github
/
halo
mirror of https://github.com/halo-dev/halo
1
0
Fork 0
Code Issues Releases Wiki Activity

chore: restrict username and password length during user registration (#6808) 

#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x

#### What this PR does / why we need it:
为注册用户增加用户名和密码长度校验

#### Does this PR introduce a user-facing change?
```release-note
None
```
pull/6816/head
guqing 2024-10-10 15:57:00 +08:00 committed by GitHub
parent 605d52a86e
commit fbe40c28fc
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 37 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api-docs/openapi/v3_0/aggregated.json
View File

@ -16495,7 +16495,7 @@
"description": "Old password." "description": "Old password."
}, },
"password": { "password": {
"minLength": 6, "minLength": 5,
"type": "string", "type": "string",
"description": "New password." "description": "New password."
} }
@ -16508,7 +16508,7 @@
"type": "object", "type": "object",
"properties": { "properties": {
"password": { "password": {
"minLength": 6, "minLength": 5,
"type": "string", "type": "string",
"description": "New password." "description": "New password."
} }
@ -20691,12 +20691,12 @@
}, },
"visible": { "visible": {
"type": "string", "type": "string",
"default": "PUBLIC",
"enum": [ "enum": [
"PUBLIC", "PUBLIC",
"INTERNAL", "INTERNAL",
"PRIVATE" "PRIVATE"
], ]
"default": "PUBLIC"
} }
} }
}, },
@ -22536,12 +22536,12 @@
}, },
"visible": { "visible": {
"type": "string", "type": "string",
"default": "PUBLIC",
"enum": [ "enum": [
"PUBLIC", "PUBLIC",
"INTERNAL", "INTERNAL",
"PRIVATE" "PRIVATE"
], ]
"default": "PUBLIC"
} }
} }
}, },

12
api-docs/openapi/v3_0/apis_console.api_v1alpha1.json
View File

@ -3758,7 +3758,7 @@
"description": "Old password." "description": "Old password."
}, },
"password": { "password": {
"minLength": 6, "minLength": 5,
"type": "string", "type": "string",
"description": "New password." "description": "New password."
} }
@ -3771,7 +3771,7 @@
"type": "object", "type": "object",
"properties": { "properties": {
"password": { "password": {
"minLength": 6, "minLength": 5,
"type": "string", "type": "string",
"description": "New password." "description": "New password."
} }
@ -5420,12 +5420,12 @@
}, },
"visible": { "visible": {
"type": "string", "type": "string",
"default": "PUBLIC",
"enum": [ "enum": [
"PUBLIC", "PUBLIC",
"INTERNAL", "INTERNAL",
"PRIVATE" "PRIVATE"
], ]
"default": "PUBLIC"
} }
} }
}, },
@ -5949,12 +5949,12 @@
}, },
"visible": { "visible": {
"type": "string", "type": "string",
"default": "PUBLIC",
"enum": [ "enum": [
"PUBLIC", "PUBLIC",
"INTERNAL", "INTERNAL",
"PRIVATE" "PRIVATE"
], ]
"default": "PUBLIC"
} }
} }
}, },

8
api-docs/openapi/v3_0/apis_extension.api_v1alpha1.json
View File

@ -11300,12 +11300,12 @@
}, },
"visible": { "visible": {
"type": "string", "type": "string",
"default": "PUBLIC",
"enum": [ "enum": [
"PUBLIC", "PUBLIC",
"INTERNAL", "INTERNAL",
"PRIVATE" "PRIVATE"
], ]
"default": "PUBLIC"
} }
} }
}, },
@ -12484,12 +12484,12 @@
}, },
"visible": { "visible": {
"type": "string", "type": "string",
"default": "PUBLIC",
"enum": [ "enum": [
"PUBLIC", "PUBLIC",
"INTERNAL", "INTERNAL",
"PRIVATE" "PRIVATE"
], ]
"default": "PUBLIC"
} }
} }
}, },

4
api-docs/openapi/v3_0/apis_uc.api_v1alpha1.json
View File

@ -1888,12 +1888,12 @@
}, },
"visible": { "visible": {
"type": "string", "type": "string",
"default": "PUBLIC",
"enum": [ "enum": [
"PUBLIC", "PUBLIC",
"INTERNAL", "INTERNAL",
"PRIVATE" "PRIVATE"
], ]
"default": "PUBLIC"
} }
} }
}, },

13
application/src/main/java/run/halo/app/core/endpoint/console/UserEndpoint.java
View File

