feat: 新增密码策略-密码重复使用规则

continew-admin-system/src/main/java/top/continew/admin/system/mapper/UserPasswordHistoryMapper.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.continew.admin.system.mapper;
+
+import org.apache.ibatis.annotations.Param;
+import top.continew.starter.data.mybatis.plus.base.BaseMapper;
+import top.continew.admin.system.model.entity.UserPasswordHistoryDO;
+
+/**
+ * 用户历史密码 Mapper
+ *
+ * @author Charles7c
+ * @since 2024/5/16 21:58
+ */
+public interface UserPasswordHistoryMapper extends BaseMapper<UserPasswordHistoryDO> {
+
+    /**
+     * 删除过期历史密码
+     *
+     * @param userId 用户 ID
+     * @param count  保留 N 个历史
+     */
+    void deleteExpired(@Param("userId") Long userId, @Param("count") int count);
+}

continew-admin-system/src/main/java/top/continew/admin/system/model/entity/FileDO.java

@@ -17,8 +17,6 @@
 package top.continew.admin.system.model.entity;
 
 import cn.hutool.core.util.StrUtil;
-import com.baomidou.mybatisplus.annotation.IdType;
-import com.baomidou.mybatisplus.annotation.TableId;
 import com.baomidou.mybatisplus.annotation.TableName;
 import lombok.Data;
 import org.dromara.x.file.storage.core.FileInfo;
@@ -43,9 +41,6 @@ public class FileDO extends BaseDO {
     @Serial
     private static final long serialVersionUID = 1L;
 
-    @TableId(type = IdType.ASSIGN_ID)
-    private Long id;
-
     /**
      * 名称
      */

continew-admin-system/src/main/java/top/continew/admin/system/model/entity/UserPasswordHistoryDO.java

@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.continew.admin.system.model.entity;
+
+import com.baomidou.mybatisplus.annotation.*;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.io.Serial;
+import java.io.Serializable;
+import java.time.LocalDateTime;
+
+/**
+ * 用户历史密码实体
+ *
+ * @author Charles7c
+ * @since 2024/5/16 21:58
+ */
+@Data
+@NoArgsConstructor
+@TableName("sys_user_password_history")
+public class UserPasswordHistoryDO implements Serializable {
+
+    @Serial
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * ID
+     */
+    @TableId(type = IdType.ASSIGN_ID)
+    private Long id;
+
+    /**
+     * 用户 ID
+     */
+    private Long userId;
+
+    /**
+     * 密码
+     */
+    private String password;
+
+    /**
+     * 创建时间
+     */
+    @TableField(fill = FieldFill.INSERT)
+    private LocalDateTime createTime;
+
+    public UserPasswordHistoryDO(Long userId, String password) {
+        this.userId = userId;
+        this.password = password;
+    }
+}

continew-admin-system/src/main/java/top/continew/admin/system/service/RoleDeptService.java

@@ -31,7 +31,7 @@ public interface RoleDeptService {
      *
      * @param deptIds 部门 ID 列表
      * @param roleId  角色 ID
-     * @return true：成功；false：无变更/失败
+     * @return 是否新增成功（true：成功；false：无变更/失败）
      */
     boolean add(List<Long> deptIds, Long roleId);
 

continew-admin-system/src/main/java/top/continew/admin/system/service/RoleMenuService.java

@@ -31,7 +31,7 @@ public interface RoleMenuService {
      *
      * @param menuIds 菜单 ID 列表
      * @param roleId  角色 ID
-     * @return true：成功；false：无变更/失败
+     * @return 是否新增成功（true：成功；false：无变更/失败）
      */
     boolean add(List<Long> menuIds, Long roleId);
 

continew-admin-system/src/main/java/top/continew/admin/system/service/UserPasswordHistoryService.java

@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.continew.admin.system.service;
+
+/**
+ * 用户历史密码业务接口
+ *
+ * @author Charles7c
+ * @since 2024/5/16 21:58
+ */
+public interface UserPasswordHistoryService {
+
+    /**
+     * 新增
+     *
+     * @param userId   用户 ID
+     * @param password 密码
+     * @param count    保留 N 个历史
+     */
+    void add(Long userId, String password, int count);
+
+    /**
+     * 密码是否为重复使用
+     *
+     * @param userId   用户 ID
+     * @param password 密码
+     * @param count    最近 N 次
+     * @return 是否为重复使用
+     */
+    boolean isPasswordReused(Long userId, String password, int count);
+}

continew-admin-system/src/main/java/top/continew/admin/system/service/UserRoleService.java

@@ -31,7 +31,7 @@ public interface UserRoleService {
      *
      * @param roleIds 角色 ID 列表
      * @param userId  用户 ID
-     * @return true：成功；false：无变更/失败
+     * @return 是否新增成功（true：成功；false：无变更/失败）
      */
     boolean add(List<Long> roleIds, Long userId);
 
