加强密码

pom.xml

@@ -10,7 +10,7 @@
     </parent>
     <groupId>thyyxxk</groupId>
     <artifactId>web-server</artifactId>
-    <version>12.0.8</version>
+    <version>12.1.0</version>
     <name>web-server</name>
     <description>server for yibao-web</description>
     <properties>

src/main/java/thyyxxk/webserver/config/exception/ExceptionEnum.java

@@ -38,6 +38,7 @@ public enum ExceptionEnum {
     TOKEN_ERROR(3001, "令牌错误，请重新登录！"),
     USER_NOT_EXIST(3002, "用户不存在，请重新登录！"),
     INVALID_PASSWORD(3003, "密码错误，请重新登录！"),
+    LOCK_OUT_THE_USER(3003, "用户锁定！"),
     BAD_REQUEST(3004, "无法转换请求，请用正确的方式访问！"),
     TOKEN_EXPIRED(3005, "令牌已过期，请重新登录！"),
     TEST_ENVIRONMENT(3006, "测试环境已关闭请使用正式环境接口"),

src/main/java/thyyxxk/webserver/controller/settings/SettingsController.java

@@ -1,6 +1,7 @@
 package thyyxxk.webserver.controller.settings;
 
 import com.baomidou.mybatisplus.core.metadata.IPage;
+import lombok.Data;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import thyyxxk.webserver.entity.ResultVo;
@@ -138,8 +139,14 @@ public class SettingsController {
         return service.saveEmployeeInfo(userInfo);
     }
 
+    @Data
+    public static class ResetPassword {
+        private String code;
+        private Integer nextTime;
+    }
+
     @PostMapping("/resetPasswordByCode")
-    public ResultVo<String> resetPasswordByCode(@RequestBody UserInfo userInfo) {
-        return service.resetPasswordByCode(userInfo.getCode());
+    public ResultVo<String> resetPasswordByCode(@RequestBody ResetPassword r) {
+        return service.resetPasswordByCode(r.getCode(), r.getNextTime());
     }
 }

src/main/java/thyyxxk/webserver/dao/his/LoginDao.java

@@ -1,13 +1,11 @@
 package thyyxxk.webserver.dao.his;
 
-import org.apache.ibatis.annotations.Insert;
-import org.apache.ibatis.annotations.Mapper;
-import org.apache.ibatis.annotations.Param;
-import org.apache.ibatis.annotations.Select;
+import org.apache.ibatis.annotations.*;
 import thyyxxk.webserver.entity.dictionary.CodeName;
 import thyyxxk.webserver.entity.login.UserInfo;
 import thyyxxk.webserver.entity.login.VueMenu;
 
+import java.util.Date;
 import java.util.List;
 
 @Mapper
@@ -15,18 +13,18 @@ public interface LoginDao {
     @Select("select a.code, rtrim(b.name) name, a.password, a.code_rs, " +
             "b.dept_code as dept_code," +
             "rtrim(b.yb_code) as yb_code," +
-            "emp_tit_code " +
+            "emp_tit_code, input_err_frequency , next_input_times " +
             "from dj_user_base a " +
             "         left join a_employee_mi b on (a.code = b.code)  " +
             "where a.code_rs=#{codeRs} and a.del_flag=0")
     UserInfo findUserByCodeRsFromDjUserBase(@Param("codeRs") String codeRs);
 
-    @Select("select code, name, code_rs, password='123456',emp_tit_code " +
+    @Select("select code, name, code_rs, password ='e10adc3949ba59abbe56e057f20f883e',emp_tit_code " +
             "from a_employee_mi where code_rs=#{codeRs} and isnull(del_flag,0)!=1")
     UserInfo findUserByCodeRsFromEmployeeMi(@Param("codeRs") String codeRs);
 
     @Insert("insert into dj_user_base (code, code_rs, name, password, del_flag) " +
-            "values (#{code}, #{codeRs}, #{name}, '123456', 0)")
+            "values (#{code}, #{codeRs}, #{name}, 'e10adc3949ba59abbe56e057f20f883e', 0)")
     void insertNewUserToDjUserBase(UserInfo user);
 
