/// <summary>
/// 密码复杂度验证
/// </summary>
/// <param name="pwd"></param>
/// <returns></returns>
private bool RandomBoolPwd(string pwd)
{
string result = "";
//进行密码复杂度的校验
var pwdRule = OperateSection.GetPwdRuleSection();
if (pwdRule.IsValidatecComplex)//是否启用复杂度校验
{
var complexList = OperateSection.GetPwdComplexSetList();
if (complexList != null && complexList.Count > 0)
{
foreach (var complex in complexList)
{
if (Regex.IsMatch(pwd, complex.Regular))
{
result += complex.ErrorMsg + "\r\n";
}
}
}
}
if (!string.IsNullOrEmpty(result) && result.Length > 0)
{
//密码复杂度不通过验证
return(false);
}
else
{
return(true);
}
}
/// <summary>
/// 重置密码功能
/// </summary>
/// <param name="id">用户ID</param>
public string ResetPwd(int id)
{
try
{
using (CurrentUnitOfWork.DisableFilter(AbpDataFilters.SoftDelete))
{
var user = GetUser(id);
if (user != null)
{
//判断是否启用随机密码
//获取配置节点信息
var userSe = OperateSection.GetPwdRuleSection();
if (userSe.IsRandomPwd)
{
//密码复杂度验证
if (userSe.IsValidatecComplex)
{
//重置密码,返回通过验证随机密码
var pwdNow = RandomPasswords();//生成通过验证随机密码
user.Password = new PasswordHasher().HashPassword(pwdNow);
user.ModifyPwd = 0;
_userManager.UpdateAsync(user);
//throw new UserFriendlyException(pwdNow);
return(pwdNow);
}
else
{
//重置密码,返回随机密码
var pwdNow = RandomPassword();//生成随机密码
user.Password = new PasswordHasher().HashPassword(pwdNow);
user.ModifyPwd = 0;
_userManager.UpdateAsync(user);
//throw new UserFriendlyException(pwdNow);
return(pwdNow);
//abp.message.info("重置密码成功!新密码:"+pwdNow, "提示");
}
}
else
{
//重置密码,返回默认密码
var pwdNow = userSe.DefualtPwd;//获取默认密码
user.Password = new PasswordHasher().HashPassword(pwdNow);
user.ModifyPwd = 0;
_userManager.UpdateAsync(user);
//throw new UserFriendlyException(pwdNow);
return(pwdNow);
}
}
else
{
throw new UserFriendlyException("查询出错,用户不存在!");
}
}
}
catch (Exception e)
{
throw new UserFriendlyException(e.Message);
}
}
/// <summary>
/// 验证密码复杂度(不能为默认密码)和密码修改周期
/// </summary>
/// <param name="loginModel"></param>
/// <param name="loginResult"></param>
private void ValidateCycleAndComplex(LoginViewModel loginModel, AbpLoginResult <Tenant, User> loginResult)
{
//进行密码复杂度的校验
var pwdRule = OperateSection.GetPwdRuleSection();
if (pwdRule.IsValidatecComplex)//是否启用复杂度校验
{
var complexList = OperateSection.GetPwdComplexSetList();
if (complexList != null && complexList.Count > 0)
{
foreach (var complex in complexList)
{
if (Regex.IsMatch(loginModel.Password, complex.Regular))
{
throw new Exception("密码复杂度不够:" + complex.ErrorMsg + "。即将跳入密码修改页面...");
}
}
}
if (pwdRule.DefualtPwd == loginModel.Password)
{
throw new Exception("不能为系统默认密码。即将跳入密码修改页面...");
}
}
//密码周期性验证
if (pwdRule.IsCycle)//启用了周期性验证
{
var dd = _userPwdAppService.GetAllPwdLog(loginResult.User.Id);
var lastPwdLog = _userPwdAppService.GetLastPwdLog(loginResult.User.Id);
if (lastPwdLog != null)
{
if (!string.IsNullOrEmpty(pwdRule.CycleTime) && Convert.ToInt32(pwdRule.CycleTime) < DateTime.Now.Subtract(lastPwdLog.CreationTime).Duration().Days)
{
throw new Exception("当前密码累计使用已超过【" + pwdRule.CycleTime + "】天,请修改密码。即将跳入密码修改页面...");
}
}
}
}
private String ValidateComplex(string pwd)
{
string result = "";
//进行密码复杂度的校验
var pwdRule = OperateSection.GetPwdRuleSection();
