diff --git a/webroot/AutoSa/AutoSa/views.py b/webroot/AutoSa/AutoSa/views.py index d258b2e19..6f1d371c9 100644 --- a/webroot/AutoSa/AutoSa/views.py +++ b/webroot/AutoSa/AutoSa/views.py @@ -392,7 +392,9 @@ def addUser(request): if request.method == 'POST': form = UserAddForm(request.POST) - if form.is_valid(): + if not form.is_valid(): + return HttpResponse('error') + else: user = form.cleaned_data username = user['username'] password = user['password'] @@ -929,7 +931,7 @@ def chgPass(request): if not is_admin_role(request): oldpass = request.POST.get('oldpass') - if oldpass != user.password: + if md5_crypt(oldpass) != user.password: error = '原来密码不正确' if password != password_again: @@ -938,7 +940,7 @@ def chgPass(request): if error: return render_to_response('info.html', {'error': error}) - user.password = password + user.password = md5_crypt(password) user.save() return render_to_response('info.html', {'msg': '修改密码成功'}) @@ -966,10 +968,11 @@ def chgKey(request): user = User.objects.get(username=username) password = request.POST.get('password') password_again = request.POST.get('password_again') + jm = PyCrypt(key) if not is_admin_role(request): oldpass = request.POST.get('oldpass') - if oldpass != user.key_pass: + if jm.encrypt(oldpass) != user.key_pass: error = '原来密码不正确' if password != password_again: @@ -982,12 +985,11 @@ def chgKey(request): return render_to_response('info.html', {'error': error}) keyfile = '%s/%s' % (rsa_dir, username) - jm = PyCrypt(key) ret = bash('ssh-keygen -p -P %s -N %s -f %s' % (jm.decrypt(user.key_pass), password, keyfile)) if ret != 0: error = '更改私钥密码错误' return render_to_response('info.html', {'error': error}) - user.key_pass = password + user.key_pass = jm.encrypt(password) user.save() return render_to_response('info.html', {'msg': '修改密码成功'}) @@ -1071,7 +1073,7 @@ def downFile(request): (time.strftime('%Y/%m/%d %H:%M:%S'), username, host, path)) f.close() wrapper = FileWrapper(open(download_file)) - response = HttpResponse(wrapper, mimetype='application/octet-stream') + response = HttpResponse(wrapper, content_type='application/octet-stream') response['Content-Disposition'] = 'attachment; filename=%s' % os.path.basename(path) return response diff --git a/webroot/AutoSa/UserManage/forms.py b/webroot/AutoSa/UserManage/forms.py index a41222291..a5597a39c 100644 --- a/webroot/AutoSa/UserManage/forms.py +++ b/webroot/AutoSa/UserManage/forms.py @@ -39,8 +39,10 @@ class UserAddForm(forms.Form): return password_again def clean_key_pass_again(self): - key_pass = self.cleaned_data['key_pass'] - key_pass_again = self.cleaned_data['key_pass_again'] + key_pass = self.data['key_pass'] + key_pass_again = self.data['key_pass_again'] if key_pass != key_pass_again: raise forms.ValidationError('Key Password input twice not match. ') + if len(key_pass) < 6: + raise forms.ValidationError('Key Password input twice not match. ') return key_pass_again \ No newline at end of file