强密码生成及设置

app/controller/profile_controller.js

@@ -103,6 +103,11 @@ module.exports = app => {
                 // 验证数据
                 const passwordRule = ctx.service.projectAccount.rule('modifyPassword');
                 ctx.helper.validate(passwordRule);
+                // 判断新密码的强度
+                const reg = /^(?![0-9]+$)(?![a-zA-Z]+$).{6,16}$/;
+                if (!reg.test(newPassword)) {
+                    throw '请设置至少包含数字和字母的新密码';
+                }
 
                 const result = await ctx.service.projectAccount.modifyPassword(accountId, password, newPassword);
                 if (!result) {
@@ -111,6 +116,7 @@ module.exports = app => {
                 this.setMessage('修改密码成功', this.messageType.SUCCESS);
                 ctx.redirect('/logout');
             } catch (error) {
+                ctx.session.postError = error.toString();
                 this.setMessage(error.toString(), this.messageType.ERROR);
                 ctx.redirect(ctx.request.header.referer);
             }
@@ -469,14 +475,16 @@ module.exports = app => {
             const accountData = await ctx.service.projectAccount.getDataByCondition({ id: sessionUser.accountId });
 
             // 获取修改密码的字段规则
-            const passwordRule = ctx.service.projectAccount.rule('modifyPassword');
-            const passwordJsValidator = await this.jsValidator.convert(passwordRule).setSelector('#password-form').build();
+            // const passwordRule = ctx.service.projectAccount.rule('modifyPassword');
+            // const passwordJsValidator = await this.jsValidator.convert(passwordRule).setSelector('#password-form').build();
+
+            // console.log(passwordJsValidator);
 
             // 获取登录日志
             const loginLogging = await ctx.service.loginLogging.getLoginLogs(ctx.session.sessionProject.id, ctx.session.sessionUser.accountId);
             const renderData = {
                 accountData,
-                passwordJsValidator,
+                // passwordJsValidator,
                 loginLogging,
                 loginWay,
             };

app/controller/setting_controller.js

@@ -541,6 +541,11 @@ module.exports = app => {
                 if (isNaN(accountId) || accountId <= 0 || password.length < 6) {
                     throw '参数错误';
                 }
+                // 判断新密码的强度
+                const reg = /^(?![0-9]+$)(?![a-zA-Z]+$).{6,16}$/;
+                if (!reg.test(password)) {
+                    throw '请设置至少包含数字和字母的新密码';
+                }
                 const result = await ctx.service.projectAccount.resetPassword(accountId, password, account);
                 if (!result) {
                     throw '重置密码失败!';

app/public/js/setting.js

@@ -425,6 +425,11 @@ function checkPasswordForm() {
         if (!/^[0-9a-zA-Z*~!@&%$^\\(\\)#_\[\]\-\+={}|?'":,<>.`]+$/.test(resetPassword)) {
             throw '密码只支持英文数字及符号';
         }
+        // 判断新密码的强度
+        const reg = /^(?![0-9]+$)(?![a-zA-Z]+$).{6,16}$/;
+        if (!reg.test(resetPassword)) {
+            throw '请设置至少包含数字和字母的密码';
+        }
     } catch (err) {
         toastr.error(err);
         return false;
@@ -449,6 +454,11 @@ function checkUserForm(status) {
             if (!/^[0-9a-zA-Z*~!@&%$^\\(\\)#_\[\]\-\+={}|?'":,<>.`]+$/.test($('#add-user input[name="password"]').val())) {
                 throw '密码只支持英文数字及符号';
             }
+            // 判断新密码的强度
+            const reg = /^(?![0-9]+$)(?![a-zA-Z]+$).{6,16}$/;
+            if (!reg.test($('#add-user input[name="password"]').val())) {
+                throw '请设置至少包含数字和字母的密码';
+            }
             if ($('#add-user input[name="name"]').val() == '') {
                 throw '姓名不能为空';
             }
@@ -513,23 +523,26 @@ function checkUnitForm() {
 }
 
