修复BUG: 密码修改越权bug修复
李强
parent
50858d6d7d
commit
f22a45af94
|
|
@ -272,22 +272,18 @@ class UserViewSet(CustomModelViewSet):
|
||||||
@action(methods=["PUT"], detail=True, permission_classes=[IsAuthenticated])
|
@action(methods=["PUT"], detail=True, permission_classes=[IsAuthenticated])
|
||||||
def change_password(self, request, *args, **kwargs):
|
def change_password(self, request, *args, **kwargs):
|
||||||
"""密码修改"""
|
"""密码修改"""
|
||||||
instance = Users.objects.filter(id=kwargs.get("pk")).first()
|
|
||||||
data = request.data
|
data = request.data
|
||||||
old_pwd = data.get("oldPassword")
|
old_pwd = data.get("oldPassword")
|
||||||
new_pwd = data.get("newPassword")
|
new_pwd = data.get("newPassword")
|
||||||
new_pwd2 = data.get("newPassword2")
|
new_pwd2 = data.get("newPassword2")
|
||||||
if instance:
|
|
||||||
if new_pwd != new_pwd2:
|
if new_pwd != new_pwd2:
|
||||||
return ErrorResponse(msg="两次密码不匹配")
|
return ErrorResponse(msg="两次密码不匹配")
|
||||||
elif instance.check_password(old_pwd):
|
elif request.user.check_password(old_pwd):
|
||||||
instance.password = make_password(new_pwd)
|
request.user.password = make_password(new_pwd)
|
||||||
instance.save()
|
request.user.save()
|
||||||
return DetailResponse(data=None, msg="修改成功")
|
return DetailResponse(data=None, msg="修改成功")
|
||||||
else:
|
else:
|
||||||
return ErrorResponse(msg="旧密码不正确")
|
return ErrorResponse(msg="旧密码不正确")
|
||||||
else:
|
|
||||||
return ErrorResponse(msg="未获取到用户")
|
|
||||||
|
|
||||||
@action(methods=["PUT"], detail=True, permission_classes=[IsAuthenticated])
|
@action(methods=["PUT"], detail=True, permission_classes=[IsAuthenticated])
|
||||||
def reset_to_default_password(self, request, *args, **kwargs):
|
def reset_to_default_password(self, request, *args, **kwargs):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue