diff --git a/maxkey-core/src/main/java/org/maxkey/domain/PasswordPolicy.java b/maxkey-core/src/main/java/org/maxkey/domain/PasswordPolicy.java index 6232eb03d..5f13eada9 100644 --- a/maxkey-core/src/main/java/org/maxkey/domain/PasswordPolicy.java +++ b/maxkey-core/src/main/java/org/maxkey/domain/PasswordPolicy.java @@ -121,6 +121,7 @@ public class PasswordPolicy extends JpaBaseDomain implements java.io.Serializabl @Column private int occurances; + private int randomPasswordLength; /** * @return the minLength @@ -328,6 +329,14 @@ public class PasswordPolicy extends JpaBaseDomain implements java.io.Serializabl public void setOccurances(int occurances) { this.occurances = occurances; } + + public int getRandomPasswordLength() { + return randomPasswordLength; + } + + public void setRandomPasswordLength(int randomPasswordLength) { + this.randomPasswordLength = randomPasswordLength; + } public void check(String username, String newPassword, String oldPassword) throws PasswordPolicyException { if ((1 == this.getUsername()) && newPassword.toLowerCase().contains(username.toLowerCase())) { diff --git a/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java b/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java index cc5aba8cb..a5221aa1a 100644 --- a/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java +++ b/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java @@ -25,6 +25,8 @@ import org.passay.CharacterOccurrencesRule; import org.passay.CharacterRule; import org.passay.DictionaryRule; import org.passay.EnglishCharacterData; +import org.passay.EnglishSequenceData; +import org.passay.IllegalSequenceRule; import org.passay.LengthRule; import org.passay.PasswordData; import org.passay.PasswordValidator; @@ -92,6 +94,16 @@ public class PasswordPolicyValidator { _logger.debug("query PasswordPolicy : " + passwordPolicy); passwordPolicyStore.put(PASSWORD_POLICY_KEY,passwordPolicy); + //init Password Policy + passwordPolicy.setRandomPasswordLength( + Math.round( + ( + passwordPolicy.getMaxLength() + + passwordPolicy.getMinLength() + )/2 + ) + ); + passwordPolicyRuleList = new ArrayList(); passwordPolicyRuleList.add(new WhitespaceRule()); passwordPolicyRuleList.add(new LengthRule(passwordPolicy.getMinLength(), passwordPolicy.getMaxLength())); @@ -120,12 +132,23 @@ public class PasswordPolicyValidator { passwordPolicyRuleList.add(new CharacterOccurrencesRule(passwordPolicy.getOccurances())); } + if(passwordPolicy.getAlphabetical()>0) { + passwordPolicyRuleList.add(new IllegalSequenceRule(EnglishSequenceData.Alphabetical, 4, false)); + } + + if(passwordPolicy.getNumerical()>0) { + passwordPolicyRuleList.add(new IllegalSequenceRule(EnglishSequenceData.Numerical, 4, false)); + } + + if(passwordPolicy.getQwerty()>0) { + passwordPolicyRuleList.add(new IllegalSequenceRule(EnglishSequenceData.USQwerty, 4, false)); + } + if(passwordPolicy.getDictionary()>0 ) { try { ClassPathResource dictFile= new ClassPathResource( ConstantsProperties.classPathResource(topWeakPasswordPropertySource)); - Dictionary dictionary =new DictionaryBuilder().addReader(new InputStreamReader(dictFile.getInputStream())).build(); passwordPolicyRuleList.add(new DictionaryRule(dictionary)); }catch(Exception