feat(authentication): 用户重置密码成功后，发送用户重置密码成功邮件

apps/common/utils/common.py

@@ -164,6 +164,11 @@ def get_request_ip_or_data(request):
     return ip
 
 
+def get_request_user_agent(request):
+    user_agent = request.META.get('HTTP_USER_AGENT', '')
+    return user_agent
+
+
 def validate_ip(ip):
     try:
         ipaddress.ip_address(ip)

apps/users/models/user.py

@@ -393,16 +393,20 @@ class TokenMixin:
 
     @classmethod
     def validate_reset_password_token(cls, token):
+        if not token:
+            return None
+        key = cls.CACHE_KEY_USER_RESET_PASSWORD_PREFIX.format(token)
+        value = cache.get(key)
+        if not value:
+            return None
         try:
-            key = cls.CACHE_KEY_USER_RESET_PASSWORD_PREFIX.format(token)
-            value = cache.get(key)
             user_id = value.get('id', '')
             email = value.get('email', '')
             user = cls.objects.get(id=user_id, email=email)
+            return user
         except (AttributeError, cls.DoesNotExist) as e:
             logger.error(e, exc_info=True)
-            user = None
+            return None
-        return user
 
     def set_cache(self, token):
         key = self.CACHE_KEY_USER_RESET_PASSWORD_PREFIX.format(token)

apps/users/utils.py

@@ -13,7 +13,7 @@ from django.core.cache import cache
 from datetime import datetime
 
 from common.tasks import send_mail_async
-from common.utils import reverse, get_object_or_none
+from common.utils import reverse, get_object_or_none, get_request_ip_or_data, get_request_user_agent
 from .models import User
 
 
@@ -112,6 +112,45 @@ def send_reset_password_mail(user):
     send_mail_async.delay(subject, message, recipient_list, html_message=message)
 
 
+def send_reset_password_success_mail(request, user):
+    subject = _('Reset password success')
+    recipient_list = [user.email]
+    message = _("""
+    
+    Hi %(name)s:
+    <br>
+    
+    
+    <br>
+    Your JumpServer password has just been successfully updated.
+    <br>
+    
+    <br>
+    If the password update was not initiated by you, your account may have security issues. 
+    It is recommended that you log on to the JumpServer immediately and change your password.
+    <br>
+    
+    <br>
+    If you have any questions, you can contact the administrator.
+    <br>
+    <br>
+    ---
+    <br>
+    <br>
+    IP Address: %(ip_address)s
+    <br>
+    <br>
+    Browser: %(browser)s
+    <br>
+    
+    """) % {
+        'name': user.name,
+        'ip_address': get_request_ip_or_data(request),
+        'browser': get_request_user_agent(request),
+    }
+    send_mail_async.delay(subject, message, recipient_list, html_message=message)
+
+
 def send_password_expiration_reminder_mail(user):
     subject = _('Security notice')
     recipient_list = [user.email]

apps/users/views/profile/reset.py

@@ -16,7 +16,8 @@ from common.utils import get_object_or_none
 from common.permissions import PermissionsMixin, IsValidUser
 from ...models import User
 from ...utils import (
-    send_reset_password_mail, get_password_check_rules, check_password_rules
+    send_reset_password_mail, get_password_check_rules, check_password_rules,
+    send_reset_password_success_mail
 )
 from ... import forms
 
@@ -126,6 +127,7 @@ class UserResetPasswordView(FormView):
 
         user.reset_password(password)
         User.expired_reset_password_token(token)
+        send_reset_password_success_mail(self.request, user)
         return redirect('authentication:reset-password-success')