修改复杂密码,2.登录密码输入5次错误锁定，3分钟后再次输入密码

       3.密码一月内不更换，需要在登录前修改密码（符合密码要求规则）才可再次登录。

ruoyi-admin/src/main/java/com/ruoyi/web/controller/business/CreditUserController.java

@@ -74,7 +74,7 @@ public class CreditUserController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:creditUser:edit')")
     @Log(title = "信用人员", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@RequestBody CreditUser creditUser)
     {
         return toAjax(creditUserService.updateCreditUser(creditUser));
@@ -85,7 +85,7 @@ public class CreditUserController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:creditUser:remove')")
     @Log(title = "信用人员", businessType = BusinessType.DELETE)
-	@DeleteMapping("/{ids}")
+	@GetMapping("/delete/{ids}")
     public AjaxResult remove(@PathVariable Long[] ids)
     {
         return toAjax(creditUserService.deleteCreditUserByIds(ids));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/business/InterestsNumberTableController.java

@@ -85,7 +85,7 @@ public class InterestsNumberTableController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:table:edit')")
     @Log(title = "商户权益次数记录", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@RequestBody InterestsNumberTable interestsNumberTable)
     {
         return toAjax(interestsNumberTableService.updateInterestsNumberTable(interestsNumberTable));
@@ -96,7 +96,7 @@ public class InterestsNumberTableController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:table:remove')")
     @Log(title = "商户权益次数记录", businessType = BusinessType.DELETE)
-	@DeleteMapping("/{numberId}")
+	@GetMapping("/delete/{numberId}")
     public AjaxResult remove(@PathVariable Long numberId)
     {
         return toAjax(interestsNumberTableService.deleteInterestsNumberTableById(numberId));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/business/InterestsTableController.java

@@ -84,7 +84,7 @@ public class InterestsTableController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:table:edit')")
     @Log(title = "商户权益记录", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@RequestBody InterestsTable interestsTable)
     {
         return interestsTableService.updateInterestsTable(interestsTable);
@@ -95,7 +95,7 @@ public class InterestsTableController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:table:remove')")
     @Log(title = "商户权益记录", businessType = BusinessType.DELETE)
-	@DeleteMapping("/{ids}")
+	@GetMapping("/delete/delete/{ids}")
     public AjaxResult remove(@PathVariable Long[] ids)
     {
         return toAjax(interestsTableService.deleteInterestsTableByIds(ids));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/business/PolicyGuideController.java

@@ -85,7 +85,7 @@ public class PolicyGuideController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:guide:edit')")
     @Log(title = "政策指南", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@RequestBody PolicyGuide policyGuide)
     {
         return toAjax(policyGuideService.updatePolicyGuide(policyGuide));
@@ -96,7 +96,7 @@ public class PolicyGuideController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:guide:remove')")
     @Log(title = "政策指南", businessType = BusinessType.DELETE)
-	@DeleteMapping("/{policyIds}")
+	@GetMapping("/delete/{policyIds}")
     public AjaxResult remove(@PathVariable Long[] policyIds)
     {
         return toAjax(policyGuideService.deletePolicyGuideByPolicyIds(policyIds));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/business/PolicyMenuController.java

@@ -126,7 +126,7 @@ public class PolicyMenuController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:menu:edit')")
     @Log(title = "政策类别", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@RequestBody PolicyMenu policyMenu)
     {
 
@@ -151,7 +151,7 @@ public class PolicyMenuController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:menu:remove')")
     @Log(title = "政策类别", businessType = BusinessType.DELETE)
-	@DeleteMapping("/{menuIds}")
+	@GetMapping("/delete/{menuIds}")
     public AjaxResult remove(@PathVariable Long[] menuIds)
     {
         return toAjax(policyMenuService.deletePolicyMenuByMenuIds(menuIds));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/business/SettledMerchantsController.java

@@ -105,7 +105,7 @@ public class SettledMerchantsController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:merchants:edit')")
     @Log(title = "入驻商家", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@Validated @RequestBody SettledMerchants settledMerchants)
     {
         return toAjax(settledMerchantsService.updateSettledMerchants(settledMerchants));
@@ -116,7 +116,7 @@ public class SettledMerchantsController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:merchants:remove')")
     @Log(title = "入驻商家", businessType = BusinessType.DELETE)
-	@DeleteMapping("/{businessIds}")
+	@GetMapping("/delete/{businessIds}")
     public AjaxResult remove(@PathVariable Long[] businessIds)
     {
         return toAjax(settledMerchantsService.deleteSettledMerchantsByBusinessIds(businessIds));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/business/SettledMerchantsInterestsController.java