e) { @@ -143,6 +166,7 @@ public class PasswordPolicyValidator { */ public boolean validator(UserInfo userInfo) { + String password = userInfo.getPassword(); String username = userInfo.getUsername(); @@ -159,15 +183,18 @@ public class PasswordPolicyValidator { RuleResult result = validator.validate(new PasswordData(username,password)); if (result.isValid()) { - System.out.println("Password is valid"); - } else { - System.out.println("Invalid password:"); + _logger.debug("Password is valid"); + return true; + } else { + _logger.debug("Invalid password:"); + String passwordPolicyMessage = ""; for (String msg : validator.getMessages(result)) { - System.out.println(msg); + passwordPolicyMessage = passwordPolicyMessage + msg + "
"; + _logger.debug("Rule Message " + msg); } - } - - return true; + WebContext.setAttribute(PasswordPolicyValidator.class.getName(), passwordPolicyMessage); + return false; + } } @@ -329,13 +356,8 @@ public class PasswordPolicyValidator { public String generateRandomPassword() { getPasswordPolicy(); PasswordGen passwordGen = new PasswordGen( - Math.round( - ( - passwordPolicy.getMaxLength() + - passwordPolicy.getMinLength() - )/2 - ) - ); + passwordPolicy.getRandomPasswordLength() + ); return passwordGen.gen( passwordPolicy.getLowerCase(), diff --git a/maxkey-core/src/main/resources/messages/passwordpolicy_message.properties b/maxkey-core/src/main/resources/messages/passwordpolicy_message.properties index 887b1b9c5..4bb35d4c2 100644 --- a/maxkey-core/src/main/resources/messages/passwordpolicy_message.properties +++ b/maxkey-core/src/main/resources/messages/passwordpolicy_message.properties @@ -1,30 +1,33 @@ #password -PasswordPolicy.HISTORY_VIOLATION=\u5BC6\u7801\u5339\u914D\u4E86 {0}\u5386\u53F2\u5BC6\u7801. -PasswordPolicy.ILLEGAL_WORD=\u5BC6\u7801\u5305\u542B\u5728\u5BC6\u7801\u5B57\u5178'{0}'. -PasswordPolicy.ILLEGAL_WORD_REVERSED=\u5BC6\u7801\u5305\u542B\u5728\u5BC6\u7801\u5B57\u5178\u5012\u5E8F'{0}'. -PasswordPolicy.ILLEGAL_DIGEST_WORD=\u5BC6\u7801\u5305\u542B\u5728\u5B57\u5178\u4E2D. -PasswordPolicy.ILLEGAL_DIGEST_WORD_REVERSED=\u5BC6\u7801\u5305\u542B\u5728\u5B57\u5178\u5012\u5E8F\u4E2D. -PasswordPolicy.ILLEGAL_MATCH=\u5BC6\u7801\u5339\u914D\u975E\u6CD5\u89C4\u5219 '{0}'. -PasswordPolicy.ALLOWED_MATCH=\u5BC6\u7801\u5FC5\u987B\u5339\u914D\u89C4\u5219 '{0}'. -PasswordPolicy.ILLEGAL_CHAR=\u5BC6\u7801 {1} \u5305\u542B\u975E\u6CD5\u5B57\u7B26 '{0}'. -PasswordPolicy.ALLOWED_CHAR=\u5BC6\u7801 {1} \u975E\u6CD5\u5B57\u7B26 '{0}'. -PasswordPolicy.ILLEGAL_QWERTY_SEQUENCE=\u5BC6\u7801\u5305\u542B\u952E\u76D8\u5E8F\u5217 '{0}'. -PasswordPolicy.ILLEGAL_ALPHABETICAL_SEQUENCE=\u5BC6\u7801\u5305\u542B\u5B57\u7B26\u5E8F\u5217'{0}'. -PasswordPolicy.ILLEGAL_NUMERICAL_SEQUENCE=\u5BC6\u7801\u5305\u542B\u6570\u5B57\u5E8F\u5217 '{0}'. -PasswordPolicy.ILLEGAL_USERNAME=\u5BC6\u7801\u4E0D\u80FD\u5305\u542B\u767B\u5F55\u540D {0}. -PasswordPolicy.ILLEGAL_USERNAME_REVERSED=\u5BC6\u7801 {1} \u5305\u542B\u767B\u5F55\u540D {0} \u5012\u5E8F. -PasswordPolicy.ILLEGAL_WHITESPACE=\u5BC6\u7801 {1} \u5305\u542B\u7A7A\u683C. -PasswordPolicy.ILLEGAL_NUMBER_RANGE=\u5BC6\u7801 {1} \u6570\u5B57 '{0}'. -PasswordPolicy.ILLEGAL_REPEATED_CHARS=\u5BC6\u7801 {2} \u5E8F\u5217 {0} \u6216\u8005\u591A\u4E2A\u5B57\u7B26, \u4F46 {1} \u8BB8:{3}\u6B21. -PasswordPolicy.INSUFFICIENT_UPPERCASE=\u5BC6\u7801\u81F3\u5C11\u5305\u542B {0} \u4F4D\u5927\u5199\u5B57\u6BCD. -PasswordPolicy.INSUFFICIENT_LOWERCASE=\u5BC6\u7801\u81F3\u5C11\u5305\u542B {0} \u4F4D\u5C0F\u5199\u5B57\u6BCD. -PasswordPolicy.INSUFFICIENT_ALPHABETICAL=\u5BC6\u7801\u4FDD\u62A4\u5B57\u7B26\u5E8F\u5217{0}. -PasswordPolicy.INSUFFICIENT_DIGIT=\u5BC6\u7801\u81F3\u5C11\u5305\u542B {0} \u4F4D\u6570\u5B57\u5B57\u6BCD. -PasswordPolicy.INSUFFICIENT_SPECIAL=\u5BC6\u7801\u81F3\u5C11\u5305\u542B {0} \u4F4D\u7279\u6B8A\u5B57\u6BCD. -PasswordPolicy.INSUFFICIENT_CHARACTERISTICS=\u5BC6\u7801\u5339\u914D {0} of {2}\u5B57\u7B26\u89C4\u5219, \u4F46 {1} \u5FC5\u987B. -PasswordPolicy.INSUFFICIENT_COMPLEXITY=\u5BC6\u7801\u9047\u5230 {1} \u590D\u6742\u89C4\u5219, \u4F46 {2} \u5FC5\u987B. -PasswordPolicy.INSUFFICIENT_COMPLEXITY_RULES=\u6CA1\u6709\u914D\u7F6E\u5BC6\u7801\u957F\u5EA6\u89C4\u5219 {0}. -PasswordPolicy.SOURCE_VIOLATION=\u5BC6\u7801\u4E0D\u80FD\u5305\u542B {0} \u5BC6\u7801. -PasswordPolicy.TOO_LONG=\u5BC6\u7801\u5FC5\u987B\u5C0F\u4E8E {1} \u4F4D\u5B57\u7B26. -PasswordPolicy.TOO_SHORT=\u5BC6\u7801\u81F3\u5C11 {0} \u4F4D\u5B57\u7B26. -PasswordPolicy.TOO_MANY_OCCURRENCES=\u5BC6\u7801\u5305\u542B {2}\u51FA\u73B0 '{0}', \u6700\u591A {3} \u6B21. \ No newline at end of file +PasswordPolicy.HISTORY_VIOLATION=\u5bc6\u7801\u5339\u914d\u4e86{0}\u5386\u53f2\u5bc6\u7801. +PasswordPolicy.ILLEGAL_WORD=\u5bc6\u7801\u5305\u542b\u5728\u5bc6\u7801\u5b57\u5178'{0}'. +PasswordPolicy.ILLEGAL_WORD_REVERSED=\u5bc6\u7801\u5305\u542b\u5728\u5bc6\u7801\u5b57\u5178\u5012\u5e8f'{0}'. +PasswordPolicy.ILLEGAL_DIGEST_WORD=\u5bc6\u7801\u5305\u542b\u5728\u5b57\u5178\u4e2d. +PasswordPolicy.ILLEGAL_DIGEST_WORD_REVERSED=\u5bc6\u7801\u5305\u542b\u5728\u5b57\u5178\u5012\u5e8f\u4e2d. +PasswordPolicy.ILLEGAL_MATCH=\u5bc6\u7801\u5339\u914d\u975e\u6cd5\u89c4\u5219'{0}'. +PasswordPolicy.ALLOWED_MATCH=\u5bc6\u7801\u5fc5\u987b\u5339\u914d\u89c4\u5219'{0}'. +PasswordPolicy.ILLEGAL_CHAR=\u5bc6\u7801{1}\u5305\u542b\u975e\u6cd5\u5b57\u7b26'{0}'. +PasswordPolicy.ALLOWED_CHAR=\u5bc6\u7801{1}\u975e\u6cd5\u5b57\u7b26'{0}'. +PasswordPolicy.ILLEGAL_QWERTY_SEQUENCE=\u5bc6\u7801\u5305\u542b\u952e\u76d8\u5e8f\u5217'{0}'. +PasswordPolicy.ILLEGAL_ALPHABETICAL_SEQUENCE=\u5bc6\u7801\u5305\u542b\u5b57\u7b26\u5e8f\u5217'{0}'. +PasswordPolicy.ILLEGAL_NUMERICAL_SEQUENCE=\u5bc6\u7801\u5305\u542b\u6570\u5b57\u5e8f\u5217'{0}'. +PasswordPolicy.ILLEGAL_USERNAME=\u5bc6\u7801\u4e0d\u80fd\u5305\u542b\u767b\u5f55\u540d{0}. +PasswordPolicy.ILLEGAL_USERNAME_REVERSED=\u5bc6\u7801{1} \u5305\u542b\u767b\u5f55\u540d{0}\u5012\u5e8f. +PasswordPolicy.ILLEGAL_WHITESPACE=\u5bc6\u7801{1}\u5305\u542b\u7a7a\u683c. +PasswordPolicy.ILLEGAL_NUMBER_RANGE=\u5bc6\u7801{1}\u6570\u5b57 '{0}'. +PasswordPolicy.ILLEGAL_REPEATED_CHARS=\u5bc6\u7801{2}\u5e8f\u5217{0}\u6216\u8005\u591a\u4e2a\u5b57\u7b26, \u4f46{1}\u5141\u8bb8:{3}\u6b21. +PasswordPolicy.INSUFFICIENT_UPPERCASE=\u5bc6\u7801\u81f3\u5c11\u5305\u542b{0}\u4f4d\u5927\u5199\u5b57\u6bcd. +PasswordPolicy.INSUFFICIENT_LOWERCASE=\u5bc6\u7801\u81f3\u5c11\u5305\u542b{0}\u4f4d\u5c0f\u5199\u5b57\u6bcd. +PasswordPolicy.INSUFFICIENT_ALPHABETICAL=\u5bc6\u7801\u5305\u542b\u5b57\u7b26\u5e8f\u5217{0}. +PasswordPolicy.INSUFFICIENT_DIGIT=\u5bc6\u7801\u81f3\u5c11\u5305\u542b{0}\u4f4d\u6570\u5b57\u5b57\u6bcd. +PasswordPolicy.INSUFFICIENT_SPECIAL=\u5bc6\u7801\u81f3\u5c11\u5305\u542b{0}\u4f4d\u7279\u6b8a\u5b57\u7b26. +PasswordPolicy.INSUFFICIENT_CHARACTERISTICS=\u5bc6\u7801\u5339\u914d {0} of{2}\u5b57\u7b26\u89c4\u5219, \u4f46{1} \u5fc5\u987b. +PasswordPolicy.INSUFFICIENT_COMPLEXITY=\u5bc6\u7801\u9047\u5230{1}\u590d\u6742\u89c4\u5219, \u4f46{2}\u5fc5\u987b. +PasswordPolicy.INSUFFICIENT_COMPLEXITY_RULES=\u6ca1\u6709\u914d\u7f6e\u5bc6\u7801\u957f\u5ea6\u89c4\u5219 {0}. +PasswordPolicy.SOURCE_VIOLATION=\u5bc6\u7801\u4e0d\u80fd\u5305\u542b{0}\u5bc6\u7801. +PasswordPolicy.TOO_LONG=\u5bc6\u7801\u6700\u591a{1}\u4f4d\u5b57\u7b26. +PasswordPolicy.TOO_SHORT=\u5bc6\u7801\u81f3\u5c11{0}\u4f4d\u5b57\u7b26. +PasswordPolicy.TOO_MANY_OCCURRENCES=\u5bc6\u7801\u5305\u542b{0}\u51fa\u73b0{1}, \u6700\u591a{2} \u6b21. +PasswordPolicy.OLD_PASSWORD_NOT_MATCH=\u539f\u5bc6\u7801\u4e0d\u5339\u914d. +PasswordPolicy.CONFIRMPASSWORD_NOT_MATCH=\u65b0\u5bc6\u7801\u4e0e\u786e\u8ba4\u5bc6\u7801\u4e0d\u4e00\u81f4. +PasswordPolicy.OLD_PASSWORD_MATCH=\u65b0\u5bc6\u7801\u4e0d\u80fd\u4e0e\u65e7\u5bc6\u7801\u4e00\u81f4. \ No newline at end of file diff --git a/maxkey-core/src/main/resources/messages/passwordpolicy_message_en.properties b/maxkey-core/src/main/resources/messages/passwordpolicy_message_en.properties index 156a335cc..0cc9b118c 100644 --- a/maxkey-core/src/main/resources/messages/passwordpolicy_message_en.properties +++ b/maxkey-core/src/main/resources/messages/passwordpolicy_message_en.properties @@ -27,4 +27,7 @@ PasswordPolicy.INSUFFICIENT_COMPLEXITY_RULES=No rules have been configured for a PasswordPolicy.SOURCE_VIOLATION=Password cannot be the same as your {0} password. PasswordPolicy.TOO_LONG=Password must be no more than {1} characters in length. PasswordPolicy.TOO_SHORT=Password must be {0} or more characters in length . -PasswordPolicy.TOO_MANY_OCCURRENCES=Password contains {1} occurrences of the character '{0}', but at most {2} are allowed. \ No newline at end of file +PasswordPolicy.TOO_MANY_OCCURRENCES=Password contains {1} occurrences of the character '{0}', but at most {2} are allowed. +PasswordPolicy.OLD_PASSWORD_NOT_MATCH=old password not match. +PasswordPolicy.CONFIRMPASSWORD_NOT_MATCH=new password not match confirm password. +PasswordPolicy.OLD_PASSWORD_MATCH=new password match old password. \ No newline at end of file diff --git a/maxkey-core/src/main/resources/messages/passwordpolicy_message_zh_CN.properties b/maxkey-core/src/main/resources/messages/passwordpolicy_message_zh_CN.properties index 887b1b9c5..4bb35d4c2 100644 --- a/maxkey-core/src/main/resources/messages/passwordpolicy_message_zh_CN.properties +++ b/maxkey-core/src/main/resources/messages/passwordpolicy_message_zh_CN.properties @@ -1,30 +1,33 @@ #password -PasswordPolicy.HISTORY_VIOLATION=\u5BC6\u7801\u5339\u914D\u4E86 {0}\u5386\u53F2\u5BC6\u7801. -PasswordPolicy.ILLEGAL_WORD=\u5BC6\u7801\u5305\u542B\u5728\u5BC6\u7801\u5B57\u5178'{0}'. -PasswordPolicy.ILLEGAL_WORD_REVERSED=\u5BC6\u7801\u5305\u542B\u5728\u5BC6\u7801\u5B57\u5178\u5012\u5E8F'{0}'. -PasswordPolicy.ILLEGAL_DIGEST_WORD=\u5BC6\u7801\u5305\u542B\u5728\u5B57\u5178\u4E2D. -PasswordPolicy.ILLEGAL_DIGEST_WORD_REVERSED=\u5BC6\u7801\u5305\u542B\u5728\u5B57\u5178\u5012\u5E8F\u4E2D. -PasswordPolicy.ILLEGAL_MATCH=\u5BC6\u7801\u5339\u914D\u975E\u6CD5\u89C4\u5219 '{0}'. -PasswordPolicy.ALLOWED_MATCH=\u5BC6\u7801\u5FC5\u987B\u5339\u914D\u89C4\u5219 '{0}'. -PasswordPolicy.ILLEGAL_CHAR=\u5BC6\u7801 {1} \u5305\u542B\u975E\u6CD5\u5B57\u7B26 '{0}'. -PasswordPolicy.ALLOWED_CHAR=\u5BC6\u7801 {1} \u975E\u6CD5\u5B57\u7B26 '{0}'. -PasswordPolicy.ILLEGAL_QWERTY_SEQUENCE=\u5BC6\u7801\u5305\u542B\u952E\u76D8\u5E8F\u5217 '{0}'. -PasswordPolicy.ILLEGAL_ALPHABETICAL_SEQUENCE=\u5BC6\u7801\u5305\u542B\u5B57\u7B26\u5E8F\u5217'{0}'. -PasswordPolicy.ILLEGAL_NUMERICAL_SEQUENCE=\u5BC6\u7801\u5305\u542B\u6570\u5B57\u5E8F\u5217 '{0}'. -PasswordPolicy.ILLEGAL_USERNAME=\u5BC6\u7801\u4E0D\u80FD\u5305\u542B\u767B\u5F55\u540D {0}. -PasswordPolicy.ILLEGAL_USERNAME_REVERSED=\u5BC6\u7801 {1} \u5305\u542B\u767B\u5F55\u540D {0} \u5012\u5E8F. -PasswordPolicy.ILLEGAL_WHITESPACE=\u5BC6\u7801 {1} \u5305\u542B\u7A7A\u683C. -PasswordPolicy.ILLEGAL_NUMBER_RANGE=\u5BC6\u7801 {1} \u6570\u5B57 '{0}'. -PasswordPolicy.ILLEGAL_REPEATED_CHARS=\u5BC6\u7801 {2} \u5E8F\u5217 {0} \u6216\u8005\u591A\u4E2A\u5B57\u7B26, \u4F46 {1} \u8BB8:{3}\u6B21. -PasswordPolicy.INSUFFICIENT_UPPERCASE=\u5BC6\u7801\u81F3\u5C11\u5305\u542B {0} \u4F4D\u5927\u5199\u5B57\u6BCD. -PasswordPolicy.INSUFFICIENT_LOWERCASE=\u5BC6\u7801\u81F3\u5C11\u5305\u542B {0} \u4F4D\u5C0F\u5199\u5B57\u6BCD. -PasswordPolicy.INSUFFICIENT_ALPHABETICAL=\u5BC6\u7801\u4FDD\u62A4\u5B57\u7B26\u5E8F\u5217{0}. -PasswordPolicy.INSUFFICIENT_DIGIT=\u5BC6\u7801\u81F3\u5C11\u5305\u542B {0} \u4F4D\u6570\u5B57\u5B57\u6BCD. -PasswordPolicy.INSUFFICIENT_SPECIAL=\u5BC6\u7801\u81F3\u5C11\u5305\u542B {0} \u4F4D\u7279\u6B8A\u5B57\u6BCD. -PasswordPolicy.INSUFFICIENT_CHARACTERISTICS=\u5BC6\u7801\u5339\u914D {0} of {2}\u5B57\u7B26\u89C4\u5219, \u4F46 {1} \u5FC5\u987B. -PasswordPolicy.INSUFFICIENT_COMPLEXITY=\u5BC6\u7801\u9047\u5230 {1} \u590D\u6742\u89C4\u5219, \u4F46 {2} \u5FC5\u987B. -PasswordPolicy.INSUFFICIENT_COMPLEXITY_RULES=\u6CA1\u6709\u914D\u7F6E\u5BC6\u7801\u957F\u5EA6\u89C4\u5219 {0}. -PasswordPolicy.SOURCE_VIOLATION=\u5BC6\u7801\u4E0D\u80FD\u5305\u542B {0} \u5BC6\u7801. -PasswordPolicy.TOO_LONG=\u5BC6\u7801\u5FC5\u987B\u5C0F\u4E8E {1} \u4F4D\u5B57\u7B26. -PasswordPolicy.TOO_SHORT=\u5BC6\u7801\u81F3\u5C11 {0} \u4F4D\u5B57\u7B26. -PasswordPolicy.TOO_MANY_OCCURRENCES=\u5BC6\u7801\u5305\u542B {2}\u51FA\u73B0 '{0}', \u6700\u591A {3} \u6B21. \ No newline at end of file +PasswordPolicy.HISTORY_VIOLATION=\u5bc6\u7801\u5339\u914d\u4e86{0}\u5386\u53f2\u5bc6\u7801. +PasswordPolicy.ILLEGAL_WORD=\u5bc6\u7801\u5305\u542b\u5728\u5bc6\u7801\u5b57\u5178'{0}'. +PasswordPolicy.ILLEGAL_WORD_REVERSED=\u5bc6\u7801\u5305\u542b\u5728\u5bc6\u7801\u5b57\u5178\u5012\u5e8f'{0}'. +PasswordPolicy.ILLEGAL_DIGEST_WORD=\u5bc6\u7801\u5305\u542b\u5728\u5b57\u5178\u4e2d. +PasswordPolicy.ILLEGAL_DIGEST_WORD_REVERSED=\u5bc6\u7801\u5305\u542b\u5728\u5b57\u5178\u5012\u5e8f\u4e2d. +PasswordPolicy.ILLEGAL_MATCH=\u5bc6\u7801\u5339\u914d\u975e\u6cd5\u89c4\u5219'{0}'. +PasswordPolicy.ALLOWED_MATCH=\u5bc6\u7801\u5fc5\u987b\u5339\u914