@@ -54,7 +54,7 @@ public interface UserRoleService {
      * 根据角色 ID 判断是否已被用户关联
      *
      * @param roleIds 角色 ID 列表
-     * @return true：已关联；false：未关联
+     * @return 是否已关联（true：已关联；false：未关联）
      */
     boolean isRoleIdExists(List<Long> roleIds);
 }

continew-admin-system/src/main/java/top/continew/admin/system/service/UserService.java

@@ -145,5 +145,5 @@ public interface UserService extends BaseService<UserResp, UserDetailResp, UserQ
      * @param pwdResetTime 上次重置密码时间
      * @return 是否过期
      */
-    Boolean isPasswordExpired(LocalDateTime pwdResetTime);
+    boolean isPasswordExpired(LocalDateTime pwdResetTime);
 }

continew-admin-system/src/main/java/top/continew/admin/system/service/impl/UserPasswordHistoryServiceImpl.java

@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package top.continew.admin.system.service.impl;
+
+import cn.hutool.core.collection.CollUtil;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import top.continew.admin.system.mapper.UserPasswordHistoryMapper;
+import top.continew.admin.system.model.entity.UserPasswordHistoryDO;
+import top.continew.admin.system.service.UserPasswordHistoryService;
+
+import java.util.List;
+
+/**
+ * 用户历史密码业务实现
+ *
+ * @author Charles7c
+ * @since 2024/5/16 21:58
+ */
+@Service
+@RequiredArgsConstructor
+public class UserPasswordHistoryServiceImpl implements UserPasswordHistoryService {
+
+    private final UserPasswordHistoryMapper baseMapper;
+    private final PasswordEncoder passwordEncoder;
+
+    @Override
+    @Transactional(rollbackFor = Exception.class)
+    public void add(Long userId, String password, int count) {
+        baseMapper.insert(new UserPasswordHistoryDO(userId, password));
+        // 删除过期历史密码
+        baseMapper.deleteExpired(userId, count);
+    }
+
+    @Override
+    public boolean isPasswordReused(Long userId, String password, int count) {
+        // 查询近 N 个历史密码
+        List<UserPasswordHistoryDO> list = baseMapper.lambdaQuery()
+            .select(UserPasswordHistoryDO::getPassword)
+            .eq(UserPasswordHistoryDO::getUserId, userId)
+            .orderByDesc(UserPasswordHistoryDO::getCreateTime)
+            .last("LIMIT %s".formatted(count))
+            .list();
+        if (CollUtil.isEmpty(list)) {
+            return false;
+        }
+        // 校验是否重复使用历史密码
+        List<String> passwordList = list.stream().map(UserPasswordHistoryDO::getPassword).toList();
+        return passwordList.stream().anyMatch(p -> passwordEncoder.matches(password, p));
+    }
+}

continew-admin-system/src/main/java/top/continew/admin/system/service/impl/UserServiceImpl.java

@@ -88,6 +88,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
     private final FileStorageService fileStorageService;
     private final PasswordEncoder passwordEncoder;
     private final OptionService optionService;
+    private final UserPasswordHistoryService userPasswordHistoryService;
     @Resource
     private DeptService deptService;
     @Value("${avatar.support-suffix}")
@@ -192,6 +193,7 @@ public void updateBasicInfo(UserBasicInfoUpdateReq req, Long id) {
     }
 
     @Override
+    @Transactional(rollbackFor = Exception.class)
     public void updatePassword(String oldPassword, String newPassword, Long id) {
         CheckUtils.throwIfEqual(newPassword, oldPassword, "新密码不能与当前密码相同");
         UserDO user = super.getById(id);
@@ -200,16 +202,17 @@ public void updatePassword(String oldPassword, String newPassword, Long id) {
             CheckUtils.throwIf(!passwordEncoder.matches(oldPassword, password), "当前密码错误");
         }
         // 校验密码合法性
-        this.checkPassword(newPassword, user);
+        int passwordReusePolicy = this.checkPassword(newPassword, user);
         // 更新密码和密码重置时间
         user.setPassword(newPassword);
         user.setPwdResetTime(LocalDateTime.now());
         baseMapper.updateById(user);
-        onlineUserService.cleanByUserId(user.getId());
+        // 保存历史密码
+        userPasswordHistoryService.add(id, password, passwordReusePolicy);
     }
 
