From 4162c519b754e0bd29b579f136912a5d6fcd9f07 Mon Sep 17 00:00:00 2001
From: Looly <loolly@aliyun.com>
Date: Fri, 24 Oct 2025 16:00:20 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D`PasswdStrength.check`indexOf?=
 =?UTF-8?q?=E9=80=BB=E8=BE=91=E9=97=AE=E9=A2=98=EF=BC=88pr#4114@Github?=
 =?UTF-8?q?=EF=BC=89=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CHANGELOG.md                                  |  3 +-
 .../cn/hutool/core/text/PasswdStrength.java   | 56 +++++++++----------
 .../hutool/core/text/PasswdStrengthTest.java  |  5 +-
 3 files changed, 33 insertions(+), 31 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5a1a053b7..6447a0162 100755
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,7 +1,7 @@
 
 # 🚀Changelog
 -------------------------------------------------------------------------------------------------------------
-# 5.8.42(2025-10-23)
+# 5.8.42(2025-10-24)
 
 ### 🐣新特性
 * 【core   】      `ListUtil`增加`zip`方法（pr#4052@Github）
@@ -13,6 +13,7 @@
 * 【jwt    】      修复verify方法在定义alg为`none`时验证失效问题（issue#4105@Github）
 * 【extra  】      修复`JschSessionPool.remove`逻辑错误问题。
 * 【db     】      修复`Dialect.psForCount`未传入Wrapper导致大小写问题（issue#ID39G9@Gitee）。
+* 【core   】      修复`PasswdStrength.check`indexOf逻辑问题（pr#4114@Github）。
 
 -------------------------------------------------------------------------------------------------------------
 # 5.8.41(2025-10-12)
diff --git a/hutool-core/src/main/java/cn/hutool/core/text/PasswdStrength.java b/hutool-core/src/main/java/cn/hutool/core/text/PasswdStrength.java
index d0827bc66..14e8a3470 100755
--- a/hutool-core/src/main/java/cn/hutool/core/text/PasswdStrength.java
+++ b/hutool-core/src/main/java/cn/hutool/core/text/PasswdStrength.java
@@ -15,7 +15,7 @@ public class PasswdStrength {
 	 * 密码等级枚举
 	 */
 	public enum PASSWD_LEVEL {
-		EASY, MEDIUM, STRONG, VERY_STRONG, EXTREMELY_STRONG
+		EASY, MIDIUM, STRONG, VERY_STRONG, EXTREMELY_STRONG
 	}
 
 	/**
@@ -29,13 +29,13 @@ public class PasswdStrength {
 	 * 简单密码字典
 	 */
 	private final static String[] DICTIONARY = {"password", "abc123", "iloveyou", "adobe123", "123123", "sunshine",
-			"1314520", "a1b2c3", "123qwe", "aaa111", "qweasd", "admin", "passwd"};
+		"1314520", "a1b2c3", "123qwe", "aaa111", "qweasd", "admin", "passwd"};
 
 	/**
 	 * 数字长度
 	 */
 	private final static int[] SIZE_TABLE = {9, 99, 999, 9999, 99999, 999999, 9999999, 99999999, 999999999,
-			Integer.MAX_VALUE};
+		Integer.MAX_VALUE};
 
 	/**
 	 * 检查密码的健壮性
@@ -65,48 +65,48 @@ public class PasswdStrength {
 		}
 
 		if (len > 4 && countLetter(passwd, CHAR_TYPE.NUM) > 0 && countLetter(passwd, CHAR_TYPE.SMALL_LETTER) > 0
-				|| countLetter(passwd, CHAR_TYPE.NUM) > 0 && countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0
-				|| countLetter(passwd, CHAR_TYPE.NUM) > 0 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0
-				|| countLetter(passwd, CHAR_TYPE.SMALL_LETTER) > 0 && countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0
-				|| countLetter(passwd, CHAR_TYPE.SMALL_LETTER) > 0 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0
-				|| countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0) {
+			|| countLetter(passwd, CHAR_TYPE.NUM) > 0 && countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0
+			|| countLetter(passwd, CHAR_TYPE.NUM) > 0 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0
+			|| countLetter(passwd, CHAR_TYPE.SMALL_LETTER) > 0 && countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0
+			|| countLetter(passwd, CHAR_TYPE.SMALL_LETTER) > 0 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0
+			|| countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0) {
 			level++;
 		}
 
 		if (len > 6 && countLetter(passwd, CHAR_TYPE.NUM) > 0 && countLetter(passwd, CHAR_TYPE.SMALL_LETTER) > 0
-				&& countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0 || countLetter(passwd, CHAR_TYPE.NUM) > 0
-				&& countLetter(passwd, CHAR_TYPE.SMALL_LETTER) > 0 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0
-				|| countLetter(passwd, CHAR_TYPE.NUM) > 0 && countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0
-				&& countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0 || countLetter(passwd, CHAR_TYPE.SMALL_LETTER) > 0
-				&& countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0) {
+			&& countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0 || countLetter(passwd, CHAR_TYPE.NUM) > 0
+			&& countLetter(passwd, CHAR_TYPE.SMALL_LETTER) > 0 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0
+			|| countLetter(passwd, CHAR_TYPE.NUM) > 0 && countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0
+			&& countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0 || countLetter(passwd, CHAR_TYPE.SMALL_LETTER) > 0
+			&& countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0) {
 			level++;
 		}
 