d\u89c4\u5219'{0}'. +PasswordPolicy.ILLEGAL_CHAR=\u5bc6\u7801{1}\u5305\u542b\u975e\u6cd5\u5b57\u7b26'{0}'. +PasswordPolicy.ALLOWED_CHAR=\u5bc6\u7801{1}\u975e\u6cd5\u5b57\u7b26'{0}'. +PasswordPolicy.ILLEGAL_QWERTY_SEQUENCE=\u5bc6\u7801\u5305\u542b\u952e\u76d8\u5e8f\u5217'{0}'. +PasswordPolicy.ILLEGAL_ALPHABETICAL_SEQUENCE=\u5bc6\u7801\u5305\u542b\u5b57\u7b26\u5e8f\u5217'{0}'. +PasswordPolicy.ILLEGAL_NUMERICAL_SEQUENCE=\u5bc6\u7801\u5305\u542b\u6570\u5b57\u5e8f\u5217'{0}'. +PasswordPolicy.ILLEGAL_USERNAME=\u5bc6\u7801\u4e0d\u80fd\u5305\u542b\u767b\u5f55\u540d{0}. +PasswordPolicy.ILLEGAL_USERNAME_REVERSED=\u5bc6\u7801{1} \u5305\u542b\u767b\u5f55\u540d{0}\u5012\u5e8f. +PasswordPolicy.ILLEGAL_WHITESPACE=\u5bc6\u7801{1}\u5305\u542b\u7a7a\u683c. +PasswordPolicy.ILLEGAL_NUMBER_RANGE=\u5bc6\u7801{1}\u6570\u5b57 '{0}'. +PasswordPolicy.ILLEGAL_REPEATED_CHARS=\u5bc6\u7801{2}\u5e8f\u5217{0}\u6216\u8005\u591a\u4e2a\u5b57\u7b26, \u4f46{1}\u5141\u8bb8:{3}\u6b21. +PasswordPolicy.INSUFFICIENT_UPPERCASE=\u5bc6\u7801\u81f3\u5c11\u5305\u542b{0}\u4f4d\u5927\u5199\u5b57\u6bcd. +PasswordPolicy.INSUFFICIENT_LOWERCASE=\u5bc6\u7801\u81f3\u5c11\u5305\u542b{0}\u4f4d\u5c0f\u5199\u5b57\u6bcd. +PasswordPolicy.INSUFFICIENT_ALPHABETICAL=\u5bc6\u7801\u5305\u542b\u5b57\u7b26\u5e8f\u5217{0}. +PasswordPolicy.INSUFFICIENT_DIGIT=\u5bc6\u7801\u81f3\u5c11\u5305\u542b{0}\u4f4d\u6570\u5b57\u5b57\u6bcd. +PasswordPolicy.INSUFFICIENT_SPECIAL=\u5bc6\u7801\u81f3\u5c11\u5305\u542b{0}\u4f4d\u7279\u6b8a\u5b57\u7b26. +PasswordPolicy.INSUFFICIENT_CHARACTERISTICS=\u5bc6\u7801\u5339\u914d {0} of{2}\u5b57\u7b26\u89c4\u5219, \u4f46{1} \u5fc5\u987b. +PasswordPolicy.INSUFFICIENT_COMPLEXITY=\u5bc6\u7801\u9047\u5230{1}\u590d\u6742\u89c4\u5219, \u4f46{2}\u5fc5\u987b. +PasswordPolicy.INSUFFICIENT_COMPLEXITY_RULES=\u6ca1\u6709\u914d\u7f6e\u5bc6\u7801\u957f\u5ea6\u89c4\u5219 {0}. +PasswordPolicy.SOURCE_VIOLATION=\u5bc6\u7801\u4e0d\u80fd\u5305\u542b{0}\u5bc6\u7801. +PasswordPolicy.TOO_LONG=\u5bc6\u7801\u6700\u591a{1}\u4f4d\u5b57\u7b26. +PasswordPolicy.TOO_SHORT=\u5bc6\u7801\u81f3\u5c11{0}\u4f4d\u5b57\u7b26. +PasswordPolicy.TOO_MANY_OCCURRENCES=\u5bc6\u7801\u5305\u542b{0}\u51fa\u73b0{1}, \u6700\u591a{2} \u6b21. +PasswordPolicy.OLD_PASSWORD_NOT_MATCH=\u539f\u5bc6\u7801\u4e0d\u5339\u914d. +PasswordPolicy.CONFIRMPASSWORD_NOT_MATCH=\u65b0\u5bc6\u7801\u4e0e\u786e\u8ba4\u5bc6\u7801\u4e0d\u4e00\u81f4. +PasswordPolicy.OLD_PASSWORD_MATCH=\u65b0\u5bc6\u7801\u4e0d\u80fd\u4e0e\u65e7\u5bc6\u7801\u4e00\u81f4. \ No newline at end of file diff --git a/maxkey-core/src/test/java/org/maxkey/crypto/password/PasswordReciprocalTest.java b/maxkey-core/src/test/java/org/maxkey/crypto/password/PasswordReciprocalTest.java index 2bf57ba07..ce456de31 100644 --- a/maxkey-core/src/test/java/org/maxkey/crypto/password/PasswordReciprocalTest.java +++ b/maxkey-core/src/test/java/org/maxkey/crypto/password/PasswordReciprocalTest.java @@ -32,7 +32,7 @@ public class PasswordReciprocalTest { String epass=spe.encode(pass); System.out.println("PasswordEncoder "+epass); - System.out.println(PasswordReciprocal.getInstance().decoder("bb2002b9f55b05d3e0e6f34ec5321051")); + System.out.println(PasswordReciprocal.getInstance().decoder("f1ee1e9b912f05333a06925c99daf9c0")); } } diff --git a/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java b/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java index 75fa3b737..85c046fdf 100644 --- a/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java +++ b/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java @@ -183,7 +183,9 @@ public class UserInfoService extends JpaBaseService { public boolean changePassword(UserInfo userInfo) { try { - passwordPolicyValidator.validator(userInfo); + if(passwordPolicyValidator.validator(userInfo) == false) { + return false; + } if(WebContext.getUserInfo() != null) { userInfo.setModifiedBy(WebContext.getUserInfo().getId()); diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java index b779f692a..54986b7a7 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java @@ -26,6 +26,7 @@ import org.maxkey.constants.ConstantsTimeInterval; import org.maxkey.crypto.ReciprocalUtils; import org.maxkey.crypto.password.PasswordReciprocal; import org.maxkey.domain.UserInfo; +import org.maxkey.persistence.db.PasswordPolicyValidator; import org.maxkey.persistence.service.UserInfoService; import org.maxkey.util.StringUtils; import org.maxkey.web.WebConstants; @@ -72,7 +73,10 @@ public class SafeController { if(changeUserPassword(oldPassword,newPassword,confirmPassword)) { return new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_SUCCESS),MessageType.success); }else { - return new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_ERROR),MessageType.error); + return new Message( + WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_ERROR)+"
" + +WebContext.getAttribute(PasswordPolicyValidator.class.getName()), + MessageType.error); } } @@ -83,17 +87,16 @@ public class SafeController { @RequestParam(value ="confirmPassword",required = false) String confirmPassword) { ModelAndView modelAndView=new ModelAndView("passwordExpired"); if(newPassword ==null ||newPassword.equals("")) { - UserInfo userInfo=WebContext.getUserInfo(); - modelAndView.addObject("model", userInfo); - return modelAndView; + }else if(changeUserPassword(oldPassword,newPassword,confirmPassword)){ WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,ConstantsPasswordSetType.PASSWORD_NORMAL); return WebContext.redirect("/index"); - //modelAndView.setViewName("index"); } - new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_ERROR),MessageType.error); - + Object errorMessage=WebContext.getAttribute(PasswordPolicyValidator.class.getName()); + UserInfo userInfo=WebContext.getUserInfo(); + modelAndView.addObject("model", userInfo); + modelAndView.addObject("errorMessage", errorMessage==null?"":errorMessage); return modelAndView; } @@ -105,33 +108,53 @@ public class SafeController { @RequestParam(value ="confirmPassword",required = false) String confirmPassword) { ModelAndView modelAndView=new ModelAndView("passwordInitial"); if(newPassword ==null ||newPassword.equals("")) { - UserInfo userInfo=WebContext.getUserInfo(); - modelAndView.addObject("model", userInfo); - return modelAndView; + }else if(changeUserPassword(oldPassword,newPassword,confirmPassword)){ WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,ConstantsPasswordSetType.PASSWORD_NORMAL); return