PASSWORD_POLICY

5828d2fd · MaxKey单点登录官方 · ab0b5959 · 5828d2fd · 5828d2fd · 5828d2fd
3 changed file
--- a/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java
+++ b/maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java
@@ -65,7 +65,10 @@ public class PasswordPolicyValidator {
    
    MessageSource messageSource;
    
+    public static final String PASSWORD_POLICY_VALIDATE_RESULT = "PASSWORD_POLICY_SESSION_VALIDATE_RESULT_KEY";
+    
    private static final String PASSWORD_POLICY_KEY = "PASSWORD_POLICY_KEY";
+    
    private static final String LOCK_USER_UPDATE_STATEMENT = "UPDATE MXK_USERINFO SET ISLOCKED = ?  , UNLOCKTIME = ? WHERE ID = ?";

    private static final String PASSWORD_POLICY_SELECT_STATEMENT = "SELECT * FROM MXK_PASSWORD_POLICY ";
@@ -192,7 +195,7 @@ public class PasswordPolicyValidator {
               passwordPolicyMessage = passwordPolicyMessage + msg + "<br>";
               _logger.debug("Rule Message " + msg);
           }
-           WebContext.setAttribute(PasswordPolicyValidator.class.getName(), passwordPolicyMessage);
+           WebContext.setAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT, passwordPolicyMessage);
           return false;
       }
   }

--- a/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java
+++ b/maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java
@@ -180,30 +180,78 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
 	}
 	
 	
-	public boolean changePassword(UserInfo userInfo) {
+	public boolean changePassword(String oldPassword,
+            String newPassword,
+            String confirmPassword) {
 		try {
+		    WebContext.setAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT, "");
+	        UserInfo userInfo = WebContext.getUserInfo();
+	        UserInfo changeUserInfo = new UserInfo();
+	        changeUserInfo.setUsername(userInfo.getUsername());
+	        changeUserInfo.setPassword(newPassword);
+	        changeUserInfo.setId(userInfo.getId());
+	        changeUserInfo.setDecipherable(userInfo.getDecipherable());
+	        
+	        if(newPassword.equals(confirmPassword)){
+	            if(oldPassword==null || 
+	                    passwordEncoder.matches(oldPassword, changeUserInfo.getPassword())){
+	                if(changePassword(changeUserInfo) ){
+	                    userInfo.setPassword(changeUserInfo.getPassword());
+                        userInfo.setDecipherable(changeUserInfo.getDecipherable());
+	                    return true;
+	                }
+	                return false;	               
+	            }else {
+	                if(oldPassword!=null &&
+	                        passwordEncoder.matches(newPassword, userInfo.getPassword())) {
+	                    WebContext.setAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT, 
+	                            WebContext.getI18nValue("PasswordPolicy.OLD_PASSWORD_MATCH"));
+	                }else {
+	                    WebContext.setAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT, 
+	                        WebContext.getI18nValue("PasswordPolicy.OLD_PASSWORD_NOT_MATCH"));
+	                }
+	            }
+	        }else {
+	            WebContext.setAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT, 
+	                    WebContext.getI18nValue("PasswordPolicy.CONFIRMPASSWORD_NOT_MATCH"));
+	        }
+		 } catch (Exception e) {
+             e.printStackTrace();
+         }    
 		    
-		    if(passwordPolicyValidator.validator(userInfo) == false) {
-		        return false;
-		    }
-		    
-			if(WebContext.getUserInfo() != null) {
-				userInfo.setModifiedBy(WebContext.getUserInfo().getId());
-				
-			}
-			userInfo = passwordEncoder(userInfo);
-			
-			if(getMapper().changePassword(userInfo) > 0){
-			    changePasswordProvisioning(userInfo);
-				return true;
-			}
-			return false;
-		} catch (Exception e) {
-			e.printStackTrace();
-		}
 		return false;
 	}
 	
+    public boolean changePassword(UserInfo changeUserInfo) {
+        try {
+            _logger.debug("decipherable old : " + changeUserInfo.getDecipherable());
+            _logger.debug("decipherable new : " + ReciprocalUtils.encode(PasswordReciprocal.getInstance()
+                    .rawPassword(changeUserInfo.getUsername(), changeUserInfo.getPassword())));
+
+            if (passwordPolicyValidator.validator(changeUserInfo) == false) {
+                return false;
+            }
+
+            if (WebContext.getUserInfo() != null) {
+                changeUserInfo.setModifiedBy(WebContext.getUserInfo().getId());
+
+            }
+
+            changeUserInfo = passwordEncoder(changeUserInfo);
+
+            if (getMapper().changePassword(changeUserInfo) > 0) {
+                changePasswordProvisioning(changeUserInfo);
+                return true;
+            }
+            return false;
+
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+        return false;
+    }
+	
 	public String randomPassword() {
 	    return passwordPolicyValidator.generateRandomPassword();
 	}

