From c9db7993043ece2ff380b87b99b87edaf1f40ec8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=BC=BA?= <1206709430@qq.com> Date: Sun, 28 May 2023 12:14:39 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=F0=9F=90=9B=20=E4=BF=AE=E5=A4=8D?= =?UTF-8?q?=E7=94=A8=E6=88=B7=E7=99=BB=E5=BD=95=E5=90=8E=EF=BC=8C=E6=AF=8F?= =?UTF-8?q?=E6=AC=A1=E9=83=BD=E4=BC=9A=E5=8F=98=E5=8C=96=E5=AF=86=E7=A0=81?= =?UTF-8?q?=E5=8A=A0=E5=AF=86=E5=80=BCbug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/dvadmin/system/views/user.py | 10 +++++----- backend/dvadmin/utils/backends.py | 20 +++++++++++++------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/backend/dvadmin/system/views/user.py b/backend/dvadmin/system/views/user.py index 66b298f..78a86ea 100644 --- a/backend/dvadmin/system/views/user.py +++ b/backend/dvadmin/system/views/user.py @@ -1,6 +1,6 @@ import hashlib -from django.contrib.auth.hashers import make_password +from django.contrib.auth.hashers import make_password, check_password from django_restql.fields import DynamicSerializerMethodField from rest_framework import serializers from rest_framework.decorators import action, permission_classes @@ -347,10 +347,10 @@ class UserViewSet(CustomModelViewSet): return ErrorResponse(msg="参数不能为空") if new_pwd != new_pwd2: return ErrorResponse(msg="两次密码不匹配") - check_password = request.user.check_password(old_pwd) - if not check_password: - check_password = request.user.check_password(hashlib.md5(old_pwd.encode(encoding='UTF-8')).hexdigest()) - if check_password: + verify_password = check_password(old_pwd, self.request.user.password) + if not verify_password: + verify_password = check_password(hashlib.md5(old_pwd.encode(encoding='UTF-8')).hexdigest(), self.request.user.password) + if verify_password: request.user.password = make_password(new_pwd) request.user.save() return DetailResponse(data=None, msg="修改成功") diff --git a/backend/dvadmin/utils/backends.py b/backend/dvadmin/utils/backends.py index 92ed5ec..4b28024 100644 --- a/backend/dvadmin/utils/backends.py +++ b/backend/dvadmin/utils/backends.py @@ -3,8 +3,11 @@ import logging from django.contrib.auth import get_user_model from django.contrib.auth.backends import ModelBackend +from django.contrib.auth.hashers import check_password from django.utils import timezone +from dvadmin.utils.validator import CustomValidationError + logger = logging.getLogger(__name__) UserModel = get_user_model() @@ -24,10 +27,13 @@ class CustomBackend(ModelBackend): except UserModel.DoesNotExist: UserModel().set_password(password) else: - check_password = user.check_password(password) - if not check_password: - check_password = user.check_password(hashlib.md5(password.encode(encoding='UTF-8')).hexdigest()) - if check_password and self.user_can_authenticate(user): - user.last_login = timezone.now() - user.save() - return user + verify_password = check_password(password, user.password) + if not verify_password: + password = hashlib.md5(password.encode(encoding='UTF-8')).hexdigest() + verify_password = check_password(password, user.password) + if verify_password: + if self.user_can_authenticate(user): + user.last_login = timezone.now() + user.save() + return user + raise CustomValidationError("当前用户已被禁用,请联系管理员!")