@ -590,12 +590,21 @@ public class UserEndpoint implements CustomEndpoint {
record ChangeOwnPasswordRequest( record ChangeOwnPasswordRequest(
@Schema(description = "Old password.", requiredMode = REQUIRED) @Schema(description = "Old password.", requiredMode = REQUIRED)
String oldPassword, String oldPassword,
@Schema(description = "New password.", requiredMode = REQUIRED, minLength = 6) @Schema(description = "New password.", requiredMode = REQUIRED, minLength = 5)
String password) { String password) {
public ChangeOwnPasswordRequest {
if (password == null || password.length() < 5 || password.length() > 257) {
throw new UnsatisfiedAttributeValueException(
"password is required.",
"validation.error.password.size",
new Object[] {5, 257});
}
}
} }
record ChangePasswordRequest( record ChangePasswordRequest(
@Schema(description = "New password.", requiredMode = REQUIRED, minLength = 6) @Schema(description = "New password.", requiredMode = REQUIRED, minLength = 5)
String password) { String password) {
} }

3
application/src/main/java/run/halo/app/core/user/service/SignUpData.java
View File

@ -7,6 +7,7 @@ import jakarta.validation.Payload;
import jakarta.validation.constraints.Email; import jakarta.validation.constraints.Email;
import jakarta.validation.constraints.NotBlank; import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.Pattern; import jakarta.validation.constraints.Pattern;
import jakarta.validation.constraints.Size;
import java.lang.annotation.ElementType; import java.lang.annotation.ElementType;
import java.lang.annotation.Retention; import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy; import java.lang.annotation.RetentionPolicy;
@ -29,6 +30,7 @@ import run.halo.app.infra.ValidationUtils;
public class SignUpData { public class SignUpData {
@NotBlank @NotBlank
@Size(min = 4, max = 63)
@Pattern(regexp = ValidationUtils.NAME_REGEX, @Pattern(regexp = ValidationUtils.NAME_REGEX,
message = "{validation.error.username.pattern}") message = "{validation.error.username.pattern}")
private String username; private String username;
@ -42,6 +44,7 @@ public class SignUpData {
private String emailCode; private String emailCode;
@NotBlank @NotBlank
@Size(min = 5, max = 257)
@Pattern(regexp = ValidationUtils.PASSWORD_REGEX, @Pattern(regexp = ValidationUtils.PASSWORD_REGEX,
message = "{validation.error.password.pattern}") message = "{validation.error.password.pattern}")
private String password; private String password;

1
application/src/main/resources/config/i18n/messages.properties
View File

@ -91,3 +91,4 @@ signup.error.email-code.invalid=Invalid email code.
validation.error.email.pattern=The email format is incorrect validation.error.email.pattern=The email format is incorrect
validation.error.username.pattern=The username can only be lowercase and can only contain letters, numbers, hyphens, and dots, starting and ending with characters. validation.error.username.pattern=The username can only be lowercase and can only contain letters, numbers, hyphens, and dots, starting and ending with characters.
validation.error.password.pattern=The password can only use uppercase and lowercase letters (A-Z, a-z), numbers (0-9), and the following special characters: !@#$%^&* validation.error.password.pattern=The password can only use uppercase and lowercase letters (A-Z, a-z), numbers (0-9), and the following special characters: !@#$%^&*
validation.error.password.size=The password length must be between {0} and {1}

1
application/src/main/resources/config/i18n/messages_zh.properties
View File

@ -64,3 +64,4 @@ signup.error.email-code.invalid=邮箱验证码无效。
validation.error.email.pattern=邮箱格式不正确 validation.error.email.pattern=邮箱格式不正确
validation.error.username.pattern=用户名只能小写且只能包含字母、数字、中划线和点,以字符开头和结尾 validation.error.username.pattern=用户名只能小写且只能包含字母、数字、中划线和点,以字符开头和结尾
validation.error.password.pattern=密码只能使用大小写字母 (A-Z, a-z)、数字 (0-9),以及以下特殊字符: !@#$%^&* validation.error.password.pattern=密码只能使用大小写字母 (A-Z, a-z)、数字 (0-9),以及以下特殊字符: !@#$%^&*
validation.error.password.size=密码长度必须在 {0} 到 {1} 之间

2
application/src/main/resources/templates/gateway_fragments/signup.html
View File

@ -36,6 +36,8 @@
autocapitalize="off" autocapitalize="off"
autofocus autofocus
required required
minlength="4"
maxlength="63"
th:field="*{username}" th:field="*{username}"
/> />
</div> </div>