--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java
@@ -24,7 +24,6 @@ import org.maxkey.constants.ConstantsOperateMessage;
 import org.maxkey.constants.ConstantsPasswordSetType;
 import org.maxkey.constants.ConstantsTimeInterval;
 import org.maxkey.crypto.ReciprocalUtils;
-import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.persistence.db.PasswordPolicyValidator;
 import org.maxkey.persistence.service.UserInfoService;
@@ -36,7 +35,6 @@ import org.maxkey.web.message.MessageType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -50,10 +48,6 @@ public class SafeController {
 	
 	@Autowired
 	private UserInfoService userInfoService;
-
-	@Autowired
-	private PasswordEncoder passwordEncoder;
-	
 	
 	@ResponseBody
 	@RequestMapping(value="/forward/changePasswod") 
@@ -70,12 +64,12 @@ public class SafeController {
 			@RequestParam("newPassword") String newPassword,
 			@RequestParam("confirmPassword") String confirmPassword) {
 		
-			if(changeUserPassword(oldPassword,newPassword,confirmPassword)) {
+			if(userInfoService.changePassword(oldPassword,newPassword,confirmPassword)) {
 				return  new Message(WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_SUCCESS),MessageType.success);
 			}else {
 				return  new Message(
 				        WebContext.getI18nValue(ConstantsOperateMessage.UPDATE_ERROR)+"<br>"
-				        +WebContext.getAttribute(PasswordPolicyValidator.class.getName()),
+				        +WebContext.getAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT),
 				        MessageType.error);
 			}	
 	}
@@ -88,12 +82,12 @@ public class SafeController {
 			ModelAndView modelAndView=new ModelAndView("passwordExpired");
 	        if(newPassword ==null ||newPassword.equals("")) {
 	            
-	        }else if(changeUserPassword(oldPassword,newPassword,confirmPassword)){
+	        }else if(userInfoService.changePassword(oldPassword,newPassword,confirmPassword)){
 	            WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,ConstantsPasswordSetType.PASSWORD_NORMAL);
 				return WebContext.redirect("/index");
 			}
 	        
-			Object errorMessage=WebContext.getAttribute(PasswordPolicyValidator.class.getName());
+			Object errorMessage=WebContext.getAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT);
 			UserInfo userInfo=WebContext.getUserInfo();
            modelAndView.addObject("model", userInfo);
            modelAndView.addObject("errorMessage", errorMessage==null?"":errorMessage);
@@ -109,56 +103,18 @@ public class SafeController {
 		ModelAndView modelAndView=new ModelAndView("passwordInitial");
        if(newPassword ==null ||newPassword.equals("")) {
            
-        }else if(changeUserPassword(oldPassword,newPassword,confirmPassword)){
+        }else if(userInfoService.changePassword(oldPassword,newPassword,confirmPassword)){
            WebContext.getSession().setAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE,ConstantsPasswordSetType.PASSWORD_NORMAL);
 			return WebContext.redirect("/index");
 		}
 		
-        Object errorMessage=WebContext.getAttribute(PasswordPolicyValidator.class.getName());
+        Object errorMessage=WebContext.getAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT);
        modelAndView.addObject("errorMessage", errorMessage==null?"":errorMessage);
        UserInfo userInfo=WebContext.getUserInfo();
        modelAndView.addObject("model", userInfo);
        return modelAndView;
 	}
 	
-	public boolean changeUserPassword(String oldPassword,
-									String newPassword,
-									String confirmPassword){
-	    WebContext.setAttribute(PasswordPolicyValidator.class.getName(), "");
-		UserInfo userInfo = WebContext.getUserInfo();
-		UserInfo changeUserInfo = new UserInfo();
-		changeUserInfo.setUsername(userInfo.getUsername());
-		changeUserInfo.setPassword(newPassword);
-		changeUserInfo.setId(userInfo.getId());
-		changeUserInfo.setDecipherable(userInfo.getDecipherable());
-		_logger.debug("decipherable old : "+userInfo.getDecipherable());
-		_logger.debug("decipherable new : "+ReciprocalUtils.encode(PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), newPassword)));
-		
-		if(newPassword.equals(confirmPassword)){
-			if(oldPassword==null || 
-					passwordEncoder.matches(oldPassword, userInfo.getPassword())){
-				if(userInfoService.changePassword(changeUserInfo)) {
-				    userInfo.setPassword(changeUserInfo.getPassword());
-				    userInfo.setDecipherable(changeUserInfo.getDecipherable());
-				    return true;
-				}
-			}else {
-			    if(oldPassword!=null &&
-	                    passwordEncoder.matches(newPassword, userInfo.getPassword())) {
-			        WebContext.setAttribute(PasswordPolicyValidator.class.getName(), 
-	                        WebContext.getI18nValue("PasswordPolicy.OLD_PASSWORD_MATCH"));
-			    }else {
-			        WebContext.setAttribute(PasswordPolicyValidator.class.getName(), 
-			            WebContext.getI18nValue("PasswordPolicy.OLD_PASSWORD_NOT_MATCH"));
-			    }
-			}
-		}else {
-		    WebContext.setAttribute(PasswordPolicyValidator.class.getName(), 
-                    WebContext.getI18nValue("PasswordPolicy.CONFIRMPASSWORD_NOT_MATCH"));
-		}
-		return false;
-		
-	}

 	@ResponseBody
 	@RequestMapping(value="/forward/changeAppLoginPasswod")