@@ -85,7 +85,7 @@ public class SettledMerchantsInterestsController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:interests:edit')")
     @Log(title = "商户-政策类型", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@RequestBody SettledMerchantsInterests settledMerchantsInterests)
     {
         return toAjax(settledMerchantsInterestsService.updateSettledMerchantsInterests(settledMerchantsInterests));
@@ -96,7 +96,7 @@ public class SettledMerchantsInterestsController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:interests:remove')")
     @Log(title = "商户-政策类型", businessType = BusinessType.DELETE)
-	@DeleteMapping("/{ids}")
+	@GetMapping("/delete/{ids}")
     public AjaxResult remove(@PathVariable Long[] ids)
     {
         return toAjax(settledMerchantsInterestsService.deleteSettledMerchantsInterestsByIds(ids));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/business/UsageRecordController.java

@@ -82,7 +82,7 @@ public class UsageRecordController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:record:edit')")
     @Log(title = "使用记录", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@RequestBody UsageRecord usageRecord)
     {
         return toAjax(usageRecordService.updateUsageRecord(usageRecord));
@@ -93,7 +93,7 @@ public class UsageRecordController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:record:remove')")
     @Log(title = "使用记录", businessType = BusinessType.DELETE)
-	@DeleteMapping("/{recordIds}")
+	@GetMapping("/delete/{recordIds}")
     public AjaxResult remove(@PathVariable Long[] recordIds)
     {
         return toAjax(usageRecordService.deleteUsageRecordByRecordIds(recordIds));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/business/UseGuideController.java

@@ -81,7 +81,7 @@ public class UseGuideController extends BaseController
      * 修改使用指南
      */
     @Log(title = "使用指南", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@Validated @RequestBody UseGuide useGuide)
     {
         return toAjax(useGuideService.updateUseGuide(useGuide));
@@ -91,7 +91,7 @@ public class UseGuideController extends BaseController
      * 删除使用指南
      */
     @Log(title = "使用指南", businessType = BusinessType.DELETE)
-	@DeleteMapping("/{ids}")
+	@GetMapping("/delete/{ids}")
     public AjaxResult remove(@PathVariable Long[] ids)
     {
         return toAjax(useGuideService.deleteUseGuideByIds(ids));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/business/WelfareGuideController.java

@@ -80,7 +80,7 @@ public class WelfareGuideController extends BaseController
      * 修改小程序党建福利信息
      */
     @Log(title = "小程序党建福利信息", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@RequestBody WelfareGuide welfareGuide)
     {
         return toAjax(welfareGuideService.updateWelfareGuide(welfareGuide));
@@ -90,7 +90,7 @@ public class WelfareGuideController extends BaseController
      * 删除小程序党建福利信息
      */
     @Log(title = "小程序党建福利信息", businessType = BusinessType.DELETE)
-	@DeleteMapping("/{ids}")
+	@GetMapping("/delete/{ids}")
     public AjaxResult remove(@PathVariable Long[] ids)
     {
         return toAjax(welfareGuideService.deleteWelfareGuideByIds(ids));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/monitor/SysLogininforController.java

@@ -52,7 +52,7 @@ public class SysLogininforController extends BaseController
 
     @PreAuthorize("@ss.hasPermi('monitor:logininfor:remove')")
     @Log(title = "登录日志", businessType = BusinessType.DELETE)
-    @DeleteMapping("/{infoIds}")
+    @GetMapping("/delete/{infoIds}")
     public AjaxResult remove(@PathVariable Long[] infoIds)
     {
         return toAjax(logininforService.deleteLogininforByIds(infoIds));
@@ -60,7 +60,7 @@ public class SysLogininforController extends BaseController
 
     @PreAuthorize("@ss.hasPermi('monitor:logininfor:remove')")
     @Log(title = "登录日志", businessType = BusinessType.CLEAN)
-    @DeleteMapping("/clean")
+    @GetMapping("/clean")
     public AjaxResult clean()
     {
         logininforService.cleanLogininfor();

ruoyi-admin/src/main/java/com/ruoyi/web/controller/monitor/SysOperlogController.java

@@ -52,7 +52,7 @@ public class SysOperlogController extends BaseController
 
     @Log(title = "操作日志", businessType = BusinessType.DELETE)
     @PreAuthorize("@ss.hasPermi('monitor:operlog:remove')")
-    @DeleteMapping("/{operIds}")
+    @GetMapping("/delete/{operIds}")
     public AjaxResult remove(@PathVariable Long[] operIds)
     {
         return toAjax(operLogService.deleteOperLogByIds(operIds));
@@ -60,7 +60,7 @@ public class SysOperlogController extends BaseController
 
     @Log(title = "操作日志", businessType = BusinessType.CLEAN)
     @PreAuthorize("@ss.hasPermi('monitor:operlog:remove')")
-    @DeleteMapping("/clean")
+    @GetMapping("/clean")
     public AjaxResult clean()
     {
         operLogService.cleanOperLog();

ruoyi-admin/src/main/java/com/ruoyi/web/controller/monitor/SysUserOnlineController.java

@@ -83,7 +83,7 @@ public class SysUserOnlineController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('monitor:online:forceLogout')")
     @Log(title = "在线用户", businessType = BusinessType.FORCE)
-    @DeleteMapping("/{tokenId}")
+    @GetMapping("/delete/{tokenId}")
     public AjaxResult forceLogout(@PathVariable String tokenId)
     {
         redisCache.deleteObject(Constants.LOGIN_TOKEN_KEY + tokenId);

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysConfigController.java

@@ -97,7 +97,7 @@ public class SysConfigController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:config:edit')")
     @Log(title = "参数管理", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@Validated @RequestBody SysConfig config)
     {
         if (UserConstants.NOT_UNIQUE.equals(configService.checkConfigKeyUnique(config)))
@@ -113,7 +113,7 @@ public class SysConfigController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:config:remove')")
     @Log(title = "参数管理", businessType = BusinessType.DELETE)
-    @DeleteMapping("/{configIds}")
+    @GetMapping("/delete/{configIds}")
     public AjaxResult remove(@PathVariable Long[] configIds)
     {
         configService.deleteConfigByIds(configIds);
@@ -125,7 +125,7 @@ public class SysConfigController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:config:remove')")
     @Log(title = "参数管理", businessType = BusinessType.CLEAN)
-    @DeleteMapping("/refreshCache")
+    @GetMapping("/refreshCache")
     public AjaxResult refreshCache()
     {
         configService.resetConfigCache();

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDeptController.java

@@ -122,7 +122,7 @@ public class SysDeptController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:dept:edit')")
     @Log(title = "部门管理", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@Validated @RequestBody SysDept dept)
     {
         Long deptId = dept.getDeptId();
@@ -148,7 +148,7 @@ public class SysDeptController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:dept:remove')")
     @Log(title = "部门管理", businessType = BusinessType.DELETE)
-    @DeleteMapping("/{deptId}")
+    @GetMapping(value = "/delete/{id}")
     public AjaxResult remove(@PathVariable Long deptId)
     {
         if (deptService.hasChildByDeptId(deptId))

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDictDataController.java

@@ -100,7 +100,7 @@ public class SysDictDataController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:dict:edit')")
     @Log(title = "字典数据", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@Validated @RequestBody SysDictData dict)
     {
         dict.setUpdateBy(getUsername());
@@ -112,7 +112,7 @@ public class SysDictDataController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:dict:remove')")
     @Log(title = "字典类型", businessType = BusinessType.DELETE)
-    @DeleteMapping("/{dictCodes}")
+    @GetMapping("/delete/{dictCodes}")
     public AjaxResult remove(@PathVariable Long[] dictCodes)
     {
         dictDataService.deleteDictDataByIds(dictCodes);

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysDictTypeController.java

@@ -85,7 +85,7 @@ public class SysDictTypeController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:dict:edit')")
     @Log(title = "字典类型", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@Validated @RequestBody SysDictType dict)
     {
         if (UserConstants.NOT_UNIQUE.equals(dictTypeService.checkDictTypeUnique(dict)))
@@ -101,7 +101,7 @@ public class SysDictTypeController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:dict:remove')")
     @Log(title = "字典类型", businessType = BusinessType.DELETE)
-    @DeleteMapping("/{dictIds}")
+    @GetMapping("/delete/{dictIds}")
     public AjaxResult remove(@PathVariable Long[] dictIds)
     {
         dictTypeService.deleteDictTypeByIds(dictIds);
@@ -113,7 +113,7 @@ public class SysDictTypeController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:dict:remove')")
     @Log(title = "字典类型", businessType = BusinessType.CLEAN)
-    @DeleteMapping("/refreshCache")
+    @GetMapping("/refreshCache")
     public AjaxResult refreshCache()
     {
         dictTypeService.resetDictCache();

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java

@@ -2,12 +2,17 @@ package com.ruoyi.web.controller.system;
 
 import java.util.List;
 import java.util.Set;
+import java.util.concurrent.TimeUnit;
 
 import com.ruoyi.common.core.domain.R;
 import com.ruoyi.common.core.domain.model.LoginUser;
+import com.ruoyi.common.core.redis.RedisService;
+import com.ruoyi.common.exception.base.BaseException;
+import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.framework.web.service.TokenService;
 import com.ruoyi.system.domain.SettledMerchants;
 import com.ruoyi.system.service.ISettledMerchantsService;
+import com.ruoyi.system.service.ISysLogininforService;
 import com.ruoyi.system.service.ISysUserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
@@ -21,6 +26,13 @@ import com.ruoyi.framework.web.service.SysLoginService;
 import com.ruoyi.framework.web.service.SysPermissionService;
 import com.ruoyi.system.service.ISysMenuService;
 
+import javax.annotation.Resource;
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Size;
+
+import static com.ruoyi.common.constant.Constants.LOGIN_NUM;
+import static com.ruoyi.framework.web.service.SysLoginService.checkStrongPwd;
+
 /**
  * 登录验证
  * 
@@ -46,6 +58,8 @@ public class SysLoginController
 
     @Autowired
     private ISettledMerchantsService settledMerchantsService;
+    @Resource
+    private RedisService redisService;
 
     /**
      * 登录方法
@@ -56,6 +70,34 @@ public class SysLoginController
     @PostMapping("/login")
     public AjaxResult login(@RequestBody LoginBody loginBody)
     {
+        if ("1".equals(checkStrongPwd(loginBody.getPassword()))) {
+            return AjaxResult.error("密码必须包含数字、大小写字母、特殊符号且大于8位");
+        }
+        SysUser user = userService.selectUserByUserName(loginBody.getUsername());
+        String username = user.getUserName();
+
+        if (!SecurityUtils.matchesPassword(loginBody.getPassword(), user.getPassword())) {
+            if (!"admin".equals(username)){
+                String num = redisService.getCacheObject(LOGIN_NUM + username);
+                if(StringUtils.isEmpty(num)){
+                    num = "0";
+                }
+                if(Integer.parseInt(num) == 5){
+                    return AjaxResult.error("登录密码输入5次错误,现已锁定，3分钟后再次输入密码");
+                }
+                //存入redis登录错误次数
+                redisService.setCacheObject(LOGIN_NUM + username, String.valueOf(Integer.parseInt(num)+1), Constants.USERNAME_EXPIRATION, TimeUnit.MINUTES);
+            }
+            return AjaxResult.error("用户不存在/密码错误");
+        }
+
+        //判断2个月内是否修改密码，排除admin
+        if(StringUtils.isNotEmpty(username) && !"admin".equals(username)){
+            String isUpdate = redisService.getCacheObject(Constants.PASSWORD_USER + username);
+            if(StringUtils.isEmpty(isUpdate)){
+                return AjaxResult.error("60天内为登录,需修改密码后重新登录");
+            }
+        }
         AjaxResult ajax = AjaxResult.success();
         // 生成令牌
         String token = loginService.login(loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(),

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysMenuController.java

@@ -102,7 +102,7 @@ public class SysMenuController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:menu:edit')")
     @Log(title = "菜单管理", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@Validated @RequestBody SysMenu menu)
     {
         if (UserConstants.NOT_UNIQUE.equals(menuService.checkMenuNameUnique(menu)))
@@ -126,7 +126,7 @@ public class SysMenuController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:menu:remove')")
     @Log(title = "菜单管理", businessType = BusinessType.DELETE)
-    @DeleteMapping("/{menuId}")
+    @GetMapping("/delete/{menuId}")
     public AjaxResult remove(@PathVariable("menuId") Long menuId)
     {
         if (menuService.hasChildByMenuId(menuId))

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysNoticeController.java

@@ -71,7 +71,7 @@ public class SysNoticeController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:notice:edit')")
     @Log(title = "通知公告", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@Validated @RequestBody SysNotice notice)
     {
         notice.setUpdateBy(getUsername());
@@ -83,7 +83,7 @@ public class SysNoticeController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:notice:remove')")
     @Log(title = "通知公告", businessType = BusinessType.DELETE)
-    @DeleteMapping("/{noticeIds}")
+    @GetMapping(value = "/delete/{noticeIds}")
     public AjaxResult remove(@PathVariable Long[] noticeIds)
     {
         return toAjax(noticeService.deleteNoticeByIds(noticeIds));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysPostController.java

@@ -92,7 +92,7 @@ public class SysPostController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:post:edit')")
     @Log(title = "岗位管理", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@Validated @RequestBody SysPost post)
     {
         if (UserConstants.NOT_UNIQUE.equals(postService.checkPostNameUnique(post)))
@@ -112,7 +112,7 @@ public class SysPostController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:post:remove')")
     @Log(title = "岗位管理", businessType = BusinessType.DELETE)
-    @DeleteMapping("/{postIds}")
+    @GetMapping(value = "/delete/{postIds}")
     public AjaxResult remove(@PathVariable Long[] postIds)
     {
         return toAjax(postService.deletePostByIds(postIds));

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysProfileController.java

@@ -1,6 +1,10 @@
 package com.ruoyi.web.controller.system;
 
 import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+
+import com.ruoyi.common.constant.Constants;
+import com.ruoyi.common.core.redis.RedisService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -24,6 +28,10 @@ import com.ruoyi.common.utils.file.FileUploadUtils;
 import com.ruoyi.framework.web.service.TokenService;
 import com.ruoyi.system.service.ISysUserService;
 