WebContext.redirect("/index"); - //modelAndView.setViewName("index"); } - new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_ERROR),MessageType.error); - return modelAndView; + Object errorMessage=WebContext.getAttribute(PasswordPolicyValidator.class.getName()); + modelAndView.addObject("errorMessage", errorMessage==null?"":errorMessage); + UserInfo userInfo=WebContext.getUserInfo(); + modelAndView.addObject("model", userInfo); + return modelAndView; } public boolean changeUserPassword(String oldPassword, String newPassword, String confirmPassword){ - UserInfo userInfo =WebContext.getUserInfo(); + WebContext.setAttribute(PasswordPolicyValidator.class.getName(), ""); + UserInfo userInfo = WebContext.getUserInfo(); + UserInfo changeUserInfo = new UserInfo(); + changeUserInfo.setUsername(userInfo.getUsername()); + changeUserInfo.setPassword(newPassword); + changeUserInfo.setId(userInfo.getId()); + changeUserInfo.setDecipherable(userInfo.getDecipherable()); _logger.debug("decipherable old : "+userInfo.getDecipherable()); _logger.debug("decipherable new : "+ReciprocalUtils.encode(PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), newPassword))); + if(newPassword.equals(confirmPassword)){ if(oldPassword==null || passwordEncoder.matches(oldPassword, userInfo.getPassword())){ - userInfo.setPassword(newPassword); - userInfoService.changePassword(userInfo); - //TODO syncProvisioningService.changePassword(userInfo); - return true; + if(userInfoService.changePassword(changeUserInfo)) { + userInfo.setPassword(changeUserInfo.getPassword()); + userInfo.setDecipherable(changeUserInfo.getDecipherable()); + return true; + } + }else { + if(oldPassword!=null && + passwordEncoder.matches(newPassword, userInfo.getPassword())) { + WebContext.setAttribute(PasswordPolicyValidator.class.getName(), + WebContext.getI18nValue("PasswordPolicy.OLD_PASSWORD_MATCH")); + }else { + WebContext.setAttribute(PasswordPolicyValidator.class.getName(), + WebContext.getI18nValue("PasswordPolicy.OLD_PASSWORD_NOT_MATCH")); + } } + }else { + WebContext.setAttribute(PasswordPolicyValidator.class.getName(), + WebContext.getI18nValue("PasswordPolicy.CONFIRMPASSWORD_NOT_MATCH")); } return false; diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/passwordExpired.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/passwordExpired.ftl index 972cbf5ff..5d4dfe59f 100644 --- a/maxkey-web-maxkey/src/main/resources/templates/views/passwordExpired.ftl +++ b/maxkey-web-maxkey/src/main/resources/templates/views/passwordExpired.ftl @@ -21,7 +21,14 @@ - + + + style="display:none;"> + diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/passwordInitial.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/passwordInitial.ftl index 0e12f26ca..5065b1088 100644 --- a/maxkey-web-maxkey/src/main/resources/templates/views/passwordInitial.ftl +++ b/maxkey-web-maxkey/src/main/resources/templates/views/passwordInitial.ftl @@ -23,6 +23,11 @@ + style="display:none;"> + +
<@locale code="login.password.expired.tip" /> + <@locale code="login.password.expired.tip" /> +
+ ${errorMessage!} +
<@locale code="userinfo.displayName" /> :
<@locale code="login.password.initial.change.tip" />
+ ${errorMessage!} +
<@locale code="userinfo.displayName" /> :