github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

chore: restrict username and password length during user registration (#6808) 

#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x

#### What this PR does / why we need it:
为注册用户增加用户名和密码长度校验

#### Does this PR introduce a user-facing change?
```release-note
None
```
pull/6816/head
guqing 2024-10-10 15:57:00 +08:00 committed by GitHub
parent 605d52a86e
commit fbe40c28fc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 37 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api-docs/openapi/v3_0/aggregated.json
View File

@ -16495,7 +16495,7 @@
"description": "Old password."
},
"password": {
"minLength": 6,
"minLength": 5,
"type": "string",
"description": "New password."
}
@ -16508,7 +16508,7 @@
"type": "object",
"properties": {
"password": {
"minLength": 6,
"minLength": 5,
"type": "string",
"description": "New password."
}
@ -20691,12 +20691,12 @@
},
"visible": {
"type": "string",
"default": "PUBLIC",
"enum": [
"PUBLIC",
"INTERNAL",
"PRIVATE"
],
"default": "PUBLIC"
]
}
}
},
@ -22536,12 +22536,12 @@
},
"visible": {
"type": "string",
"default": "PUBLIC",
"enum": [
"PUBLIC",
"INTERNAL",
"PRIVATE"
],
"default": "PUBLIC"
]
}
}
},

12
api-docs/openapi/v3_0/apis_console.api_v1alpha1.json
View File

@ -3758,7 +3758,7 @@
"description": "Old password."
},
"password": {
"minLength": 6,
"minLength": 5,
"type": "string",
"description": "New password."
}
@ -3771,7 +3771,7 @@
"type": "object",
"properties": {
"password": {
"minLength": 6,
"minLength": 5,
"type": "string",
"description": "New password."
}
@ -5420,12 +5420,12 @@
},
"visible": {
"type": "string",
"default": "PUBLIC",
"enum": [
"PUBLIC",
"INTERNAL",
"PRIVATE"
],
"default": "PUBLIC"
]
}
}
},
@ -5949,12 +5949,12 @@
},
"visible": {
"type": "string",
"default": "PUBLIC",
"enum": [
"PUBLIC",
"INTERNAL",
"PRIVATE"
],
"default": "PUBLIC"
]
}
}
},

8
api-docs/openapi/v3_0/apis_extension.api_v1alpha1.json
View File

@ -11300,12 +11300,12 @@
},
"visible": {
"type": "string",
"default": "PUBLIC",
"enum": [
"PUBLIC",
"INTERNAL",
"PRIVATE"
],
"default": "PUBLIC"
]
}
}
},
@ -12484,12 +12484,12 @@
},
"visible": {
"type": "string",
"default": "PUBLIC",
"enum": [
"PUBLIC",
"INTERNAL",
"PRIVATE"
],
"default": "PUBLIC"
]
}
}
},

4
api-docs/openapi/v3_0/apis_uc.api_v1alpha1.json
View File

@ -1888,12 +1888,12 @@
},
"visible": {
"type": "string",
"default": "PUBLIC",
"enum": [
"PUBLIC",
"INTERNAL",
"PRIVATE"
],
"default": "PUBLIC"
]
}
}
},

13
application/src/main/java/run/halo/app/core/endpoint/console/UserEndpoint.java
View File

@ -590,12 +590,21 @@ public class UserEndpoint implements CustomEndpoint {
record ChangeOwnPasswordRequest(
@Schema(description = "Old password.", requiredMode = REQUIRED)
String oldPassword,
@Schema(description = "New password.", requiredMode = REQUIRED, minLength = 6)
@Schema(description = "New password.", requiredMode = REQUIRED, minLength = 5)
String password) {
public ChangeOwnPasswordRequest {
if (password == null || password.length() < 5 || password.length() > 257) {
throw new UnsatisfiedAttributeValueException(
"password is required.",
"validation.error.password.size",
new Object[] {5, 257});
}
}
}
record ChangePasswordRequest(
@Schema(description = "New password.", requiredMode = REQUIRED, minLength = 6)
@Schema(description = "New password.", requiredMode = REQUIRED, minLength = 5)
String password) {
}

3
application/src/main/java/run/halo/app/core/user/service/SignUpData.java
View File

@ -7,6 +7,7 @@ import jakarta.validation.Payload;
import jakarta.validation.constraints.Email;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Pattern;
import jakarta.validation.constraints.Size;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@ -29,6 +30,7 @@ import run.halo.app.infra.ValidationUtils;
public class SignUpData {
@NotBlank
@Size(min = 4, max = 63)
@Pattern(regexp = ValidationUtils.NAME_REGEX,
message = "{validation.error.username.pattern}")
private String username;
@ -42,6 +44,7 @@ public class SignUpData {
private String emailCode;
@NotBlank
@Size(min = 5, max = 257)
@Pattern(regexp = ValidationUtils.PASSWORD_REGEX,
message = "{validation.error.password.pattern}")
private String password;

1
application/src/main/resources/config/i18n/messages.properties
View File

@ -91,3 +91,4 @@ signup.error.email-code.invalid=Invalid email code.
validation.error.email.pattern=The email format is incorrect
validation.error.username.pattern=The username can only be lowercase and can only contain letters, numbers, hyphens, and dots, starting and ending with characters.
validation.error.password.pattern=The password can only use uppercase and lowercase letters (A-Z, a-z), numbers (0-9), and the following special characters: !@#$%^&*
validation.error.password.size=The password length must be between {0} and {1}

3
application/src/main/resources/config/i18n/messages_zh.properties
View File

@ -63,4 +63,5 @@ signup.error.email-code.invalid=邮箱验证码无效。
validation.error.email.pattern=邮箱格式不正确
validation.error.username.pattern=用户名只能小写且只能包含字母、数字、中划线和点,以字符开头和结尾
validation.error.password.pattern=密码只能使用大小写字母 (A-Z, a-z)、数字 (0-9),以及以下特殊字符: !@#$%^&*
validation.error.password.pattern=密码只能使用大小写字母 (A-Z, a-z)、数字 (0-9),以及以下特殊字符: !@#$%^&*
validation.error.password.size=密码长度必须在 {0} 到 {1} 之间

2
application/src/main/resources/templates/gateway_fragments/signup.html
View File

@ -36,6 +36,8 @@
autocapitalize="off"
autofocus
required
minlength="4"
maxlength="63"
th:field="*{username}"
/>
</div>