feat: 禁止密码过期用户访问业务接口

continew-admin-common/src/main/java/top/continew/admin/common/model/dto/LoginUser.java

@@ -97,6 +97,16 @@ public class LoginUser implements Serializable {
      */
     private LocalDateTime loginTime;
 
+    /**
+     * 最后一次修改密码时间
+     */
+    private LocalDateTime pwdResetTime;
+
+    /**
+     * 登录时系统设置的密码过期天数
+     */
+    private Integer passwordExpirationDays;
+
     /**
      * 是否为管理员
      *

continew-admin-common/src/main/java/top/continew/admin/common/util/helper/LoginHelper.java

@@ -25,9 +25,11 @@ import cn.hutool.extra.servlet.JakartaServletUtil;
 import cn.hutool.extra.spring.SpringUtil;
 import jakarta.servlet.http.HttpServletRequest;
 import top.continew.admin.common.constant.CacheConstants;
+import top.continew.admin.common.constant.SysConstants;
 import top.continew.admin.common.model.dto.LoginUser;
 import top.continew.starter.core.util.ExceptionUtils;
 import top.continew.starter.core.util.IpUtils;
+import top.continew.starter.core.util.validate.CheckUtils;
 import top.continew.starter.extension.crud.service.CommonUserService;
 import top.continew.starter.web.util.ServletUtils;
 
@@ -75,6 +77,16 @@ public class LoginHelper {
      * @throws NotLoginException 未登录异常
      */
     public static LoginUser getLoginUser() throws NotLoginException {
+        return getLoginUser(true);
+    }
+
+    /**
+     * 登录用户信息
+     *
+     * @param checkPasswordExpired 是否校验密码过期
+     * @throws NotLoginException 未登录异常
+     */
+    public static LoginUser getLoginUser(boolean checkPasswordExpired) throws NotLoginException {
         StpUtil.checkLogin();
         LoginUser loginUser = (LoginUser)SaHolder.getStorage().get(CacheConstants.LOGIN_USER_KEY);
         if (null != loginUser) {
@@ -83,9 +95,33 @@ public class LoginHelper {
         SaSession tokenSession = StpUtil.getTokenSession();
         loginUser = (LoginUser)tokenSession.get(CacheConstants.LOGIN_USER_KEY);
         SaHolder.getStorage().set(CacheConstants.LOGIN_USER_KEY, loginUser);
+        CheckUtils.throwIf(checkPasswordExpired && isPasswordExpired(loginUser), "密码已过期，请立即修改。");
         return loginUser;
     }
 
+    /**
+     * 密码是否已过期
+     *
+     * @param loginUser 登录用户
+     * @return 是否过期
+     */
+    public static boolean isPasswordExpired(LoginUser loginUser) {
+        if (loginUser == null) {
+            loginUser = getLoginUser();
+        }
+        LocalDateTime pwdResetTime = loginUser.getPwdResetTime();
+        Integer passwordExpirationDays = loginUser.getPasswordExpirationDays();
+        // 永久有效
+        if (passwordExpirationDays == null || passwordExpirationDays <= SysConstants.NO) {
+            return false;
+        }
+        // 初始密码也提示修改
+        if (pwdResetTime == null) {
+            return true;
+        }
+        return pwdResetTime.plusDays(passwordExpirationDays).isBefore(LocalDateTime.now());
+    }
+
     /**
      * 根据 Token 获取登录用户信息
      *
@@ -109,6 +145,16 @@ public class LoginHelper {
         return getLoginUser().getId();
     }
 
+    /**
+     * 获取登录用户 ID
+     *
+     * @param checkPasswordExpired 是否校验密码过期
+     * @return 登录用户 ID
+     */
+    public static Long getUserId(boolean checkPasswordExpired) {
+        return getLoginUser(checkPasswordExpired).getId();
+    }
+
     /**
      * 获取登录用户名
      *

continew-admin-system/src/main/java/top/continew/admin/auth/service/impl/LoginServiceImpl.java

@@ -61,6 +61,8 @@ import java.time.Duration;
 import java.time.LocalDateTime;
 import java.util.*;
 
