fix: Password reset is only required for AUTH_BACKEND_MODEL

2024-10-23 10:53:29 +08:00 · 2024-10-23 10:53:29 +08:00 · 6686afcec1
parent 0918f5c6f6
commit 6686afcec1
2 changed files with 25 additions and 3 deletions
--- a/apps/authentication/mixins.py
+++ b/apps/authentication/mixins.py
@ -319,20 +319,26 @@ class AuthPostCheckMixin:

    @classmethod
    def _check_passwd_is_too_simple(cls, user: User, password):
-        if user.is_superuser and password == 'admin':
+        if not user.is_auth_backend_model():
+            return
+        if user.check_passwd_too_simple(password):
            message = _('Your password is too simple, please change it for security')
            url = cls.generate_reset_password_url_with_flash_msg(user, message=message)
            raise errors.PasswordTooSimple(url)

    @classmethod
    def _check_passwd_need_update(cls, user: User):
-        if user.need_update_password:
+        if not user.is_auth_backend_model():
+            return
+        if user.check_need_update_password():
            message = _('You should to change your password before login')
            url = cls.generate_reset_password_url_with_flash_msg(user, message)
            raise errors.PasswordNeedUpdate(url)

    @classmethod
    def _check_password_require_reset_or_not(cls, user: User):
+        if not user.is_auth_backend_model():
+            return
        if user.password_has_expired:
            message = _('Your password has expired, please reset before logging in')
            url = cls.generate_reset_password_url_with_flash_msg(user, message)
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@ -69,7 +69,7 @@ class AuthMixin:
            if self.username:
                self.date_password_last_updated = timezone.now()
                post_user_change_password.send(self.__class__, user=self)
-            super().set_password(raw_password) # noqa
+            super().set_password(raw_password)  # noqa

    def set_public_key(self, public_key):
        if self.can_update_ssh_key():
@ -160,6 +160,22 @@ class AuthMixin:
            return True
        return False

+    def check_need_update_password(self):
+        if self.is_local and self.need_update_password:
+            return True
+        return False
+
+    @staticmethod
+    def check_passwd_too_simple(password):
+        simple_passwords = ['admin', 'ChangeMe']
+        if password in simple_passwords:
+            return True
+        return False
+
+    def is_auth_backend_model(self):
+        backend = getattr(self, 'backend', None)
+        return backend == settings.AUTH_BACKEND_MODEL
+
    @staticmethod
    def get_public_key_md5(key):
        try: