我在grails项目中使用spring security core插件,Person域看起来像这样。
class User {
transient springSecurityService
//Mandatory Fields
String employeeId
String firstName
String lastName
String password
String emailId
//Other Fields
String department
String extn
String mobileNumber
String address
String city
String zipCode
String country
User manager
static hasMany = [previousPasswords: String]
boolean enabled = true
boolean accountExpired
boolean accountLocked
boolean passwordExpired
static transients = ['springSecurityService']
static constraints = {
employeeId blank: false, unique: true
firstName blank: false
lastName blank: false
password blank: false, password: true, validator: {val, obj ->
if(obj.previousPasswords) {
println "-----------------------1-------------------------"
println "obj.previousPasswords: " + obj.previousPasswords
println "val: " + val
if (obj.isDirty('password')) {
println "-----------------------2-------------------------"
if(obj.previousPasswords.contains(val)) {
obj.errors.rejectValue(
'password',
'user.password.duplicated',
'Repeat passwords are not allowed')
return false
}
println "-----------------------3-------------------------"
obj.addToPreviousPasswords(val)
return true
}
} else {
println "-----------------------4-------------------------"
obj.addToPreviousPasswords(val)
return true
}
}
emailId blank: false, email: true
department nullable: true
extn nullable: true
mobileNumber nullable: true
address nullable: true
city nullable: true
zipCode nullable: true
country nullable: true
manager nullable: true
}
static mapping = {
password column: '`password`'
}
Set<Role> getAuthorities() {
UserRole.findAllByUser(this).collect { it.role } as Set
}
def beforeInsert() {
println "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%"
encodePassword()
}
def beforeUpdate() {
if (isDirty('password')) {
println "^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"
encodePassword()
}
}
protected void encodePassword() {
password = springSecurityService.encodePassword(password)
}
}
我必须确保不会重复密码,因为我已经为密码编写了自定义验证器。字段
我的集成测试看起来像这样
void "Test if previous passwords can be re-used"() {
given:
def user = new User(employeeId: "empId1", firstName: "f_name", lastName: "l_name", password: "password", emailId: "test@hptest.com", mobileNumber: "(111) 111-1111", address: "350 Fifth Avenue, 34th floor", city: "New York", zipCode: "10007")
println "&&&&&&&&&&&&&&&&&&& 1 &&&&&&&&&&&&&&&&&&&&&&"
user.springSecurityService = springSecurityService
println "&&&&&&&&&&&&&&&&&&& 2 &&&&&&&&&&&&&&&&&&&&&&"
user.save(flush: true, failOnError: true)
when: 'password is repeated'
user.password = "password"
println "&&&&&&&&&&&&&&&&&&& 3 &&&&&&&&&&&&&&&&&&&&&&"
user.save(flush: true)
then: 'validation fails'
!user.validate()
user.errors.getFieldError("password").codes.contains("validator.invalid")
when: 'password is not repeated'
user.password = "password@123"
then: 'validation succeeds'
println "&&&&&&&&&&&&&&&&&&& 4 &&&&&&&&&&&&&&&&&&&&&&"
user.validate()
println "&&&&&&&&&&&&&&&&&&& 5 &&&&&&&&&&&&&&&&&&&&&&"
user.save(flush: true)
}
我得到的输出是这样的
&&&&&&&&&&&&&&&&&&& 1 &&&&&&&&&&&&&&&&&&&&&&
&&&&&&&&&&&&&&&&&&& 2 &&&&&&&&&&&&&&&&&&&&&&
-----------------------4-------------------------
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-----------------------1-------------------------
obj.previousPasswords: [password]
val: $2a$10$mxFM9S7mEoOdyRo6xJL9/uzVafUgc0.8r1rd4nzBYM45s2cE8TTDi
&&&&&&&&&&&&&&&&&&& 3 &&&&&&&&&&&&&&&&&&&&&&
-----------------------1-------------------------
obj.previousPasswords: [password]
val: password
-----------------------2-------------------------
-----------------------1-------------------------
obj.previousPasswords: [password]
val: password
如果仔细研究代码和输出,您会发现每次保存操作都会调用两次验证器函数。
谁能告诉我这是什么原因。这可能是由于我在验证器中使用的addTo方法吗?
答案 0 :(得分:1)
我应该告诉另一种方式。移除自定义验证。
当用户更改密码时,请检查previousPasswords.if中是否存在此密码。如果已经使用,请提供已使用过的消息。如果没有,请使用新密码保存该用户并将其添加到previousPasswords。
def changePassword(){
def userIns = User.get(params.userId)
def previousPasswords = userIns.previousPasswords()
def exists = previousPasswords.find{it == params.newPassword}
if(exists){
msg = "Already Used. Give new"
render changepassword screen
return false
}
else{
userIns.password = params.newPw
userIns.addToPreviousPasswords(params.newPw)
userIns.save(flush:true)
msg = "successfully changed"
}
}