From 814dbeb74994e3614adaa04cbf5a6392383ef5dd Mon Sep 17 00:00:00 2001 From: jiangweidong Date: Mon, 8 Jan 2024 17:50:09 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E8=A7=A3=E5=86=B3=E6=89=8B=E6=9C=BA?= =?UTF-8?q?=E5=8F=B7=E5=8A=A0=E5=AF=86=E5=AF=BC=E8=87=B4=E5=BF=98=E8=AE=B0?= =?UTF-8?q?=E5=AF=86=E7=A0=81=E5=88=A4=E6=96=AD=E6=80=BB=E6=98=AF=E5=A4=B1?= =?UTF-8?q?=E8=B4=A5=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/authentication/api/password.py | 13 ++++--------- apps/authentication/utils.py | 12 +++++++++++- apps/users/views/profile/reset.py | 4 ++-- 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/apps/authentication/api/password.py b/apps/authentication/api/password.py index 280e088ed..f721ed2a8 100644 --- a/apps/authentication/api/password.py +++ b/apps/authentication/api/password.py @@ -15,12 +15,11 @@ from authentication.mixins import authenticate from authentication.serializers import ( PasswordVerifySerializer, ResetPasswordCodeSerializer ) +from authentication.utils import check_user_property_is_correct from common.permissions import IsValidUser -from common.utils import get_object_or_none from common.utils.random import random_string from common.utils.verify_code import SendAndVerifyCodeUtil from settings.utils import get_login_title -from users.models import User class UserResetPasswordSendCodeApi(CreateAPIView): @@ -28,13 +27,9 @@ class UserResetPasswordSendCodeApi(CreateAPIView): serializer_class = ResetPasswordCodeSerializer @staticmethod - def is_valid_user(username, **attr_query): - user = get_object_or_none(User, username=username) - valid = True - for attr, value in attr_query.items(): - if getattr(user, attr, None) != value: - valid = False - if not valid: + def is_valid_user(username, **properties): + user = check_user_property_is_correct(username, **properties) + if not user: err_msg = _('User does not exist: {}').format(_("No user matched")) return None, err_msg if not user.is_local: diff --git a/apps/authentication/utils.py b/apps/authentication/utils.py index 9cbc95bf2..5fd41aec7 100644 --- a/apps/authentication/utils.py +++ b/apps/authentication/utils.py @@ -7,8 +7,9 @@ from django.conf import settings from django.utils.translation import gettext_lazy as _ from audits.const import DEFAULT_CITY +from users.models import User from audits.models import UserLoginLog -from common.utils import get_logger +from common.utils import get_logger, get_object_or_none from common.utils import validate_ip, get_ip_city, get_request_ip from .notifications import DifferentCityLoginMessage @@ -59,3 +60,12 @@ def build_absolute_uri_for_oidc(request, path=None): redirect_uri = urljoin(settings.BASE_SITE_URL, path) return redirect_uri return build_absolute_uri(request, path=path) + + +def check_user_property_is_correct(username, **properties): + user = get_object_or_none(User, username=username) + for attr, value in properties.items(): + if getattr(user, attr, None) != value: + user = None + break + return user diff --git a/apps/users/views/profile/reset.py b/apps/users/views/profile/reset.py index 96d407302..b2eed3cdd 100644 --- a/apps/users/views/profile/reset.py +++ b/apps/users/views/profile/reset.py @@ -12,6 +12,7 @@ from django.utils.translation import gettext as _ from django.views.generic import FormView, RedirectView from authentication.errors import IntervalTooShort +from authentication.utils import check_user_property_is_correct from common.utils import FlashMessageUtil, get_object_or_none, random_string from common.utils.verify_code import SendAndVerifyCodeUtil from users.notifications import ResetPasswordSuccessMsg @@ -148,7 +149,6 @@ class UserForgotPasswordView(FormView): query_key = form_type if form_type == 'sms': query_key = 'phone' - target = target.lstrip('+') try: self.safe_verify_code(token, target, form_type, code) @@ -158,7 +158,7 @@ class UserForgotPasswordView(FormView): form.add_error('code', str(e)) return super().form_invalid(form) - user = get_object_or_none(User, **{'username': username, query_key: target}) + user = check_user_property_is_correct(username, **{query_key: target}) if not user: form.add_error('code', _('No user matched')) return super().form_invalid(form)