From b4111e1ced421c158911d6c11cdaf0c63b5dd3bc Mon Sep 17 00:00:00 2001
From: 田源 <lastanimals@163.com>
Date: 星期二, 28 三月 2023 18:28:32 +0800
Subject: [PATCH] 完善密码策略
---
Source/BladeX/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java | 57 ++++++++++++++++++++++++++++++---------------------------
1 files changed, 30 insertions(+), 27 deletions(-)
diff --git a/Source/BladeX/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java b/Source/BladeX/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java
index f1d2fdf..3efc4ed 100644
--- a/Source/BladeX/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java
+++ b/Source/BladeX/blade-auth/src/main/java/org/springblade/auth/service/BladeUserDetailsServiceImpl.java
@@ -18,7 +18,8 @@
import com.alibaba.nacos.common.utils.StringUtils;
import io.jsonwebtoken.Claims;
-import lombok.*;
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
import me.zhyd.oauth.log.Log;
import org.springblade.auth.constant.AuthConstant;
import org.springblade.auth.utils.TokenUtil;
@@ -30,17 +31,16 @@
import org.springblade.core.tool.support.Kv;
import org.springblade.core.tool.utils.*;
import org.springblade.system.cache.ParamCache;
+import org.springblade.system.entity.Strategy;
import org.springblade.system.entity.Tenant;
import org.springblade.system.feign.ISysClient;
import org.springblade.system.user.entity.User;
import org.springblade.system.user.entity.UserInfo;
import org.springblade.system.user.enums.UserEnum;
import org.springblade.system.user.feign.IUserClient;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.core.authority.GrantedAuthoritiesContainer;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -50,11 +50,7 @@
import javax.servlet.http.HttpServletRequest;
import java.time.Duration;
import java.util.ArrayList;
-import java.util.LinkedHashMap;
import java.util.List;
-import java.util.NoSuchElementException;
-import java.util.function.Predicate;
-import java.util.stream.Stream;
/**
* 鐢ㄦ埛淇℃伅
@@ -82,6 +78,7 @@
private final JwtProperties jwtProperties;
+
/**
* 瓒呯骇绠$悊鍛樹俊鎭�
*/
@@ -91,10 +88,12 @@
private String userName;
@Value("${user-info.passwrod}")
private String password;
- @Value("#{'${user-info.ip}'.split(',')}")
- private List<String> ips;
@Value("${user-info.id}")
private String id;
+ @Value("${ip-whitelist.ip-enable}")
+ private Boolean ipEnable;
+ @Value("#{'${ip-whitelist.ip}'.split(',')}")
+ private List<String> ips;
@Override
@SneakyThrows
@@ -119,24 +118,31 @@
// 鎸囧畾绉熸埛ID
String tenantId = StringUtils.isBlank(headerTenant) ? paramTenant : headerTenant;
+
+ Log.debug("褰撳墠鐧诲綍鐢ㄦ埛鐨勭鎴稩d涓猴細"+tenantId+"褰撳墠鐧诲綍鐢ㄦ埛鍚嶄负锛�"+username);
+ Strategy strategy = sysClient.getByTenantIdAndName(tenantId, username).getData();
+
// 鍒ゆ柇鐧诲綍鏄惁閿佸畾
int count = getFailCount(tenantId, username);
- int failCount = Func.toInt(ParamCache.getValue(FAIL_COUNT_VALUE), FAIL_COUNT);
+ int failCount = Func.toInt(ParamCache.getValue(FAIL_COUNT_VALUE), Func.toInt(strategy.getLockingNum()));
+
if (count >= failCount) {
throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_TOO_MANY_FAILS);
}
//瓒呯骇绠$悊鍛橀厤缃枃浠堕厤缃处鍙峰瘑鐮侊紝瀹炵幇鐧诲綍, 榛樿绉熸埛id涓�000000
if(tenantId.equals(this.tenantId)){
if (!this.userName.equals(username) && !password.equalsIgnoreCase(this.password)) {