+import javax.annotation.Resource;
+
+import static com.ruoyi.framework.web.service.SysLoginService.checkStrongPwd;
+
 /**
  * 个人信息 业务处理
  * 
@@ -39,6 +47,9 @@ public class SysProfileController extends BaseController
     @Autowired
     private TokenService tokenService;
 
+    @Resource
+    private RedisService redisService;
+
     /**
      * 个人信息
      */
@@ -57,7 +68,7 @@ public class SysProfileController extends BaseController
      * 修改用户
      */
     @Log(title = "个人信息", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult updateProfile(@RequestBody SysUser user)
     {
         LoginUser loginUser = getLoginUser();
@@ -92,7 +103,7 @@ public class SysProfileController extends BaseController
      * 重置密码
      */
     @Log(title = "个人信息", businessType = BusinessType.UPDATE)
-    @PutMapping("/updatePwd")
+    @PostMapping("/updatePwd")
     public AjaxResult updatePwd(String oldPassword, String newPassword)
     {
         LoginUser loginUser = getLoginUser();
@@ -106,11 +117,16 @@ public class SysProfileController extends BaseController
         {
             return AjaxResult.error("新密码不能与旧密码相同");
         }
+        if ("1".equals(checkStrongPwd(newPassword))) {
+            return AjaxResult.error("密码必须包含数字、大小写字母、特殊符号且大于8位");
+        }
         if (userService.resetUserPwd(userName, SecurityUtils.encryptPassword(newPassword)) > 0)
         {
             // 更新缓存用户密码
             loginUser.getUser().setPassword(SecurityUtils.encryptPassword(newPassword));
             tokenService.setLoginUser(loginUser);
+            //更新用户60天内修改密码的key
+            redisService.setCacheObject(Constants.PASSWORD_USER + userName,60, Constants.UPDATE_PASSWORD, TimeUnit.DAYS);
             return AjaxResult.success();
         }
         return AjaxResult.error("修改密码异常，请联系管理员");

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysRoleController.java

@@ -107,7 +107,7 @@ public class SysRoleController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@Validated @RequestBody SysRole role)
     {
         roleService.checkRoleAllowed(role);
@@ -142,7 +142,7 @@ public class SysRoleController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.UPDATE)
-    @PutMapping("/dataScope")
+    @PostMapping("/dataScope")
     public AjaxResult dataScope(@RequestBody SysRole role)
     {
         roleService.checkRoleAllowed(role);
@@ -155,7 +155,7 @@ public class SysRoleController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.UPDATE)
-    @PutMapping("/changeStatus")
+    @PostMapping("/changeStatus")
     public AjaxResult changeStatus(@RequestBody SysRole role)
     {
         roleService.checkRoleAllowed(role);
@@ -169,7 +169,7 @@ public class SysRoleController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:role:remove')")
     @Log(title = "角色管理", businessType = BusinessType.DELETE)
-    @DeleteMapping("/{roleIds}")
+    @GetMapping(value = "/delete/{roleIds}")
     public AjaxResult remove(@PathVariable Long[] roleIds)
     {
         return toAjax(roleService.deleteRoleByIds(roleIds));
@@ -214,7 +214,7 @@ public class SysRoleController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.GRANT)
-    @PutMapping("/authUser/cancel")
+    @PostMapping("/authUser/cancel")
     public AjaxResult cancelAuthUser(@RequestBody SysUserRole userRole)
     {
         return toAjax(roleService.deleteAuthUser(userRole));
@@ -225,7 +225,7 @@ public class SysRoleController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.GRANT)
-    @PutMapping("/authUser/cancelAll")
+    @PostMapping("/authUser/cancelAll")
     public AjaxResult cancelAuthUserAll(Long roleId, Long[] userIds)
     {
         return toAjax(roleService.deleteAuthUsers(roleId, userIds));
@@ -236,7 +236,7 @@ public class SysRoleController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:role:edit')")
     @Log(title = "角色管理", businessType = BusinessType.GRANT)
-    @PutMapping("/authUser/selectAll")
+    @PostMapping("/authUser/selectAll")
     public AjaxResult selectAuthUserAll(Long roleId, Long[] userIds)
     {
         roleService.checkRoleDataScope(roleId);

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysUserController.java

@@ -12,14 +12,7 @@ import org.apache.commons.lang3.ArrayUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.DeleteMapping;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.PutMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import com.ruoyi.common.annotation.Log;
 import com.ruoyi.common.constant.UserConstants;
@@ -36,6 +29,8 @@ import com.ruoyi.system.service.ISysPostService;
 import com.ruoyi.system.service.ISysRoleService;
 import com.ruoyi.system.service.ISysUserService;
 