     @Select("select code, name, password, code_rs,yb_code = (select yb_code from a_employee_mi where code=#{code}), " +
@@ -100,4 +98,12 @@ public interface LoginDao {
             "  and a.code = b.code " +
             "  and isnull(a.del_flag, '0') = '0'")
     UserInfo getUserInfoByCode(String code);
+
+    @Select("select top 1 input_err_frequency from dj_user_base where code_rs = '${codeRs}'")
+    Integer selectInputErrFrequency(String codeRs);
+
+    @Update("update dj_user_base set  input_err_frequency = ${times} , next_input_times = #{date} where code_rs = '${codeRs}' ")
+    void addInputErrFrequency(String codeRs, Integer times, Date date);
+
+
 }

src/main/java/thyyxxk/webserver/dao/his/settings/SettingsDao.java

@@ -11,6 +11,7 @@ import thyyxxk.webserver.entity.settings.deptphones.DeptPhones;
 import thyyxxk.webserver.entity.settings.permissions.Role;
 import thyyxxk.webserver.entity.settings.users.WorkIntegrationPlatformAdvice;
 
+import java.util.Date;
 import java.util.List;
 
 /**
@@ -221,6 +222,6 @@ public interface SettingsDao {
     void insertPartTimeDept(@Param("code") String code,
                             @Param("list") List<String> list);
 
-    @Update("update dj_user_base set password = '123456' where code = #{code} ")
-    void resetPassword(String code);
+    @Update("update dj_user_base set password = 'e10adc3949ba59abbe56e057f20f883e' , input_err_frequency = 0 ,next_input_times = #{nextDate} where code = #{code} ")
+    void resetPassword(String code, Date nextDate);
 }

src/main/java/thyyxxk/webserver/entity/login/UserInfo.java

@@ -7,6 +7,7 @@ import thyyxxk.webserver.constants.RestrictedDrugLevels;
 import thyyxxk.webserver.constants.Ysjb;
 import thyyxxk.webserver.utils.StringUtil;
 
+import java.util.Date;
 import java.util.List;
 import java.util.Map;
 
@@ -150,6 +151,9 @@ public class UserInfo {
     private String partTimeDeptName;
     private Map<String, String> partTimeDeptMap;
 
+    private Integer inputErrFrequency;
+    private Date nextInputTimes;
+
     /**
      * 当前科室的人可以在会诊完成几天后，可以去到患者的医嘱录入界面
      */

src/main/java/thyyxxk/webserver/service/LoginService.java

@@ -1,5 +1,8 @@
 package thyyxxk.webserver.service;
 
+import cn.hutool.core.date.DateTime;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.dynamic.datasource.annotation.DS;
 import lombok.extern.slf4j.Slf4j;
@@ -15,6 +18,7 @@ import thyyxxk.webserver.service.externalhttp.CorpWxSrvc;
 import thyyxxk.webserver.service.redislike.RedisLikeService;
 import thyyxxk.webserver.utils.*;
 
+import javax.annotation.PostConstruct;
 import java.util.*;
 