- setFailCount(tenantId, username, count);
+ setFailCount(tenantId, username, count,strategy.getLockingTime());
throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND);
}
- Log.debug(getIpAddress(request));
//濡傛灉ip姣斿鍚巊et鎶涘嚭寮傚父No value present灏辩洿鎺ユ姏寮傚父缁撴潫鐧诲綍
- try {
- ips.stream().filter(s -> s.equals(getIpAddress(request))).findFirst().get();
- } catch (Exception e){
- throw new UserDeniedAuthorizationException(TokenUtil.IP_NOT_FOND);
+ if(ipEnable){
+ Log.debug("褰撳墠璁块棶IP锛�"+getIpAddress(request));
+ try {
+ ips.stream().filter(s -> s.equals(getIpAddress(request))).findFirst().get();
+ } catch (Exception e){
+ throw new UserDeniedAuthorizationException(TokenUtil.IP_NOT_FOND);
+ }
}
ArrayList<GrantedAuthority> authorities = new ArrayList<>();
@@ -181,12 +187,13 @@
User user = userInfo.getUser();
// 鐢ㄦ埛涓嶅瓨鍦�,浣嗘彁绀虹敤鎴峰悕涓庡瘑鐮侀敊璇苟閿佸畾璐﹀彿
if (user == null || user.getId() == null) {
- setFailCount(tenantId, username, count);
+ setFailCount(tenantId, username, count,strategy.getLockingTime());
throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND);
}
+ String hex = DigestUtil.hex(password);
// 鐢ㄦ埛瀛樺湪浣嗗瘑鐮侀敊璇�,瓒呰繃娆℃暟鍒欓攣瀹氳处鍙�
- if (grantType != null && !grantType.equals(TokenUtil.REFRESH_TOKEN_KEY) && !user.getPassword().equals(DigestUtil.hex(password))) {
- setFailCount(tenantId, username, count);
+ if (grantType != null && !grantType.equals(TokenUtil.REFRESH_TOKEN_KEY) && !user.getPassword().equals(hex)) {
+ setFailCount(tenantId, username, count,strategy.getLockingTime());
throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND);
}
// 鐢ㄦ埛瑙掕壊涓嶅瓨鍦�
@@ -211,7 +218,7 @@
BladeUserDetails bladeUserDetails = new BladeUserDetails(user.getId(),
user.getTenantId(), StringPool.EMPTY, user.getName(), user.getRealName(), user.getDeptId(), user.getPostId(), user.getRoleId(), Func.join(userInfo.getRoles()), Func.toStr(user.getAvatar(), TokenUtil.DEFAULT_AVATAR),
username, AuthConstant.ENCRYPT + user.getPassword(), userInfo.getDetail(), true, true, true, true,
- AuthorityUtils.commaSeparatedStringToAuthorityList(Func.join(result.getData().getRoles())));
+ AuthorityUtils.commaSeparatedStringToAuthorityList(Func.join(result.getData().getRoles())),user.getStrategyUpdateStatus());
return bladeUserDetails;
} else {
throw new UsernameNotFoundException(result.getMsg());
@@ -229,11 +236,7 @@
String ip = request.getHeader("x-forwarded-for");
if (ip != null && ip.length() != 0 && !"unknown".equalsIgnoreCase(ip)) {
// 澶氭鍙嶅悜浠g悊鍚庝細鏈夊涓猧p鍊硷紝绗竴涓猧p鎵嶆槸鐪熷疄ip
- if( ip.indexOf(",")!=-1 && !ip.split(",")[0].equals("127.0.0.1")){
- ip = ip.split(",")[0];
- }else {
- ip = ip.split(",")[1];
- }
+ ip = ip.split(",")[0];
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
@@ -284,8 +287,8 @@
* @param username 璐﹀彿
* @param count 娆℃暟
*/
- private void setFailCount(String tenantId, String username, int count) {
- bladeRedis.setEx(CacheNames.tenantKey(tenantId, CacheNames.USER_FAIL_KEY, username), count + 1, Duration.ofMinutes(30));
+ private void setFailCount(String tenantId, String username, int count, Long expir) {
+ bladeRedis.setEx(CacheNames.tenantKey(tenantId, CacheNames.USER_FAIL_KEY, username), count + 1, Duration.ofMinutes(expir));
}
/**
--
Gitblit v1.9.3