     @Override
-    public Boolean isPasswordExpired(LocalDateTime pwdResetTime) {
+    public boolean isPasswordExpired(LocalDateTime pwdResetTime) {
         // 永久有效
         int passwordExpirationDays = optionService.getValueByCode2Int(PASSWORD_EXPIRATION_DAYS.name());
         if (passwordExpirationDays <= SysConstants.NO) {
@@ -343,7 +346,7 @@ protected void afterAdd(UserReq req, UserDO user) {
      * @param password 密码
      * @param user     用户信息
      */
-    private void checkPassword(String password, UserDO user) {
+    private int checkPassword(String password, UserDO user) {
         // 密码最小长度
         int passwordMinLength = optionService.getValueByCode2Int(PASSWORD_MIN_LENGTH.name());
         ValidationUtils.throwIf(StrUtil.length(password) < passwordMinLength, PASSWORD_MIN_LENGTH.getDescription()
@@ -362,6 +365,12 @@ private void checkPassword(String password, UserDO user) {
         int passwordContainSpecialChar = optionService.getValueByCode2Int(PASSWORD_CONTAIN_SPECIAL_CHARACTERS.name());
         ValidationUtils.throwIf(passwordContainSpecialChar == SysConstants.YES && !ReUtil
             .isMatch(RegexConstants.SPECIAL_CHARACTER, password), PASSWORD_CONTAIN_SPECIAL_CHARACTERS.getDescription());
+        // 密码重复使用规则
+        int passwordReusePolicy = optionService.getValueByCode2Int(PASSWORD_REUSE_POLICY.name());
+        ValidationUtils.throwIf(userPasswordHistoryService.isPasswordReused(user
+            .getId(), password, passwordReusePolicy), PASSWORD_REUSE_POLICY.getDescription()
+                .formatted(passwordReusePolicy));
+        return passwordReusePolicy;
     }
 
     /**

continew-admin-system/src/main/resources/mapper/UserPasswordHistoryMapper.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+<mapper namespace="top.continew.admin.system.mapper.UserPasswordHistoryMapper">
+    <delete id="deleteExpired">
+        DELETE FROM sys_user_password_history
+        WHERE id NOT IN (
+            SELECT * FROM (
+                SELECT id
+                FROM sys_user_password_history
+                WHERE user_id = #{userId}
+                ORDER BY create_time DESC
+                LIMIT #{count}
+            ) t1
+        )
+    </delete>
+</mapper>

continew-admin-webapi/src/main/resources/db/changelog/mysql/continew-admin_data.sql

@@ -121,7 +121,7 @@ VALUES
 ('密码有效期（天）', 'PASSWORD_EXPIRATION_DAYS', NULL, '0', '取值范围为 0-999（0 表示永久有效）。', NULL, NULL),
 ('密码重复使用规则', 'PASSWORD_REUSE_POLICY', NULL, '5', '不允许使用最近 N 次密码，取值范围为 3-32。', NULL, NULL),
 ('密码最小长度', 'PASSWORD_MIN_LENGTH', NULL, '8', '取值范围为 8-32。', NULL, NULL),
-('密码是否允许包含正反序账号名', 'PASSWORD_ALLOW_CONTAIN_USERNAME', NULL, '0', '', NULL, NULL),
+('密码是否允许包含正反序账号名', 'PASSWORD_ALLOW_CONTAIN_USERNAME', NULL, '1', '', NULL, NULL),
 ('密码是否必须包含特殊字符', 'PASSWORD_CONTAIN_SPECIAL_CHARACTERS', NULL, '0', '', NULL, NULL);
 
 -- 初始化默认字典

continew-admin-webapi/src/main/resources/db/changelog/mysql/continew-admin_table.sql

@@ -95,6 +95,15 @@ CREATE TABLE IF NOT EXISTS `sys_user` (
     INDEX `idx_update_user`(`update_user`) USING BTREE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户表';
 
+CREATE TABLE IF NOT EXISTS `sys_user_password_history` (
+    `id`          bigint(20)   NOT NULL COMMENT 'ID',
+    `user_id`     bigint(20)   NOT NULL COMMENT '用户ID',
+    `password`    varchar(255) NOT NULL COMMENT '密码',
+    `create_time` datetime     NOT NULL COMMENT '创建时间',
+    PRIMARY KEY (`id`) USING BTREE,
+    INDEX `idx_user_id`(`user_id`) USING BTREE
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户历史密码表';
+
 CREATE TABLE IF NOT EXISTS `sys_user_social` (
     `source`          varchar(255) NOT NULL     COMMENT '来源',
     `open_id`         varchar(255) NOT NULL     COMMENT '开放ID',

continew-admin-webapi/src/main/resources/db/changelog/postgresql/continew-admin_data.sql

@@ -121,7 +121,7 @@ VALUES
 ('密码有效期（天）', 'PASSWORD_EXPIRATION_DAYS', NULL, '0', '取值范围为 0-999（0 表示永久有效）。', NULL, NULL),
 ('密码重复使用规则', 'PASSWORD_REUSE_POLICY', NULL, '5', '不允许使用最近 N 次密码，取值范围为 3-32。', NULL, NULL),
 ('密码最小长度', 'PASSWORD_MIN_LENGTH', NULL, '8', '取值范围为 8-32。', NULL, NULL),
-('密码是否允许包含正反序账号名', 'PASSWORD_ALLOW_CONTAIN_USERNAME', NULL, '0', '', NULL, NULL),
+('密码是否允许包含正反序账号名', 'PASSWORD_ALLOW_CONTAIN_USERNAME', NULL, '1', '', NULL, NULL),
 ('密码是否必须包含特殊字符', 'PASSWORD_CONTAIN_SPECIAL_CHARACTERS', NULL, '0', '', NULL, NULL);
 
 -- 初始化默认字典