+import static com.ruoyi.framework.web.service.SysLoginService.checkStrongPwd;
+
 /**
  * 用户信息
  * 
@@ -137,6 +132,9 @@ public class SysUserController extends BaseController
         {
             return AjaxResult.error("新增用户'" + user.getUserName() + "'失败，邮箱账号已存在");
         }
+        else if ("1".equals(checkStrongPwd(user.getPassword()))) {
+            return AjaxResult.error("密码必须包含数字、大小写字母、特殊符号且大于8位");
+        }
         user.setCreateBy(getUsername());
         user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
         return toAjax(userService.insertUser(user));
@@ -146,7 +144,7 @@ public class SysUserController extends BaseController
      * 修改用户
      */
     @Log(title = "用户管理", businessType = BusinessType.UPDATE)
-    @PutMapping
+    @PostMapping("/put")
     public AjaxResult edit(@Validated @RequestBody SysUser user)
     {
         userService.checkUserAllowed(user);
@@ -170,7 +168,7 @@ public class SysUserController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:user:remove')")
     @Log(title = "用户管理", businessType = BusinessType.DELETE)
-    @DeleteMapping("/{userIds}")
+    @GetMapping(value = "/delete/{userIds}")
     public AjaxResult remove(@PathVariable Long[] userIds)
     {
         if (ArrayUtils.contains(userIds, getUserId()))
@@ -184,11 +182,14 @@ public class SysUserController extends BaseController
      * 重置密码
      */
     @Log(title = "用户管理", businessType = BusinessType.UPDATE)
-    @PutMapping("/resetPwd")
+    @PostMapping("/resetPwd")
     public AjaxResult resetPwd(@RequestBody SysUser user)
     {
         //userService.checkUserAllowed(user);
         //userService.checkUserDataScope(user.getUserId());
+        if ("1".equals(checkStrongPwd(user.getPassword()))) {
+            return AjaxResult.error("密码必须包含数字、大小写字母、特殊符号且大于8位");
+        }
         user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
         user.setUpdateBy(getUsername());
         return toAjax(userService.resetPwd(user));
@@ -203,17 +204,56 @@ public class SysUserController extends BaseController
     {
         //userService.checkUserAllowed(user);
         //userService.checkUserDataScope(user.getUserId());
+        if ("1".equals(checkStrongPwd(user.getPassword()))) {
+            return AjaxResult.error("密码必须包含数字、大小写字母、特殊符号且大于8位");
+        }
         user.setPassword(SecurityUtils.encryptPassword(user.getPassword()));
         user.setUpdateBy(getUsername());
         return toAjax(userService.resetPwd(user));
     }
 
+
+    /**
+     * 登录页修改密码接口,需要放行
+     * @param userName
+     * @param oldPassword
+     * @param newPassword
+     * @return
+     */
+    @PostMapping("/resetPwdLogin")
+    public AjaxResult resetPwdLogin(@RequestParam("userName") String userName, @RequestParam("oldPassword") String oldPassword, @RequestParam("newPassword") String newPassword) {
+        //userService.checkUserAllowed(user);
+        if ("admin".equals(userName)){
+            return AjaxResult.success("不允许操作超级管理员");
+        }
+        SysUser user = userService.selectUserByUserName(userName);
+        if (user == null){
+            return AjaxResult.success("当前用户不存在");
+        }
+        String password = user.getPassword();
+        if (!SecurityUtils.matchesPassword(oldPassword, password))
+        {
+            return AjaxResult.success("修改密码失败，旧密码错误");
+        }
+        if (SecurityUtils.matchesPassword(newPassword, password))
+        {
+            return AjaxResult.success("新密码不能与旧密码相同");
+        }
+
+        if ("1".equals(checkStrongPwd(newPassword))) {
+            return AjaxResult.success("密码必须包含数字、大小写字母、特殊符号且大于8位");
+        }
+        user.setPassword(SecurityUtils.encryptPassword(newPassword));
+        user.setUpdateBy(userName);
+        return toAjax(userService.resetPwdLogin(user));
+    }
+
     /**
      * 状态修改
      */
     @PreAuthorize("@ss.hasPermi('system:user:edit')")
     @Log(title = "用户管理", businessType = BusinessType.UPDATE)
-    @PutMapping("/changeStatus")
+    @PostMapping("/changeStatus")
     public AjaxResult changeStatus(@RequestBody SysUser user)
     {
         userService.checkUserAllowed(user);
@@ -242,7 +282,7 @@ public class SysUserController extends BaseController
      */
     @PreAuthorize("@ss.hasPermi('system:user:edit')")
     @Log(title = "用户管理", businessType = BusinessType.GRANT)
-    @PutMapping("/authRole")
+    @PostMapping("/authRole")
     public AjaxResult insertAuthRole(Long userId, Long[] roleIds)
     {
         userService.checkUserDataScope(userId);

ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java

@@ -39,6 +39,26 @@ public class Constants
      */
     public static final String FAIL = "1";
 
