Add configurable password strength policy

2026-02-22 22:21:09 +08:00 · 2025-07-01 13:45:35 +08:00
parent e6bee42289
commit 6df855a816
5 changed files with 71 additions and 1 deletions
--- a/src/main/java/com/openisle/model/PasswordStrength.java
+++ b/src/main/java/com/openisle/model/PasswordStrength.java
@@ -0,0 +1,7 @@
+package com.openisle.model;
+
+public enum PasswordStrength {
+    LOW,
+    MEDIUM,
+    HIGH
+}
--- a/src/main/java/com/openisle/service/PasswordValidator.java
+++ b/src/main/java/com/openisle/service/PasswordValidator.java
@@ -0,0 +1,57 @@
+package com.openisle.service;
+
+import com.openisle.model.PasswordStrength;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+@Service
+public class PasswordValidator {
+    private final PasswordStrength strength;
+
+    public PasswordValidator(@Value("${app.password.strength:LOW}") PasswordStrength strength) {
+        this.strength = strength;
+    }
+
+    public void validate(String password) {
+        if (password == null || password.isEmpty()) {
+            throw new IllegalArgumentException("Password cannot be empty");
+        }
+        switch (strength) {
+            case MEDIUM:
+                checkMedium(password);
+                break;
+            case HIGH:
+                checkHigh(password);
+                break;
+            default:
+                // LOW, nothing beyond non-empty
+        }
+    }
+
+    private void checkMedium(String password) {
+        if (password.length() < 8) {
+            throw new IllegalArgumentException("Password must be at least 8 characters long");
+        }
+        if (!password.matches(".*[A-Za-z].*") || !password.matches(".*\\d.*")) {
+            throw new IllegalArgumentException("Password must contain letters and numbers");
+        }
+    }
+
+    private void checkHigh(String password) {
+        if (password.length() < 12) {
+            throw new IllegalArgumentException("Password must be at least 12 characters long");
+        }
+        if (!password.matches(".*[A-Z].*")) {
+            throw new IllegalArgumentException("Password must contain uppercase letters");
+        }
+        if (!password.matches(".*[a-z].*")) {
+            throw new IllegalArgumentException("Password must contain lowercase letters");
+        }
+        if (!password.matches(".*\\d.*")) {
+            throw new IllegalArgumentException("Password must contain numbers");
+        }
+        if (!password.matches(".*[^A-Za-z0-9].*")) {
+            throw new IllegalArgumentException("Password must contain special characters");
+        }
+    }
+}
--- a/src/main/java/com/openisle/service/UserService.java
+++ b/src/main/java/com/openisle/service/UserService.java
@@ -2,6 +2,7 @@ package com.openisle.service;

 import com.openisle.model.User;
 import com.openisle.model.Role;
+import com.openisle.service.PasswordValidator;
 import com.openisle.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -15,9 +16,11 @@ import java.util.Random;
@RequiredArgsConstructor
 public class UserService {
    private final UserRepository userRepository;
+    private final PasswordValidator passwordValidator;
    private final PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();

    public User register(String username, String email, String password) {
+        passwordValidator.validate(password);
        // ── 先按用户名查 ──────────────────────────────────────────
        Optional<User> byUsername = userRepository.findByUsername(username);
        if (byUsername.isPresent()) {