 /**
@@ -41,6 +45,7 @@ public class LoginService {
     }
 
     public ResultVo<UserInfo> login(UserInfo userInfo) {
+        Date now = new Date();
         UserInfo tempUserInfo = dao.findUserByCodeRsFromDjUserBase(userInfo.getCodeRs());
         if (null == tempUserInfo) {
             tempUserInfo = dao.findUserByCodeRsFromEmployeeMi(userInfo.getCodeRs());
@@ -49,9 +54,29 @@ public class LoginService {
             }
             dao.insertNewUserToDjUserBase(tempUserInfo);
         }
-        if (!Objects.equals("fromTriageScreen", userInfo.getSid())
-                && !userInfo.getPassword().equals(tempUserInfo.getPassword())) {
-            return ResultVoUtil.fail(ExceptionEnum.INVALID_PASSWORD);
+        // 如果当前时间在 限制时间之前就是锁定
+        if (tempUserInfo.getNextInputTimes() != null && now.toInstant().isBefore(tempUserInfo.getNextInputTimes().toInstant())) {
+            return ResultVoUtil.fail(ExceptionEnum.LOCK_OUT_THE_USER, StrUtil.format("用户已被锁定请：【{}】后重试。", DateUtil.formatDatetime(tempUserInfo.getNextInputTimes())), tempUserInfo);
+        }
+
+        String pwd = SecureUtil.md5(userInfo.getPassword());
+        if (!Objects.equals("fromTriageScreen", userInfo.getSid()) && !pwd.equals(tempUserInfo.getPassword())) {
+            Integer times = dao.selectInputErrFrequency(tempUserInfo.getCodeRs());
+            times = times == null ? 1 : times + 1;
+            userInfo.setNextInputTimes(null);
+            userInfo.setInputErrFrequency(times);
+            // 输入次数大于三次锁定
+            if (times >= 3) {
+                now = DateUtil.offsetMinute(now, 10);
+                userInfo.setNextInputTimes(now);
+                dao.addInputErrFrequency(tempUserInfo.getCodeRs(), times, now);
+                return ResultVoUtil.fail(ExceptionEnum.LOCK_OUT_THE_USER, StrUtil.format("用户已被锁定请：【{}】后重试。", DateUtil.formatDatetime(userInfo.getNextInputTimes())), userInfo);
+            }
+            return ResultVoUtil.fail(ExceptionEnum.INVALID_PASSWORD, userInfo);
+        }
+
+        if (tempUserInfo.getInputErrFrequency() > 0) {
+            dao.addInputErrFrequency(tempUserInfo.getCodeRs(), 0, null);
         }
         String token = TokenUtil.getInstance().createToken(tempUserInfo.getCode());
         try {
@@ -136,4 +161,6 @@ public class LoginService {
         }
         return code + flakeIdSub + tokenSub;
     }
+
+
 }

src/main/java/thyyxxk/webserver/service/settings/SettingsService.java

@@ -1,5 +1,6 @@
 package thyyxxk.webserver.service.settings;
 
+import cn.hutool.crypto.SecureUtil;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
@@ -67,14 +68,18 @@ public class SettingsService {
     public ResultVo<String> changePassword(ChangePwdParam param) {
         String code = TokenUtil.getInstance().getTokenUserId();
         String password = dao.getPassword(code);
-        if (!param.getOldPassword().equals(password)) {
+        String newPwd = SecureUtil.md5(param.getNewPassword());
+        String old = SecureUtil.md5(param.getOldPassword());
+        if (!old.equals(password)) {
             return ResultVoUtil.fail(ExceptionEnum.LOGICAL_ERROR, "旧密码错误，请检查！");
         }
-        if ("".equals(param.getNewPassword().trim())) {
+        if (param.getNewPassword().trim().isEmpty()) {
             return ResultVoUtil.fail(ExceptionEnum.LOGICAL_ERROR, "新密码不能包含空格，请检查！");
         }
-        dao.updatePassword(code, param.getNewPassword());
-        redis.handleUserPwdChanged(code, param.getNewPassword());
+
+
+        dao.updatePassword(code, newPwd);
+        redis.handleUserPwdChanged(code, newPwd);
         return ResultVoUtil.success(ExceptionEnum.SUCCESS_AND_NOTIFICATION, "密码修改成功。");
     }
 
@@ -297,8 +302,8 @@ public class SettingsService {
         return ResultVoUtil.success(ExceptionEnum.SUCCESS_AND_NOTIFICATION);
     }
 
-    public ResultVo<String> resetPasswordByCode(String code) {
-        dao.resetPassword(code);
+    public ResultVo<String> resetPasswordByCode(String code, Integer nextTime) {
+        dao.resetPassword(code, nextTime == 0 ? null : DateUtil.offsetMinute(new Date(), nextTime));
         return ResultVoUtil.fail(ExceptionEnum.SUCCESS_AND_NOTIFICATION);
     }
 

src/main/java/thyyxxk/webserver/utils/DateUtil.java

@@ -17,7 +17,7 @@ import java.util.List;
  * @author dj
  */
 @Slf4j
-public class DateUtil {
+public class DateUtil extends cn.hutool.core.date.DateUtil {
     public static final String DEFAULT_PATTERN = "yyyy-MM-dd HH:mm:ss";
     public static final String DATE = "yyyy-MM-dd";