/// <summary> /// 密码复杂度验证 /// </summary> /// <param name="pwd"></param> /// <returns></returns> private bool RandomBoolPwd(string pwd) { string result = ""; //进行密码复杂度的校验 var pwdRule = OperateSection.GetPwdRuleSection(); if (pwdRule.IsValidatecComplex)//是否启用复杂度校验 { var complexList = OperateSection.GetPwdComplexSetList(); if (complexList != null && complexList.Count > 0) { foreach (var complex in complexList) { if (Regex.IsMatch(pwd, complex.Regular)) { result += complex.ErrorMsg + "\r\n"; } } } } if (!string.IsNullOrEmpty(result) && result.Length > 0) { //密码复杂度不通过验证 return(false); } else { return(true); } }
/// <summary> /// 重置密码功能 /// </summary> /// <param name="id">用户ID</param> public string ResetPwd(int id) { try { using (CurrentUnitOfWork.DisableFilter(AbpDataFilters.SoftDelete)) { var user = GetUser(id); if (user != null) { //判断是否启用随机密码 //获取配置节点信息 var userSe = OperateSection.GetPwdRuleSection(); if (userSe.IsRandomPwd) { //密码复杂度验证 if (userSe.IsValidatecComplex) { //重置密码,返回通过验证随机密码 var pwdNow = RandomPasswords();//生成通过验证随机密码 user.Password = new PasswordHasher().HashPassword(pwdNow); user.ModifyPwd = 0; _userManager.UpdateAsync(user); //throw new UserFriendlyException(pwdNow); return(pwdNow); } else { //重置密码,返回随机密码 var pwdNow = RandomPassword();//生成随机密码 user.Password = new PasswordHasher().HashPassword(pwdNow); user.ModifyPwd = 0; _userManager.UpdateAsync(user); //throw new UserFriendlyException(pwdNow); return(pwdNow); //abp.message.info("重置密码成功!新密码:"+pwdNow, "提示"); } } else { //重置密码,返回默认密码 var pwdNow = userSe.DefualtPwd;//获取默认密码 user.Password = new PasswordHasher().HashPassword(pwdNow); user.ModifyPwd = 0; _userManager.UpdateAsync(user); //throw new UserFriendlyException(pwdNow); return(pwdNow); } } else { throw new UserFriendlyException("查询出错,用户不存在!"); } } } catch (Exception e) { throw new UserFriendlyException(e.Message); } }
/// <summary> /// 验证密码复杂度(不能为默认密码)和密码修改周期 /// </summary> /// <param name="loginModel"></param> /// <param name="loginResult"></param> private void ValidateCycleAndComplex(LoginViewModel loginModel, AbpLoginResult <Tenant, User> loginResult) { //进行密码复杂度的校验 var pwdRule = OperateSection.GetPwdRuleSection(); if (pwdRule.IsValidatecComplex)//是否启用复杂度校验 { var complexList = OperateSection.GetPwdComplexSetList(); if (complexList != null && complexList.Count > 0) { foreach (var complex in complexList) { if (Regex.IsMatch(loginModel.Password, complex.Regular)) { throw new Exception("密码复杂度不够:" + complex.ErrorMsg + "。即将跳入密码修改页面..."); } } } if (pwdRule.DefualtPwd == loginModel.Password) { throw new Exception("不能为系统默认密码。即将跳入密码修改页面..."); } } //密码周期性验证 if (pwdRule.IsCycle)//启用了周期性验证 { var dd = _userPwdAppService.GetAllPwdLog(loginResult.User.Id); var lastPwdLog = _userPwdAppService.GetLastPwdLog(loginResult.User.Id); if (lastPwdLog != null) { if (!string.IsNullOrEmpty(pwdRule.CycleTime) && Convert.ToInt32(pwdRule.CycleTime) < DateTime.Now.Subtract(lastPwdLog.CreationTime).Duration().Days) { throw new Exception("当前密码累计使用已超过【" + pwdRule.CycleTime + "】天,请修改密码。即将跳入密码修改页面..."); } } } }