 		if (len > 8 && countLetter(passwd, CHAR_TYPE.NUM) > 0 && countLetter(passwd, CHAR_TYPE.SMALL_LETTER) > 0
-				&& countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0) {
+			&& countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) > 0 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) > 0) {
 			level++;
 		}
 
 		if (len > 6 && countLetter(passwd, CHAR_TYPE.NUM) >= 3 && countLetter(passwd, CHAR_TYPE.SMALL_LETTER) >= 3
-				|| countLetter(passwd, CHAR_TYPE.NUM) >= 3 && countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 3
-				|| countLetter(passwd, CHAR_TYPE.NUM) >= 3 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2
-				|| countLetter(passwd, CHAR_TYPE.SMALL_LETTER) >= 3 && countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 3
-				|| countLetter(passwd, CHAR_TYPE.SMALL_LETTER) >= 3 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2
-				|| countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 3 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2) {
+			|| countLetter(passwd, CHAR_TYPE.NUM) >= 3 && countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 3
+			|| countLetter(passwd, CHAR_TYPE.NUM) >= 3 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2
+			|| countLetter(passwd, CHAR_TYPE.SMALL_LETTER) >= 3 && countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 3
+			|| countLetter(passwd, CHAR_TYPE.SMALL_LETTER) >= 3 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2
+			|| countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 3 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2) {
 			level++;
 		}
 
 		if (len > 8 && countLetter(passwd, CHAR_TYPE.NUM) >= 2 && countLetter(passwd, CHAR_TYPE.SMALL_LETTER) >= 2
-				&& countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 2 || countLetter(passwd, CHAR_TYPE.NUM) >= 2
-				&& countLetter(passwd, CHAR_TYPE.SMALL_LETTER) >= 2 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2
-				|| countLetter(passwd, CHAR_TYPE.NUM) >= 2 && countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 2
-				&& countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2 || countLetter(passwd, CHAR_TYPE.SMALL_LETTER) >= 2
-				&& countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 2 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2) {
+			&& countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 2 || countLetter(passwd, CHAR_TYPE.NUM) >= 2
+			&& countLetter(passwd, CHAR_TYPE.SMALL_LETTER) >= 2 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2
+			|| countLetter(passwd, CHAR_TYPE.NUM) >= 2 && countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 2
+			&& countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2 || countLetter(passwd, CHAR_TYPE.SMALL_LETTER) >= 2
+			&& countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 2 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2) {
 			level++;
 		}
 
 		if (len > 10 && countLetter(passwd, CHAR_TYPE.NUM) >= 2 && countLetter(passwd, CHAR_TYPE.SMALL_LETTER) >= 2
-				&& countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 2 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2) {
+			&& countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) >= 2 && countLetter(passwd, CHAR_TYPE.OTHER_CHAR) >= 2) {
 			level++;
 		}
 
@@ -138,7 +138,7 @@ public class PasswdStrength {
 		}
 
 		if (countLetter(passwd, CHAR_TYPE.NUM) == len || countLetter(passwd, CHAR_TYPE.SMALL_LETTER) == len
-				|| countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) == len) {
+			|| countLetter(passwd, CHAR_TYPE.CAPITAL_LETTER) == len) {
 			level--;
 		}
 
@@ -176,7 +176,7 @@ public class PasswdStrength {
 
 		// 检测密码是否为简单密码字典中的弱密码或包含字典弱密码片段
 		for (String s : DICTIONARY) {
-			if (passwd.equals(s) || passwd.contains(s)) {
+			if (passwd.equals(s) || s.contains(passwd)) {
 				level--;
 				break;
 			}
@@ -220,7 +220,7 @@ public class PasswdStrength {
 			case 4:
 			case 5:
 			case 6:
-				return PASSWD_LEVEL.MEDIUM;
+				return PASSWD_LEVEL.MIDIUM;
 			case 7:
 			case 8:
 			case 9:
diff --git a/hutool-core/src/test/java/cn/hutool/core/text/PasswdStrengthTest.java b/hutool-core/src/test/java/cn/hutool/core/text/PasswdStrengthTest.java
index ce6ad053e..f62a5d1b5 100755
--- a/hutool-core/src/test/java/cn/hutool/core/text/PasswdStrengthTest.java
+++ b/hutool-core/src/test/java/cn/hutool/core/text/PasswdStrengthTest.java
@@ -1,8 +1,9 @@
 package cn.hutool.core.text;
 
-import static org.junit.jupiter.api.Assertions.*;
 import org.junit.jupiter.api.Test;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
 public class PasswdStrengthTest {
 	@Test
 	public void strengthTest(){
@@ -28,7 +29,7 @@ public class PasswdStrengthTest {
 	public void dictionaryWeakPasswordTest() {
 		// 测试包含简单密码字典中的弱密码
 		assertEquals(0, PasswdStrength.check("password"));
-		assertEquals(2, PasswdStrength.check("password2"));
+		assertEquals(3, PasswdStrength.check("password2"));
 	}
 
 	@Test