if (pwdRule.IsValidatecComplex)//是否启用复杂度校验
{
var complexList = OperateSection.GetPwdComplexSetList();
if (complexList != null && complexList.Count > 0)
{
foreach (var complex in complexList)
{
if (Regex.IsMatch(pwd, complex.Regular))
{
result += complex.ErrorMsg + "\r\n";
}
}
}
}
return(result);
}
/// <summary>
/// cs于2017.11.22上午进行了修改
/// 验证登录信息,返回对应登录结果数据
/// </summary>
/// <param name="usernameOrEmailAddress"></param>
/// <param name="password"></param>
/// <param name="tenancyName"></param>
/// <returns></returns>
private async Task <AbpLoginResult <Tenant, User> > GetLoginResultAsync(string usernameOrEmailAddress, string password, string tenancyName)
{
var loginResult = await _logInManager.LoginAsync(usernameOrEmailAddress, password, tenancyName);
var pwdRule = OperateSection.GetPwdRuleSection();
switch (loginResult.Result)
{
case AbpLoginResultType.Success:
if (pwdRule.IsTrialError) //若启用了试错,则重置错误信息
{
if (!string.IsNullOrEmpty(pwdRule.TrialErrorCount) && loginResult.User.LoginFailCount > Convert.ToInt32(pwdRule.TrialErrorCount.Trim()))
{
throw new Exception("登录失败:当前用户(" + usernameOrEmailAddress + ")已被锁定!");
}
else
{
//var user = loginResult.User;
//user.LoginFailCount = 0;
//user.LockedReason = "";
//user.IsActive = true;
//_userManager.Update(user);
DbHelper.Execute("UPDATE ABP_USERS SET LOGIN_FAIL_COUNT=0,LOCKED_REASON='',IS_ACTIVE=1 WHERE ID=" + loginResult.User.Id);
}
}
return(loginResult);
case AbpLoginResultType.InvalidPassword: //当密码错误时
//先验证是否启用了试错
if (pwdRule.IsTrialError) //启用了试错
{
if (!string.IsNullOrEmpty(pwdRule.TrialErrorCount) && loginResult.User.LoginFailCount > Convert.ToInt32(pwdRule.TrialErrorCount.Trim()))
{
throw new Exception("登录失败:当前用户(" + usernameOrEmailAddress + ")已被锁定!");
}
else if (!string.IsNullOrEmpty(pwdRule.TrialErrorCount) && loginResult.User.LoginFailCount <= Convert.ToInt32(pwdRule.TrialErrorCount.Trim()))
{
string exceptionMsg = "";
//去累加失败次数,锁定用户
var user = loginResult.User;
user.LoginFailCount = user.LoginFailCount + 1;
//当累计错误大于试错数时
if (user.LoginFailCount > Convert.ToInt32(pwdRule.TrialErrorCount.Trim()))
{
exceptionMsg = "当前用户(" + usernameOrEmailAddress + ")密码已累计输错【" + pwdRule.TrialErrorCount + "】次,帐号已被锁定!";
user.IsActive = false; //锁定用户
}
else
{
exceptionMsg = "当前用户(" + usernameOrEmailAddress + ")密码已累计输错【" + user.LoginFailCount + "】次,累计输错【" + pwdRule.TrialErrorCount + "】次将被锁定!";
}
user.LockedReason = exceptionMsg;
//_userManager.Update(user);
//CurrentUnitOfWork.SaveChanges();
DbHelper.Execute(string.Format(@"UPDATE ABP_USERS SET LOGIN_FAIL_COUNT={0},LOCKED_REASON='{1}',IS_ACTIVE=1 WHERE ID={2}",
user.LoginFailCount, exceptionMsg, user.Id));
throw new Exception("登录失败:" + exceptionMsg);
}
else
{
throw new Exception("登录失败:用户或密码错误(系统未配置试错次数)");
}
}
else
{
throw CreateExceptionForFailedLoginAttempt(loginResult.Result, usernameOrEmailAddress, tenancyName);
}
default:
throw CreateExceptionForFailedLoginAttempt(loginResult.Result, usernameOrEmailAddress, tenancyName);
}
}
public User()
{
//改为在配置文件中获取默认密码
Password = new PasswordHasher().HashPassword(OperateSection.GetPwdRuleSection().DefualtPwd);
//Password = new PasswordHasher().HashPassword(DefaultPassword);
}