+import static top.continew.admin.system.enums.PasswordPolicyEnum.PASSWORD_EXPIRATION_DAYS;
+
 /**
  * 登录业务实现
  *
@@ -199,6 +201,7 @@ public class LoginServiceImpl implements LoginService {
         loginUser.setPermissions(permissionService.listPermissionByUserId(userId));
         loginUser.setRoleCodes(permissionService.listRoleCodeByUserId(userId));
         loginUser.setRoles(roleService.listByUserId(userId));
+        loginUser.setPasswordExpirationDays(optionService.getValueByCode2Int(PASSWORD_EXPIRATION_DAYS.name()));
         return LoginHelper.login(loginUser);
     }
 

continew-admin-system/src/main/java/top/continew/admin/system/service/UserService.java

@@ -29,7 +29,6 @@ import top.continew.starter.data.mybatis.plus.service.IService;
 import top.continew.starter.extension.crud.service.BaseService;
 
 import java.io.IOException;
-import java.time.LocalDateTime;
 import java.util.List;
 
 /**
@@ -90,14 +89,6 @@ public interface UserService extends BaseService<UserResp, UserDetailResp, UserQ
      */
     void updatePassword(String oldPassword, String newPassword, Long id);
 
-    /**
-     * 密码是否已过期
-     *
-     * @param pwdResetTime 上次重置密码时间
-     * @return 是否过期
-     */
-    boolean isPasswordExpired(LocalDateTime pwdResetTime);
-
     /**
      * 修改手机号
      *

continew-admin-system/src/main/java/top/continew/admin/system/service/impl/UserServiceImpl.java

@@ -16,6 +16,7 @@
 
 package top.continew.admin.system.service.impl;
 
+import cn.dev33.satoken.stp.StpUtil;
 import cn.hutool.core.bean.BeanUtil;
 import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.img.ImgUtil;
@@ -210,20 +211,8 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, UserDO, UserRes
         baseMapper.updateById(user);
         // 保存历史密码
         userPasswordHistoryService.add(id, password, passwordRepetitionTimes);
-    }
+        // 修改后登出
-
+        StpUtil.logout();
-    @Override
-    public boolean isPasswordExpired(LocalDateTime pwdResetTime) {
-        // 永久有效
-        int passwordExpirationDays = optionService.getValueByCode2Int(PASSWORD_EXPIRATION_DAYS.name());
-        if (passwordExpirationDays <= SysConstants.NO) {
-            return false;
-        }
-        // 初始密码也提示修改
-        if (pwdResetTime == null) {
-            return true;
-        }
-        return pwdResetTime.plusDays(passwordExpirationDays).isBefore(LocalDateTime.now());
     }
 
     @Override

continew-admin-webapi/src/main/java/top/continew/admin/webapi/auth/AuthController.java

@@ -123,12 +123,12 @@ public class AuthController {
     @Operation(summary = "获取用户信息", description = "获取登录用户信息")
     @GetMapping("/user/info")
     public R<UserInfoResp> getUserInfo() {
-        LoginUser loginUser = LoginHelper.getLoginUser();
+        LoginUser loginUser = LoginHelper.getLoginUser(false);
         UserDetailResp userDetailResp = userService.get(loginUser.getId());
         UserInfoResp userInfoResp = BeanUtil.copyProperties(userDetailResp, UserInfoResp.class);
         userInfoResp.setPermissions(loginUser.getPermissions());
         userInfoResp.setRoles(loginUser.getRoleCodes());
-        userInfoResp.setPwdExpired(userService.isPasswordExpired(userDetailResp.getPwdResetTime()));
+        userInfoResp.setPwdExpired(LoginHelper.isPasswordExpired(loginUser));
         return R.ok(userInfoResp);
     }
 
@@ -136,6 +136,6 @@ public class AuthController {
     @Operation(summary = "获取路由信息", description = "获取登录用户的路由信息")
     @GetMapping("/route")
     public R<List<RouteResp>> listRoute() {
-        return R.ok(loginService.buildRouteTree(LoginHelper.getUserId()));
+        return R.ok(loginService.buildRouteTree(LoginHelper.getUserId(false)));
     }
 }

continew-admin-webapi/src/main/java/top/continew/admin/webapi/system/UserCenterController.java

@@ -94,7 +94,7 @@ public class UserCenterController {
         String rawNewPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq
             .getNewPassword()));
         ValidationUtils.throwIfNull(rawNewPassword, "新密码解密失败");
-        userService.updatePassword(rawOldPassword, rawNewPassword, LoginHelper.getUserId());
+        userService.updatePassword(rawOldPassword, rawNewPassword, LoginHelper.getUserId(false));
         return R.ok("修改成功，请牢记你的新密码");
     }