bug fix

10 years ago · 4a9923db4b
2 changed files with 13 additions and 9 deletions
--- a/webroot/AutoSa/AutoSa/views.py
+++ b/webroot/AutoSa/AutoSa/views.py
@ -392,7 +392,9 @@ def addUser(request):

    if request.method == 'POST':
        form = UserAddForm(request.POST)
-        if form.is_valid():
+        if not form.is_valid():
+            return HttpResponse('error')
+        else:
            user = form.cleaned_data
            username = user['username']
            password = user['password']
@ -929,7 +931,7 @@ def chgPass(request):

        if not is_admin_role(request):
            oldpass = request.POST.get('oldpass')
-            if oldpass != user.password:
+            if md5_crypt(oldpass) != user.password:
                error = '原来密码不正确'

        if password != password_again:
@ -938,7 +940,7 @@ def chgPass(request):
        if error:
            return render_to_response('info.html', {'error': error})

-        user.password = password
+        user.password = md5_crypt(password)
        user.save()

        return render_to_response('info.html', {'msg': '修改密码成功'})
@ -966,10 +968,11 @@ def chgKey(request):
        user = User.objects.get(username=username)
        password = request.POST.get('password')
        password_again = request.POST.get('password_again')
+        jm = PyCrypt(key)

        if not is_admin_role(request):
            oldpass = request.POST.get('oldpass')
-            if oldpass != user.key_pass:
+            if jm.encrypt(oldpass) != user.key_pass:
                error = '原来密码不正确'

        if password != password_again:
@ -982,12 +985,11 @@ def chgKey(request):
            return render_to_response('info.html', {'error': error})

        keyfile = '%s/%s' % (rsa_dir, username)
-        jm = PyCrypt(key)
        ret = bash('ssh-keygen -p -P %s -N %s -f %s' % (jm.decrypt(user.key_pass), password, keyfile))
        if ret != 0:
            error = '更改私钥密码错误'
            return render_to_response('info.html', {'error': error})
-        user.key_pass = password
+        user.key_pass = jm.encrypt(password)
        user.save()

        return render_to_response('info.html', {'msg': '修改密码成功'})
@ -1071,7 +1073,7 @@ def downFile(request):
                    (time.strftime('%Y/%m/%d %H:%M:%S'), username, host, path))
            f.close()
            wrapper = FileWrapper(open(download_file))
-            response = HttpResponse(wrapper, mimetype='application/octet-stream')
+            response = HttpResponse(wrapper, content_type='application/octet-stream')
            response['Content-Disposition'] = 'attachment; filename=%s' % os.path.basename(path)
            return response

--- a/webroot/AutoSa/UserManage/forms.py
+++ b/webroot/AutoSa/UserManage/forms.py
@ -39,8 +39,10 @@ class UserAddForm(forms.Form):
        return password_again

    def clean_key_pass_again(self):
-        key_pass = self.cleaned_data['key_pass']
-        key_pass_again = self.cleaned_data['key_pass_again']
+        key_pass = self.data['key_pass']
+        key_pass_again = self.data['key_pass_again']
        if key_pass != key_pass_again:
            raise forms.ValidationError('Key Password input twice not match. ')
+        if len(key_pass) < 6:
+            raise forms.ValidationError('Key Password input twice not match. ')
        return key_pass_again