___2uVb3{margin-top:8px}.condition___2uVb3 .addButton___2zrK1{width:100%}.ruleConditions___26i [...]
+#root,body,html{height:100%}.plug-content-wrap{padding:24px}.open{color:#14c974}.close{color:#ff586d}.ant-layout{min-height:100%}ol,ul{list-style:none}.ant-table{background:#fff}.table-selected{background:#98cdff}.edit{cursor:pointer}.edit,.edit:hover{color:#1890ff}.searchblock{display:-ms-flexbox!important;display:flex!important}.searchblock button{margin-left:30px}.ant-table table{padding:0!important}.ant-table-small>.ant-table-content>.ant-table-body{margin:0!important}.table-header{d [...]
+ /*! autoprefixer: ignore next */-webkit-box-orient:vertical;overflow:hidden}.optionParts___1KtSu{display:-ms-flexbox;display:flex;-ms-flex-pack:center;justify-content:center}.optionParts___1KtSu div:first-child{margin-right:16px}.condition___2ujo0{margin-top:8px;display:-ms-flexbox;display:flex}.condition___2ujo0 ul{padding:0 0 10px 6px;margin:0;display:-ms-flexbox;display:flex;-ms-flex-pack:justify;justify-content:space-between;-ms-flex-align:top;align-items:top}.condition___2ujo0 ul [...]
*
* antd v3.26.20
*
diff --git a/shenyu-admin/src/main/resources/static/index.html b/shenyu-admin/src/main/resources/static/index.html
index 0f02b4a71..5f308b4a2 100644
--- a/shenyu-admin/src/main/resources/static/index.html
+++ b/shenyu-admin/src/main/resources/static/index.html
@@ -24,11 +24,11 @@
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Apache ShenYu Gateway</title>
<link rel="icon" href="/favicon.ico" type="image/x-icon">
-<link href="/index.e9ecba88.css" rel="stylesheet"></head>
+<link href="/index.98c5ed36.css" rel="stylesheet"></head>
<body>
<div id="httpPath" style="display: none" th:text="${domain}"></div>
<div id="root"></div>
-<script type="text/javascript" src="/index.66672504.js"></script></body>
+<script type="text/javascript" src="/index.3a360bb9.js"></script></body>
</html>
diff --git a/shenyu-admin/src/test/java/org/apache/shenyu/admin/controller/DashboardUserControllerTest.java b/shenyu-admin/src/test/java/org/apache/shenyu/admin/controller/DashboardUserControllerTest.java
index dad37fa96..4aecd5c60 100644
--- a/shenyu-admin/src/test/java/org/apache/shenyu/admin/controller/DashboardUserControllerTest.java
+++ b/shenyu-admin/src/test/java/org/apache/shenyu/admin/controller/DashboardUserControllerTest.java
@@ -78,7 +78,7 @@ public final class DashboardUserControllerTest {
"dateUpdated");
private final DashboardUserDTO dashboardUserDTO = new DashboardUserDTO("2", "userName",
- "123456", 0, Lists.newArrayList("1"), false);
+ "Admin@123", 0, Lists.newArrayList("1"), false);
@BeforeEach
public void setUp() throws Exception {