 /**
- * 随机密码
+ * 随机密码(必须包含数字和字母)
  */
 function randPassword() {
-    let result = '';
+    const result = [];
     // 随机6-10位
-    const length = Math.ceil(Math.random() * 2 + 8);
+    const length = Math.ceil(Math.random() * 2 + 6);
     let numberSeed = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9];
     let stringSeed = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S',
         'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o',
         'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'];
-
+    const numRan = numberSeed[Math.floor((Math.random() * numberSeed.length))];
+    const strRan = stringSeed[Math.floor((Math.random() * stringSeed.length))];
+    console.log(numRan, strRan);
     const randSeed = stringSeed.concat(numberSeed);
     const seedLength = randSeed.length - 1;
     for (let i = 0; i < length; i++) {
         const index = Math.ceil(Math.random() * seedLength);
-        result += randSeed[index];
+        result.push(randSeed[index]);
     }
-
-    return result;
+    result.splice(Math.floor((Math.random() * result.length)), 0, numRan);
+    result.splice(Math.floor((Math.random() * result.length)), 0, strRan);
+    return result.join('');
 }

app/service/project_account.js

@@ -65,8 +65,8 @@ module.exports = app => {
                 case 'modifyPassword':
                     rule = {
                         password: { type: 'password', required: true, min: 6 },
-                        new_password: { type: 'password', required: true, min: 6 },
-                        confirm_password: { type: 'password', required: true, min: 6, compare: 'new_password' },
+                        new_password: { type: 'password', required: true, min: 6, max: 16, format: /^(?![0-9]+$)(?![a-zA-Z]+$).{6,16}$/ },
+                        confirm_password: { type: 'password', required: true, min: 6, max: 16, compare: 'new_password' },
                     };
                     break;
                 case 'bindMobile':
@@ -78,7 +78,7 @@ module.exports = app => {
                 case 'add':
                     rule = {
                         account: { type: 'string', required: true },
-                        password: { type: 'string', required: true, min: 6 },
+                        password: { type: 'string', required: true, min: 6, max: 16, format: /^(?![0-9]+$)(?![a-zA-Z]+$).{6,16}$/ },
                         name: { type: 'string', required: true },
                         company: { type: 'string', required: true },
                         role: { type: 'string', required: true },

app/view/profile/safe.ejs

@@ -9,7 +9,7 @@
         <div class="c-body">
             <div class="sjs-height-0">
                 <div class="row m-0">
-                    <div class="col-5 my-3">
+                    <div class="col-6 my-3">
                         <!--账号安全-->
                         <form action="/profile/password" method="post" id="password-form">
                             <% if(accountData.password !== 'SSO password') { %>
@@ -54,7 +54,51 @@
         </div>
     </div>
 </div>
-<%- passwordJsValidator %>
+<script>
+    $(document).ready(function() {
+        $.validator.addMethod("isSafe", function(value, element) {
+            const safe = /^(?![0-9]+$)(?![a-zA-Z]+$).{6,16}$/;
+            // var safe = /^(?=.*[a-zA-Z])(?=.*\d)(?=.*[~!@#$%^&*()_+`\-={}:";'<>,.\/]).{6,16}$/;
+            // var safe = /^(?=.*[a-zA-Z])(?=.*\d).{6,16}$/;
+            return this.optional(element) || safe.test(value);
+        }, "请设置至少包含数字和字母的密码");
+        const options = {
+            rules: '',
+            messages: {},
+            errorPlacement: function(error, element) {
+                $(element).addClass('is-invalid');
+                $(element).after(error);
+            },
+            errorClass: "invalid-feedback",
+            errorElement: "div",
+            highlight: false,
+            success: function(element) {
+                $(element).siblings('input').removeClass('is-invalid');
+                $(element).remove();
+            },
+        };
+        options.rules = {
+            password: {
+                required: true,
+                minlength: 6,
+            },
+            new_password: {
+                required: true,
+                minlength: 6,
+                maxlength: 16,
+                isSafe: true,
+            },
+            confirm_password : {
+                required: true,
+                minlength: 6,
+                maxlength: 16,
+                equalTo: '#new_password',
+            },
+        };
+        $("#password-form").validate(options);
+    });
+</script>
+<script src="/public/js/validate.extend.js"></script>
 <script type="text/javascript">
     new Vue({
         el: '#app',