private String ValidateComplex(string pwd) { string result = ""; //进行密码复杂度的校验 var pwdRule = OperateSection.GetPwdRuleSection(); if (pwdRule.IsValidatecComplex)//是否启用复杂度校验 { var complexList = OperateSection.GetPwdComplexSetList(); if (complexList != null && complexList.Count > 0) { foreach (var complex in complexList) { if (Regex.IsMatch(pwd, complex.Regular)) { result += complex.ErrorMsg + "\r\n"; } } } } return(result); }
/// <summary> /// cs于2017.11.22上午进行了修改 /// 验证登录信息,返回对应登录结果数据 /// </summary> /// <param name="usernameOrEmailAddress"></param> /// <param name="password"></param> /// <param name="tenancyName"></param> /// <returns></returns> private async Task <AbpLoginResult <Tenant, User> > GetLoginResultAsync(string usernameOrEmailAddress, string password, string tenancyName) { var loginResult = await _logInManager.LoginAsync(usernameOrEmailAddress, password, tenancyName); var pwdRule = OperateSection.GetPwdRuleSection(); switch (loginResult.Result) { case AbpLoginResultType.Success: if (pwdRule.IsTrialError) //若启用了试错,则重置错误信息 { if (!string.IsNullOrEmpty(pwdRule.TrialErrorCount) && loginResult.User.LoginFailCount > Convert.ToInt32(pwdRule.TrialErrorCount.Trim())) { throw new Exception("登录失败:当前用户(" + usernameOrEmailAddress + ")已被锁定!"); } else { //var user = loginResult.User; //user.LoginFailCount = 0; //user.LockedReason = ""; //user.IsActive = true; //_userManager.Update(user); DbHelper.Execute("UPDATE ABP_USERS SET LOGIN_FAIL_COUNT=0,LOCKED_REASON='',IS_ACTIVE=1 WHERE ID=" + loginResult.User.Id); } } return(loginResult); case AbpLoginResultType.InvalidPassword: //当密码错误时 //先验证是否启用了试错 if (pwdRule.IsTrialError) //启用了试错 { if (!string.IsNullOrEmpty(pwdRule.TrialErrorCount) && loginResult.User.LoginFailCount > Convert.ToInt32(pwdRule.TrialErrorCount.Trim())) { throw new Exception("登录失败:当前用户(" + usernameOrEmailAddress + ")已被锁定!"); } else if (!string.IsNullOrEmpty(pwdRule.TrialErrorCount) && loginResult.User.LoginFailCount <= Convert.ToInt32(pwdRule.TrialErrorCount.Trim())) { string exceptionMsg = ""; //去累加失败次数,锁定用户 var user = loginResult.User; user.LoginFailCount = user.LoginFailCount + 1; //当累计错误大于试错数时 if (user.LoginFailCount > Convert.ToInt32(pwdRule.TrialErrorCount.Trim())) { exceptionMsg = "当前用户(" + usernameOrEmailAddress + ")密码已累计输错【" + pwdRule.TrialErrorCount + "】次,帐号已被锁定!"; user.IsActive = false; //锁定用户 } else { exceptionMsg = "当前用户(" + usernameOrEmailAddress + ")密码已累计输错【" + user.LoginFailCount + "】次,累计输错【" + pwdRule.TrialErrorCount + "】次将被锁定!"; } user.LockedReason = exceptionMsg; //_userManager.Update(user); //CurrentUnitOfWork.SaveChanges(); DbHelper.Execute(string.Format(@"UPDATE ABP_USERS SET LOGIN_FAIL_COUNT={0},LOCKED_REASON='{1}',IS_ACTIVE=1 WHERE ID={2}", user.LoginFailCount, exceptionMsg, user.Id)); throw new Exception("登录失败:" + exceptionMsg); } else { throw new Exception("登录失败:用户或密码错误(系统未配置试错次数)"); } } else { throw CreateExceptionForFailedLoginAttempt(loginResult.Result, usernameOrEmailAddress, tenancyName); } default: throw CreateExceptionForFailedLoginAttempt(loginResult.Result, usernameOrEmailAddress, tenancyName); } }
public User() { //改为在配置文件中获取默认密码 Password = new PasswordHasher().HashPassword(OperateSection.GetPwdRuleSection().DefualtPwd); //Password = new PasswordHasher().HashPassword(DefaultPassword); }