fix: 用户修改密码增加后端接口校验

ulleo · ulleo · commit 7d4dab603520 · 2023-06-05T11:27:58.000+08:00
diff --git a/framework/sdk/backend/src/main/java/com/fit2cloud/base/service/impl/BaseUserServiceImpl.java b/framework/sdk/backend/src/main/java/com/fit2cloud/base/service/impl/BaseUserServiceImpl.java
@@ -153,10 +153,17 @@ public boolean resetPwd(ResetPwdRequest request, UserDto currentUser) {
         if (!"local".equalsIgnoreCase(user.getSource())) {
             throw new RuntimeException("非云管本地创建的用户无法修改密码");
         }
+        if (StringUtils.equals(request.getOldPassword(), request.getNewPassword())) {
+            throw new RuntimeException("新旧密码相同");
+        }
         if (!MD5Util.md5(request.getOldPassword()).equalsIgnoreCase(user.getPassword())) {
             throw new RuntimeException("旧密码错误");
         }
 
+        if (!request.getNewPassword().matches("^(?!.*\\s)(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*[\\W_]).{8,30}$")) {
+            throw new RuntimeException("有效密码：8-30位，英文大小写字母+数字+特殊字符");
+        }
+
         user.setPassword(MD5Util.md5(request.getNewPassword()));
         user.setUpdateTime(null);
         this.updateById(user);