+    /**
+     * 密码有效期的KEY
+     */
+    public  static final String LOGIN_NUM = "login_num: ";
+
+    /**
+     * 判断2个月内是否修改密码
+     */
+    public  static final String PASSWORD_USER = "password_user: ";
+
+    /**
+     * 密码错误锁定时长
+     */
+    public final static long USERNAME_EXPIRATION = 3;
+
+    /**
+     * 修改密码的有效时长
+     */
+    public final static long UPDATE_PASSWORD= 60;
+
     /**
      * 登录成功
      */

ruoyi-common/src/main/java/com/ruoyi/common/utils/PwdCheckUtil.java

@@ -0,0 +1,111 @@
+package com.ruoyi.common.utils;
+
+/**
+ * @Author: tjf
+ * @Date: 2022/10/10 9:24
+ * @Describe:
+ */
+public class PwdCheckUtil {
+    //定义特殊字符
+    public static String SPECIAL_CHAR = "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~";
+
+    /**
+     * @brief   检测密码中字符长度
+     * @param[in] password            密码字符串
+     * @return  符合长度要求 返回true
+     */
+    public static boolean checkPasswordLength(String password, String minNum, String maxNum) {
+        boolean flag =false;
+        if (StringUtils.isBlank(maxNum))  {
+            minNum = StringUtils.isBlank(minNum) ? "0":minNum;
+            if (password.length() >= Integer.parseInt(minNum)) {
+                flag = true;
+            }
+        } else {
+            minNum = StringUtils.isBlank(minNum) ? "0":minNum;
+            if (password.length() >= Integer.parseInt(minNum) &&
+                    password.length() <= Integer.parseInt(maxNum)) {
+                flag = true;
+            }
+        }
+        return flag;
+    }
+
+    /**
+     * @brief   检测密码中是否包含数字
+     * @param[in] password            密码字符串
+     * @return  包含数字 返回true
+     */
+    public static boolean checkContainDigit(String password) {
+        char[] chPass = password.toCharArray();
+        for (int i = 0; i < chPass.length; i++) {
+            if (Character.isDigit(chPass[i])) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * @brief   检测密码中是否包含字母（不区分大小写）
+     * @param[in] password            密码字符串
+     * @return  包含字母 返回true
+     */
+    public static boolean checkContainCase(String password) {
+        char[] chPass = password.toCharArray();
+        for (int i = 0; i < chPass.length; i++) {
+            if (Character.isLetter(chPass[i])) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+
+    /**
+     * @brief   检测密码中是否包含小写字母
+     * @param[in] password            密码字符串
+     * @return  包含小写字母 返回true
+     */
+    public static boolean checkContainLowerCase(String password) {
+        char[] chPass = password.toCharArray();
+        for (int i = 0; i < chPass.length; i++) {
+            if (Character.isLowerCase(chPass[i])) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+
+    /**
+     * @brief   检测密码中是否包含大写字母
+     * @param[in] password            密码字符串
+     * @return  包含大写字母 返回true
+     */
+    public static boolean checkContainUpperCase(String password) {
+        char[] chPass = password.toCharArray();
+        for (int i = 0; i < chPass.length; i++) {
+            if (Character.isUpperCase(chPass[i])) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+
+    /**
+     * @brief   检测密码中是否包含特殊符号
+     * @param[in] password            密码字符串
+     * @return  包含特殊符号 返回true
+     */
+    public static boolean checkContainSpecialChar(String password) {
+        char[] chPass = password.toCharArray();
+        for (int i = 0; i < chPass.length; i++) {
+            if (SPECIAL_CHAR.indexOf(chPass[i]) != -1) {
+                return true;
+            }
+        }
+        return false;
+    }
+}

ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java

@@ -7,8 +7,10 @@ import com.ruoyi.common.core.domain.R;
 import com.ruoyi.common.core.domain.model.LoginBody;
 import com.ruoyi.common.enums.UserStatus;
 import com.ruoyi.common.exception.base.BaseException;
+import com.ruoyi.common.utils.*;
 import com.ruoyi.system.domain.SysLogininfor;
 import com.ruoyi.system.service.ISysLogininforService;
+import jdk.internal.util.Preconditions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -23,10 +25,6 @@ import com.ruoyi.common.exception.ServiceException;
 import com.ruoyi.common.exception.user.CaptchaException;
 import com.ruoyi.common.exception.user.CaptchaExpireException;
 import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
-import com.ruoyi.common.utils.DateUtils;
-import com.ruoyi.common.utils.MessageUtils;
-import com.ruoyi.common.utils.StringUtils;
-import com.ruoyi.common.utils.ServletUtils;
 import com.ruoyi.common.utils.ip.IpUtils;
 import com.ruoyi.framework.manager.AsyncManager;
 import com.ruoyi.framework.manager.factory.AsyncFactory;
@@ -240,4 +238,28 @@ public class SysLoginService
         }
         logininforService.insertLogininfor(logininfor);
     }
+
+
+    /**
+     * @brief   检测密码复杂度是否为 强
+     * @param[in] password  密码字符串
+     * @return  符合长度要求 返回true
+     *
+     */
+    public static String checkStrongPwd(String pwd) {
+        try {
+            StringUtils.isNotBlank(pwd);
+            if (!PwdCheckUtil.checkPasswordLength(pwd, "8", null)
+                    || !PwdCheckUtil.checkContainLowerCase(pwd)
+                    || !PwdCheckUtil.checkContainUpperCase(pwd)
+                    || !PwdCheckUtil.checkContainDigit(pwd)
+                    || !PwdCheckUtil.checkContainSpecialChar(pwd)
+            ) {
+                return "1";
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return "0";
+    }
 }

ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysUserMapper.java

@@ -26,6 +26,7 @@ public interface SysUserMapper
      * @return 用户信息集合信息
      */
     public List<SysUser> selectAllocatedList(SysUser user);
+    public int updateUserByUserName(SysUser user);
 
     /**
      * 根据条件分页查询未分配用户角色列表

ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java

@@ -27,6 +27,14 @@ public interface ISysUserService
      */
     public List<SysUser> selectAllocatedList(SysUser user);
 
+    /**
+     * 登录页重置用户密码
+     *
+     * @param user 用户信息
+     * @return 结果
+     */
+    public int resetPwdLogin(SysUser user);
+
     /**
      * 根据条件分页查询未分配用户角色列表
      * 

ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java

@@ -3,10 +3,14 @@ package com.ruoyi.system.service.impl;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
+import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
+import javax.annotation.Resource;
 import javax.validation.Validator;
 
+import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.core.domain.model.LoginUser;
+import com.ruoyi.common.core.redis.RedisService;
 import com.ruoyi.system.service.ISysMenuService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -65,6 +69,9 @@ public class SysUserServiceImpl implements ISysUserService
     @Autowired
     protected Validator validator;
 
+    @Resource
+    private RedisService redisService;
+
     /**
      * 根据条件分页查询用户列表
      * 
@@ -91,6 +98,18 @@ public class SysUserServiceImpl implements ISysUserService
         return userMapper.selectAllocatedList(user);
     }
 
+    /**
+     * 登录页重置用户密码
+     * @param user 用户信息
+     * @return
+     */
+    @Override
+    public int resetPwdLogin(SysUser user) {
+        //更新用户60天内修改密码的key
+        redisService.setCacheObject(Constants.PASSWORD_USER + user.getUserName(),60, Constants.UPDATE_PASSWORD, TimeUnit.DAYS);
+        return userMapper.updateUserByUserName(user);
+    }
+
     /**
      * 根据条件分页查询未分配用户角色列表
      * 
@@ -265,6 +284,8 @@ public class SysUserServiceImpl implements ISysUserService
         insertUserPost(user);
         // 新增用户与角色管理
         insertUserRole(user);
+        //更新用户60天内修改密码的key
+        redisService.setCacheObject(Constants.PASSWORD_USER + user.getUserName(),60, Constants.UPDATE_PASSWORD, TimeUnit.DAYS);
         return rows;
     }
 
@@ -362,6 +383,8 @@ public class SysUserServiceImpl implements ISysUserService
     @Override
     public int resetPwd(SysUser user)
     {
+        //更新用户60天内修改密码的key
+        redisService.setCacheObject(Constants.PASSWORD_USER + user.getUserName(),60, Constants.UPDATE_PASSWORD, TimeUnit.DAYS);
         return userMapper.updateUser(user);
     }
 
@@ -375,6 +398,8 @@ public class SysUserServiceImpl implements ISysUserService
     @Override
     public int resetUserPwd(String userName, String password)
     {
+        //更新用户60天内修改密码的key
+        redisService.setCacheObject(Constants.PASSWORD_USER + userName,60, Constants.UPDATE_PASSWORD, TimeUnit.DAYS);
         return userMapper.resetUserPwd(userName, password);
     }
 

ruoyi-system/src/main/resources/mapper/system/SysUserMapper.xml

@@ -84,6 +84,14 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 		<!-- 数据范围过滤 -->
 		${params.dataScope}
 	</select>
+	<update id="updateUserByUserName" parameterType="com.boman.domain.SysUser">
+		update sys_user
+		<set>
+			<if test="password != null and password != ''">password = #{password},</if>
+			update_time = sysdate()
+		</set>
+		where user_name = #{userName}
+	</update>
 	
 	<select id="selectAllocatedList" parameterType="SysUser" resultMap="SysUserResult">
 	    select distinct u.user_id, u.dept_id, u.user_name, u.nick_name, u.email, u.phonenumber, u.status, u.create_time