diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ChangePasswodController.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ChangePasswodController.java index 9f8bb755e..899043cee 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ChangePasswodController.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ChangePasswodController.java @@ -1,19 +1,19 @@ /* * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ - + package org.maxkey.web.contorller; @@ -24,9 +24,13 @@ import org.maxkey.constants.ConstsOperateResult; import org.maxkey.constants.ConstsPasswordSetType; import org.maxkey.entity.ChangePassword; import org.maxkey.entity.Message; +import org.maxkey.entity.PasswordPolicy; import org.maxkey.entity.UserInfo; +import org.maxkey.persistence.repository.PasswordPolicyValidator; import org.maxkey.persistence.service.HistorySystemLogsService; +import org.maxkey.persistence.service.PasswordPolicyService; import org.maxkey.persistence.service.UserInfoService; +import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -41,34 +45,48 @@ import org.springframework.web.bind.annotation.ResponseBody; @RequestMapping(value={"/config"}) public class ChangePasswodController { final static Logger _logger = LoggerFactory.getLogger(ChangePasswodController.class); - + @Autowired private UserInfoService userInfoService; - + @Autowired HistorySystemLogsService systemLog; - + + @Autowired + private PasswordPolicyService passwordPolicyService; + + @RequestMapping(value={"/passwordpolicy"}, produces = {MediaType.APPLICATION_JSON_VALUE}) + public ResponseEntity passwordpolicy(@CurrentUser UserInfo currentUser){ + PasswordPolicy passwordPolicy = passwordPolicyService.get(currentUser.getInstId()); + //构建密码强度说明 + passwordPolicy.buildMessage(); + return new Message(passwordPolicy).buildResponse(); + } + + @ResponseBody @RequestMapping(value = { "/changePassword" }, produces = {MediaType.APPLICATION_JSON_VALUE}) public ResponseEntity changePasswod( @RequestBody ChangePassword changePassword, @CurrentUser UserInfo currentUser) { - - changePassword.setUserId(currentUser.getId()); - changePassword.setUsername(currentUser.getUsername()); - changePassword.setInstId(currentUser.getInstId()); - changePassword.setPasswordSetType(ConstsPasswordSetType.PASSWORD_NORMAL); - if(userInfoService.changePassword(changePassword)) { - systemLog.insert( - ConstsEntryType.USERINFO, - changePassword, - ConstsOperateAction.CHANGE_PASSWORD, - ConstsOperateResult.SUCCESS, - currentUser); - return new Message().buildResponse(); - }else { - return new Message(Message.ERROR).buildResponse(); - } + + changePassword.setUserId(currentUser.getId()); + changePassword.setUsername(currentUser.getUsername()); + changePassword.setInstId(currentUser.getInstId()); + changePassword.setPasswordSetType(ConstsPasswordSetType.PASSWORD_NORMAL); + if(userInfoService.changePassword(changePassword)) { + systemLog.insert( + ConstsEntryType.USERINFO, + changePassword, + ConstsOperateAction.CHANGE_PASSWORD, + ConstsOperateResult.SUCCESS, + currentUser); + return new Message().buildResponse(); + }else { + String message = (String) WebContext.getAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT); + _logger.info("-message:",message); + return new Message(Message.ERROR,message).buildResponse(); + } } } diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java index 136f2b400..b45b74031 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java @@ -24,11 +24,14 @@ import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.configuration.EmailConfig; import org.maxkey.entity.ChangePassword; import org.maxkey.entity.Message; +import org.maxkey.entity.PasswordPolicy; import org.maxkey.entity.UserInfo; import org.maxkey.password.onetimepwd.AbstractOtpAuthn; import org.maxkey.password.onetimepwd.MailOtpAuthnService; import org.maxkey.password.sms.SmsOtpAuthnService; +import org.maxkey.persistence.service.PasswordPolicyService; import org.maxkey.persistence.service.UserInfoService; +import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -78,11 +81,42 @@ public class ForgotPasswordContorller { @Autowired SmsOtpAuthnService smsOtpAuthnService; - - - - - @ResponseBody + + + @Autowired + private PasswordPolicyService passwordPolicyService; + + @RequestMapping(value={"/passwordpolicy"}, produces = {MediaType.APPLICATION_JSON_VALUE}) + public ResponseEntity passwordpolicy(){ + PasswordPolicy passwordPolicy = passwordPolicyService.get(WebContext.getInst().getId()); + //构建密码强度说明 + passwordPolicy.buildMessage(); + return new Message(passwordPolicy).buildResponse(); + } + + + @ResponseBody + @RequestMapping(value = { "/validateCaptcha" }, produces = {MediaType.APPLICATION_JSON_VALUE}) + public ResponseEntity validateCaptcha( + @RequestParam String userId, + @RequestParam String state, + @RequestParam String captcha, + @RequestParam String otpCaptcha) { + _logger.debug("forgotpassword /forgotpassword/validateCaptcha."); + _logger.debug(" userId {}: " ,userId); + UserInfo userInfo = userInfoService.get(userId); + if(userInfo != null) { + AbstractOtpAuthn smsOtpAuthn = smsOtpAuthnService.getByInstId(userInfo.getInstId()); + if (otpCaptcha == null || !smsOtpAuthn.validate(userInfo, otpCaptcha)) { + return new Message(Message.FAIL).buildResponse(); + } + return new Message(Message.SUCCESS).buildResponse(); + } + return new Message(Message.FAIL).buildResponse(); + } + + + @ResponseBody @RequestMapping(value = { "/produceOtp" }, produces = {MediaType.APPLICATION_JSON_VALUE}) public ResponseEntity produceOtp( @RequestParam String mobile,