sql/update20220416.sql

@@ -1,58 +0,0 @@
-ALTER TABLE `zh_material` ADD `is_new` TINYINT(1) NOT NULL DEFAULT '0' COMMENT '是否是新建的调差，用于区分清单新建规则' AFTER `in_time`;
-
-ALTER TABLE `zh_change_plan` ADD `expr` TEXT NULL DEFAULT NULL COMMENT '工程量数量计算式' AFTER `memo`;
-
-ALTER TABLE `zh_change_plan_list` ADD `new_up` tinyint(1) NOT NULL DEFAULT '0' COMMENT '新增单价' AFTER `spamount`;
-
-ALTER TABLE `zh_change_plan_list` ADD `ex_memo1` VARCHAR(255) NULL DEFAULT NULL COMMENT '备注1' AFTER `new_up`;
-
-ALTER TABLE `zh_change_plan_list` ADD `ex_memo2` VARCHAR(255) NULL DEFAULT NULL COMMENT '备注2' AFTER `ex_memo1`;
-
-ALTER TABLE `zh_project_account` ADD `stamp_path` VARCHAR(255) NULL DEFAULT NULL COMMENT '用户签章oss地址' AFTER `sign_path`;
-
-ALTER TABLE `zh_advance_pay` ADD `pay_time` DATETIME NULL DEFAULT NULL COMMENT '支付时间' AFTER `end_time`;
-UPDATE `zh_advance_pay` SET `pay_time`= `create_time`;
-
-CREATE TABLE `zh_material_list_gcl`  (
-  `id` int(11) NOT NULL AUTO_INCREMENT,
-  `tid` int(11) NOT NULL COMMENT '标段id',
-  `mid` int(11) NOT NULL COMMENT '调差id',
-  `order` tinyint(4) NOT NULL COMMENT '添加的历史期',
-  `gcl_id` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL COMMENT '工程量id',
-  `mb_id` int(11) NOT NULL COMMENT '工料id',
-  `quantity` decimal(30, 8) NULL DEFAULT NULL COMMENT '数目',
-  `expr` varchar(500) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL COMMENT '公式',
-  PRIMARY KEY (`id`) USING BTREE
-) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_unicode_ci COMMENT = '用于新建期时清单关联已使用过的工程量，创建新的工料与清单的联系表';
-
-CREATE TABLE `zh_construction_unit`  (
-  `id` int(11) NOT NULL AUTO_INCREMENT,
-  `pid` int(11) NOT NULL COMMENT '项目id',
-  `name` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL COMMENT '单位名称',
-  `type` tinyint(2) NOT NULL COMMENT '单位类型',
-  `corporation` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL COMMENT '法人代表',
-  `credit_code` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL COMMENT '企业信用代码',
-  `tel` varchar(50) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL COMMENT '电话',
-  `address` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL COMMENT '地址',
-  `region` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL COMMENT '地区',
-  `website` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL COMMENT '网站',
-  `basic` varchar(1000) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL COMMENT '备注',
-  `sign_path` varchar(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL COMMENT '签章图片地址',
-  `create_time` datetime NOT NULL COMMENT '创建时间',
-  PRIMARY KEY (`id`) USING BTREE
-) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_unicode_ci COMMENT = '参建单位表';
-
-CREATE TABLE `zh_stage_import_change` (
-  `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
-  `tid` int(11) unsigned NOT NULL COMMENT '标段id',
-  `sid` int(11) unsigned NOT NULL COMMENT '期id',
-  `lid` varchar(36) COLLATE utf8_unicode_ci NOT NULL COMMENT '台账节点id',
-  `import_lid` varchar(36) COLLATE utf8_unicode_ci NOT NULL COMMENT '导入的最底层项目节id',
-  `rela_tid` int(11) unsigned NOT NULL COMMENT '关联标段id',
-  `rela_sid` int(11) unsigned NOT NULL COMMENT '关联期id',
-  `rela_lid` varchar(36) COLLATE utf8_unicode_ci NOT NULL COMMENT '关联台账id',
-  `rela_cid` varchar(36) CHARACTER SET ascii NOT NULL COMMENT '关联变更令id',
-  `rela_cbid` int(11) unsigned NOT NULL COMMENT '关联变更清单id',
-  `rela_qty` decimal(24,8) NOT NULL DEFAULT '0.00000000' COMMENT '关联数量',
-  PRIMARY KEY (`id`)
-) ENGINE=InnoDB AUTO_INCREMENT=2278 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;